def auth_required(req, res, resource=None, params=None):
    token = req.auth
    redixdb = req.context['redixdb']
    if redixdb.__contains__(token, 'id'):
        time_token = decrypt_token(token)
        user_auth = verify_timed_token(time_token)
        if user_auth:
            return user_auth
        else:
            raise UnauthorizedError("auth required")
    else:
        raise UnauthorizedError("auth required")
def is_admin(req, res, resources):
    session = req.context['session']
    print "session :", session
    print req, "is req *******"
    roles = json.loads(session.get("user_roles"))
    if not "admin" in roles:
        raise UnauthorizedError("Restricted access")
Beispiel #3
0
    def process_request(self, req, res):
        prefetch_token = req.get_header('ACCESS-CONTROL-REQUEST-METHOD')
        if prefetch_token:
            res.complete = True
            return True

        if req.path == "/" or req.path == "/v1/didtx/create" or req.path == "/v2/didtx/create":
            return True

        token = req.get_header('Authorization')

        if token is None:
            description = 'Please provide an auth token as part of the request'
            raise UnauthorizedError(description)

        if not self._token_is_valid(token):
            description = 'The provided auth token is not valid'
            raise UnauthorizedError(description)
Beispiel #4
0
 def process_request(self, req, res, resource=None):
     LOG.debug("Authorization: %s", req.auth)
     if req.auth is not None:
         token = decrypt_token(req.auth)
         if token is None:
             raise UnauthorizedError("Invalid auth token: %s" % req.auth)
         else:
             req.context["auth_user"] = token.decode("utf-8")
     else:
         req.context["auth_user"] = None
Beispiel #5
0
 def process_request(self, req, res):
     LOG.debug("Authorization: %s", req.auth)
     if req.auth is not None:
         token = decrypt_token(req.auth)
         if token is None:
             raise UnauthorizedError('Invalid auth token: %s' % req.auth)
         else:
             req.context['auth_user'] = token.decode('utf-8')
     else:
         req.context['auth_user'] = None
Beispiel #6
0
    def get_current_user(self):
        cookie = self.get_cookie("jwt_cookie")
        payload = JWT.get_payload(cookie)
        if not payload:
            raise UnauthorizedError()

        username = payload.get("username")
        self.current_user = UserModel.get_user_by_name(username)

        return self.current_user
Beispiel #7
0
    def delete(self, post_uid):
        """Delete a post"""
        post = Post.get_active(uid=post_uid)
        if post is None:
            raise ResourceNotFound('Post not found')

        if post.user != get_current_user():
            raise UnauthorizedError()

        post.delete()

        return api_deleted_response()
Beispiel #8
0
    def delete(self, story_uid):
        """Delete a slide from a user's story"""
        story = Story.get_active(uid=story_uid)
        if story is None:
            raise ResourceNotFound('Story not found')

        if story.user != get_current_user():
            raise UnauthorizedError()

        story.delete()

        return api_deleted_response()
Beispiel #9
0
    def patch(self, post_uid):
        """Edit a post"""
        request_data = get_current_request_data()

        post = Post.get_active(uid=post_uid)
        if post is None:
            raise ResourceNotFound('Post not found')

        if post.user != get_current_user():
            raise UnauthorizedError()

        params = self.__validate_post_edit_params(request_data)

        self.edit_post(post, params)

        return api_success_response(post.as_json())
Beispiel #10
0
 def process_request(self, req, res):
     authToken = req.get_header('Authorization')
     if authToken is not None:
         auth_user = decode_jwt(authToken)
         LOG.debug("auth_user: %s", auth_user)
         if auth_user is None:
             raise UnauthorizedError('Invalid authentication token')
         else:
             session = self._session_factory
             db_user = session.query(User).get(auth_user['user_id'])
             LOG.debug("db_user: %s", db_user)
             if db_user:
                 req.context['auth_user'] = auth_user
             else:
                 req.context['auth_user'] = None
     else:
         req.context['auth_user'] = None
Beispiel #11
0
def auth_required(req, res, resource, params):

    if req.context["auth_user"] is None:
        raise UnauthorizedError()
Beispiel #12
0
def auth_required(req, res, resource):
    if req.context['auth_user'] is None:
        raise UnauthorizedError()