def get_user_role_from_auth_token(token: str):
decoded_user_data = User.decode_auth_token(token)
if not isinstance(decoded_user_data, str):
user = (
User.query.filter_by(id=decoded_user_data.get("id"))
.execution_options(show_all=True)
.first()
)
if not user:
raise Exception("No user found.")
else:
return user.role.name
else:
raise Exception(decoded_user_data)
def wrapper(*args, **kwargs):
"""
:param args:
:param kwargs:
:return:
"""
auth_header = request.headers.get("Authorization")
if auth_header:
auth_token = auth_header.split(" ")[1]
else:
auth_token = ""
if auth_token:
# decode authentication token
decoded_user_data = User.decode_auth_token(auth_token)
if not isinstance(decoded_user_data, str):
user = (
User.query.filter_by(id=decoded_user_data.get("id"))
.execution_options(show_all=True)
.first()
)
if not user:
response = {
"error": {"message": "User not found.", "status": "Fail"}
}
return make_response(jsonify(response), 401)
if not user.is_activated:
response = {
"error": {"message": "User not activated.", "status": "Fail"}
}
return make_response(jsonify(response), 401)
# get user role
user_role = decoded_user_data.get("role", None)
if len(authenticated_roles) > 0:
# check if user's role matches any of the required roles
if user_role not in authenticated_roles:
response = {
"error": {
"message": "User's is not authorized to access this role.",
"status": "Fail",
}
}
return make_response(jsonify(response), 401)
return function(*args, **kwargs)
# if returned decoded data is a message.
response = {"error": {"message": decoded_user_data, "status": "Fail"}}
return make_response(jsonify(response), 401)
# if no valid authentication is provided.
response = {
"error": {
"message": "Provide a valid authentication token.",
"status": "Fail",
}
}
return make_response(jsonify(response), 401)
def post(self):
logout_instruction = request.get_json()
action = logout_instruction.get("action", None)
if not action or action != "logout":
response = {
"error": {
"message": "Invalid action provided for logout.",
"status": "Fail",
}
}
return make_response(jsonify(response), 400)
# get auth token
auth_header = request.headers.get("Authorization")
# get auth token
if auth_header:
auth_token = auth_header.split(" ")[1]
else:
auth_token = ""
if auth_token:
decoded_auth_token = User.decode_auth_token(auth_token)
if not isinstance(decoded_auth_token, str):
# mark the token as blacklisted
blacklist_token = BlacklistedToken(token=auth_token)
try:
# insert the token
db.session.add(blacklist_token)
db.session.commit()
response = {
"message": "Successfully logged out.",
"status": "Success",
}
return make_response(jsonify(response)), 200
except Exception as exception:
response = {
"error": {
"message": f"System error: {exception}.",
"status": "Fail",
}
}
return make_response(jsonify(response)), 500
else:
response = {
"error": {
"message": decoded_auth_token,
"status": "Fail"
}
}
return make_response(jsonify(response)), 401
else:
response = {
"error": {
"message": "Provide a valid auth token.",
"status": "Fail"
}
}
return make_response(jsonify(response)), 403