def wrapped(*args, **kwargs):
h = None # Helpers()
if int(app.globals['user_id']) not in h.get_superadmins(
): # [99999]: # # #
eve_abort(401, 'You do not have sufficient privileges')
return f(*args, **kwargs)
def wrapped(*args, **kwargs):
try:
# print(request.headers.get('User-Agent'))
# No authorization in request
# Let it raise an exception
try:
authorization_token = request.authorization.get(
'username', None)
except Exception as e:
raise AuthenticationFailed
# Do the authentication
# Need to remove prefix + / for request.path
auth = NlfTokenAuth()
auth_result = auth.check_auth(
token=authorization_token, # Token
method=request.method,
resource=request.path[len(app.globals.get('prefix')) + 1:],
allowed_roles=allowed_roles)
if auth_result is not True:
raise AuthenticationFailed
# Catch exceptions and handle correctly
except AuthenticationFailed:
eve_abort(401, 'Please provide proper credentials')
except Exception as e:
eve_abort(500, 'Server error')
return f(*args, **kwargs)
def ors_before_insert_item(item):
try:
if 'discipline' in item and item.get('discipline', 0) > 0:
ors_id = increment('ors_fallskjerm')
if ors_id:
item['id'] = ors_id
else:
return eve_abort(422, 'Could not create OBSREG, missing increment')
item['when'] = datetime.utcnow()
item['reporter'] = app.globals.get('user_id')
item['owner'] = app.globals.get('user_id')
item['watchers'] = [app.globals.get('user_id')]
item['workflow'] = get_wf_init(app.globals.get('user_id'))
role_hi = ACL_FALLSKJERM_HI.copy()
role_hi['org'] = item.get('discipline')
_, hi = get_person_from_role(role_hi)
item['organization'] = {'hi': hi}
item['acl'] = get_acl_init(app.globals.get('user_id'), item['discipline'])
except Exception as e:
return eve_abort(422, 'Could not create OBSREG')
def _ors_after_fetched(_response):
""" Modify response after GETing an observation
This hook checks if permission on each observation
If closed, then it will anonymize each observation wo w or x rights
"""
# Just to be sure, we remove all data if anything goes wrong!
# _response.set_data({})
if isinstance(_response, dict):
_response['acl_user'] = get_user_acl_mapping(_response.get('acl', {}))
# print('OBSREG state', _response.get('workflow', {}).get('state', 'NONE'))
# print('ACL', _response.get('acl', 'NONE'))
try:
if isinstance(_response, list):
for key, val in enumerate(_response):
# _response[key]['acl_user'] = user_persmissions(_response[key]['acl'], _response[key]['workflow']['state'])
_response[key]['acl_user'] = get_user_acl_mapping(_response[key]['acl'])
if _response[key]['workflow']['state'] == 'closed':
if has_nanon_permission(
resource_acl=_response[key].get('acl', []),
perm='execute',
state='closed',
model='sportsfly',
org=_response[key].get('discipline', 0)
) is False:
# _response[key]['acl_user'] = user_persmissions(_response[key]['acl'], 'closed')
_response[key] = anon.anonymize_ors(_response[key])
elif isinstance(_response, dict):
# _response['acl_user'] = user_persmissions(_response['acl'], _response['workflow']['state'])
_response['acl_user'] = get_user_acl_mapping(_response['acl'])
"""For item return nanon if roles match hi in club or fs"""
if _response.get('workflow', False) and 'state' in _response['workflow']:
if _response['workflow']['state'] == 'closed':
if has_nanon_permission(
resource_acl=_response['acl'],
perm='execute',
state='closed',
model='sportsfly',
org=_response.get('discipline', 0)
) is False:
_response = anon.anonymize_ors(_response)
except KeyError as e:
app.logger.info("Keyerror in hook error: {}".format(e))
return eve_abort(500,
'Server experienced problems (keyerror) anonymousing the observation and aborted as a safety measure')
except Exception as e:
app.logger.info("Unexpected error: {}".format(e))
return eve_abort(500,
'Server experienced problems (unknown) anonymousing the observation and aborted as a safety measure {}'.format(
e))
return _response
def __init__(self, person_id, app):
self.app = app
self.client = app.data.driver.db
self.col = self.client[app.globals['auth']['users_collection']]
try:
# user, last_modified, etag, status = getitem_internal(resource='users', **{'id': person_id})
user_ = list(self.col.find({'id': person_id}))
if len(user_) == 1:
self.user = user_[0]
elif user_ is None or len(user_) == 0:
status, merged_from = lungo.get_person_merged_from(person_id)
if status is True and len(merged_from) > 0:
status, person_from_merged = self.get_merged_user(merged_from)
if status is True and len(person_from_merged) > 0:
self.user = person_from_merged
else:
self.user = self._create_user(person_id)
else:
self.user = self._create_user(person_id)
else:
return eve_abort(500, 'Error getting the user')
self.person_id = person_id
except Exception as e:
if not is_mongo_alive():
return eve_abort(502, 'Network problems')
def _ors_after_fetched(_response):
# Just to be sure, we remove all data if anything goes wrong!
# response.set_data({})
if isinstance(_response, dict):
_response['acl_user'] = get_user_acl_mapping(_response.get('acl', {}))
try:
if isinstance(_response, list):
for key, val in enumerate(_response):
# _response[key]['acl_user'] = user_persmissions(_response[key]['acl'], _response[key]['workflow']['state'])
_response[key]['acl_user'] = get_user_acl_mapping(_response[key]['acl'])
if _response[key]['workflow']['state'] == 'closed':
if has_nanon_permission(
resource_acl=_response[key].get('acl', []),
perm='execute',
state='closed',
model='fallskjerm',
org=_response[key].get('discipline', 0)
) is False:
# _response[key]['acl_user'] = user_persmissions(_response[key]['acl'], 'closed')
_response[key] = anon.anonymize_ors(_response[key])
elif isinstance(_response, dict):
# _response['acl_user'] = user_persmissions(_response['acl'], _response['workflow']['state'])
# SocketIO
# broadcast('Somebody is looking at OBSREG#{}'.format(_response['id']))
_response['acl_user'] = get_user_acl_mapping(_response['acl'])
"""For item return nanon if roles match hi in club or fs"""
if _response.get('workflow', False) and 'state' in _response['workflow']:
if _response['workflow']['state'] == 'closed':
if has_nanon_permission(
resource_acl=_response.get('acl', []),
perm='execute',
state='closed',
model='fallskjerm',
org=_response.get('discipline', 0)
) is False:
_response = anon.anonymize_ors(_response)
except KeyError as e:
app.logger.info("Keyerror in hook error: {}".format(e))
return eve_abort(500,
'Server experienced problems (keyerror) anonymousing the observation and aborted as a safety measure')
except Exception as e:
app.logger.info("Unexpected error: {}".format(e))
return eve_abort(500,
'Server experienced problems (unknown) anonymousing the observation and aborted as a safety measure')
return _response
def before_post(request, payload=None):
print(request)
print(payload)
superadmin = helper.get_role_by_ref(ref='superadmin')
if superadmin in app.globals['acl']['roles']:
payload['owner'] = app.globals['user_id']
else:
eve_helper.eve_abort(404, 'No access to this item')
def search_user():
try:
err = True
result = []
num_results = 0
data = {}
message = 'No results'
col = app.data.driver.db['melwin_users']
q = request.args.get('q', default='', type=str)
max_results = request.args.get('max_results', default=25, type=int)
if len(q) > 2:
if q.isnumeric():
query = "/^%s.*/.test(this.id)" % q
r = col.find({"$where": query}, {"id": 1, "fullname": 1}).limit(max_results)
else:
regex = re.compile('[^a-zæøåA-ZÆØÅ\s]')
query = regex.sub('', q)
# re.sub('[^A-Zæøåa-zæøå]+', '', q)
r = col.find({"fullname": {"$regex": ".*%s.*" % query, "$options": "i"}}, {"id": 1, "fullname": 1}).limit(max_results)
num_results = r.count()
# We have a result set!
if r and num_results > 0:
message = "Found %s results" % num_results
err = False
for u in r:
if 'id' not in u:
continue
else:
result.append({'id': u['id'], 'fullname': u['fullname']})
else:
message = "You need at least 3 characters for searching"
# Build the result
data.update({'_meta': {'err': err, 'total': num_results, 'max_results': max_results, 'message': message}, '_items': result})
return eve_response(data)
except:
# 406, not acceptable
eve_abort(406, 'An error occurred searching for Melwin users')
def before_insert(items):
if app.globals.get('user_id') not in ACL_CONTENT_USERS:
return eve_abort(403, 'No access')
raise Exception
for document in items:
document['owner'] = app.globals.get('user_id')
def after_fetched_list(response):
try:
for key, item in enumerate(response.get('_items', [])):
response['_items'][key] = _anon(item)
except Exception as e:
print('Error', e)
return eve_abort(500, 'Anon file aborted')
def process_image_request(file_id, size):
""" Resizes images to size and returns a base64 encoded string representing
the image """
try:
sizes = {
'small': (140, 100),
'medium': (400, 300),
'large': (1200, 1000)
}
col = app.data.driver.db['files']
image = col.find_one({'_id': ObjectId(file_id)})
grid_fs = GridFS(app.data.driver.db)
if not grid_fs.exists(_id=image['file']):
return eve_abort(500, 'No file system found')
im_stream = grid_fs.get_last_version(_id=image['file'])
im = Image.open(im_stream)
if size != 'original':
im.thumbnail(sizes[size], Image.ANTIALIAS)
img_io = io.BytesIO()
im.save(img_io, 'PNG', quality=100)
img_io.seek(0)
encoded_img = base64.b64encode(img_io.read())
dict = {
'mimetype': 'image/png',
'encoding': 'base64',
'src': encoded_img
}
# Jsonify the dictionary and return it
return jsonify(**dict)
# Sends an image
# return send_file(img_io, mimetype='image/png')
except Exception as e:
pass
return eve_abort(404, 'Image not found or errors processing')
def after_fetched_item(response):
try:
response = _anon(response)
except Exception as e:
print('Error', e)
return eve_abort(500, 'Anon file aborted')
def has_permission():
try:
b64token = request.args.get('token', default=None, type=str)
token = base64.b64decode(b64token)[:-1]
auth = TokenAuth()
if not auth.check_auth(token=token.decode("utf-8"),
method=request.method,
resource=request.path[len(app.globals.get('prefix')):],
allowed_roles=None):
eve_abort(404, 'Please provide proper credentials')
except:
eve_abort(404, 'Please provide proper credentials')
return True
def has_permission():
try:
b64token = request.args.get('token', default=None, type=str)
token = base64.b64decode(b64token)[:-1]
auth = TokenAuth()
if not auth.check_auth(
token=token.decode("utf-8"),
method=request.method,
resource=request.path[len(app.globals.get('prefix')):],
allowed_roles=None):
return eve_abort(404, 'Please provide proper credentials')
except:
return eve_abort(404, 'Please provide proper credentials')
return True
def met_nearest_metar(icao, date):
try:
target_time = datetime.datetime.strptime(date, '%Y-%m-%dT%H:%M')
status, tafs, metars = get_taf_metar(icao, target_time.strftime('%Y-%m-%d'))
metar = get_nearest_metar(metars, target_time)
parsed = parse_metar(metar)
return eve_response({'metar': metar, 'parsed': '{}'.format(parsed)}, 200)
except Exception as e:
app.logger.error(e)
return eve_abort(404, 'Could not process {}'.format(e))
def met_parse(what, msg):
try:
if what == 'metar':
resp = parse_metar(msg)
elif what == 'taf':
resp = parse_taf(msg)
return eve_response({'decoded': resp, 'msg': msg}, 200)
except:
return eve_abort(404, 'Could not process')
def get_user():
"""A simple whoami
Only return 'I am username'"""
try:
response, last_modified, etag, status = getitem_internal(resource='users', **{'id': app.globals['id']})
if status == 200 and '_id' in response:
return eve_response(data={'iam': response['id']})
except:
app.logger.error("Unknown error in get_user")
return eve_abort(500, 'Unknown error occurred')
def get_user():
"""A simple whoami
Only return 'I am username'"""
try:
response, last_modified, etag, status = getitem_internal(
resource='users', **{'id': app.globals['id']})
if status == 200 and '_id' in response:
return eve_response(data={'iam': response['id']})
except:
app.logger.error("Unknown error in get_user")
return eve_abort(500, 'Unknown error occurred')
def acl(person_id):
status, function_acl = _acl_from_functions(person_id)
if status == 200:
function_acl = [{
'activity': i['activity'],
'org': i['org'],
'role': i['role'],
'type': i['type']
} for i in function_acl]
return eve_response(function_acl, 200)
return eve_abort(status)
def process_image_request(file_id, size):
""" Resizes images to size and returns a base64 encoded string representing
the image """
sizes = {'small': (140,100),
'medium': (400, 300),
'large': (1200, 1000)
}
col = app.data.driver.db['files']
image = col.find_one({'_id': ObjectId(file_id)})
grid_fs = GridFS(app.data.driver.db)
if not grid_fs.exists(_id=image['file']):
eve_abort(500, 'No file system found')
im_stream = grid_fs.get_last_version(_id=image['file'])
im = Image.open(im_stream)
if size != 'original':
im.thumbnail(sizes[size], Image.ANTIALIAS)
img_io = io.BytesIO()
im.save(img_io, 'PNG', quality=100)
img_io.seek(0)
encoded_img = base64.b64encode(img_io.read())
dict = {'mimetype': 'image/png',
'encoding': 'base64',
'src': encoded_img
}
# Jsonify the dictionary and return it
return jsonify(**dict)
def process_request(file_id):
""" This is the router actually for processing
"""
if has_permission():
col = app.data.driver.db['files']
file = col.find_one({'_id': ObjectId(file_id)})
if not file:
return eve_abort(404, 'No file found')
try:
grid_fs = GridFS(app.data.driver.db)
if not grid_fs.exists(_id=file['file']):
return eve_abort(404, 'No file found')
stream = grid_fs.get_last_version(_id=file['file'])
response = make_response(stream.read())
response.mimetype = stream.content_type
return response
except NoFile:
return eve_abort(404, 'No file found')
def get_club_hi(club):
groups = app.data.driver.db['acl_groups']
group = groups.find_one({'ref': club})
if group:
roles = app.data.driver.db['acl_roles']
role = roles.find_one({'group': group['_id'], 'ref': 'hi'})
if role:
users = app.data.driver.db['users']
hi = list(users.find({'acl.roles': {'$in': [role['_id']]}}))
r = []
if isinstance(hi, list):
for user in hi:
r.append(user['id'])
else:
r.append(hi['id'])
return eve_response(r)
eve_abort(501, 'Unknown error occurred')
def met_tafmetar(icao, date):
try:
# print(icao, date)
status, taf, metar = get_taf_metar(icao, date)
if status is True:
return eve_response({'taf': taf, 'metar': metar}, 200)
else:
# print(get_taf_metar(icao, date))
pass
except Exception as e:
app.logger.error(e)
return eve_abort(500, 'Could not process')
def ors_before_insert_item(item):
try:
if 'discipline' in item and item.get('discipline', 0) > 0:
ors_id = increment('ors_motorfly')
if ors_id:
item['id'] = ors_id
else:
return eve_abort(422,
'Could not create OBSREG, missing increment')
item['when'] = datetime.utcnow()
item['reporter'] = app.globals.get('user_id')
item['owner'] = app.globals.get('user_id')
item['watchers'] = [app.globals.get('user_id')]
item['workflow'] = get_wf_init(app.globals.get('user_id'))
item['organization'] = {}
_, _person_ors = get_person_from_role(ACL_MOTORFLY_ORS)
item['organization']['ors'] = _person_ors
persons_dto = ACL_MOTORFLY_CLUB_DTO.copy()
persons_dto['org'] = item.get('discipline')
_, _persons_dto = get_person_from_role(persons_dto)
item['organization']['dto'] = _persons_dto
persons_ftl = ACL_MOTORFLY_CLUB_FTL.copy()
persons_ftl['org'] = item.get('discipline')
_, _persons_ftl = get_person_from_role(persons_ftl)
item['organization']['ftl'] = _persons_ftl
item['acl'] = get_acl_init(app.globals.get('user_id'),
item.get('discipline'))
except Exception as e:
return eve_abort(422, 'Could not create OBSREG')
def init_acl(dict_app, **extra):
""" Set user as read, write and execute!
Only the current user since this is the POST to DRAFT
@todo: Investigate wether to keep in workflow or not.
"""
if request.method == 'POST':
c_app = dict_app.get('app')
r = dict_app.get('payload')
club = request.get_json().get('club')
_id = r.get('_id')
obs = c_app.data.driver.db['observations']
# Add hi to the mix!
groups = app.data.driver.db['acl_groups']
group = groups.find_one({'ref': club})
if group and group.get('_id', False):
roles = app.data.driver.db['acl_roles']
role = roles.find_one({'group': ObjectId(group['_id']), 'ref': 'hi'})
if role and role.get('_id', False):
users = app.data.driver.db['users']
hi = list(users.find({'acl.roles': {'$in': [ObjectId(role['_id'])]}}))
his = []
if isinstance(hi, list):
for user in hi:
his.append(user['id'])
elif hi.get('id', False):
his.append(hi['id'])
else:
his = []
roles = [role.get('_id')]
else:
eve_abort(400, 'No HI for club %s' % club)
else:
eve_abort(400, 'No group for club %s' % club)
# Adds user and hi!
try:
acl = {'read': {'users': [app.globals.get('user_id')], 'groups': [], 'roles': roles},
'write': {'users': [app.globals.get('user_id')], 'groups': [], 'roles': []},
'execute': {'users': [app.globals.get('user_id')], 'groups': [], 'roles': []}
}
test = obs.update_one({'_id': ObjectId(_id)}, {'$set': {'acl': acl}})
obs.update_one({'_id': ObjectId(_id)}, {'$set': {'organization.hi': his}})
except:
eve_abort(503, 'THe database would not comply with our demands')
def lungo(path):
# print('{}'.format(request.args))
resp = requests.get('{}/{}'.format(LUNGO_URL, path),
params=request.args.to_dict(),
headers=LUNGO_HEADERS,
verify=app.config.get('REQUESTS_VERIFY', True))
try:
return eve_response(resp.json(), resp.status_code)
except Exception as e:
app.logger.exception('Error in Lungo response')
app.logger.error(resp.text)
return eve_abort(502, 'Unknown error')
def whoami():
try:
token = request.authorization.get('username', None)
if token in users.keys():
client = users.get(token, {})
# Convert keys back to normal url
client['resources'] = {
k.replace('_', '/'): v
for k, v in users[token].get('resources', {}).items()
}
return eve_response(client, 200)
except:
pass
return eve_abort(403)
def ors_before_insert_item(item):
try:
if 'discipline' in item and item.get('discipline', 0) > 0:
ors_id = increment('ors_sportsfly')
if ors_id:
item['id'] = ors_id
else:
return eve_abort(422, 'Could not create OBSREG, missing increment')
item['when'] = datetime.utcnow()
item['reporter'] = app.globals.get('user_id')
item['owner'] = app.globals.get('user_id')
item['watchers'] = [app.globals.get('user_id')]
item['workflow'] = get_wf_init(app.globals.get('user_id'))
item['organization'] = {}
_, _person_ors = get_person_from_role(ACL_SPORTSFLY_ORS)
item['organization']['ors'] = _person_ors
persons_ftu = ACL_SPORTSFLY_FTU.copy()
persons_ftu['org'] = item.get('discipline')
_, _persons_ftu = get_person_from_role(persons_ftu)
item['organization']['ftu'] = _persons_ftu
persons_ol = ACL_SPORTSFLY_CLUB_OPERATIV_LEDER.copy()
persons_ol['org'] = item.get('discipline')
_, _persons_ol = get_person_from_role(persons_ol)
item['organization']['ol'] = _persons_ol
item['acl'] = get_acl_init(app.globals.get('user_id'), item.get('discipline'))
except Exception as e:
return eve_abort(422, 'Could not create OBSREG')
def met_get_metar_dict(icao):
try:
status, taf, metar = get_taf_metar(icao)
if len(metar) > 0:
resp = get_metar_as_dict(Metar.Metar(metar[-1]))
else:
status, metar = get_metar(icao)
if len(metar) > 0:
resp = get_metar_as_dict(Metar.Metar(metar[-1]))
else:
resp = {}
return eve_response({'icao': icao, 'metar': resp})
except Exception as e:
app.logger.error(e)
return eve_abort(404, 'Could not process')
def before_aggregation(endpoint, pipeline):
"""Before get or aggregation, check permissions
If OBSREG is closed, none?"""
if endpoint == 'notifications_events':
_id = pipeline[0].get('$match', {}).get('event_from_id')
resource = pipeline[0].get('$match', {}).get('event_from')
item, _date, etag, status = getitem_internal(resource, **{'_id': _id})
if (
(item.get('workflow', {}).get('state', 'closed') == 'closed' and item.get('acl_user', {}).get('x',
False) is False)
or
(item.get('acl_user', {}).get('r', False) is False)
):
return eve_abort(403, 'No access')
def acl_simple(person_id):
status, function_acl = _acl_from_functions(person_id)
if status == 200:
simple_acl = []
for a in function_acl:
if a['activity'] in list(
NLF_ORG.keys()): # and a['role'] in [10000000]:
simple_acl.append('{}_{}'.format(
NLF_ORG[a['activity']].strip(),
re.sub(r'[^a-zæøåA-ZÆØÅ0-9]', '_',
a.get('name', '')).lower().strip('_').strip()))
return eve_response(list(set(simple_acl)), 200)
return eve_abort(status)
def process_request(file_id):
""" This is the router actially for processing
"""
if has_permission():
col = app.data.driver.db['files']
file = col.find_one({'_id': ObjectId(file_id)})
if not file:
eve_abort(404, 'No file found')
try:
grid_fs = GridFS(app.data.driver.db)
if not grid_fs.exists(_id=file['file']):
eve_abort(404, 'No file found')
stream = grid_fs.get_last_version(_id=file['file'])
response = make_response(stream.read())
response.mimetype = stream.content_type
return response
except NoFile:
eve_abort(404, 'No file found')
def after_get(request, response):
""" Modify response after GETing an observation
This hook checks if permission on each observation
If closed, then it will anonymize each observation wo w or x rights
"""
d = json.loads(response.get_data().decode('UTF-8'))
# Just to be sure, we remove all data if anything goes wrong!
# response.set_data({})
changed = False
try:
if '_items' in d:
if request.args.get('version') == 'diffs':
id = d['_items'][0]['_id']
if d['_items'][0]['workflow']['state'] == 'closed':
for key, val in enumerate(d['_items']):
if not anon.has_permission_obs(id, 'execute'):
d['_items'][key] = anon.anonymize_obs(d['_items'][key])
changed = True
else:
for key, val in enumerate(d['_items']):
if d['_items'][key]['workflow']['state'] == 'closed':
if not anon.has_permission_obs(d['_items'][key]['_id'], 'execute'):
d['_items'][key] = anon.anonymize_obs(d['_items'][key])
changed = True
else:
"""For item return nanon if roles match hi in club or fs"""
try:
helper = h.Helpers()
if helper.get_role_hi(d['club']) in app.globals['acl']['roles'] \
or helper.get_role_fs() in app.globals['acl']['roles']:
response.set_data(json.dumps(d))
return
except:
app.logger.error("Could not check roles in anon for %i" %app.globals['id'])
if d.get('workflow', False) and 'state' in d['workflow']:
if d['workflow']['state'] == 'closed':
if not anon.has_permission_obs(d['_id'], 'execute'):
d = anon.anonymize_obs(d)
changed = True
if d.get('weather', False):
if d['weather'].get('auto', False):
if d['weather']['auto'].get('taf', False):
try:
import pytaf
taf_raw = d['weather']['auto'].get('taf')
# print(taf_raw[17:])
taf = pytaf.TAF(taf_raw[17:])
decoder = pytaf.Decoder(taf)
d['weather']['auto'].update({'taf_decoded': decoder.decode_taf()})
except:
app.logger.info("ERR TAF ", sys.exc_info()[0])
pass
if d['weather']['auto'].get('metar', False):
try:
from metar import Metar
met = Metar.Metar("METAR %s" % d['weather']['auto']['metar'][17:])
d['weather']['auto'].update({'metar_decoded': met.string()})
except:
app.logger.info("ERR Metar ", sys.exc_info()[0])
pass
if changed:
response.set_data(json.dumps(d))
changed = False
except KeyError:
app.logger.info("Keyerror in hook", sys.exc_info()[0])
eve_helper.eve_abort(500, 'Server experienced problems (keyerror) anonymousing the observation and aborted as a safety measure')
except:
app.logger.info("Unexpected error: ", sys.exc_info()[0])
eve_helper.eve_abort(500, 'Server experienced problems (unknown) anonymousing the observation and aborted as a safety measure')
def login():
username = None
password = None
logged_in = False
m = Melwin()
if m is None:
app.logger.critical("Melwin service unavailable")
eve_abort('503', 'Melwin service is unavailable')
# Request via json
rq = request.get_json()
try:
username = rq['username']
password = rq['password']
except:
# Now it will fail in the next if
pass
if username == 'access_token':
try:
public_key = _get_public_key()
decoded_token = jwt.decode(password, public_key, issuer=ISSUER, algorithm='HS256')
logged_in = True
username = decoded_token.get('melwin_id', None)
if username is None:
eve_abort(401, 'Could not validate the token, could not find username')
else:
# print('Username', username)
username = int(username)
except jwt.exceptions.InvalidTokenError:
logged_in = False
eve_abort(401, 'Could not validate the token, InvalidTokenError')
except jwt.exceptions.InvalidSignatureError:
logged_in = False
eve_abort(401, 'Could not validate the token, InvalidSignatureError')
except jwt.exceptions.InvalidIssuerError:
logged_in = False
eve_abort(401, 'Could not validate the token, InvalidIssuerError')
except jwt.exceptions.ExpiredSignatureError:
logged_in = False
eve_abort(401, 'Could not validate the token, ExpiredSignatureError')
except Exception as e:
logged_in = False
eve_abort(401, 'Could not validate your token {}'.format(e))
else:
try:
username = int(username)
logged_in = m.login(username, password)
except:
logged_in = False
eve_abort(503, 'Could not log you into Melwin') # isinstance(username, int) and len(password) == 9 and
# Now process user and successful authentication
if logged_in is True:
try:
user, last_modified, etag, status = getitem_internal(resource='users', **{'id': username})
except:
user = None
if not is_mongo_alive():
eve_abort(502, 'Network problems')
# If not existing, make from melwin!
if user is None or status != 200:
if not create_user(username):
app.logger.error("502: Could not create user %i from Melwin" % username)
eve_abort(502, 'Could not create user from Melwin')
else:
app.logger.info("Created user %i" % username)
# token = uuid5(uuid4(),rq['username'])
token = uuid4().hex
# valid = utc.replace(hours=+2) # @bug: utc and cet!!!
utc = arrow.utcnow()
valid = utc.replace(seconds=+app.config['AUTH_SESSION_LENGHT'])
# Pure datetime
# valid = datetime.datetime.now() + datetime.timedelta(seconds=60)
try:
response, last_modified, etag, status = patch_internal('users/auth',
payload={'auth': {'token': token,
'valid': valid.datetime}},
concurrency_check=False, **{'id': username})
if status != 200:
app.logger.error("Could not insert token for %i" % username)
except:
app.logger.exception("Could not update user %i auth token" % username)
eve_abort(500, "Could not update user %i auth token" % username)
t = '%s:' % token
b64 = b64encode(t.encode('utf-8'))
"""return jsonify(**{'success': True,
'token': token,
'token64': b64,
'valid': valid,
})"""
return eve_response(data={'success': True,
'username': username,
'token': token,
'token64': b64.decode('utf-8'),
'valid': valid.datetime},
status=200)
# On error sleep a little against brute force
sleep(1)
return eve_response({'success': False, 'username': None, 'token': None, 'token64': None, 'valid': None,
'message': 'Wrong username or password'})
def wrapped(*args, **kwargs):
if app.globals.get('user_id', 0) not in ACL_SUPERADMINS:
return eve_abort(401, 'You do not have sufficient privileges')
return f(*args, **kwargs)
def login():
"""
Sjekk med persons/merged først før man lager ny!
id in [i['id'] for i in d] der d= _items[0]
:return:
"""
username = None
password = None
token_valid = False
# Request via json
rq = request.get_json()
try:
username = rq['username']
password = rq['password']
except:
# Now it will fail in the next if
pass
if username == 'access_token':
try:
public_key = _get_public_key()
decoded_token = jwt.decode(password,
public_key,
issuer=ISSUER,
algorithms=['RS256'])
token_valid = True
# melwin_id or person_id
person_id = decoded_token.get('person_id', None)
if person_id is None:
return eve_abort(
401,
'Could not validate the token, could not find username')
else:
# print('Username', person_id)
_user = User(int(person_id), app)
except jwt.exceptions.InvalidTokenError:
token_valid = False
return eve_abort(
401, 'Could not validate the token, InvalidTokenError')
except jwt.exceptions.InvalidSignatureError:
token_valid = False
return eve_abort(
401, 'Could not validate the token, InvalidSignatureError')
except jwt.exceptions.InvalidIssuerError:
token_valid = False
return eve_abort(
401, 'Could not validate the token, InvalidIssuerError')
except jwt.exceptions.ExpiredSignatureError:
token_valid = False
return eve_abort(
401, 'Could not validate the token, ExpiredSignatureError')
except Exception as e:
token_valid = False
return eve_abort(401, 'Could not validate your token {}'.format(e))
else:
return eve_abort(401, 'Could not make sense of your request')
# Now process user and successful authentication
if token_valid is True and _user.user is not None:
"""
This is where one needs to verify if person has been merged!!
If merged then lookup like {'id': {'$in': [all_person_ids]}} and then find the person_id used here
THEN update global, blinker signal 'person-merged'?
"""
# token = uuid5(uuid4(),rq['username'])
token = uuid4().hex
# valid = utc.replace(hours=+2) # @bug: utc and cet!!!
# utc = datetime.utcnow() #arrow.utcnow()
valid = datetime.utcnow() + timedelta(
seconds=app.config['AUTH_SESSION_LENGHT'])
# utc.shift(seconds=+app.config['AUTH_SESSION_LENGHT'])
# Pure datetime
# valid = datetime.now() + datetime.timedelta(seconds=60)
try:
acl_status, acl = lungo.get_person_acl(_user.person_id)
if acl_status is False:
acl = []
response, _, _, status = patch_internal(
resource='users_auth',
payload={
'auth': {
'token': token,
'valid': valid
}, # Arrow utc.datetime
'acl': [{
'activity': a['activity'],
'org': a['org'],
'role': a['role']
} for a in acl],
},
concurrency_check=False,
**{'id': _user.person_id})
if status in [200, 201]:
t = '%s:' % token
b64 = b64encode(t.encode('utf-8'))
_, activities = lungo.get_person_activities(_user.person_id)
return eve_response(data={
'success': True,
'username': _user.person_id,
'token': token,
'token64': b64.decode('utf-8'),
'valid': valid,
'activities': activities,
'acl': acl,
'_id': str(_user.user.get('_id')),
'_etag': _user.user.get('_etag', None),
'settings': _user.user.get('settings', {})
},
status=200)
else:
app.logger.error("Could not insert token for %i" %
_user.user.get('id'))
except Exception as e:
app.logger.exception("Could not update user %s auth token:" %
_user.person_id)
app.logger.exception(e)
return eve_abort(
500, "Could not update user %i auth token" % _user.person_id)
# On error sleep a little against brute force
sleep(1)
return eve_response(data={
'success': False,
'username': None,
'token': None,
'token64': None,
'valid': None,
'activities': [],
'acl': [],
'settings': None,
'_id': None,
'_etag': None,
'message': 'Wrong username or password'
},
status=200)
