async def get_current_active_superuser(
current_user: UserInDB = Security(get_current_user)):
db = get_default_db()
if not db.user.is_superuser(current_user):
raise HTTPException(status_code=HTTP_403_FORBIDDEN,
detail="The user doesn't have enough privileges")
return current_user
async def get_current_active_user(current_user: UserInDB = Security(
get_current_user, scopes=["me"])):
db = get_default_db()
if not db.user.is_active(current_user):
raise HTTPException(status_code=HTTP_403_FORBIDDEN,
detail="Inactive user")
return current_user
async def login_for_access_token(
form_data: OAuth2PasswordRequestForm = Depends()):
"""
OAuth2 compatible token login, get an access token for future requests.
"""
db = get_default_db()
user = db.user.authenticate(username=form_data.username,
password=form_data.password)
if not user:
raise HTTPException(status_code=HTTP_401_UNAUTHORIZED,
detail="Incorrect email or password")
elif not db.user.is_active(user):
raise HTTPException(status_code=HTTP_401_UNAUTHORIZED,
detail="Inactive user")
access_token_expires = timedelta(
minutes=int(config['JWT']['ACCESS_TOKEN_EXPIRE_MINUTES']))
return {
"access_token":
create_access_token(data={
"sub": f"username:{user.username}",
"scopes": form_data.scopes
},
expires_delta=access_token_expires),
"token_type":
"bearer",
}
def recover_password(username: str):
"""
Password Recovery.
"""
db = get_default_db()
user = db.user.get(username=username)
if not user:
raise HTTPException(
status_code=HTTP_404_NOT_FOUND,
detail="The user with this username does not exist in the system.",
)
password_reset_token = generate_password_reset_token(username=username)
send_reset_password_email(email_to=user.email,
username=username,
token=password_reset_token)
return {"msg": "Password recovery email sent"}
def reset_password(token: str = Body(...), new_password: str = Body(...)):
"""
Reset password.
"""
username = verify_password_reset_token(token)
if not username:
raise HTTPException(status_code=HTTP_401_UNAUTHORIZED,
detail="Invalid token")
db = get_default_db()
user = db.user.get(username=username)
if not user:
raise HTTPException(
status_code=HTTP_404_NOT_FOUND,
detail="The user with this username does not exist in the system.",
)
elif not db.user.is_active(user):
raise HTTPException(status_code=HTTP_401_UNAUTHORIZED,
detail="Inactive user")
user_in = UserUpdate(username=username, hashed_password=new_password)
user = db.user.update(username=username, userIn=user_in)
return {"msg": "Password updated successfully"}
async def get_current_user(security_scopes: SecurityScopes,
token: str = Security(reusable_oauth2)):
if security_scopes.scopes:
authenticate_value = f'Bearer scope="{security_scopes.scope_str}"'
else:
authenticate_value = f"Bearer"
credentials_exception = HTTPException(
status_code=HTTP_401_UNAUTHORIZED,
detail="Could not validate credentials",
headers={"WWW-Authenticate": authenticate_value})
scope_exception = HTTPException(
status_code=HTTP_401_UNAUTHORIZED,
detail="Not enough permissions",
headers={"WWW-Authenticate": authenticate_value})
try:
payload = jwt.decode(token,
config['JWT']['SECRET_KEY'],
algorithms=[config['JWT']['ALGORITHM']])
token_data = TokenPayload(**payload)
username = token_data.sub.split(':')[1]
if username is None:
raise credentials_exception
except PyJWTError:
raise credentials_exception
db = get_default_db()
user = db.user.get(username=username)
if not user:
raise credentials_exception
for scope in security_scopes.scopes:
if scope not in token_data.scopes:
raise scope_exception
return user