async def is_authorized(self, request):
auth_header = request.headers.get('Authorization', None)
if not auth_header:
return False, 'Token required'
if auth_header:
try:
auth_token = auth_header.split(" ")[1]
except IndexError:
request.user = "******"
return False, "invalid token"
else:
auth_token = ''
if auth_token:
try:
resp = decode_auth_token(auth_token)
except Exception as err:
request.user = "******"
return False, "invalid_token"
if not isinstance(resp, str):
async with request.app['db'].acquire() as conn:
result = await conn.execute(
users.select().where(users.c.id == resp))
user = await result.first()
if user:
request.user = {
"id": user.id,
"username": user.username,
"role": user.role,
"date_created": str(user.date_created),
"org_id": user.organization_id,
}
return True, user.username
else:
return False, "Unauthorized"
async def send_password(request):
try:
data = send_password_schema.load(await request.json())
except ValidationError as err:
return VError(detail=err.messages)
async with request.app['db'].acquire() as conn:
result = await conn.execute(
users.select().where(users.c.email == data['email'].lower()))
user = await result.first()
response, status = {}, 200
if not user:
response = {"error": "Email does not exist"}
status = 404
else:
try:
from executors.email.email_cli import EmailClient
email_cli = EmailClient()
sent, err = await email_cli.send_forgotten_password(
to_email=user.email, password=user.password)
assert sent and not err
response = "Sent"
except:
response = {"error": "Could not send passord"}
status = 500
return web.json_response(data=response, status=status)
async def login_driver(self, request):
# todo request: keep me logedin
print(">> auth")
try:
data = login_schema.load(await request.json())
except ValidationError as err:
return VError(detail=err.messages)
async with request.app['db'].acquire() as conn:
result = await conn.execute(users.select().where(
and_(users.c.username == data['username'],
users.c.password == data['password'])))
user = await result.first()
status = 200
if user:
if user.role != UserRole.DRIVER:
response = {"error": "Wrong role"}
status = 405
else:
try:
auth_token = encode_auth_token(user.id)
if auth_token:
response = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token.decode()
}
except:
response = {"error": "Wrong role"}
status = 405
else:
response = {"error": "Wrong credentials"}
status = 401
return web.json_response(data=response, status=status)
async def is_unique(self, request, **kwargs):
data = await request.json()
async with request.app['db'].acquire() as conn:
result = await conn.execute(users.select().where(
and_(users.c.username == data['username'])))
user = await result.first()
if user:
VError("Username exists. Please, choose another one")
async def login(self, request):
# todo request: keep me logedin
data = await request.json()
async with request.app['db'].acquire() as conn:
result = await conn.execute(users.select().where(
and_(users.c.username == data['username'],
users.c.password == data['password'])))
user = await result.first()
if user:
auth_token = encode_auth_token(user.id)
if auth_token:
response_object = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token.decode()
}
return web.json_response(data=response_object)
else:
return web.json_response(data={"error": "Wrong credentials"})