コード例 #1
0
def get_user(request):
    """Lookup a user session"""
    profile = {}

    sess_id = request.cookies.get("session_id")
    if sess_id is not None:
        s = sessionsmanager.get_session(sess_id=sess_id)
        if s is None:
            raise HTTP_401("invalid session")
        u = usersmanager.search_user(login=s["login"])
        if u is None:
            raise HTTP_401("unknown user")

        (login, details) = list(u.items())[0]
        profile["login"] = login
        profile["role"] = details["role"]
        return profile
            
    auth = request.get_header(name="Authorization", default=None)
    if auth is None:
        raise HTTP_401("authorization header not detected")
        
    auth_result, u = sessionsmanager.do_basic_auth(auth=auth)
    if not auth_result:
        raise HTTP_401("authentification failed")

    (login, details) = list(u.items())[0]
    profile["login"] = login
    profile["role"] = details["role"]
    return profile
コード例 #2
0
    def before(self):
        if self.request.method == 'OPTIONS':
            return

        user = None
        token = self._parse_auth_header()
        if token:
            try:
                payload = jwt_auth.decode_token(token, self.audience)
                user_id = payload.get('id')

                user = rpc_call('get_vk_user', user_id)

                if not user:
                    raise HTTP_403("Access denied")
            except jwt_auth.DecodeError as e:
                self.logger.warning(e)
                raise HTTP_401("Unable to parse authentication token")
            except jwt_auth.ExpiredSignatureError:
                if 'guest' not in self.audience:
                    raise HTTP_401("Expired token")
            except jwt_auth.InvalidAudienceError:
                raise HTTP_403("Incorrect claims")
            except Exception as e:
                self.logger.exception(e)
                raise HTTP_500("Unable to parse authentication token")
        elif 'guest' not in self.audience:
            raise HTTP_403("Access denied")

        self.user = user or {}
コード例 #3
0
 def post(self):
     """ POST /user/get """
     username = api.UserSession(self.request)
     if not username: raise HTTP_401("I can't let you do that")
     try:
         data = api.UserGet(username)
     except:
         l.log_exception('api_ws.UserGet')
     if 'error' in data.keys(): raise HTTP_401(data['error'])
     self.response.set_header('Access-Control-Allow-Origin', '*')
     return data
コード例 #4
0
    def post(self):
        """create session"""
        # checking query request 
        login = self.request.data.get("login")
        if login is None:
            raise HTTP_400("login is expected")
        
        password = self.request.data.get("password")
        if password is None:
            raise HTTP_400("password is expected")
        
        # check user access
        auth_ret, u, sess_id = sessionsmanager.do_session_auth(login=login,
                                                               password=password)
        if not auth_ret:
            raise HTTP_401("authentification failed")

        # set sessionid on cookie
        self.response.set_cookie(key="session_id", value=sess_id,
                                 expires='', path='/', domain="")

        _rsp = {
            "cmd": self.request.path,
            "message": "Logged in",
            "session_id": sess_id,
            "expires": settings.cfg["session"]["max-expiry-age"],
            "role": u[login]["role"],
            "api_login": login,
            "api_secret": u[login]['secrets']["basic"]
        }
        return _rsp
コード例 #5
0
 def wrapped(*args, **kwargs):
     check_time(database)
     database.logs("connect in " + args[0].request.path + " from " + args[0].request.ip)
     if check_head_token(args[0].request) == False:
         database.logs("try to connect from " + args[0].request.ip + " with bad token")
         raise HTTP_401("bad token")
     return f(*args, **kwargs)
コード例 #6
0
 def post(self):
     """ POST /user/setnewpassword """
     username = api.UserSession(self.request)
     if not username: raise HTTP_401("I can't let you do that")
     old_password = self.request.data.get('old_password')
     new_password = self.request.data.get('new_password')
     if not old_password or not new_password:
         raise HTTP_400(
             'Yo dawg, you need to provide a old_password and a new_password'
         )
     try:
         data = api.UserSetNewPassword(username, old_password, new_password)
     except:
         l.log_exception('api_ws.UserSetNewPassword')
     if 'error' in data.keys(): raise HTTP_401(data['error'])
     self.response.set_header('Access-Control-Allow-Origin', '*')
     return data
コード例 #7
0
 def post(self):
     """ POST /user/logout """
     username = api.UserSession(self.request)
     if not username: raise HTTP_401("I can't let you do that")
     sessionId = self.request.cookies.get('session_id')
     try:
         data = api.UserLogout(username, sessionId)
     except:
         l.log_exception('api_ws.UserLogout')
     self.response.set_header('Access-Control-Allow-Origin', '*')
     return data
コード例 #8
0
def _get_user(request):
    """
    Lookup a user session or return None if one doesn't exist
    """
    sess_id = request.cookies.get("session_id")
    if sess_id is None:
        # new in v17, checking authorization header
        authorization = request.get_header(name="Authorization", default=None)
        if authorization is not None:
            userP = Context.instance().apiBasicAuthorization(authorization=authorization)
            if userP is None:
                raise HTTP_401("Invalid credentials")
            else:
                return userP
        else:
            raise HTTP_401("Authorization header not detected")
        # end of new
    else:
        if sess_id in Context.instance().getSessions():
            return Context.instance().getSessions()[sess_id]
        else:
            raise HTTP_401("Invalid session")
コード例 #9
0
ファイル: cookies.py プロジェクト: pombredanne/pycnic
    def post(self):

        username = self.request.data.get("username")
        password = self.request.data.get("password")

        if not username or not password:
            raise HTTP_400("Username and password are required")

        if username != "foo" or password != "foo":
            raise HTTP_401("Username or password are incorrect")

        # Set a session ID for lookup in a DB or memcache
        self.response.set_cookie("session_id", "1234567890abcdefg")
        return {"message": "Logged in"}
コード例 #10
0
 def post(self):
     """ POST /user/setpassword """
     username = self.request.data.get('username')
     password = self.request.data.get('password')
     if not username or not password:
         raise HTTP_400(
             'Yo dawg, you need to provide a username and password')
     try:
         data = api.UserSetPassword(username, password)
     except:
         l.log_exception('api_ws.UserSetPassword')
     if 'error' in data.keys(): raise HTTP_401(data['error'])
     self.response.set_header('Access-Control-Allow-Origin', '*')
     self.response.set_cookie("session_id", api.UserSetSession(username))
     return data
コード例 #11
0
 def post(self):
     """ POST /user/login """
     username = self.request.data.get('username')
     password = self.request.data.get('password')
     code2fa = self.request.data.get('code2fa') if c.cfg['2fa'] else None
     if not username or not password:
         raise HTTP_400(
             'Yo dawg, you need to provide a username and password')
     if c.cfg['2fa'] and not code2fa:
         raise HTTP_400('Yo dawg, you need to provide a code2fa')
     try:
         data = api.UserLogin(username, password, code2fa)
     except:
         l.log_exception('api_ws.UserCheckPassword')
     if 'error' in data.keys(): raise HTTP_401(data['error'])
     self.response.set_header('Access-Control-Allow-Origin', '*')
     self.response.set_cookie("session_id", api.UserSetSession(username))
     return data
コード例 #12
0
    def post(self):

        username = self.request.data.get("username")
        password = self.request.data.get("password")
        
        if not username or not password:
            raise HTTP_400("Please specify username and password")

        # See if a user exists with those params
        user = db.query(User).filter(
            User.username==username, 
            User.password==password).first()
        if not user:
            raise HTTP_401("Invalid username or password")
       
        # Create a new session 
        sess = UserSession(
            user_id=user.id)
        db.add(sess)
        self.response.set_cookie("session_id", sess.session_id) 
        return { "message":"Logged in", "session_id":sess.session_id }
コード例 #13
0
 def wrapped(*args, **kwargs):
     if not is_logged_in(args[0].request):
         raise HTTP_401("You must be logged in to do this.")
     if not is_admin(args[0].request):
         raise HTTP_403("You must be an admin to do this.")
     return f(*args, **kwargs)
コード例 #14
0
 def wrapped(*args, **kwargs):
     if not get_user(args[0].request):
         raise HTTP_401("I can't let you do that")
     return f(*args, **kwargs)
コード例 #15
0
 def wrapped(*args, **kwargs):
     if get_user_role(args[0].request) not in roles:
         raise HTTP_401("I can't let you do that")
     return f(*args, **kwargs)