def lockout_ip(request):
db = mdb(request)
doc = db.lockout.find_one( { 'ip': request.client_addr })
if doc is not None:
pass
else:
db.lockout.insert({
'ip': request.client_addr,
'attempts': [ datetime.utcnow() ]
})
def verify_token(request):
"""Verify a token set in the headers
Expects to find a header 'Authorization' in the form:
Bearer (JSON Web Token)
If header not found or doesn't verify raises HTTPUnauthorized.
If JWT verifies auth token is checked against the server side session.
If no session, raises HTTPUnauthorised.
If all is well, returns the token claims.
"""
# get the token or raise Unauthorized if none
try:
token = request.headers['Authorization']
token = token.split()[1]
except:
log.info("%s: Couldn't get token from headers" % request.client_addr)
raise HTTPUnauthorized
# load the pub and private keys
path = os.path.dirname(request.registry.settings.get('app.config'))
config = request.registry.app_config['general']
f = open(os.path.join(path, config['jwt.pub']), 'r')
public_key = f.read()
f.close()
public_key = RSA.importKey(public_key)
#print dir(public_key)
# verify the jwt
try:
headers, claims = jwt.process_jwt(json.dumps(token))
log.info("%s: JWT verified." % request.client_addr)
except:
log.error("%s: Couldn't verify JWT. Raising HTTPUnauthorized." % request.client_addr)
raise HTTPUnauthorized
# grab a handle to the database
db = mdb(request)
log.info("%s: Checking auth token for '%s (%s)' still valid." % (request.client_addr, claims['user']['name'], claims['user']['email']))
token = claims['user']['token']
doc = db.session.find_one({ 'token': token })
if doc is None:
log.error("%s: No session found for '%s (%s)'. Raising HTTPUnauthorized." % (request.client_addr, claims['user']['name'], claims['user']['email']))
raise HTTPUnauthorized
return claims