def token_revoke():
""" POST /token/revoke
Expires the token that is currently being used.
"""
auth_token = request.headers.get("X-Keydom-Session")
if not auth_token:
resp = routing.base.generate_error_response(code=409)
resp["message"] = "Invalid authentication token."
return json.dumps(resp) + "\n"
try:
token = Token.get(Token.token == auth_token)
except Exception:
resp = routing.base.generate_error_response(code=409)
resp["message"] = "Invalid authentication token."
return json.dumps(resp) + "\n"
if token.has_expired:
resp = routing.base.generate_error_response(code=403)
resp[
"message"] = "Authentication token has expired. Request another."
return json.dumps(resp) + "\n"
token.expire()
resp = routing.base.generate_bare_response()
return json.dumps(resp) + "\n"
def token_check():
""" POST /token/check
Checks if the token that is posted is active
and returns the associated username.
"""
token = request.forms.get("token")
try:
res = Token.get(Token.token == token)
except:
resp = routing.base.generate_error_response(code=409)
resp["message"] = "Invalid authentication token."
return json.dumps(resp) + "\n"
resp = routing.base.generate_bare_response()
if res.has_expired:
resp["expired"] = True
resp["auth"] = {
"username": res.for_user.username,
"expires_at": str(res.expire_time),
}
return json.dumps(resp) + "\n"
def token_by_header_data(auth_token):
""" Accepts the user provided auth token and returns a
token object if the token is valid, otherwise, None.
"""
from keydom.models.user import Token
if not auth_token:
return None
try: token = Token.get(Token.token == auth_token)
except Exception as e:
return None
return token
def token_by_header_data(auth_token):
""" Accepts the user provided auth token and returns a
token object if the token is valid, otherwise, None.
"""
from keydom.models.user import Token
if not auth_token:
return None
try:
token = Token.get(Token.token == auth_token)
except Exception as e:
return None
return token
def user_tokens():
""" GET /tokens
Headers:
X-Keydom-Session => current session token
Returns the list of tokens that are active for the user
associated with the current token.
"""
auth_token = request.headers.get("X-Keydom-Session")
if not auth_token:
resp = routing.base.generate_error_response(code=409)
resp["message"] = "Invalid authentication token."
return json.dumps(resp) + "\n"
try:
token = Token.get(Token.token == auth_token)
except Exception:
resp = routing.base.generate_error_response(code=409)
resp["message"] = "Invalid authentication token."
return json.dumps(resp) + "\n"
if token.has_expired:
resp = routing.base.generate_error_response(code=403)
resp[
"message"] = "Authentication token has expired. Request another."
return json.dumps(resp) + "\n"
user = token.for_user
tokens = user.tokens()
resp = routing.base.generate_bare_response()
resp["session"] = {
"username": user.username,
}
resp["tokens"] = []
for user_token in tokens:
resp["tokens"].append({
"token": str(token.token),
"expires_at": str(token.expire_time),
"created_at": str(token.timestamp),
})
return json.dumps(resp) + "\n"
def user_tokens():
""" GET /tokens
Headers:
X-Keydom-Session => current session token
Returns the list of tokens that are active for the user
associated with the current token.
"""
auth_token = request.headers.get("X-Keydom-Session")
if not auth_token:
resp = routing.base.generate_error_response(code=409)
resp["message"] = "Invalid authentication token."
return json.dumps(resp) + "\n"
try:
token = Token.get(Token.token == auth_token)
except Exception:
resp = routing.base.generate_error_response(code=409)
resp["message"] = "Invalid authentication token."
return json.dumps(resp) + "\n"
if token.has_expired:
resp = routing.base.generate_error_response(code=403)
resp["message"] = "Authentication token has expired. Request another."
return json.dumps(resp) + "\n"
user = token.for_user
tokens = user.tokens()
resp = routing.base.generate_bare_response()
resp["session"] = {
"username": user.username,
}
resp["tokens"] = []
for user_token in tokens:
resp["tokens"].append({
"token": str(token.token),
"expires_at": str(token.expire_time),
"created_at": str(token.timestamp),
})
return json.dumps(resp) + "\n"
def user_session():
""" GET /session
Headers:
X-Keydom-Session => current session token
Reads the X-Keydom-Session header and checks if the token is valid.
If it is, the API returns the username that the token is
associated with.
"""
auth_token = request.headers.get("X-Keydom-Session")
if not auth_token:
resp = routing.base.generate_error_response(code=409)
resp["message"] = "Invalid authentication token."
return json.dumps(resp) + "\n"
try:
token = Token.get(Token.token == auth_token)
except Exception:
resp = routing.base.generate_error_response(code=409)
resp["message"] = "Invalid authentication token."
return json.dumps(resp) + "\n"
user = token.for_user
if token.has_expired:
resp = routing.base.generate_error_response(code=403)
resp[
"message"] = "Authentication token has expired. Request another."
return json.dumps(resp) + "\n"
resp = routing.base.generate_bare_response()
resp["session"] = {
"username": user.username,
}
resp["token"] = {
"expires_at": str(token.expire_time),
"created_at": str(token.timestamp),
}
return json.dumps(resp) + "\n"
def user_session():
""" GET /session
Headers:
X-Keydom-Session => current session token
Reads the X-Keydom-Session header and checks if the token is valid.
If it is, the API returns the username that the token is
associated with.
"""
auth_token = request.headers.get("X-Keydom-Session")
if not auth_token:
resp = routing.base.generate_error_response(code=409)
resp["message"] = "Invalid authentication token."
return json.dumps(resp) + "\n"
try:
token = Token.get(Token.token == auth_token)
except Exception:
resp = routing.base.generate_error_response(code=409)
resp["message"] = "Invalid authentication token."
return json.dumps(resp) + "\n"
user = token.for_user
if token.has_expired:
resp = routing.base.generate_error_response(code=403)
resp["message"] = "Authentication token has expired. Request another."
return json.dumps(resp) + "\n"
resp = routing.base.generate_bare_response()
resp["session"] = {
"username": user.username,
}
resp["token"] = {
"expires_at": str(token.expire_time),
"created_at": str(token.timestamp),
}
return json.dumps(resp) + "\n"
def token_revoke_all():
""" POST /token/revoke/all
Expires ALL tokens for the user represented by the posted token.
"""
auth_token = request.headers.get("X-Keydom-Session")
if not auth_token:
resp = routing.base.generate_error_response(code=409)
resp["message"] = "Invalid authentication token."
return json.dumps(resp) + "\n"
try:
token = Token.get(Token.token == auth_token)
except Exception:
resp = routing.base.generate_error_response(code=409)
resp["message"] = "Invalid authentication token."
return json.dumps(resp) + "\n"
if token.has_expired:
resp = routing.base.generate_error_response(code=403)
resp[
"message"] = "Authentication token has expired. Request another."
return json.dumps(resp) + "\n"
user = token.for_user
tokens = user.tokens()
resp = routing.base.generate_bare_response()
resp["tokens"] = {}
for user_token in tokens:
try:
user_token.expire()
except:
pass
resp["tokens"].update({user_token.token: {"status": "revoked"}})
return json.dumps(resp) + "\n"