Ejemplo n.º 1
0
def lockout_ip(request):
    db = mdb(request)
    doc = db.lockout.find_one( { 'ip': request.client_addr })
    if doc is not None:
        pass
    else:
        db.lockout.insert({
            'ip':  request.client_addr,
            'attempts': [ datetime.utcnow() ]
        })
Ejemplo n.º 2
0
def verify_token(request):
    """Verify a token set in the headers

    Expects to find a header 'Authorization' in the form:
        Bearer (JSON Web Token)

    If header not found or doesn't verify raises HTTPUnauthorized.

    If JWT verifies auth token is checked against the server side session.
    If no session, raises HTTPUnauthorised.

    If all is well, returns the token claims.

    """
    # get the token or raise Unauthorized if none
    try:
        token = request.headers['Authorization']
        token = token.split()[1]
    except:
        log.info("%s: Couldn't get token from headers" % request.client_addr)
        raise HTTPUnauthorized

    # load the pub and private keys
    path = os.path.dirname(request.registry.settings.get('app.config'))
    config = request.registry.app_config['general']

    f = open(os.path.join(path, config['jwt.pub']), 'r')
    public_key = f.read()
    f.close()

    public_key = RSA.importKey(public_key)
    #print dir(public_key)

    # verify the jwt
    try:
        headers, claims = jwt.process_jwt(json.dumps(token))
        log.info("%s: JWT verified." % request.client_addr)
    except:
        log.error("%s: Couldn't verify JWT. Raising HTTPUnauthorized." % request.client_addr)
        raise HTTPUnauthorized

    # grab a handle to the database
    db = mdb(request)

    log.info("%s: Checking auth token for '%s (%s)' still valid." % (request.client_addr, claims['user']['name'], claims['user']['email']))
    token = claims['user']['token']
    doc =  db.session.find_one({ 'token': token })
    if doc is None:
        log.error("%s: No session found for '%s (%s)'. Raising HTTPUnauthorized." % (request.client_addr, claims['user']['name'], claims['user']['email']))
        raise HTTPUnauthorized

    return claims