def inner(*args, **kwargs): auth_headers = request.headers.get('Authorization', None) api_key = request.headers.get('X-Yeti-API', None) user = None if api_key: user = User.find(api_key=api_key) if not user: return INVALID_API_KEY, 401 if auth_headers: try: token = auth_headers.split()[1] data = jwt.decode(token, yeti_config.core.secret_key) user = User.find(email=data['sub']) issued_at = datetime.utcfromtimestamp(data['iat']) last_pwd_reset = user.last_password_change.replace( microsecond=0) if issued_at < last_pwd_reset: return EXPIRED_TOKEN, 401 except jwt.ExpiredSignatureError: return EXPIRED_TOKEN, 401 except jwt.InvalidTokenError: pass if not user: return INVALID_TOKEN, 401 g.user = user return f(*args, **kwargs)
def test_no_override_password(): """Tests that updates to a user do not override their password.""" user = User(email='*****@*****.**').save() user_management.set_password(user, 'password') user.save() user.email = '*****@*****.**' user.save() user = User.find(email='*****@*****.**') assert user.email == '*****@*****.**' assert check_password_hash(user.password, 'password')
def reset_password(user_email, password=None): user = User.find(email=user_email) if not user: print(f'No such user: {user_email}') exit(-1) user_management.set_password(user, password) user.save() print(f'Password for {user_email} reset succesfully.') print(f'Admin: {user.admin}') print(f'API key: {user.api_key}')
def authenticate_user(email, password): """Authenticates a user against the information in the database. Args: email: The user's email address. password: The user's cleartext password. Returns: A User obejct if authentication is successful, None otherwise. """ user = User.find(email=email) if not user: return None if check_password_hash(user.password, password): return user return None