def _validate_account_access(token_info, account_id): with Transaction() as t: account_repo = AccountRepo(t) token_associated_account = account_repo.find_linked_account( token_info['iss'], token_info['sub']) account = account_repo.get_account(account_id) if account is None: raise NotFound(ACCT_NOT_FOUND_MSG) else: # Whether or not the token_info is associated with an admin acct token_authenticates_admin = \ token_associated_account is not None and \ token_associated_account.account_type == 'admin' # Enum of how closely token info matches requested account_id auth_match = account.account_matches_auth( token_info[JWT_EMAIL_CLAIM_KEY], token_info[JWT_ISS_CLAIM_KEY], token_info[JWT_SUB_CLAIM_KEY]) # If token doesn't match requested account id, and doesn't grant # admin access to the system, deny. if auth_match == AuthorizationMatch.NO_MATCH and \ not token_authenticates_admin: raise Unauthorized() return account
def validate_admin_access(token_info): with Transaction() as t: account_repo = AccountRepo(t) account = account_repo.find_linked_account(token_info['iss'], token_info['sub']) if account is None or account.account_type != 'admin': raise Unauthorized()
def find_accounts_for_login(token_info): # Note: Returns an array of accounts accessible by token_info because # we'll use that functionality when we add in administrator accounts. with Transaction() as t: acct_repo = AccountRepo(t) acct = acct_repo.find_linked_account( token_info[JWT_ISS_CLAIM_KEY], token_info[JWT_SUB_CLAIM_KEY]) if acct is None: return jsonify([]), 200 return jsonify([acct.to_api()]), 200
def _validate_has_account(token_info): # WARNING: this does NOT authenticate a user but tests for the # presence of an account with Transaction() as t: account_repo = AccountRepo(t) token_associated_account = account_repo.find_linked_account( token_info['iss'], token_info['sub']) if token_associated_account is None: raise Unauthorized() else: return
def create_daklapack_orders(body, token_info): validate_admin_access(token_info) ADDRESSES_KEY = 'addresses' extended_body = body.copy() results = [] with Transaction() as t: account_repo = AccountRepo(t) extended_body[SUBMITTER_ACCT_KEY] = account_repo.find_linked_account( token_info['iss'], token_info['sub']) for curr_address in extended_body[ADDRESSES_KEY]: curr_order_dict = extended_body.copy() curr_order_dict.pop(ADDRESSES_KEY) curr_order_dict[ADDR_DICT_KEY] = curr_address result_info = _create_daklapack_order(curr_order_dict) results.append(result_info) # return response to caller response = jsonify({"order_submissions": results}) response.status_code = 200 return response
def token_grants_admin_access(token_info): with Transaction() as t: account_repo = AccountRepo(t) account = account_repo.find_linked_account(token_info['iss'], token_info['sub']) return account is not None and account.account_type == 'admin'