def _wrap(*args, **kwargs): if 'Authorization' not in request.headers: # Unauthorized print("No token in header") return unauthorized('lol') print("Checking token...") user_id = validate_token(request.headers['Authorization']) if user_id is None: print("Check returned FAIL!") # Unauthorized return unauthorized('lol') return fn(user_id=user_id, *args, **kwargs)
def edit_hat(username): hat = Hat.query.filter_by(username=username).first() if hat is None: return not_found() if g.current_user not in hat.users: logger.info( '{} попытался отредактировать {}, но не входит в список носителей шляпы' .format(g.current_user, hat)) return unauthorized() try: hat.display_name = request.json['display_name'] if request.json.get('add_user', '') is not '': u = User.query.filter_by(username=request.json['add_user']).first() if u is not None: hat.users.append(user) hat.about_me = request.json['about_me'] db_session.add(hat) db_session.commit() logger.info('{u} обновил шляпу {h}: {d}, {a}, {us}'.format( u=g.current_user, d=hat.display_name, a=hat.about_me, us=hat.users, h=hat)) except Exception as exc: logging.warn('Не получилось отредактировать шляпу {}: {}'.format( hat, exc)) return bad_request() return jsonify(hat=hat_schema.dump(hat))
def delete_hat(username): hat = Hat.query.filter_by(username=username).first() if hat is None: return not_found() if not g.current_user.can(Permission.Admin) and not hat.is_wearable_by( g.current_user): return unauthorized() db_session.delete(hat) db_session.commit() return jsonify(hat=hat_schema.dump(hat)) # FIXME: test?
def get_token(): try: p = pass_auth_schema.load(request.json) except ValidationError as exc: return bad_request() u = User.query.filter_by(username=p['username']).first() if u is None: return unauthorized('Не получилось залогиниться') if u.check_password(p['password']): token = u.get_token() token.expire_in_2_weeks() db_session.add(token) db_session.add(u) db_session.commit() return jsonify(token=token_schema.dump(token), username=u.username, user=user_schema.dump(u)) return unauthorized('Не получилось залогиниться')
def edit_post(id): p = Post.query.filter_by(id=id).first() if p is None: abort(404) if p.user != g.current_user: return unauthorized() update = post_schema.load(request.json) p.body = update['body'] db_session.add(p) db_session.commit() return jsonify(post=post_schema.dump(p))
def post() -> Response: """POST request method for retrieving user web token..""" data = request.get_json() try: Users(**data).validate() user = Users.objects.get(email=data.get('email')) correct_pwd = user.check_pwd_hash(data.get('password')) if correct_pwd: expires = datetime.timedelta(days=5) access_token = create_access_token(identity=str(user.id), expires_delta=expires) refresh_token = create_refresh_token(identity=str(user.id)) output = { 'access_token': access_token, 'user_id': str(user.id), 'refresh_token': refresh_token } return jsonify({'result': output}) else: return unauthorized() except DoesNotExist: return unauthorized() except (FieldDoesNotExist, TypeError, ValidationError): return wrong_value()
def post() -> Response: """ POST response method for retrieving user web token. :return: JSON object """ data = request.get_json() user = Users.objects.get(email=data.get('email')) auth_success = user.check_pw_hash(data.get('password')) if not auth_success: return unauthorized() else: expiry = datetime.timedelta(days=5) access_token = create_access_token(identity=str(user.id), expires_delta=expiry) refresh_token = create_refresh_token(identity=str(user.id)) return jsonify({'result': {'access_token': access_token, 'refresh_token': refresh_token, 'logged_in_as': f"{user.email}"}})
def create_post(): p = new_post_schema.load(request.json) hat = Hat.query.filter_by(username=request.json['username']).first() if hat is None: hat = g.current_user.hats[0] if not hat.is_wearable_by(g.current_user): logger.info('Пользователь {} пытался запостить со шляпой {}'.format( g.current_user, hat)) return unauthorized('Не твоя шляпа') if p is not None: p.author = hat p.user = g.current_user p.writer_feed = hat.writer_feed db_session.add(p) db_session.commit() logger.info('Created post {}'.format(p)) notify_readers.delay(p.writer_feed.id, p.id) return jsonify(post=post_schema.dump(p)) return bad_request('Не тот формат')
def login(): data = request.get_json() user = Users.objects.get(email=data.get('email')) auth_success = user.check_pw_hash(data.get('password')) if not auth_success: return unauthorized() else: expiry = datetime.timedelta(days=5) access_token = create_access_token(identity=str(user.id), expires_delta=expiry) refresh_token = create_refresh_token(identity=str(user.id)) return jsonify({ 'result': { 'access_token': access_token, 'refresh_token': refresh_token, 'logged_in_as': f"{user.email}" } })
def create_hat(): if not g.current_user.can(Permission.CreateHats): return unauthorized() h = hat_schema.load(request.json) users = [g.current_user] writer_feed = WriterFeed() hat = Hat(username=h['username'], users=users, writer_feed=writer_feed, display_name=h['display_name'], about_me=h['about_me']) g.current_user.reader_feed.writer_feeds.append(writer_feed) db_session.add(hat) db_session.commit() logger.info('{} создал шляпу {}'.format(g.current_user, hat)) return jsonify(hat=hat_schema.dump(hat))
def post(self) -> Response: data = request.get_json(force=True) user = UsersModel.find_by_username(data['user']['username']) auth_success = user and safe_str_cmp(user.password, data['user']['password']) if not auth_success: return unauthorized() else: expiry = timedelta(days=5) access_token = create_access_token(identity=str(user.id), expires_delta=expiry) return jsonify({ 'user': { 'token': access_token, 'bio': user.bio, 'email': user.email, 'image': f"{user.image}", 'username': f"{user.username}" } })