async def get_current_active_superuser( current_user: UserInDB = Security(get_current_user)): db = get_default_db() if not db.user.is_superuser(current_user): raise HTTPException(status_code=HTTP_403_FORBIDDEN, detail="The user doesn't have enough privileges") return current_user
async def get_current_active_user(current_user: UserInDB = Security( get_current_user, scopes=["me"])): db = get_default_db() if not db.user.is_active(current_user): raise HTTPException(status_code=HTTP_403_FORBIDDEN, detail="Inactive user") return current_user
async def login_for_access_token( form_data: OAuth2PasswordRequestForm = Depends()): """ OAuth2 compatible token login, get an access token for future requests. """ db = get_default_db() user = db.user.authenticate(username=form_data.username, password=form_data.password) if not user: raise HTTPException(status_code=HTTP_401_UNAUTHORIZED, detail="Incorrect email or password") elif not db.user.is_active(user): raise HTTPException(status_code=HTTP_401_UNAUTHORIZED, detail="Inactive user") access_token_expires = timedelta( minutes=int(config['JWT']['ACCESS_TOKEN_EXPIRE_MINUTES'])) return { "access_token": create_access_token(data={ "sub": f"username:{user.username}", "scopes": form_data.scopes }, expires_delta=access_token_expires), "token_type": "bearer", }
def recover_password(username: str): """ Password Recovery. """ db = get_default_db() user = db.user.get(username=username) if not user: raise HTTPException( status_code=HTTP_404_NOT_FOUND, detail="The user with this username does not exist in the system.", ) password_reset_token = generate_password_reset_token(username=username) send_reset_password_email(email_to=user.email, username=username, token=password_reset_token) return {"msg": "Password recovery email sent"}
def reset_password(token: str = Body(...), new_password: str = Body(...)): """ Reset password. """ username = verify_password_reset_token(token) if not username: raise HTTPException(status_code=HTTP_401_UNAUTHORIZED, detail="Invalid token") db = get_default_db() user = db.user.get(username=username) if not user: raise HTTPException( status_code=HTTP_404_NOT_FOUND, detail="The user with this username does not exist in the system.", ) elif not db.user.is_active(user): raise HTTPException(status_code=HTTP_401_UNAUTHORIZED, detail="Inactive user") user_in = UserUpdate(username=username, hashed_password=new_password) user = db.user.update(username=username, userIn=user_in) return {"msg": "Password updated successfully"}
async def get_current_user(security_scopes: SecurityScopes, token: str = Security(reusable_oauth2)): if security_scopes.scopes: authenticate_value = f'Bearer scope="{security_scopes.scope_str}"' else: authenticate_value = f"Bearer" credentials_exception = HTTPException( status_code=HTTP_401_UNAUTHORIZED, detail="Could not validate credentials", headers={"WWW-Authenticate": authenticate_value}) scope_exception = HTTPException( status_code=HTTP_401_UNAUTHORIZED, detail="Not enough permissions", headers={"WWW-Authenticate": authenticate_value}) try: payload = jwt.decode(token, config['JWT']['SECRET_KEY'], algorithms=[config['JWT']['ALGORITHM']]) token_data = TokenPayload(**payload) username = token_data.sub.split(':')[1] if username is None: raise credentials_exception except PyJWTError: raise credentials_exception db = get_default_db() user = db.user.get(username=username) if not user: raise credentials_exception for scope in security_scopes.scopes: if scope not in token_data.scopes: raise scope_exception return user