def wrapped(*args, **kwargs): h = None # Helpers() if int(app.globals['user_id']) not in h.get_superadmins( ): # [99999]: # # # eve_abort(401, 'You do not have sufficient privileges') return f(*args, **kwargs)
def wrapped(*args, **kwargs): try: # print(request.headers.get('User-Agent')) # No authorization in request # Let it raise an exception try: authorization_token = request.authorization.get( 'username', None) except Exception as e: raise AuthenticationFailed # Do the authentication # Need to remove prefix + / for request.path auth = NlfTokenAuth() auth_result = auth.check_auth( token=authorization_token, # Token method=request.method, resource=request.path[len(app.globals.get('prefix')) + 1:], allowed_roles=allowed_roles) if auth_result is not True: raise AuthenticationFailed # Catch exceptions and handle correctly except AuthenticationFailed: eve_abort(401, 'Please provide proper credentials') except Exception as e: eve_abort(500, 'Server error') return f(*args, **kwargs)
def ors_before_insert_item(item): try: if 'discipline' in item and item.get('discipline', 0) > 0: ors_id = increment('ors_fallskjerm') if ors_id: item['id'] = ors_id else: return eve_abort(422, 'Could not create OBSREG, missing increment') item['when'] = datetime.utcnow() item['reporter'] = app.globals.get('user_id') item['owner'] = app.globals.get('user_id') item['watchers'] = [app.globals.get('user_id')] item['workflow'] = get_wf_init(app.globals.get('user_id')) role_hi = ACL_FALLSKJERM_HI.copy() role_hi['org'] = item.get('discipline') _, hi = get_person_from_role(role_hi) item['organization'] = {'hi': hi} item['acl'] = get_acl_init(app.globals.get('user_id'), item['discipline']) except Exception as e: return eve_abort(422, 'Could not create OBSREG')
def _ors_after_fetched(_response): """ Modify response after GETing an observation This hook checks if permission on each observation If closed, then it will anonymize each observation wo w or x rights """ # Just to be sure, we remove all data if anything goes wrong! # _response.set_data({}) if isinstance(_response, dict): _response['acl_user'] = get_user_acl_mapping(_response.get('acl', {})) # print('OBSREG state', _response.get('workflow', {}).get('state', 'NONE')) # print('ACL', _response.get('acl', 'NONE')) try: if isinstance(_response, list): for key, val in enumerate(_response): # _response[key]['acl_user'] = user_persmissions(_response[key]['acl'], _response[key]['workflow']['state']) _response[key]['acl_user'] = get_user_acl_mapping(_response[key]['acl']) if _response[key]['workflow']['state'] == 'closed': if has_nanon_permission( resource_acl=_response[key].get('acl', []), perm='execute', state='closed', model='sportsfly', org=_response[key].get('discipline', 0) ) is False: # _response[key]['acl_user'] = user_persmissions(_response[key]['acl'], 'closed') _response[key] = anon.anonymize_ors(_response[key]) elif isinstance(_response, dict): # _response['acl_user'] = user_persmissions(_response['acl'], _response['workflow']['state']) _response['acl_user'] = get_user_acl_mapping(_response['acl']) """For item return nanon if roles match hi in club or fs""" if _response.get('workflow', False) and 'state' in _response['workflow']: if _response['workflow']['state'] == 'closed': if has_nanon_permission( resource_acl=_response['acl'], perm='execute', state='closed', model='sportsfly', org=_response.get('discipline', 0) ) is False: _response = anon.anonymize_ors(_response) except KeyError as e: app.logger.info("Keyerror in hook error: {}".format(e)) return eve_abort(500, 'Server experienced problems (keyerror) anonymousing the observation and aborted as a safety measure') except Exception as e: app.logger.info("Unexpected error: {}".format(e)) return eve_abort(500, 'Server experienced problems (unknown) anonymousing the observation and aborted as a safety measure {}'.format( e)) return _response
def __init__(self, person_id, app): self.app = app self.client = app.data.driver.db self.col = self.client[app.globals['auth']['users_collection']] try: # user, last_modified, etag, status = getitem_internal(resource='users', **{'id': person_id}) user_ = list(self.col.find({'id': person_id})) if len(user_) == 1: self.user = user_[0] elif user_ is None or len(user_) == 0: status, merged_from = lungo.get_person_merged_from(person_id) if status is True and len(merged_from) > 0: status, person_from_merged = self.get_merged_user(merged_from) if status is True and len(person_from_merged) > 0: self.user = person_from_merged else: self.user = self._create_user(person_id) else: self.user = self._create_user(person_id) else: return eve_abort(500, 'Error getting the user') self.person_id = person_id except Exception as e: if not is_mongo_alive(): return eve_abort(502, 'Network problems')
def _ors_after_fetched(_response): # Just to be sure, we remove all data if anything goes wrong! # response.set_data({}) if isinstance(_response, dict): _response['acl_user'] = get_user_acl_mapping(_response.get('acl', {})) try: if isinstance(_response, list): for key, val in enumerate(_response): # _response[key]['acl_user'] = user_persmissions(_response[key]['acl'], _response[key]['workflow']['state']) _response[key]['acl_user'] = get_user_acl_mapping(_response[key]['acl']) if _response[key]['workflow']['state'] == 'closed': if has_nanon_permission( resource_acl=_response[key].get('acl', []), perm='execute', state='closed', model='fallskjerm', org=_response[key].get('discipline', 0) ) is False: # _response[key]['acl_user'] = user_persmissions(_response[key]['acl'], 'closed') _response[key] = anon.anonymize_ors(_response[key]) elif isinstance(_response, dict): # _response['acl_user'] = user_persmissions(_response['acl'], _response['workflow']['state']) # SocketIO # broadcast('Somebody is looking at OBSREG#{}'.format(_response['id'])) _response['acl_user'] = get_user_acl_mapping(_response['acl']) """For item return nanon if roles match hi in club or fs""" if _response.get('workflow', False) and 'state' in _response['workflow']: if _response['workflow']['state'] == 'closed': if has_nanon_permission( resource_acl=_response.get('acl', []), perm='execute', state='closed', model='fallskjerm', org=_response.get('discipline', 0) ) is False: _response = anon.anonymize_ors(_response) except KeyError as e: app.logger.info("Keyerror in hook error: {}".format(e)) return eve_abort(500, 'Server experienced problems (keyerror) anonymousing the observation and aborted as a safety measure') except Exception as e: app.logger.info("Unexpected error: {}".format(e)) return eve_abort(500, 'Server experienced problems (unknown) anonymousing the observation and aborted as a safety measure') return _response
def before_post(request, payload=None): print(request) print(payload) superadmin = helper.get_role_by_ref(ref='superadmin') if superadmin in app.globals['acl']['roles']: payload['owner'] = app.globals['user_id'] else: eve_helper.eve_abort(404, 'No access to this item')
def search_user(): try: err = True result = [] num_results = 0 data = {} message = 'No results' col = app.data.driver.db['melwin_users'] q = request.args.get('q', default='', type=str) max_results = request.args.get('max_results', default=25, type=int) if len(q) > 2: if q.isnumeric(): query = "/^%s.*/.test(this.id)" % q r = col.find({"$where": query}, {"id": 1, "fullname": 1}).limit(max_results) else: regex = re.compile('[^a-zæøåA-ZÆØÅ\s]') query = regex.sub('', q) # re.sub('[^A-Zæøåa-zæøå]+', '', q) r = col.find({"fullname": {"$regex": ".*%s.*" % query, "$options": "i"}}, {"id": 1, "fullname": 1}).limit(max_results) num_results = r.count() # We have a result set! if r and num_results > 0: message = "Found %s results" % num_results err = False for u in r: if 'id' not in u: continue else: result.append({'id': u['id'], 'fullname': u['fullname']}) else: message = "You need at least 3 characters for searching" # Build the result data.update({'_meta': {'err': err, 'total': num_results, 'max_results': max_results, 'message': message}, '_items': result}) return eve_response(data) except: # 406, not acceptable eve_abort(406, 'An error occurred searching for Melwin users')
def before_insert(items): if app.globals.get('user_id') not in ACL_CONTENT_USERS: return eve_abort(403, 'No access') raise Exception for document in items: document['owner'] = app.globals.get('user_id')
def after_fetched_list(response): try: for key, item in enumerate(response.get('_items', [])): response['_items'][key] = _anon(item) except Exception as e: print('Error', e) return eve_abort(500, 'Anon file aborted')
def process_image_request(file_id, size): """ Resizes images to size and returns a base64 encoded string representing the image """ try: sizes = { 'small': (140, 100), 'medium': (400, 300), 'large': (1200, 1000) } col = app.data.driver.db['files'] image = col.find_one({'_id': ObjectId(file_id)}) grid_fs = GridFS(app.data.driver.db) if not grid_fs.exists(_id=image['file']): return eve_abort(500, 'No file system found') im_stream = grid_fs.get_last_version(_id=image['file']) im = Image.open(im_stream) if size != 'original': im.thumbnail(sizes[size], Image.ANTIALIAS) img_io = io.BytesIO() im.save(img_io, 'PNG', quality=100) img_io.seek(0) encoded_img = base64.b64encode(img_io.read()) dict = { 'mimetype': 'image/png', 'encoding': 'base64', 'src': encoded_img } # Jsonify the dictionary and return it return jsonify(**dict) # Sends an image # return send_file(img_io, mimetype='image/png') except Exception as e: pass return eve_abort(404, 'Image not found or errors processing')
def after_fetched_item(response): try: response = _anon(response) except Exception as e: print('Error', e) return eve_abort(500, 'Anon file aborted')
def has_permission(): try: b64token = request.args.get('token', default=None, type=str) token = base64.b64decode(b64token)[:-1] auth = TokenAuth() if not auth.check_auth(token=token.decode("utf-8"), method=request.method, resource=request.path[len(app.globals.get('prefix')):], allowed_roles=None): eve_abort(404, 'Please provide proper credentials') except: eve_abort(404, 'Please provide proper credentials') return True
def has_permission(): try: b64token = request.args.get('token', default=None, type=str) token = base64.b64decode(b64token)[:-1] auth = TokenAuth() if not auth.check_auth( token=token.decode("utf-8"), method=request.method, resource=request.path[len(app.globals.get('prefix')):], allowed_roles=None): return eve_abort(404, 'Please provide proper credentials') except: return eve_abort(404, 'Please provide proper credentials') return True
def met_nearest_metar(icao, date): try: target_time = datetime.datetime.strptime(date, '%Y-%m-%dT%H:%M') status, tafs, metars = get_taf_metar(icao, target_time.strftime('%Y-%m-%d')) metar = get_nearest_metar(metars, target_time) parsed = parse_metar(metar) return eve_response({'metar': metar, 'parsed': '{}'.format(parsed)}, 200) except Exception as e: app.logger.error(e) return eve_abort(404, 'Could not process {}'.format(e))
def met_parse(what, msg): try: if what == 'metar': resp = parse_metar(msg) elif what == 'taf': resp = parse_taf(msg) return eve_response({'decoded': resp, 'msg': msg}, 200) except: return eve_abort(404, 'Could not process')
def get_user(): """A simple whoami Only return 'I am username'""" try: response, last_modified, etag, status = getitem_internal(resource='users', **{'id': app.globals['id']}) if status == 200 and '_id' in response: return eve_response(data={'iam': response['id']}) except: app.logger.error("Unknown error in get_user") return eve_abort(500, 'Unknown error occurred')
def get_user(): """A simple whoami Only return 'I am username'""" try: response, last_modified, etag, status = getitem_internal( resource='users', **{'id': app.globals['id']}) if status == 200 and '_id' in response: return eve_response(data={'iam': response['id']}) except: app.logger.error("Unknown error in get_user") return eve_abort(500, 'Unknown error occurred')
def acl(person_id): status, function_acl = _acl_from_functions(person_id) if status == 200: function_acl = [{ 'activity': i['activity'], 'org': i['org'], 'role': i['role'], 'type': i['type'] } for i in function_acl] return eve_response(function_acl, 200) return eve_abort(status)
def process_image_request(file_id, size): """ Resizes images to size and returns a base64 encoded string representing the image """ sizes = {'small': (140,100), 'medium': (400, 300), 'large': (1200, 1000) } col = app.data.driver.db['files'] image = col.find_one({'_id': ObjectId(file_id)}) grid_fs = GridFS(app.data.driver.db) if not grid_fs.exists(_id=image['file']): eve_abort(500, 'No file system found') im_stream = grid_fs.get_last_version(_id=image['file']) im = Image.open(im_stream) if size != 'original': im.thumbnail(sizes[size], Image.ANTIALIAS) img_io = io.BytesIO() im.save(img_io, 'PNG', quality=100) img_io.seek(0) encoded_img = base64.b64encode(img_io.read()) dict = {'mimetype': 'image/png', 'encoding': 'base64', 'src': encoded_img } # Jsonify the dictionary and return it return jsonify(**dict)
def process_request(file_id): """ This is the router actually for processing """ if has_permission(): col = app.data.driver.db['files'] file = col.find_one({'_id': ObjectId(file_id)}) if not file: return eve_abort(404, 'No file found') try: grid_fs = GridFS(app.data.driver.db) if not grid_fs.exists(_id=file['file']): return eve_abort(404, 'No file found') stream = grid_fs.get_last_version(_id=file['file']) response = make_response(stream.read()) response.mimetype = stream.content_type return response except NoFile: return eve_abort(404, 'No file found')
def get_club_hi(club): groups = app.data.driver.db['acl_groups'] group = groups.find_one({'ref': club}) if group: roles = app.data.driver.db['acl_roles'] role = roles.find_one({'group': group['_id'], 'ref': 'hi'}) if role: users = app.data.driver.db['users'] hi = list(users.find({'acl.roles': {'$in': [role['_id']]}})) r = [] if isinstance(hi, list): for user in hi: r.append(user['id']) else: r.append(hi['id']) return eve_response(r) eve_abort(501, 'Unknown error occurred')
def met_tafmetar(icao, date): try: # print(icao, date) status, taf, metar = get_taf_metar(icao, date) if status is True: return eve_response({'taf': taf, 'metar': metar}, 200) else: # print(get_taf_metar(icao, date)) pass except Exception as e: app.logger.error(e) return eve_abort(500, 'Could not process')
def ors_before_insert_item(item): try: if 'discipline' in item and item.get('discipline', 0) > 0: ors_id = increment('ors_motorfly') if ors_id: item['id'] = ors_id else: return eve_abort(422, 'Could not create OBSREG, missing increment') item['when'] = datetime.utcnow() item['reporter'] = app.globals.get('user_id') item['owner'] = app.globals.get('user_id') item['watchers'] = [app.globals.get('user_id')] item['workflow'] = get_wf_init(app.globals.get('user_id')) item['organization'] = {} _, _person_ors = get_person_from_role(ACL_MOTORFLY_ORS) item['organization']['ors'] = _person_ors persons_dto = ACL_MOTORFLY_CLUB_DTO.copy() persons_dto['org'] = item.get('discipline') _, _persons_dto = get_person_from_role(persons_dto) item['organization']['dto'] = _persons_dto persons_ftl = ACL_MOTORFLY_CLUB_FTL.copy() persons_ftl['org'] = item.get('discipline') _, _persons_ftl = get_person_from_role(persons_ftl) item['organization']['ftl'] = _persons_ftl item['acl'] = get_acl_init(app.globals.get('user_id'), item.get('discipline')) except Exception as e: return eve_abort(422, 'Could not create OBSREG')
def init_acl(dict_app, **extra): """ Set user as read, write and execute! Only the current user since this is the POST to DRAFT @todo: Investigate wether to keep in workflow or not. """ if request.method == 'POST': c_app = dict_app.get('app') r = dict_app.get('payload') club = request.get_json().get('club') _id = r.get('_id') obs = c_app.data.driver.db['observations'] # Add hi to the mix! groups = app.data.driver.db['acl_groups'] group = groups.find_one({'ref': club}) if group and group.get('_id', False): roles = app.data.driver.db['acl_roles'] role = roles.find_one({'group': ObjectId(group['_id']), 'ref': 'hi'}) if role and role.get('_id', False): users = app.data.driver.db['users'] hi = list(users.find({'acl.roles': {'$in': [ObjectId(role['_id'])]}})) his = [] if isinstance(hi, list): for user in hi: his.append(user['id']) elif hi.get('id', False): his.append(hi['id']) else: his = [] roles = [role.get('_id')] else: eve_abort(400, 'No HI for club %s' % club) else: eve_abort(400, 'No group for club %s' % club) # Adds user and hi! try: acl = {'read': {'users': [app.globals.get('user_id')], 'groups': [], 'roles': roles}, 'write': {'users': [app.globals.get('user_id')], 'groups': [], 'roles': []}, 'execute': {'users': [app.globals.get('user_id')], 'groups': [], 'roles': []} } test = obs.update_one({'_id': ObjectId(_id)}, {'$set': {'acl': acl}}) obs.update_one({'_id': ObjectId(_id)}, {'$set': {'organization.hi': his}}) except: eve_abort(503, 'THe database would not comply with our demands')
def lungo(path): # print('{}'.format(request.args)) resp = requests.get('{}/{}'.format(LUNGO_URL, path), params=request.args.to_dict(), headers=LUNGO_HEADERS, verify=app.config.get('REQUESTS_VERIFY', True)) try: return eve_response(resp.json(), resp.status_code) except Exception as e: app.logger.exception('Error in Lungo response') app.logger.error(resp.text) return eve_abort(502, 'Unknown error')
def whoami(): try: token = request.authorization.get('username', None) if token in users.keys(): client = users.get(token, {}) # Convert keys back to normal url client['resources'] = { k.replace('_', '/'): v for k, v in users[token].get('resources', {}).items() } return eve_response(client, 200) except: pass return eve_abort(403)
def ors_before_insert_item(item): try: if 'discipline' in item and item.get('discipline', 0) > 0: ors_id = increment('ors_sportsfly') if ors_id: item['id'] = ors_id else: return eve_abort(422, 'Could not create OBSREG, missing increment') item['when'] = datetime.utcnow() item['reporter'] = app.globals.get('user_id') item['owner'] = app.globals.get('user_id') item['watchers'] = [app.globals.get('user_id')] item['workflow'] = get_wf_init(app.globals.get('user_id')) item['organization'] = {} _, _person_ors = get_person_from_role(ACL_SPORTSFLY_ORS) item['organization']['ors'] = _person_ors persons_ftu = ACL_SPORTSFLY_FTU.copy() persons_ftu['org'] = item.get('discipline') _, _persons_ftu = get_person_from_role(persons_ftu) item['organization']['ftu'] = _persons_ftu persons_ol = ACL_SPORTSFLY_CLUB_OPERATIV_LEDER.copy() persons_ol['org'] = item.get('discipline') _, _persons_ol = get_person_from_role(persons_ol) item['organization']['ol'] = _persons_ol item['acl'] = get_acl_init(app.globals.get('user_id'), item.get('discipline')) except Exception as e: return eve_abort(422, 'Could not create OBSREG')
def met_get_metar_dict(icao): try: status, taf, metar = get_taf_metar(icao) if len(metar) > 0: resp = get_metar_as_dict(Metar.Metar(metar[-1])) else: status, metar = get_metar(icao) if len(metar) > 0: resp = get_metar_as_dict(Metar.Metar(metar[-1])) else: resp = {} return eve_response({'icao': icao, 'metar': resp}) except Exception as e: app.logger.error(e) return eve_abort(404, 'Could not process')
def before_aggregation(endpoint, pipeline): """Before get or aggregation, check permissions If OBSREG is closed, none?""" if endpoint == 'notifications_events': _id = pipeline[0].get('$match', {}).get('event_from_id') resource = pipeline[0].get('$match', {}).get('event_from') item, _date, etag, status = getitem_internal(resource, **{'_id': _id}) if ( (item.get('workflow', {}).get('state', 'closed') == 'closed' and item.get('acl_user', {}).get('x', False) is False) or (item.get('acl_user', {}).get('r', False) is False) ): return eve_abort(403, 'No access')
def acl_simple(person_id): status, function_acl = _acl_from_functions(person_id) if status == 200: simple_acl = [] for a in function_acl: if a['activity'] in list( NLF_ORG.keys()): # and a['role'] in [10000000]: simple_acl.append('{}_{}'.format( NLF_ORG[a['activity']].strip(), re.sub(r'[^a-zæøåA-ZÆØÅ0-9]', '_', a.get('name', '')).lower().strip('_').strip())) return eve_response(list(set(simple_acl)), 200) return eve_abort(status)
def process_request(file_id): """ This is the router actially for processing """ if has_permission(): col = app.data.driver.db['files'] file = col.find_one({'_id': ObjectId(file_id)}) if not file: eve_abort(404, 'No file found') try: grid_fs = GridFS(app.data.driver.db) if not grid_fs.exists(_id=file['file']): eve_abort(404, 'No file found') stream = grid_fs.get_last_version(_id=file['file']) response = make_response(stream.read()) response.mimetype = stream.content_type return response except NoFile: eve_abort(404, 'No file found')
def after_get(request, response): """ Modify response after GETing an observation This hook checks if permission on each observation If closed, then it will anonymize each observation wo w or x rights """ d = json.loads(response.get_data().decode('UTF-8')) # Just to be sure, we remove all data if anything goes wrong! # response.set_data({}) changed = False try: if '_items' in d: if request.args.get('version') == 'diffs': id = d['_items'][0]['_id'] if d['_items'][0]['workflow']['state'] == 'closed': for key, val in enumerate(d['_items']): if not anon.has_permission_obs(id, 'execute'): d['_items'][key] = anon.anonymize_obs(d['_items'][key]) changed = True else: for key, val in enumerate(d['_items']): if d['_items'][key]['workflow']['state'] == 'closed': if not anon.has_permission_obs(d['_items'][key]['_id'], 'execute'): d['_items'][key] = anon.anonymize_obs(d['_items'][key]) changed = True else: """For item return nanon if roles match hi in club or fs""" try: helper = h.Helpers() if helper.get_role_hi(d['club']) in app.globals['acl']['roles'] \ or helper.get_role_fs() in app.globals['acl']['roles']: response.set_data(json.dumps(d)) return except: app.logger.error("Could not check roles in anon for %i" %app.globals['id']) if d.get('workflow', False) and 'state' in d['workflow']: if d['workflow']['state'] == 'closed': if not anon.has_permission_obs(d['_id'], 'execute'): d = anon.anonymize_obs(d) changed = True if d.get('weather', False): if d['weather'].get('auto', False): if d['weather']['auto'].get('taf', False): try: import pytaf taf_raw = d['weather']['auto'].get('taf') # print(taf_raw[17:]) taf = pytaf.TAF(taf_raw[17:]) decoder = pytaf.Decoder(taf) d['weather']['auto'].update({'taf_decoded': decoder.decode_taf()}) except: app.logger.info("ERR TAF ", sys.exc_info()[0]) pass if d['weather']['auto'].get('metar', False): try: from metar import Metar met = Metar.Metar("METAR %s" % d['weather']['auto']['metar'][17:]) d['weather']['auto'].update({'metar_decoded': met.string()}) except: app.logger.info("ERR Metar ", sys.exc_info()[0]) pass if changed: response.set_data(json.dumps(d)) changed = False except KeyError: app.logger.info("Keyerror in hook", sys.exc_info()[0]) eve_helper.eve_abort(500, 'Server experienced problems (keyerror) anonymousing the observation and aborted as a safety measure') except: app.logger.info("Unexpected error: ", sys.exc_info()[0]) eve_helper.eve_abort(500, 'Server experienced problems (unknown) anonymousing the observation and aborted as a safety measure')
def login(): username = None password = None logged_in = False m = Melwin() if m is None: app.logger.critical("Melwin service unavailable") eve_abort('503', 'Melwin service is unavailable') # Request via json rq = request.get_json() try: username = rq['username'] password = rq['password'] except: # Now it will fail in the next if pass if username == 'access_token': try: public_key = _get_public_key() decoded_token = jwt.decode(password, public_key, issuer=ISSUER, algorithm='HS256') logged_in = True username = decoded_token.get('melwin_id', None) if username is None: eve_abort(401, 'Could not validate the token, could not find username') else: # print('Username', username) username = int(username) except jwt.exceptions.InvalidTokenError: logged_in = False eve_abort(401, 'Could not validate the token, InvalidTokenError') except jwt.exceptions.InvalidSignatureError: logged_in = False eve_abort(401, 'Could not validate the token, InvalidSignatureError') except jwt.exceptions.InvalidIssuerError: logged_in = False eve_abort(401, 'Could not validate the token, InvalidIssuerError') except jwt.exceptions.ExpiredSignatureError: logged_in = False eve_abort(401, 'Could not validate the token, ExpiredSignatureError') except Exception as e: logged_in = False eve_abort(401, 'Could not validate your token {}'.format(e)) else: try: username = int(username) logged_in = m.login(username, password) except: logged_in = False eve_abort(503, 'Could not log you into Melwin') # isinstance(username, int) and len(password) == 9 and # Now process user and successful authentication if logged_in is True: try: user, last_modified, etag, status = getitem_internal(resource='users', **{'id': username}) except: user = None if not is_mongo_alive(): eve_abort(502, 'Network problems') # If not existing, make from melwin! if user is None or status != 200: if not create_user(username): app.logger.error("502: Could not create user %i from Melwin" % username) eve_abort(502, 'Could not create user from Melwin') else: app.logger.info("Created user %i" % username) # token = uuid5(uuid4(),rq['username']) token = uuid4().hex # valid = utc.replace(hours=+2) # @bug: utc and cet!!! utc = arrow.utcnow() valid = utc.replace(seconds=+app.config['AUTH_SESSION_LENGHT']) # Pure datetime # valid = datetime.datetime.now() + datetime.timedelta(seconds=60) try: response, last_modified, etag, status = patch_internal('users/auth', payload={'auth': {'token': token, 'valid': valid.datetime}}, concurrency_check=False, **{'id': username}) if status != 200: app.logger.error("Could not insert token for %i" % username) except: app.logger.exception("Could not update user %i auth token" % username) eve_abort(500, "Could not update user %i auth token" % username) t = '%s:' % token b64 = b64encode(t.encode('utf-8')) """return jsonify(**{'success': True, 'token': token, 'token64': b64, 'valid': valid, })""" return eve_response(data={'success': True, 'username': username, 'token': token, 'token64': b64.decode('utf-8'), 'valid': valid.datetime}, status=200) # On error sleep a little against brute force sleep(1) return eve_response({'success': False, 'username': None, 'token': None, 'token64': None, 'valid': None, 'message': 'Wrong username or password'})
def wrapped(*args, **kwargs): if app.globals.get('user_id', 0) not in ACL_SUPERADMINS: return eve_abort(401, 'You do not have sufficient privileges') return f(*args, **kwargs)
def login(): """ Sjekk med persons/merged først før man lager ny! id in [i['id'] for i in d] der d= _items[0] :return: """ username = None password = None token_valid = False # Request via json rq = request.get_json() try: username = rq['username'] password = rq['password'] except: # Now it will fail in the next if pass if username == 'access_token': try: public_key = _get_public_key() decoded_token = jwt.decode(password, public_key, issuer=ISSUER, algorithms=['RS256']) token_valid = True # melwin_id or person_id person_id = decoded_token.get('person_id', None) if person_id is None: return eve_abort( 401, 'Could not validate the token, could not find username') else: # print('Username', person_id) _user = User(int(person_id), app) except jwt.exceptions.InvalidTokenError: token_valid = False return eve_abort( 401, 'Could not validate the token, InvalidTokenError') except jwt.exceptions.InvalidSignatureError: token_valid = False return eve_abort( 401, 'Could not validate the token, InvalidSignatureError') except jwt.exceptions.InvalidIssuerError: token_valid = False return eve_abort( 401, 'Could not validate the token, InvalidIssuerError') except jwt.exceptions.ExpiredSignatureError: token_valid = False return eve_abort( 401, 'Could not validate the token, ExpiredSignatureError') except Exception as e: token_valid = False return eve_abort(401, 'Could not validate your token {}'.format(e)) else: return eve_abort(401, 'Could not make sense of your request') # Now process user and successful authentication if token_valid is True and _user.user is not None: """ This is where one needs to verify if person has been merged!! If merged then lookup like {'id': {'$in': [all_person_ids]}} and then find the person_id used here THEN update global, blinker signal 'person-merged'? """ # token = uuid5(uuid4(),rq['username']) token = uuid4().hex # valid = utc.replace(hours=+2) # @bug: utc and cet!!! # utc = datetime.utcnow() #arrow.utcnow() valid = datetime.utcnow() + timedelta( seconds=app.config['AUTH_SESSION_LENGHT']) # utc.shift(seconds=+app.config['AUTH_SESSION_LENGHT']) # Pure datetime # valid = datetime.now() + datetime.timedelta(seconds=60) try: acl_status, acl = lungo.get_person_acl(_user.person_id) if acl_status is False: acl = [] response, _, _, status = patch_internal( resource='users_auth', payload={ 'auth': { 'token': token, 'valid': valid }, # Arrow utc.datetime 'acl': [{ 'activity': a['activity'], 'org': a['org'], 'role': a['role'] } for a in acl], }, concurrency_check=False, **{'id': _user.person_id}) if status in [200, 201]: t = '%s:' % token b64 = b64encode(t.encode('utf-8')) _, activities = lungo.get_person_activities(_user.person_id) return eve_response(data={ 'success': True, 'username': _user.person_id, 'token': token, 'token64': b64.decode('utf-8'), 'valid': valid, 'activities': activities, 'acl': acl, '_id': str(_user.user.get('_id')), '_etag': _user.user.get('_etag', None), 'settings': _user.user.get('settings', {}) }, status=200) else: app.logger.error("Could not insert token for %i" % _user.user.get('id')) except Exception as e: app.logger.exception("Could not update user %s auth token:" % _user.person_id) app.logger.exception(e) return eve_abort( 500, "Could not update user %i auth token" % _user.person_id) # On error sleep a little against brute force sleep(1) return eve_response(data={ 'success': False, 'username': None, 'token': None, 'token64': None, 'valid': None, 'activities': [], 'acl': [], 'settings': None, '_id': None, '_etag': None, 'message': 'Wrong username or password' }, status=200)