def _get_user_by_id_or_email(id_or_email):
core = UsersCore.for_system()
if "@" in id_or_email:
return core.get_by_email(id_or_email)
return core.get(int(id_or_email))
def test_anonymous_cannot_delete_user(self, core):
_uc = UsersCore.for_system()
uid = _uc.create(email='*****@*****.**', password='******')
with pytest.raises(AuthorizationError):
core.delete(uid)
assert _uc.get(uid) is not None
def test_anonymous_cannot_update_user(self, core):
_uc = UsersCore.for_system()
uid = _uc.create(email='*****@*****.**',
password='******',
display_name='OLD NAME')
with pytest.raises(AuthorizationError):
core.update(uid, display_name='NEW NAME')
assert _uc.get(uid).display_name == 'OLD NAME'
def mut_delete_user(root, info, id: int) -> DeleteUserOutput:
core = UsersCore.from_request()
try:
core.delete(core.get(id))
except AuthorizationError:
return DeleteUserOutput(ok=False)
return DeleteUserOutput(ok=True)
def cmd_user_update(id_or_email, display_name):
core = UsersCore.for_system()
user = _require_user_by_id_or_email(id_or_email)
updates = {}
if display_name is not None:
updates["display_name"] = display_name
core.update(user, **updates)
def cmd_user_verify_credentials(email, password):
core = UsersCore.for_system()
user = core.verify_credentials(email, password)
if not user:
print('\x1b[31mLogin failed\x1b[0m')
return
print('\x1b[32mLogin successful\x1b[0m')
print('User #{}: {} <{}>'
.format(user.id, user.display_name, user.email))
def mut_create_user(root, info, data: CreateUserInput) -> CreateUserOutput:
core = UsersCore.from_request()
try:
uid = core.create(email=data.email,
password=data.password,
display_name=data.display_name)
except AuthorizationError:
return CreateUserOutput(ok=False)
user = core.get(uid)
return CreateUserOutput(ok=True, user=user)
def mut_update_user(root, info, id: int,
data: UpdateUserInput) -> UpdateUserOutput:
core = UsersCore.from_request()
try:
core.update(core.get(id), display_name=data.display_name)
except AuthorizationError:
return UpdateUserOutput(ok=False)
# Get + return an updated version of the user
user = core.get(id)
return UpdateUserOutput(ok=True, user=user)
def cmd_user_create(email, password, display_name):
if "@" not in email:
raise ValueError("Bad email address")
data = {}
if display_name is not None:
data["display_name"] = display_name
core = UsersCore.for_system()
uid = core.create(email=email, password=password, **data)
print("Created user: {}".format(uid))
def cmd_user_list():
users = UsersCore.for_system().list()
headers = ["ID", "Email", "Name"]
table = [
(
x.id,
x.email,
x.display_name,
)
for x in users
]
if not len(table):
print("No users found")
return
print(tabulate(table, headers, tablefmt="psql"))
def test_anonymous_cannot_get_user(self, core):
uid = UsersCore.for_system().create(email='*****@*****.**',
password='******')
with pytest.raises(AuthorizationError):
core.get(uid)
def query_user(root, info, id: int = None) -> User:
if id is None:
# Default to current user
return info.context.auth_info.user
return UsersCore.from_request().get(id)
def core(self, user):
return UsersCore.for_user(user)
def user(self):
core = UsersCore.for_system()
uid = core.create(email='*****@*****.**', password='******')
return core.get(uid)
def core(self):
return UsersCore.for_anonymous()
def cmd_user_delete(id_or_email):
core = UsersCore.for_system()
user = _require_user_by_id_or_email(id_or_email)
core.delete(user)
def cmd_user_set_password(id_or_email, password):
core = UsersCore.for_system()
user = _require_user_by_id_or_email(id_or_email)
core.set_password(user, password)
def query_users(root, info) -> List[User]:
users = UsersCore.from_request().list()
return list(users)
def core(self):
return UsersCore.for_system()
def users_core():
return UsersCore.for_system()
import logging
from flask import request
from jwt.exceptions import InvalidTokenError
from mowaki.auth.jwt import TokenMaker
from werkzeug.exceptions import BadRequest
from werkzeug.exceptions import Unauthorized as _Unauthorized
from app.config import config
from app.core.auth import AuthInfo, RequestContext
from app.core.user import UsersCore
logger = logging.getLogger(__name__)
auth_tokens = TokenMaker(config.SECRET_KEY, audience='login')
users_core = UsersCore.for_system()
class Unauthorized(_Unauthorized):
"""Custom HTTP Unauthorized exception.
It will set the ``WWW-Authenticate`` header correctly, so that
browsers will show a dialog asking for authentication.
This is especially useful when using GraphQLi in development mode,
in situations where authentication is required. Just keep in mind
that only "Basic" authorization is supported by browsers (so you
won't be able to use Bearer).
"""
def get_headers(self, environ=None):
return super().get_headers(environ) + [