Esempio n. 1
0
    def get(self, id):
        """
        user informations by id
        """
        user = UsersBusiness.get_by_id(id)
        if not user:
            raise NotFound("User not Found!")

        return marshal(user, get_user_serializer())
Esempio n. 2
0
    def token(cls, user_id, service, scope=''):
        client_infos = ClientsBusiness.get_by_name(service)
        if not client_infos:
            raise Forbidden('Client not found!')
        user = UsersBusiness.get_by_id(user_id)

        client = list(
            filter(lambda c: c['id'] == client_infos['_id'], user['clients_authorized']))
        if len(client) <= 0:
            raise Forbidden('Not authorized!')

        authorized = False if scope else True
        typ = ''
        name = ''
        actions = []

        ''' filter and valid scope '''
        if scope:
            params = scope.lower().split(':')
            if len(params) != 3:
                raise BadRequest('Invalid scope!')

            typ = params[0]
            name = params[1]
            actions = params[2].split(',')

            for user_scope in client[0]['scope']:
                if not user_scope:
                    raise Forbidden('Not authorized!')
                typ_scope, name_scope, actions_scope = user_scope.lower().split(':')

                if typ_scope == typ:
                    if name_scope == name or name_scope == '*':
                        has_actions = True
                        for action in actions:
                            if action not in actions_scope.split(',') and '*' not in actions_scope:
                                has_actions = False
                        if has_actions:
                            authorized = True
                            break
            if not authorized:
                raise Forbidden('Not authorized!')

        ''' generate client token '''
        token_client = cls.encode_client_token(
            service, typ, name, actions, user, client_infos)

        expired_date = time.mktime(time.localtime(
            int(time.time()) + int(Config.EXPIRES_IN_CLIENT)))
        return {
            "user_id": user_id,
            "callback": client_infos['redirect_uri'],
            "token": token_client.decode('utf8'),
            "access_token": token_client.decode('utf8'),
            "expired_date": time.strftime("%Y-%m-%d %H:%M:%S",
                                          time.localtime(expired_date))
        }
Esempio n. 3
0
    def token(cls, user_id, service, scope=''):
        client_infos = ClientsBusiness.get_by_name(service)
        user = UsersBusiness.get_by_id(user_id)

        client = list(
            filter(lambda c: c['id'] == client_infos['_id'],
                   user['clients_authorized']))
        if len(client) <= 0:
            raise Forbidden('Not authorized!')

        authorized = False if scope else True
        typ = ''
        name = ''
        actions = []
        ''' filter and valid scope '''
        if scope:
            params = scope.split(':')
            if len(params) != 3:
                return BadRequest('Invalid scope!')

            typ = params[0]
            name = params[1]
            actions = params[2].split(',')

            for user_scope in client[0]['scope']:
                if not user_scope:
                    raise Forbidden('Not authorized!')
                typ_scope, name_scope, actions_scope = user_scope.split(':')

                if typ_scope == typ:
                    if name_scope == name or name_scope == '*':
                        has_actions = True
                        for action in actions:
                            if action not in actions_scope.split(
                                    ',') and '*' not in actions_scope:
                                has_actions = False
                        if has_actions:
                            authorized = True
                            break
            if not authorized:
                raise Forbidden('Not authorized!')
        ''' generate client token '''
        token_client = cls.encode_client_token(service, typ, name, actions,
                                               user, client_infos)

        return {
            "user_id": user_id,
            "callback": client_infos['redirect_uri'],
            "token": token_client.decode('utf8'),
            "access_token": token_client.decode('utf8')
        }
Esempio n. 4
0
    def authorize_revoke_client(cls, action, user_id, client_id, scope=[]):
        model = UsersBusiness.init_infos()['model']

        user = UsersBusiness.get_by_id(user_id)
        if not user:
            raise NotFound('User not Found!')

        new_list = []
        if action == 'authorize':
            ''' Authorize client '''
            has_client = False
            for client in user['clients_authorized']:
                if str(client['id']) == str(client_id):
                    client['scope'] = client['scope'] + scope
                    has_client = True
                    break

            if not has_client:
                user['clients_authorized'].append({
                    "id": ObjectId(client_id),
                    "scope": scope
                })
            new_list = user['clients_authorized']

        else:
            ''' Revoke client '''
            for client in user['clients_authorized']:
                if str(client['id']) == client_id:
                    new_list.append({
                        'id':
                        client['id'],
                        'scope': [
                            item for item in client['scope']
                            if item not in scope
                        ]
                    })
                else:
                    new_list.append(client)

        try:
            model.update_one({"_id": ObjectId(user_id)},
                             {"$set": {
                                 "clients_authorized": list(new_list)
                             }})
            return True
        except Exception:
            return False
Esempio n. 5
0
def get_userinfo_by_token(client_id=False):
    try:
        bearer, authorization = request.headers['Authorization'].split()
        if 'bearer' not in bearer.lower():
            raise Forbidden('Invalid token!')
    except Exception:
        raise Forbidden('Token is required!')

    if authorization:
        result, status = AuthBusiness.decode_auth_token(authorization)
        if status:
            user = UsersBusiness.get_by_id(result["id"])
            if user:
                if client_id:
                    client = ClientsBusiness.get_by_id(client_id)
                    if not client:
                        raise NotFound('Client not Found!')
                    return str(user['_id']), user['credential']['grants'], client
                return str(user['_id']), user['credential']['grants'], False

            raise NotFound('User not found')
        raise Unauthorized(str(result))
    raise Forbidden('Token is required!')
Esempio n. 6
0
    def create(cls, user_id, client_infos):
        model = cls.init_infos()['model']

        user = UsersBusiness.get_by_id(user_id)
        if not user:
            raise NotFound('User not Found!')
        """
        check if client name is already registered
        """
        client = model.find_one({
            "client_name":
            client_infos['client_name'],
            "$or": [{
                "expired_at": {
                    "$gt": datetime.now()
                }
            }, {
                "expired_at": None
            }]
        })
        if client:
            raise Conflict('A client with this name already exists')
        """
        create client credentials
        """
        client_infos['user_id'] = user['_id']
        client_infos['created_at'] = datetime.now()
        client_infos['expired_at'] = client_infos.get('expired_at', None)
        """
        save in mongodb
        """
        try:
            model.insert_one(client_infos)
            return client_infos

        except Exception:
            return False