def verify_token(token):
if app.config["ENABLE_AUTH"]:
try:
auth.verify_id_token(token)
return True
except ValueError:
print 'Authentication failed'
return False
return True
def _token_is_valid(self, req, token):
try:
decoded_token = auth.verify_id_token(token)
req.context['auth_user'] = decoded_token
except Exception as e:
return False
if not decoded_token:
return False
return True
def verify_token():
if 'Authorization' not in request.headers:
raise ValueError("Token not present")
# Verifying the token, if it fails proceed to except block.
token = request.headers['Authorization']
decoded_token = auth.verify_id_token(token, fadzmaq.auth_app, False)
uid = decoded_token['uid']
print('Verified, UID:', uid)
return uid
def check_token():
token = request.headers.get('token')
if token:
try:
decoded_token = auth.verify_id_token(token)
uid = decoded_token['uid']
except (ValueError, firebase_admin.exceptions.FirebaseError):
return ({'error': True, 'message': {'error': 'Invalid Token or Firebase Error'}, 'status': 401})
return ({'error': False, 'uid': uid})
return ({'error': True, 'message': {'error': 'No Token Provided'}, 'status': 401})
def verify_login(uid, msgDict):
if 'token' not in msgDict:
print("login attempt failed")
authed_user = auth.verify_id_token(msgDict['token'])
user_uid = authed_user['uid']
if user_uid not in active_users:
active_users[user_uid] = {'devs': {}}
fbClient.add_user_devs(user_uid)
ack_builder = {'type': 'login_ack', 'success': True}
send_user_msg(user_uid, ack_builder)
def wrap(*args, **kwargs):
if not request.headers.get("authorization"):
return {"message": "No token provided"}, 400
try:
user = auth.verify_id_token(request.headers["Authorization"])
request.user = user
except Exception as e:
print('error', e)
return {"message": "Invalid token provided.", "status": 400}, 400
return f(*args, **kwargs)
def verificar(id_token):
response = ""
try:
decoded_token = auth.verify_id_token(id_token)
response = decoded_token['uid']
except ValueError as err:
print("\nHubo un error decodificando el Token: \n\n", err)
response = "Error"
#print(response)
return response
def user():
try:
id_token = request.cookies.get('id_token')
decoded_token = auth.verify_id_token(id_token)
except:
abort(401)
user = User.query.get(decoded_token['uid'])
return user.to_dict(), 200
def verify_id_token(id_token):
"""
Verifies the given id token and returns the user's uid if successful.
Otherwise, throws an exception.
"""
# Verify the ID token while checking if the token is revoked by
# passing check_revoked=True
decoded_token = auth.verify_id_token(id_token, check_revoked=True)
# Token is valid and not revoked
return decoded_token['uid']
def token(request):
token = request.GET['token']
print('token:' + token);
# ID トークンを確認する
decoded_token = auth.verify_id_token(token)
uid = decoded_token['uid']
print('uid:' + uid);
return HttpResponse("OK")
def verify_id_token(cls, id_token):
"""
Verify the id token from firebase
"""
try:
decoded_token = auth.verify_id_token(id_token)
return decoded_token
except ValueError as e:
raise ValidationError(
'Invalid Firebase ID Token.', HTTP_422_UNPROCESSABLE_ENTITY) from e
def verify_token(token):
"""
The function set the method to be used for token authentication by the Flask-HTTPAuth module
Reads the token and pass it to the verify_id_token function of the Firebase SDK
"""
try:
decoded_token = auth.verify_id_token(token)
return decoded_token['uid']
except auth.InvalidIdTokenError:
return False
def token_verification(id_token):
try:
decoded_token = auth.verify_id_token(id_token)
except ValueError or exceptions.InvalidArgumentError:
logging.error('id_token not string or empty or invalid')
return ''
except auth.RevokedIdTokenError:
logging.error('id_token has been revoked')
return ''
return decoded_token
def verify_token(*args, **kwargs):
# Verify firebase auth token here
try:
id_token = request.args.get('token')
result = auth.verify_id_token(id_token)
#Getting name from id token
print(result['name'] + " made a request")
except:
return jsonify({"error": "Bad token"})
return f(*args, **kwargs)
def get(self):
try:
id_token = self.request.headers.get('Authorization', '')
decoded_token = auth.verify_id_token(id_token, app=f_app)
uid = decoded_token['uid']
self.set_status(200)
self.set_header("UID", uid)
except Exception as ex:
self.clear()
self.set_status(401)
def test_project_id_option(self):
app = firebase_admin.initialize_app(
testutils.MockCredential(), options={'projectId': 'mock-project-id'}, name='myApp')
_overwrite_cert_request(app, MOCK_REQUEST)
try:
claims = auth.verify_id_token(TEST_ID_TOKEN, app)
assert claims['admin'] is True
assert claims['uid'] == claims['sub']
finally:
firebase_admin.delete_app(app)
def decorated_func(*args, **kwargs):
try:
request_user_info = auth.verify_id_token(request.headers['auth'])
except:
return {'message': 'Unable to authenticate'}, 403
kwargs['authenticated_user_id'] = request_user_info['user_id']
return f(*args, **kwargs)
def decorated_function(*args, **kwargs):
auth_header = request.headers.get('authorization', None)
if auth_header is None:
# print('no auth token')
return jsonify({
'status': 'error',
'message': 'no authorization token provided'
})
id_token = auth_header.split(' ', 1)[1]
try:
auth.verify_id_token(id_token)
except BaseException:
# print('invalid token')
# print(e)
return jsonify({
'status': 'error',
'message': 'invalid token provided'
})
return f(*args, **kwargs)
def wrap(*args, **kwargs):
token = request.headers['Authorization']
decoded_token = auth.verify_id_token(token)
if decoded_token['admin'] is False:
return jsonify(
{'Error message': "You don't have the access rights"})
return f(*args, **kwargs)
def verify_firebase_id_token(self, id_token):
if not id_token:
return None
try:
return firebase_auth.verify_id_token(id_token,
app=self._get_app(),
check_revoked=IS_GAE_PROD)
except ValueError as e:
logging.error('Failed to decode Firebase id_token: %s', e)
return None
def isAuthenticated(accessToken: str):
''' Check if recieved accessToken is valid or not\n
(object) => [bool, str/None]
'''
try:
decoded_token = auth.verify_id_token(accessToken)
return [True, decoded_token]
except:
# If verification fails, return False
return [False, None]
def wrap(*args, **kwargs):
if not request.headers.get('authorization'):
return {'Message': 'No token provided'}, 400
try:
user = auth.verify_id_token(request.headers['authorization'])
request.user = user
except Exception as e:
print(e)
return {'message': 'Invalid token provided.'}, 400
return f(*args, **kwargs)
def test_set_custom_user_claims(new_user, api_key):
claims = {'admin' : True, 'package' : 'gold'}
auth.set_custom_user_claims(new_user.uid, claims)
user = auth.get_user(new_user.uid)
assert user.custom_claims == claims
custom_token = auth.create_custom_token(new_user.uid)
id_token = _sign_in(custom_token, api_key)
dev_claims = auth.verify_id_token(id_token)
for key, value in claims.items():
assert dev_claims[key] == value
def extract_phone_number_from_firebase_id_token(id_token):
"""get the phone number from a firebase id-token"""
phone_number = None
try:
from firebase_admin import auth
decoded_token = auth.verify_id_token(id_token)
phone_number = decoded_token['phone_number']
except Exception as e:
log.error('failed to decode the firebase token: %s' % e)
return phone_number
def post(self, request):
serializer = self.serializer_class(data=request.data)
if not serializer.is_valid():
return Response(serializer.errors)
# Validate firebase-token
try:
payload = auth.verify_id_token(
id_token=serializer.validated_data['token'],
check_revoked=True,
)
except ValueError:
raise AuthenticationFailed('Token is not a string or is empty')
except ExpiredIdTokenError:
raise AuthenticationFailed('Specified token has expired')
except RevokedIdTokenError:
raise AuthenticationFailed('Token has been revoked')
except InvalidIdTokenError:
raise AuthenticationFailed('Token is not a valid Firebase ID token')
except CertificateFetchError:
raise AuthenticationFailed('An error occurs while fetching the public key certificates')
# Check if sign_in_provider is not anonymous
if payload["firebase"]["sign_in_provider"] == "anonymous":
raise AuthenticationFailed('Firebase anonymous sign-in is not supported')
# Check that email is confirmed
if EMAIL_VERIFICATION:
if not payload["email_verified"]:
raise AuthenticationFailed('User email not yet confirmed')
# Try to get user by uid
user = User.objects.filter(
**{User.USERNAME_FIELD: payload['uid']}
).first()
# If doesn't exist, create one
if user is None:
firebase_user = auth.get_user(payload['uid'])
user = User.objects.create(**{
User.USERNAME_FIELD: payload['uid'],
'email': firebase_user.email,
})
# Crete access/refresh token pair for user and return it
refresh = RefreshToken.for_user(user)
return Response({
'refresh': str(refresh),
'access': str(refresh.access_token),
})
def post(self, request):
data = {
'secret': settings.GOOGLE_RECAPTCHA,
'response': request.data.get('g_token', None)
}
resp = requests.post(
'https://www.google.com/recaptcha/api/siteverify',
data=data
)
print(resp.json())
if not resp.json().get('success'):
return Response(data={'message': 'ReCAPTCHA not verified!'}, status=406)
password = request.data.get('password', None)
username = request.data.get('username', None)
id_token = request.data.get('id_token', None)
if password is None and username is None:
try:
decoded_token = auth.verify_id_token(id_token)
username = decoded_token['email']
except Exception as e:
print(e)
return Response({"message": "Firebase Token Verification Failed."}, status=400)
user = User.objects.filter(username=username)
print(user.count())
if user.count() == 0:
return Response({"message": "Invalid Details"}, status=400)
user = user[0]
else:
print(username, password)
user = authenticate(username=username, password=password)
print(user)
if not user:
return Response({"message": "Invalid Details"}, status=400)
try:
condition = user.is_blocked or user.is_disqualified
except:
pass
if condition:
return Response({"message": "You don't have access to the portal. Contact [email protected]"}, status=403)
else:
token, _ = Token.objects.get_or_create(user=user)
return Response({
"message": "User Logged In",
"user": {
"username": user.username,
"full_name": user.full_name,
"phone_no": user.phone,
"token": token.key
}}, status=200)
def post(self, request, pk, format=None):
try:
uid = pk
token = request.GET.get("token", None)
decoded_token = auth.verify_id_token(token)
decoded_uid = decoded_token['uid']
user = auth.get_user(decoded_uid)
data_dict = request.data
if uid == decoded_uid:
tYpe = data_dict.get("type")
backref_id = data_dict.get("backref_id")
date_created = data_dict.get("date_created")
last_accessed = date_created
if date_created is None:
date_created = datetime.datetime.now()
last_accessed = date_created
if (uid is not None) and (tYpe is not None) and (backref_id
is not None):
user = dbUsers.objects.get(uid=uid)
user_watchlist = UserWatchlist(uid=user,
type=tYpe,
backref_id=backref_id,
date_created=date_created,
last_accessed=last_accessed)
user_watchlist.save()
result = {"status": True, "msg": "Data Saved"}
return Response(result)
result = {"status": False, "msg": "UID match"}
return Response(result)
else:
result = {"status": False, "msg": "UID Does not match"}
return Response(result)
return Response(request.data)
except firebase_admin._auth_utils.InvalidIdTokenError as e:
result = {
"status": False,
"msg": e.default_message,
"Expection Class Name": str(e.__class__.__name__),
"Expection Class ": str(e.__class__)
}
return Response(result)
except Exception as e:
result = {
"status": False,
"msg": e.args,
"Expection Class Name": str(e.__class__.__name__),
"Expection Class ": str(e.__class__)
}
return Response(result)
def authenticate_credentials(self, key):
try:
token = auth.verify_id_token(key)
email = token['email']
user = User.objects.get(email=email)
except Exception:
raise exceptions.AuthenticationFailed('Unable to authenticate.')
if not user.is_active:
raise exceptions.AuthenticationFailed('User inactive or deleted.')
return (user, token)
def has_permission(self, request, view):
try:
token = request.META['HTTP_AUTHORIZATION']
decoded_token = auth.verify_id_token(token)
uid = decoded_token['uid']
print (uid)
if request.method in permissions.SAFE_METHODS:
return True
return 'COHzLEpHu2YoySLDKdB4JbHQ2gX2' == uid
except:
raise PermissionDenied({"message": "You don't have permission to access"})
def verify_token_uid(id_token):
cred = credentials.Certificate('path/to/service.json')
default_app = firebase_admin.initialize_app(cred)
# [START verify_token_uid]
# id_token comes from the client app (shown above)
decoded_token = auth.verify_id_token(id_token)
uid = decoded_token['uid']
# [END verify_token_uid]
print(uid)
firebase_admin.delete_app(default_app)
def create_node():
""" Create a new Node """
id_token = request.args.get('id_token')
node_name = request.args.get('node_name')
profile_pic = request.args.get('profile_pic')
node_description = request.args.get('node_description')
try:
# validate node names
if (re.match("^[A-Za-z0-9_]*$", node_name) == None
or len(node_name) < 3):
raise Exception('INVALID_NODE_NAME')
if (profile_pic == None):
profile_pic = "camera-placeholder.png"
decoded_token = auth.verify_id_token(id_token)
uid = decoded_token['uid']
# request user must be in connected_users[]
user_doc_ref = db_ref.collection(u'users').document(uid)
node_coll_ref = db_ref.collection(u'nodes')
node_coll_ref.add(
{
"name": node_name,
"connected_users": [user_doc_ref],
"posts": [],
"profile_pic": profile_pic,
"node_description": node_description
}, node_name)
# new node must be in connected_nodes[] in user
user_details = user_doc_ref.get().to_dict()
new_doc_ref = db_ref.collection(u'nodes').document(node_name)
user_details.get('connected_nodes').append(new_doc_ref)
# add details to connected_nodes_data (repeat data)
user_details.get('connected_nodes_data').append({
"name":
node_name,
"profile_pic":
profile_pic,
"node_description":
node_description
})
user_doc_ref.update(user_details, option=None)
return jsonify(operation="Create a new node", status="SUCCESS")
except:
return jsonify(status="FAILED")
def VerifyToken(token, uid):
try:
decoded_token = auth.verify_id_token(token)
in_uid = decoded_token['uid']
except Exception as e:
print(str(e))
return False
if uid == in_uid:
return True
else:
return False
def firebase_auth():
id_token = request.json['auth_data']
decoded_token = auth.verify_id_token(id_token)
encoded_email = decoded_token['email'].replace('.', ',').replace('+', '%')
gh_uid = decoded_token['firebase']['identities']['github.com'][0]
authorized = is_token_authorized(gh_uid)
if authorized:
whitelist = get_whitelist_emails()
if whitelist is None or not whitelist.get(encoded_email):
get_whitelist_emails.delete()
root.child(f'whitelist').child(encoded_email).set(True)
return jsonify({
"authorized": authorized
})
