Exemplo n.º 1
0
    def get(self):
        # get the auth token
        auth_header = request.headers.get('Authorization')
        if auth_header:
            auth_token = auth_header.split(" ")[1]
        else:
            auth_token = ''
        if auth_token:
            resp = User.decode_token(auth_token, 'access')
            if not isinstance(resp, str):
                user = User.query.filter_by(id=resp['sub']).first()
                responseObject = {
                    'status': 'success',
                    'data': {
                        'user_id': user.id,
                        'email': user.email,
                        'admin': user.admin,
                        'registered_on': user.registered_on
                    }
                }
                return make_response(jsonify(responseObject)), 200

            responseObject = {'status': 'fail', 'message': resp}
            return make_response(jsonify(responseObject)), 401
        else:
            responseObject = {
                'status': 'fail',
                'message': 'Provide a valid access token.'
            }
            return make_response(jsonify(responseObject)), 401
Exemplo n.º 2
0
 def post(self):
     # get auth token
     auth_header = request.headers.get('Authorization')
     if auth_header:
         auth_token = auth_header.split(" ")[1]
     else:
         auth_token = ''
     if auth_token:
         resp = User.decode_token(auth_token, 'refresh')
         if not isinstance(resp, str):
             # mark the token as blacklisted
             blacklist_token = BlacklistToken(token=auth_token)
             try:
                 # insert the token
                 db.session.add(blacklist_token)
                 db.session.commit()
                 responseObject = {
                     'status': 'success',
                     'message': 'Successfully logged out.'
                 }
                 return make_response(jsonify(responseObject)), 200
             except Exception as e:
                 responseObject = {'status': 'fail', 'message': e}
                 return make_response(jsonify(responseObject)), 200
         else:
             responseObject = {'status': 'fail', 'message': resp}
             return make_response(jsonify(responseObject)), 401
     else:
         responseObject = {
             'status': 'fail',
             'message': 'Provide a valid auth token.'
         }
         return make_response(jsonify(responseObject)), 403
Exemplo n.º 3
0
 def post(self):
     # get the refresh token
     auth_header = request.headers.get('Authorization')
     if auth_header:
         refresh_token = auth_header.split(" ")[1]
     else:
         refresh_token = ''
     if refresh_token:
         resp = User.decode_token(refresh_token, 'refresh')
         if not isinstance(resp, str):
             responseObject = {
                 'status':
                 'success',
                 'message':
                 'successfully created new access token',
                 'access_token':
                 (User.encode_access_token(resp['sub'])).decode()
             }
             return make_response(jsonify(responseObject)), 200
         else:
             responseObject = {
                 'status': 'fail',
                 'message': 'Provide a valid auth token.'
             }
             return make_response(jsonify(responseObject)), 401
     else:
         responseObject = {
             'status': 'fail',
             'message': 'Provide a valid refresh token.'
         }
         return make_response(jsonify(responseObject)), 403
Exemplo n.º 4
0
def protected_resource(auth_token,
                       authorized_callback,
                       token_needed='access',
                       unauthorized_callback=default_unauthorized_callback):
    """
        Method used to protect a resource. This is used in a view to determine whether they are authorized or unauthorized. User passes an$

        :param auth_token: Token the user is attempting to authorized with.
        :param authorized_callback: This is a callback method we used to return a json string to the view to be presented. The callback me$
        :param unauthorized_callback: If there is still information that we want to present if the token is not authorized we can pass a c$
        """

    # If a valid auth_token is present
    if auth_token:
        auth_token = auth_token.split(" ")[1]
        resp = User.decode_token(auth_token, token_needed)
        #when decoding the token, if the response is not a string, else we have an error and pass it to the default_expired_token_$
        if not isinstance(resp, str):
            return authorized_callback(resp)
        elif resp == 'Expired':
            return default_needs_fresh_token_callback
        return unauthorized_callback('Unauthorized')
    else:
        return unauthorized_callback('Unauthorized')