def api_key_create(): content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params( content, ["email", "password", "device_name"]) if err_response: return err_response email, password, device_name = params if not email: return bad_request(web_utils.INVALID_EMAIL) email = email.lower() user = User.from_email(db.session, email) if not user: time.sleep(5) return bad_request(web_utils.AUTH_FAILED) if not flask_security.verify_password(password, user.password): time.sleep(5) return bad_request(web_utils.AUTH_FAILED) api_key = ApiKey(user, device_name) for name in Permission.PERMS_ALL: perm = Permission.from_name(db.session, name) api_key.permissions.append(perm) db.session.add(api_key) db.session.commit() return jsonify( dict(token=api_key.token, secret=api_key.secret, device_name=api_key.device_name, expiry=api_key.expiry))
def api_key_confirm(token=None, secret=None): req = ApiKeyRequest.from_token(db.session, token) if not req: time.sleep(5) flash('Email login request not found.', 'danger') return redirect('/') if req.secret != secret: flash('Email login code invalid.', 'danger') return redirect('/') now = datetime.datetime.now() if now > req.expiry: time.sleep(5) flash('Email login request expired.', 'danger') return redirect('/') if request.method == 'POST': confirm = request.form.get('confirm') == 'true' if not confirm: db.session.delete(req) db.session.commit() flash('Email login cancelled.', 'success') return redirect('/') perms = request.form.getlist('perms') api_key = ApiKey(req.user, req.device_name) for name in perms: perm = Permission.from_name(db.session, name) api_key.permissions.append(perm) req.created_api_key = api_key db.session.add(req) db.session.add(api_key) db.session.commit() flash('Email login confirmed.', 'success') return redirect('/') return render_template('paydb/api_key_confirm.html', req=req, perms=Permission.PERMS_ALL)
def create_permission(name, desc): permission = Permission.from_name(db.session, name) if not permission: permission = Permission(name=name, description=desc) else: permission.description = desc db.session.add(permission) return permission