def inner(*args, **kwargs):
auth_headers = request.headers.get('Authorization', None)
api_key = request.headers.get('X-Yeti-API', None)
user = None
if api_key:
user = User.find(api_key=api_key)
if not user:
return INVALID_API_KEY, 401
if auth_headers:
try:
token = auth_headers.split()[1]
data = jwt.decode(token, yeti_config.core.secret_key)
user = User.find(email=data['sub'])
issued_at = datetime.utcfromtimestamp(data['iat'])
last_pwd_reset = user.last_password_change.replace(
microsecond=0)
if issued_at < last_pwd_reset:
return EXPIRED_TOKEN, 401
except jwt.ExpiredSignatureError:
return EXPIRED_TOKEN, 401
except jwt.InvalidTokenError:
pass
if not user:
return INVALID_TOKEN, 401
g.user = user
return f(*args, **kwargs)
def test_no_override_password():
"""Tests that updates to a user do not override their password."""
user = User(email='*****@*****.**').save()
user_management.set_password(user, 'password')
user.save()
user.email = '*****@*****.**'
user.save()
user = User.find(email='*****@*****.**')
assert user.email == '*****@*****.**'
assert check_password_hash(user.password, 'password')
def reset_password(user_email, password=None):
user = User.find(email=user_email)
if not user:
print(f'No such user: {user_email}')
exit(-1)
user_management.set_password(user, password)
user.save()
print(f'Password for {user_email} reset succesfully.')
print(f'Admin: {user.admin}')
print(f'API key: {user.api_key}')
def authenticate_user(email, password):
"""Authenticates a user against the information in the database.
Args:
email: The user's email address.
password: The user's cleartext password.
Returns:
A User obejct if authentication is successful, None otherwise.
"""
user = User.find(email=email)
if not user:
return None
if check_password_hash(user.password, password):
return user
return None