Exemple #1
0
 def verify_auth_token(token):
     try:
         user = jwt_tjwss.loads(token)
     except SignatureExpired:
         api_error(AttributeError, "This token has expired.", 401)
     except BadSignature:
         api_error(ValueError, "Bad Signature was provided.", 400)
     return user
Exemple #2
0
 def authenticate(self, password):
     if not self.is_enabled():
         api_error(ValueError, "User is not enabled.", 403)
     # sanitize inputs and validate the user
     if is_sanitary(self.email):
         if bcrypt.verify(password, self.hash):
             # basic login token expires after 15 minutes
             return self.genJWToken(900)
         else:
             api_error(ValueError, "Unauthorized, Wrong Password.", 401)
     abort(400)
Exemple #3
0
def load_user_from_request(request):
    # try to login using the Token in Basic Auth Headers
    auth_token = request.headers.get('Authorization')
    if auth_token:
        auth_token = base64_decode(auth_token.replace('Basic ', '', 1))
        user = User.verify_auth_token(auth_token)
        if user:
            return user
        else:
            api_error(ValueError, "Authorization denied.", 401)
    # No authentication, no user
    return None
Exemple #4
0
def getAuthToken(request):
    user_creds = request.headers.get('Authorization')
    if user_creds:
        user_creds = base64_decode(user_creds.replace('Basic ', '', 1))
        email, pw = user_creds.split(':')
        if email is None or email is '' or pw is None or pw is '':
            api_error(ValueError, "Authorization values are missing.", 400)
        user = User.query.filter_by(email=email).first()
        if user is None:
            api_error(
                ValueError,
                "We could not find a user with the provided email address.",
                404
            )
        return jsonify(jwt=user.authenticate(pw))
    api_error(
        AttributeError,
        "Authorization Headers are missing.",
        401
    )
Exemple #5
0
    def data_from_request(request):
        user_data = request.data
        user = {}

        if user_data is None or user_data == '':
            user_data = '{}'
        user_data = json.loads(user_data)

        if user_data is None or not isinstance(user_data, dict):
            api_error(AttributeError, "Bad Request", 400)

        for k, field in User.__registration_fields__.iteritems():
            if k in user_data:
                v = user_data[k]
                # Use the registration field's validation/format function
                value = field['validationFunction'](v)
                if (field['required'] and
                   (value is None or value is '')):
                    api_error(
                        ValueError,
                        ("Required field is formatted incorrectly: " + k),
                        400
                    )
                user[k] = value
            else:
                api_error(
                    AttributeError, "Required field is missing: " + k, 400
                )

        # normalize ID (from <TCID or Employee_ID> -> <TCID>)
        user_id = user['id']
        if user['id_type'] == 'employee_id':
            del user['id']
            del user['id_type']
            user['employeeID'] = user_id
        else:
            del user['id']
            del user['id_type']
            user['tcid'] = user_id

        return user