Ejemplo n.º 1
0
 def verify(self, value):
     captcha = self.session.get("captcha", None)
     if captcha: del self.session["captcha"]
     if not captcha:
         raise appier.SecurityError(message="No captcha available",
                                    code=401)
     if not value == captcha:
         raise appier.SecurityError(message="Invalid captcha value",
                                    code=401)
Ejemplo n.º 2
0
 def ensure_key(self, data=None):
     data = data or appier.request_json()
     key = data.get("key", None)
     key = self.field("key", key)
     key = self.request.get_header("X-Rancher-Key", key)
     expected = appier.conf("RANCHER_KEY", None)
     if not expected: return
     if key == expected: return
     raise appier.SecurityError(message="Mismatch Rancher key")
Ejemplo n.º 3
0
 def notify_mb(self, cin, username, doc):
     self.ensure_set(cin=cin, username=username, doc=doc)
     if not cin == self.cin:
         raise appier.SecurityError(message="Mismatch in received cin")
     if not username == self.username:
         raise appier.SecurityError(message="Mismatch in received username")
     key = self.next()
     self.logger.debug("Notification received (doc := %s, key := %s)" %
                       (doc, key))
     self.validate(cin=cin, username=username)
     self.logger.debug("Validated notification, storing document ...")
     self.gen_doc(doc, key)
     result = dict(ep_status="ok",
                   ep_message="doc gerado",
                   ep_cin=cin,
                   ep_user=username,
                   ep_doc=doc,
                   ep_key=key)
     return self.dumps(result)
Ejemplo n.º 4
0
 def login(cls, access_token, rules = False):
     oauth_token = cls.get_e(
         access_token = access_token,
         rules = rules,
         raise_e = False
     )
     if not oauth_token: raise appier.SecurityError(
         message = "OAuth token not found",
         code = 403
     )
     oauth_token.touch_expired()
     return oauth_token
Ejemplo n.º 5
0
 def validate_reset(cls, reset_token):
     account = cls.get(reset_token=reset_token, raise_e=False)
     if account: return account
     raise appier.SecurityError(message="Invalid reset token")
Ejemplo n.º 6
0
 def impersonate(self):
     if not self.owner.admin_impersonate:
         raise appier.SecurityError(message="Impersonation is not allowed")
     self._set_account()