def post(self):
"""
Attempts to log in to the OECI web site using the provided username
and password if successful, encrypt those credentials and return them
in a cookie. If the credentials
"""
data = request.get_json()
if data is None:
error(400, "No json data in request body")
check_data_fields(data, ["oeci_username", "oeci_password"])
credentials = {"oeci_username": data["oeci_username"], "oeci_password": data["oeci_password"]}
crawler_session = requests.Session()
try:
Crawler.attempt_login(crawler_session, credentials["oeci_username"], credentials["oeci_password"])
except InvalidOECIUsernamePassword as e:
error(401, str(e))
except OECIUnavailable as e:
error(404, str(e))
finally:
crawler_session.close()
cipher = DataCipher(key=current_app.config.get("SECRET_KEY"))
encrypted_credentials = cipher.encrypt(credentials)
response = make_response()
# TODO: We will need an OECILogout endpoint to remove httponly=true cookies from frontend
response.set_cookie(
"oeci_token",
secure=os.getenv("TIER") == "production",
httponly=False,
samesite="strict",
expires=time.time() + 2 * 60 * 60, # type: ignore # 2 hour lifetime
value=encrypted_credentials,
)
return response, 201
def build_search_results(
username: str, password: str, aliases: Tuple[Alias, ...],
search_cache: LRUCache) -> Tuple[List[OeciCase], List[str]]:
errors = []
search_results: List[OeciCase] = []
alias_match = search_cache[aliases]
if alias_match:
return alias_match
else:
for alias in aliases:
session = requests.Session()
try:
login_response = Crawler.attempt_login(
session, username, password)
alias_search_result = Crawler.search(
session,
login_response,
alias.first_name,
alias.last_name,
alias.middle_name,
alias.birth_date,
)
search_results += alias_search_result
except InvalidOECIUsernamePassword as e:
error(401, str(e))
except OECIUnavailable as e:
error(404, str(e))
except Exception as e:
errors.append(str(e))
finally:
session.close()
if not errors:
search_cache[aliases] = search_results, errors
return search_results, errors