def is_coorganizer_endpoint_related_to_event(view, view_args, view_kwargs, *args, **kwargs): """ If the authorization header is present (but expired) and the event being accessed is not published - And the user is related to the event (organizer, co-organizer etc) show a 401 - Else show a 404 :param view: :param view_args: :param view_kwargs: :param args: :param kwargs: :return: """ user = get_identity() if user.is_staff: _jwt_required(app.config['JWT_DEFAULT_REALM']) return view(*view_args, **view_kwargs) if user.is_organizer(kwargs['event_id']) or user.is_coorganizer( kwargs['event_id']): _jwt_required(app.config['JWT_DEFAULT_REALM']) return view(*view_args, **view_kwargs) return ForbiddenError({ 'source': '' }, 'Co-organizer access is required.').respond()
def decorator(*args, **kwargs): _jwt_required(current_app.config['JWT_DEFAULT_REALM']) token = _default_request_handler() user = current_identity if not user.verify_token(token): raise JWTError('Bad request', 'Invalid token') return fn(*args, **kwargs)
def decorator(*args, **kwargs): try: _jwt_required(realm or app.config['JWT_DEFAULT_REALM']) except Exception: # JWTError raise AuthenticationRequired('Authentication is required', {'source': ''}) return fn(*args, **kwargs)
def decorator(*args, **kwargs): _jwt_required(None) restaurant = get_current_restaurant() if current_identity.is_activated() and \ ((current_identity.is_admin) or current_identity.is_manager_of(restaurant)): return fn(*args, **kwargs) return abort(403)
def decorator(*args, **kwargs): if env.is_auth_enabled(): try: _jwt_required(realm or current_app.config['JWT_DEFAULT_REALM']) except JWTError: abort(401) return fn(*args, **kwargs)
def belongs_to(username): try: _jwt_required(None) if not current_identity['username'] == username: return {'status': 403, 'message': 'not allowed'}, 403 except JWTError as e: return {'status': 403, 'message': 'not allowed'}, 403 return True
def decorator(*args, **kwargs): try: _jwt_required(realm or current_app.config['JWT_DEFAULT_REALM']) print(current_identity) if admin == 1 and current_identity.is_admin!=1: abort(401) except Exception as e: raise JWTError('Bad Request', 'Invalid credentials') return fn(*args, **kwargs)
def accessible_role_based_events(view, view_args, view_kwargs, *args, **kwargs): if 'POST' in request.method or 'withRole' in request.args: _jwt_required(app.config['JWT_DEFAULT_REALM']) user = current_identity if 'GET' in request.method and user.is_staff: return view(*view_args, **view_kwargs) view_kwargs['user_id'] = user.id return view(*view_args, **view_kwargs)
def get(self, **kwargs): """ Returns username if a JWT is found, otherwise reports not authenticated """ username = '******' try: _jwt_required(current_app.config['JWT_DEFAULT_REALM']) username = current_identity.username finally: resp = {'status': 200, 'version': '1.0', 'username': username} return resp, 200
def create_game_session(): try: _jwt_required(None) except: pass identity = None token = None _current_identity = current_identity._get_current_object() if _current_identity is None or _current_identity[0] == 'session': recaptcha_token = request.json.get('recaptcha') if recaptcha_token is None: return make_response(jsonify(ok=False, error='Recaptcha missing'), 400) if not is_human(recaptcha_token): return make_response(jsonify(ok=False, error='Bad recaptcha'), 400) category = _get_random_category() category_id = category.id else: category_id = request.json.get('category_id') if request.json is not None else None user_or_session, identity = _current_identity collection_id = request.json.get('collection_id') if request.json is not None else None cursor = _create_cursor(0, collection_id=collection_id, category_id=category_id) game_session = Session(id=str(uuid4()), game_type='gender', user_id=identity, cursor=cursor) db.session.add(game_session) db.session.commit() db.session.refresh(game_session) if identity is None: iat = datetime.utcnow() token = jwt.encode(dict(sub='session:{}'.format(game_session.id), iat=iat, nbf=iat + timedelta(seconds=5), exp=iat + timedelta(minutes=10) ), JWT_SECRET, algorithm='HS256').decode() return make_response(jsonify(ok=True, session=game_session, token=token), 201)
def filter_by_authentication(self): filter_type = Analysis.type.in_(['public', 'disease']) try: _jwt_required(app.config['JWT_DEFAULT_REALM']) except: pass if not current_identity: return self.filter(filter_type) return self.filter( or_(filter_type, Analysis.user.has(id=current_identity.id)))
def before_get(self, args, kwargs): kwargs['id'] = 1 if 'Authorization' in request.headers: _jwt_required(app.config['JWT_DEFAULT_REALM']) if current_user.is_admin or current_user.is_super_admin: self.schema = SettingSchemaAdmin else: self.schema = SettingSchemaNonAdmin else: self.schema = SettingSchemaPublic
def belongs_to(username): """ Checks a username against the username in the JWT token """ try: _jwt_required(None) if not current_identity['username'] == username: abort(403, 'not allowed') except JWTError as e: abort(403, 'not allowed') return True
def decorator(*args, **kwargs): _jwt_required(realm or current_app.config['JWT_DEFAULT_REALM']) if current_identity.admin: return fn(*args, **kwargs) raise JWTError( 'Authorization Required', 'You are not admin', headers={ 'WWW-Authenticate': 'JWT realm="%s"' %current_app.config['JWT_DEFAULT_REALM'] } )
def query(self, view_kwargs): """ query method for resource list :param view_kwargs: :return: """ if 'Authorization' in request.headers: _jwt_required(current_app.config['JWT_DEFAULT_REALM']) if current_user.is_super_admin or current_user.is_admin: query_ = self.session.query(Ticket) elif view_kwargs.get('event_id') and has_access( 'is_organizer', event_id=view_kwargs['event_id']): query_ = self.session.query(Ticket) else: query_ = self.session.query(Ticket).filter_by(is_hidden=False) else: query_ = self.session.query(Ticket).filter_by(is_hidden=False) if view_kwargs.get('ticket_tag_id'): ticket_tag = safe_query(self, TicketTag, 'id', view_kwargs['ticket_tag_id'], 'ticket_tag_id') query_ = query_.join(ticket_tags_table).filter_by( ticket_tag_id=ticket_tag.id) query_ = event_query(self, query_, view_kwargs) if view_kwargs.get('access_code_id'): access_code = safe_query(self, AccessCode, 'id', view_kwargs['access_code_id'], 'access_code_id') # access_code - ticket :: many-to-many relationship query_ = Ticket.query.filter( Ticket.access_codes.any(id=access_code.id)) if view_kwargs.get('discount_code_id'): discount_code = safe_query(self, DiscountCode, 'id', view_kwargs['discount_code_id'], 'discount_code_id') # discount_code - ticket :: many-to-many relationship query_ = Ticket.query.filter( Ticket.discount_codes.any(id=discount_code.id)) if view_kwargs.get('order_identifier'): order = safe_query(self, Order, 'identifier', view_kwargs['order_identifier'], 'order_identifier') ticket_ids = [] for ticket in order.tickets: ticket_ids.append(ticket.id) query_ = query_.filter(Ticket.id.in_(tuple(ticket_ids))) return query_
def jwt_auth_method(): from flask_jwt import _jwt_required, current_identity from youjiao.extensions import login_manager try: _jwt_required(current_app.config['JWT_DEFAULT_REALM']) # load user to flask_login login_manager.reload_user(user=current_identity) return True except Exception as e: print(e) else: return False
def create_event(view, view_args, view_kwargs, *args, **kwargs): if 'POST' in request.method or 'withRole' in request.args: _jwt_required(app.config['JWT_DEFAULT_REALM']) user = current_identity if user.can_create_event is False: return ForbiddenError({'source': ''}, 'Please verify your email').respond() if 'GET' in request.method and user.is_staff: return view(*view_args, **view_kwargs) view_kwargs['user_id'] = user.id return view(*view_args, **view_kwargs)
def query(self, view_kwargs): """ query method for EventList class :param view_kwargs: :return: """ query_ = self.session.query(Event).filter_by(state='published') if 'Authorization' in request.headers: _jwt_required(current_app.config['JWT_DEFAULT_REALM']) query2 = self.session.query(Event) query2 = query2.join(Event.roles).filter_by(user_id=current_identity.id).join(UsersEventsRoles.role). \ filter(or_(Role.name == COORGANIZER, Role.name == ORGANIZER)) query_ = query_.union(query2) if view_kwargs.get('user_id') and 'GET' in request.method: if not has_access('is_user_itself', user_id=int(view_kwargs['user_id'])): raise ForbiddenException({'source': ''}, 'Access Forbidden') user = safe_query(db, User, 'id', view_kwargs['user_id'], 'user_id') query_ = query_.join(Event.roles).filter_by(user_id=user.id).join(UsersEventsRoles.role). \ filter(Role.name != ATTENDEE) if view_kwargs.get('event_type_id') and 'GET' in request.method: query_ = self.session.query(Event).filter( getattr(Event, 'event_type_id') == view_kwargs['event_type_id']) if view_kwargs.get('event_topic_id') and 'GET' in request.method: query_ = self.session.query(Event).filter( getattr(Event, 'event_topic_id') == view_kwargs['event_topic_id']) if view_kwargs.get('event_sub_topic_id') and 'GET' in request.method: query_ = self.session.query(Event).filter( getattr(Event, 'event_sub_topic_id') == view_kwargs['event_sub_topic_id']) if view_kwargs.get('discount_code_id') and 'GET' in request.method: event_id = get_id(view_kwargs)['id'] if not has_access('is_coorganizer', event_id=event_id): raise ForbiddenException({'source': ''}, 'Coorganizer access is required') query_ = self.session.query(Event).filter( getattr(Event, 'discount_code_id') == view_kwargs['discount_code_id']) return query_
def root(): # check access ip_whitelist = ip_network(current_app.config.get('PROMETHEUS_WHITELIST')) if ip_address(request.remote_addr) not in ip_whitelist: _jwt_required(current_app.config['JWT_DEFAULT_REALM']) registry = CollectorRegistry() multiprocess.MultiProcessCollector(registry) data = generate_latest(registry) response = make_response(data) response.headers['Content-Type'] = CONTENT_TYPE_LATEST response.headers['Content-Length'] = str(len(data)) return response
def api_auth_func(**kw): if g.user.is_authenticated: return True elif _jwt_required(None): return True else: return False
def before_post(self, args, kwargs, data): """ before post method to check for required relationship and proper permission :param args: :param kwargs: :param data: :return: """ require_relationship(['event'], data) if 'Authorization' in request.headers: _jwt_required(app.config['JWT_DEFAULT_REALM']) else: raise ForbiddenException({'source': ''}, 'Only Authorized Users can favourite an event') data['user'] = current_user.id user_favourite_event = UserFavouriteEvent.query.filter_by( user=current_user, event_id=int(data['event'])).first() if user_favourite_event: raise ConflictException({'pointer': '/data/relationships/event'}, "Event already favourited")
def query(self, view_kwargs): """ query method for EventList class :param view_kwargs: :return: """ query_ = self.session.query(Event).filter_by(state='published') if 'Authorization' in request.headers: _jwt_required(current_app.config['JWT_DEFAULT_REALM']) query2 = self.session.query(Event) query2 = query2.join(Event.roles).filter_by(user_id=current_identity.id).join(UsersEventsRoles.role). \ filter(or_(Role.name == COORGANIZER, Role.name == ORGANIZER)) query_ = query_.union(query2) if view_kwargs.get('user_id') and 'GET' in request.method: if not has_access('is_user_itself', id=view_kwargs['user_id']): raise ForbiddenException({'source': ''}, 'Access Forbidden') user = safe_query(db, User, 'id', view_kwargs['user_id'], 'user_id') query_ = query_.join(Event.roles).filter_by(user_id=user.id).join(UsersEventsRoles.role). \ filter(Role.name != ATTENDEE) if view_kwargs.get('event_type_id') and 'GET' in request.method: query_ = self.session.query(Event).filter( getattr(Event, 'event_type_id') == view_kwargs['event_type_id']) if view_kwargs.get('event_topic_id') and 'GET' in request.method: query_ = self.session.query(Event).filter( getattr(Event, 'event_topic_id') == view_kwargs['event_topic_id']) if view_kwargs.get('event_sub_topic_id') and 'GET' in request.method: query_ = self.session.query(Event).filter( getattr(Event, 'event_sub_topic_id') == view_kwargs['event_sub_topic_id']) if view_kwargs.get('discount_code_id') and 'GET' in request.method: event_id = get_id(view_kwargs)['id'] if not has_access('is_coorganizer', event_id=event_id): raise ForbiddenException({'source': ''}, 'Coorganizer access is required') query_ = self.session.query(Event).filter( getattr(Event, 'discount_code_id') == view_kwargs['discount_code_id']) return query_
def query(self, view_kwargs): """ query method for resource list :param view_kwargs: :return: """ if 'Authorization' in request.headers: _jwt_required(current_app.config['JWT_DEFAULT_REALM']) if current_user.is_super_admin or current_user.is_admin: query_ = self.session.query(Ticket) elif view_kwargs.get('event_id') and has_access('is_organizer', event_id=view_kwargs['event_id']): query_ = self.session.query(Ticket) else: query_ = self.session.query(Ticket).filter_by(is_hidden=False) else: query_ = self.session.query(Ticket).filter_by(is_hidden=False) if view_kwargs.get('ticket_tag_id'): ticket_tag = safe_query(self, TicketTag, 'id', view_kwargs['ticket_tag_id'], 'ticket_tag_id') query_ = query_.join(ticket_tags_table).filter_by(ticket_tag_id=ticket_tag.id) query_ = event_query(self, query_, view_kwargs) if view_kwargs.get('access_code_id'): access_code = safe_query(self, AccessCode, 'id', view_kwargs['access_code_id'], 'access_code_id') # access_code - ticket :: many-to-many relationship query_ = Ticket.query.filter(Ticket.access_codes.any(id=access_code.id)) if view_kwargs.get('discount_code_id'): discount_code = safe_query(self, DiscountCode, 'id', view_kwargs['discount_code_id'], 'discount_code_id') # discount_code - ticket :: many-to-many relationship query_ = Ticket.query.filter(Ticket.discount_codes.any(id=discount_code.id)) if view_kwargs.get('order_identifier'): order = safe_query(self, Order, 'identifier', view_kwargs['order_identifier'], 'order_identifier') ticket_ids = [] for ticket in order.tickets: ticket_ids.append(ticket.id) query_ = query_.filter(Ticket.id.in_(tuple(ticket_ids))) return query_
def load_user(user_id): token = Auth.JWT.request_callback() if token: _jwt_required(Auth.APP.config['JWT_DEFAULT_REALM']) return current_identity access_token = json.loads(user_id) if access_token['expires_at'] < time.time(): google = get_google_auth() resp = google.refresh_token(Auth.TOKEN_URI, refresh_token=access_token['refresh_token'], client_secret=Auth.CLIENT_SECRET, client_id=Auth.CLIENT_ID) return User(json.dumps(resp)) google = get_google_auth(token=json.loads(user_id)) resp = google.get(Auth.TOKEN_INFO_URI + urllib.quote_plus( access_token['access_token'])) response_object = resp.json() if 'email' in response_object: user = User(user_id) user.email = response_object['email'] if not Auth.LIMIT_DOMAIN or Auth.LIMIT_DOMAIN in user.email: return User(user_id) return None
def is_coorganizer_endpoint_related_to_event(view, view_args, view_kwargs, *args, **kwargs): """ If the authorization header is present (but expired) and the event being accessed is not published - And the user is related to the event (organizer, co-organizer etc) show a 401 - Else show a 404 :param view: :param view_args: :param view_kwargs: :param args: :param kwargs: :return: """ user = get_identity() if user.is_staff: _jwt_required(app.config['JWT_DEFAULT_REALM']) return view(*view_args, **view_kwargs) if user.is_organizer(kwargs['event_id']) or user.is_coorganizer(kwargs['event_id']): _jwt_required(app.config['JWT_DEFAULT_REALM']) return view(*view_args, **view_kwargs) return ForbiddenError({'source': ''}, 'Co-organizer access is required.').respond()
def decorator(*args, **kwargs): _jwt_required(realm or app.config['JWT_DEFAULT_REALM']) return fn(*args, **kwargs)
def decorator(*args, **kwargs): _jwt_required(realm or app.config['JWT_DEFAULT_REALM']) current_identity.last_accessed_at = datetime.utcnow() save_to_db(current_identity) return fn(*args, **kwargs)
def decorator(*args, **kwargs): _jwt_required(None) if current_identity.is_activated() and current_identity.is_admin: return fn(*args, **kwargs) return abort(403)
def authenticated(self): if self.type in ['private', 'noise']: _jwt_required(app.config['JWT_DEFAULT_REALM']) return self.user_id == current_identity.id return True
def decorator(*args, **kwargs): _jwt_required(realm=None) return f(*args, **kwargs)
def decorator(*args, **kwargs): _jwt_required(realm) return fn(*args, **kwargs)
def optional_jwt(realm=None): try: _jwt_required(realm) except JWTError: _request_ctx_stack.top.current_identity = None
def check_access(self): _jwt_required(current_app.config['JWT_DEFAULT_REALM'])
def handle_unauthorized_response(): from flask_jwt import _jwt_required if request.mimetype == 'application/json': _jwt_required(current_app.config['JWT_DEFAULT_REALM']) else: return current_app.login_manager.unauthorized()
def check_authentication(self): _jwt_required(current_app.config['JWT_DEFAULT_REALM'])