def wrapper(*args, **kwargs):
token = request.args.get('token')
try:
jwt.decode(token, booksapp.config['SECRET_KEY'])
return f(*args, **kwargs)
except:
return jsonify({'error': 'Need a valid token to view this page'}, 401)
def put(self):
try:
parser = reqparse.RequestParser()
parser.add_argument('oldPassword', required=True, help='oldPassword is Required')
parser.add_argument('newPassword', required=True, help='newPassword is Required')
args = parser.parse_args()
x = request.headers.get('Authorization')
try:
x = x[2:-1]
except TypeError:
print(x)
access_token = jwt.decode(x, 'secret', algorithms='HS256', verify=False)
cursor = db.cursor()
cursor.execute('SELECT Password FROM users WHERE UserName = %s', (access_token['UserName']))
pwd = cursor.fetchone()
if (pwd[0] == args['oldPassword']):
try:
cursor.execute('UPDATE users SET Password = %s WHERE UserName = %s',
(args['newPassword'], access_token['UserName']))
except InterfaceError as e:
CreateApi.reAssignDb()
print(e)
except Exception as e:
return {"message": "Please try again!"}, 500
db.commit()
return {"message": "Password changed successfully"}
else:
return {"message": "Password does not match"}, 500
except InterfaceError as e:
CreateApi.reAssignDb()
print(e)
except Exception as e:
print(e)
def register(access_token, func_name, msg):
try:
if msg is True:
d = datetime.datetime.today().strftime('%Y-%m-%d')
t = datetime.datetime.today().strftime('%H:%M:%S')
x = access_token
try:
x = x[2:-1]
except TypeError:
print(x)
access_token = jwt.decode(x,
'secret',
algorithms='HS256',
verify=False)
cursor = db.cursor()
row_count = cursor.execute(
"Insert into logs(DATE,TIME,USER,ACTION) VALUES ('" + d +
"','" + t + "','" + access_token['UserName'] + "','" +
func_name + "')")
if row_count > 0:
print('Logged Succesfully')
message = True
else:
print('Log Failure for: ' + access_token['UserName'] +
' ' + func_name)
message = False
db.commit()
return (message)
except InterfaceError as e:
CreateApi.reAssignDb()
print(e)
except Exception as e:
print(e)
def mail_verified(token):
# This form does not use the FlaskForm-extension. This is because of a bug with validation that made the JWT-token invalid and the form would not validate correctly,
# causing faulty passwords to be saved to the database. Security is instead provided by the URL being passed to the users external email inbox, proving they are the owner
# of the account.
# Verified the token is still valid, by decrypting it and checking it against the database to see if the decrypted token matches a user
user = jwt.decode(token, key=os.getenv('SECRET_KEY'))["reset_password"]
token_valid = User.objects(email=user).first()
password = request.form.get("password")
if request.method == 'POST':
# If a post occurs, check the validity of the token against the DB of registered users.
if token_valid is None:
# This route triggers if the token is expired or otherwise faulty and redirects to the login page. Legitimate users can from there request a new reset-email.
flash("Invalid token, password reset request denied.")
return redirect(url_for('login'))
else:
# If a token matching the JWT-token payload has been found, we hash the current input and save it to the database.
token_valid.password = generate_password_hash(password)
token_valid.save().reload()
# User feedback and redirect
flash("Your password has been changed!")
login_user(token_valid)
return redirect(url_for('profile'))
return render_template('verified_password_change.html', token=token)
def verify_auth_token(token):
try:
data = jwt.decode(token,
app.config['SECRET_KEY'],
algorithms=['HS256'])
except:
return
return User.query.get(data['id'])
def verify_auth_token_legacy2(token):
try:
data = jwt.decode(token,
current_app.config['SECRET_KEY'],
True,
algorithms=['HS256'])
except:
return None
return User.query.get(data['id'])
def decode_auth_token(auth_token, jwt_key):
try:
payload = jwt.decode(auth_token, jwt_key)
return payload['sub']
except jwt.ExpiredSignatureError:
return JWT_TOKEN_EXPIRED
except jwt.InvalidTokenError:
return JWT_INVALID_TOKEN
def verify_token(token):
"""
Token verification
:param token: authorization token
"""
decoded = jwt.decode(token, current_app.config["SECRET_KEY"], verify=True)
current_user_id = decoded['identity']
if not current_user_id is None:
g.current_user = current_user_id
return True
return False
def post(self):
x = request.headers.get('Authorization')
try:
x = x[2:-1]
except TypeError:
print(x)
print(x)
access_token = jwt.decode(x,
'secret',
algorithms='HS256',
verify=False)
print(access_token)
def post(self):
try:
x = request.headers.get('Authorization')
try:
x = x[2:-1]
except TypeError:
print(x)
access_token = jwt.decode(x,
'secret',
algorithms='HS256',
verify=False)
parser = reqparse.RequestParser()
parser.add_argument('UserName',
required=True,
help='UserName is Required')
parser.add_argument('Role', required=True, help='Role is Required')
args = parser.parse_args()
cursor = db.cursor()
try:
row_count = cursor.execute(
"Insert into users(UserName,Password,Role,LASTDATE,LASTUSER) VALUES (%s,%s,%s,%s,%s)",
(args['UserName'], '123456', args['Role'],
datetime.datetime.now(), access_token['UserName']))
except InterfaceError as e:
CreateApi.reAssignDb()
print(e)
except Exception as e:
print(e.args[1])
if ("Duplicate entry" in e.args[1]):
raise BadRequest("user already exists")
else:
raise BadRequest(str(e.args[1]))
row = cursor.fetchone()
l = Log
x = True
x = l.register(request.headers.get('Authorization'),
'Add User:%s' % args['UserName'], True)
if x == True:
db.commit()
message = {
'message': 'adduser',
'data': {
"UserName": args['UserName'],
"Role": args['Role']
}
}
return (message)
except InterfaceError as e:
CreateApi.reAssignDb()
print(e)
except Exception as e:
print(e)
def decode_auth_token(auth_token):
try:
payload = jwt.decode(auth_token, app.config.get('SECRET_KEY'))
return payload['identity'], None
except jwt.ExpiredSignatureError:
error_message = 'Signature expired. Please log in again.'
except jwt.InvalidTokenError:
error_message = 'Invalid token. Please log in again.'
except:
error_message = 'Unknown JWT Authorization Error'
print("Auth error", error_message)
make_response(jsonify({'error': error_message}), 401)
return None, error_message
def decorated(*args, **kwargs):
token = None
if 'x-access-token' in request.headers:
token = request.headers['x-access-token']
if not token:
return ({"message": "token is missing"}), 401
data = jwt.decode(token, 'OLURIN ANUOLUWAPO')
try:
current_user = UserModel().get_one('userid', data['user_id'])
except:
return ({"message": "token is invalid"}), 401
return f(current_user, *args, **kwargs)
def decode_token(token):
"""
Decode token method
"""
re = {'data': {}, 'error': {}}
try:
payload = jwt.decode(token, os.getenv('JWT_SECRET_KEY'))
re['data'] = {'player_id': payload['sub']}
return re
except jwt.ExpiredSignatureError as e1:
re['error'] = {'message': 'token expired, please login again'}
return re
except jwt.InvalidTokenError:
re['error'] = {'message': 'Invalid token, please try again with a new token'}
return re
def decorated(*args, **kwargs):
secret = app.config['SECRET_KEY']
auth = request.headers.get('Authorization', None)
if not auth:
return jsonify({
'code': 'authorization_header_missing',
'description': 'Authorization header is expected'
}), 401
parts = auth.split()
if parts[0].lower() != 'bearer':
return jsonify({
'code':
'invalid_header',
'description':
'Authorization header must start with Bearer'
}), 401
elif len(parts) == 1:
return jsonify({
'code': 'invalid_header',
'description': 'Token not found'
}), 401
elif len(parts) > 2:
return jsonify({
'code':
'invalid_header',
'description':
'Authorization header must be Bearer + \s + token'
}), 401
token = parts[1]
try:
payload = jwt.decode(token, secret)
except jwt.ExpiredSignature:
return jsonify({
'code': 'token_expired',
'description': 'token is expired'
}), 401
except jwt.DecodeError:
return jsonify({
'code': 'token_invalid_signature: {}'.format(token),
'description': 'Token signature is invalid'
}), 401
g.current_user = user = payload
return f(*args, **kwargs)
def put(self):
try:
x = request.headers.get('Authorization')
try:
x = x[2:-1]
except TypeError:
print(x)
access_token = jwt.decode(x,
'secret',
algorithms='HS256',
verify=False)
parser = reqparse.RequestParser()
parser.add_argument('Role')
parser.add_argument('UserName')
args = parser.parse_args()
cursor = db.cursor()
row_count = cursor.execute(
'UPDATE users SET Role = %s ,LASTDATE = %s ,LASTUSER = %s WHERE UserName = %s',
(args['Role'], datetime.datetime.now(),
access_token['UserName'], args['UserName']))
if row_count > 0:
l = Log
x = l.register(
request.headers.get('Authorization'),
'UPDATE Role: %s of User: %s' %
(args['Role'], args['UserName']), True)
if x == True:
db.commit()
return ({
'message': 'updateuser',
'data': {
"UserName": args['UserName'],
"Role": args['Role']
}
})
else:
raise BadRequest("Try Again")
else:
raise BadRequest("Try Again")
except InterfaceError as e:
CreateApi.reAssignDb()
print(e)
except Exception as e:
print(e)
def decode_access_token(access_token):
"""
Validates the user access token
:param str access_token: The access token tp be decoded
:return: integer|string
"""
try:
payload = jwt.decode(access_token, APP.config.get('SECRET_KEY'))
is_blacklisted_token = BlacklistToken.check_blacklisted(access_token)
if is_blacklisted_token:
return 'Token blacklisted. Please log in again.'
public_id = payload['sub']
user = User.query.filter_by(public_id=public_id).first()
return user.id
except jwt.ExpiredSignatureError:
return 'Signature expired. Please log in again.'
except jwt.InvalidTokenError:
return 'Invalid token. Please log in again.'
def decode_auth_token(auth_token):
"""
验证Token
:param auth_token:
:return: integer|string
"""
try:
payload = jwt.decode(auth_token,
config.SECRET_KEY,
options={'verify_exp': False})
if 'exp' in payload and 'data' in payload and 'user_id' in payload[
'data']:
return payload
else:
return 1004
except jwt.ExpiredSignatureError:
return 1005 # 过期
except jwt.InvalidTokenError:
return 1004 # 无效
def get(self):
try:
x = request.headers.get('Authorization')
try:
x = x[2:-1]
except TypeError:
print(x)
access_token = jwt.decode(x,
'secret',
algorithms='HS256',
verify=False)
cursor = db.cursor()
message = []
row_count = cursor.execute("SELECT UserName,role from users")
row = cursor.fetchall()
for item in row:
message.append({"UserName": item[0], "Role": item[1]})
return flask.jsonify(message)
except InterfaceError as e:
CreateApi.reAssignDb()
print(e)
except Exception as e:
print(e)
def delete(self):
try:
x = flask.request.headers.get('Authorization')
try:
x = x[2:-1]
except TypeError:
print(x)
access_token = jwt.decode(x,
'secret',
algorithms='HS256',
verify=False)
try:
data = flask.request.get_json()
cursor = db.cursor()
cursor.execute("DELETE from users where UserName = %s ",
(data['UserName']))
except InterfaceError as e:
CreateApi.reAssignDb()
print(e)
except Exception as e:
raise BadRequest(str(e))
l = Log
x = l.register(request.headers.get('Authorization'),
'Delete user: %s' % (data['UserName']), True)
if x == True:
db.commit()
return ({
'message': 'deleteuser',
})
else:
raise BadRequest("Try Again")
except InterfaceError as e:
CreateApi.reAssignDb()
print(e)
except Exception as e:
print(e)
def decode_token(token):
try:
jwt.decode(token,app.config.get("SECRET_KEY"))
return True
except:
return False
def get(self):
try:
x = request.headers.get('Authorization')
try:
x = x[2:-1]
except TypeError:
print(x)
access_token = jwt.decode(x,
'secret',
algorithms='HS256',
verify=False)
user = request.args.get('user')
print(user)
if (user == ""):
admin = []
war = []
pur = []
warehouseworker = []
engineering = []
sawcutter = []
cursor = db.cursor()
admin_count = cursor.execute(
"SELECT UserName from users where ROLE ='admin'")
ad = cursor.fetchall()
for i in range(0, admin_count):
admin.append(ad[i])
war_count = cursor.execute(
"SELECT UserName from users where ROLE ='warehouse'")
wa = cursor.fetchall()
for i in range(0, war_count):
war.append(wa[i])
pur_count = cursor.execute(
"SELECT UserName from users where ROLE ='purchasing'")
pu = cursor.fetchall()
for i in range(0, pur_count):
pur.append(pu[i])
warwor_count = cursor.execute(
"SELECT UserName from users where ROLE ='materialHandler'")
wawor = cursor.fetchall()
for i in range(0, warwor_count):
warehouseworker.append(wawor[i])
eng_count = cursor.execute(
"SELECT UserName from users where ROLE ='engineering'")
eng = cursor.fetchall()
for i in range(0, eng_count):
engineering.append(eng[i])
saw_count = cursor.execute(
"SELECT UserName from users where ROLE ='sawcutter'")
saw = cursor.fetchall()
for i in range(0, saw_count):
sawcutter.append(saw[i])
message = {
'admin': admin,
'warehouse': war,
'purchasing': pur,
'warehouseworker': warehouseworker,
'engineering': engineering,
'sawcutter': sawcutter
}
return message
else:
message = []
cursor = db.cursor()
row_count = cursor.execute(
'SELECT DATE,TIME,USER,ACTION from logs where USER = %s',
(str(user)))
row = cursor.fetchall()
print(row_count)
for i in range(0, row_count):
message.append({
"DATE": row[i][0],
"TIME": str(row[i][1]),
"USER": row[i][2],
"ACTION": row[i][3]
})
return flask.jsonify(message)
except InterfaceError as e:
CreateApi.reAssignDb()
print(e)
except Exception as e:
print(e)
def decorated(*args, **kwargs):
# check that the Authorization header is set
authorization_token = request.headers.get('Authorization')
if not authorization_token:
response = jsonify({
"status": "fail",
"data": {
"message": "Bad request. Header does not contain"
" authorization token"
}
})
response.status_code = 400
return response
# validates the word bearer is in the token
if 'bearer ' not in authorization_token.lower():
response = jsonify({
"status": "fail",
"data": {
"message": "Invalid Token. The token should begin with"
" 'Bearer '"
}
})
response.status_code = 400
return response
unauthorized_response = jsonify({
"status": "fail",
"data": {
"message": "Unauthorized. The authorization token supplied"
" is invalid"
}
})
unauthorized_response.status_code = 401
expired_response = jsonify({
"status": "fail",
"data": {
"message": "The authorization token supplied is expired"
}
})
expired_response.status_code = 401
try:
# extracts token by removing bearer
authorization_token = authorization_token.split(' ')[1]
# decode token
payload = jwt.decode(authorization_token, 'secret',
options={"verify_signature": False})
except jwt.ExpiredSignatureError:
return expired_response
except jwt.InvalidTokenError:
return unauthorized_response
# convert payload keys from unicode to string
payload_keys = [str(key) for key in payload.keys()]
# confirm that payload has required keys
if not {"id", "stamp"}.issubset(payload_keys):
return unauthorized_response
else:
# instantiate user object
current_user = CurrentUser(
str(payload["id"]), str(payload["stamp"])
)
# set current user in flask global variable, g
g.current_user = current_user
# now return wrapped function
return f(*args, **kwargs)
def decode_auth_token(auth_token):
return jwt.decode(auth_token,
key=container.config['JWT_SECRET'],
algorithms=container.config['JWT_ALGORITHM'])
def authenticator(auth):
try:
auth = auth[2:-1]
except TypeError:
print(auth)
return jwt.decode(auth, 'secret', algorithms='HS256', verify=False)
def parse_token(req):
token = req.headers.get('Authorization').split()[1]
return jwt.decode(token, SECRET_KEY, algorithms='HS256')
