Ejemplo n.º 1
0
async def logout(session_id):
    if not session_id:
        return {"detail": "Empty session id"}

    updated_sessions = []
    session_key = ''
    # check session is created for the user
    with open('session.txt', 'r') as session_file:
        sessions = session_file.readlines()

        for idx in range(len(sessions)):
            # convert str to json obj
            session_obj = json.loads(sessions[idx])
            if (session_id in session_obj['session']):
                session_key = session_obj['username']
                sessions.pop(idx)
                updated_sessions = sessions

    with open('session.txt', 'w+') as session_file:
        for session in updated_sessions:
            session_file.write(session)
            session_file.write('\n')

    content = {"detail": "Logout success"}
    response = JSONResponse(content=content, status_code=200)

    response.delete_cookie(session_key)
    return response
Ejemplo n.º 2
0
async def auth_sso_callback(
    provider: str,
    request: Request,
    redirect_to: Optional[str] = Cookie(None),
    ssoaction: str = Cookie("login"),
    token: Optional[str] = Depends(dependencies.get_user_token),
):
    """Process sso provider's login callback and login user"""
    sso = _provider_factory(provider)
    openidsso = await sso.verify_and_process(request)
    if openidsso is None:
        raise exceptions.AuthenticationException()
    openid = schemas.OpenID.from_sso(openidsso)
    if ssoaction == "add-provider":
        if not token:
            raise exceptions.AuthenticationException()
        logged_user = await dependencies.get_user(token)
        await actions.user.user_add_openid(openid, logged_user.id)
        response = JSONResponse(
            {
                "detail": f"User {logged_user.id} - {logged_user.email} was added "
                f"openid {openid.provider}/{openid.provider_id}"
            }
        )
        response.delete_cookie("ssoaction")
        return response
    user = await actions.user.get_or_create_user(openid)
    return await actions.user.login_user(user, permanent=True, redirect_to=redirect_to, openid=openid)
Ejemplo n.º 3
0
    async def on_post(
            self
    ) -> JSONResponse:
        """ POST /logout """
        # 303 tells the browser to switch from POST to GET
        headers = {"location": self.location}

        # NOTE: use JSONResponse instead of RedirectResponse to
        # avoid confusing OpenAPI
        response = JSONResponse(status_code=303, headers=headers)
        response.delete_cookie(self.cookie_name)
        return response
Ejemplo n.º 4
0
async def logout_user(request):
    response = JSONResponse({"message": "success"}, status_code=200)
    response.delete_cookie(key="token", path="/")

    try:
        session = Session()
        session.query(Tokens).filter_by(idUser=request.user.id).delete()
        session.commit()
    except exc.SQLAlchemyError:
        return JSONResponse({
            "message": "Failed to logout",
            "code": "1"
        },
                            status_code=404)

    return response
Ejemplo n.º 5
0
async def logout(
	response: JSONResponse,
	internal_user: str = Depends(access_token_cookie_scheme)
) -> JSONResponse:
	""" Logout endpoint for deleting the HTTPOnly cookie on the user's browser.

		Args:
			internal_auth_token: Internal authentication token

		Returns:
			response: A JSON response with the status of the user's session
	"""
	async with exception_handling():
		response = JSONResponse(
			content=jsonable_encoder({
				"userLoggedIn": False,
			}),
		)

		response.delete_cookie(key="access_token")

		return response
Ejemplo n.º 6
0
async def post_auth(request: Request,
                    watchdog_auth: str = Cookie(''),
                    redirect: str = '/'):
    # two scene for set new password, update new password if has password, else return the html
    # 1. not set watchdog_auth; 2. already authenticated
    password = loads(await request.body())['password']
    auth_not_set = not Config.watchdog_auth
    already_authed = watchdog_auth and watchdog_auth == Config.watchdog_auth
    need_new_pwd = auth_not_set or already_authed
    if password:
        if need_new_pwd:
            old_password = Config.password
            Config.password = password
            await refresh_token()
            resp = JSONResponse({'ok': True, 'redirect': redirect})
            resp.set_cookie('watchdog_auth',
                            Config.watchdog_auth,
                            max_age=Config.cookie_max_age,
                            httponly=True)
            logger.warning(
                f'password changed {old_password}->{Config.password}.')
            return resp
        elif (await md5_checker(password, Config.watchdog_auth, freq=True)):
            resp = JSONResponse({'ok': True, 'redirect': redirect})
            resp.set_cookie('watchdog_auth',
                            Config.watchdog_auth,
                            max_age=Config.cookie_max_age,
                            httponly=True)
            logger.info('correct password, login success.')
            return resp
    # invalid password, clear cookie
    resp = JSONResponse({'ok': False})
    # resp.set_cookie('watchdog_auth', '')
    resp.delete_cookie('watchdog_auth')
    logger.info(f'invalid password: {password}')
    return resp
Ejemplo n.º 7
0
async def logout(request: Request) -> JSONResponse:
    """Logout user by removing his user cookies and his login token from database.

    :return: {"success": bool}.
    :rtype: JSONResponse
    """
    token = request.cookies.get("user_token")
    user_id = request.cookies.get("user_id")
    if not token or not user_id:
        return JSONResponse({
            "success": False,
            "message": "no user is logged in"
        })

    auth = Authenticator(MONGO)
    logout_info = auth.logout_user(token, user_id)
    if logout_info["success"]:
        response = JSONResponse(logout_info)
        response.delete_cookie("user_token")
        response.delete_cookie("user_id")
        response.delete_cookie("username")
        return response

    return JSONResponse(response)
Ejemplo n.º 8
0
async def route_logout_and_remove_cookie():
    response = JSONResponse({'logout': True})
    response.delete_cookie("Authorization")
    return response
Ejemplo n.º 9
0
async def route_logout_and_remove_cookie():
    content = {"message": "Logged Out Successfully!"}
    response = JSONResponse(content=content)
    response.delete_cookie(API_KEY_NAME, domain=COOKIE_DOMAIN)
    return response
Ejemplo n.º 10
0
async def logout():
    response = JSONResponse(content={"details": "ok"})
    response.delete_cookie(settings.access_token_cookie_name)
    response.delete_cookie(settings.csrf_token_cookie_name)
    return response
Ejemplo n.º 11
0
async def delete_cookie():
    """ Delete api key from cookies """
    response = JSONResponse(f'Cookie {API_KEY_NAME} has been deleted')
    response.delete_cookie(key=API_KEY_NAME)
    return response
Ejemplo n.º 12
0
async def logout():
    response = JSONResponse({"logout": True})
    response.delete_cookie(COOKIE_AUTHORIZATION_NAME, domain=COOKIE_DOMAIN)
    return response
async def route_logout_and_remove_cookie():
    response = JSONResponse({"are you authenticated?": "not any more"})
    response.delete_cookie(API_KEY_NAME, domain=COOKIE_DOMAIN)
    return response