Exemplo n.º 1
0
def get_token_info():
    """获取令牌信息"""
    form = TokenForm().validate_for_api()
    s = Serializer(current_app.config['SECRET_KEY'])
    try:
        data = s.loads(form.token.data, return_header=True)
    except SignatureExpired:
        raise AuthFailed(msg='token is expired', error_code=1003)
    except BadSignature:
        raise AuthFailed(msg='token is invalid', error_code=1002)

    r = {
        'uid':
        data[0]['uid'],
        'nickname':
        data[0]['nickname'],
        'scope':
        data[0]['scope'],
        'create_at':
        time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(data[1]['iat'])),
        'expire_in':
        datetime.datetime.utcfromtimestamp(
            data[1]['exp']).strftime('%Y-%m-%d %H:%M:%S')
    }
    return restful_json(r)
Exemplo n.º 2
0
def verify_auth_token(token):
    """
    验证 token
    :param token:
    :return:
    """
    s = Serializer(current_app.config.get('SECRET_KEY'))
    try:
        data = s.loads(token)
    except BadSignature:
        # 令牌无效
        raise AuthFailed(msg='token is invalid', error_code=1002)
    except SignatureExpired:
        # 令牌过期
        raise AuthFailed(msg='token is expired', error_code=1003)

    uid = data['uid']
    ac_type = data['type']
    scope = data['scope']

    # 当前用户是否有权限访问视图函数
    allow = is_in_scope(scope, request.endpoint)
    if not allow:
        raise Forbidden()

    return User(uid, ac_type, scope)
Exemplo n.º 3
0
def verify_token(token, secret):
    ua = request.headers.get('User-Agent', '')
    if ua != WHITELIST_UA:
        timestamp = int(request.headers.get('Timestamp', 0))
        if abs(timestamp - int(time.time())) > 100:
            raise AuthFailed()

        my_secret = md5(token + str(timestamp))
        if my_secret != secret:
            raise AuthFailed()

    s = Serializer(current_app.config['SECRET_KEY'])
    try:
        data = s.loads(token)
    except BadSignature:
        raise AuthFailed(msg='token is invalid', error_code=1002)
    except SignatureExpired:
        raise AuthFailed(msg='token is expired', error_code=1003)
    uid = data['uid']
    user = User.get_by_id(uid)
    if not user:
        raise NotFound()
    allow = is_in_scope(user.scope, request.endpoint)
    if not allow:
        raise Forbidden()
    g.user = user
    return True
Exemplo n.º 4
0
Arquivo: user.py Projeto: GoldL/ji
 def verify(email, password):
     user = User.query.filter_original(email=email).first()
     if user.status == 0:
         raise AuthFailed(msg='账号已被禁用,请联系管理员', error_code=1008)
     if not user.check_password(password):
         raise AuthFailed()
     scope = 'AdminScope' if user.auth == 2 else 'UserScope'
     return {'uid': user.id, 'scope': scope}
Exemplo n.º 5
0
def create_session_api():
    form = LoginForm().validate_for_api().data_
    user = User.get_by_id(form['username'])
    if user is None:
        raise AuthFailed('User not found')
    if not user.check_password(form['password']):
        raise AuthFailed('Wrong username or password')
    login_user(user, remember=True)
    raise Success('Login successful')
Exemplo n.º 6
0
 def verify(email, password):
     user = User.query.filter_by(email=email).first()
     if not user:
         raise NotFound(msg='账户不存在!')
     if not user.check_password(password):
         raise AuthFailed(msg='密码错误')
     if not user.check_active():
         raise AuthFailed(msg='该账号没有登录权限')
     return {'uid': user.id, 'auth': user.auth}
Exemplo n.º 7
0
def verify_auth_token(token):
    s = TimedJSONWebSignatureSerializer(current_app.config['SECRET_KEY'])
    try:
        data = s.loads(token)
    except BadSignature:
        raise AuthFailed(msg='token is invalid', error_code=1002)
    except SignatureExpired:
        raise AuthFailed(msg='token is expired', error_code=1003)
    return User(data['uid'], data['type'], data['scope'])
Exemplo n.º 8
0
def verify_auth_token(token):
    s = Serializer(current_app.config['SECRET_KEY'])
    try:
        data = s.loads(token)
    except BadSignature:
        raise AuthFailed(msg='invalid token', error_code=1002)
    except SignatureExpired:
        raise AuthFailed(msg='token is expiration', error_code=1003)
    uid = data['uid']
    return User(uid)
Exemplo n.º 9
0
def verify_auth_token(token):
    """token验证"""
    s = Serializer(current_app.config['SECRET_KEY'])
    try:
        data = s.loads(token)
    except BadSignature:
        raise AuthFailed(error_code=1002, msg='token is invalid')
    except SignatureExpired:
        raise AuthFailed(error_code=1003, msg='token is expired ')
    return User(openid=data.get('openid'), type=data.get('type'))
Exemplo n.º 10
0
def verify_token(token):
    s = Serializer(current_app.config['SECRET_KEY'])
    try:
        data = s.loads(token.encode('utf-8'))
    except BadSignature:
        raise AuthFailed(msg='token is invalid',error_code=1002)
    except SignatureExpired:
        raise AuthFailed(msg='token is expired',error_code=1003)

    return data
Exemplo n.º 11
0
 def verify_hashkey(hashkey):
     # 解析hashkey
     s = Serializer(current_app.config['SECRET_KEY'])
     try:
         data = s.loads(hashkey)
     except BadSignature:
         raise AuthFailed(msg='激活码失效', error_code=1002)
     except SignatureExpired:
         raise AuthFailed(msg='激活码过期', error_code=1003)
     return data
Exemplo n.º 12
0
def login_api():
    form = LoginForm().validate_for_api()
    username = form.username.data
    password = form.password.data
    user = get_user_by_username(username)
    if not user:
        raise AuthFailed('Username does not exist')
    if not check_password(user, password):
        raise AuthFailed('Wrong username or password')
    login_user(user, remember=True)
    return Success('Login successful')
Exemplo n.º 13
0
def verify_auth_token(token):
    s = Serializer(current_app.config['SECRET_KEY'])
    try:
        data = s.loads(token)
    except BadSignature:
        raise AuthFailed(msg='token is invalid', error_code=1002)
    except SignatureExpired:
        raise AuthFailed(msg='token is expired')
    uid = data['uid']
    ac_type = data['type']
    scope = data['scope']
    return User(uid, ac_type, '')
Exemplo n.º 14
0
def verify_group(token, password):
    (uid, ac_type, scope) = decrypt_token(token)
    current_user = User.get_or_404(id=uid)
    group_id = current_user.group_id
    # 非admin用户,先进行校验
    if not current_user.is_admin:
        if group_id is None:
            raise AuthFailed(msg='您还不属于任何权限组,请联系系统管理员获得权限')
        allowed = is_in_auth_scope(group_id, request.endpoint)
        if not allowed:
            raise AuthFailed(msg='权限不够,请联系系统管理员获得权限')

    g.user = current_user  # UserTuple(uid, ac_type, scope)
Exemplo n.º 15
0
def verify_auth_token(token):
    s = Serial(current_app.config['SECRET_KEY'])
    try:
        data = s.loads(token)
    except BadSignature:
        raise AuthFailed(msg='非法身份,请重新登录', error_code=1002)
    except SignatureExpired:
        raise AuthFailed(msg='身份过期,请重新登录', error_code=1003)

    uid = data['uid']
    ac_type = data['type']
    auth = data['auth']
    return User(uid, ac_type, auth, '')
Exemplo n.º 16
0
def verify_auth_token(token):
    s = Serializer(current_app.config['SECRET_KEY'])
    try:
        data = s.loads(token)
    # 如果无法解密,当前token无效
    # 根据不同错误信息,返回具体的错误信息
    except BadSignature:
        raise AuthFailed(msg='token is invalid', error_code=10031)
    except SignatureExpired:
        raise AuthFailed(msg='token is expired', error_code=10032)
    user_id = data['user_id']
    scopes = data['scopes']
    # user_name = data['user_name']
    # request 视图函数
    return User(user_id, scopes)
Exemplo n.º 17
0
def verify_auth_token(token):
    s = Serializer(current_app.config["SECRET_KEY"])
    try:
        data = s.loads(token)
    except BadSignature:
        raise AuthFailed(msg="token is invalid", error_code=1002)
    except SignatureExpired:
        raise AuthFailed(msg="token is expired", error_code=1003)
    uid = data["uid"]
    ac_type = data["type"]
    scope = data["scope"]
    allow = is_in_scope(scope, request.endpoint)
    if not allow:
        raise Forbidden()
    return User(uid, ac_type, scope)
Exemplo n.º 18
0
def verify_auth_token(token):
    s = Serializer(current_app.config['SECRET_KEY'])
    try:
        data = s.loads(token)
    except BadSignature:
        raise AuthFailed(message='Invalid token', error_code=1002)
    except SignatureExpired:
        raise AuthFailed(message='Token has expired', error_code=1003)
    uid = data['uid']
    ac_type = data['type']
    scope = data['scope']

    if not is_permitted(scope, request.endpoint):
        raise Forbidden()
    return User(uid, ac_type, scope)
Exemplo n.º 19
0
def verify_auth_token():
    form = TokenForm().validate_for_api()
    s = TimedJSONWebSignatureSerializer(current_app.config['SECRET_KEY'])
    try:
        data = s.loads(form.token.data, return_header=True)
    except BadSignature:
        raise AuthFailed(msg='token is invalid', error_code=1002)
    except SignatureExpired:
        raise AuthFailed(msg='token is expired', error_code=1003)
    return jsonify({
        'scope': data[0]['scope'],
        'create_at': data[1]['iat'],
        'expire_in': data[1]['exp'],
        'uid': data[0]['uid']
    })
Exemplo n.º 20
0
def verify_auth_token(token):
    s = Serializer(current_app.config['SECRET_KEY'])
    try:
        data = s.loads(token)
    except BadSignature:
        raise AuthFailed(error_code=1002, msg='token is invalid')
    except SignatureExpired:
        raise AuthFailed(error_code=1003, msg='token is expired')
    uid = data['uid']
    ac_type = data['type']
    scope = data['scope']
    allow = is_in_scope(scope, request.endpoint)
    if not allow:
        raise Forbidden()
    return User(uid, ac_type, scope)
Exemplo n.º 21
0
def verify_auth_token(token):  #获取token中的信息。验证token合法性
    s = Serializer(current_app.config['SECRET_KEY'])
    try:
        data = s.loads(token)  #解密的方法
    except BadSignature:  #验证合法性。如果是BadSignature异常,则抛出自定义的AuthFailed
        raise AuthFailed(msg='token is invalid', error_code=1002)
    except SignatureExpired:  #验证是否过期
        raise AuthFailed(msg='token is expired', error_code=1003)
    uid = data['uid']
    ac_type = data['type']
    scope = data['scope']
    allow = is_in_scope(scope,
                        request.endpoint)  #endpoint表示要访问的视图函数,类似于url_for
    if not allow:
        raise Forbidden()
    return User(uid, ac_type, scope)
Exemplo n.º 22
0
def verify_auth_token(token):
    s = Serializer(current_app.config['SECRET_KEY'])
    try:
        data = s.loads(token)
    except BadSignature:
        raise AuthFailed(msg='Token不合法', error_code=4011)
    except SignatureExpired:
        raise AuthFailed(msg='Token过期', error_code=4012)

    uid = data['uid']
    ac_type = data['ac_type']
    scope = data['scope']
    allow = is_in_scope(scope, request.endpoint)
    if not allow:
        raise Forbidden()
    return UserInSession(uid, ac_type, scope, False)
Exemplo n.º 23
0
def verify_auth_token(token):
    s = Serializer(current_app.config['SECRET_KEY'])
    try:
        data = s.loads(token)  # token在请求头
    except BadSignature:
        raise AuthFailed(msg='token 无效', error_code=1002)
    except SignatureExpired:
        raise AuthFailed(msg='token 过期', error_code=1003)
    uid = data['uid']
    ac_type = data['type']
    scope = data['scope']
    # 可以获取要访问的视图函数
    allow = is_in_scope(scope, request.endpoint)
    if not allow:
        raise ForbiddenException()
    return UserTuple(uid, ac_type, scope)
Exemplo n.º 24
0
def verify_auth_token(token):  #解密token
    s = Serializer(current_app.config['SECRET_KEY'])
    try:
        data = s.loads(token)  #解密token 如果报错则说明不合法
    except BadSignature:
        raise AuthFailed(msg='token is invalid', error_code=1002)
    except SignatureExpired:
        raise AuthFailed(msg='token is expired', error_code=1003)
    uid = data['uid']
    ac_type = data['type']
    scope = data['scope']
    #request 获取要访问的视图函数
    allow = is_in_scope(scope, request.endpoint)  #权限验证
    if not allow:
        raise Forbidden()
    return User(uid, ac_type, scope)
Exemplo n.º 25
0
 def verify_by_mobile(mobile, password):
     user = User.query.filter_by(mobile=mobile) \
         .first_or_404(e=UserException(msg='该账号未注册'))
     if not user.check_password(password):
         raise AuthFailed(msg='密码错误')
     scope = Scope.match_user_scope(auth=user.auth)
     return {'uid': user.id, 'scope': scope}
Exemplo n.º 26
0
def verify_auth_token(token):
    s = Serializer(current_app.config['SECRET_KEY'])
    try:
        data = s.loads(token)
    except BadSignature:
        raise AuthFailed(msg='token is invalid', error_code=1002)
    except SignatureExpired:
        raise AuthFailed(msg='token is expired', error_code=1003)
    user_id = data['user_id']
    name = data['name']
    scope = None
    # request 视图函数
    #allow = is_in_scope(scope, request.endpoint)
    #if not allow:
    #    raise Forbidden()
    return User(user_id, name, scope)
Exemplo n.º 27
0
	def verify_by_email(email, password):
		user = User.query.filter_by(email=email).first_or_404(
			e=UserException(msg='该账号未注册'))
		if not user.check_password(password):
			raise AuthFailed(msg='密码错误')
		scope = 'AdminScope' if user.auth == ScopeEnum.Admin else 'UserScope'
		return {'uid': user.id, 'scope': scope}
Exemplo n.º 28
0
 def verify(email, password):
     user = User.query.filter_by(email=email).first_or_404()
     if not user.check_password(password):
         raise AuthFailed()
     scope = 'AdminScope' if user.auth == 2 else 'UserScope'
     # 划分scope,实际可能不止两个用户类型
     return {'uid': user.id, 'scope': scope}
Exemplo n.º 29
0
 def verify(email, password):
     user = User.query.filter_by(email=email) \
         .first_or_404(description="user not found")
     if not user.check_password(password):
         raise AuthFailed()
     scope = 'AdminScope' if user.auth == 2 else 'UserScope'
     return {'uid': user.id, 'scope': scope}
Exemplo n.º 30
0
 def verify_by_email(email, password):
     """"用于 API 调用"""
     user = User.query.filter_by(email=email).first_or_404()
     if not user.check_password(password):
         raise AuthFailed()
     authority = 'AdminAuthority' if user.auth == 2 else 'UserAuthority'
     return {'uid': user.id, 'authority': authority}