def decorated_function(*args, **kwargs): token = request.headers.get('Authorization', None) if token is None: return fail_response("Token is not given") try: decoded_token = decrypt_jwt(token) except Exception as e: logging.error(e) return fail_response("Invalid token given", ERROR_UNAUTHORIZED) db = get_session('flask-jwt-auth') username = decoded_token['username'] auth_user = db.query(User).filter_by(username=username).first() if auth_user is None: return fail_response("Invalid token given", ERROR_UNAUTHORIZED) exp = decoded_token['exp'] if exp < time.time(): return fail_response('Access token has been expired', ERROR_UNAUTHORIZED) kwargs['jwt_username'] = username kwargs['jwt_exp'] = exp kwargs['jwt_iat'] = decoded_token['iat'] kwargs['auth_user'] = auth_user return f(*args, **kwargs)
def post(self): try: args = login_parser.parse_args() except Exception as e: logging.error(e) return fail_response('Need Info : username, password') try: db = get_session() data = db.query(User).filter_by(username=args['username']).first() if data is not None: if data.check_password(args['password']): access_token = encrypt_jwt(args['username']) try: db.query(User).filter_by( username=args['username']).update( {'last_login': datetime.now()}) db.commit() except Exception as e: logging.error(e) db.rollback() return fail_response('Error while login') return success_response({'access_token': access_token}) return fail_response('Invalid password') return fail_response('Invalid user') except Exception as e: logging.error(e) return fail_response('Login error')
def put(self, username, **kwargs): auth_user = kwargs['auth_user'] args = update_parser.parse_args() if kwargs['jwt_username'] != username and not auth_user.is_staff: return fail_response('Not Permission', ERROR_UNAUTHORIZED) db = get_session() try: user = db.query(User).filter_by(username=username).first() is_valid, err_msg = check_password(args['password'], args['password_confirmed']) if not is_valid: return fail_response(err_msg) is_valid, err_msg = check_email(args['email']) if not is_valid: return fail_response(err_msg) user.set_password(args['password']) user.email = args['email'] db.commit() except Exception as e: logging.error(e) db.rollback() return fail_response('Error while update user info') data = { 'id': user.id, 'username': user.username, 'email': user.email, 'created_on': user.created_on, 'last_login': user.last_login } return success_response(data)
def delete(self, username, **kwargs): auth_user = kwargs['auth_user'] if kwargs['jwt_username'] != username and not auth_user.is_staff: return fail_response('Not Permission', ERROR_UNAUTHORIZED) db = get_session() try: db.query(User).filter_by(username=username).delete() db.commit() except Exception as e: logging.error(e) db.rollback() return fail_response(f'Error while deleting user {username}') return success_response({'deleted_user': username}, f'success. delete user {username}')
def get(self, **kwargs): auth_user = kwargs['auth_user'] if not auth_user.is_staff: return fail_response('Not Permission', ERROR_UNAUTHORIZED) db = get_session() user_list = db.query(User).all() data = list() for user in user_list: data.append({ 'id': user.id, 'username': user.username, 'email': user.email, 'created_on': user.created_on, 'last_login': user.last_login, 'is_staff': user.is_staff }) return success_response(data)
def get(self, username, **kwargs): auth_user = kwargs['auth_user'] if auth_user.is_staff or kwargs['jwt_username'] == username: db = get_session() user = db.query(User).filter_by(username=username).first() if user: auth_user = user data = { 'id': auth_user.id, 'username': auth_user.username, 'email': auth_user.email, 'created_on': auth_user.created_on, 'last_login': auth_user.last_login } return success_response(data) else: return fail_response(f'No entry for username. {username}') return fail_response('Not Permission', ERROR_UNAUTHORIZED)
def post(self): args = create_parser.parse_args() db = get_session() try: if db.query(User).filter_by(username=args['username']).first(): return fail_response('Already existed username') if db.query(User).filter_by(email=args['email']).first(): return fail_response('Already existed email') is_valid, err_msg = check_username(args['username']) if not is_valid: return fail_response(err_msg) is_valid, err_msg = check_password(args['password'], args['password_confirmed']) if not is_valid: return fail_response(err_msg) is_valid, err_msg = check_email(args['email']) if not is_valid: return fail_response(err_msg) user = User(username=args['username'], password=args['password'], email=args['email']) db.add(user) db.commit() except Exception as e: logging.error(e) db.rollback() return fail_response('Error while create user') data = { 'id': user.id, 'username': user.username, 'email': user.email, 'created_on': user.created_on } return success_response(data)