async def _handle_logout(self, web_request: WebRequest) -> Dict[str, str]: user_info = web_request.get_current_user() if user_info is None: raise self.server.error("No user logged in") username: str = user_info['username'] if username in RESERVED_USERS: raise self.server.error( f"Invalid log out request for user {username}") self.users.pop(f"{username}.jwt_secret", None) jwk_id: str = self.users.pop(f"{username}.jwk_id", "") self.public_jwks.pop(jwk_id, None) return {"username": username, "action": "user_logged_out"}
async def _handle_password_reset( self, web_request: WebRequest) -> Dict[str, str]: password: str = web_request.get_str('password') new_pass: str = web_request.get_str('new_password') user_info = web_request.get_current_user() if user_info is None: raise self.server.error("No Current User") username = user_info['username'] if username in RESERVED_USERS: raise self.server.error( f"Invalid Reset Request for user {username}") salt = bytes.fromhex(user_info['salt']) hashed_pass = hashlib.pbkdf2_hmac('sha256', password.encode(), salt, HASH_ITER).hex() if hashed_pass != user_info['password']: raise self.server.error("Invalid Password") new_hashed_pass = hashlib.pbkdf2_hmac('sha256', new_pass.encode(), salt, HASH_ITER).hex() self.users[f'{username}.password'] = new_hashed_pass return {'username': username, 'action': "user_password_reset"}
def _delete_jwt_user(self, web_request: WebRequest) -> Dict[str, str]: username: str = web_request.get_str('username') current_user = web_request.get_current_user() if current_user is not None: curname = current_user.get('username', None) if curname is not None and curname == username: raise self.server.error( f"Cannot delete logged in user {curname}") if username in RESERVED_USERS: raise self.server.error( f"Invalid Request for reserved user {username}") user_info: Optional[Dict[str, Any]] = self.users.get(username) if user_info is None: raise self.server.error(f"No registered user: {username}") self.public_jwks.pop(self.users.get(f"{username}.jwk_id"), None) del self.users[username] IOLoop.current().call_later(.005, self.server.send_event, "authorization:user_deleted", {'username': username}) return {"username": username, "action": "user_deleted"}
async def _handle_user_request(self, web_request: WebRequest) -> Dict[str, Any]: action = web_request.get_action() if action == "GET": user = web_request.get_current_user() if user is None: return { 'username': None, 'created_on': None, } else: return { 'username': user['username'], 'created_on': user.get('created_on') } elif action == "POST": # Create User return self._login_jwt_user(web_request, create=True) elif action == "DELETE": # Delete User return self._delete_jwt_user(web_request) raise self.server.error("Invalid Request Method")
async def _handle_oneshot_request(self, web_request: WebRequest) -> str: ip = web_request.get_ip_address() assert ip is not None user_info = web_request.get_current_user() return self.get_oneshot_token(ip, user_info)