def get(self, id):
"""
user informations by id
"""
user = UsersBusiness.get_by_id(id)
if not user:
raise NotFound("User not Found!")
return marshal(user, get_user_serializer())
def token(cls, user_id, service, scope=''):
client_infos = ClientsBusiness.get_by_name(service)
if not client_infos:
raise Forbidden('Client not found!')
user = UsersBusiness.get_by_id(user_id)
client = list(
filter(lambda c: c['id'] == client_infos['_id'], user['clients_authorized']))
if len(client) <= 0:
raise Forbidden('Not authorized!')
authorized = False if scope else True
typ = ''
name = ''
actions = []
''' filter and valid scope '''
if scope:
params = scope.lower().split(':')
if len(params) != 3:
raise BadRequest('Invalid scope!')
typ = params[0]
name = params[1]
actions = params[2].split(',')
for user_scope in client[0]['scope']:
if not user_scope:
raise Forbidden('Not authorized!')
typ_scope, name_scope, actions_scope = user_scope.lower().split(':')
if typ_scope == typ:
if name_scope == name or name_scope == '*':
has_actions = True
for action in actions:
if action not in actions_scope.split(',') and '*' not in actions_scope:
has_actions = False
if has_actions:
authorized = True
break
if not authorized:
raise Forbidden('Not authorized!')
''' generate client token '''
token_client = cls.encode_client_token(
service, typ, name, actions, user, client_infos)
expired_date = time.mktime(time.localtime(
int(time.time()) + int(Config.EXPIRES_IN_CLIENT)))
return {
"user_id": user_id,
"callback": client_infos['redirect_uri'],
"token": token_client.decode('utf8'),
"access_token": token_client.decode('utf8'),
"expired_date": time.strftime("%Y-%m-%d %H:%M:%S",
time.localtime(expired_date))
}
def token(cls, user_id, service, scope=''):
client_infos = ClientsBusiness.get_by_name(service)
user = UsersBusiness.get_by_id(user_id)
client = list(
filter(lambda c: c['id'] == client_infos['_id'],
user['clients_authorized']))
if len(client) <= 0:
raise Forbidden('Not authorized!')
authorized = False if scope else True
typ = ''
name = ''
actions = []
''' filter and valid scope '''
if scope:
params = scope.split(':')
if len(params) != 3:
return BadRequest('Invalid scope!')
typ = params[0]
name = params[1]
actions = params[2].split(',')
for user_scope in client[0]['scope']:
if not user_scope:
raise Forbidden('Not authorized!')
typ_scope, name_scope, actions_scope = user_scope.split(':')
if typ_scope == typ:
if name_scope == name or name_scope == '*':
has_actions = True
for action in actions:
if action not in actions_scope.split(
',') and '*' not in actions_scope:
has_actions = False
if has_actions:
authorized = True
break
if not authorized:
raise Forbidden('Not authorized!')
''' generate client token '''
token_client = cls.encode_client_token(service, typ, name, actions,
user, client_infos)
return {
"user_id": user_id,
"callback": client_infos['redirect_uri'],
"token": token_client.decode('utf8'),
"access_token": token_client.decode('utf8')
}
def authorize_revoke_client(cls, action, user_id, client_id, scope=[]):
model = UsersBusiness.init_infos()['model']
user = UsersBusiness.get_by_id(user_id)
if not user:
raise NotFound('User not Found!')
new_list = []
if action == 'authorize':
''' Authorize client '''
has_client = False
for client in user['clients_authorized']:
if str(client['id']) == str(client_id):
client['scope'] = client['scope'] + scope
has_client = True
break
if not has_client:
user['clients_authorized'].append({
"id": ObjectId(client_id),
"scope": scope
})
new_list = user['clients_authorized']
else:
''' Revoke client '''
for client in user['clients_authorized']:
if str(client['id']) == client_id:
new_list.append({
'id':
client['id'],
'scope': [
item for item in client['scope']
if item not in scope
]
})
else:
new_list.append(client)
try:
model.update_one({"_id": ObjectId(user_id)},
{"$set": {
"clients_authorized": list(new_list)
}})
return True
except Exception:
return False
def get_userinfo_by_token(client_id=False):
try:
bearer, authorization = request.headers['Authorization'].split()
if 'bearer' not in bearer.lower():
raise Forbidden('Invalid token!')
except Exception:
raise Forbidden('Token is required!')
if authorization:
result, status = AuthBusiness.decode_auth_token(authorization)
if status:
user = UsersBusiness.get_by_id(result["id"])
if user:
if client_id:
client = ClientsBusiness.get_by_id(client_id)
if not client:
raise NotFound('Client not Found!')
return str(user['_id']), user['credential']['grants'], client
return str(user['_id']), user['credential']['grants'], False
raise NotFound('User not found')
raise Unauthorized(str(result))
raise Forbidden('Token is required!')
def create(cls, user_id, client_infos):
model = cls.init_infos()['model']
user = UsersBusiness.get_by_id(user_id)
if not user:
raise NotFound('User not Found!')
"""
check if client name is already registered
"""
client = model.find_one({
"client_name":
client_infos['client_name'],
"$or": [{
"expired_at": {
"$gt": datetime.now()
}
}, {
"expired_at": None
}]
})
if client:
raise Conflict('A client with this name already exists')
"""
create client credentials
"""
client_infos['user_id'] = user['_id']
client_infos['created_at'] = datetime.now()
client_infos['expired_at'] = client_infos.get('expired_at', None)
"""
save in mongodb
"""
try:
model.insert_one(client_infos)
return client_infos
except Exception:
return False