def decorated_function(*args, **kwargs):
if User.verify_auth_token(request.headers.environ.get('HTTP_X_ACCESS_TOKEN')) and invalidate_token(request.headers.environ.get('HTTP_X_ACCESS_TOKEN')):
return f(*args, **kwargs)
else:
current_app.logger.error("%s - Request did not contain valid API key", request.remote_addr)
abort(401)
return f(*args, **kwargs)
def save_user(dn, username, userdata, memberships):
user = User.query.filter_by(username=username).first()
kwargs = {}
kwargs['username'] = username
if 'givenName' in userdata:
kwargs['first_name'] = userdata['givenName'][0]
if 'sn' in userdata:
kwargs['last_name'] = userdata['sn'][0]
return user.update(**kwargs) if user else User.create(**kwargs)
def decorated_function(*args, **kwargs):
if User.verify_auth_token(
request.headers.environ.get('HTTP_X_ACCESS_TOKEN')
) and is_token_logged_out(
request.headers.environ.get('HTTP_X_ACCESS_TOKEN')) is False:
return f(*args, **kwargs)
elif request.path.endswith('swagger.json'):
return f(*args, **kwargs)
elif User.is_auth_token_exists(
request.headers.environ.get(
'HTTP_X_ACCESS_TOKEN')) or is_token_logged_out(
request.headers.environ.get('HTTP_X_ACCESS_TOKEN')):
return abort(
401,
{'message': 'This API key used to authenticate is expired!'})
else:
current_app.logger.error(
"%s - Request did not contain valid API key",
request.remote_addr)
return abort(401,
{'message': 'Request did not contain valid API key!'})
def add_user(username, password, email):
from polylogyx.models import User
if User.query.filter_by(username=username).first():
raise ValueError("Username already exists!")
# password = getpass.getpass(stream=sys.stderr)
try:
user = User.create(
username=username,
email=email or username,
password=password,
)
except Exception as error:
print("Failed to create user {0} - {1}".format(username, error))
exit(1)
else:
print("Created user {0}".format(user.username))
exit(0)
def load_user(user_id):
if current_app.config['POLYLOGYX_AUTH_METHOD'] is None:
from polylogyx.users.mixins import NoAuthUserMixin
return NoAuthUserMixin()
return User.get_by_id(int(user_id))
def fetch_user(self):
code = request.args.get('code')
state = session.pop('_oauth_state')
provider = OAuth2Session(self.client_id,
redirect_uri=self.redirect_uri,
state=state)
token = provider.fetch_token(
self.token_url,
client_secret=self.client_secret,
code=code,
authorization_response=request.url,
)
response = provider.get(
'https://www.googleapis.com/oauth2/v1/userinfo')
userinfo = response.json()
if not userinfo:
current_app.logger.error("No userinfo object returned!")
abort(500)
current_app.logger.debug("Got userinfo: %s", userinfo)
if self.allowed_users and userinfo['email'] not in self.allowed_users:
current_app.logger.error(
"%s is not authorized for this application", userinfo['email'])
flash(
u"{0} is not authorized for this application.".format(
userinfo['email']), 'danger')
abort(401)
if self.allowed_domains and userinfo['hd'] not in self.allowed_domains:
current_app.logger.error("%s domain and %s not authorized",
userinfo['hd'], userinfo['email'])
flash(
u"{0} is not authorized for this application.".format(
userinfo['email']), 'danger')
abort(401)
if not userinfo['verified_email']:
flash(u"You must verify your email before using this application.",
'danger')
abort(401)
user = User.query.filter_by(
email=userinfo['email'],
social_id=userinfo['id'],
).first()
if not user:
user = User.create(
username=userinfo['email'],
email=userinfo['email'],
social_id=userinfo['id'],
first_name=userinfo['given_name'],
last_name=userinfo['family_name'],
)
else:
user.update(
username=userinfo['email'],
email=userinfo['email'],
social_id=userinfo['id'],
first_name=userinfo['given_name'],
last_name=userinfo['family_name'],
)
session['_oauth_token'] = token
return user