class TokenQuery(object):
def __init__(self, router):
self._token = Token(router)
def get(self, key):
return self._token.get(key, first=True)
def put(self, key, value):
return self._token.put(key, value)
def delete(self, key):
return self._token.delete(key)
def create_token(login, login_type=None):
if login_type == "jid":
raise RuntimeError("Tokens can only be sent by email.")
token = Token.create(login)
TokenMailer(login, token["token"]).deliver()
commit()
return token
def GetUserToken(uID, tokenMaxAge=None):
u = GetUserByID(uID)
if u:
t = Token(created=time.time(),
token=secrets.token_urlsafe(),
expires=time.time() +
GetTokenMaxAge(uID) if tokenMaxAge == None else time.time() +
tokenMaxAge)
u.currentTokens.append(t)
ct = 0
for _ in range(len(u.currentTokens)):
if u.currentTokens[ct].expires < time.time():
u.currentTokens.pop(ct)
# Remove expired token and don't update index
else:
ct += 1
try:
u.save()
return {
'code': 0,
'message': 'Successfully got the token',
'token': t.token
}
except:
return {
'code': -1,
'message': 'Could not acquire token',
'token': None
}
return {'code': -1, 'message': 'Could not acquire token', 'token': None}
def post_user_exercises(user_id):
if Token.checkValid(user_id, request.path, request.json) == False:
abort(403)
try:
ex_id = request.json['exercise']
except Exception:
abort(400)
uuid = Docker.add(user_id, ex_id)
return jsonify({'user': user_id,'exercise': ex_id, 'path': "/ex/"+addAct.uuid}), 201
def get_user_exercises(user_id, ex_id): if Token.invalid(user_id, request.path, request.json): abort(403) user = User.get(user_id) if user == None: abort(404) exercise = user.getExercise(ex_id) if exercise == None: abort(404) return jsonify(exercise)
def get_user_exercises(user_id, ex_id):
if Token.invalid(user_id, request.path, request.json):
abort(403)
user = User.get(user_id)
if user == None:
abort(404)
exercise = user.getExercise(ex_id)
if exercise == None:
abort(404)
return jsonify(exercise)
def create_token(login, login_type):
if login_type == "jid":
login = resolve_alias(login)
tmp = tempfile.mktemp(suffix="", prefix="", dir="")
token = Token(token=tmp, login=login, login_type=login_type, active=1)
token.put(force_insert=True)
base_url = get_setting("web_api_root", "http://localhost:8080").rstrip("/")
url = "%s/api/auth?token=%s" % (base_url, tmp)
message = "A third-party application is requesting access to your account. If that was you, follow this link:\n%s\n" % url
if login_type == "jid":
msg = Message(re=login, message=message)
msg.put()
else:
run(["mail", "-s", "Your token", login], stdin_data=message)
commit()
return url
def confirm_token(token):
saved = Token.get_by_id(token)
if saved is None:
return False
if saved["active"]:
return False
saved["active"] = 1
saved.put()
return True
def confirm_token(token):
saved = Token.get_by_id(token)
if saved is None:
return False
if saved["active"]:
return False
saved["active"] = 1
saved.put()
return True
def delete_user_exercice(user_id, ex_id):
if Token.invalid(user_id, request.path, request.json):
abort(403)
delAct = users.delExercise(user_id, ex_id)
if delAct.status == 404:
abort(404)
try:
nginx.delete_nginx(delAct.uuid)
delete_docker(delAct.did)
delAct.delete()
except Exception:
abort(500)
return jsonify({'status': "Deleted"}), 202
def get_token_by_id(user_id):
try:
password = request.json['password']
except Exception:
abort(400)
user = User.get(user_id)
if user == None:
abort(404)
if user.checkPassword(password):
token = Token.add(user.id)
return jsonify({'user': user.id, 'token': token.token}), 201
else:
abort(403)
def post_user_exercises(user_id):
if Token.checkValid(user_id, request.path, request.json) == False:
abort(403)
try:
ex_id = request.json['exercise']
except Exception:
abort(400)
uuid = Docker.add(user_id, ex_id)
return jsonify({
'user': user_id,
'exercise': ex_id,
'path': "/ex/" + addAct.uuid
}), 201
def get_token_by_id(user_id):
try :
password = request.json['password']
except Exception:
abort(400)
user = User.get(user_id)
if user == None:
abort(404)
if user.checkPassword(password):
token = Token.add(user.id)
return jsonify({'user': user.id, 'token': token.token}), 201
else:
abort(403)
def delete_user_exercice(user_id, ex_id):
if Token.invalid(user_id, request.path, request.json):
abort(403)
delAct = users.delExercise(user_id, ex_id)
if delAct.status == 404:
abort(404)
try:
nginx.delete_nginx(delAct.uuid)
delete_docker(delAct.did)
delAct.delete()
except Exception:
abort(500)
return jsonify({'status': "Deleted"}), 202
def get_active_tokens():
"""Returns active tokens"""
return [t for t in Token.find_all() if t["active"]]
def delete_user(user_id):
if Token.invalid(user_id, request.path, request.json):
if not Token.isLevel(request.path, request.json, Level.ADMIN):
abort(403)
User.delete(user_id)
return jsonify({'status': 'Deleted'}), 402
def delete_user(user_id):
if Token.invalid(user_id, request.path, request.json):
if not Token.isLevel(request.path, request.json, Level.ADMIN):
abort(403)
User.delete(user_id)
return jsonify({'status': 'Deleted'}), 402
def get_id_by_token(token):
saved = Token.get_by_id(token)
if saved is None or not saved["active"]:
return None
return saved["login"]
def get_id_by_token(token):
saved = Token.get_by_id(token)
if saved is None or not saved["active"]:
return None
return saved["login"]
def __init__(self, router):
self._token = Token(router)
