def identify_authenticated_user(request): bearer_token = request.headers.get('Authorization') if not bearer_token: raise AppException('Missing authentication token', 401) split = bearer_token.split(' ') if len(split) != 2: raise AppException('Missing authentication token', 401) return auth_service.get_user_by_token(split[1])
def wrapper(*args, **kwargs): user = identify_authenticated_user(request) if Roles.validate(role, user['role']): return func(*args, **kwargs) raise AppException('Role not enough', 403)
def bulk_delete(collection): if not request.json: abort(405) if not ArgumentParser.validate(request.json): raise AppException('Invalid input format', 400) query_manager.delete(collection, request.json) return jsonify({})
def replicate_auth(): if request.remote_addr not in DatabaseContext.MASTER: raise AppException( f'Auth request coming from unknown host {request.remote_addr}', 403) result = auth_service.login_for_api('replicator') return jsonify(result)
def get_lines(self, col_meta_data, id): pname = DatabaseContext.DATA_FOLDER + col_meta_data.collection + '/' + col_meta_data.get_index_fname( 'id') values = FilesReader.get_instance().get_file_content(pname) if id in values: return values[id] raise AppException('Unable to find document with id {}'.format(id), 400)
def search(collection): if not request.json: abort(405) if not ArgumentParser.validate(request.json): raise AppException('Invalid input format', 400) result = query_manager.search(collection, request.json) if len(result) == 0: abort(404) if SearchContext(request.json).map is None: return jsonify(result) return jsonify(ResultsMapper.map(result))
def wrapper(*args, **kwargs): user = identify_authenticated_user(request) if Permissions.validate(Roles.EDITOR, user['role']): return func(*args, **kwargs) collection = kwargs['collection'] if collection in user['permissions'] and Permissions.validate( permission, user['permissions'][collection]): return func(*args, **kwargs) raise AppException('Permissions not enough', 403)
def login(self, login, password): results = self.query_manager.search('users', { '$filter': { 'login': login }, '$size': 1 }) if len(results) != 1: raise AppException('Authentication failed', 401) user = results[0] if not self.bcrypt.check_password_hash(user['password'], password): raise AppException('Authentication failed', 401) token = self.generate_auth_token(user['id']) user['tokens'].append(token) self.query_manager.upsert('users', [user]) return {'login': user['login'], 'token': token}
def get_user_by_token(self, token): payload = jwt.decode(token, DatabaseContext.PASSWORDS_SECRET_KEY, algorithms=['HS256']) results = self.query_manager.search( 'users', {'$filter': { 'id': payload['sub'], 'tokens': token }}) if len(results) != 1: raise AppException('Authentication failed', 401) return results[0]
def user_details(user: str): req = Context() auth = req.auth is_me = user == "me" if is_me: if not auth.user: raise AppException("Not authenticated", 401) user = auth.user user_data = get_user_by_username(user) show_secure = user_data.user == auth.user or auth.is_admin model = ( UserOutSecure.from_db(user_data) if show_secure else UserOut.from_db(user_data) ) return {"user_data": model.dict()}
def edit(user: str): req = Context() user = user.lower() if user != req.auth.user and not req.auth.is_admin: raise AppException("Not authorized to edit", 401) if not req.auth.is_admin: body = UserEditable(**req.json) else: body = UserIn(**req.json) user_data = get_user_by_username(user) user_data.user = body.user or user_data.user user_data.name = body.name or user_data.name json = user_data.as_json commit() return json
def login_for_api(self, login): results = self.query_manager.search('users', {'$filter': { 'login': login }}) if len(results) != 1: raise AppException('Authentication failed', 401) token = self.generate_auth_token(user['id']) user['tokens'].append(token) self.query_manager.upsert('users', [user]) return {'login': user['login'], 'token': token}
def __init__(self, collection): if os.path.exists(DatabaseContext.DATA_FOLDER + collection) is False: raise AppException( 'Collection {} doesn\'t exist'.format(collection), 404) self.collection = collection fname = DatabaseContext.DATA_FOLDER + self.collection + '/' + self.META_DATA_FILE_NAME if os.path.exists(fname) is False: with open(fname, 'a') as file: file.write('1\n') file.write('{}\n') with open(fname, 'r') as file: file.seek(0) self.counter = int(file.readline()) self.indexes = eval(file.readline())
def logout(self, token): payload = jwt.decode(token, DatabaseContext.PASSWORDS_SECRET_KEY, algorithms=['HS256']) results = self.query_manager.search( 'users', {'$filter': { 'id': payload['sub'], 'tokens': token }}) if len(results) != 1: raise AppException('Authentication failed', 401) user = results[0] user['tokens'].remove(token) self.query_manager.upsert('users', [user]) return user
def refresh_token(): context = Context() headers = context.headers access_token = get_bearer_token(headers) decoded_access = decode_token(access_token) if decoded_access is None: refresh_token = headers.get("x-refresh-token") decoded_refresh = decode_token(refresh_token) access, refresh = regenerate_access_token(decoded_refresh) if access is None: raise AppException("re-auth") return json_response( {}, headers={ "x-access-token": create_token(access), "x-refresh-token": create_token(refresh), }, ) return {}
def bulk_patch(collection): """ For bulk patch, the documents must contain their IDs. """ if not request.json: abort(405) ids = [] for d in request.json: if 'id' in d: ids.append(d['id']) else: raise AppException('Input documents must contain their ID', 400) previous_docs = query_manager.search(collection, {'$filter': {'id': ids}}) previous_docs = sorted(previous_docs, key=itemgetter('id')) docs = sorted(list(previous_docs), key=itemgetter('id')) patch = sorted(request.json, key=itemgetter('id')) for i, p in enumerate(patch): for k in p.keys(): docs[i][k] = p[k] query_manager.patch(collection, previous_docs, docs) return jsonify({})