async def auth_checker(request: Request, call_next):
# {'type': 'http', 'http_version': '1.1', 'server': ('127.0.0.1', 9901), 'client': ('127.0.0.1', 7037), 'scheme': 'http', 'method': 'GET', 'root_path': '', 'path': '/auth', 'raw_path': b'/auth', 'query_string': b'', 'headers': [(b'host', b'127.0.0.1:9901'), (b'connection', b'keep-alive'), (b'sec-fetch-dest', b'image'), (b'user-agent', b'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36'), (b'dnt', b'1'), (b'accept', b'image/webp,image/apng,image/*,*/*;q=0.8'), (b'sec-fetch-site', b'same-origin'), (b'sec-fetch-mode', b'no-cors'), (b'referer', b'http://127.0.0.1:9901/auth'), (b'accept-encoding', b'gzip, deflate, br'), (b'accept-language', b'zh-CN,zh;q=0.9'), (b'cookie', b'ads_id=lakdsjflakjdf; _ga=GA1.1.1550108461.1583462251')], 'fastapi_astack': <contextlib.AsyncExitStack object at 0x00000165BE69EEB8>, 'app': <fastapi.applications.FastAPI object at 0x00000165A7B738D0>}
path = request.scope['path']
if path in Config.AUTH_PATH_WHITE_LIST:
# ignore auth check
return await call_next(request)
query_string = request.scope.get('query_string', b'').decode('u8')
query_has_sign = 'sign=' in query_string
if query_has_sign:
# try checking sign
given_sign, valid_sign = Config.get_sign(path, query_string)
if given_sign == valid_sign:
# sign checking pass
return await call_next(request)
# try check cookie
if not Config.watchdog_auth or Config.watchdog_auth == request.cookies.get(
'watchdog_auth', ''):
# valid cookie, or no watchdog_auth checker
return await call_next(request)
# not pass either checker, refused
if query_has_sign:
# request with sign will not redirect
return JSONResponse(
status_code=400,
content={
"message": 'signature expired',
},
)
else:
# bad cookie, reset the watchdog_auth cookie as null
resp = RedirectResponse(
f'/auth?redirect={quote_plus(request.scope["path"])}', 302)
resp.set_cookie('watchdog_auth', '')
return resp
def basic_auth(auth: BasicAuth = Depends(basic_auth)) -> RedirectResponse:
headers = {"WWW-Authenticate": "Basic"}
if not auth:
raise UnauthorizedException(detail="Unauthorized", headers=headers)
username, _, password = b64decode(auth).decode("ascii").partition(":")
if repo.login(username, hash_password(password)) is None:
raise UnauthorizedException(detail="Invalid username or password",
headers=headers)
access_token_expires = timedelta(
minutes=int(getenv("ACCESS_TOKEN_EXPIRE", 60)))
access_token = create_access_token({"sub": username}, access_token_expires)
response = RedirectResponse(url="/docs")
response.set_cookie("Authorization",
value=f"Bearer {jsonable_encoder(access_token)}",
domain="localhost",
httponly=True,
max_age=1800,
expires=1800)
return response
def dokter_create(
username: str = Form(...),
password: str = Form(...),
nama: str = Form(...),
alamat: str = Form(...),
no_hp: str = Form(...),
tempat_lahir: str = Form(...),
tanggal_lahir: str = Form(...),
poli: str = Form(...),
access_token: str = Cookie(None),
db: Session = Depends(get_db_session),
):
body= {
'username': username,
'password': password,
'nama': nama,
'alamat': alamat,
'no_hp': no_hp,
'tempat_lahir': tempat_lahir,
'tanggal_lahir': tanggal_lahir,
'poli': poli,
}
requests.post('http://localhost:8000/api/v1/dokter', headers={
'Authorization': f'Bearer {access_token}',
'Content-Type': 'application/json'
}, json=body)
response = RedirectResponse('/admin/dokter', status_code=status.HTTP_302_FOUND)
response.set_cookie(key='success', value='Dokter berhasil dibuat')
return response
async def auth(code: str, state: Optional[str] = None) -> RedirectResponse:
try:
headers = {'Accept': 'application/json'}
payload = {
"client_id": OAUTH_CLIENT_ID,
"client_secret": OAUTH_CLIENT_SECRET,
"code": code
}
if state:
payload["state"] = state
r = requests.post(OAUTH_URL, json=payload, headers=headers)
body = json.loads(r.content)
headers = {'Authorization': 'token ' + body["access_token"]}
r = requests.get(OAUTH_USER_URL, headers=headers)
body = json.loads(r.content)
# print(body)
# return "TBD1"
id = body[OAUTH_USER_ID]
groups = []
tokens = await create_token({ "id": id, "groups": groups })
access_token = tokens["access_token"]
refresh_token = tokens["refresh_token"]
callback_url = f"{OAUTH_CALLBACK}#{access_token}-{refresh_token}-"
response = RedirectResponse(url=callback_url, status_code=302)
response.set_cookie("Authorization", value=f"Bearer {access_token}", httponly=True)
response.set_cookie("refresh_token", value=refresh_token, httponly=True)
return response
except Exception as e:
print(e)
return "Error"
def logout(session_token: str = Cookie(None)):
check_session(session_token)
del app.sessions[session_token]
response = RedirectResponse(url='/')
response.status_code = status.HTTP_302_FOUND
response.set_cookie(key="session_token", value='')
return response
async def login_view(request: Request):
status_code = 200
message = None
if request.method == 'POST':
status_code = 401
data = await request.form()
username = data.get('username')
password = data.get('password')
message = 'username or password are wrong'
if username and password:
token = await login(username=username, password=password)
if token:
url = request.query_params.get('next', '/')
response = RedirectResponse(url=url, status_code=302)
response.set_cookie(key=settings.SESSION_COOKIE_NAME,
value=token.value,
domain=settings.APP_DOMAIN,
secure=True,
httponly=True,
samesite='strict')
return response
return settings.TEMPLATE.TemplateResponse('/auth/login.html', {
'request': request,
'message': message
},
status_code=status_code)
def pasien_create(
nama: str = Form(...),
alamat: str = Form(...),
no_hp: str = Form(...),
tempat_lahir: str = Form(...),
tanggal_lahir: str = Form(...),
rfid: str = Form(...),
bpjs: bool = Form(...),
db: Session = Depends(get_db_session),
access_token: str = Cookie(None)
):
body= {
'nama': nama,
'alamat': alamat,
'no_hp': no_hp,
'tempat_lahir': tempat_lahir,
'tanggal_lahir': tanggal_lahir,
'rfid': rfid,
'bpjs': bpjs
}
response = requests.post('http://localhost:8000/api/v1/pasien', headers={
'Authorization': f'Bearer {access_token}',
'Content-Type': 'application/json'
}, json=body)
if response.status_code == 201:
rfid_obj = db.query(RFIDTemporary).filter(RFIDTemporary.id == 1).first()
rfid_obj.aktif = False
db.add(rfid_obj)
db.commit()
response = RedirectResponse('/admin/pasien', status_code=status.HTTP_302_FOUND)
response.set_cookie(key='success', value='Pasien berhasil dibuat')
return response
async def post(cls, request: Request):
try:
form = LoginForm(**await request.form())
except Exception:
return templates.TemplateResponse(
'components/auth/templates/login.html', {
'request': request,
'error': 'Invalid data'
},
status_code=400)
async with UsersClient() as client:
user = await client.login(form.username, form.password)
if not user:
return templates.TemplateResponse(
'components/auth/templates/login.html', {
'request': request,
'error': 'User not found'
},
status_code=404)
response = RedirectResponse(url='/', status_code=303)
response.set_cookie('session', user['token'])
return response
def login_user(credentials: HTTPBasicCredentials = Depends(security)):
print(credentials)
user = authenticate_user(Users_Collection, credentials.username,
credentials.password)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"},
)
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(data={"sub": user.username},
expires_delta=access_token_expires)
active_user.append(user.username)
active_user_token.append(access_token)
response = RedirectResponse(url="/users/me")
token = jsonable_encoder(access_token)
response.set_cookie(
"Authorization",
value=f"Bearer {token}",
domain="localtest.me",
httponly=True,
max_age=1800,
expires=1800,
)
return response
def edit_dokter_post(
id: int,
nama: Optional[str] = Form(...),
username: Optional[str] = Form(...),
alamat: Optional[str] = Form(...),
no_hp: Optional[str] =Form(...),
tempat_lahir: Optional[str] = Form(...),
tanggal_lahir: Optional[str] = Form(...),
poli: Optional[str] = Form(...),
db: Session = Depends(get_db_session),
user: UserRetrieve = Depends(crud_user.get_current_user_login)
):
dokter = crud_dokter.get(id=id, db=db)
dokter_in = DokterUpdate(
nama=nama,
email=username,
alamat=alamat,
no_hp=no_hp,
tempat_lahir=tempat_lahir,
tanggal_lahir=tanggal_lahir,
poli=poli,
).dict(exclude_unset=True)
dokter_update = crud_dokter.update(obj_in=dokter_in, db_obj=dokter, db=db)
response = RedirectResponse('/admin/dokter', status_code=status.HTTP_302_FOUND)
if dokter_update:
response.set_cookie(key='success', value='Update dokter berhasil')
else:
response.set_cookie(key='error', value='Gagal update dokter')
return response
async def login(request):
KEY_VALID_HOURS = 24 * 30
if request.method == "POST":
form = await request.form()
logged_in = await bobsled.storage.check_password(
form["username"], form["password"]
)
if logged_in:
user = await bobsled.storage.get_user(form["username"])
permissions = user.permissions
resp = RedirectResponse("/", status_code=302)
until = datetime.datetime.utcnow() + datetime.timedelta(
hours=KEY_VALID_HOURS
)
token = jwt.encode(
{
"username": form["username"],
"permissions": permissions,
"until": until.isoformat(),
},
key=bobsled.settings["secret_key"],
).decode()
resp.set_cookie("jwt_token", token)
return resp
# on get or after failed login
return templates.TemplateResponse("login.html", {"request": request})
async def login(
request: typing.Any,
username: str,
password: str,
api: cannula.API,
) -> bool:
resp = await api.call(
LOGIN_MUTATION,
variables={
'username': username,
'password': password,
},
request=request
)
if resp.errors:
LOG.error(f'{resp.errors}')
raise Exception('Unable to login user')
LOG.info(f'Auth Response: {resp.data}')
token = resp.data['login']
user = set_user(
username=token['user']['name'],
auth_token=token['authToken'],
catalog=token['catalog'],
roles=token['roles']
)
response = RedirectResponse('/dashboard')
response.set_cookie(SESSION_COOKE_NAME, user.session_id)
return response
async def auth_via_azure(request: Request):
response = RedirectResponse(request.cookies.get("Redirect-url"))
response.delete_cookie(key="Redirect-url")
token = await oauth.azure.authorize_access_token(request)
headers = {'Authorization': f'Bearer {token.get("access_token")}'}
query = 'onPremisesSamAccountName,givenName,mail,surname'
r = requests.get(f'https://graph.microsoft.com/v1.0/me?$select={query}',
headers=headers)
user = r.json()
client_user = {
"userId": user["onPremisesSamAccountName"],
"givenName": user["givenName"],
"surname": user["surname"],
"initial": f"{user['givenName'][0]}{user['surname'][0]}",
"email": user["mail"]
}
# user = await oauth.azure.parse_id_token(request, token)
response.delete_cookie(key="ClientUser")
response.set_cookie(key="ClientUser",
value=json.dumps(client_user),
max_age=3600,
expires=3600)
response.delete_cookie(key="ClientToken")
response.set_cookie(key="ClientToken",
value=token.get("access_token"),
max_age=3600,
expires=3600)
return response
def make_authenticated_response(
url: str,
id_token: str,
refresh_token: Optional[str] = None,
stay_logged_in: bool = False,
) -> Response:
response = RedirectResponse(
url,
status_code=status.HTTP_303_SEE_OTHER,
headers={
"HX-Redirect": url,
"HX-Push": url
},
)
response.set_cookie(
oauth2_scheme.token_name,
id_token,
max_age=30 * 60,
httponly=True,
samesite="strict",
secure=True,
)
if refresh_token:
refresh_max_age = 30 * 24 * 60 * 60 if stay_logged_in else 35 * 60
response.set_cookie(
oauth2_scheme.refresh_token_name,
refresh_token,
max_age=refresh_max_age,
httponly=True,
samesite="strict",
secure=True,
)
return response
async def logout(
request: Request,
current_user: schema.UserPayload = Depends(deps.get_current_user)
) -> Any:
rr = RedirectResponse(request.url_for('index'))
rr.set_cookie('jwt', value='deleted', expires=0)
return rr
async def login(self, request: Request, redis: Redis = Depends(get_redis)):
form = await request.form()
username = form.get("username")
password = form.get("password")
remember_me = form.get("remember_me")
admin = await self.admin_model.get_or_none(username=username)
if not admin or not check_password(password, admin.password):
return templates.TemplateResponse(
self.template,
status_code=HTTP_401_UNAUTHORIZED,
context={
"request": request,
"error": _("login_failed")
},
)
response = RedirectResponse(url=request.app.admin_path,
status_code=HTTP_303_SEE_OTHER)
if remember_me == "on":
expire = 3600 * 24 * 30
response.set_cookie("remember_me", "on")
else:
expire = 3600
response.delete_cookie("remember_me")
token = uuid.uuid4().hex
response.set_cookie(
self.access_token,
token,
expires=expire,
path=request.app.admin_path,
httponly=True,
)
await redis.set(constants.LOGIN_USER.format(token=token),
admin.pk,
expire=expire)
return response
async def strava_callback(background_task: BackgroundTasks, code: str, scope: str, state: str = None):
client = Client()
token_response = client.exchange_code_for_token(
client_id=STRAVA_CLIENT_ID, client_secret=STRAVA_CLIENT_SECRET,
code=code)
client = Client(access_token=token_response['access_token'])
athlete = client.get_athlete()
try:
strava_athlete = await StravaAthlete.objects.get(id=athlete.id)
except orm_exceptions.NoMatch:
strava_athlete = await StravaAthlete.objects.create(
id=athlete.id,
access_token=token_response['access_token'],
refresh_token=token_response['refresh_token'],
token_expiration_datetime=datetime.utcfromtimestamp(token_response['expires_at']).isoformat())
background_task.add_task(new_athlete, strava_athlete)
response = RedirectResponse('/reports')
jwt_token = create_jwt_token(sub=strava_athlete.id)
response.set_cookie(
key="jwt_token",
value=jwt_token,
httponly=True)
return response
def edit_pasien_post(
id: int,
nama: Optional[str] = Form(...),
alamat: Optional[str] = Form(...),
no_hp: Optional[str] =Form(...),
tempat_lahir: Optional[str] = Form(...),
tanggal_lahir: Optional[str] = Form(...),
bpjs: Optional[bool] = Form(...),
db: Session = Depends(get_db_session),
user: UserRetrieve = Depends(crud_user.get_current_user_login),
):
pasien = crud_pasien.get(id=id, db=db)
pasien_in = PasienUpdate(
nama=nama,
alamat=alamat,
no_hp=no_hp,
tempat_lahir=tempat_lahir,
tanggal_lahir=tanggal_lahir,
bpjs=bpjs
).dict(exclude_unset=True)
pasien_update = crud_pasien.update(db=db, db_obj=pasien, obj_in=pasien_in)
response = RedirectResponse('/admin/pasien', status_code=status.HTTP_302_FOUND)
if pasien_update:
response.set_cookie(key='success', value='Update success')
else:
response.set_cookie(key='error', value='Gagal update')
return response
async def discord_oauth_redir():
state_key = token_urlsafe(20)
response = RedirectResponse(
f"https://discordapp.com/api/v7/oauth2/authorize?client_id={config['client_id']}&state={state_key}&redirect_uri={config['redirect_url']}&response_type=code&scope=identify%20connections&prompt=none",
status_code=307)
# We won't need this cookie 5 minutes later
response.set_cookie(key="state_key", value=state_key, expires=300)
return response
async def discord_oauth_redir():
state_key = token_urlsafe(20)
response = RedirectResponse(
f"{API_LOCATION}/oauth2/authorize?client_id={CLIENT_ID}&state={state_key}&redirect_uri={REDIRECT_URI}&response_type=code&scope=identify guilds&prompt=none",
status_code=307)
# We won't need this cookie 5 minutes later
response.set_cookie(key="state_key", value=state_key, expires=300)
return response
async def post(self, request):
response = RedirectResponse(url=request.headers['referer'],
status_code=303)
if request.cookies.get('theme'):
response.delete_cookie('theme')
else:
response.set_cookie('theme', 'default-dark')
return response
async def discord_oauth_redir():
state_key = token_urlsafe(20)
response = RedirectResponse(
f"{API_LOCATION}/oauth2/authorize?client_id={CLIENT_ID}&state={state_key}&redirect_uri={REDIRECT_URI}&response_type=code&scope=identify guilds",
status_code=307
)
response.set_cookie(key="state_key", value=state_key)
return response
async def oauth2_callback(request:Request):
host = request.headers["host"]
if "X-Forwarded-Ssl" in request.headers and request.headers["X-Forwarded-Ssl"] == 'on':
protocol = "https"
else:
protocol = request.url.scheme
cid = "ceiamin"
callback = protocol+"://" + host + "/frontend/oauth2Callback/"
state = request.query_params['state']
#session_state = request.rel_url.query['session_state']
saved_state = request.cookies["ceiamin_oauth_state"]
code = request.query_params['code']
form = aiohttp.FormData({"grant_type":"authorization_code", "code":code, "client_id":cid, "redirect_uri": callback})
resp: ClientResponse = None
try:
if state != saved_state:
raise Exception("State "+state+" != "+saved_state)
openClientSession: ClientSession = aiohttp.ClientSession(connector=aiohttp.TCPConnector(ssl=(settings.TEST==0)))
resp: ClientResponse = await openClientSession.post(settings.OAUTH2_TOKEN_URL, data=form())
body = await resp.read()
print("Corpo da resposta HTTP para obter token")
print(body)
jsonToken = json.loads(body)
key = "Bearer " + jsonToken["access_token"]
aheaders = CIMultiDict()
aheaders.add("Authorization", key)
userInfo: ClientResponse = await openClientSession.get(settings.OAUTH2_USERINFO_URL, headers=aheaders)
body = await userInfo.read()
jsonUser = json.loads(body)
except:
traceback.print_exc()
res = PlainTextResponse("Autorização falhou.", status_code=403)
return res
finally:
if resp:
resp.close()
sessionId = str(uuid.uuid1())
encoded_jwt = jwt.encode({'session': sessionId, 'user': jsonUser["preferred_username"], "timeini":str(datetime.now().timestamp()) }, secret, algorithm='HS256')
if isinstance(encoded_jwt, str):
encoded_jwt_str = encoded_jwt
else:
encoded_jwt_str = encoded_jwt.decode("utf-8")
response = RedirectResponse("/frontend")
response.set_cookie("ceiaminsession", encoded_jwt_str, path="/")
return response
async def post_login(request: Request,
username: str = Form(...),
password: str = Form(...)):
if username != 'admin' and password != '1q2w3e4r':
templates.TemplateResponse('login.html', context={'request': request})
else:
rr = RedirectResponse('/', status_code=303)
rr.set_cookie(key="token", value='yes')
rr.set_cookie(key="expire", value= str((datetime.datetime.now() \
+ datetime.timedelta(minutes=30)).strftime('%y/%m/%d %H:%M:%S')))
return rr
async def spotify_callback(code : str):
key = ''.join(random.choice(string.ascii_uppercase) for _ in range(16))
SPOTIFY_USERS[key] = await from_code(
spotify.User,
SPOTIFY_CLIENT,
code,
redirect_uri=REDIRECT_URI,
)
response = RedirectResponse(url="/")
response.set_cookie(key="spotify_user_id", value=key)
return response
async def create_token(api_key: api_key.APIKey = fastapi.Depends(auth.get_api_key)):
response = RedirectResponse(url="/docs")
response.set_cookie(
config.api_key_name,
value=api_key,
domain=config.{{ cookiecutter.python_package }}_host,
httponly=True,
max_age=1800,
expires=1800,
)
return response
async def auth(request: Request, token: str):
urls = {'beer': 'add_beer', 'wine': 'add_wine', 'vodka': 'add_vodka'}
"""Метод для принятия авторизации"""
try:
payload = jwt.decode(token, JWT_SECRET_KEY, algorithms=[JWT_ALGORITHM])
except (jwt.DecodeError, jwt.ExpiredSignatureError):
return RedirectResponse(AUTH_SERVER_LINK)
redirect_to = urls.get(payload['section'], '/')
response = RedirectResponse(request.url_for(redirect_to))
response.set_cookie(key='Authorization', value=token)
return response
def login(form_data: OAuth2PasswordRequestForm = Depends()):
username, password = form_data.username, form_data.password
if ((not callable(app.auth) and username in app.auth
and app.auth[username] == password)
or (callable(app.auth) and app.auth.__call__(username, password))):
token = secrets.token_urlsafe(16)
app.tokens[token] = username
response = RedirectResponse(url="/", status_code=status.HTTP_302_FOUND)
response.set_cookie(key="access-token", value=token, httponly=True)
return response
else:
raise HTTPException(status_code=400, detail="Incorrect credentials.")
async def route_login_action(access_token: str = Form(...)):
response = RedirectResponse(url="/",
status_code=status.HTTP_303_SEE_OTHER)
response.set_cookie(
self.api_key_name,
value=access_token,
domain=self.app.app_config.domain,
httponly=True,
max_age=60 * 60 * 24 * 30,
expires=60 * 60 * 24 * 30,
)
return response
async def callback(code: str, db: Session = Depends(deps.get_db)):
token = cred.request_user_token(code)
with spotify.token_as(token):
info = spotify.current_user()
existing = crud.spotify.get(db_session=db, id=info.id)
if not existing:
crud.spotify.create(db_session=db, obj_in=SpotifyCreate(id=info.id, refresh_token=token.refresh_token))
else:
crud.spotify.update(db_session=db, db_obj=existing, obj_in=SpotifyUpdate(id=info.id, refresh_token=token.refresh_token))
response = RedirectResponse("whoami", status_code=HTTP_303_SEE_OTHER)
response.set_cookie("username", info.id)
return response
async def login(request):
"""
Validate form, login and authenticate user with JWT token
"""
path = request.query_params['next']
data = await request.form()
form = LoginForm(data)
username = form.username.data
password = form.password.data
if request.method == "POST" and form.validate():
try:
results = await User.get(
username=username)
hashed_password = results.password
valid_password = check_password(password, hashed_password)
if not valid_password:
user_error = "Invalid username or password"
return templates.TemplateResponse(
"accounts/login.html",
{
"request": request,
"form": form,
"user_error": user_error
},
)
# update login counter and login time
results.login_count += 1
results.last_login = datetime.datetime.now()
await results.save()
response = RedirectResponse(BASE_HOST + path, status_code=302)
response.set_cookie(
"jwt", generate_jwt(results.username), httponly=True
)
response.set_cookie(
"admin", ADMIN, httponly=True
)
return response
except: # noqa
user_error = "Please register you don't have account"
return templates.TemplateResponse(
"accounts/login.html",
{
"request": request,
"form": form,
"user_error": user_error,
},
)
return templates.TemplateResponse("accounts/login.html", {
"request": request,
"form": form,
"path": path
})
