def authenticate(self, user_to_auth: UserLogin) -> Optional[Token]: try: response = self.client.admin_initiate_auth( UserPoolId=self.user_pool_id, ClientId=self.client_id, # "2lmkmdeqbtrc04rndthiflofhi", AuthFlow="ADMIN_NO_SRP_AUTH", AuthParameters={ 'USERNAME': user_to_auth.email, 'PASSWORD': user_to_auth.password, 'SECRET_HASH': self.get_secret_hash(user_to_auth.email) }, ) if "ChallengeName" in response: if response["ChallengeName"] == "NEW_PASSWORD_REQUIRED": obj = Token(message="NEW_PASSWORD_REQUIRED", session=response["Session"]) return obj except Exception as e: print(e.response["Error"]["Message"]) raise HTTPException( status_code=e.response["ResponseMetadata"]["HTTPStatusCode"], detail="Unable to process this request.") return response["AuthenticationResult"] # this is of type Token
async def auth_client_side(request: Request): try: body_bytes = await request.body() auth_code = jsonable_encoder(body_bytes) idInfo = id_token.verify_oauth2_token(auth_code, requests.Request(), configuration.GOOGLE_CLIENT_ID) if idInfo["iss"] not in [ "accounts.google.com", "https://accounts.google.com" ]: raise ValueError("Wrong issuer.") accessTokenExpires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES) dateExpires = datetime.utcnow() + accessTokenExpires print(idInfo) user = UserInDB( username=idInfo.get("email"), email=idInfo.get("email"), picture=idInfo.get("picture"), given_name=idInfo.get("given_name"), family_name=idInfo.get("family_name"), disabled=False, ) ret = insert_or_update_user(user) accessToken = create_access_token(data={"username": user.username}, expires_delta=accessTokenExpires, expires_date=dateExpires) return Token( access_token=accessToken, token_type="bearer", expires=accessTokenExpires, date_expires=dateExpires, ) except: return HTTPException(status.HTTP_400_BAD_REQUEST, "Unable to validate Google Login")
def test_valid_already_taken_token(client): token = Token() token.used = True token.save() response = client.get( url_for('mobile_bp.index', token=token.token, _external=False)) assert response.status_code == 403 token.delete_instance()
def test_expired_token(client): token = Token() token.save() time.sleep(config.get('AUTH_DATETIME_PADDING') + 1) # Try with querystring response = client.get( url_for('mobile_bp.index', token=token.token, _external=False)) assert response.status_code == 403 token.delete_instance()
def generate_user_token( db: SQLAlchemy, *, user_id: str = None, start_room: str = ROOM_NAME_WAITING, task: Task = None) -> Token: """ Generates a new user token in the database with the default user permissions (as participants in the study). :param db: SQLAlchemy database :param user_id: the id of the user if known, defaults to generate new id :param start_room: the starting room for the user, defaults to waiting room :param task: the task to assign to this user, defaults to None :return: the new Token generated """ user_token = Token( room_name=start_room, id=user_id, task=task, permissions=Permissions( user_query=False, user_log_event=False, user_room_join=False, user_room_leave=False, message_text=True, message_image=True, message_command=False, message_broadcast=False, room_query=True, room_log_query=True, room_create=False, room_update=False, room_delete=False, layout_query=True, layout_create=False, layout_update=False, task_create=False, task_query=True, task_update=False, token_generate=False, token_query=False, token_invalidate=False, token_update=False, ) ) db.session.add(user_token) db.session.flush() db.session.commit() getLogger('crwiz').info(f"New user token generated: {user_token.id}") return user_token
def get_new_token(type: str) -> str: """ Генерирует новый токен и сохраняет в БД :return: Строка с ключом токена """ token_key = "" for i in range(15): token_key = token_key + str(random.choice("0123456789ABCDEF")) token = Token() token.set_token_key(token_key) token.type = type token.save() return token_key
def test_valid_token_busy_line(client): token = Token() token.save() dummy_caller_id = '123456789' call = Call() call.get_the_line(dummy_caller_id) response = client.get( url_for('mobile_bp.index', token=token.token, _external=False)) assert response.status_code == 423 call.delete_instance() token.delete_instance()
def decode_token(self, encoded_token, secret): """Decode an encoded JWT and return the decoded token.""" decoded_token = None try: decoded_token = jwt.decode(encoded_token, secret, algorithms="HS256") except jwt.InvalidTokenError: return None return Token( decoded_token["user_id"], encoded_token, decoded_token["exp"], decoded_token["iat"], TokenType[decoded_token["token_type"]], )
def call(self): """ Simulate a notification and let us access the page with a new token. Useful for development. Should be NEVER accessible on production """ token = Token() token.save() url = 'https://{domain}:{port}?token={token}'.format( domain=config.get('WEB_APP_DOMAIN_NAME'), port=config.get('WEB_APP_PORT'), token=token.token ) return redirect(url, 301)
def call(self): token = Token( access_token=self.access_token, token_type=self.token_type, scope=self.scope, expires_in=self.expires_in, refresh_token=self.refresh_token, user_id=self.user_id ) db.session.add(token) db.session.commit() db.session.refresh(token) return token
def authenticate(): if not request.json: return {'message': 'Request is not JSON.'}, 400 schema = { 'username': { 'type': 'string', 'required': True }, 'url': { 'type': 'string', 'required': True }, 'password': { 'type': 'string', 'required': True } } validator = Validator(schema) if not validator.validate(request.json): return {'message': 'Required parameters are missing!'}, 400 payload = request.get_json() username = payload['username'].lower() url = payload['url'] password = payload['password'] user = User.find_by_username_password(username=username, password=password) if user: try: Token.delete_all_tokens(user.id) token = Token(url=url, user_id=user.id) token.save() if token: return { 'message': 'Token has been created', 'token': token.token }, 201 else: return {'message': 'Unable to generate token.'}, 500 except: return {'message': 'Unable to generate token.'}, 500 else: return {'message': 'User does not exist!'}, 404
def login(): try: body = json.loads(request.data) except: return jsonify({'code': 4, 'msg': 'json not correct'}) if "password" not in body.keys(): return jsonify({'code': 1, 'msg': 'need key: password'}) else: password = body["password"] if "uid" in body.keys(): uid = body["uid"] users = User.query.filter_by(uid=uid).all() elif "email" in body.keys(): email = body["email"] users = User.query.filter_by(email=email).all() else: return jsonify({'code': 1, 'msg': 'need uid or email'}) if len(users) != 1: return jsonify({'code': 2, 'msg': 'can not find this user'}) uid = users[0].get_uid() if not users[0].check_passwd(password): return jsonify({'code': 5, 'msg': 'password not correct'}) try: tokenid = str(int(time.time())) + ''.join( random.sample(string.ascii_letters + string.digits, 15)) print(tokenid) new_token = Token(_tokenid=tokenid, _uid=uid) db.session.add(new_token) db.session.commit() except: return jsonify({'code': 3, 'msg': 'new token error'}) return jsonify({ 'code': 0, 'msg': 'success', 'data': { 'tokenid': tokenid, 'user': users[0].json() } })
def encode_token(self, claims, secret, expires_in): """Return a JWT with the given payload.""" if "user_id" not in claims: raise ValueError("User Id missing from token claims") if "token_type" not in claims: raise ValueError("Token type missing from token claims") now = datetime.now() expiration_date = now + timedelta(seconds=expires_in) claims.update({"exp": int(expiration_date.timestamp())}) claims.update({"iat": int(now.timestamp())}) encoded_token = jwt.encode(claims, secret, algorithm="HS256") return Token( claims["user_id"], encoded_token, claims["exp"], claims["iat"], TokenType[claims["token_type"]], )
async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends()): user = authenticate_user(form_data.username, form_data.password) if not user: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect username or password", headers={"WWW-Authenticate": "Bearer"}, ) accessTokenExpires = timedelta(minutes=configuration.ACCESS_TOKEN_EXPIRE_MINUTES) dateExpires = datetime.utcnow() + accessTokenExpires accessToken = create_access_token( data={"username": user.username}, expires_delta=accessTokenExpires, expires_date=dateExpires ) return Token( access_token=accessToken, token_type="bearer", expires=accessTokenExpires, date_expires=dateExpires )
def test_valid_token(client): token = Token() token.save() # Try with querystring response = client.get( url_for('mobile_bp.index', token=token.token, _external=False)) assert response.status_code == 200 # Then session response = client.get(url_for('mobile_bp.index', _external=False)) assert response.status_code == 200 token.refresh_from_db() assert token.used is True token.delete_instance() call = Call.get_call() assert call.status == Call.ON_CALL call.delete_instance()
def test_hang_up(client): token = Token() token.save() response = client.get( url_for('mobile_bp.index', token=token.token, _external=False)) assert response.status_code == 200 call = Call.get_call() assert call.status == Call.ON_CALL response = client.get(url_for('mobile_bp.hang_up', _external=False)) call.refresh_from_db() assert response.status_code == 200 assert call.status == Call.HUNG_UP response = client.get( url_for('mobile_bp.validate_session', _external=False)) assert response.status_code == 403
def access_token(): client_id = request.form.get('client_id') client_secret = request.form.get('client_secret') if not client_id: client_id = request.args.get('client_id') if not client_secret: client_secret = request.args.get('client_secret') client = Client.query.filter({ 'client_id': client_id, 'client_secret': client_secret }).first() db.session.db.Token.remove( {'created_time': { '$lt': datetime.now() - timedelta(hours=1) }}, safe=True) if not client: return jsonify( error={'message': 'Error validating verfication code'}), 401 # remove expired token db.session.db.Token.remove( {'created_time': { '$lt': datetime.now() - timedelta(hours=1) }}, safe=True) # create new token token = Token(token=str(uuid.uuid4()), client=client, created_time=datetime.now()) token.save() expired_time = token.created_time + timedelta(hours=1) expired_in = (expired_time - datetime.now()).total_seconds() return jsonify(access_token=token.token, expired_in=expired_in)
def run(self): now = datetime.datetime.now().replace(microsecond=0).isoformat() if self.__picture is None: if self.__front_door: token = Token() token.save() auth_web_app_link = 'https://{domain}:{port}?token={token}'.format( message=config.get('NOTIFICATION_FRONT_DOOR_MESSAGE'), domain=config.get('WEB_APP_DOMAIN_NAME'), port=config.get('WEB_APP_PORT'), token=token.token) message = '{message}\n' \ '[{call_cta_label}]({call_cta_link})'.\ format( message=_('daemon/notification/front_door_message'), call_cta_label=_('daemon/notification/call_cta_label'), call_cta_link=auth_web_app_link) else: message = _('daemon/notification/back_door_message') bot.send_message(chat_id=config.get('TELEGRAM_CHAT_ID'), text=message, parse_mode=telegram.ParseMode.MARKDOWN) logger.debug('Ring notification sent to Telegram') return # Close thread try: bot.send_photo(chat_id=config.get('TELEGRAM_CHAT_ID'), photo=self.__picture, caption=_('Photo'), disable_notification=True) logger.debug('Photo sent to Telegram') except Exception as e: logger.error('Could not send attachment to Telegram: {}'.format( str(e))) return # Close thread
async def auth_server_side(request: Request): token = await oauth.google.authorize_access_token(request) user = await oauth.google.parse_id_token(request, token) accessTokenExpires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES) dateExpires = datetime.utcnow() + accessTokenExpires print(user) userDB = UserInDB( username=user.get("email"), email=user.get("email"), picture=user.get("picture"), given_name=user.get("given_name"), family_name=user.get("family_name"), disabled=False, ) ret = insert_or_update_user(userDB) accessToken = create_access_token(data={"username": user.get("email")}, expires_delta=accessTokenExpires, expires_date=dateExpires) return Token( access_token=accessToken, token_type="bearer", expires=accessTokenExpires, date_expires=dateExpires, )
def blacklist(token): """blacklist token """ Token(token=token).blacklist_token() return {"success": True, "message": "Your are logged out"}
def post(self): #Handle POST request for this view. Url ---> /auth/login """Endpoint to login a user""" try: #check if the request is json data if request.is_json: #get the json data sent over post as a dictionary data = request.get_json() else: response = { "message": "Please supply json data", "status": "failure" } return make_response(jsonify(response)), 400 if (isinstance(data['username'], Number)) or (isinstance( data['password'], Number)): response = { "message": "Invalid values supplied, Please try again with text values", "status": "failure" } return make_response(jsonify(response)), 401 if (not isinstance(data['username'], str)) and (not isinstance( data['password'], str)): response = { "message": "Invalid values supplied, Please try again with text values", "status": "failure" } return make_response(jsonify(response)), 401 user = User.query.filter( or_(User.username == data['username'], User.email == data['username'])).first() #Verify correct password supplied if user is None or \ check_password_hash(user.password, data['password']) is False: # User does not exist response = { "message": 'Invalid username or password, Please try again', "status": "failure" } return make_response(jsonify(response)), 401 user.logged_in = 1 access_token = User.generate_token(user.id) db.session.commit() #store token in the Tokens table token = Token(token=access_token.decode()) db.session.add(token) db.session.commit() if access_token is not None: response = { "message": 'You logged in successfully.', "access_token": access_token.decode(), "status": "success", "id": user.id, "username": user.username, "email": user.email } return make_response(jsonify(response)), 200 except json.JSONDecodeError: response = { "message": "Please supply a correct format for your json data", "status": "failure" } return make_response(jsonify(response)), 400 except KeyError as key: #username or password key is not supplied response = { "message": "Please supply a " + str(key), "status": "failure" } return make_response(jsonify(response)), 400 except Exception as e: response = { "message": "Server error: " + str(e), "status": "failure" } # Return a server error using the HTTP Error Code 500 (Internal Server Error) return make_response(jsonify(response)), 500