def unauthorized_loader_handler(error):
if request.path.startswith('/api/'):
resp = make_response(jsonify(err="missing JWT"), 401)
else:
resp = make_response(redirect('/web/login'))
unset_jwt_cookies(resp)
return resp
def get(self):
"""
Log user out by revoking his auth tokens.
---
description: Once logged out, current user cannot access the API anymore.
tags:
- Authentification
responses:
200:
description: Logout successful
500:
description: Access token not found
"""
try:
logout()
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
except KeyError:
return {"Access token not found."}, 500
logout_data = {"logout": True}
if is_from_browser(request.user_agent):
response = jsonify(logout_data)
unset_jwt_cookies(response)
return response
else:
return logout_data
def logout():
'''Revokes the current user's tokens to logout user'''
arw = ApiResponseWrapper()
try:
access_token = request.cookies.get('access_token_cookie')
access_jti = get_jti((access_token))
revoked_store.set(access_jti, 'true', JWT_ACCESS_EXPIRES)
refresh_token = request.cookies.get('refresh_token_cookie')
refresh_jti = get_jti((refresh_token))
revoked_store.set(refresh_jti, 'true', JWT_ACCESS_EXPIRES)
final_response, status_code, headers = arw.to_json(None, 201)
unset_jwt_cookies(final_response)
except (BadRequestsError, UnauthorizedError, MethodNotAllowedError,
InternalServerError, NotFoundError) as e:
arw.add_errors(e.messages)
if arw.has_errors():
return arw.to_json(None, 400)
return final_response, status_code, headers
def render(self, template, **kwargs):
try:
verify_jwt_in_request()
self._template_args['current_user'] = get_current_user()
current_app.logger.info("Access token ok for user {}".format(
get_current_user()))
resp = make_response(
super(PhaunosBaseView, self).render(template, **kwargs))
except ExpiredSignatureError:
# if the access token has expired, create new non-fresh token
current_app.logger.info("Access token has expired.")
try:
verify_jwt_refresh_token_in_request()
self._template_args['current_user'] = get_current_user()
access_token = create_access_token(identity=get_jwt_identity(),
fresh=False)
resp = make_response(
super(PhaunosBaseView, self).render(template, **kwargs))
set_access_cookies(resp, access_token)
except ExpiredSignatureError:
# if the refresh token has expired, user must login again
current_app.logger.info("Refresh token has expired")
resp = make_response(
super(PhaunosBaseView, self).render(template, **kwargs))
unset_jwt_cookies(resp)
except NoAuthorizationError:
current_app.logger.info("No authorization token.")
resp = make_response(
super(PhaunosBaseView, self).render(template, **kwargs))
return resp
def logout():
# db.hdel()
response = make_response("", 301)
session.clear()
unset_jwt_cookies(response)
response.headers["Location"] = "/"
return response
def get(self):
"""
Log out a user
"""
resp = jsonify({'logout': True})
unset_jwt_cookies(resp)
return resp
def post(self):
try:
resp = jsonify({'logout': True})
unset_jwt_cookies(resp)
return resp
except:
return jsonify({'error': 'Something went wrong deleting token'})
def post(self):
'''
Remove the tokens from the cookies
'''
response = jsonify({"ok": True, "message": "Logout successful"})
unset_jwt_cookies(response)
return response, 200
def handle_user_logout():
headers = {"Content-Type": "application/json"}
response_body = {"result": "HTTP_200_0K. user logged out successfully"}
status_code = 200
response = make_response(json.dumps(response_body), status_code, headers)
unset_jwt_cookies(response)
return response
def logout():
"""Performs a logout for the current user.
"""
resp = Response(render_template('admin/login.html',
message='Your session has been canceled.'))
unset_jwt_cookies(resp)
return resp
def logout():
user = get_jwt_identity()
resp = jsonify(code=200, data={
'user': user,
})
unset_jwt_cookies(resp)
return resp
def my_expired_token_callback():
try:
resp = jsonify({"status": "error", "error": "User was logged out"})
unset_jwt_cookies(resp)
return resp, 200
except Exception as e:
return jsonify({"status": "error", "error": str(e)}), 401
def post(self):
""" Logout the user """
resp = jsonify({'logout': True})
unset_jwt_cookies(resp)
return make_response(resp, 200)
def delete(self):
"""Logout a user.
By sending an order to the browser to unset the cookie with the JWTs saved,
and revoking the current refresh token.
Revokes the access token based on the jti property and the user identity
---
tags:
- Auth
responses:
200:
description: User logged out
"""
user_identity = get_jwt_identity()
jti = get_raw_jwt()['jti']
try:
revoke_token(jti, user_identity)
except TokenNotFound:
resp = jsonify({'message': 'The specified token was not found'})
resp.status_code = 404
else:
resp = jsonify({
'message': 'Successfully logged out',
'logout': True
})
resp.status_code = 200
unset_jwt_cookies(resp)
return resp
def delete(self): # pylint: disable=W0613
"""Unsets the cookie in response"""
resp = jsonify({"logout": True})
unset_jwt_cookies(resp)
response = make_response(resp, 200)
response.mimetype = "application/json"
return response
def logout():
try:
resp = jsonify({"status": "OK"})
unset_jwt_cookies(resp)
return resp, 200
except Exception as e:
return jsonify({"status": "error", "error": str(e)}), 409
def logout():
try:
resp = jsonify({"status": "OK"})
unset_jwt_cookies(resp)
return resp, 200
except Exception, e:
return jsonify({"status": "ERROR"})
def user_login(self):
db = current_app.database
data = parser.parse_args()
print(data)
username = data['username']
password = data['password']
current_user = db.session.query(User).get(username)
if current_user is None:
resp = jsonify(login=False, username=None)
unset_jwt_cookies(resp)
return resp
if not current_user.is_correct_password(password):
resp = jsonify(login=False, username=username)
unset_jwt_cookies(resp)
return resp
access_token = create_access_token(identity=username)
refresh_token = create_refresh_token(identity=username)
resp = jsonify(login=True, username=username)
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp
def post(self):
"""
Remove cookies.
"""
resp = jsonify({"logout": True})
unset_jwt_cookies(resp)
return resp
def logout():
try:
resp = jsonify({})
unset_jwt_cookies(resp)
return resp, 200
except:
return "There was an Error", 400
def delete(self):
msg = 'token revoked successfully'
if 'access_token_cookie' not in request.cookies:
msg = 'token already revoked'
resp = jsonify({'message': msg})
unset_jwt_cookies(resp)
return resp
def refresh_expiring_jwts(response):
try:
if response.status_code == 401: # Si no estamos autorizados (JWT vencido o no logueado) se borrarán esas cookies
response = redirect('/login')
unset_jwt_cookies(response)
return response
exp_timestamp = get_jwt()[
"exp"] # Obtener la fecha de expiración del JWT actual
now = datetime.now(timezone.utc) # Obtener la hora local
target_timestamp = datetime.timestamp(
now + timedelta(hours=20)) # A la hora actual aumentar 15min
if target_timestamp > exp_timestamp:
additional_claims = {
"roleuser": get_jwt()["roleuser"]
} # Obtenemos el rol del JWT anterior para conservarlo
access_token = create_access_token(
identity=get_jwt_identity(),
additional_claims=additional_claims
) # crear el nuevo JWT con su misma identidad y rol
set_access_cookies(
response, access_token
) # Configuramos el JWT y retornamos el request que se estaba pidiendo
return response
except (RuntimeError, KeyError):
# Case where there is not a valid JWT. Just return the original response
return response
def invalid_token_callback(error):
"""Invalid Fresh/Non-Fresh Access token in auth header"""
print("Invalid Token Loaded!!")
resp = make_response(redirect(url_for("home")))
unset_jwt_cookies(resp)
resp.set_cookie('username', max_age=0)
return resp, 302
def logout():
try:
response = jsonify(SUCCESS_LOGOUT)
unset_jwt_cookies(response)
return response, 200
except Exception:
return jsonify(ERROR_LOGOUT), 500
def get(self):
"""
Deconnexion d'un utilisateur
"""
resp = redirect(request.referrer)
unset_jwt_cookies(resp)
return resp
def logout():
"""
Logs the user out by unsetting the refresh token cook
"""
response = make_response({"message": "User logged out"})
unset_jwt_cookies(response)
return response, 200
def logout():
claims = aws_auth.claims
log.info("User \"{}\" signed out on {}".format(claims.get('username'),
date_time_now()))
response = make_response(render_template('logout.html'))
unset_jwt_cookies(response)
return response, 200
def delete(self):
resp = jsonify({'login': False})
unset_jwt_cookies(resp)
# jti = get_raw_jwt()['jti']
# redis.set(jti, 'true', current_app.config['JWT_ACCESS_TOKEN_EXPIRES'] * 1.2)
# return {"msg": "Access token revoked"}, 200
return make_response(resp)
def logout_page():
"""
A view func for a '/logout' endpoint.
"""
resp = make_response(
redirect(url_for("news.hackernews_top_stories_page_func")))
unset_jwt_cookies(resp)
return resp
def handle_expired_token():
# http://flask-jwt-extended.readthedocs.io/en/latest/changing_default_behavior.html
# resp = redirect('/auth/login')
# Automatic re-login does't work with SAML, so we prepare
# for manual re-login
resp = make_response()
unset_jwt_cookies(resp)
return resp
def post(self):
"""Logout"""
resp = jsonify({'logout': True})
unset_jwt_cookies(resp)
return resp
