def init_security_service(self): self.security_service = Security() self.security_service._state = self.security_service.init_app(self.app) self.user_loader(self._load_auth_token) self.request_loader(self._request_loader) self.login_unauthorized_handler(self._login_unauthorized_handler) self.token_unauthorized_handler(self._token_unauthorized_handler)
csrf.init_app(app) @csrf.error_handler def csrf_error(reason): app.logger.debug("CSRF ERROR: {}".format(reason)) return render_template('csrf_error.json', reason=reason), 400 from security_monkey.datastore import User, Role ### Flask-Security ### from flask_security.core import Security from flask_security.datastore import SQLAlchemyUserDatastore user_datastore = SQLAlchemyUserDatastore(db, User, Role) security = Security(app, user_datastore) @security.send_mail_task def send_email(msg): """ Overrides the Flask-Security/Flask-Mail integration to send emails out via boto and ses. """ common_send_email(subject=msg.subject, recipients=msg.recipients, html=msg.html) from auth.modules import RBAC rbac = RBAC(app=app)
class UserApiManager(BaseApiManager): def __init__(self, app=None, bp_name='user', url_prefix=URL_USER_PREFIX): self.security_service = None self.login_unauthorized_callback = None self.token_unauthorized_callback = None self.user_loader_callback = None self.request_loader_callback = None BaseApiManager.__init__(self, app, bp_name, url_prefix) def init_app(self, app): if app is None: return self.app = app self.init_routers() self.register_blueprint() self.init_security_service() def init_routers(self): self.add_route('/sign_up', ['POST'], '_sign_up') self.add_route('/sign_in', ['POST'], '_sign_in') def init_security_service(self): self.security_service = Security() self.security_service._state = self.security_service.init_app(self.app) self.user_loader(self._load_auth_token) self.request_loader(self._request_loader) self.login_unauthorized_handler(self._login_unauthorized_handler) self.token_unauthorized_handler(self._token_unauthorized_handler) def _get_auth_token(self, phone_no, password): current_time = time.time() serializer = self.security_service.remember_token_serializer return serializer.dumps((phone_no, password, current_time)) def _load_auth_token(self, token): serializer = self.security_service.remember_token_serializer phone_no, password, _ = serializer.loads(token) user = self.app.db_api.get_user_by_phone_no(phone_no) if user and user.verify_password(password): return user return None def _request_loader(self, request): token = request.form.get('access_token', None) if token is None: print("Invalid token! The token is null.") return None client_id = self.app.token_cache.get(token) if not client_id: print("Invalid token! The token is not cached.") return None request_client_id = get_client_id(request) if request_client_id != client_id: print("Invalid token! The client had changed.") self.app.token_cache.delete(token) return None user = self._load_auth_token(token) if user is None: print("Invalid token! Incorrect credential.") self.app.token_cache.delete(token) return None return user def _sign_up(self): phone_no = request.form.get('phone_number', None) password = request.form.get('password', None) account_type = request.form.get('account_type', None) nick_name = request.form.get('nick_name', None) school_id = request.form.get('school_id', None) teacher_cert_id = request.form.get('teacher_cert_id', None) user = User(phone_no=phone_no, password=password, account_type=account_type, nick_name=nick_name, school_id=school_id, teacher_cert_id=teacher_cert_id) self.app.db_api.insert_user(user) return create_response(EC_OK) def _sign_in(self): phone_no = request.form.get('phone_number', None) password = request.form.get('password', None) user = self.app.db_api.get_user_by_phone_no(phone_no) if user is None: print("User is not found.") return create_response(EC_INVALID_CREDENTIAL) if not user.verify_password(password): print("Password is incorrect") return create_response(EC_INVALID_CREDENTIAL) auth_token = self._get_auth_token(phone_no, password) token_life_time = self.app.config.get("SECRET_TOKEN_LIFETIME") client_id = get_client_id(request) self.app.token_cache.set(auth_token, client_id, token_life_time) data = { 'account_type': user.account_type.name, 'access_token': auth_token } return create_response(EC_OK, data) @staticmethod def _login_unauthorized_handler(): abort(Response(response='Unauthorized.', status=401)) @staticmethod def _token_unauthorized_handler(): abort(Response(response='Permission Deny.', status=401)) def user_loader(self, callback): self.user_loader_callback = callback self.security_service.login_manager.user_loader( self.user_loader_callback) return callback def request_loader(self, callback): self.request_loader_callback = callback self.security_service.login_manager.request_loader( self.request_loader_callback) return callback def login_unauthorized_handler(self, callback): self.login_unauthorized_callback = callback self.security_service.login_manager.unauthorized_handler( self.login_unauthorized_callback) return callback def token_unauthorized_handler(self, callback): self.token_unauthorized_callback = callback self.security_service.unauthorized_handler( self.token_unauthorized_callback) return callback