def last():
try:
verify_jwt_in_request()
except NoAuthorizationError:
pass
entries = models.Entry.query.order_by(models.Entry.updated_at.desc()).limit(100)
return render_template('news.html', entries=entries, user=current_user)
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt_claims()
if claims["roles"] != "admin":
return jsonify(msg="Admins only!"), 403
else:
return fn(*args, **kwargs)
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt_claims()
if claims['roles'] != 'Admin':
return {'Not authorized': 'Admins only!'}, 403
else:
return fn(*args, **kwargs)
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt_claims()
if claims['status'] == "False":
return {'status': 'FORBIDDEN', 'message': 'Internal only!'}, 403
else:
return fn(*args, **kwargs)
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt_claims()
if claims['user_type'] != "admin":
return {'user_type': 'FORBIDDEN', 'message': 'Admin only'}, 403
else:
return fn(*args, **kwargs)
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt_identity()
if claims['role_name'] != 'manager':
return 'managers only!', status.HTTP_403_FORBIDDEN
else:
return fn(*args, **kwargs)
def jwt_check(self):
"""Check whether the current request needs to be authenticated using
JWT, and if so, whether it contains a valid JWT access token.
The login name from the access token is stored in the
request_context['AuthUser'] via quering the jwt identity with
get_jwt_identiy for the benefit of `lib.user.getUserFromRequest()`.
"""
method = request.url_rule.endpoint[request.url_rule.endpoint.
rfind(".") + 1:]
if method in self.jwt_exempt_methods:
log.debug("jwt_check: operation is exempt from JWT check")
return None
try:
verify_jwt_in_request()
except (
NoAuthorizationError,
ExpiredSignatureError,
InvalidSignatureError,
CSRFError,
):
log.error("jwt_check: Failed JWT authentication")
response = sendError(None, "Not authenticated")
response.status_code = 401
return response
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt()
if claims['role'] != "Vendor":
return {"message": "Vendors only"}, 403
else:
return fn(*args, **kwargs)
def wrapper(*args, **kwargs):
if refresh:
verify_jwt_refresh_token_in_request()
else:
verify_jwt_in_request()
return func(*args, **kwargs)
def wrapper(*args, **kwargs):
verify_jwt_in_request()
user = get_authenticated_user()
if not any(map(lambda role: role in roles, user['roles'])):
raise AccessDenied()
return func(*args, **kwargs)
def decorator(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt()
if claims["user_role_code"] == ADMIN_EMPLOYEE_CODE:
return fn(*args, **kwargs)
else:
return Response(status=403)
def decorated_function(*args, **kwargs):
verify_jwt_in_request()
user_id = get_jwt_identity()
user = User.query.get(user_id)
main_promoters_ids = kwargs.get('main_promoters_ids')
if main_promoters_ids is None:
event_id = kwargs.get('event_id')
event_promoters = EventPromoter.query.filter(
EventPromoter.event_id == event_id, EventPromoter.status ==
EventPromoter.Status.APPROVED.value,
EventPromoter.role == EventPromoter.Role.MAIN.value).all()
if event_promoters is None:
raise exception
main_promoters_ids = [ep.promoter_id for ep in event_promoters]
max_role = PromoterUser.query.filter(
PromoterUser.user == user,
PromoterUser.promoter_id.in_(main_promoters_ids)).order_by(
PromoterUser.role.desc()).first()
if max_role is not None:
if max_role.role >= required_role:
return fn(*args, **kwargs)
raise exception
def wrapper(*args, **kwargs):
try:
if os.getenv('FLASK_CONFIG') == 'unittest' or os.getenv(
'IGNORE_JWT'):
return fn(*args, **kwargs)
else:
# 1. token校验
verify_jwt_in_request()
# 2. 互斥登录的校验, 在开发环境不希望互斥, 会影响开发进度
# if os.getenv('ENV') != 'dev':
from app import aios_redis
options = {
'ACTIVE_KEY': 'bam:active:{}',
'TOOL_ACTIVE_KEY': 'bam:tool_active:{}'
}
verify_mutex_login(aios_redis, g.user_id, **options)
return fn(*args, **kwargs)
except ExpiredSignatureError as err:
current_app.logger.error(err, exc_info=True)
return res_unauthorized('签名失效!')
except InvalidTokenError as err:
current_app.logger.error(err, exc_info=True)
return res_unauthorized('无效的登录凭据!')
except SQLAlchemyError as err:
current_app.logger.error(err, exc_info=True)
return res_ex_response('连接失败!', original=True)
except UnauthorizedException as err:
current_app.logger.error(err, exc_info=True)
return res_unauthorized(err.args[0])
except Exception as err:
current_app.logger.error(err, exc_info=True)
return res_ex_response('操作失败!', original=True)
def decorator(*args, **kwargs):
verify_jwt_in_request(locations=["headers"])
if get_jwt()['type'] == "confirmEmail":
return fn(*args, **kwargs)
else:
return "Invalid token type", HTTPStatus.FORBIDDEN
def query(self, view_kwargs):
"""
query method for resource list
:param view_kwargs:
:return:
"""
if 'Authorization' in request.headers:
verify_jwt_in_request()
if current_user.is_super_admin or current_user.is_admin:
query_ = self.session.query(Ticket)
elif view_kwargs.get('event_id') and has_access(
'is_organizer', event_id=view_kwargs['event_id']):
query_ = self.session.query(Ticket)
else:
query_ = self.session.query(Ticket).filter_by(is_hidden=False)
else:
query_ = self.session.query(Ticket).filter_by(is_hidden=False)
if view_kwargs.get('ticket_tag_id'):
ticket_tag = safe_query(self, TicketTag, 'id',
view_kwargs['ticket_tag_id'],
'ticket_tag_id')
query_ = query_.join(ticket_tags_table).filter_by(
ticket_tag_id=ticket_tag.id)
query_ = event_query(self, query_, view_kwargs)
if view_kwargs.get('access_code_id'):
access_code = safe_query(self, AccessCode, 'id',
view_kwargs['access_code_id'],
'access_code_id')
# access_code - ticket :: many-to-many relationship
query_ = Ticket.query.filter(
Ticket.access_codes.any(id=access_code.id))
if view_kwargs.get('discount_code_id'):
discount_code = safe_query(
self,
DiscountCode,
'id',
view_kwargs['discount_code_id'],
'discount_code_id',
)
# discount_code - ticket :: many-to-many relationship
query_ = Ticket.query.filter(
Ticket.discount_codes.any(id=discount_code.id))
if view_kwargs.get('order_identifier'):
order = safe_query(
self,
Order,
'identifier',
view_kwargs['order_identifier'],
'order_identifier',
)
ticket_ids = []
for ticket in order.tickets:
ticket_ids.append(ticket.id)
query_ = query_.filter(Ticket.id.in_(tuple(ticket_ids)))
return query_
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt()
if claims['role'] != "Admin":
return {"message": "Only Admin has this right !!"}, 403
else:
return fn(*args, **kwargs)
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt_claims()
if claims['roles'] == 'admin':
return fn(*args, **kwargs)
else:
return make_response(jsonify(mensagem='não permitido'), 403)
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt_claims()
if claims.get('role') != ROLE_ADMIN:
raise NoAuthorizationError("User not Autohrized")
else:
return func(*args, **kwargs)
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt_claims()
if claims['role'] > 0:
abort(403, "You are not allowed to view this resource")
else:
return fn(*args, **kwargs)
def decorator(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt()
if not claims["is_student"]:
return fn(*args, **kwargs)
else:
return {"msg": "Professors only!"}, 403
def logout_user():
auth_token = get_auth_token(request)
if auth_token:
verify_jwt_in_request()
# check if user already exists
existing_blacklisted_token = BlacklistToken.query.filter_by(
token=auth_token).first()
if existing_blacklisted_token:
# insert the token
return jsonify({
'status': 'success',
}), 201
try:
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=auth_token)
# insert the token
db.session.add(blacklist_token)
db.session.commit()
return jsonify({
'status': 'success',
}), 200
except Exception as e:
return errors.server_error(e)
else:
return errors.forbidden('Provide a valid auth token.')
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt_claims()
if 'admin' not in claims['roles']:
return {'message': 'Not authorized!'}, 403
else:
return fn(*args, **kwargs)
def decorated_function(*args, **kwargs):
verify_jwt_in_request()
if not current_user.subscription:
msg = 'You need an active subscription to access this resource.'
response = {'error': msg}
return jsonify(response), 403
return fn(*args, **kwargs)
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt_claims()
if claims['roles'] not in ['Admin', 'Contributor']:
return {'Not authorized': 'Admins or Contributors only!'}, 403
else:
return fn(*args, **kwargs)
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt()
if claims['role'] == 'admin':
return fn(*args, **kwargs)
else:
return 'Only admins can access', 403
def is_coorganizer_endpoint_related_to_event(view, view_args, view_kwargs,
*args, **kwargs):
"""
If the authorization header is present (but expired)
and the eventbeing accessed is not published
- And the user is related to the event (organizer, co-organizer etc) show a 401
- Else show a 404
:param view:
:param view_args:
:param view_kwargs:
:param args:
:param kwargs:
:return:
"""
user = get_identity()
if user.is_staff:
verify_jwt_in_request()
return view(*view_args, **view_kwargs)
if user.has_event_access(kwargs['event_id']):
verify_jwt_in_request()
return view(*view_args, **view_kwargs)
raise ForbiddenError({'source': ''}, 'Co-organizer access is required.')
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt_claims()
if claims['type'] != 'seller':
return {'status':'FORBIDDEN'}, 403, {'Content-Type': 'application/json'}
else:
return fn(*args, **kwargs)
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt_claims()
if claims['roles'] != 'admin':
return jsonify(msg='Admins only!'), 403
else:
return fn(*args, **kwargs)
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt()
if claims["role"] == "Admin":
return fn(*args, **kwargs)
elif claims['role'] == "Vendor":
return fn(*args, **kwargs)
def decorator(*args, **kwargs):
verify_jwt_in_request(optional)
if get_jwt()['type'] == "access":
return fn(*args, **kwargs)
else:
return "Invalid token type", HTTPStatus.FORBIDDEN
def wraps(self, *args, **kwargs):
# Apply method permission name override if exists
permission_str = "{}{}".format(PERMISSION_PREFIX, f._permission_name)
if self.method_permission_name:
_permission_name = self.method_permission_name.get(f.__name__)
if _permission_name:
permission_str = "{}{}".format(PERMISSION_PREFIX, _permission_name)
class_permission_name = self.class_permission_name
if permission_str not in self.base_permissions:
return self.response_401()
if current_app.appbuilder.sm.is_item_public(
permission_str,
class_permission_name
):
return f(self, *args, **kwargs)
if not (self.allow_browser_login or allow_browser_login):
verify_jwt_in_request()
if current_app.appbuilder.sm.has_access(
permission_str,
class_permission_name
):
return f(self, *args, **kwargs)
elif self.allow_browser_login or allow_browser_login:
if not current_user.is_authenticated:
verify_jwt_in_request()
if current_app.appbuilder.sm.has_access(
permission_str,
class_permission_name
):
return f(self, *args, **kwargs)
log.warning(
LOGMSG_ERR_SEC_ACCESS_DENIED.format(
permission_str,
class_permission_name
)
)
return self.response_401()
