def call(self):
"""
Simulate a notification and let us access the page with a new token.
Useful for development. Should be NEVER accessible on production
"""
token = Token()
token.save()
url = 'https://{domain}:{port}?token={token}'.format(
domain=config.get('WEB_APP_DOMAIN_NAME'),
port=config.get('WEB_APP_PORT'),
token=token.token
)
return redirect(url, 301)
async def auth_client_side(request: Request):
try:
body_bytes = await request.body()
auth_code = jsonable_encoder(body_bytes)
idInfo = id_token.verify_oauth2_token(auth_code, requests.Request(),
configuration.GOOGLE_CLIENT_ID)
if idInfo["iss"] not in [
"accounts.google.com", "https://accounts.google.com"
]:
raise ValueError("Wrong issuer.")
accessTokenExpires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
dateExpires = datetime.utcnow() + accessTokenExpires
print(idInfo)
user = UserInDB(
username=idInfo.get("email"),
email=idInfo.get("email"),
picture=idInfo.get("picture"),
given_name=idInfo.get("given_name"),
family_name=idInfo.get("family_name"),
disabled=False,
)
ret = insert_or_update_user(user)
accessToken = create_access_token(data={"username": user.username},
expires_delta=accessTokenExpires,
expires_date=dateExpires)
return Token(
access_token=accessToken,
token_type="bearer",
expires=accessTokenExpires,
date_expires=dateExpires,
)
except:
return HTTPException(status.HTTP_400_BAD_REQUEST,
"Unable to validate Google Login")
def execute():
try:
auth_session = session['authenticate']
request_datetime = auth_session['request_datetime']
token = auth_session['token']
used = True
except KeyError:
request_datetime = datetime.now() - timedelta(
seconds=int(config.get('AUTH_DATETIME_PADDING')))
token = request.args.get('token')
used = False
query = Token.select().where(Token.token == token,
Token.token.is_null(False),
Token.used == used,
Token.created_date >= request_datetime)
if not query.exists():
# Not valid, don't go further
Session.clear_auth_session()
return False
if Session.exists():
Session.renew_auth_session()
else:
Session.create_auth_session(token, request_datetime)
token = query.get()
token.used = True
token.save()
return True
def authenticate(self, user_to_auth: UserLogin) -> Optional[Token]:
try:
response = self.client.admin_initiate_auth(
UserPoolId=self.user_pool_id,
ClientId=self.client_id, # "2lmkmdeqbtrc04rndthiflofhi",
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={
'USERNAME': user_to_auth.email,
'PASSWORD': user_to_auth.password,
'SECRET_HASH': self.get_secret_hash(user_to_auth.email)
},
)
if "ChallengeName" in response:
if response["ChallengeName"] == "NEW_PASSWORD_REQUIRED":
obj = Token(message="NEW_PASSWORD_REQUIRED",
session=response["Session"])
return obj
except Exception as e:
print(e.response["Error"]["Message"])
raise HTTPException(
status_code=e.response["ResponseMetadata"]["HTTPStatusCode"],
detail="Unable to process this request.")
return response["AuthenticationResult"] # this is of type Token
def post(self):
token = get_token()
found_token = Token.get_token(token)
if found_token:
found_token.expire_token()
return {'status': 'true'}
else:
return {'status': 'false', 'message': 'Could not find token'}
def test_hang_up(client):
token = Token()
token.save()
response = client.get(
url_for('mobile_bp.index', token=token.token, _external=False))
assert response.status_code == 200
call = Call.get_call()
assert call.status == Call.ON_CALL
response = client.get(url_for('mobile_bp.hang_up', _external=False))
call.refresh_from_db()
assert response.status_code == 200
assert call.status == Call.HUNG_UP
response = client.get(
url_for('mobile_bp.validate_session', _external=False))
assert response.status_code == 403
def access_token():
client_id = request.form.get('client_id')
client_secret = request.form.get('client_secret')
if not client_id:
client_id = request.args.get('client_id')
if not client_secret:
client_secret = request.args.get('client_secret')
client = Client.query.filter({
'client_id': client_id,
'client_secret': client_secret
}).first()
db.session.db.Token.remove(
{'created_time': {
'$lt': datetime.now() - timedelta(hours=1)
}},
safe=True)
if not client:
return jsonify(
error={'message': 'Error validating verfication code'}), 401
# remove expired token
db.session.db.Token.remove(
{'created_time': {
'$lt': datetime.now() - timedelta(hours=1)
}},
safe=True)
# create new token
token = Token(token=str(uuid.uuid4()),
client=client,
created_time=datetime.now())
token.save()
expired_time = token.created_time + timedelta(hours=1)
expired_in = (expired_time - datetime.now()).total_seconds()
return jsonify(access_token=token.token, expired_in=expired_in)
def token_authentication(token):
token_instance = Token.get_token(token)
if not token_instance or not token_instance.is_valid():
abort(401, 'Invalid Authentication token')
token_instance.update_expiry()
return {
'authorized': True,
'token': token
}
def clear_auth_session():
success = True
try:
token = session['authenticate']['token']
token_obj = Token.select().where(Token.token == token).get()
token_obj.used = True
token_obj.save()
except (KeyError, DoesNotExist):
success = False
session.pop('authenticate', None)
return success
def generate_user_token(
db: SQLAlchemy, *,
user_id: str = None,
start_room: str = ROOM_NAME_WAITING,
task: Task = None) -> Token:
"""
Generates a new user token in the database with the default user permissions
(as participants in the study).
:param db: SQLAlchemy database
:param user_id: the id of the user if known, defaults to generate new id
:param start_room: the starting room for the user, defaults to waiting room
:param task: the task to assign to this user, defaults to None
:return: the new Token generated
"""
user_token = Token(
room_name=start_room,
id=user_id,
task=task,
permissions=Permissions(
user_query=False,
user_log_event=False,
user_room_join=False,
user_room_leave=False,
message_text=True,
message_image=True,
message_command=False,
message_broadcast=False,
room_query=True,
room_log_query=True,
room_create=False,
room_update=False,
room_delete=False,
layout_query=True,
layout_create=False,
layout_update=False,
task_create=False,
task_query=True,
task_update=False,
token_generate=False,
token_query=False,
token_invalidate=False,
token_update=False,
)
)
db.session.add(user_token)
db.session.flush()
db.session.commit()
getLogger('crwiz').info(f"New user token generated: {user_token.id}")
return user_token
def run(self):
now = datetime.datetime.now().replace(microsecond=0).isoformat()
if self.__picture is None:
if self.__front_door:
token = Token()
token.save()
auth_web_app_link = 'https://{domain}:{port}?token={token}'.format(
message=config.get('NOTIFICATION_FRONT_DOOR_MESSAGE'),
domain=config.get('WEB_APP_DOMAIN_NAME'),
port=config.get('WEB_APP_PORT'),
token=token.token)
message = '{message}\n' \
'[{call_cta_label}]({call_cta_link})'.\
format(
message=_('daemon/notification/front_door_message'),
call_cta_label=_('daemon/notification/call_cta_label'),
call_cta_link=auth_web_app_link)
else:
message = _('daemon/notification/back_door_message')
bot.send_message(chat_id=config.get('TELEGRAM_CHAT_ID'),
text=message,
parse_mode=telegram.ParseMode.MARKDOWN)
logger.debug('Ring notification sent to Telegram')
return # Close thread
try:
bot.send_photo(chat_id=config.get('TELEGRAM_CHAT_ID'),
photo=self.__picture,
caption=_('Photo'),
disable_notification=True)
logger.debug('Photo sent to Telegram')
except Exception as e:
logger.error('Could not send attachment to Telegram: {}'.format(
str(e)))
return # Close thread
def before_request():
token = request.cookies.get(current_app.config['AUTH_COOKIE_NAME'])
if token:
res = Token.check_access_token(token)
if not token:
return
if res and ('success' in res):
g.current_user = res['data'].user
return
else:
return
else:
return
def test_valid_already_taken_token(client):
token = Token()
token.used = True
token.save()
response = client.get(
url_for('mobile_bp.index', token=token.token, _external=False))
assert response.status_code == 403
token.delete_instance()
def decode_token(self, encoded_token, secret):
"""Decode an encoded JWT and return the decoded token."""
decoded_token = None
try:
decoded_token = jwt.decode(encoded_token, secret, algorithms="HS256")
except jwt.InvalidTokenError:
return None
return Token(
decoded_token["user_id"],
encoded_token,
decoded_token["exp"],
decoded_token["iat"],
TokenType[decoded_token["token_type"]],
)
def get_new_token(type: str) -> str:
"""
Генерирует новый токен и сохраняет в БД
:return: Строка с ключом токена
"""
token_key = ""
for i in range(15):
token_key = token_key + str(random.choice("0123456789ABCDEF"))
token = Token()
token.set_token_key(token_key)
token.type = type
token.save()
return token_key
def call(self):
token = Token(
access_token=self.access_token,
token_type=self.token_type,
scope=self.scope,
expires_in=self.expires_in,
refresh_token=self.refresh_token,
user_id=self.user_id
)
db.session.add(token)
db.session.commit()
db.session.refresh(token)
return token
def test_expired_token(client):
token = Token()
token.save()
time.sleep(config.get('AUTH_DATETIME_PADDING') + 1)
# Try with querystring
response = client.get(
url_for('mobile_bp.index', token=token.token, _external=False))
assert response.status_code == 403
token.delete_instance()
def test_valid_token(client):
token = Token()
token.save()
# Try with querystring
response = client.get(
url_for('mobile_bp.index', token=token.token, _external=False))
assert response.status_code == 200
# Then session
response = client.get(url_for('mobile_bp.index', _external=False))
assert response.status_code == 200
token.refresh_from_db()
assert token.used is True
token.delete_instance()
call = Call.get_call()
assert call.status == Call.ON_CALL
call.delete_instance()
def login():
try:
body = json.loads(request.data)
except:
return jsonify({'code': 4, 'msg': 'json not correct'})
if "password" not in body.keys():
return jsonify({'code': 1, 'msg': 'need key: password'})
else:
password = body["password"]
if "uid" in body.keys():
uid = body["uid"]
users = User.query.filter_by(uid=uid).all()
elif "email" in body.keys():
email = body["email"]
users = User.query.filter_by(email=email).all()
else:
return jsonify({'code': 1, 'msg': 'need uid or email'})
if len(users) != 1:
return jsonify({'code': 2, 'msg': 'can not find this user'})
uid = users[0].get_uid()
if not users[0].check_passwd(password):
return jsonify({'code': 5, 'msg': 'password not correct'})
try:
tokenid = str(int(time.time())) + ''.join(
random.sample(string.ascii_letters + string.digits, 15))
print(tokenid)
new_token = Token(_tokenid=tokenid, _uid=uid)
db.session.add(new_token)
db.session.commit()
except:
return jsonify({'code': 3, 'msg': 'new token error'})
return jsonify({
'code': 0,
'msg': 'success',
'data': {
'tokenid': tokenid,
'user': users[0].json()
}
})
def post(self):
# get request parameters
params = request.get_json()
if 'email' not in params or 'password' not in params:
abort(400, msg="missing email and password")
existing_user = User.find_by_credentials(
email=params['email'],
password=params['password']
)
if existing_user is None:
abort(401, msg="username and password do not match")
token = Token.create(existing_user)
return {'token': token.jwt_token}
def encode_token(self, claims, secret, expires_in):
"""Return a JWT with the given payload."""
if "user_id" not in claims:
raise ValueError("User Id missing from token claims")
if "token_type" not in claims:
raise ValueError("Token type missing from token claims")
now = datetime.now()
expiration_date = now + timedelta(seconds=expires_in)
claims.update({"exp": int(expiration_date.timestamp())})
claims.update({"iat": int(now.timestamp())})
encoded_token = jwt.encode(claims, secret, algorithm="HS256")
return Token(
claims["user_id"],
encoded_token,
claims["exp"],
claims["iat"],
TokenType[claims["token_type"]],
)
def test_valid_token_busy_line(client):
token = Token()
token.save()
dummy_caller_id = '123456789'
call = Call()
call.get_the_line(dummy_caller_id)
response = client.get(
url_for('mobile_bp.index', token=token.token, _external=False))
assert response.status_code == 423
call.delete_instance()
token.delete_instance()
async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends()):
user = authenticate_user(form_data.username, form_data.password)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"},
)
accessTokenExpires = timedelta(minutes=configuration.ACCESS_TOKEN_EXPIRE_MINUTES)
dateExpires = datetime.utcnow() + accessTokenExpires
accessToken = create_access_token(
data={"username": user.username}, expires_delta=accessTokenExpires, expires_date=dateExpires
)
return Token(
access_token=accessToken,
token_type="bearer",
expires=accessTokenExpires,
date_expires=dateExpires
)
def authenticate():
if not request.json:
return {'message': 'Request is not JSON.'}, 400
schema = {
'username': {
'type': 'string',
'required': True
},
'url': {
'type': 'string',
'required': True
},
'password': {
'type': 'string',
'required': True
}
}
validator = Validator(schema)
if not validator.validate(request.json):
return {'message': 'Required parameters are missing!'}, 400
payload = request.get_json()
username = payload['username'].lower()
url = payload['url']
password = payload['password']
user = User.find_by_username_password(username=username, password=password)
if user:
try:
Token.delete_all_tokens(user.id)
token = Token(url=url, user_id=user.id)
token.save()
if token:
return {
'message': 'Token has been created',
'token': token.token
}, 201
else:
return {'message': 'Unable to generate token.'}, 500
except:
return {'message': 'Unable to generate token.'}, 500
else:
return {'message': 'User does not exist!'}, 404
async def auth_server_side(request: Request):
token = await oauth.google.authorize_access_token(request)
user = await oauth.google.parse_id_token(request, token)
accessTokenExpires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
dateExpires = datetime.utcnow() + accessTokenExpires
print(user)
userDB = UserInDB(
username=user.get("email"),
email=user.get("email"),
picture=user.get("picture"),
given_name=user.get("given_name"),
family_name=user.get("family_name"),
disabled=False,
)
ret = insert_or_update_user(userDB)
accessToken = create_access_token(data={"username": user.get("email")},
expires_delta=accessTokenExpires,
expires_date=dateExpires)
return Token(
access_token=accessToken,
token_type="bearer",
expires=accessTokenExpires,
date_expires=dateExpires,
)
def blacklist(token):
"""blacklist token """
Token(token=token).blacklist_token()
return {"success": True, "message": "Your are logged out"}
def is_blacklisted(token):
""" check if token is blacklisted """
return Token.get_token(token)
def post(self):
#Handle POST request for this view. Url ---> /auth/logout
"""Endpoint to logout a user"""
try:
# get auth token
auth_header = request.headers.get('Authorization')
auth_token = None
if auth_header and len(auth_header.split(" ")) > 1:
auth_token = auth_header.split(" ")[1]
if auth_token is None:
return make_response(
jsonify({
"message": "Token required",
"status": "failure"
})), 403
if auth_token is not None:
#decode the token that was stored after login to extract the user id
user_id = User.get_token_user_id(auth_token)
if user_id == "Expired token. Please login to get a new token":
#First check if token exists in the Token table
token = Token.query.filter_by(token=auth_token).first()
# Delete token from the logged in user's table if it is in the logged in user table
if token is not None:
Token.delete_token(token)
return make_response(
jsonify({
"message":
" Token Expired. Please login to get a new one",
"status": "failure"
})), 403
if user_id == "Invalid token. Please register or login":
return make_response(
jsonify({
"message":
" Invalid Token. Please login to get a new one",
"status": "failure"
})), 403
#check if token exists in the Token table
token = Token.query.filter_by(token=auth_token).first()
#Use the user ID that was decoded from the token to extract
# the user so u can change the logged in flag to 0
user = User.query.filter_by(id=int(user_id)).first()
#check if the token is stored in the table with tokens
if token is not None:
#remove the token from the token table
Token.delete_token(token)
#set the user logged in flag to 0
user.logged_in = 0
user.save()
# create the response
response = {
"message": 'Logout Successful',
"status": "success"
}
# send the response
return make_response(jsonify(response)), 201
else:
#log out user if not already logged out
response = {
"message": 'No need you are already logged out',
"status": "success"
}
#make and send the response
return make_response(jsonify(response)), 303
except Exception as e:
response = {
"message": " Internal server error " + str(e),
"status": "failure"
}
# Return a server error using the HTTP Error Code 500 (Internal Server Error)
return make_response(jsonify(response)), 500
def post(self):
#Handle POST request for this view. Url ---> /auth/login
"""Endpoint to login a user"""
try:
#check if the request is json data
if request.is_json:
#get the json data sent over post as a dictionary
data = request.get_json()
else:
response = {
"message": "Please supply json data",
"status": "failure"
}
return make_response(jsonify(response)), 400
if (isinstance(data['username'], Number)) or (isinstance(
data['password'], Number)):
response = {
"message":
"Invalid values supplied, Please try again with text values",
"status": "failure"
}
return make_response(jsonify(response)), 401
if (not isinstance(data['username'], str)) and (not isinstance(
data['password'], str)):
response = {
"message":
"Invalid values supplied, Please try again with text values",
"status": "failure"
}
return make_response(jsonify(response)), 401
user = User.query.filter(
or_(User.username == data['username'],
User.email == data['username'])).first()
#Verify correct password supplied
if user is None or \
check_password_hash(user.password, data['password']) is False:
# User does not exist
response = {
"message":
'Invalid username or password, Please try again',
"status": "failure"
}
return make_response(jsonify(response)), 401
user.logged_in = 1
access_token = User.generate_token(user.id)
db.session.commit()
#store token in the Tokens table
token = Token(token=access_token.decode())
db.session.add(token)
db.session.commit()
if access_token is not None:
response = {
"message": 'You logged in successfully.',
"access_token": access_token.decode(),
"status": "success",
"id": user.id,
"username": user.username,
"email": user.email
}
return make_response(jsonify(response)), 200
except json.JSONDecodeError:
response = {
"message": "Please supply a correct format for your json data",
"status": "failure"
}
return make_response(jsonify(response)), 400
except KeyError as key:
#username or password key is not supplied
response = {
"message": "Please supply a " + str(key),
"status": "failure"
}
return make_response(jsonify(response)), 400
except Exception as e:
response = {
"message": "Server error: " + str(e),
"status": "failure"
}
# Return a server error using the HTTP Error Code 500 (Internal Server Error)
return make_response(jsonify(response)), 500
def _get_user_from_token(jwt_token):
if jwt_token:
token = Token.find_by_token(jwt_token)
if token is not None:
return token.user
def _create_token_for_user(self, user):
return Token.create(user)
def get_user_unid(token):
return Token.get_token(token).user_unid
