def verify_auth_token(token):
try:
user = jwt_tjwss.loads(token)
except SignatureExpired:
api_error(AttributeError, "This token has expired.", 401)
except BadSignature:
api_error(ValueError, "Bad Signature was provided.", 400)
return user
def authenticate(self, password):
if not self.is_enabled():
api_error(ValueError, "User is not enabled.", 403)
# sanitize inputs and validate the user
if is_sanitary(self.email):
if bcrypt.verify(password, self.hash):
# basic login token expires after 15 minutes
return self.genJWToken(900)
else:
api_error(ValueError, "Unauthorized, Wrong Password.", 401)
abort(400)
def load_user_from_request(request):
# try to login using the Token in Basic Auth Headers
auth_token = request.headers.get('Authorization')
if auth_token:
auth_token = base64_decode(auth_token.replace('Basic ', '', 1))
user = User.verify_auth_token(auth_token)
if user:
return user
else:
api_error(ValueError, "Authorization denied.", 401)
# No authentication, no user
return None
def getAuthToken(request):
user_creds = request.headers.get('Authorization')
if user_creds:
user_creds = base64_decode(user_creds.replace('Basic ', '', 1))
email, pw = user_creds.split(':')
if email is None or email is '' or pw is None or pw is '':
api_error(ValueError, "Authorization values are missing.", 400)
user = User.query.filter_by(email=email).first()
if user is None:
api_error(
ValueError,
"We could not find a user with the provided email address.",
404
)
return jsonify(jwt=user.authenticate(pw))
api_error(
AttributeError,
"Authorization Headers are missing.",
401
)
def data_from_request(request):
user_data = request.data
user = {}
if user_data is None or user_data == '':
user_data = '{}'
user_data = json.loads(user_data)
if user_data is None or not isinstance(user_data, dict):
api_error(AttributeError, "Bad Request", 400)
for k, field in User.__registration_fields__.iteritems():
if k in user_data:
v = user_data[k]
# Use the registration field's validation/format function
value = field['validationFunction'](v)
if (field['required'] and
(value is None or value is '')):
api_error(
ValueError,
("Required field is formatted incorrectly: " + k),
400
)
user[k] = value
else:
api_error(
AttributeError, "Required field is missing: " + k, 400
)
# normalize ID (from <TCID or Employee_ID> -> <TCID>)
user_id = user['id']
if user['id_type'] == 'employee_id':
del user['id']
del user['id_type']
user['employeeID'] = user_id
else:
del user['id']
del user['id_type']
user['tcid'] = user_id
return user
