class UserSecurity(object): _model = User _share = False def _verify_password(self, mobile_or_token, password): if request.method == 'OPTIONS': token = request.values.get('token', False) if not token: return True token = request.values.get('token', None) if (not token) and mobile_or_token and (not password): token = mobile_or_token if token: user = get_user_from_auth_token(token, self._model) if user and user.active: g.current_user = user g.token_used = True return True if mobile_or_token and password: user = None if hasattr(self._model, 'mobile') and hasattr( self._model, 'email'): user = self._model.query.filter( or_(self._model.mobile == str(mobile_or_token), self._model.email == str(mobile_or_token))).first() elif not hasattr(self._model, 'mobile') and hasattr( self._model, 'email'): user = self._model.query.filter( self._model.email == str(mobile_or_token)).first() if user and user.active and user.check_password(password): # set token user.generate_auth_token() g.current_user = user g.token_used = False return True if self._share: return True raise_401_response(message=u'用户名或者密码错误') def __init__(self, app=None, db=None): self.app = app self.db = db self.auth = HTTPBasicAuth() self.auth.error_handler(unauthorized) self.auth.verify_password(self._verify_password) if app is not None and db is not None: self.init_app(app, db) def init_app(self, app, db): if app is None: raise () self.app = app self.db = db
class BaseAuth(object): _model = None def __init__(self): self.auth = HTTPBasicAuth() self.auth.verify_password(self._verify_password) def _verify_password(self, username_or_token, password): # token 登录 token = request.values.get("token", "") if not token and username_or_token and not password: token = username_or_token if token: user = get_user_from_auth_token(token, self._model) if user and user.active == USER_ACTIVE: g.current_user = user return True # 如果密码登录 if username_or_token and password: if hasattr(self._model, "mobile") and hasattr( self._model, "email"): user = self._model.query.filter( or_(self._model.mobile == str(username_or_token), self._model.email == str(username_or_token))).first() if user and user.active == USER_ACTIVE: if not user.check_password(password): return False g.current_user = user return True return False
class Auth: def __init__(self): """Creates access control class for authentication and authorization.""" self._basic_auth = HTTPBasicAuth() self._token_auth = HTTPTokenAuth() self._auth = MultiAuth(self._basic_auth, self._token_auth) self._resources = {} def error_handler(self, f: typing.Callable) -> typing.NoReturn: """Set error handler for Authentication Errors. :param f: error handler. :return: NoReturn """ self._token_auth.error_handler(f) self._basic_auth.error_handler(f) def verify_password(self, f: typing.Callable) -> typing.Any: """ Verifies basic password. :param f: function defining verification process. :return: Any """ return self._basic_auth.verify_password(f) def verify_token(self, f: typing.Callable) -> typing.Any: """ Verifies token. :param f: function defining verification process. :return: Any """ return self._token_auth.verify_token(f) def login_required(self, f: typing.Callable = None, role: typing.Text = None) -> typing.Any: """ Identifies as login required for provided function {f}. :param f: input function. :param role: user role :return: func """ return self._auth.login_required(f, role)
def __init__(self, source): self.source = source auth = HTTPBasicAuth() auth.verify_password(get_verify_password(source)) self.decorators.append(auth.login_required)
class BaseSecurity(object): _model = None _auth_model = None _ignore_auth = False def _get_user_from_auth_token(self, token): s = Serializer(current_app.config['SECRET_KEY'], salt=current_app.config['SECRET_SALT']) try: data = s.loads(token) except SignatureExpired: return None except BadSignature: return None return self._model.get_by_id(data['id']) def _verify_password(self, access_id_or_token, password): token = request.values.get('token', None) if request.method == 'OPTIONS' and not token: return True # 是否忽略验证 if self._ignore_auth: return True # 登录名、密码登录 if access_id_or_token and password: user_auth = self._auth_model.query.filter_by( access_id=access_id_or_token).first() if not user_auth or not user_auth.user: raise_401_response(message=u'该用户未注册') user = user_auth.user # FIXME: 0需要与数据库常量同步 if (not user) or user.status != 0: raise_401_response(message=u'该用户未注册') if bcrypt.check_password_hash(user_auth.access_token, password): g.current_user = user g.token_used = False return True else: raise_401_response(message=u'用户名或密码错误') # 验证token if access_id_or_token: user = self._get_user_from_auth_token(access_id_or_token) if not user: raise_401_response(message=u'请重新登录') # FIXME: 0需要与数据库常量同步 if (not user) or user.status != 0: raise_401_response(message=u'请重新登录') g.current_user = user g.token_used = True return True raise_401_response(message=u'请登录') def __init__(self, app=None, db=None): self.app = app self.db = db self.auth = HTTPBasicAuth() self.auth.error_handler(_unauthorized) self.auth.verify_password(self._verify_password) if app is not None and db is not None: self.init_app(app, db) def init_app(self, app, db): if app is None: raise self.app = app self.db = db
def init_basic_auth(): auth = HTTPBasicAuth() auth.verify_password(__verify_password) return auth
from flask import Blueprint, render_template, request, jsonify from flask_httpauth import HTTPBasicAuth from redis import Redis from src import utils, msg from os import getenv import messagebird import config redis = Redis().from_url(getenv("REDIS_URL")) msg_client = messagebird.Client(getenv('MESSAGEBIRD')) admin_blueprint = Blueprint(__name__, 'admin') auth = HTTPBasicAuth() auth.verify_password(utils.verify_password) @admin_blueprint.route('/', methods=['GET', 'POST']) @auth.login_required def admin_panel(): if request.method == "POST": rcv = utils.fix_number(request.form.get('rcv')) print(rcv) keys = redis.lrange("keys", 0, -1) while True: key = utils.generate_random_key(4) if not key.encode() in keys: break if len(rcv) == config.phone_total_length: result = msg.send_sms("NiceSMS", rcv, f"Your one time key is: {key}") redis.lpush("keys", key) if isinstance(result, tuple):
def setup_http_basic_auth(self): auth = HTTPBasicAuth() self.verify_password = auth.verify_password(self.verify_password) return auth
@register_versions('return', ['v4']) def _return(self, version, info, project): return {'Info': info} @register_versions('return', ['v5']) def _return_v5(self, version, info, project): return { 'Data': info['FreqModes'], 'Type': 'level2_project_freqmode', 'Count': len(info['FreqModes']) } auth = HTTPBasicAuth() auth.verify_password(lambda _, password: password == SECRET_KEY) class Level2ProjectPublish(MethodView): @auth.login_required def post(self, project): projectsdb = level2db.ProjectsDB() try: projectsdb.publish_project(project) except level2db.ProjectError: abort(http.client.NOT_FOUND) return redirect( url_for('level2viewproject', project=project, version='v5'), code=http.client.CREATED, )