def get_user_from_session(username, token):
valid_user = verify_user(username, None, True)
if valid_user.error or 'Operation not' in valid_user.message:
return valid_user
response = Response()
if not valid_user.data:
response.message = 'Invalid user. Check username and password.'
response.authorized = False
return response
key = 'customer_{}'.format(valid_user.data['custId'])
customer_info = repository.get_object_by_key(key)
if ('error' in customer_info
and customer_info['error']) or ('result' in customer_info
and not customer_info['result']):
response.message = ''
response.authorized = False
response.error = customer_info['error']
return response
response.data = {
'userInfo': {
'userId': valid_user.data['userId'],
'username': valid_user.data['username'],
'token': token
},
'customerInfo': customer_info['result']
}
response.message = 'Successfully verified and extended session.'
response.authorized = True
return response
def extend_session(token):
secret = get_secret()
response = Response()
#decoded = None
try:
decoded_jwt = jwt.decode(token, secret, algorithms=['HS256'])
except Exception as ex:
print(ex)
response.message = 'Error extending session. Invalid token.'
response.error = ex
return response
expiry = int(get_ttl())
session = repository.extend_session(decoded_jwt['id'], expiry)
if 'error' in session and session['error']:
if session['error']['message'] == 'Document not found.':
response.message = 'Unauthorizeed. Session expired'
response.authorized = False
else:
response.message = "Error trying to verify session."
response.error = {
'message': repr(session['error']),
'stackTrace': traceback.format_exc()
}
return response
if session == 'NOP':
return response
response.data = session['session']
response.message = 'Successfully extended session.'
response.authorized = True
return response
def extend_session(self, token):
secret = get_secret()
response = Response(None, 'Operation not built yet.', None, None)
decoded = None
try:
decoded_jwt = jwt.decode(token, secret, algorithms=['HS256'])
except Exception as ex:
print(ex)
response.message = 'Error extending session. Invalid token.'
response.error = ex
return response
expiry = int(get_ttl())
session = self.repository.extend_session(decoded_jwt['id'], expiry)
if 'error' in session:
if session['error'].CODE == 13:
response.message = 'Unauthorizeed. Session expired'
response.authorized = False
else:
response.message = "Error trying to verify session."
response.error = {
'message': repr(session['error']),
'stackTrace': traceback.format_exc()
}
return response
if session == 'NOP':
return response
response.data = session
response.message = 'Successfully extended session.'
response.authorized = True
return response
def decorated(*args, **kwargs):
bearer_header = request.headers.get('Authorization', None)
response = Response()
if not bearer_header:
response.message = 'No authorization token provided.'
response.authorized = False
g.jwt = {'token': None, 'result': response}
return f(*args, **kwargs)
try:
token = bearer_header.replace('Bearer ', '')
ext_session_res = extend_session(token)
g.jwt = {
'token': None if ext_session_res.error else token,
'result': ext_session_res
}
except Exception as ex:
response.error = {
'message': repr(ex),
'stackTrace': traceback.format_exc()
}
response.message
g.jwt = {'token': None, 'result': response}
return f(*args, **kwargs)
def login(self, req):
valid_user_res = self.verify_user(req['username'],
str.encode(req['pw']))
if valid_user_res.error or 'Operation not' in valid_user_res.message:
return valid_user_res
response = Response(None, 'Operation not built yet.', None, None)
if not valid_user_res.data:
response.message = 'Invalid user. Check username and password.'
response.authorized = False
return response
key = 'customer_{0}'.format(valid_user_res.data['custId'])
customer_info = self.repository.get_object_by_key(key)
session_res = self.create_session(req['username'])
if session_res.error:
return session_res
secret = get_secret()
encoded_jwt = jwt.encode({'id': session_res.data},
secret,
algorithm='HS256')
response.data = {
'userInfo': {
'userId': valid_user_res.data['userId'],
'username': valid_user_res.data['username'],
'token': encoded_jwt.decode()
},
'customerInfo': customer_info
}
response.message = 'Successfully logged in (session created).'
response.authorized = True
return response
def get_user_from_session(self, jwt):
valid_user_res = self.verify_user(jwt['sessionRes'].data['username'],
None, True)
if valid_user_res.error or 'Operation not' in valid_user_res.message:
return valid_user_res
response = Response(None, 'Operation not built yet.', None, None)
if not valid_user_res.data:
response.message = 'Invalid user. Check username and password.'
response.authorized = False
return response
response.data = {
'userInfo': {
'userId': valid_user_res.data['userId'],
'username': valid_user_res.data['username'],
'token': jwt['token']
}
}
response.message = 'Successfully verified and extended session.'
response.authorized = True
return response
def decorated(*args, **kwargs):
bearer_header = request.headers.get('Authorization', None)
response = Response(None, None, None, None)
if not bearer_header:
response.message = 'No authorization token provided.'
response.authorized = False
g.jwt = {
'token': None,
'sessionRes': response
}
return f(*args, **kwargs)
try:
token = bearer_header.replace('Bearer ', '')
ext_session_res = user_svc.extend_session(token)
#Couchbase KeyNotFound - unauthorized (i.e. session expired)
# if response.error:
# response.request_id = req_id
# if response.authorized is not None and not response.authorized:
# return jsonify(response.to_dict()), 401
# else:
# return jsonify(response.to_dict()), 500
#https://stackoverflow.com/questions/22256862/flask-how-to-store-and-retrieve-a-value-bound-to-the-request/22256956
g.jwt = {
'token': None if ext_session_res.error else token,
'sessionRes': ext_session_res
}
#return f(*args, **kwargs)
except Exception as err:
response.error = err
response.message
g.jwt = {
'token': None,
'sessionRes': response
}
return f(*args, **kwargs)