def put(self, uid, aid, data=None): """ .. http:put:: /users/1/keys/1 update one api key **Example request**: .. sourcecode:: http PUT /users/1/keys/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "name": "new_name", "revoked": false, "ttl": -1 } **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "jwt": "" } :reqheader Authorization: OAuth token to authenticate :statuscode 200: no error :statuscode 403: unauthenticated """ if uid != g.current_user.id: if not ApiKeyCreatorPermission().can(): return dict( message="You are not authorized to view this token!"), 403 access_key = service.get(aid) if access_key is None: return dict(message="This token does not exist!"), 404 if access_key.user_id != uid: return dict( message="You are not authorized to update this token!"), 403 service.update(access_key, name=data["name"], revoked=data["revoked"], ttl=data["ttl"]) return dict(jwt=create_token(access_key.user_id, access_key.id, access_key.ttl))
def decorated_function(*args, **kwargs): if not request.headers.get("Authorization"): response = jsonify(message="Missing authorization header") response.status_code = 401 return response try: token = request.headers.get("Authorization").split()[1] except Exception as e: return dict(message="Token is invalid"), 403 try: header_data = fetch_token_header(token) payload = jwt.decode(token, current_app.config["LEMUR_TOKEN_SECRET"], algorithms=[header_data["alg"]]) except jwt.DecodeError: return dict(message="Token is invalid"), 403 except jwt.ExpiredSignatureError: return dict(message="Token has expired"), 403 except jwt.InvalidTokenError: return dict(message="Token is invalid"), 403 if "aid" in payload: access_key = api_key_service.get(payload["aid"]) if access_key.revoked: return dict(message="Token has been revoked"), 403 if access_key.ttl != -1: current_time = datetime.utcnow() # API key uses days expired_time = datetime.fromtimestamp( access_key.issued_at) + timedelta(days=access_key.ttl) if current_time >= expired_time: return dict(message="Token has expired"), 403 if access_key.application_name: g.caller_application = access_key.application_name user = user_service.get(payload["sub"]) if not user.active: return dict(message="User is not currently active"), 403 g.current_user = user if not g.current_user: return dict(message="You are not logged in"), 403 # Tell Flask-Principal the identity changed identity_changed.send(current_app._get_current_object(), identity=Identity(g.current_user.id)) return f(*args, **kwargs)
def put(self, uid, aid, data=None): """ .. http:put:: /users/1/keys/1 update one api key **Example request**: .. sourcecode:: http PUT /users/1/keys/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "name": "new_name", "revoked": false, "ttl": -1 } **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "jwt": "" } :reqheader Authorization: OAuth token to authenticate :statuscode 200: no error :statuscode 403: unauthenticated """ if uid != g.current_user.id: if not ApiKeyCreatorPermission().can(): return dict(message="You are not authorized to view this token!"), 403 access_key = service.get(aid) if access_key is None: return dict(message="This token does not exist!"), 404 if access_key.user_id != uid: return dict(message="You are not authorized to update this token!"), 403 service.update(access_key, name=data['name'], revoked=data['revoked'], ttl=data['ttl']) return dict(jwt=create_token(access_key.user_id, access_key.id, access_key.ttl))
def decorated_function(*args, **kwargs): if not request.headers.get('Authorization'): response = jsonify(message='Missing authorization header') response.status_code = 401 return response try: token = request.headers.get('Authorization').split()[1] except Exception as e: return dict(message='Token is invalid'), 403 try: payload = jwt.decode(token, current_app.config['LEMUR_TOKEN_SECRET']) except jwt.DecodeError: return dict(message='Token is invalid'), 403 except jwt.ExpiredSignatureError: return dict(message='Token has expired'), 403 except jwt.InvalidTokenError: return dict(message='Token is invalid'), 403 if 'aid' in payload: access_key = api_key_service.get(payload['aid']) if access_key.revoked: return dict(message='Token has been revoked'), 403 if access_key.ttl != -1: current_time = datetime.utcnow() expired_time = datetime.fromtimestamp(access_key.issued_at + access_key.ttl) if current_time >= expired_time: return dict(message='Token has expired'), 403 user = user_service.get(payload['sub']) if not user.active: return dict(message='User is not currently active'), 403 g.current_user = user if not g.current_user: return dict(message='You are not logged in'), 403 # Tell Flask-Principal the identity changed identity_changed.send(current_app._get_current_object(), identity=Identity(g.current_user.id)) return f(*args, **kwargs)
def get(self, uid, aid): """ .. http:get:: /users/1/keys/1 Fetch one api key **Example request**: .. sourcecode:: http GET /users/1/api_keys/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "jwt": "" } :reqheader Authorization: OAuth token to authenticate :statuscode 200: no error :statuscode 403: unauthenticated """ if uid != g.current_user.id: if not ApiKeyCreatorPermission().can(): return dict( message="You are not authorized to view this token!"), 403 access_key = service.get(aid) if access_key is None: return dict(message="This token does not exist!"), 404 if access_key.user_id != uid: return dict( message="You are not authorized to view this token!"), 403 return dict(jwt=create_token(access_key.user_id, access_key.id, access_key.ttl))
def get(self, aid): """ .. http:get:: /keys/1/described Fetch one api key **Example request**: .. sourcecode:: http GET /keys/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 2, "name": "hoi", "user_id": 2, "ttl": -1, "issued_at": 1222222, "revoked": false } :reqheader Authorization: OAuth token to authenticate :statuscode 200: no error :statuscode 403: unauthenticated """ access_key = service.get(aid) if access_key is None: return dict(message="This token does not exist!"), 404 if access_key.user_id != g.current_user.id: if not ApiKeyCreatorPermission().can(): return dict( message="You are not authorized to view this token!"), 403 return access_key
def get(self, aid): """ .. http:get:: /keys/1/described Fetch one api key **Example request**: .. sourcecode:: http GET /keys/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 2, "name": "hoi", "user_id": 2, "ttl": -1, "issued_at": 1222222, "revoked": false } :reqheader Authorization: OAuth token to authenticate :statuscode 200: no error :statuscode 403: unauthenticated """ access_key = service.get(aid) if access_key is None: return dict(message="This token does not exist!"), 404 if access_key.user_id != g.current_user.id: if not ApiKeyCreatorPermission().can(): return dict(message="You are not authorized to view this token!"), 403 return access_key
def delete(self, uid, aid): """ .. http:delete:: /users/1/keys/1 deletes one api key **Example request**: .. sourcecode:: http DELETE /users/1/keys/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "result": true } :reqheader Authorization: OAuth token to authenticate :statuscode 200: no error :statuscode 403: unauthenticated """ if uid != g.current_user.id: if not ApiKeyCreatorPermission().can(): return dict(message="You are not authorized to view this token!"), 403 access_key = service.get(aid) if access_key is None: return dict(message="This token does not exist!"), 404 if access_key.user_id != uid: return dict(message="You are not authorized to delete this token!"), 403 service.delete(access_key) return {'result': True}
def get(self, uid, aid): """ .. http:get:: /users/1/keys/1 Fetch one api key **Example request**: .. sourcecode:: http GET /users/1/api_keys/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "jwt": "" } :reqheader Authorization: OAuth token to authenticate :statuscode 200: no error :statuscode 403: unauthenticated """ if uid != g.current_user.id: if not ApiKeyCreatorPermission().can(): return dict(message="You are not authorized to view this token!"), 403 access_key = service.get(aid) if access_key is None: return dict(message="This token does not exist!"), 404 if access_key.user_id != uid: return dict(message="You are not authorized to view this token!"), 403 return dict(jwt=create_token(access_key.user_id, access_key.id, access_key.ttl))