async def put(self):
email_schema = EmailSchema()
user_identity = get_jwt_identity()
current_user = await UserModel.find_user_by_email(user_identity)
if current_user:
newEmail = await request.get_json()
try:
get_user = email_schema.load(newEmail)
except ValidationError as err:
return err.messages, 400
try:
current_user.email = get_user["email"]
if get_user[
'email'] == current_user.email or await UserModel.find_user_by_email(
get_user['email']):
return {
"message": EMAIL_TAKEN.format(get_user['email'])
}, 400
new_confirmation = UserConfirmationModel(current_user.id)
new_confirmation.save_to_db()
current_user.send_email()
db.session.commit()
return {"message": EMAIL_UPDATED}, 200
except (MailgunException, Exception) as err:
return {'message': str(err)}, 500
return {"message": USER_NOT_FOUND}, 404
async def project_get():
if request.method == 'GET':
name = request.args.get('name')
current_user = get_jwt_identity()
return jsonify(project.get_project(name, current_user)), 200
else:
return jsonify(msg="method not supported"), 400
async def rooms_route():
identity = get_jwt_identity()
async with app.db_pool.acquire() as con:
projects = await con.fetch("""
SELECT
r.id,
r.name,
u.name as creator,
r.last_updated
FROM
rooms as r
LEFT JOIN
users as u
ON
r.creator = u.id
WHERE LOWER(u.email) = $1;
""", identity)
room_dicts = [dict(r) for r in projects]
for room_dict in room_dicts:
arrow_dt = arrow.get(room_dict["last_updated"])
room_dict["last_updated"] = arrow_dt.humanize()
return {"status": 200, "result": room_dicts}
def delete(cls):
user_identity = get_jwt_identity()
user = UserModel.find_user_by_email(user_identity)
if not user:
return {"Message": USER_NOT_FOUND}, 404
user.delete_from_db()
return {"message": USER_DELETED.format(user.username)}, 200
async def put(self):
location_schema = LocationSchema()
user_identity = get_jwt_identity()
current_user = await UserModel.find_user_by_email(user_identity)
if current_user:
currentLocation = await request.get_json()
try:
get_user = location_schema.load(currentLocation)
except ValidationError as err:
return err.messages, 400
current_user.country = await Country.get_country_name(
Country, get_user['country'])
_ = await Country.get_country_region(Country)
current_user.phone_number = await Country.get_user_phonenumber(
Country, get_user["phone_number"])
current_user.state = await Country.get_states(
Country, get_user['state'])
current_user.city = await Country.get_city(Country,
get_user['city'])
db.session.commit()
return {"message": ACCOUNT_UPDATED}, 200
return {"message": USER_NOT_FOUND}, 404
async def invalid_token_callback(error_string) -> Response:
"""
Log that an access attempt was made with a token that was invalid and return
the result from the default callback.
Parameters
----------
error_string : str
Reason the token is invalid
Returns
-------
Response
"""
current_app.access_logger.error(
"INVALID_TOKEN",
error_string=error_string,
route=request.path,
request_id=request.request_id,
user=str(get_jwt_identity()),
src_ip=request.headers.get("Remote-Addr"),
json_payload=await request.json,
)
return default_invalid_token_callback(error_string)
async def refresh():
# Do the same thing that we did in the login endpoint here
current_user = get_jwt_identity()
access_token = create_access_token(identity=current_user)
access_jti = get_jti(encoded_token=access_token)
revoked_store.set(access_jti, "false", ACCESS_EXPIRES * 1.2)
ret = {"access_token": access_token}
return ret, 201
async def partially_protected():
# If no JWT is sent in with the request, get_jwt_identity()
# will return None
current_user = get_jwt_identity()
if current_user:
return dict(logged_in_as=current_user), 200
else:
return dict(logged_in_as="anonymous user"), 200
async def project_update():
if request.method == 'POST':
data = await request.get_json()
current_user = get_jwt_identity()
project_updated = await project.update_project(data, current_user)
if project_updated:
return jsonify({'status': '200'})
else:
return jsonify({'status': '500'})
async def project_create():
if request.method == 'POST':
data = await request.get_json()
project_created = await project.create_project(data,
get_jwt_identity())
if project_created:
return jsonify({'status': '200'})
else:
return jsonify({'status': '500'})
async def refresh():
# Create the new access token
current_user = get_jwt_identity()
access_token = create_access_token(identity=current_user)
# Set the JWT access cookie in the response
resp = {"refresh": True}
set_access_cookies(resp, access_token)
return resp, 200
async def refresh():
# Create the new access token
current_user = get_jwt_identity()
access_token = create_access_token(identity=current_user)
# Set the access JWT and CSRF double submit protection cookies
# in this response
resp = {"refresh": True}
set_access_cookies(resp, access_token)
return resp, 200
def add_request_data(_, __, event_dict):
"""
Processor which adds request data to log entries if available in this context.
"""
if has_request_context():
event_dict = dict(
**event_dict,
request=dict(
request_id=getattr(request, "request_id", None),
path=request.path,
src_ip=request.headers.get("Remote-Addr"),
user=str(get_jwt_identity()),
),
)
return event_dict
async def create_room():
identity = get_jwt_identity()
async with app.db_pool.acquire() as con:
user_id = await con.fetchval("""
SELECT
id
FROM
users
WHERE LOWER(email) = $1;
""", identity)
room = await Room.new("Untitled room", user_id)
return {"result": room.id}
async def get_user():
identity = get_jwt_identity()
async with app.db_pool.acquire() as con:
user = await con.fetchrow("""
SELECT
id,
email,
name
FROM
users
WHERE LOWER(email) = $1;
""", identity)
return {"status": 200, "result": dict(user)}
def user_loader_callback(identity):
"""
Call back for loading user from JWT.
Parameters
----------
identity : str
Username
Returns
-------
UserObject
User with claims pulled from the decoded jwt token
"""
current_app.access_logger.info(
"Attempting to load user",
request_id=request.request_id,
route=request.path,
user=get_jwt_identity(),
src_ip=request.headers.get("Remote-Addr"),
)
claims = decompress_claims(get_jwt_claims())
log_dict = dict(
request_id=request.request_id,
route=request.path,
user=get_jwt_identity(),
src_ip=request.headers.get("Remote-Addr"),
claims=claims,
)
current_app.access_logger.info("Loaded user", **log_dict)
return UserObject(username=identity,
scopes=list(expand_scopes(scopes=claims)))
async def refresh_expiring_jwts(response):
if str(request.url_rule) == "/api/logout":
return response
try:
exp_timestamp = jwt.get_raw_jwt()["exp"]
now = datetime.utcnow()
target_timestamp = datetime.timestamp(now + timedelta(minutes=30))
if target_timestamp > exp_timestamp:
access_token = jwt.create_access_token(
identity=jwt.get_jwt_identity())
response.set_cookie("access_token_cookie", access_token)
response.set_cookie("jwt_csrf_token",
jwt.get_csrf_token(access_token))
return response
except (RuntimeError, KeyError):
return response
async def claims_verification_failed_callback() -> Tuple[Dict[str, str], int]:
"""
Log that an access attempt was made with claims that failed verification and return
a json error message and 401 error code.
Returns
-------
Response
"""
current_app.access_logger.error(
"CLAIMS_VERIFICATION_FAILED",
route=request.path,
request_id=request.request_id,
user=str(get_jwt_identity()),
src_ip=request.headers.get("Remote-Addr"),
json_payload=await request.json,
)
return {"msg": "User claims verification failed"}, 403
async def revoked_token_callback() -> Response:
"""
Log that an access attempt was made with a revoked token and return
the result from the default callback.
Returns
-------
Response
"""
current_app.access_logger.error(
"REVOKED_TOKEN",
route=request.path,
request_id=request.request_id,
user=str(get_jwt_identity()),
src_ip=request.headers.get("Remote-Addr"),
json_payload=await request.json,
)
return default_revoked_token_callback()
async def put(self):
username_schema = UsernameSchema()
user_identity = get_jwt_identity()
current_user = await UserModel.find_user_by_email(user_identity)
if current_user:
newUsername = await request.get_json()
try:
get_user = username_schema.load(newUsername)
except ValidationError as err:
return err.messages, 400
current_user.username = get_user["username"]
db.session.commit()
return {"message": ACCOUNT_UPDATED}, 200
return {"message": USER_NOT_FOUND}, 404
async def put(self):
password_schema = PasswordSchema()
user_identity = get_jwt_identity()
current_user = await UserModel.find_user_by_email(user_identity)
if current_user:
user = await request.get_json()
try:
get_user = password_schema.load(user)
except ValidationError as err:
return err.messages, 400
current_user.password = psw.generate_password_hash(
get_user["password"])
db.session.commit()
return {"message": ACCOUNT_UPDATED}, 200
return {"message": USER_NOT_FOUND}, 404
async def unauthorized_callback(error_string) -> Response:
"""
Log that an access attempt was made without a token and return
the result from the default callback.
Returns
-------
Response
"""
current_app.access_logger.error(
"UNAUTHORISED",
error_string=error_string,
route=request.path,
request_id=request.request_id,
user=str(get_jwt_identity()),
src_ip=request.headers.get("Remote-Addr"),
json_payload=await request.json,
)
return default_unauthorized_callback(error_string)
async def protected():
username = get_jwt_identity()
return dict(logged_in_as=username), 200
async def refresh():
current_user = get_jwt_identity()
ret = {"access_token": create_access_token(identity=current_user)}
return ret, 200
async def refresh():
current_user = get_jwt_identity()
new_token = create_access_token(identity=current_user, fresh=False)
ret = {"access_token": new_token}
return ret, 200
async def post(cls):
current_user = get_jwt_identity()
new_token = create_access_token(identity=current_user, fresh=False)
return {"access_token": new_token}, 200
async def refresh():
"""Refreshes a JWT token."""
access_token = jwt.create_access_token(identity=jwt.get_jwt_identity())
return {"token": access_token}, 200
async def register():
existing_jwt = jwt.get_jwt_identity()
if existing_jwt:
return {
"status": 401,
"error":
"You cannot register for a new account if you are logged in."
}, 401
try:
data = await request.get_json()
except Exception:
return {"status": 400, "error": "Invalid POST data."}, 400
email = data.get("email")
password = data.get("password")
name = data.get("name")
if not email:
return {"status": 400, "error": "Missing email parameter."}, 400
elif not password:
return {"status": 400, "error": "Missing password parameter."}, 400
elif not name:
return {"status": 400, "error": "Missing name parameter."}, 400
hash_ = hasher.hash(password)
async with app.db_pool.acquire() as con:
existing = await con.fetchval(
"""
SELECT
email
FROM
users
WHERE LOWER($1) = LOWER(email);
""", email)
if existing:
return {
"status": 400,
"error": "User with specified email already exists."
}, 400
new_user = await con.fetchrow(
"""
INSERT INTO
users (
email,
password_hash,
name
)
VALUES
($1, $2, $3)
RETURNING id::TEXT, email, name;
""", email, hash_, name)
additional = {"name": name}
access_token = jwt.create_access_token(identity=email.lower(),
user_claims=additional)
headers = {"Content-Type": "application/json"}
response = Response(json.dumps({
"status": 200,
"result": dict(new_user)
}),
headers=headers)
response.set_cookie("access_token_cookie", access_token)
response.set_cookie("jwt_csrf_token", jwt.get_csrf_token(access_token))
return response
async def username():
username = get_jwt_identity()
return jsonify(username=username), 200
async def optional_protected():
if get_jwt_identity():
return jsonify(foo="baz")
else:
return jsonify(foo="bar")
