コード例 #1
0
def kf_authenticate_simple_refrush():
    if request.is_json:
        data = request.json
        Can = False
        AccessToken = data.get('accessToken')
        ClientToken = data.get("clientToken", str(
            uuid.uuid4()).replace("-", ""))
        IReturn = {}
        if 'clientToken' in data:
            OldToken = Token.gettoken_strict(
                AccessToken, data.get("clientToken"))
        else:
            OldToken = Token.gettoken_strict(AccessToken)
        if not OldToken:
            raise Exceptions.InvalidToken()

        if int(time.time()) >= OldToken.get("createTime") + (config.TokenTime.RefrushTime * config.TokenTime.TimeRange):
            raise Exceptions.InvalidToken()
        NewAccessToken = str(uuid.uuid4()).replace('-', '')
        cache_token.set(".".join(["token", NewAccessToken]), {
            "clientToken": OldToken.get('clientToken'),
            "bind": "",
            "user": OldToken.get("user"),
            "createTime": int(time.time())
        }, ttl=config.TokenTime.RefrushTime * config.TokenTime.TimeRange)
        cache_token.delete(".".join(["token", AccessToken]))
        IReturn['accessToken'] = NewAccessToken
        IReturn['clientToken'] = OldToken.get('clientToken')
        return Response(json.dumps(IReturn), mimetype='application/json; charset=utf-8')
コード例 #2
0
def group_invalidate(group_id):
    group.get_group(group_id)
    if request.is_json:
        data = request.json
        AccessToken = data['accessToken']
        ClientToken = data.get("clientToken")

        result = Token.gettoken(AccessToken, ClientToken)
        if result:
            group.token_is_group(result, group_id)
            model.log_yggdrasil(operational="authserver.invalidate",
                                user=result.get("user"),
                                otherargs=json.dumps(
                                    {"clientToken": data.get("clientToken")}),
                                IP=request.remote_addr,
                                time=datetime.datetime.now()).save()
            cache_token.delete(AccessToken)
        else:
            model.log_yggdrasil(operational="authserver.invalidate",
                                otherargs=json.dumps(
                                    {"clientToken": data.get("clientToken")}),
                                IP=request.remote_addr,
                                time=datetime.datetime.now(),
                                successful=False).save()
            if ClientToken:
                raise Exceptions.InvalidToken()
        #User = model.user.get(email=result.email)
        '''if User.permission == 0:
            return Response(simplejson.dumps({
                'error' : "ForbiddenOperationException",
                'errorMessage' : "You have been banned by the administrator, please contact the administrator for help"
            }), status=403, mimetype='application/json; charset=utf-8')'''
        return Response(status=204)
コード例 #3
0
def group_signout(group_id):
    group.get_group(group_id)
    if request.is_json:
        data = request.json
        email = data['username']
        passwd = data['password']
        result = model.getuser(email)
        if not result:
            model.log_yggdrasil(operational="authserver.signout",
                                IP=request.remote_addr,
                                time=datetime.datetime.now(),
                                successful=False).save()
            raise Exceptions.InvalidCredentials()
        else:
            group.get_member(result, group_id)
            '''if result.permission == 0:
                return Response(json.dumps({
                    'error' : "ForbiddenOperationException",
                    'errorMessage' : "Invalid credentials. Invalid username or password."
                }), status=403, mimetype='application/json; charset=utf-8')'''
            if not cache_limit.get(".".join(['lock', result.email])):
                cache_limit.set(".".join(['lock', result.email]),
                                "LOCKED",
                                ttl=config.AuthLimit)
            else:
                raise Exceptions.InvalidCredentials()
            if password.crypt(passwd,
                              salt=result.passwordsalt) == result.password:
                Token_result = Token.getalltoken(result)
                if Token_result:
                    for i in Token_result:
                        if i.get("group") == group_id:
                            cache_token.delete(i)
                model.log_yggdrasil(operational="authserver.signout",
                                    user=result.uuid,
                                    IP=request.remote_addr,
                                    time=datetime.datetime.now()).save()
                return Response(status=204)
            else:
                model.log_yggdrasil(operational="authserver.signout",
                                    user=result.uuid,
                                    IP=request.remote_addr,
                                    time=datetime.datetime.now(),
                                    successful=False).save()
                raise Exceptions.InvalidCredentials()
コード例 #4
0
def kf_invalidate():
    if request.is_json:
        data = request.json
        AccessToken = data['accessToken']
        ClientToken = data.get("clientToken")

        result = Token.gettoken(AccessToken, ClientToken)
        if result:
            cache_token.delete(".".join(['token', AccessToken]))
        else:
            if ClientToken:
                raise Exceptions.InvalidToken()
        #User = model.user.get(email=result.email)
        '''if User.permission == 0:
            return Response(simplejson.dumps({
                'error' : "ForbiddenOperationException",
                'errorMessage' : "You have been banned by the administrator, please contact the administrator for help"
            }), status=403, mimetype='application/json; charset=utf-8')'''
        return Response(status=204)
コード例 #5
0
def group_refresh(group_id):
    group.get_group(group_id)
    if request.is_json:
        data = request.json
        Can = False
        AccessToken = data.get('accessToken')
        ClientToken = data.get("clientToken",
                               str(uuid.uuid4()).replace("-", ""))
        IReturn = {}
        if 'clientToken' in data:
            OldToken = Token.gettoken_strict(AccessToken,
                                             data.get("clientToken"))
        else:
            OldToken = Token.gettoken_strict(AccessToken)
        if not OldToken:
            raise Exceptions.InvalidToken()
        group.token_is_group(OldToken, group_id)

        if int(time.time()) >= OldToken.get("createTime") + (
                config.TokenTime.RefrushTime * config.TokenTime.TimeRange):
            model.log_yggdrasil(operational="authserver.refrush",
                                user=OldToken.get("user"),
                                otherargs=json.dumps(
                                    {"clientToken": data.get("clientToken")}),
                                IP=request.remote_addr,
                                time=datetime.datetime.now(),
                                successful=False).save()
            raise Exceptions.InvalidToken()
        User = model.getuser_uuid(OldToken.get("user"))
        group.get_member(group_id, User.uuid)
        TokenSelected = OldToken.get("bind")
        if TokenSelected:
            TokenProfile = model.getprofile_uuid(TokenSelected).get()
        else:
            TokenProfile = {}
        if 'selectedProfile' in data:
            PostProfile = data['selectedProfile']
            needuser = model.getprofile_id_name(PostProfile['id'],
                                                PostProfile['name'])
            if not needuser:  # 验证客户端提供的角色信息
                raise Exceptions.IllegalArgumentException()
                # 角色不存在.
            else:
                needuser = needuser.get()
                # 验证完毕,有该角色.
                if OldToken.get('bind'):  # 如果令牌本来就绑定了角色
                    model.log_yggdrasil(operational="authserver.refrush",
                                        user=User.uuid,
                                        otherargs=json.dumps({
                                            "clientToken":
                                            data.get("clientToken")
                                        }),
                                        IP=request.remote_addr,
                                        time=datetime.datetime.now(),
                                        successful=False).save()
                    error = {
                        'error':
                        'IllegalArgumentException',
                        'errorMessage':
                        "Access token already has a profile assigned."
                    }
                    return Response(json.dumps(error),
                                    status=400,
                                    mimetype='application/json; charset=utf-8')
                if needuser.createby != OldToken.get("user"):  # 如果角色不属于用户
                    model.log_yggdrasil(operational="authserver.refrush",
                                        user=User.uuid,
                                        otherargs=json.dumps({
                                            "clientToken":
                                            data.get("clientToken")
                                        }),
                                        IP=request.remote_addr,
                                        time=datetime.datetime.now(),
                                        successful=False).save()
                    error = {
                        'error':
                        "ForbiddenOperationException",
                        'errorMessage':
                        "Attempting to bind a token to a role that does not belong to its corresponding user."
                    }
                    return Response(json.dumps(error),
                                    status=403,
                                    mimetype='application/json; charset=utf-8')
                TokenSelected = model.findprofilebyid(PostProfile['id']).uuid
                IReturn['selectedProfile'] = model.format_profile(
                    model.findprofilebyid(PostProfile['id']), unsigned=True)
                Can = True

        NewAccessToken = str(uuid.uuid4()).replace('-', '')
        cache_token.set(NewAccessToken, {
            "clientToken": OldToken.get('clientToken'),
            "bind": TokenSelected,
            "user": OldToken.get("user"),
            "group": group_id,
            "createTime": int(time.time())
        },
                        ttl=config.TokenTime.RefrushTime *
                        config.TokenTime.TimeRange)

        cache_token.delete(AccessToken)
        IReturn['accessToken'] = NewAccessToken
        IReturn['clientToken'] = OldToken.get('clientToken')
        if TokenProfile and not Can:
            IReturn['selectedProfile'] = model.format_profile(TokenProfile,
                                                              unsigned=True)
        if 'requestUser' in data:
            if data['requestUser']:
                IReturn['user'] = model.format_user(User)

        User.last_login = datetime.datetime.now()
        model.log_yggdrasil(operational="authserver.refrush",
                            user=User.uuid,
                            otherargs=json.dumps(
                                {"clientToken": data.get("clientToken")}),
                            IP=request.remote_addr,
                            time=datetime.datetime.now()).save()

        return Response(json.dumps(IReturn),
                        mimetype='application/json; charset=utf-8')