def tween(request):
log.debug('JWT VALIDATION')
# forward requests without authorization
if request.authorization is None:
# Skipping validation if there is no authorization object.
# This is dangerous since a bad ordering of this tween and the
# cookie tween would bypass security
return handler(request)
# Finally, check database validation
try:
token = extract_token(request)
valid = token and is_valid_token(token)
except Exception as exc:
if isinstance(exc, HTTPError):
return http_error_handler(exc, request)
else:
return catch_all_error_handler(exc, request)
if valid:
return handler(request)
else:
return http_error_handler(HTTPUnauthorized('Invalid token'),
request)
def post(self):
request = self.request
userid = request.authenticated_userid
result = {"user": userid}
remove_token(extract_token(request))
if "discourse" in request.json:
try:
settings = request.registry.settings
client = get_discourse_client(settings)
result["logged_out_discourse_user"] = client.logout(userid)
except:
# Any error with discourse should not prevent logout
log.warning("Error logging out of discourse for %d", userid, exc_info=True)
return result
def post(self):
request = self.request
userid = request.authenticated_userid
result = {'user': userid}
remove_token(extract_token(request))
if 'discourse' in request.json:
try:
settings = request.registry.settings
client = get_discourse_client(settings)
result['logged_out_discourse_user'] = client.logout(userid)
except:
# Any error with discourse should not prevent logout
log.warning('Error logging out of discourse for %d',
userid,
exc_info=True)
return result
def tween(request):
# TODO: first set the cookie in request.authorization if needed
# Then forward requests without authorization
if request.authorization is None:
# Skipping validation if there is no authorization object.
# This is dangerous since a bad ordering of this tween and the
# cookie tween would bypass security
return handler(request)
# Finally, check database validation
token = extract_token(request)
valid = token and is_valid_token(token)
if valid:
return handler(request)
else:
# TODO: clear cookie? send json?
return HTTPUnauthorized("Invalid token")
def tween(request):
# TODO: first set the cookie in request.authorization if needed
# Then forward requests without authorization
if request.authorization is None:
# Skipping validation if there is no authorization object.
# This is dangerous since a bad ordering of this tween and the
# cookie tween would bypass security
return handler(request)
# Finally, check database validation
token = extract_token(request)
valid = token and is_valid_token(token)
if valid:
return handler(request)
else:
# TODO: clear cookie? send json?
return HTTPUnauthorized("Invalid token")
def post(self):
result = {'user': self.request.authenticated_userid}
remove_token(extract_token(self.request))
return result
