def authenticate(self, user_to_auth: UserLogin) -> Optional[Token]:
try:
response = self.client.admin_initiate_auth(
UserPoolId=self.user_pool_id,
ClientId=self.client_id, # "2lmkmdeqbtrc04rndthiflofhi",
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={
'USERNAME': user_to_auth.email,
'PASSWORD': user_to_auth.password,
'SECRET_HASH': self.get_secret_hash(user_to_auth.email)
},
)
if "ChallengeName" in response:
if response["ChallengeName"] == "NEW_PASSWORD_REQUIRED":
obj = Token(message="NEW_PASSWORD_REQUIRED",
session=response["Session"])
return obj
except Exception as e:
print(e.response["Error"]["Message"])
raise HTTPException(
status_code=e.response["ResponseMetadata"]["HTTPStatusCode"],
detail="Unable to process this request.")
return response["AuthenticationResult"] # this is of type Token
async def auth_client_side(request: Request):
try:
body_bytes = await request.body()
auth_code = jsonable_encoder(body_bytes)
idInfo = id_token.verify_oauth2_token(auth_code, requests.Request(),
configuration.GOOGLE_CLIENT_ID)
if idInfo["iss"] not in [
"accounts.google.com", "https://accounts.google.com"
]:
raise ValueError("Wrong issuer.")
accessTokenExpires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
dateExpires = datetime.utcnow() + accessTokenExpires
print(idInfo)
user = UserInDB(
username=idInfo.get("email"),
email=idInfo.get("email"),
picture=idInfo.get("picture"),
given_name=idInfo.get("given_name"),
family_name=idInfo.get("family_name"),
disabled=False,
)
ret = insert_or_update_user(user)
accessToken = create_access_token(data={"username": user.username},
expires_delta=accessTokenExpires,
expires_date=dateExpires)
return Token(
access_token=accessToken,
token_type="bearer",
expires=accessTokenExpires,
date_expires=dateExpires,
)
except:
return HTTPException(status.HTTP_400_BAD_REQUEST,
"Unable to validate Google Login")
def test_valid_already_taken_token(client):
token = Token()
token.used = True
token.save()
response = client.get(
url_for('mobile_bp.index', token=token.token, _external=False))
assert response.status_code == 403
token.delete_instance()
def test_expired_token(client):
token = Token()
token.save()
time.sleep(config.get('AUTH_DATETIME_PADDING') + 1)
# Try with querystring
response = client.get(
url_for('mobile_bp.index', token=token.token, _external=False))
assert response.status_code == 403
token.delete_instance()
def generate_user_token(
db: SQLAlchemy, *,
user_id: str = None,
start_room: str = ROOM_NAME_WAITING,
task: Task = None) -> Token:
"""
Generates a new user token in the database with the default user permissions
(as participants in the study).
:param db: SQLAlchemy database
:param user_id: the id of the user if known, defaults to generate new id
:param start_room: the starting room for the user, defaults to waiting room
:param task: the task to assign to this user, defaults to None
:return: the new Token generated
"""
user_token = Token(
room_name=start_room,
id=user_id,
task=task,
permissions=Permissions(
user_query=False,
user_log_event=False,
user_room_join=False,
user_room_leave=False,
message_text=True,
message_image=True,
message_command=False,
message_broadcast=False,
room_query=True,
room_log_query=True,
room_create=False,
room_update=False,
room_delete=False,
layout_query=True,
layout_create=False,
layout_update=False,
task_create=False,
task_query=True,
task_update=False,
token_generate=False,
token_query=False,
token_invalidate=False,
token_update=False,
)
)
db.session.add(user_token)
db.session.flush()
db.session.commit()
getLogger('crwiz').info(f"New user token generated: {user_token.id}")
return user_token
def get_new_token(type: str) -> str:
"""
Генерирует новый токен и сохраняет в БД
:return: Строка с ключом токена
"""
token_key = ""
for i in range(15):
token_key = token_key + str(random.choice("0123456789ABCDEF"))
token = Token()
token.set_token_key(token_key)
token.type = type
token.save()
return token_key
def test_valid_token_busy_line(client):
token = Token()
token.save()
dummy_caller_id = '123456789'
call = Call()
call.get_the_line(dummy_caller_id)
response = client.get(
url_for('mobile_bp.index', token=token.token, _external=False))
assert response.status_code == 423
call.delete_instance()
token.delete_instance()
def decode_token(self, encoded_token, secret):
"""Decode an encoded JWT and return the decoded token."""
decoded_token = None
try:
decoded_token = jwt.decode(encoded_token, secret, algorithms="HS256")
except jwt.InvalidTokenError:
return None
return Token(
decoded_token["user_id"],
encoded_token,
decoded_token["exp"],
decoded_token["iat"],
TokenType[decoded_token["token_type"]],
)
def call(self):
"""
Simulate a notification and let us access the page with a new token.
Useful for development. Should be NEVER accessible on production
"""
token = Token()
token.save()
url = 'https://{domain}:{port}?token={token}'.format(
domain=config.get('WEB_APP_DOMAIN_NAME'),
port=config.get('WEB_APP_PORT'),
token=token.token
)
return redirect(url, 301)
def call(self):
token = Token(
access_token=self.access_token,
token_type=self.token_type,
scope=self.scope,
expires_in=self.expires_in,
refresh_token=self.refresh_token,
user_id=self.user_id
)
db.session.add(token)
db.session.commit()
db.session.refresh(token)
return token
def authenticate():
if not request.json:
return {'message': 'Request is not JSON.'}, 400
schema = {
'username': {
'type': 'string',
'required': True
},
'url': {
'type': 'string',
'required': True
},
'password': {
'type': 'string',
'required': True
}
}
validator = Validator(schema)
if not validator.validate(request.json):
return {'message': 'Required parameters are missing!'}, 400
payload = request.get_json()
username = payload['username'].lower()
url = payload['url']
password = payload['password']
user = User.find_by_username_password(username=username, password=password)
if user:
try:
Token.delete_all_tokens(user.id)
token = Token(url=url, user_id=user.id)
token.save()
if token:
return {
'message': 'Token has been created',
'token': token.token
}, 201
else:
return {'message': 'Unable to generate token.'}, 500
except:
return {'message': 'Unable to generate token.'}, 500
else:
return {'message': 'User does not exist!'}, 404
def login():
try:
body = json.loads(request.data)
except:
return jsonify({'code': 4, 'msg': 'json not correct'})
if "password" not in body.keys():
return jsonify({'code': 1, 'msg': 'need key: password'})
else:
password = body["password"]
if "uid" in body.keys():
uid = body["uid"]
users = User.query.filter_by(uid=uid).all()
elif "email" in body.keys():
email = body["email"]
users = User.query.filter_by(email=email).all()
else:
return jsonify({'code': 1, 'msg': 'need uid or email'})
if len(users) != 1:
return jsonify({'code': 2, 'msg': 'can not find this user'})
uid = users[0].get_uid()
if not users[0].check_passwd(password):
return jsonify({'code': 5, 'msg': 'password not correct'})
try:
tokenid = str(int(time.time())) + ''.join(
random.sample(string.ascii_letters + string.digits, 15))
print(tokenid)
new_token = Token(_tokenid=tokenid, _uid=uid)
db.session.add(new_token)
db.session.commit()
except:
return jsonify({'code': 3, 'msg': 'new token error'})
return jsonify({
'code': 0,
'msg': 'success',
'data': {
'tokenid': tokenid,
'user': users[0].json()
}
})
def encode_token(self, claims, secret, expires_in):
"""Return a JWT with the given payload."""
if "user_id" not in claims:
raise ValueError("User Id missing from token claims")
if "token_type" not in claims:
raise ValueError("Token type missing from token claims")
now = datetime.now()
expiration_date = now + timedelta(seconds=expires_in)
claims.update({"exp": int(expiration_date.timestamp())})
claims.update({"iat": int(now.timestamp())})
encoded_token = jwt.encode(claims, secret, algorithm="HS256")
return Token(
claims["user_id"],
encoded_token,
claims["exp"],
claims["iat"],
TokenType[claims["token_type"]],
)
async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends()):
user = authenticate_user(form_data.username, form_data.password)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"},
)
accessTokenExpires = timedelta(minutes=configuration.ACCESS_TOKEN_EXPIRE_MINUTES)
dateExpires = datetime.utcnow() + accessTokenExpires
accessToken = create_access_token(
data={"username": user.username}, expires_delta=accessTokenExpires, expires_date=dateExpires
)
return Token(
access_token=accessToken,
token_type="bearer",
expires=accessTokenExpires,
date_expires=dateExpires
)
def test_valid_token(client):
token = Token()
token.save()
# Try with querystring
response = client.get(
url_for('mobile_bp.index', token=token.token, _external=False))
assert response.status_code == 200
# Then session
response = client.get(url_for('mobile_bp.index', _external=False))
assert response.status_code == 200
token.refresh_from_db()
assert token.used is True
token.delete_instance()
call = Call.get_call()
assert call.status == Call.ON_CALL
call.delete_instance()
def test_hang_up(client):
token = Token()
token.save()
response = client.get(
url_for('mobile_bp.index', token=token.token, _external=False))
assert response.status_code == 200
call = Call.get_call()
assert call.status == Call.ON_CALL
response = client.get(url_for('mobile_bp.hang_up', _external=False))
call.refresh_from_db()
assert response.status_code == 200
assert call.status == Call.HUNG_UP
response = client.get(
url_for('mobile_bp.validate_session', _external=False))
assert response.status_code == 403
def access_token():
client_id = request.form.get('client_id')
client_secret = request.form.get('client_secret')
if not client_id:
client_id = request.args.get('client_id')
if not client_secret:
client_secret = request.args.get('client_secret')
client = Client.query.filter({
'client_id': client_id,
'client_secret': client_secret
}).first()
db.session.db.Token.remove(
{'created_time': {
'$lt': datetime.now() - timedelta(hours=1)
}},
safe=True)
if not client:
return jsonify(
error={'message': 'Error validating verfication code'}), 401
# remove expired token
db.session.db.Token.remove(
{'created_time': {
'$lt': datetime.now() - timedelta(hours=1)
}},
safe=True)
# create new token
token = Token(token=str(uuid.uuid4()),
client=client,
created_time=datetime.now())
token.save()
expired_time = token.created_time + timedelta(hours=1)
expired_in = (expired_time - datetime.now()).total_seconds()
return jsonify(access_token=token.token, expired_in=expired_in)
def run(self):
now = datetime.datetime.now().replace(microsecond=0).isoformat()
if self.__picture is None:
if self.__front_door:
token = Token()
token.save()
auth_web_app_link = 'https://{domain}:{port}?token={token}'.format(
message=config.get('NOTIFICATION_FRONT_DOOR_MESSAGE'),
domain=config.get('WEB_APP_DOMAIN_NAME'),
port=config.get('WEB_APP_PORT'),
token=token.token)
message = '{message}\n' \
'[{call_cta_label}]({call_cta_link})'.\
format(
message=_('daemon/notification/front_door_message'),
call_cta_label=_('daemon/notification/call_cta_label'),
call_cta_link=auth_web_app_link)
else:
message = _('daemon/notification/back_door_message')
bot.send_message(chat_id=config.get('TELEGRAM_CHAT_ID'),
text=message,
parse_mode=telegram.ParseMode.MARKDOWN)
logger.debug('Ring notification sent to Telegram')
return # Close thread
try:
bot.send_photo(chat_id=config.get('TELEGRAM_CHAT_ID'),
photo=self.__picture,
caption=_('Photo'),
disable_notification=True)
logger.debug('Photo sent to Telegram')
except Exception as e:
logger.error('Could not send attachment to Telegram: {}'.format(
str(e)))
return # Close thread
async def auth_server_side(request: Request):
token = await oauth.google.authorize_access_token(request)
user = await oauth.google.parse_id_token(request, token)
accessTokenExpires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
dateExpires = datetime.utcnow() + accessTokenExpires
print(user)
userDB = UserInDB(
username=user.get("email"),
email=user.get("email"),
picture=user.get("picture"),
given_name=user.get("given_name"),
family_name=user.get("family_name"),
disabled=False,
)
ret = insert_or_update_user(userDB)
accessToken = create_access_token(data={"username": user.get("email")},
expires_delta=accessTokenExpires,
expires_date=dateExpires)
return Token(
access_token=accessToken,
token_type="bearer",
expires=accessTokenExpires,
date_expires=dateExpires,
)
def blacklist(token):
"""blacklist token """
Token(token=token).blacklist_token()
return {"success": True, "message": "Your are logged out"}
def post(self):
#Handle POST request for this view. Url ---> /auth/login
"""Endpoint to login a user"""
try:
#check if the request is json data
if request.is_json:
#get the json data sent over post as a dictionary
data = request.get_json()
else:
response = {
"message": "Please supply json data",
"status": "failure"
}
return make_response(jsonify(response)), 400
if (isinstance(data['username'], Number)) or (isinstance(
data['password'], Number)):
response = {
"message":
"Invalid values supplied, Please try again with text values",
"status": "failure"
}
return make_response(jsonify(response)), 401
if (not isinstance(data['username'], str)) and (not isinstance(
data['password'], str)):
response = {
"message":
"Invalid values supplied, Please try again with text values",
"status": "failure"
}
return make_response(jsonify(response)), 401
user = User.query.filter(
or_(User.username == data['username'],
User.email == data['username'])).first()
#Verify correct password supplied
if user is None or \
check_password_hash(user.password, data['password']) is False:
# User does not exist
response = {
"message":
'Invalid username or password, Please try again',
"status": "failure"
}
return make_response(jsonify(response)), 401
user.logged_in = 1
access_token = User.generate_token(user.id)
db.session.commit()
#store token in the Tokens table
token = Token(token=access_token.decode())
db.session.add(token)
db.session.commit()
if access_token is not None:
response = {
"message": 'You logged in successfully.',
"access_token": access_token.decode(),
"status": "success",
"id": user.id,
"username": user.username,
"email": user.email
}
return make_response(jsonify(response)), 200
except json.JSONDecodeError:
response = {
"message": "Please supply a correct format for your json data",
"status": "failure"
}
return make_response(jsonify(response)), 400
except KeyError as key:
#username or password key is not supplied
response = {
"message": "Please supply a " + str(key),
"status": "failure"
}
return make_response(jsonify(response)), 400
except Exception as e:
response = {
"message": "Server error: " + str(e),
"status": "failure"
}
# Return a server error using the HTTP Error Code 500 (Internal Server Error)
return make_response(jsonify(response)), 500
