Exemple #1
0
def access_token():
    """
    Generate an access token. Also do the password check.
    Do not handle rate limit.
    """
    # this throw a BadRequest if json is not sent
    data = request.get_json()

    if data is None:
        abort(400)

    if 'method' not in data:
        for param in ['username', 'clientVersion', 'clientName', 'deviceName']:
            if param not in data or data[param] == '':
                abort(400)

    else:
        if data['method'] != 'password':
            return make_response(get_continuation_token_response(data),
                                 status=401)

        try:
            # max age 5 minutes
            # FIXME should be moved to the config file
            tokenData = auth.getURLSafeSerializer().loads(data['token'],
                                                          max_age=300)
        except SignatureExpired:
            return make_response(get_continuation_token_response(tokenData),
                                 status=401)
        except BadSignature:
            abort(403)

        try:
            user = User.query.filter_by(username=tokenData['username']).one()
            user.checkPwd(data['password'])
        except database.NoResultFound:
            return make_response(get_continuation_token_response(tokenData),
                                 status=401)
        except User.BadPassword:
            return make_response(get_continuation_token_response(tokenData),
                                 status=401)

        # getOrCreate
        device = Device.findOrCreate(user.id, tokenData)
        device.save()
        database.commit()

        auth.setUserAndDevice(user, device)

        response = get_endpoints()
        response['accessToken'] = auth.createAccessToken()

        return make_response(response, status=201)

    return make_response(get_continuation_token_response(data))
Exemple #2
0
def access_token():
    """
    Generate an access token. Also do the password check.
    Do not handle rate limit.
    """
    # this throw a BadRequest if json is not sent
    data = request.get_json()

    if data is None:
        abort(400)

    if 'method' not in data:
        for param in ['username', 'clientVersion', 'clientName', 'deviceName']:
            if param not in data or data[param] == '':
                abort(400)

    else:
        if data['method'] != 'password':
            return make_response(get_continuation_token_response(data), status=401)

        try:
            # max age 5 minutes
            # FIXME should be moved to the config file
            tokenData = auth.getURLSafeSerializer().loads(data['token'], max_age=300)
        except SignatureExpired:
            return make_response(get_continuation_token_response(tokenData), status=401)
        except BadSignature:
            abort(403)

        try:
            user = User.query.filter_by(username=tokenData['username']).one()
            user.checkPwd(data['password'])
        except database.NoResultFound:
            return make_response(get_continuation_token_response(tokenData), status=401)
        except User.BadPassword:
            return make_response(get_continuation_token_response(tokenData), status=401)

        # getOrCreate
        device = Device.findOrCreate(user.id, tokenData)
        device.save()
        database.commit()

        auth.setUserAndDevice(user, device)

        response = get_endpoints()
        response['accessToken'] = auth.createAccessToken();

        return make_response(response, status=201)

    return make_response(get_continuation_token_response(data))
Exemple #3
0
def get_continuation_token_response(data):
    return {
        'continuationToken': auth.getURLSafeSerializer().dumps(data),
        'methods': ['password'],
        'prompt': None
    }
Exemple #4
0
def get_continuation_token_response(data):
    return {
        'continuationToken': auth.getURLSafeSerializer().dumps(data),
        'methods': ['password'],
        'prompt': None
    }