Beispiel #1
0
    async def decorator(*args: Any, **kwargs: Any) -> Callable:
        request = __get_request(args)
        jwt_token = request.cookies.get("jwt_token", "")

        if not jwt_token:
            return RedirectResponse(request.url_for("home"))

        try:
            jwt_decode(jwt_token)
        except InvalidTokenError:
            try:
                UsersSessions.get(jwt_token=jwt_token).delete_instance()
            except UsersSessions.DoesNotExist:
                pass

            response = RedirectResponse(request.url_for("home"))
            response.delete_cookie("jwt_token")

            return response

        try:
            UsersSessions.get(jwt_token=jwt_token)
        except UsersSessions.DoesNotExist:
            response = RedirectResponse(request.url)
            response.delete_cookie("jwt_token")

            return response

        return await func(*args, **kwargs)
Beispiel #2
0
async def user_delete(request):
    """
    Delete user
    """
    u = User
    i = Image
    request_path_id = int(request.path_params["id"])
    if request.method == "POST":
        result = await i.raw(
            f"SELECT path FROM image "
            f"JOIN ad on ad.id = image.ad_image "
            f"JOIN piccolo_user on piccolo_user.id = ad.ad_user "
            f"WHERE piccolo_user.id = {request_path_id}").run()
        image_list = []
        for img in result:
            for k, v in img.items():
                image_list.append(v)
        # Cloudinary image deletion when user account is deleted
        # cloudinary.config(
        #     cloud_name="rkl",
        #     api_key=CLOUDINARY_API_KEY,
        #     api_secret=CLOUDINARY_API_SECRET
        #    )
        # if image_list:
        #     public_ids = [img.split('/')[-1].split('.')[0] for img in image_list]
        #     cloudinary.api.delete_resources(public_ids)
        # Dropzone image deletion when user account is deleted
        if image_list:
            for img in image_list:
                os.remove(img)
        await u.delete().where(u.id == request_path_id).run()
        request.session.clear()
        response = RedirectResponse("/", status_code=302)
        response.delete_cookie("jwt")
        return response
Beispiel #3
0
async def user_delete(request):
    """
    Delete user
    """
    id = request.path_params["id"]
    if request.method == "POST":
        # delete related user images in filesystem
        async with in_transaction() as conn:
            result = await conn.execute_query(f'SELECT path FROM image \
                JOIN ad on ad.id = image.ad_image_id \
                JOIN "user" on "user".id = ad.user_id \
                WHERE "user".id = {id}')
        image_list = []
        for i in result:
            for k, v in i.items():
                image_list.append(v)
        cloudinary.config(cloud_name="rkl",
                          api_key=CLOUDINARY_API_KEY,
                          api_secret=CLOUDINARY_API_SECRET)
        public_ids = [img.split('/')[-1].split('.')[0] for img in image_list]
        cloudinary.api.delete_resources(public_ids)
        # for img in image_list:
        # os.remove(img)
        await User.get(id=id).delete()
        request.session.clear()
        response = RedirectResponse(url="/", status_code=302)
        response.delete_cookie("jwt")
        return response
Beispiel #4
0
async def delete(request):
    """
    Delete user
    """
    id = request.path_params["id"]
    session_user = request.user.username
    results = await User.get(username=session_user)
    if (
        request.method == "DELETE"
        and results.username == session_user
        or session_user == ADMIN
    ):
        async with in_transaction() as conn:
            await conn.execute_query(
                f"DELETE FROM tag WHERE tag.id IN \
                (SELECT question_tag.tag_id FROM question \
                JOIN question_tag ON question_tag.question_id = question.id \
                JOIN user ON user.id = question.user_id WHERE user.id = {id})"
            )
        async with in_transaction() as conn:
            await conn.execute_query(
                f"UPDATE question \
                JOIN answer ON question.id = answer.question_id \
                JOIN user on user.id = answer.ans_user_id \
                SET question.accepted_answer = 0 \
                WHERE user.id = {id} AND answer.is_accepted_answer = 1"
            )
        await User.get(id=id).delete()
        # 303 status code for redirect after delete
        response = RedirectResponse(url="/", status_code=303)
        response.delete_cookie("jwt")
        return response
    else:
        return Response(status_code=403)
Beispiel #5
0
 async def login(self, request: Request, redis: Redis = Depends(get_redis)):
     form = await request.form()
     username = form.get("username")
     password = form.get("password")
     remember_me = form.get("remember_me")
     admin = await self.admin_model.get_or_none(username=username)
     if not admin or not check_password(password, admin.password):
         return templates.TemplateResponse(
             self.template,
             status_code=HTTP_401_UNAUTHORIZED,
             context={
                 "request": request,
                 "error": _("login_failed")
             },
         )
     response = RedirectResponse(url=request.app.admin_path,
                                 status_code=HTTP_303_SEE_OTHER)
     if remember_me == "on":
         expire = 3600 * 24 * 30
         response.set_cookie("remember_me", "on")
     else:
         expire = 3600
         response.delete_cookie("remember_me")
     token = uuid.uuid4().hex
     response.set_cookie(
         self.access_token,
         token,
         expires=expire,
         path=request.app.admin_path,
         httponly=True,
     )
     await redis.set(constants.LOGIN_USER.format(token=token),
                     admin.pk,
                     expire=expire)
     return response
Beispiel #6
0
async def delete_session(request):
    if request.user.is_authenticated:
        request.user.roll_session()
        request.user.put()
    resp = RedirectResponse(url="/", status_code=302)
    resp.delete_cookie("session_id")
    return resp
Beispiel #7
0
async def user_delete(request):
    """
    Delete user
    """
    id = request.path_params["id"]
    if request.method == "POST":
        async with in_transaction() as conn:
            await conn.execute_query(
                f'DELETE FROM tag WHERE tag.id IN \
                (SELECT question_tag.tag_id FROM question \
                JOIN question_tag ON question_tag.question_id = question.id \
                JOIN "user" ON "user".id = question.user_id \
                WHERE "user".id = {id})'
            )
        async with in_transaction() as conn:
            await conn.execute_query(
                f'UPDATE question SET accepted_answer = false \
                FROM answer, "user" WHERE question.id = answer.question_id \
                AND "user".id = {id} AND question.accepted_answer = true'
            )
        await User.get(id=id).delete()
        if request.user.username == ADMIN:
            return RedirectResponse(url="/accounts/dashboard", status_code=302)
        request.session.clear()
        response = RedirectResponse(url="/", status_code=302)
        response.delete_cookie("jwt")
        return response
Beispiel #8
0
 async def post(self, request):
     response = RedirectResponse(url=request.headers['referer'],
                                 status_code=303)
     if request.cookies.get('theme'):
         response.delete_cookie('theme')
     else:
         response.set_cookie('theme', 'default-dark')
     return response
Beispiel #9
0
async def logout(request):
    """
    Logout user
    """
    request.session.clear()
    response = RedirectResponse(url="/", status_code=302)
    response.delete_cookie("jwt")
    return response
Beispiel #10
0
    async def get(self, request: Request) -> RedirectResponse:
        token = request.cookies.get("jwt_token")

        UsersSessions.get(jwt_token=token).delete_instance()

        response = RedirectResponse(request.url_for("login"), status_code=303)
        response.delete_cookie("jwt_token")

        return response
Beispiel #11
0
def logout(request: Request, ):
    refresh_token: str = request.cookies.get("Refresh")
    if refresh_token == None:
        return {"message": "Not logged in."}
    keycloak_openid.logout(refresh_token)
    response = RedirectResponse(url="http://localhost:8000/users/")
    response.delete_cookie("Authorization", domain="localhost")
    response.delete_cookie("Refresh", domain="localhost")
    return response
Beispiel #12
0
def logout(request: Request,
           credentials: HTTPBasicCredentials = Depends(security)):
    #error = 'ユーザー名かパスワードが間違ってます'
    #credentials.username = None
    print("credentials3")
    print(credentials.username)
    response = RedirectResponse(url="/")
    response.delete_cookie("Authorization", domain="127.0.0.1:8000")
    return response  #RedirectResponse('/')
Beispiel #13
0
async def logout_via_azure(request: Request, redirect_url: str):
    post_logout_url = f"?post_logout_redirect_uri={redirect_url}"
    logout_url = oauth.azure.server_metadata.get('end_session_endpoint', None)
    request.session.pop('user', None)
    if logout_url:
        response = RedirectResponse(url=logout_url + post_logout_url)
        response.delete_cookie(key="ClientToken")
        response.delete_cookie(key="ClientName")
        return response
    return JSONResponse(
        status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
        content={"Error": "Unable to logout, something went wrong"})
Beispiel #14
0
async def logout_and_remove_cookie(request: Request, current_user: schemas.NewUser = Depends(get_current_active_user), db: Session = Depends(get_db)) -> "RedirectResponse":
    response = RedirectResponse(url="/login", status_code=status.HTTP_303_SEE_OTHER)
    if not current_user:
        return response
    # usertype = crud.get_user_third_party(current_user.email)
    # if usertype=="google":
    #     return templates.TemplateResponse("google_signout.html", {"request": request})
    # else:
    response.delete_cookie(key=COOKIE_AUTHORIZATION_NAME, domain=COOKIE_DOMAIN)
    #crud.logged_out(current_user.email)
    # return templates.TemplateResponse("logout.html",{"request":request, "instanceid":"13917092-3f6f-49e5-b39b-e21c89f24565"})
    return response
Beispiel #15
0
async def user_delete(request):
    """
    Delete user
    """
    id = request.path_params["id"]
    if request.method == "POST":
        await User.get(id=id).delete()
        if request.user.username == ADMIN:
            return RedirectResponse(url="/accounts/dashboard", status_code=302)
        request.session.clear()
        response = RedirectResponse(url="/", status_code=302)
        response.delete_cookie("jwt")
        return response
Beispiel #16
0
async def auth_exception_handler(
    request: Request,
    exc: HTTP_401_UNAUTHORIZED,
) -> RedirectResponse:
    """
    Whenever HTTP_401_UNAUTHORIZED is raised,
    redirecting to login route, with original requested url,
    and details for why original request failed.
    """
    paramas = f"?next={exc.headers}&message={exc.detail}"
    url = f"/login{paramas}"
    response = RedirectResponse(url=url)
    response.delete_cookie("Authorization")
    return response
async def user_delete(request):
    """
    Delete user
    """
    u = User
    request_path_id = request.path_params["id"]
    if request.method == "POST":
        await u.raw(
            f"UPDATE question SET accepted_answer = false "
            f"FROM answer, piccolo_user WHERE question.id = answer.question "
            f"AND piccolo_user.id = {request_path_id} AND "
            f"question.accepted_answer = true;").run()
        await u.delete().where(u.id == request_path_id).run()
        request.session.clear()
        response = RedirectResponse("/", status_code=302)
        response.delete_cookie("jwt")
        return response
Beispiel #18
0
async def azure_login_callback(
	request: Request,
	_ = Depends(csrf_token_redirect_cookie_scheme)
):
	""" Callback triggered when the user logs in to Azure's pop-up.

		Receives an authentication_token from Azure which then
		exchanges for an access_token. The latter is used to
		gain user information from Azure's userinfo_endpoint.

		Args:
			request: The incoming request as redirected by Azure
	"""
	async with exception_handling():
		code = request.query_params.get("code")

		if not code:
			raise AuthorizationException("Missing external authentication token")

		provider = await auth_providers.get_auth_provider(config.AZURE)

		# Authenticate token and get user's info from external provider
		external_user = await provider.get_user(
			auth_token=ExternalAuthToken(code=code)
		)

		# Get or create the internal user
		internal_user = await db_client.get_user_by_external_sub_id(external_user)

		if internal_user is None:
			internal_user = await db_client.create_internal_user(external_user)

		internal_auth_token = await auth_util.create_internal_auth_token(internal_user)

		# Redirect the user to the home page
		redirect_url = f"{config.FRONTEND_URL}?authToken={internal_auth_token}"
		response = RedirectResponse(url=redirect_url)

		# Delete state cookie. No longer required
		response.delete_cookie(key="state")

		return response
Beispiel #19
0
async def auth_logout():
    """Logout active user (delete their token from browser's cookies)"""
    response = RedirectResponse(Config.base_url)
    response.delete_cookie("sessiontoken")
    response.delete_cookie("ssostate")
    response.delete_cookie("ssoaction")
    return response
Beispiel #20
0
async def auth_via_azure(request: Request):
    response = RedirectResponse(request.cookies.get("Redirect-url"))
    response.delete_cookie(key="Redirect-url")
    token = await oauth.azure.authorize_access_token(request)

    headers = {'Authorization': f'Bearer {token.get("access_token")}'}
    query = 'onPremisesSamAccountName,givenName,mail,surname'
    r = requests.get(f'https://graph.microsoft.com/v1.0/me?$select={query}',
                     headers=headers)
    user = r.json()

    client_user = {
        "userId": user["onPremisesSamAccountName"],
        "givenName": user["givenName"],
        "surname": user["surname"],
        "initial": f"{user['givenName'][0]}{user['surname'][0]}",
        "email": user["mail"]
    }

    # user = await oauth.azure.parse_id_token(request, token)
    response.delete_cookie(key="ClientUser")
    response.set_cookie(key="ClientUser",
                        value=json.dumps(client_user),
                        max_age=3600,
                        expires=3600)
    response.delete_cookie(key="ClientToken")
    response.set_cookie(key="ClientToken",
                        value=token.get("access_token"),
                        max_age=3600,
                        expires=3600)
    return response
Beispiel #21
0
async def logout(is_logged: bool = Depends(is_logged)):
    response = RedirectResponse(url="/")
    response.delete_cookie("session")
    return response
async def route_logout_and_remove_cookie():
    response = RedirectResponse(url="/")
    response.delete_cookie(API_KEY_NAME, domain=COOKIE_DOMAIN)
    return response
Beispiel #23
0
async def logout(request):
    response = RedirectResponse(url='/login')
    response.delete_cookie("sessionid")
    return response
Beispiel #24
0
async def route_logout_and_remove_cookie():
    response = RedirectResponse(url="/")
    response.delete_cookie("Authorization", domain=getenv("WEB_HOSTNAME"))
    return response
async def route_logout_and_remove_cookie():
    response = RedirectResponse(url="/")
    response.delete_cookie("Authorization")
    return response
Beispiel #26
0
async def route_logout_and_remove_cookie():
    response = RedirectResponse(url="/")
    response.delete_cookie(config.api_key_name, domain=config.cookie_domain)
    response.delete_cookie("Authorization", domain=config.cookie_domain)
    return response
Beispiel #27
0
    async def post(self, request: Request) -> Response:
        if self._read_only:
            return PlainTextResponse(content="Running in read only mode",
                                     status_code=405)

        # Some middleware (for example CSRF) has already awaited the request
        # body, and adds it to the request.
        body = request.scope.get("form")

        if not body:
            try:
                body = await request.json()
            except JSONDecodeError:
                body = await request.form()

        current_password = body.get("current_password", None)
        new_password = body.get("new_password", None)
        confirm_new_password = body.get("confirm_new_password", None)

        piccolo_user = request.user.user
        min_password_length = piccolo_user._min_password_length

        if ((not current_password) or (not new_password)
                or (not confirm_new_password)):
            error = "Form is invalid. Missing one or more fields."
            if body.get("format") == "html":
                return self.render_template(
                    request,
                    template_context={"error": error},
                    min_password_length=min_password_length,
                )
            raise HTTPException(status_code=422, detail=error)

        if len(new_password) < min_password_length:
            error = (
                f"Password must be at least {min_password_length} characters "
                "long.")
            if body.get("format") == "html":
                return self.render_template(
                    request,
                    min_password_length=min_password_length,
                    template_context={"error": error},
                )
            else:
                raise HTTPException(
                    status_code=422,
                    detail=error,
                )

        if confirm_new_password != new_password:
            error = "Passwords do not match."

            if body.get("format") == "html":
                return self.render_template(
                    request,
                    min_password_length=min_password_length,
                    template_context={"error": error},
                )
            else:
                raise HTTPException(status_code=422, detail=error)

        if not await piccolo_user.login(username=piccolo_user.username,
                                        password=current_password):
            error = "Incorrect password."
            if body.get("format") == "html":
                return self.render_template(
                    request,
                    min_password_length=min_password_length,
                    template_context={"error": error},
                )
            raise HTTPException(detail=error, status_code=422)

        await piccolo_user.update_password(user=request.user.user_id,
                                           password=new_password)

        #######################################################################
        # After the password changes, we invalidate the session and
        # redirect the user to the login endpoint.

        session_table = self._session_table
        if session_table:
            # This will invalidate all of the user's sessions on all devices.
            await session_table.delete().where(
                session_table.user_id == piccolo_user.id)

        response = RedirectResponse(url=self._login_url,
                                    status_code=HTTP_303_SEE_OTHER)

        if self._session_cookie_name:
            response.delete_cookie(self._session_cookie_name)

        return response
Beispiel #28
0
def logout(request: Request, user=Depends(crud.manager)):
    response = RedirectResponse("/", status_code=302)
    response.delete_cookie(key=crud.manager.cookie_name)
    return response
Beispiel #29
0
async def logout() -> RedirectResponse:
    response = RedirectResponse(url="/docs")
    response.delete_cookie("Authorization", domain="localhost")

    return response
Beispiel #30
0
async def logout(request):
    r = RedirectResponse("/login", status_code=302)
    r.delete_cookie("jwt_token")
    return r