def lookup_current_user(): """ If there's a userid in the session, retrieve the user object and add to the request namespace object g. """ g.user = None g.usersession = None if 'sessionid' in session: usersession = UserSession.authenticate(buid=session['sessionid']) g.usersession = usersession if usersession: usersession.access() db.session.commit() # Save access g.user = usersession.user else: session.pop('sessionid', None) # Transition users with 'userid' to 'sessionid' if 'userid' in session: if not g.usersession: user = User.get(userid=session['userid']) if user: usersession = UserSession(user=user) usersession.access() db.session.commit() # Save access g.usersession = usersession g.user = user session['sessionid'] = usersession.buid session.pop('userid', None) # This will be set to True downstream by the requires_login decorator g.login_required = False
def login_internal(user): g.user = user usersession = UserSession(user=user) usersession.access() session['sessionid'] = usersession.buid session.permanent = True autoset_timezone(user) user_login.send(user)
def _load_user(self): """ If there's a buid in the session, retrieve the user object and add to the request namespace object g. """ add_auth_attribute('user', None) add_auth_attribute('session', None) lastuser_cookie = {} lastuser_cookie_headers = { } # Ignored for now, intended for future changes # Migrate data from Flask cookie session if 'sessionid' in session: lastuser_cookie['sessionid'] = session.pop('sessionid') if 'userid' in session: lastuser_cookie['userid'] = session.pop('userid') if 'lastuser' in request.cookies: try: lastuser_cookie, lastuser_cookie_headers = lastuser_oauth.serializer.loads( request.cookies['lastuser'], return_header=True) except itsdangerous.BadSignature: lastuser_cookie = {} if 'sessionid' in lastuser_cookie: add_auth_attribute( 'session', UserSession.authenticate(buid=lastuser_cookie['sessionid'])) if current_auth.session: current_auth.session.access() db.session.commit() # Save access add_auth_attribute('user', current_auth.session.user) # Transition users with 'userid' to 'sessionid' if not current_auth.session and 'userid' in lastuser_cookie: add_auth_attribute('user', User.get(buid=lastuser_cookie['userid'])) if current_auth.is_authenticated: add_auth_attribute('session', UserSession(user=current_auth.user)) current_auth.session.access() db.session.commit() # Save access if current_auth.session: lastuser_cookie['sessionid'] = current_auth.session.buid else: lastuser_cookie.pop('sessionid', None) if current_auth.is_authenticated: lastuser_cookie['userid'] = current_auth.user.buid else: lastuser_cookie.pop('userid', None) lastuser_cookie['updated_at'] = utcnow().isoformat() add_auth_attribute('cookie', lastuser_cookie) # This will be set to True downstream by the requires_login decorator add_auth_attribute('login_required', False)
def login_internal(user): g.user = user usersession = UserSession(user=user) usersession.access() g.lastuser_cookie['sessionid'] = usersession.buid g.lastuser_cookie['userid'] = user.userid session.permanent = False autoset_timezone(user) user_login.send(user)
def login_internal(user): g.user = user usersession = UserSession(user=user) usersession.access() g.lastuser_cookie['sessionid'] = usersession.buid g.lastuser_cookie['userid'] = user.buid session.permanent = False autoset_timezone(user) user_login.send(user)
def login_internal(user): add_auth_attribute('user', user) usersession = UserSession(user=user) usersession.access() add_auth_attribute('session', usersession) current_auth.cookie['sessionid'] = usersession.buid current_auth.cookie['userid'] = user.buid session.permanent = True autoset_timezone(user) user_login.send(user)
def lookup_current_user(): """ If there's a buid in the session, retrieve the user object and add to the request namespace object g. """ g.user = None g.usersession = None lastuser_cookie = {} lastuser_cookie_headers = { } # Ignored for now, intended for future changes # Migrate data from Flask cookie session if 'sessionid' in session: lastuser_cookie['sessionid'] = session.pop('sessionid') if 'userid' in session: lastuser_cookie['userid'] = session.pop('userid') if 'lastuser' in request.cookies: try: lastuser_cookie, lastuser_cookie_headers = lastuser_oauth.serializer.loads( request.cookies['lastuser'], return_header=True) except itsdangerous.BadSignature: lastuser_cookie = {} if 'sessionid' in lastuser_cookie: g.usersession = UserSession.authenticate( buid=lastuser_cookie['sessionid']) if g.usersession: g.usersession.access() db.session.commit() # Save access g.user = g.usersession.user # Transition users with 'userid' to 'sessionid' if not g.usersession and 'userid' in lastuser_cookie: g.user = User.get(buid=lastuser_cookie['userid']) if g.user: g.usersession = UserSession(user=g.user) g.usersession.access() db.session.commit() # Save access if g.usersession: lastuser_cookie['sessionid'] = g.usersession.buid else: lastuser_cookie.pop('sessionid', None) if g.user: lastuser_cookie['userid'] = g.user.buid else: lastuser_cookie.pop('userid', None) g.lastuser_cookie = lastuser_cookie # This will be set to True downstream by the requires_login decorator g.login_required = False
def decorated_function(*args, **kwargs): add_auth_attribute('login_required', True) # Check if http referrer and given client id match a registered client if ('client_id' in request.values and 'session' in request.values and request.referrer): client_cred = AuthClientCredential.get(request.values['client_id']) if client_cred is not None and get_scheme_netloc( client_cred.auth_client.website) == get_scheme_netloc( request.referrer): if UserSession.authenticate( buid=request.values['session']) is not None: return f(*args, **kwargs) # If we didn't get a valid client_id and session, maybe there's a user? if current_auth.is_authenticated: return f(*args, **kwargs) # If user is not logged in, check for client credentials in the request authorization header. # If no error reported, call the function, else return error. result = _client_login_inner() if result is None: return f(*args, **kwargs) else: return result
def lookup_current_user(): """ If there's a userid in the session, retrieve the user object and add to the request namespace object g. """ g.user = None g.usersession = None lastuser_cookie = {} lastuser_cookie_headers = {} # Ignored for now, intended for future changes # Migrate data from Flask cookie session if 'sessionid' in session: lastuser_cookie['sessionid'] = session.pop('sessionid') if 'userid' in session: lastuser_cookie['userid'] = session.pop('userid') if 'lastuser' in request.cookies: try: lastuser_cookie, lastuser_cookie_headers = lastuser_oauth.serializer.loads( request.cookies['lastuser'], return_header=True) except itsdangerous.BadSignature: lastuser_cookie = {} if 'sessionid' in lastuser_cookie: g.usersession = UserSession.authenticate(buid=lastuser_cookie['sessionid']) if g.usersession: g.usersession.access() db.session.commit() # Save access g.user = g.usersession.user # Transition users with 'userid' to 'sessionid' if not g.usersession and 'userid' in lastuser_cookie: g.user = User.get(userid=lastuser_cookie['userid']) if g.user: g.usersession = UserSession(user=g.user) g.usersession.access() db.session.commit() # Save access if g.usersession: lastuser_cookie['sessionid'] = g.usersession.buid else: lastuser_cookie.pop('sessionid', None) if g.user: lastuser_cookie['userid'] = g.user.userid else: lastuser_cookie.pop('userid', None) g.lastuser_cookie = lastuser_cookie # This will be set to True downstream by the requires_login decorator g.login_required = False
def _load_user(self): """ If there's a buid in the session, retrieve the user object and add to the request namespace object g. """ add_auth_attribute('user', None) add_auth_attribute('session', None) lastuser_cookie = {} lastuser_cookie_headers = {} # Ignored for now, intended for future changes # Migrate data from Flask cookie session if 'sessionid' in session: lastuser_cookie['sessionid'] = session.pop('sessionid') if 'userid' in session: lastuser_cookie['userid'] = session.pop('userid') if 'lastuser' in request.cookies: try: lastuser_cookie, lastuser_cookie_headers = lastuser_oauth.serializer.loads( request.cookies['lastuser'], return_header=True) except itsdangerous.BadSignature: lastuser_cookie = {} if 'sessionid' in lastuser_cookie: add_auth_attribute('session', UserSession.authenticate(buid=lastuser_cookie['sessionid'])) if current_auth.session: current_auth.session.access() db.session.commit() # Save access add_auth_attribute('user', current_auth.session.user) # Transition users with 'userid' to 'sessionid' if not current_auth.session and 'userid' in lastuser_cookie: add_auth_attribute('user', User.get(buid=lastuser_cookie['userid'])) if current_auth.is_authenticated: add_auth_attribute('session', UserSession(user=current_auth.user)) current_auth.session.access() db.session.commit() # Save access if current_auth.session: lastuser_cookie['sessionid'] = current_auth.session.buid else: lastuser_cookie.pop('sessionid', None) if current_auth.is_authenticated: lastuser_cookie['userid'] = current_auth.user.buid else: lastuser_cookie.pop('userid', None) add_auth_attribute('cookie', lastuser_cookie) # This will be set to True downstream by the requires_login decorator add_auth_attribute('login_required', False)
def session_verify(authtoken, args, files=None): sessionid = args['sessionid'] session = UserSession.authenticate(buid=sessionid) if session and session.user == authtoken.user: session.access(client=authtoken.client) db.session.commit() return { 'active': True, 'sessionid': session.buid, 'userid': session.user.userid, 'sudo': session.has_sudo, } else: return {'active': False}
def decorated_function(*args, **kwargs): g.login_required = True # Check if http referrer and given client id match a registered client if 'client_id' in request.values and 'session' in request.values and request.referrer: client_cred = ClientCredential.get(request.values['client_id']) if client_cred is not None and get_scheme_netloc(client_cred.client.website) == get_scheme_netloc(request.referrer): if UserSession.authenticate(buid=request.values['session']) is not None: return f(*args, **kwargs) # If we didn't get a valid client_id and session, maybe there's a user? if g.user is not None: return f(*args, **kwargs) # If user is not logged in, check for client credentials in the request authorization header. # If no error reported, call the function, else return error. result = _client_login_inner() if result is None: return f(*args, **kwargs) else: return result