def get_user(cookies):
if 'auth_token' not in cookies:
return None
username = unsign_auth_token(cookies['auth_token'])
url = '%s/api/%s/users/%s' % (USERS_URL, USERS_VERSION, username)
r = requests.get(url, cookies=cookies)
return r.json()
def is_super_admin(cookies=None):
if cookies:
if 'auth_token' in cookies:
username = unsign_auth_token(cookies['auth_token'])
super_user_name = os.environ["AUTH_ADMIN_USER_ID"]
if username == super_user_name:
return True
return False
def get_user_id_for_user(cookies=None):
if cookies:
if cookies['auth_token']:
username = unsign_auth_token(cookies['auth_token'])
super_user_name = os.environ["AUTH_ADMIN_USER_ID"]
if username != super_user_name:
return username
return None
def verify_user_role(self, role):
auth_token = request.cookies.get("auth_token", None)
if auth_token is None:
return False
username = unsign_auth_token(auth_token)
try:
user = repo.get_user_by_id(username, request.cookies)
return repo.has_role(user, role)
except Exception:
return False
def get_user(cookies):
if 'auth_token' not in cookies:
current_app.logger.info('auth_token not found in cookies')
return None
auth_token = cookies['auth_token']
username = unsign_auth_token(auth_token)
if username is None:
current_app.logger.info(('auth_token could not be '
'unsigned: auth_token=%s'), auth_token)
return None
url = '%s/api/%s/users/%s' % (USERS_URL, USERS_VERSION, username)
r = requests.get(url, cookies=cookies)
return r.json()
def http_request_logger(app, appName, request):
"""
:param app: the instance of the flask app for the application where logging is to be done
:param appName: the custom name of the app that is doing the logging to easily identify it in the log if it shares
log file with other apps
:param request: the Flask request
"""
try:
request_data = ''
user_info = None
g.response_sent = False
if request.method != 'GET':
if len(request.files) > 0:
for key, value in request.files.iteritems():
request_data += " File: " + str(key) + ":" + str(value) + "|"
if len(request.form) > 0:
for key, value in request.form.iteritems():
request_data += " " + str(key) + ":" + str(value) + "|"
if len(request.args) > 0:
for key, value in request.args.iteritems():
request_data += " " + str(key) + ":" + str(value) + "|"
if request.json:
request_data += str(json.dumps(request.json))
if request.cookies:
if 'auth_token' in request.cookies:
user_info = " " + str(unsign_auth_token(request.cookies['auth_token']))
if not user_info:
user_info = "ANONYMOUS USER"
g.uuid = uuid.uuid4()
app.http_logger.debug("%s HTTP_AUDIT:REQUEST %s %s %s %s %s" % (appName, g.uuid, user_info, request.method,
request.url, request_data))
except Exception as e:
# Avoid that we get exception in request due to logging, and that it breaks the web app
try:
app.http_logger.exception("%s HTTP_AUDIT:REQUEST LOG ERROR. An exception occured when attempting to log request." %
appName)
except Exception:
pass
def revoke_credential_from_user(self, credential_id, user_id):
# do not allow to revoke oneself!
auth_token = request.cookies.get('auth_token', None)
if auth_token is None:
abort(400, __error__=["Missing parameters or body."])
current_user_id = unsign_auth_token(auth_token)
if current_user_id == user_id:
abort(403, __error__=["Cannot revoke credentials for oneself."])
user = UserResource.find_by_id(user_id)
credential = self.find_by_id(credential_id)
user.credentials.remove(credential)
current_app.db_session.commit()
return credential
def create_ws_sak(application, resource):
username = unsign_auth_token(request.cookies['auth_token'])
return WSSak(resource_name=resource['name'], saksansvarlig=username)
def get_user_id_from_request(self):
if "auth_token" in request.cookies:
return unsign_auth_token(request.cookies["auth_token"])
if request.authorization:
return request.authorization.username
return None
def get_user_id_from_cookies(cookies):
if 'auth_token' not in cookies:
return None
return unsign_auth_token(cookies['auth_token'])
