def _validate_account_access(token_info, account_id):
with Transaction() as t:
account_repo = AccountRepo(t)
token_associated_account = account_repo.find_linked_account(
token_info['iss'],
token_info['sub'])
account = account_repo.get_account(account_id)
if account is None:
raise NotFound(ACCT_NOT_FOUND_MSG)
else:
# Whether or not the token_info is associated with an admin acct
token_authenticates_admin = \
token_associated_account is not None and \
token_associated_account.account_type == 'admin'
# Enum of how closely token info matches requested account_id
auth_match = account.account_matches_auth(
token_info[JWT_EMAIL_CLAIM_KEY],
token_info[JWT_ISS_CLAIM_KEY],
token_info[JWT_SUB_CLAIM_KEY])
# If token doesn't match requested account id, and doesn't grant
# admin access to the system, deny.
if auth_match == AuthorizationMatch.NO_MATCH and \
not token_authenticates_admin:
raise Unauthorized()
return account
def validate_admin_access(token_info):
with Transaction() as t:
account_repo = AccountRepo(t)
account = account_repo.find_linked_account(token_info['iss'],
token_info['sub'])
if account is None or account.account_type != 'admin':
raise Unauthorized()
def find_accounts_for_login(token_info):
# Note: Returns an array of accounts accessible by token_info because
# we'll use that functionality when we add in administrator accounts.
with Transaction() as t:
acct_repo = AccountRepo(t)
acct = acct_repo.find_linked_account(
token_info[JWT_ISS_CLAIM_KEY],
token_info[JWT_SUB_CLAIM_KEY])
if acct is None:
return jsonify([]), 200
return jsonify([acct.to_api()]), 200
def _validate_has_account(token_info):
# WARNING: this does NOT authenticate a user but tests for the
# presence of an account
with Transaction() as t:
account_repo = AccountRepo(t)
token_associated_account = account_repo.find_linked_account(
token_info['iss'], token_info['sub'])
if token_associated_account is None:
raise Unauthorized()
else:
return
def create_daklapack_orders(body, token_info):
validate_admin_access(token_info)
ADDRESSES_KEY = 'addresses'
extended_body = body.copy()
results = []
with Transaction() as t:
account_repo = AccountRepo(t)
extended_body[SUBMITTER_ACCT_KEY] = account_repo.find_linked_account(
token_info['iss'], token_info['sub'])
for curr_address in extended_body[ADDRESSES_KEY]:
curr_order_dict = extended_body.copy()
curr_order_dict.pop(ADDRESSES_KEY)
curr_order_dict[ADDR_DICT_KEY] = curr_address
result_info = _create_daklapack_order(curr_order_dict)
results.append(result_info)
# return response to caller
response = jsonify({"order_submissions": results})
response.status_code = 200
return response
def token_grants_admin_access(token_info):
with Transaction() as t:
account_repo = AccountRepo(t)
account = account_repo.find_linked_account(token_info['iss'],
token_info['sub'])
return account is not None and account.account_type == 'admin'