class UserSecurity(object):
_model = User
_share = False
def _verify_password(self, mobile_or_token, password):
if request.method == 'OPTIONS':
token = request.values.get('token', False)
if not token:
return True
token = request.values.get('token', None)
if (not token) and mobile_or_token and (not password):
token = mobile_or_token
if token:
user = get_user_from_auth_token(token, self._model)
if user and user.active:
g.current_user = user
g.token_used = True
return True
if mobile_or_token and password:
user = None
if hasattr(self._model, 'mobile') and hasattr(
self._model, 'email'):
user = self._model.query.filter(
or_(self._model.mobile == str(mobile_or_token),
self._model.email == str(mobile_or_token))).first()
elif not hasattr(self._model, 'mobile') and hasattr(
self._model, 'email'):
user = self._model.query.filter(
self._model.email == str(mobile_or_token)).first()
if user and user.active and user.check_password(password):
# set token
user.generate_auth_token()
g.current_user = user
g.token_used = False
return True
if self._share:
return True
raise_401_response(message=u'用户名或者密码错误')
def __init__(self, app=None, db=None):
self.app = app
self.db = db
self.auth = HTTPBasicAuth()
self.auth.error_handler(unauthorized)
self.auth.verify_password(self._verify_password)
if app is not None and db is not None:
self.init_app(app, db)
def init_app(self, app, db):
if app is None:
raise ()
self.app = app
self.db = db
class BaseAuth(object):
_model = None
def __init__(self):
self.auth = HTTPBasicAuth()
self.auth.verify_password(self._verify_password)
def _verify_password(self, username_or_token, password):
# token 登录
token = request.values.get("token", "")
if not token and username_or_token and not password:
token = username_or_token
if token:
user = get_user_from_auth_token(token, self._model)
if user and user.active == USER_ACTIVE:
g.current_user = user
return True
# 如果密码登录
if username_or_token and password:
if hasattr(self._model, "mobile") and hasattr(
self._model, "email"):
user = self._model.query.filter(
or_(self._model.mobile == str(username_or_token),
self._model.email == str(username_or_token))).first()
if user and user.active == USER_ACTIVE:
if not user.check_password(password):
return False
g.current_user = user
return True
return False
class Auth:
def __init__(self):
"""Creates access control class for authentication and authorization."""
self._basic_auth = HTTPBasicAuth()
self._token_auth = HTTPTokenAuth()
self._auth = MultiAuth(self._basic_auth, self._token_auth)
self._resources = {}
def error_handler(self, f: typing.Callable) -> typing.NoReturn:
"""Set error handler for Authentication Errors.
:param f: error handler.
:return: NoReturn
"""
self._token_auth.error_handler(f)
self._basic_auth.error_handler(f)
def verify_password(self, f: typing.Callable) -> typing.Any:
""" Verifies basic password.
:param f: function defining verification process.
:return: Any
"""
return self._basic_auth.verify_password(f)
def verify_token(self, f: typing.Callable) -> typing.Any:
""" Verifies token.
:param f: function defining verification process.
:return: Any
"""
return self._token_auth.verify_token(f)
def login_required(self,
f: typing.Callable = None,
role: typing.Text = None) -> typing.Any:
""" Identifies as login required for provided function {f}.
:param f: input function.
:param role: user role
:return: func
"""
return self._auth.login_required(f, role)
def __init__(self, source):
self.source = source
auth = HTTPBasicAuth()
auth.verify_password(get_verify_password(source))
self.decorators.append(auth.login_required)
class BaseSecurity(object):
_model = None
_auth_model = None
_ignore_auth = False
def _get_user_from_auth_token(self, token):
s = Serializer(current_app.config['SECRET_KEY'],
salt=current_app.config['SECRET_SALT'])
try:
data = s.loads(token)
except SignatureExpired:
return None
except BadSignature:
return None
return self._model.get_by_id(data['id'])
def _verify_password(self, access_id_or_token, password):
token = request.values.get('token', None)
if request.method == 'OPTIONS' and not token:
return True
# 是否忽略验证
if self._ignore_auth:
return True
# 登录名、密码登录
if access_id_or_token and password:
user_auth = self._auth_model.query.filter_by(
access_id=access_id_or_token).first()
if not user_auth or not user_auth.user:
raise_401_response(message=u'该用户未注册')
user = user_auth.user
# FIXME: 0需要与数据库常量同步
if (not user) or user.status != 0:
raise_401_response(message=u'该用户未注册')
if bcrypt.check_password_hash(user_auth.access_token, password):
g.current_user = user
g.token_used = False
return True
else:
raise_401_response(message=u'用户名或密码错误')
# 验证token
if access_id_or_token:
user = self._get_user_from_auth_token(access_id_or_token)
if not user:
raise_401_response(message=u'请重新登录')
# FIXME: 0需要与数据库常量同步
if (not user) or user.status != 0:
raise_401_response(message=u'请重新登录')
g.current_user = user
g.token_used = True
return True
raise_401_response(message=u'请登录')
def __init__(self, app=None, db=None):
self.app = app
self.db = db
self.auth = HTTPBasicAuth()
self.auth.error_handler(_unauthorized)
self.auth.verify_password(self._verify_password)
if app is not None and db is not None:
self.init_app(app, db)
def init_app(self, app, db):
if app is None:
raise
self.app = app
self.db = db
def init_basic_auth():
auth = HTTPBasicAuth()
auth.verify_password(__verify_password)
return auth
from flask import Blueprint, render_template, request, jsonify
from flask_httpauth import HTTPBasicAuth
from redis import Redis
from src import utils, msg
from os import getenv
import messagebird
import config
redis = Redis().from_url(getenv("REDIS_URL"))
msg_client = messagebird.Client(getenv('MESSAGEBIRD'))
admin_blueprint = Blueprint(__name__, 'admin')
auth = HTTPBasicAuth()
auth.verify_password(utils.verify_password)
@admin_blueprint.route('/', methods=['GET', 'POST'])
@auth.login_required
def admin_panel():
if request.method == "POST":
rcv = utils.fix_number(request.form.get('rcv'))
print(rcv)
keys = redis.lrange("keys", 0, -1)
while True:
key = utils.generate_random_key(4)
if not key.encode() in keys: break
if len(rcv) == config.phone_total_length:
result = msg.send_sms("NiceSMS", rcv, f"Your one time key is: {key}")
redis.lpush("keys", key)
if isinstance(result, tuple):
def setup_http_basic_auth(self):
auth = HTTPBasicAuth()
self.verify_password = auth.verify_password(self.verify_password)
return auth
@register_versions('return', ['v4'])
def _return(self, version, info, project):
return {'Info': info}
@register_versions('return', ['v5'])
def _return_v5(self, version, info, project):
return {
'Data': info['FreqModes'],
'Type': 'level2_project_freqmode',
'Count': len(info['FreqModes'])
}
auth = HTTPBasicAuth()
auth.verify_password(lambda _, password: password == SECRET_KEY)
class Level2ProjectPublish(MethodView):
@auth.login_required
def post(self, project):
projectsdb = level2db.ProjectsDB()
try:
projectsdb.publish_project(project)
except level2db.ProjectError:
abort(http.client.NOT_FOUND)
return redirect(
url_for('level2viewproject', project=project, version='v5'),
code=http.client.CREATED,
)
