def auth_required(req, res, resource=None, params=None):
token = req.auth
redixdb = req.context['redixdb']
if redixdb.__contains__(token, 'id'):
time_token = decrypt_token(token)
user_auth = verify_timed_token(time_token)
if user_auth:
return user_auth
else:
raise UnauthorizedError("auth required")
else:
raise UnauthorizedError("auth required")
def is_admin(req, res, resources):
session = req.context['session']
print "session :", session
print req, "is req *******"
roles = json.loads(session.get("user_roles"))
if not "admin" in roles:
raise UnauthorizedError("Restricted access")
def process_request(self, req, res):
prefetch_token = req.get_header('ACCESS-CONTROL-REQUEST-METHOD')
if prefetch_token:
res.complete = True
return True
if req.path == "/" or req.path == "/v1/didtx/create" or req.path == "/v2/didtx/create":
return True
token = req.get_header('Authorization')
if token is None:
description = 'Please provide an auth token as part of the request'
raise UnauthorizedError(description)
if not self._token_is_valid(token):
description = 'The provided auth token is not valid'
raise UnauthorizedError(description)
def process_request(self, req, res, resource=None):
LOG.debug("Authorization: %s", req.auth)
if req.auth is not None:
token = decrypt_token(req.auth)
if token is None:
raise UnauthorizedError("Invalid auth token: %s" % req.auth)
else:
req.context["auth_user"] = token.decode("utf-8")
else:
req.context["auth_user"] = None
def process_request(self, req, res):
LOG.debug("Authorization: %s", req.auth)
if req.auth is not None:
token = decrypt_token(req.auth)
if token is None:
raise UnauthorizedError('Invalid auth token: %s' % req.auth)
else:
req.context['auth_user'] = token.decode('utf-8')
else:
req.context['auth_user'] = None
def get_current_user(self):
cookie = self.get_cookie("jwt_cookie")
payload = JWT.get_payload(cookie)
if not payload:
raise UnauthorizedError()
username = payload.get("username")
self.current_user = UserModel.get_user_by_name(username)
return self.current_user
def delete(self, post_uid):
"""Delete a post"""
post = Post.get_active(uid=post_uid)
if post is None:
raise ResourceNotFound('Post not found')
if post.user != get_current_user():
raise UnauthorizedError()
post.delete()
return api_deleted_response()
def delete(self, story_uid):
"""Delete a slide from a user's story"""
story = Story.get_active(uid=story_uid)
if story is None:
raise ResourceNotFound('Story not found')
if story.user != get_current_user():
raise UnauthorizedError()
story.delete()
return api_deleted_response()
def patch(self, post_uid):
"""Edit a post"""
request_data = get_current_request_data()
post = Post.get_active(uid=post_uid)
if post is None:
raise ResourceNotFound('Post not found')
if post.user != get_current_user():
raise UnauthorizedError()
params = self.__validate_post_edit_params(request_data)
self.edit_post(post, params)
return api_success_response(post.as_json())
def process_request(self, req, res):
authToken = req.get_header('Authorization')
if authToken is not None:
auth_user = decode_jwt(authToken)
LOG.debug("auth_user: %s", auth_user)
if auth_user is None:
raise UnauthorizedError('Invalid authentication token')
else:
session = self._session_factory
db_user = session.query(User).get(auth_user['user_id'])
LOG.debug("db_user: %s", db_user)
if db_user:
req.context['auth_user'] = auth_user
else:
req.context['auth_user'] = None
else:
req.context['auth_user'] = None
def auth_required(req, res, resource, params):
if req.context["auth_user"] is None:
raise UnauthorizedError()
def auth_required(req, res, resource):
if req.context['auth_user'] is None:
raise UnauthorizedError()