Enhance authentication process in MySecurityPolicy and improve logging in auth_from_rpc

opensipkd/base/security.py

+from inspect import signature
 import logging
 import logging
 
 
 # from opensipkd.tools import get_params
 # from opensipkd.tools import get_params
@@ -55,16 +56,22 @@ def get_user(request):
 
 
 from pyramid.authentication import AuthTktCookieHelper
 from pyramid.authentication import AuthTktCookieHelper
 from pyramid.authorization import ACLHelper, Authenticated, Everyone
 from pyramid.authorization import ACLHelper, Authenticated, Everyone
-
+from .tools.api import auth_from_rpc
 
 
 class MySecurityPolicy:
 class MySecurityPolicy:
     def __init__(self, secret):
     def __init__(self, secret):
         self.helper = AuthTktCookieHelper(secret)
         self.helper = AuthTktCookieHelper(secret)
 
 
     def identity(self, request):
     def identity(self, request):
+        log.debug("MySecurityPolicy.identity")
         identity = self.helper.identify(request)
         identity = self.helper.identify(request)
         if identity is None:
         if identity is None:
-            return None
+            try:
+                user = auth_from_rpc(request)
+                identity = {'userid': user.id}
+            except Exception as e:
+                log.warning("Failed to authenticate from RPC: %s", e)
+                return None
 
 
         userid = identity['userid']
         userid = identity['userid']
         principals = group_finder(userid, request)
         principals = group_finder(userid, request)
@@ -80,9 +87,8 @@ class MySecurityPolicy:
             return identity['userid']
             return identity['userid']
 
 
     def permits(self, request, context, permission):
     def permits(self, request, context, permission):
-        identity = request.identity
+        identity = request.identity                
         principals = set([Everyone])
         principals = set([Everyone])
-
         if identity is not None:
         if identity is not None:
             principals.add(Authenticated)
             principals.add(Authenticated)
             principals.add(identity['userid'])
             principals.add(identity['userid'])

opensipkd/base/tools/api.py

-from opensipkd.base import get_params
 from opensipkd.base.models import (DBSession, User, GroupPermission, UserDeviceModel)
 from opensipkd.base.models import (DBSession, User, GroupPermission, UserDeviceModel)
 
 
 from opensipkd.tools import (
 from opensipkd.tools import (
@@ -36,6 +35,7 @@ def auth_from(request, field=None):
         header = json_rpc_header(http_userid, user.api_key, time_stamp)
         header = json_rpc_header(http_userid, user.api_key, time_stamp)
 
 
     if header['signature'] != env['HTTP_SIGNATURE']:
     if header['signature'] != env['HTTP_SIGNATURE']:
+        log.warning(f"Server:{header['signature']}, Client:{env['HTTP_SIGNATURE']}")
         raise JsonRpcInvalidLoginError
         raise JsonRpcInvalidLoginError
 
 
     return user
     return user
@@ -149,5 +149,6 @@ def update_token(user):
     return dict(token=user.security_code)
     return dict(token=user.security_code)
 
 
 def config_pars_rpc_url(params, method=None):
 def config_pars_rpc_url(params, method=None):
+    from opensipkd.base import get_params
     values = get_params(params)
     values = get_params(params)
     return pars_rpc_url(values, method)
     return pars_rpc_url(values, method)
\ No newline at end of file