def upcoming_vendor_engagements(self): location = Auth.get_location() engagements = self.vendor_engagement_repo.get_engagement_by_date() engagements_list = [] for e in engagements.items: if e.location_id == location: engagement = e.serialize() engagement['vendor'] = e.vendor.serialize() engagements_list.append(engagement) return self.handle_response( 'OK', payload={'engagements': engagements_list, 'meta': self.pagination_meta(engagements)} )
def authenticate_user(self): username, password = self.request_params("username", "password") user = self.user_repo.find_first(email=username) if user is not None and check_password_hash(user.password, password): time_limit = datetime.datetime.utcnow() + datetime.timedelta( days=3) user_roles = self.user_role_repo.get_unpaginated(user_id=user.id) user_roles_list = [ user_role.role.to_dict(only=["id", "name"]) for user_role in user_roles ] user_data = { "UserInfo": { "id": user.id, "first_name": user.first_name, "last_name": user.last_name, "email": user.email, "name": f"{user.first_name} {user.last_name}", "picture": "", "roles": user_roles_list, "date_time_now": datetime.datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S"), "date_time_exp": time_limit.strftime("%Y-%m-%d %H:%M:%S"), }, "iat": datetime.datetime.utcnow(), "exp": time_limit, "aud": "webspoons.com", "iss": "accounts.webspoons.com", } token = Auth.encode_token(user_data) return self.handle_response("OK", payload={ "token": token, "user": user.email }, status_code=200) return self.handle_response("Username/password combination is wrong", status_code=400)
def delete_order(self, order_id): order = self.order_repo.get(order_id) if order: if order.is_deleted: return self.handle_response('Order has already been deleted', status_code=400) if Auth.user('id') != order.user_id: return self.handle_response('You cannot delete an order that is not yours', status_code=403) updates = {} updates['is_deleted'] = True self.order_repo.update(order, **updates) return self.handle_response('Order deleted', payload={"status": "success"}) return self.handle_response('Invalid or incorrect order_id provided', status_code=400)
def list_vendor_engagements(self): location = Auth.get_location() engagements = self.vendor_engagement_repo.filter_by_desc( self.vendor_engagement_repo._model.start_date, is_deleted=False, location_id=location ) engagements_list = [] for e in engagements.items: engagement = e.serialize() engagement['vendor'] = e.vendor.serialize() engagements_list.append(engagement) return self.handle_response( 'OK', payload={'engagements': engagements_list, 'meta': self.pagination_meta(engagements)} )
def test_has_role_method_handles_succeeds(self, mock_auth_user, mock_find_first, mock_role_repo): def mock_get(*args): get_obj = namedtuple('mock', 'name') return get_obj('admin') class MockRole: role_id = 1 mock_auth_user.return_value = {'id': 1} mock_find_first.return_value = MockRole mock_role_repo.return_value = mock_get() response = Auth.has_role('admin')(lambda n: n)('test') self.assertEqual(response, 'test')
def login(self): email_address, password = self.request_params('emailAddress', 'password') user = self.user_service.filter_first( **{'email_address': email_address}) if user: if bcrypt.check_password_hash(user.password, password): token = Auth.create_token(user.id) del user.password return self.handle_response('Ok', payload={ 'user': user.serialize(), 'token': token.decode() }) else: return self.handle_response('Wrong password', status_code=400) else: return self.handle_response('User does not exist', status_code=404)
def login(): """ 商户登录接口 :return: """ res = ResMsg() req = request.get_json(force=True) username = req.get("username") password = req.get("password") password_hash = hash_password(password) noew_timestr = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) user = db.session.query(ETMerchants).filter( ETMerchants.username == username, ETMerchants.password == password_hash).first() if user.status != 1: res.update(code=ResponseCode.Fail, data={}, msg='当前账户已禁用,请请联系客服') return res.data res_data = dict() if user: user = db.session.query(ETMerchants.username).first() res_data.update(dict(zip(user.keys(), user))) db.session.query(ETMerchants).filter( ETMerchants.username == username).update( {"last_login": noew_timestr}) access_token, refresh_token = Auth.encode_auth_token(user_id=username) res_data.update({ "access_token": access_token.decode("utf-8"), "refresh_token": refresh_token.decode("utf-8") }) res.update(code=ResponseCode.LoginSuccess, data=res_data, msg=ResponseMessage.LoginSuccess) return res.data else: res.update(code=ResponseCode.LoginFail, data={}, msg=ResponseMessage.LoginFail) return res.data
def create_vendor_rating(self): '''Adds a vendor rating during a specific engagement''' (vendor_id, comment, rating, channel, engagement_id) = self.request_params('vendorId', 'comment', 'rating', 'channel', 'engagementId') user_id = Auth.user('id') if self.vendor_repo.get(vendor_id): rating = self.vendor_rating_repo.new_rating( vendor_id, user_id, rating, RatingType.engagement, 0, engagement_id, channel, comment) rtng = rating.serialize() return self.handle_response('Rating created', payload={'rating': rtng}, status_code=201) return self.handle_response('Invalid vendor_id provided', status_code=400)
def test_has_role_method_handles_unmatching_roles(self, mock_auth_user, mock_find_first, mock_role_repo): def mock_get(*args): get_obj = namedtuple('mock', 'name') return get_obj('user') class MockRole: role_id = 1 mock_auth_user.return_value = {'id': 1} mock_find_first.return_value = MockRole mock_role_repo.return_value = mock_get() response = Auth.has_role('admin')(lambda n: n)('test') self.assertEqual( response[0].get_json()['msg'], 'Access Error - This role does not have the access rights')
def eventSubscribe(msg): Redis.write(msg.scene_id, msg.source) # 创建 access_token access_token = Auth.generate_access_token(user_id=msg.source) if access_token: access_token = access_token.decode('utf-8') logger.debug("用户初次订阅行为,flag为: ", msg.scene_id) # 查询用户详细信息 user = client.user.get(msg.source) # 开始用户登陆或注册 user_login = wx_login_or_register(user) # 缓存用户信息 Redis.write( msg.source, json.dumps( dict(user_id=user_login['id'], access_token=access_token, headimgurl=user['headimgurl'], nickname=user['nickname'], admin=user_login['admin'])))
def update_vendor_rating(self, rating_id): """edits an existing rating""" rtng = self.vendor_rating_repo.get(rating_id) comment = self.get_json()['comment'] if rtng: if Auth.user( 'id' ) == rtng.user_id: #You cannot update someone else's rating updates = {} if comment: updates['comment'] = comment self.vendor_rating_repo.update(rtng, **updates) return self.handle_response( 'OK', payload={'rating': rtng.serialize()}) return self.handle_response( 'You are not allowed to update a rating that is not yours', status_code=403) return self.handle_response('Invalid or incorrect rating_id provided', status_code=404)
def eventscan(msg): Redis.write(msg.scene_id, msg.source) # 创建 access_token access_token = Auth.generate_access_token(user_id=msg.source) if access_token: access_token = access_token.decode('utf-8') logger.debug("已订阅用户扫描行为,flag为: ", msg.scene_id) # 查询用户详细信息 client = C_WeChatClient._get_wechatclient() user = client.user.get(msg.source) # 开始用户登陆或注册 user_login = wx_login_or_register(user) # 缓存用户信息 Redis.write( msg.source, json.dumps( dict(user_id=user_login['id'], access_token=access_token, headimgurl=user['headimgurl'], nickname=user['nickname'], admin=user_login['admin'])))
def login(): """登陆成功获取到数据获取token和刷新token""" res = ResMsg() obj = request.get_json(force=True) name = obj.get("name") if not all([obj, name, obj.get("password")]): res.update(code=ResponseCode.InvalidParameter) return res.data user_obj = User.query.filter(User.name == name).first() if user_obj and user_obj.password == obj.get("password"): access_token, refresh_token = Auth.encode_auth_token(user_id=name) data = { "access_token": access_token.decode("utf-8"), "refresh_token": refresh_token.decode("utf-8"), "user": model_to_dict(user_obj) } res.update(data=data) else: res.update(code=ResponseCode.AccountOrPassWordErr) return res.data
def before_request(): # 这里使用的是 jwt, 数据用户 id 从 jwt 中读取 user_id = Auth().get_jwt_data(request) if user_id: from app.models import User # g 是在 before_request 之前创建的 g.user = User.query.get(user_id) # count 变量用于计数 count = 0 # 从缓存中查询请求次数 try: count = redis_store.get("request_count:%s" % user_id) or 0 except Exception as e: # current_app 与 g 是同时创建的,生命周期相同 # 将报错信息记录在 current_app.logger,这里不能 return 否则程序会被阻断 current_app.logger.error(e) if isinstance(count, str): count = int(count) # 如果次数大于20,直接不让用户再继续了 # 这里只能等 redis 刷新之后再继续了 if count >= 20: return jsonify(code=1234, msg='请求过于频繁,请稍后尝试') # count 计数,每次登录时自增 1 count += 1 try: # 在 redis 中添加数据 user_id count 以及 redis 请求次数有效时间,单位是秒 redis_store.set("request_count:%s" % user_id, count, 5) except Exception as e: current_app.logger.error(e) # 判断用户请求是否包含有浏览器(软件信息以及 http 版本信息等)信息,不过没有,则判定为爬虫 if not request.user_agent: return jsonify('不是浏览器请求,可能是爬虫') return
def handle_loginout(): """ 账号登出接口 :return: """ res = ResMsg() header_token = request.headers.get("xtoken") access_token = request.args.get("token",header_token) if not access_token: res.update(code=ResponseCode.InvalidParameter) return res.data payload = Auth.decode_auth_token(access_token) if not payload: res.update(code=ResponseCode.PleaseSignIn) return res.data if "user_id" not in payload: res.update(code=ResponseCode.PleaseSignIn) return res.data # @todo 移除accesstoken access_token = None data = {"access_token": None} res.update(code=ResponseCode.Success, data=data, msg='logout success!') return res.data
def test_decode_token_returns_dict_on_valid_token(self): token = Auth.decode_token(self.get_valid_token()) if type(token) is dict: assert True else: assert False
def test_decode_token_throws_exception_on_invalid_token(self): try: Auth.decode_token(self.get_invalid_token()) assert False except Exception as e: assert True
def user_first_and_last_name(): return ( Auth.decode_token(BaseTestCase.get_valid_token())["UserInfo"]["firstName"], Auth.decode_token(BaseTestCase.get_valid_token())["UserInfo"]["lastName"], )
def user(self, *keys): return Auth.user(*keys)
def user_email(): return Auth.decode_token(BaseTestCase.get_valid_token())["UserInfo"]["email"]