async def decorator(*args: Any, **kwargs: Any) -> Callable: request = __get_request(args) jwt_token = request.cookies.get("jwt_token", "") if not jwt_token: return RedirectResponse(request.url_for("home")) try: jwt_decode(jwt_token) except InvalidTokenError: try: UsersSessions.get(jwt_token=jwt_token).delete_instance() except UsersSessions.DoesNotExist: pass response = RedirectResponse(request.url_for("home")) response.delete_cookie("jwt_token") return response try: UsersSessions.get(jwt_token=jwt_token) except UsersSessions.DoesNotExist: response = RedirectResponse(request.url) response.delete_cookie("jwt_token") return response return await func(*args, **kwargs)
async def user_delete(request): """ Delete user """ u = User i = Image request_path_id = int(request.path_params["id"]) if request.method == "POST": result = await i.raw( f"SELECT path FROM image " f"JOIN ad on ad.id = image.ad_image " f"JOIN piccolo_user on piccolo_user.id = ad.ad_user " f"WHERE piccolo_user.id = {request_path_id}").run() image_list = [] for img in result: for k, v in img.items(): image_list.append(v) # Cloudinary image deletion when user account is deleted # cloudinary.config( # cloud_name="rkl", # api_key=CLOUDINARY_API_KEY, # api_secret=CLOUDINARY_API_SECRET # ) # if image_list: # public_ids = [img.split('/')[-1].split('.')[0] for img in image_list] # cloudinary.api.delete_resources(public_ids) # Dropzone image deletion when user account is deleted if image_list: for img in image_list: os.remove(img) await u.delete().where(u.id == request_path_id).run() request.session.clear() response = RedirectResponse("/", status_code=302) response.delete_cookie("jwt") return response
async def user_delete(request): """ Delete user """ id = request.path_params["id"] if request.method == "POST": # delete related user images in filesystem async with in_transaction() as conn: result = await conn.execute_query(f'SELECT path FROM image \ JOIN ad on ad.id = image.ad_image_id \ JOIN "user" on "user".id = ad.user_id \ WHERE "user".id = {id}') image_list = [] for i in result: for k, v in i.items(): image_list.append(v) cloudinary.config(cloud_name="rkl", api_key=CLOUDINARY_API_KEY, api_secret=CLOUDINARY_API_SECRET) public_ids = [img.split('/')[-1].split('.')[0] for img in image_list] cloudinary.api.delete_resources(public_ids) # for img in image_list: # os.remove(img) await User.get(id=id).delete() request.session.clear() response = RedirectResponse(url="/", status_code=302) response.delete_cookie("jwt") return response
async def delete(request): """ Delete user """ id = request.path_params["id"] session_user = request.user.username results = await User.get(username=session_user) if ( request.method == "DELETE" and results.username == session_user or session_user == ADMIN ): async with in_transaction() as conn: await conn.execute_query( f"DELETE FROM tag WHERE tag.id IN \ (SELECT question_tag.tag_id FROM question \ JOIN question_tag ON question_tag.question_id = question.id \ JOIN user ON user.id = question.user_id WHERE user.id = {id})" ) async with in_transaction() as conn: await conn.execute_query( f"UPDATE question \ JOIN answer ON question.id = answer.question_id \ JOIN user on user.id = answer.ans_user_id \ SET question.accepted_answer = 0 \ WHERE user.id = {id} AND answer.is_accepted_answer = 1" ) await User.get(id=id).delete() # 303 status code for redirect after delete response = RedirectResponse(url="/", status_code=303) response.delete_cookie("jwt") return response else: return Response(status_code=403)
async def login(self, request: Request, redis: Redis = Depends(get_redis)): form = await request.form() username = form.get("username") password = form.get("password") remember_me = form.get("remember_me") admin = await self.admin_model.get_or_none(username=username) if not admin or not check_password(password, admin.password): return templates.TemplateResponse( self.template, status_code=HTTP_401_UNAUTHORIZED, context={ "request": request, "error": _("login_failed") }, ) response = RedirectResponse(url=request.app.admin_path, status_code=HTTP_303_SEE_OTHER) if remember_me == "on": expire = 3600 * 24 * 30 response.set_cookie("remember_me", "on") else: expire = 3600 response.delete_cookie("remember_me") token = uuid.uuid4().hex response.set_cookie( self.access_token, token, expires=expire, path=request.app.admin_path, httponly=True, ) await redis.set(constants.LOGIN_USER.format(token=token), admin.pk, expire=expire) return response
async def delete_session(request): if request.user.is_authenticated: request.user.roll_session() request.user.put() resp = RedirectResponse(url="/", status_code=302) resp.delete_cookie("session_id") return resp
async def user_delete(request): """ Delete user """ id = request.path_params["id"] if request.method == "POST": async with in_transaction() as conn: await conn.execute_query( f'DELETE FROM tag WHERE tag.id IN \ (SELECT question_tag.tag_id FROM question \ JOIN question_tag ON question_tag.question_id = question.id \ JOIN "user" ON "user".id = question.user_id \ WHERE "user".id = {id})' ) async with in_transaction() as conn: await conn.execute_query( f'UPDATE question SET accepted_answer = false \ FROM answer, "user" WHERE question.id = answer.question_id \ AND "user".id = {id} AND question.accepted_answer = true' ) await User.get(id=id).delete() if request.user.username == ADMIN: return RedirectResponse(url="/accounts/dashboard", status_code=302) request.session.clear() response = RedirectResponse(url="/", status_code=302) response.delete_cookie("jwt") return response
async def post(self, request): response = RedirectResponse(url=request.headers['referer'], status_code=303) if request.cookies.get('theme'): response.delete_cookie('theme') else: response.set_cookie('theme', 'default-dark') return response
async def logout(request): """ Logout user """ request.session.clear() response = RedirectResponse(url="/", status_code=302) response.delete_cookie("jwt") return response
async def get(self, request: Request) -> RedirectResponse: token = request.cookies.get("jwt_token") UsersSessions.get(jwt_token=token).delete_instance() response = RedirectResponse(request.url_for("login"), status_code=303) response.delete_cookie("jwt_token") return response
def logout(request: Request, ): refresh_token: str = request.cookies.get("Refresh") if refresh_token == None: return {"message": "Not logged in."} keycloak_openid.logout(refresh_token) response = RedirectResponse(url="http://localhost:8000/users/") response.delete_cookie("Authorization", domain="localhost") response.delete_cookie("Refresh", domain="localhost") return response
def logout(request: Request, credentials: HTTPBasicCredentials = Depends(security)): #error = 'ユーザー名かパスワードが間違ってます' #credentials.username = None print("credentials3") print(credentials.username) response = RedirectResponse(url="/") response.delete_cookie("Authorization", domain="127.0.0.1:8000") return response #RedirectResponse('/')
async def logout_via_azure(request: Request, redirect_url: str): post_logout_url = f"?post_logout_redirect_uri={redirect_url}" logout_url = oauth.azure.server_metadata.get('end_session_endpoint', None) request.session.pop('user', None) if logout_url: response = RedirectResponse(url=logout_url + post_logout_url) response.delete_cookie(key="ClientToken") response.delete_cookie(key="ClientName") return response return JSONResponse( status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, content={"Error": "Unable to logout, something went wrong"})
async def logout_and_remove_cookie(request: Request, current_user: schemas.NewUser = Depends(get_current_active_user), db: Session = Depends(get_db)) -> "RedirectResponse": response = RedirectResponse(url="/login", status_code=status.HTTP_303_SEE_OTHER) if not current_user: return response # usertype = crud.get_user_third_party(current_user.email) # if usertype=="google": # return templates.TemplateResponse("google_signout.html", {"request": request}) # else: response.delete_cookie(key=COOKIE_AUTHORIZATION_NAME, domain=COOKIE_DOMAIN) #crud.logged_out(current_user.email) # return templates.TemplateResponse("logout.html",{"request":request, "instanceid":"13917092-3f6f-49e5-b39b-e21c89f24565"}) return response
async def user_delete(request): """ Delete user """ id = request.path_params["id"] if request.method == "POST": await User.get(id=id).delete() if request.user.username == ADMIN: return RedirectResponse(url="/accounts/dashboard", status_code=302) request.session.clear() response = RedirectResponse(url="/", status_code=302) response.delete_cookie("jwt") return response
async def auth_exception_handler( request: Request, exc: HTTP_401_UNAUTHORIZED, ) -> RedirectResponse: """ Whenever HTTP_401_UNAUTHORIZED is raised, redirecting to login route, with original requested url, and details for why original request failed. """ paramas = f"?next={exc.headers}&message={exc.detail}" url = f"/login{paramas}" response = RedirectResponse(url=url) response.delete_cookie("Authorization") return response
async def user_delete(request): """ Delete user """ u = User request_path_id = request.path_params["id"] if request.method == "POST": await u.raw( f"UPDATE question SET accepted_answer = false " f"FROM answer, piccolo_user WHERE question.id = answer.question " f"AND piccolo_user.id = {request_path_id} AND " f"question.accepted_answer = true;").run() await u.delete().where(u.id == request_path_id).run() request.session.clear() response = RedirectResponse("/", status_code=302) response.delete_cookie("jwt") return response
async def azure_login_callback( request: Request, _ = Depends(csrf_token_redirect_cookie_scheme) ): """ Callback triggered when the user logs in to Azure's pop-up. Receives an authentication_token from Azure which then exchanges for an access_token. The latter is used to gain user information from Azure's userinfo_endpoint. Args: request: The incoming request as redirected by Azure """ async with exception_handling(): code = request.query_params.get("code") if not code: raise AuthorizationException("Missing external authentication token") provider = await auth_providers.get_auth_provider(config.AZURE) # Authenticate token and get user's info from external provider external_user = await provider.get_user( auth_token=ExternalAuthToken(code=code) ) # Get or create the internal user internal_user = await db_client.get_user_by_external_sub_id(external_user) if internal_user is None: internal_user = await db_client.create_internal_user(external_user) internal_auth_token = await auth_util.create_internal_auth_token(internal_user) # Redirect the user to the home page redirect_url = f"{config.FRONTEND_URL}?authToken={internal_auth_token}" response = RedirectResponse(url=redirect_url) # Delete state cookie. No longer required response.delete_cookie(key="state") return response
async def auth_logout(): """Logout active user (delete their token from browser's cookies)""" response = RedirectResponse(Config.base_url) response.delete_cookie("sessiontoken") response.delete_cookie("ssostate") response.delete_cookie("ssoaction") return response
async def auth_via_azure(request: Request): response = RedirectResponse(request.cookies.get("Redirect-url")) response.delete_cookie(key="Redirect-url") token = await oauth.azure.authorize_access_token(request) headers = {'Authorization': f'Bearer {token.get("access_token")}'} query = 'onPremisesSamAccountName,givenName,mail,surname' r = requests.get(f'https://graph.microsoft.com/v1.0/me?$select={query}', headers=headers) user = r.json() client_user = { "userId": user["onPremisesSamAccountName"], "givenName": user["givenName"], "surname": user["surname"], "initial": f"{user['givenName'][0]}{user['surname'][0]}", "email": user["mail"] } # user = await oauth.azure.parse_id_token(request, token) response.delete_cookie(key="ClientUser") response.set_cookie(key="ClientUser", value=json.dumps(client_user), max_age=3600, expires=3600) response.delete_cookie(key="ClientToken") response.set_cookie(key="ClientToken", value=token.get("access_token"), max_age=3600, expires=3600) return response
async def logout(is_logged: bool = Depends(is_logged)): response = RedirectResponse(url="/") response.delete_cookie("session") return response
async def route_logout_and_remove_cookie(): response = RedirectResponse(url="/") response.delete_cookie(API_KEY_NAME, domain=COOKIE_DOMAIN) return response
async def logout(request): response = RedirectResponse(url='/login') response.delete_cookie("sessionid") return response
async def route_logout_and_remove_cookie(): response = RedirectResponse(url="/") response.delete_cookie("Authorization", domain=getenv("WEB_HOSTNAME")) return response
async def route_logout_and_remove_cookie(): response = RedirectResponse(url="/") response.delete_cookie("Authorization") return response
async def route_logout_and_remove_cookie(): response = RedirectResponse(url="/") response.delete_cookie(config.api_key_name, domain=config.cookie_domain) response.delete_cookie("Authorization", domain=config.cookie_domain) return response
async def post(self, request: Request) -> Response: if self._read_only: return PlainTextResponse(content="Running in read only mode", status_code=405) # Some middleware (for example CSRF) has already awaited the request # body, and adds it to the request. body = request.scope.get("form") if not body: try: body = await request.json() except JSONDecodeError: body = await request.form() current_password = body.get("current_password", None) new_password = body.get("new_password", None) confirm_new_password = body.get("confirm_new_password", None) piccolo_user = request.user.user min_password_length = piccolo_user._min_password_length if ((not current_password) or (not new_password) or (not confirm_new_password)): error = "Form is invalid. Missing one or more fields." if body.get("format") == "html": return self.render_template( request, template_context={"error": error}, min_password_length=min_password_length, ) raise HTTPException(status_code=422, detail=error) if len(new_password) < min_password_length: error = ( f"Password must be at least {min_password_length} characters " "long.") if body.get("format") == "html": return self.render_template( request, min_password_length=min_password_length, template_context={"error": error}, ) else: raise HTTPException( status_code=422, detail=error, ) if confirm_new_password != new_password: error = "Passwords do not match." if body.get("format") == "html": return self.render_template( request, min_password_length=min_password_length, template_context={"error": error}, ) else: raise HTTPException(status_code=422, detail=error) if not await piccolo_user.login(username=piccolo_user.username, password=current_password): error = "Incorrect password." if body.get("format") == "html": return self.render_template( request, min_password_length=min_password_length, template_context={"error": error}, ) raise HTTPException(detail=error, status_code=422) await piccolo_user.update_password(user=request.user.user_id, password=new_password) ####################################################################### # After the password changes, we invalidate the session and # redirect the user to the login endpoint. session_table = self._session_table if session_table: # This will invalidate all of the user's sessions on all devices. await session_table.delete().where( session_table.user_id == piccolo_user.id) response = RedirectResponse(url=self._login_url, status_code=HTTP_303_SEE_OTHER) if self._session_cookie_name: response.delete_cookie(self._session_cookie_name) return response
def logout(request: Request, user=Depends(crud.manager)): response = RedirectResponse("/", status_code=302) response.delete_cookie(key=crud.manager.cookie_name) return response
async def logout() -> RedirectResponse: response = RedirectResponse(url="/docs") response.delete_cookie("Authorization", domain="localhost") return response
async def logout(request): r = RedirectResponse("/login", status_code=302) r.delete_cookie("jwt_token") return r