def validate(cls, document): for key in list(document.keys()): if key not in cls.schema or document[key] is None: del document[key] try: if cls.schema[key]['type'] == 'datetime': document[key] = parser.parse(document[key]) elif cls.schema[key]['type'] == 'object_id': document[key] = ObjectId(document[key]) except KeyError: pass validator = Validator( schema=cls.schema ) if not validator.validate(document): (document, errors) = cls._remove_unknown(document, validator.errors) if len(errors): from core.helpers.raise_error import raise_error raise_error('validation', 'fields_invalid', code=400, fields=errors) return document
def preprocess(cls, document): try: if 'password' in document and document['password'] is not None: user = app.mongo.db[User.collection_name].find_one_or_404( {'email': document['email']}) if user['password'] != hashlib.sha256( document['password'].encode('utf-8') + user['password_salt'].encode('utf-8')).hexdigest(): raise_error('auth', 'password_incorrect', 403) document['user_id'] = user['_id'] request.user_id = document['user_id'] try: document['is_admin'] = user['is_admin'] except KeyError: pass del document['email'] del document['password'] else: document['user_id'] = User.create( {'email': document['email']})['_id'] request.user_id = document['user_id'] del document['email'] except KeyError: pass return super().preprocess(document)
def create(cls, document): if 'token_id' in document: try: document['token_id'] = Token.get_where({'_id': document['token_id']})['_id'] except NotFound: raise_error('auth', 'token_not_found', 404) secret = uuid.uuid4().hex document['secret_hash_salt'] = uuid.uuid4().hex document['secret_hash'] = hashlib.sha256(secret.encode('utf-8') + document['secret_hash_salt'].encode('utf-8')).hexdigest() document['_id'] = ObjectId() document['session_id'] = document['_id'] document = super().create(document) document['secret'] = secret try: document['user_id'] = request.user_id except AttributeError: pass return document
def not_found(error): if 'application/json' in request.headers['Accept']: return raise_error('server', 'not_found', 404, no_abort=True) else: try: path = request.path if path.endswith('/'): return redirect(redirects[path[:-1]]) else: return redirect(redirects[request.path]) except KeyError: cached_template = app.caches['/errors'].get(request.path) if cached_template is None or app.config['DEBUG']: response = { # 'pieces': Interface._values(), 'pages': Page.list(), 'hotels': Hotel.list(), 'current_path': request.path, 'debugging': app.config['DEBUG'] } # response['interface_json'] = json.dumps(response['pieces'], sort_keys=False, default=json_formater) response['lang_route'] = '/' render = render_template('errors/' + str(error.code) + '.html', **response) app.caches['/errors'].set(request.path, render, timeout=0) return render else: return cached_template
def create(cls, document): try: user = User.get_where({'email': document['email']}) except NotFound: raise_error('auth', 'user_not_found', 404) document['code'] = uuid.uuid4().hex document['user_id'] = user['_id'] try: document['is_admin'] = user['is_admin'] except KeyError: pass return super().create(document)
def create(cls, document): if 'token_code' in document: try: token = Token.get_where({'code': document['token_code']}) if datetime.now( timezone(app.config['TIMEZONE']) ) > token['created_at'] + relativedelta(days=+1): raise_error('auth', 'token_expired', 403) document['token_id'] = token['_id'] document['user_id'] = token['user_id'] request.user_id = document['user_id'] try: document['is_admin'] = token['is_admin'] except KeyError: pass del document['token_code'] except NotFound: raise_error('auth', 'token_not_found', 404) secret = uuid.uuid4().hex document['secret_hash_salt'] = uuid.uuid4().hex document['secret_hash'] = hashlib.sha256( secret.encode('utf-8') + document['secret_hash_salt'].encode('utf-8')).hexdigest() document['_id'] = ObjectId() document['session_id'] = document['_id'] document = super().create(document) document['secret'] = secret try: document['user_id'] = request.user_id except AttributeError: pass return document
def create(cls, document): try: user = User.get_where({'email': document['email']}) except NotFound: raise_error('auth', 'user_not_found', 404) document['code'] = uuid.uuid4().hex document['user_id'] = user['_id'] try: document['is_admin'] = user['is_admin'] except KeyError: pass # trigger_tasks.apply_async(('token_created', { # 'token': document, # 'user': user # })) return super().create(document)
def not_found(error): if 'application/json' in request.headers['Accept']: return raise_error('server', 'not_found', 404, no_abort=True) else: cached_template = app.caches['/errors'].get(request.path) if cached_template is None or app.config['DEBUG']: response = { 'pieces': {}, 'current_path': request.path, 'root': request.host_url, 'debugging': app.config['DEBUG'] } response['pieces_json'] = json.dumps(response['pieces'], sort_keys=False, default=json_formater) render = render_template('errors/' + str(error.code) + '.html', **response) app.caches['/errors'].set(request.path, render, timeout=0) return render else: return cached_template
def verify_headers(): from core.models.auth.session import Session if request.method == 'OPTIONS': return make_response() else: try: request.current_session = app.mongo.db[ Session.collection_name].find_one_or_404( {'_id': ObjectId(request.cookies['X-Session-Id'])}) if request.current_session['secret_hash'] != hashlib.sha256( request.cookies['X-Session-Secret'].encode('utf-8') + request.current_session['secret_hash_salt'].encode('utf-8') ).hexdigest(): raise_error('auth', 'invalid_secret', 403) except KeyError: pass if hasattr(request.url_rule, 'route'): try: request.requires_admin = request.url_rule.route[ 'requires_admin'] except KeyError: request.requires_admin = False try: request.requires_user = request.url_rule.route['requires_user'] except KeyError: request.requires_user = False try: request.requires_session = request.url_rule.route[ 'requires_session'] except KeyError: request.requires_session = False if request.requires_admin or request.requires_user or request.requires_session: try: if hasattr(request, 'current_session'): try: if request.headers[ 'X-Session-Secret'] != request.cookies[ 'X-Session-Secret']: raise_error('auth', 'cookies_dont_match', 403) except KeyError: pass else: try: request.current_session = app.mongo.db[ Session.collection_name].find_one_or_404( {'_id': request.cookies['X-Session-Id']}) except KeyError: raise_error('auth', 'missing_session_id', 403) if request.current_session[ 'secret_hash'] != hashlib.sha256( request.cookies['X-Session-Secret'].encode( 'utf-8') + request.current_session['secret_hash_salt'] .encode('utf-8')).hexdigest(): raise_error('auth', 'invalid_secret', 403) if request.requires_admin and not request.current_session[ 'is_admin']: raise_error('auth', 'requires_admin', 403) if request.requires_user: if not request.current_session['user_id']: raise_error('auth', 'requires_user', 403) except KeyError: raise_error('auth', 'missing_secret', 403) try: request.current_session_is_admin = request.current_session[ 'is_admin'] except AttributeError: request.current_session_is_admin = False