def tween(request): log.debug('JWT VALIDATION') # forward requests without authorization if request.authorization is None: # Skipping validation if there is no authorization object. # This is dangerous since a bad ordering of this tween and the # cookie tween would bypass security return handler(request) # Finally, check database validation try: token = extract_token(request) valid = token and is_valid_token(token) except Exception as exc: if isinstance(exc, HTTPError): return http_error_handler(exc, request) else: return catch_all_error_handler(exc, request) if valid: return handler(request) else: return http_error_handler(HTTPUnauthorized('Invalid token'), request)
def post(self): request = self.request userid = request.authenticated_userid result = {"user": userid} remove_token(extract_token(request)) if "discourse" in request.json: try: settings = request.registry.settings client = get_discourse_client(settings) result["logged_out_discourse_user"] = client.logout(userid) except: # Any error with discourse should not prevent logout log.warning("Error logging out of discourse for %d", userid, exc_info=True) return result
def post(self): request = self.request userid = request.authenticated_userid result = {'user': userid} remove_token(extract_token(request)) if 'discourse' in request.json: try: settings = request.registry.settings client = get_discourse_client(settings) result['logged_out_discourse_user'] = client.logout(userid) except: # Any error with discourse should not prevent logout log.warning('Error logging out of discourse for %d', userid, exc_info=True) return result
def tween(request): # TODO: first set the cookie in request.authorization if needed # Then forward requests without authorization if request.authorization is None: # Skipping validation if there is no authorization object. # This is dangerous since a bad ordering of this tween and the # cookie tween would bypass security return handler(request) # Finally, check database validation token = extract_token(request) valid = token and is_valid_token(token) if valid: return handler(request) else: # TODO: clear cookie? send json? return HTTPUnauthorized("Invalid token")
def post(self): result = {'user': self.request.authenticated_userid} remove_token(extract_token(self.request)) return result