class OAuth2Token(db.Model):
__tablename__ = 'oauth2_token'
id = db.Column(db.Integer, primary_key=True)
user_id = db.Column(
db.Integer, db.ForeignKey('USERS.ID', ondelete='CASCADE'))
user = db.relationship('User')
client_id = db.Column(
db.String(128), db.ForeignKey('oauth2_client.client_id'),
nullable=False,
)
client = db.relationship('OAuth2Client')
# currently only bearer is supported
token_type = db.Column(db.String(40))
access_token = db.Column(db.String(255), unique=True)
refresh_token = db.Column(db.String(255), unique=True)
expires = db.Column(db.DateTime)
scopes = db.Column(ScalarListType(separator=' '), nullable=False)
def is_refresh_token_active(self):
if self.revoked:
return False
expires_at = self.issued_at + self.expires_in * 2
return expires_at >= time.time()
def delete(self):
db.session.delete(self)
db.session.commit()
return self
class Role(db.Model):
__tablename__ = 'ROLES'
id = db.Column("ID", db.Integer, primary_key=True)
name = db.Column("NAME", db.String(64), unique=True)
permission = db.Column("PERMISSION", db.Integer)
users = db.relationship('User', backref='role', lazy='dynamic')
class OAuth2Client(db.Model):
__tablename__ = 'oauth2_client'
# public or confidential
is_confidential = db.Column(db.Boolean, default=False)
user_id = db.Column(db.Integer, db.ForeignKey('USERS.ID', ondelete='CASCADE'))
# The first argument to db.relationship() indicates whatmodel is on the other side
# of the relationship. This model can be provided as a string if the class is not yet defined.
# The backref argument to db.relationship() defines the reverse direction of the relationship
# by adding a role attribute to the User model. This attribute can be used
# instead of role_id to access the Role model as an object instead of as a foreign key.
user = db.relationship('User', backref='client')
name = db.Column(db.String(40))
client_id = db.Column(db.String(40), primary_key=True)
client_secret = db.Column(db.String(55), unique=True, index=True,
nullable=False)
_redirect_uris = db.Column(ScalarListType(separator=' '), nullable=False)
_default_scopes = db.Column(ScalarListType(separator=' '), nullable=False)
@property
def client_type(self):
if self.is_confidential:
return 'confidential'
return 'public'
@property
def redirect_uris(self):
if self._redirect_uris:
return self._redirect_uris # .split()
return []
@property
def default_redirect_uri(self):
return self.redirect_uris[0]
@property
def default_scopes(self):
if self._default_scopes:
return self._default_scopes # .split()
return []
class User(db.Model, UserMixin):
__tablename__ = 'USERS'
id = db.Column('ID', db.Integer, primary_key=True)
first = db.Column('NAME', db.String(50))
password_hash = db.Column('PASSWORD', db.String(256), nullable=False)
email = db.Column('EMAIL', db.String(64), unique=True, index=True)
creation_date = db.Column('CREATED',
db.TIMESTAMP,
server_default=db.func.current_timestamp(),
nullable=False)
active = db.Column('ACTIVE', db.Boolean, default=False)
last = db.Column("LASTNAME", db.String(50), nullable=False)
role_id = db.Column('ROLE_ID', db.Integer, db.ForeignKey('ROLES.ID'))
def verify_password(self, password):
return password_context.verify(password, self.password_hash)
def check_password_strength_and_hash_if_ok(self, password):
if len(password) < 8:
return 'The password is too short. Please, specify a password with at least 8 characters.', False
if len(password) > 32:
return 'The password is too long. Please, specify a password with no more than 32 characters.', False
if re.search(r'[A-Z]', password) is None:
return 'The password must include at least one uppercase letter.', False
if re.search(r'[a-z]', password) is None:
return 'The password must include at least one lowercase letter. ', False
if re.search(r'\d', password) is None:
return 'The password must include at least one number.', False
if re.search(r"[ !#$%&'()*+,-./[\\\]^_`{|}~" + r'"]',
password) is None:
return 'The password must include at least one symbol. ', False
self.password_hash = password_context.hash(password)
return '', True
def has_a_permission(self, permission):
role = self.role
return role.permission == permission
def __init__(self, last="", email=""):
self.last = last
self.email = email
@property
def is_active(self):
return self.active
class OAuth2Grant(db.Model):
"""
Intermediate temporary helper for OAuth2 Grants.
"""
__tablename__ = 'oauth2_grant'
id = db.Column(db.Integer, primary_key=True) # pylint: disable=invalid-name
user_id = db.Column(db.ForeignKey('USERS.ID', ondelete='CASCADE'), index=True, nullable=False)
user = db.relationship('User')
client_id = db.Column(
db.String(length=40),
db.ForeignKey('oauth2_client.client_id'),
index=True,
nullable=False,
)
client = db.relationship('OAuth2Client')
code = db.Column(db.String(length=255), index=True, nullable=False)
redirect_uri = db.Column(db.String(length=255), nullable=False)
expires = db.Column(db.DateTime, nullable=False)
scopes = db.Column(ScalarListType(separator=' '), nullable=False)
def delete(self):
db.session.delete(self)
db.session.commit()
return self
@property
def scopes(self):
if self._scopes:
return self.scopes #.split()
return []