Пример #1
0
def updateSession():
    not_authenticated_msg = {
        'message': 'Bạn không có quyền truy cập.',
        'authenticated': False
    }

    invalid_msg = {'message': 'Token không hợp lệ.', 'authenticated': False}
    expired_msg = {'message': 'Token hết hạn sử dụng.', 'authenticated': False}
    try:
        req = UpdateSessionReq(request.json)
        account = AccountSvc.extractToken(req.access_token)
        if (account['role']['role_id'] == 3):  # customer
            user = (models.Customers.query.filter(
                models.Customers.account_id == account['account_id'],
                models.Customers.account_id != None).first().serialize())

        if (account['role']['role_id'] == 1
                or account['role']['role_id'] == 2):  # admin, manager
            user = (models.Employees.query.filter(
                models.Employees.account_id == account['account_id'],
                models.Employees.account_id != None).first().serialize())

        result = {
            'access_token': req.access_token,
            'account': account,
            'user_info': user,
        }
        return jsonify(result)
    except jwt.ExpiredSignatureError:
        return jsonify(
            expired_msg), 401  # 401 is Unauthorized HTTP status code
    except (jwt.InvalidTokenError) as e:
        return jsonify(invalid_msg), 401
    except ErrorRsp as e:
        return json.dumps(e.__dict__, ensure_ascii=False).encode('utf8'), 401
Пример #2
0
    def _verify():
        auth_headers = request.headers.get('Authorization', '').split()

        invalid_role = {
            'message': 'Yêu cầu quyền hạn của chủ shop',
            'authenticated': False
        }
        not_authenticated_msg = {
            'message': 'Bạn không có quyền truy cập.',
            'authenticated': False
        }
        invalid_msg = {
            'message': 'Token không hợp lệ.',
            'authenticated': False
        }
        expired_msg = {
            'message': 'Token hết hạn sử dụng.',
            'authenticated': False
        }

        if len(auth_headers) != 2:
            return jsonify(not_authenticated_msg), 401
        try:

            token = auth_headers[1]
            account = AccountSvc.extractToken(token)
            if (account["role"]["role_id"] == 1 or account["role_id"] == 2):
                user_info = Employees.query.filter(Employees.delete_at == None,
                                                   Employees.account_id == account["account_id"])
                session = {
                    "account": account,
                    "user_info": user_info
                }
                return function(session)
        except jwt.ExpiredSignatureError:
            return jsonify(expired_msg), 401  # 401 is Unauthorized HTTP status code
        except (jwt.InvalidTokenError) as e:
            return jsonify(invalid_msg), 401

        return jsonify(invalid_role), 403