def _dev_auth_login(uid, password): if app.config['DEVELOPER_AUTH_ENABLED']: logger = app.logger if password != app.config['DEVELOPER_AUTH_PASSWORD']: logger.error('Dev-auth: Wrong password') return tolerant_jsonify({'message': 'Invalid credentials'}, 401) user_id = AuthorizedUser.get_id_per_uid(uid) user = user_id and app.login_manager.user_callback(user_id=user_id, flush_cached=True) if user is None: logger.error( f'Dev-auth: User with UID {uid} is not registered in BOA.') return tolerant_jsonify( { 'message': f'Sorry, user with UID {uid} is not registered to use BOA.' }, 403) if not user.is_active: logger.error( f'Dev-auth: UID {uid} is registered with BOA but not active.') return tolerant_jsonify( { 'message': f'Sorry, user with UID {uid} is not authorized to use BOA.' }, 403) logger.info(f'Dev-auth used to log in as UID {uid}') login_user(user, force=True, remember=True) return tolerant_jsonify(current_user.to_api_json()) else: raise ResourceNotFoundError('Unknown path')
def _login_user(user_id, redirect_path=None, tool_id=None): app.logger.info(f'_login_user: user_id={user_id}, redirect_path={redirect_path}, tool_id={tool_id}') authenticated = login_user(LoginSession(user_id), remember=True) and current_user.is_authenticated if authenticated: if redirect_path: response = redirect(location=f"{app.config['VUE_LOCALHOST_BASE_URL'] or ''}{redirect_path}") else: response = tolerant_jsonify(current_user.to_api_json()) canvas_api_domain = current_user.course.canvas_api_domain canvas = Canvas.find_by_domain(canvas_api_domain) canvas_course_id = current_user.course.canvas_course_id # Yummy cookies! key = f'{canvas_api_domain}|{canvas_course_id}' value = str(current_user.user_id) response.set_cookie( key=key, value=value, samesite='None', secure=True, ) app.logger.info(f'_login_user cookie: key={key} value={str(current_user.user_id)}') response.set_cookie( key=f'{canvas_api_domain}_supports_custom_messaging', value=str(canvas.supports_custom_messaging), samesite='None', secure=True, ) return response elif tool_id: raise UnauthorizedRequestError(f'Unauthorized user during {tool_id} LTI launch (user_id = {user_id})') else: return tolerant_jsonify({'message': f'User {user_id} failed to authenticate.'}, 403)
def batch_create_notes(): params = request.form sids = _get_sids_for_note_creation() subject = params.get('subject', None) body = params.get('body', None) topics = get_note_topics_from_http_post() if not sids or not subject: raise BadRequestError('Note creation requires \'subject\' and \'sid\'') user_dept_codes = dept_codes_where_advising(current_user) if current_user.is_admin or not len(user_dept_codes): raise ForbiddenRequestError( 'Sorry, only advisors can create advising notes') author_profile = _get_author_profile() attachments = get_note_attachments_from_http_post(tolerate_none=True) note_ids_per_sid = Note.create_batch( author_id=current_user.to_api_json()['id'], **author_profile, subject=subject, body=process_input_from_rich_text_editor(body), topics=topics, sids=sids, attachments=attachments, template_attachment_ids=get_template_attachment_ids_from_http_post(), ) return tolerant_jsonify(note_ids_per_sid)
def logout(): logout_user() redirect_url = app.config['VUE_LOCALHOST_BASE_URL'] or request.url_root cas_logout_url = _cas_client().get_logout_url(redirect_url=redirect_url) return tolerant_jsonify({ 'casLogoutUrl': cas_logout_url, **current_user.to_api_json(), })
def create_notes(): benchmark = get_benchmarker('create_notes') params = request.form sids = _get_sids_for_note_creation() benchmark(f'SID count: {len(sids)}') body = params.get('body', None) is_private = to_bool_or_none(params.get('isPrivate', False)) subject = params.get('subject', None) topics = get_note_topics_from_http_post() if not sids or not subject: benchmark('end (BadRequest)') raise BadRequestError( 'Note creation requires \'subject\' and \'sids\'') dept_codes = dept_codes_where_advising(current_user) if current_user.is_admin or not len(dept_codes): benchmark('end (Forbidden)') raise ForbiddenRequestError( 'Sorry, only advisors can create advising notes') if is_private and not current_user.can_access_private_notes: benchmark('end (Forbidden)') raise ForbiddenRequestError( 'Sorry, you are not authorized to manage note privacy.') attachments = get_note_attachments_from_http_post(tolerate_none=True) benchmark(f'Attachment count: {len(attachments)}') body = process_input_from_rich_text_editor(body) template_attachment_ids = get_template_attachment_ids_from_http_post() if len(sids) == 1: note = Note.create( **_get_author_profile(), attachments=attachments, body=body, is_private=is_private, sid=sids[0], subject=subject, template_attachment_ids=template_attachment_ids, topics=topics, ) response = tolerant_jsonify( _boa_note_to_compatible_json(note, note_read=True)) else: response = tolerant_jsonify( Note.create_batch( **_get_author_profile(), attachments=attachments, author_id=current_user.to_api_json()['id'], body=body, is_private=is_private, sids=sids, subject=subject, template_attachment_ids=template_attachment_ids, topics=topics, ), ) benchmark('end') return response
def set_demo_mode(): if app.config['DEMO_MODE_AVAILABLE']: in_demo_mode = request.get_json().get('demoMode', None) if in_demo_mode is None: raise errors.BadRequestError('Parameter \'demoMode\' not found') user = AuthorizedUser.find_by_id(current_user.get_id()) user.in_demo_mode = bool(in_demo_mode) current_user.flush_cached() app.login_manager.reload_user() return tolerant_jsonify(current_user.to_api_json()) else: raise errors.ResourceNotFoundError('Unknown path')
def logout(): response = tolerant_jsonify(current_user.to_api_json()) # Delete our custom cookies canvas_api_domain = current_user.course.canvas_api_domain keys = [ f'{canvas_api_domain}|{current_user.course.canvas_course_id}', f'{canvas_api_domain}_supports_custom_messaging', ] for key in keys: response.set_cookie(key, '', samesite='None', secure=True, expires=0) logout_user() return response
def _get_author_profile(): author = current_user.to_api_json() role = current_user.departments[0]['role'] if current_user.departments else None calnet_profile = get_calnet_user_for_uid(app, author['uid']) if calnet_profile and calnet_profile.get('departments'): dept_codes = [dept.get('code') for dept in calnet_profile.get('departments')] else: dept_codes = current_user.dept_codes return { 'author_uid': author['uid'], 'author_name': author['name'], 'author_role': role, 'author_dept_codes': dept_codes, }
def get_current_user_profile(): cohorts = [] for cohort in CohortFilter.get_cohorts(current_user.get_id()): cohort['isOwnedByCurrentUser'] = True cohorts.append(cohort) return { **current_user.to_api_json(), 'myCohorts': cohorts, 'myCuratedGroups': get_my_curated_groups(), 'preferences': { 'admitSortBy': 'last_name', 'sortBy': 'last_name', 'termId': current_term_id(), }, }
def dev_auth_login(): if app.config['DEV_AUTH_ENABLED']: params = request.get_json() or {} uid = params.get('uid') password = params.get('password') if password != app.config['DEV_AUTH_PASSWORD']: return tolerant_jsonify({'message': 'Invalid credentials'}, 401) user = User(uid) if not user.is_active: msg = f'UID {uid} is neither an Admin user nor active in CalNet.' app.logger.error(msg) return tolerant_jsonify({'message': msg}, 403) if not login_user(user, force=True, remember=True): msg = f'The system failed to log in user with UID {uid}.' app.logger.error(msg) return tolerant_jsonify({'message': msg}, 403) return tolerant_jsonify(current_user.to_api_json(include_courses=True)) else: raise ResourceNotFoundError('Unknown path')
def _get_author_profile(): author = current_user.to_api_json() calnet_profile = get_calnet_user_for_uid(app, author['uid']) if calnet_profile and calnet_profile.get('departments'): dept_codes = [dept.get('code') for dept in calnet_profile.get('departments')] else: dept_codes = dept_codes_where_advising(current_user) if calnet_profile and calnet_profile.get('title'): role = calnet_profile['title'] elif current_user.departments: role = current_user.departments[0]['role'] else: role = None return { 'author_uid': author['uid'], 'author_name': author['name'], 'author_role': role, 'author_dept_codes': dept_codes, }
def my_profile(): return tolerant_jsonify(current_user.to_api_json(include_courses=True))
def my_profile(): return tolerant_jsonify(current_user.to_api_json())
def session_keep_alive(): return tolerant_jsonify(current_user.to_api_json())
def logout(): _logout_user() return tolerant_jsonify(current_user.to_api_json())