def flush_role(cls, role):
# Clear collections ACL cache
cache.kv.hdel(cls.ACCESS, role.id)
if role.is_blocked or role.deleted_at is not None:
# End all user sessions
prefix = cache.key(cls.TOKENS, "%s." % role.id)
cache.flush(prefix=prefix)
def from_token(cls, token_id):
state_key = cache.key(cls.TOKENS, token_id)
state = cache.get_complex(state_key)
if state is None:
raise Unauthorized()
return cls(state.get("id"),
state.get("roles"),
is_admin=state.get("is_admin"),
token_id=token_id)
def to_token(self):
if self.token_id is None:
self.token_id = "%s.%s" % (self.id, make_token())
key = cache.key(self.TOKENS, self.token_id)
state = {
"id": self.id,
"roles": list(self.roles),
"is_admin": self.is_admin
}
return self.token_id
def destroy(self):
if self.role is not None:
self.flush_role(self.role)
if self.token_id is not None:
cache.delete(cache.key(self.TOKENS, self.token_id))
def _token_session(token):
return cache.key("oauth-id-tok", token)
def _oauth_session(token):
return cache.key("oauth-sess", token)