async def refresh_expired_access_token(token: str = Depends(oauth2_scheme),
database: Session = Depends(get_db)):
'''Issue a replacement token if the current access token is not expired, or only recently expired.'''
try:
payload = jwt.decode(token,
SECURITY['SECRET_KEY'],
algorithms=[SECURITY['ALGORITHM']],
leeway=int(
SECURITY['REFRESH_TOKEN_LEEWAY_SECONDS']))
except jwt.ExpiredSignatureError:
raise TOKEN_EXPIRED_EXCEPTION
except jwt.PyJWTError:
raise TOKEN_PROCESSING_EXCEPTION
user_id: str = payload.get("user_id")
if user_id is None:
raise CREDENTIALS_EXCEPTION
user = get_user(database=database, user_id=user_id)
if not user:
raise AUTHENTICATION_EXCEPTION
if not user.active_boolean:
raise INACTIVE_USER_EXCEPTION
access_token_expires = timedelta(
minutes=int(SECURITY['ACCESS_TOKEN_EXPIRE_MINUTES']))
access_token = create_access_token(data={"user_id": user.user_id},
expires_delta=access_token_expires)
return {"access_token": access_token, "token_type": "bearer"}
def read_user(user_id: int = Path(..., title="The ID of the user to get"),
database: Session = Depends(get_db)):
'''Get a list of users'''
user = user_utils.get_user(database=database, user_id=user_id)
if not user:
raise NO_USER_EXCEPTION
return user
def delete_user(database: Session = Depends(get_db),
user_id: int = Path(..., title="The ID of the user to update"),
current_user: models.User = Depends(get_current_user)):
"""Deletes a user"""
if current_user.user_id != user_id and not current_user.admin_boolean:
raise PRIVILEGE_EXCEPTION
if not user_utils.get_user(database=database, user_id=user_id):
raise NO_USER_EXCEPTION
result = user_utils.delete_user(database=database, user_id=user_id)
return result
def update_user(user_data: schemas.UserUpdate,
database: Session = Depends(get_db),
user_id: int = Path(..., title="The ID of the user to update"),
current_user: models.User = Depends(get_current_user)):
"""Updates a user"""
if not current_user.admin_boolean:
raise PRIVILEGE_EXCEPTION
if not user_utils.get_user(database=database, user_id=user_id):
raise NO_USER_EXCEPTION
db_user = user_utils.update_user(database=database,
user_id=user_id,
data=user_data)
return db_user
async def check_current_user(request: Request,
payload: dict = Depends(get_token),
database: Session = Depends(get_db)):
'''Get the current user based on the included token'''
user_id: str = payload.get("user_id")
if user_id is None:
raise CREDENTIALS_EXCEPTION
user = get_user(database=database, user_id=user_id)
if user is None:
raise CREDENTIALS_EXCEPTION
if not user.active_boolean:
raise INACTIVE_USER_EXCEPTION
request.state.current_user = user
return user
def change_user_admin(admin: bool,
user_id: int = Path(
..., title="The ID of the user to update"),
database: Session = Depends(get_db),
current_user: models.User = Depends(get_current_user)):
"""Set the admin flag on a user"""
if not current_user.admin_boolean:
raise PRIVILEGE_EXCEPTION
if current_user.user_id == user_id:
raise SELF_PRIVILEGE_EXCEPTION
if not user_utils.get_user(database=database, user_id=user_id):
raise NO_USER_EXCEPTION
user_utils.set_user_admin(database=database, user_id=user_id, admin=admin)
return {'message': 'Admin flag successfully changed'}
def change_user_password(
password: str,
user_id: int = Path(..., title="The ID of the user to update"),
database: Session = Depends(get_db),
current_user: models.User = Depends(get_current_user)):
"""Sets a password"""
if current_user.user_id != user_id and not current_user.admin_boolean:
raise PRIVILEGE_EXCEPTION
if not user_utils.get_user(database=database, user_id=user_id):
raise NO_USER_EXCEPTION
user_utils.set_password(database=database,
user_id=user_id,
password=password)
return {'message': 'Password successfully changed'}