def last(): try: verify_jwt_in_request() except NoAuthorizationError: pass entries = models.Entry.query.order_by(models.Entry.updated_at.desc()).limit(100) return render_template('news.html', entries=entries, user=current_user)
def wrapper(*args, **kwargs): verify_jwt_in_request() claims = get_jwt_claims() if claims["roles"] != "admin": return jsonify(msg="Admins only!"), 403 else: return fn(*args, **kwargs)
def wrapper(*args, **kwargs): verify_jwt_in_request() claims = get_jwt_claims() if claims['roles'] != 'Admin': return {'Not authorized': 'Admins only!'}, 403 else: return fn(*args, **kwargs)
def wrapper(*args, **kwargs): verify_jwt_in_request() claims = get_jwt_claims() if claims['status'] == "False": return {'status': 'FORBIDDEN', 'message': 'Internal only!'}, 403 else: return fn(*args, **kwargs)
def wrapper(*args, **kwargs): verify_jwt_in_request() claims = get_jwt_claims() if claims['user_type'] != "admin": return {'user_type': 'FORBIDDEN', 'message': 'Admin only'}, 403 else: return fn(*args, **kwargs)
def wrapper(*args, **kwargs): verify_jwt_in_request() claims = get_jwt_identity() if claims['role_name'] != 'manager': return 'managers only!', status.HTTP_403_FORBIDDEN else: return fn(*args, **kwargs)
def jwt_check(self): """Check whether the current request needs to be authenticated using JWT, and if so, whether it contains a valid JWT access token. The login name from the access token is stored in the request_context['AuthUser'] via quering the jwt identity with get_jwt_identiy for the benefit of `lib.user.getUserFromRequest()`. """ method = request.url_rule.endpoint[request.url_rule.endpoint. rfind(".") + 1:] if method in self.jwt_exempt_methods: log.debug("jwt_check: operation is exempt from JWT check") return None try: verify_jwt_in_request() except ( NoAuthorizationError, ExpiredSignatureError, InvalidSignatureError, CSRFError, ): log.error("jwt_check: Failed JWT authentication") response = sendError(None, "Not authenticated") response.status_code = 401 return response
def wrapper(*args, **kwargs): verify_jwt_in_request() claims = get_jwt() if claims['role'] != "Vendor": return {"message": "Vendors only"}, 403 else: return fn(*args, **kwargs)
def wrapper(*args, **kwargs): if refresh: verify_jwt_refresh_token_in_request() else: verify_jwt_in_request() return func(*args, **kwargs)
def wrapper(*args, **kwargs): verify_jwt_in_request() user = get_authenticated_user() if not any(map(lambda role: role in roles, user['roles'])): raise AccessDenied() return func(*args, **kwargs)
def decorator(*args, **kwargs): verify_jwt_in_request() claims = get_jwt() if claims["user_role_code"] == ADMIN_EMPLOYEE_CODE: return fn(*args, **kwargs) else: return Response(status=403)
def decorated_function(*args, **kwargs): verify_jwt_in_request() user_id = get_jwt_identity() user = User.query.get(user_id) main_promoters_ids = kwargs.get('main_promoters_ids') if main_promoters_ids is None: event_id = kwargs.get('event_id') event_promoters = EventPromoter.query.filter( EventPromoter.event_id == event_id, EventPromoter.status == EventPromoter.Status.APPROVED.value, EventPromoter.role == EventPromoter.Role.MAIN.value).all() if event_promoters is None: raise exception main_promoters_ids = [ep.promoter_id for ep in event_promoters] max_role = PromoterUser.query.filter( PromoterUser.user == user, PromoterUser.promoter_id.in_(main_promoters_ids)).order_by( PromoterUser.role.desc()).first() if max_role is not None: if max_role.role >= required_role: return fn(*args, **kwargs) raise exception
def wrapper(*args, **kwargs): try: if os.getenv('FLASK_CONFIG') == 'unittest' or os.getenv( 'IGNORE_JWT'): return fn(*args, **kwargs) else: # 1. token校验 verify_jwt_in_request() # 2. 互斥登录的校验, 在开发环境不希望互斥, 会影响开发进度 # if os.getenv('ENV') != 'dev': from app import aios_redis options = { 'ACTIVE_KEY': 'bam:active:{}', 'TOOL_ACTIVE_KEY': 'bam:tool_active:{}' } verify_mutex_login(aios_redis, g.user_id, **options) return fn(*args, **kwargs) except ExpiredSignatureError as err: current_app.logger.error(err, exc_info=True) return res_unauthorized('签名失效!') except InvalidTokenError as err: current_app.logger.error(err, exc_info=True) return res_unauthorized('无效的登录凭据!') except SQLAlchemyError as err: current_app.logger.error(err, exc_info=True) return res_ex_response('连接失败!', original=True) except UnauthorizedException as err: current_app.logger.error(err, exc_info=True) return res_unauthorized(err.args[0]) except Exception as err: current_app.logger.error(err, exc_info=True) return res_ex_response('操作失败!', original=True)
def decorator(*args, **kwargs): verify_jwt_in_request(locations=["headers"]) if get_jwt()['type'] == "confirmEmail": return fn(*args, **kwargs) else: return "Invalid token type", HTTPStatus.FORBIDDEN
def query(self, view_kwargs): """ query method for resource list :param view_kwargs: :return: """ if 'Authorization' in request.headers: verify_jwt_in_request() if current_user.is_super_admin or current_user.is_admin: query_ = self.session.query(Ticket) elif view_kwargs.get('event_id') and has_access( 'is_organizer', event_id=view_kwargs['event_id']): query_ = self.session.query(Ticket) else: query_ = self.session.query(Ticket).filter_by(is_hidden=False) else: query_ = self.session.query(Ticket).filter_by(is_hidden=False) if view_kwargs.get('ticket_tag_id'): ticket_tag = safe_query(self, TicketTag, 'id', view_kwargs['ticket_tag_id'], 'ticket_tag_id') query_ = query_.join(ticket_tags_table).filter_by( ticket_tag_id=ticket_tag.id) query_ = event_query(self, query_, view_kwargs) if view_kwargs.get('access_code_id'): access_code = safe_query(self, AccessCode, 'id', view_kwargs['access_code_id'], 'access_code_id') # access_code - ticket :: many-to-many relationship query_ = Ticket.query.filter( Ticket.access_codes.any(id=access_code.id)) if view_kwargs.get('discount_code_id'): discount_code = safe_query( self, DiscountCode, 'id', view_kwargs['discount_code_id'], 'discount_code_id', ) # discount_code - ticket :: many-to-many relationship query_ = Ticket.query.filter( Ticket.discount_codes.any(id=discount_code.id)) if view_kwargs.get('order_identifier'): order = safe_query( self, Order, 'identifier', view_kwargs['order_identifier'], 'order_identifier', ) ticket_ids = [] for ticket in order.tickets: ticket_ids.append(ticket.id) query_ = query_.filter(Ticket.id.in_(tuple(ticket_ids))) return query_
def wrapper(*args, **kwargs): verify_jwt_in_request() claims = get_jwt() if claims['role'] != "Admin": return {"message": "Only Admin has this right !!"}, 403 else: return fn(*args, **kwargs)
def wrapper(*args, **kwargs): verify_jwt_in_request() claims = get_jwt_claims() if claims['roles'] == 'admin': return fn(*args, **kwargs) else: return make_response(jsonify(mensagem='não permitido'), 403)
def wrapper(*args, **kwargs): verify_jwt_in_request() claims = get_jwt_claims() if claims.get('role') != ROLE_ADMIN: raise NoAuthorizationError("User not Autohrized") else: return func(*args, **kwargs)
def wrapper(*args, **kwargs): verify_jwt_in_request() claims = get_jwt_claims() if claims['role'] > 0: abort(403, "You are not allowed to view this resource") else: return fn(*args, **kwargs)
def decorator(*args, **kwargs): verify_jwt_in_request() claims = get_jwt() if not claims["is_student"]: return fn(*args, **kwargs) else: return {"msg": "Professors only!"}, 403
def logout_user(): auth_token = get_auth_token(request) if auth_token: verify_jwt_in_request() # check if user already exists existing_blacklisted_token = BlacklistToken.query.filter_by( token=auth_token).first() if existing_blacklisted_token: # insert the token return jsonify({ 'status': 'success', }), 201 try: # mark the token as blacklisted blacklist_token = BlacklistToken(token=auth_token) # insert the token db.session.add(blacklist_token) db.session.commit() return jsonify({ 'status': 'success', }), 200 except Exception as e: return errors.server_error(e) else: return errors.forbidden('Provide a valid auth token.')
def wrapper(*args, **kwargs): verify_jwt_in_request() claims = get_jwt_claims() if 'admin' not in claims['roles']: return {'message': 'Not authorized!'}, 403 else: return fn(*args, **kwargs)
def decorated_function(*args, **kwargs): verify_jwt_in_request() if not current_user.subscription: msg = 'You need an active subscription to access this resource.' response = {'error': msg} return jsonify(response), 403 return fn(*args, **kwargs)
def wrapper(*args, **kwargs): verify_jwt_in_request() claims = get_jwt_claims() if claims['roles'] not in ['Admin', 'Contributor']: return {'Not authorized': 'Admins or Contributors only!'}, 403 else: return fn(*args, **kwargs)
def wrapper(*args, **kwargs): verify_jwt_in_request() claims = get_jwt() if claims['role'] == 'admin': return fn(*args, **kwargs) else: return 'Only admins can access', 403
def is_coorganizer_endpoint_related_to_event(view, view_args, view_kwargs, *args, **kwargs): """ If the authorization header is present (but expired) and the eventbeing accessed is not published - And the user is related to the event (organizer, co-organizer etc) show a 401 - Else show a 404 :param view: :param view_args: :param view_kwargs: :param args: :param kwargs: :return: """ user = get_identity() if user.is_staff: verify_jwt_in_request() return view(*view_args, **view_kwargs) if user.has_event_access(kwargs['event_id']): verify_jwt_in_request() return view(*view_args, **view_kwargs) raise ForbiddenError({'source': ''}, 'Co-organizer access is required.')
def wrapper(*args, **kwargs): verify_jwt_in_request() claims = get_jwt_claims() if claims['type'] != 'seller': return {'status':'FORBIDDEN'}, 403, {'Content-Type': 'application/json'} else: return fn(*args, **kwargs)
def wrapper(*args, **kwargs): verify_jwt_in_request() claims = get_jwt_claims() if claims['roles'] != 'admin': return jsonify(msg='Admins only!'), 403 else: return fn(*args, **kwargs)
def wrapper(*args, **kwargs): verify_jwt_in_request() claims = get_jwt() if claims["role"] == "Admin": return fn(*args, **kwargs) elif claims['role'] == "Vendor": return fn(*args, **kwargs)
def decorator(*args, **kwargs): verify_jwt_in_request(optional) if get_jwt()['type'] == "access": return fn(*args, **kwargs) else: return "Invalid token type", HTTPStatus.FORBIDDEN
def wraps(self, *args, **kwargs): # Apply method permission name override if exists permission_str = "{}{}".format(PERMISSION_PREFIX, f._permission_name) if self.method_permission_name: _permission_name = self.method_permission_name.get(f.__name__) if _permission_name: permission_str = "{}{}".format(PERMISSION_PREFIX, _permission_name) class_permission_name = self.class_permission_name if permission_str not in self.base_permissions: return self.response_401() if current_app.appbuilder.sm.is_item_public( permission_str, class_permission_name ): return f(self, *args, **kwargs) if not (self.allow_browser_login or allow_browser_login): verify_jwt_in_request() if current_app.appbuilder.sm.has_access( permission_str, class_permission_name ): return f(self, *args, **kwargs) elif self.allow_browser_login or allow_browser_login: if not current_user.is_authenticated: verify_jwt_in_request() if current_app.appbuilder.sm.has_access( permission_str, class_permission_name ): return f(self, *args, **kwargs) log.warning( LOGMSG_ERR_SEC_ACCESS_DENIED.format( permission_str, class_permission_name ) ) return self.response_401()