async def auth_checker(request: Request, call_next): # {'type': 'http', 'http_version': '1.1', 'server': ('127.0.0.1', 9901), 'client': ('127.0.0.1', 7037), 'scheme': 'http', 'method': 'GET', 'root_path': '', 'path': '/auth', 'raw_path': b'/auth', 'query_string': b'', 'headers': [(b'host', b'127.0.0.1:9901'), (b'connection', b'keep-alive'), (b'sec-fetch-dest', b'image'), (b'user-agent', b'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36'), (b'dnt', b'1'), (b'accept', b'image/webp,image/apng,image/*,*/*;q=0.8'), (b'sec-fetch-site', b'same-origin'), (b'sec-fetch-mode', b'no-cors'), (b'referer', b'http://127.0.0.1:9901/auth'), (b'accept-encoding', b'gzip, deflate, br'), (b'accept-language', b'zh-CN,zh;q=0.9'), (b'cookie', b'ads_id=lakdsjflakjdf; _ga=GA1.1.1550108461.1583462251')], 'fastapi_astack': <contextlib.AsyncExitStack object at 0x00000165BE69EEB8>, 'app': <fastapi.applications.FastAPI object at 0x00000165A7B738D0>} path = request.scope['path'] if path in Config.AUTH_PATH_WHITE_LIST: # ignore auth check return await call_next(request) query_string = request.scope.get('query_string', b'').decode('u8') query_has_sign = 'sign=' in query_string if query_has_sign: # try checking sign given_sign, valid_sign = Config.get_sign(path, query_string) if given_sign == valid_sign: # sign checking pass return await call_next(request) # try check cookie if not Config.watchdog_auth or Config.watchdog_auth == request.cookies.get( 'watchdog_auth', ''): # valid cookie, or no watchdog_auth checker return await call_next(request) # not pass either checker, refused if query_has_sign: # request with sign will not redirect return JSONResponse( status_code=400, content={ "message": 'signature expired', }, ) else: # bad cookie, reset the watchdog_auth cookie as null resp = RedirectResponse( f'/auth?redirect={quote_plus(request.scope["path"])}', 302) resp.set_cookie('watchdog_auth', '') return resp
def basic_auth(auth: BasicAuth = Depends(basic_auth)) -> RedirectResponse: headers = {"WWW-Authenticate": "Basic"} if not auth: raise UnauthorizedException(detail="Unauthorized", headers=headers) username, _, password = b64decode(auth).decode("ascii").partition(":") if repo.login(username, hash_password(password)) is None: raise UnauthorizedException(detail="Invalid username or password", headers=headers) access_token_expires = timedelta( minutes=int(getenv("ACCESS_TOKEN_EXPIRE", 60))) access_token = create_access_token({"sub": username}, access_token_expires) response = RedirectResponse(url="/docs") response.set_cookie("Authorization", value=f"Bearer {jsonable_encoder(access_token)}", domain="localhost", httponly=True, max_age=1800, expires=1800) return response
def dokter_create( username: str = Form(...), password: str = Form(...), nama: str = Form(...), alamat: str = Form(...), no_hp: str = Form(...), tempat_lahir: str = Form(...), tanggal_lahir: str = Form(...), poli: str = Form(...), access_token: str = Cookie(None), db: Session = Depends(get_db_session), ): body= { 'username': username, 'password': password, 'nama': nama, 'alamat': alamat, 'no_hp': no_hp, 'tempat_lahir': tempat_lahir, 'tanggal_lahir': tanggal_lahir, 'poli': poli, } requests.post('http://localhost:8000/api/v1/dokter', headers={ 'Authorization': f'Bearer {access_token}', 'Content-Type': 'application/json' }, json=body) response = RedirectResponse('/admin/dokter', status_code=status.HTTP_302_FOUND) response.set_cookie(key='success', value='Dokter berhasil dibuat') return response
async def auth(code: str, state: Optional[str] = None) -> RedirectResponse: try: headers = {'Accept': 'application/json'} payload = { "client_id": OAUTH_CLIENT_ID, "client_secret": OAUTH_CLIENT_SECRET, "code": code } if state: payload["state"] = state r = requests.post(OAUTH_URL, json=payload, headers=headers) body = json.loads(r.content) headers = {'Authorization': 'token ' + body["access_token"]} r = requests.get(OAUTH_USER_URL, headers=headers) body = json.loads(r.content) # print(body) # return "TBD1" id = body[OAUTH_USER_ID] groups = [] tokens = await create_token({ "id": id, "groups": groups }) access_token = tokens["access_token"] refresh_token = tokens["refresh_token"] callback_url = f"{OAUTH_CALLBACK}#{access_token}-{refresh_token}-" response = RedirectResponse(url=callback_url, status_code=302) response.set_cookie("Authorization", value=f"Bearer {access_token}", httponly=True) response.set_cookie("refresh_token", value=refresh_token, httponly=True) return response except Exception as e: print(e) return "Error"
def logout(session_token: str = Cookie(None)): check_session(session_token) del app.sessions[session_token] response = RedirectResponse(url='/') response.status_code = status.HTTP_302_FOUND response.set_cookie(key="session_token", value='') return response
async def login_view(request: Request): status_code = 200 message = None if request.method == 'POST': status_code = 401 data = await request.form() username = data.get('username') password = data.get('password') message = 'username or password are wrong' if username and password: token = await login(username=username, password=password) if token: url = request.query_params.get('next', '/') response = RedirectResponse(url=url, status_code=302) response.set_cookie(key=settings.SESSION_COOKIE_NAME, value=token.value, domain=settings.APP_DOMAIN, secure=True, httponly=True, samesite='strict') return response return settings.TEMPLATE.TemplateResponse('/auth/login.html', { 'request': request, 'message': message }, status_code=status_code)
def pasien_create( nama: str = Form(...), alamat: str = Form(...), no_hp: str = Form(...), tempat_lahir: str = Form(...), tanggal_lahir: str = Form(...), rfid: str = Form(...), bpjs: bool = Form(...), db: Session = Depends(get_db_session), access_token: str = Cookie(None) ): body= { 'nama': nama, 'alamat': alamat, 'no_hp': no_hp, 'tempat_lahir': tempat_lahir, 'tanggal_lahir': tanggal_lahir, 'rfid': rfid, 'bpjs': bpjs } response = requests.post('http://localhost:8000/api/v1/pasien', headers={ 'Authorization': f'Bearer {access_token}', 'Content-Type': 'application/json' }, json=body) if response.status_code == 201: rfid_obj = db.query(RFIDTemporary).filter(RFIDTemporary.id == 1).first() rfid_obj.aktif = False db.add(rfid_obj) db.commit() response = RedirectResponse('/admin/pasien', status_code=status.HTTP_302_FOUND) response.set_cookie(key='success', value='Pasien berhasil dibuat') return response
async def post(cls, request: Request): try: form = LoginForm(**await request.form()) except Exception: return templates.TemplateResponse( 'components/auth/templates/login.html', { 'request': request, 'error': 'Invalid data' }, status_code=400) async with UsersClient() as client: user = await client.login(form.username, form.password) if not user: return templates.TemplateResponse( 'components/auth/templates/login.html', { 'request': request, 'error': 'User not found' }, status_code=404) response = RedirectResponse(url='/', status_code=303) response.set_cookie('session', user['token']) return response
def login_user(credentials: HTTPBasicCredentials = Depends(security)): print(credentials) user = authenticate_user(Users_Collection, credentials.username, credentials.password) if not user: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect username or password", headers={"WWW-Authenticate": "Bearer"}, ) access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES) access_token = create_access_token(data={"sub": user.username}, expires_delta=access_token_expires) active_user.append(user.username) active_user_token.append(access_token) response = RedirectResponse(url="/users/me") token = jsonable_encoder(access_token) response.set_cookie( "Authorization", value=f"Bearer {token}", domain="localtest.me", httponly=True, max_age=1800, expires=1800, ) return response
def edit_dokter_post( id: int, nama: Optional[str] = Form(...), username: Optional[str] = Form(...), alamat: Optional[str] = Form(...), no_hp: Optional[str] =Form(...), tempat_lahir: Optional[str] = Form(...), tanggal_lahir: Optional[str] = Form(...), poli: Optional[str] = Form(...), db: Session = Depends(get_db_session), user: UserRetrieve = Depends(crud_user.get_current_user_login) ): dokter = crud_dokter.get(id=id, db=db) dokter_in = DokterUpdate( nama=nama, email=username, alamat=alamat, no_hp=no_hp, tempat_lahir=tempat_lahir, tanggal_lahir=tanggal_lahir, poli=poli, ).dict(exclude_unset=True) dokter_update = crud_dokter.update(obj_in=dokter_in, db_obj=dokter, db=db) response = RedirectResponse('/admin/dokter', status_code=status.HTTP_302_FOUND) if dokter_update: response.set_cookie(key='success', value='Update dokter berhasil') else: response.set_cookie(key='error', value='Gagal update dokter') return response
async def login(request): KEY_VALID_HOURS = 24 * 30 if request.method == "POST": form = await request.form() logged_in = await bobsled.storage.check_password( form["username"], form["password"] ) if logged_in: user = await bobsled.storage.get_user(form["username"]) permissions = user.permissions resp = RedirectResponse("/", status_code=302) until = datetime.datetime.utcnow() + datetime.timedelta( hours=KEY_VALID_HOURS ) token = jwt.encode( { "username": form["username"], "permissions": permissions, "until": until.isoformat(), }, key=bobsled.settings["secret_key"], ).decode() resp.set_cookie("jwt_token", token) return resp # on get or after failed login return templates.TemplateResponse("login.html", {"request": request})
async def login( request: typing.Any, username: str, password: str, api: cannula.API, ) -> bool: resp = await api.call( LOGIN_MUTATION, variables={ 'username': username, 'password': password, }, request=request ) if resp.errors: LOG.error(f'{resp.errors}') raise Exception('Unable to login user') LOG.info(f'Auth Response: {resp.data}') token = resp.data['login'] user = set_user( username=token['user']['name'], auth_token=token['authToken'], catalog=token['catalog'], roles=token['roles'] ) response = RedirectResponse('/dashboard') response.set_cookie(SESSION_COOKE_NAME, user.session_id) return response
async def auth_via_azure(request: Request): response = RedirectResponse(request.cookies.get("Redirect-url")) response.delete_cookie(key="Redirect-url") token = await oauth.azure.authorize_access_token(request) headers = {'Authorization': f'Bearer {token.get("access_token")}'} query = 'onPremisesSamAccountName,givenName,mail,surname' r = requests.get(f'https://graph.microsoft.com/v1.0/me?$select={query}', headers=headers) user = r.json() client_user = { "userId": user["onPremisesSamAccountName"], "givenName": user["givenName"], "surname": user["surname"], "initial": f"{user['givenName'][0]}{user['surname'][0]}", "email": user["mail"] } # user = await oauth.azure.parse_id_token(request, token) response.delete_cookie(key="ClientUser") response.set_cookie(key="ClientUser", value=json.dumps(client_user), max_age=3600, expires=3600) response.delete_cookie(key="ClientToken") response.set_cookie(key="ClientToken", value=token.get("access_token"), max_age=3600, expires=3600) return response
def make_authenticated_response( url: str, id_token: str, refresh_token: Optional[str] = None, stay_logged_in: bool = False, ) -> Response: response = RedirectResponse( url, status_code=status.HTTP_303_SEE_OTHER, headers={ "HX-Redirect": url, "HX-Push": url }, ) response.set_cookie( oauth2_scheme.token_name, id_token, max_age=30 * 60, httponly=True, samesite="strict", secure=True, ) if refresh_token: refresh_max_age = 30 * 24 * 60 * 60 if stay_logged_in else 35 * 60 response.set_cookie( oauth2_scheme.refresh_token_name, refresh_token, max_age=refresh_max_age, httponly=True, samesite="strict", secure=True, ) return response
async def logout( request: Request, current_user: schema.UserPayload = Depends(deps.get_current_user) ) -> Any: rr = RedirectResponse(request.url_for('index')) rr.set_cookie('jwt', value='deleted', expires=0) return rr
async def login(self, request: Request, redis: Redis = Depends(get_redis)): form = await request.form() username = form.get("username") password = form.get("password") remember_me = form.get("remember_me") admin = await self.admin_model.get_or_none(username=username) if not admin or not check_password(password, admin.password): return templates.TemplateResponse( self.template, status_code=HTTP_401_UNAUTHORIZED, context={ "request": request, "error": _("login_failed") }, ) response = RedirectResponse(url=request.app.admin_path, status_code=HTTP_303_SEE_OTHER) if remember_me == "on": expire = 3600 * 24 * 30 response.set_cookie("remember_me", "on") else: expire = 3600 response.delete_cookie("remember_me") token = uuid.uuid4().hex response.set_cookie( self.access_token, token, expires=expire, path=request.app.admin_path, httponly=True, ) await redis.set(constants.LOGIN_USER.format(token=token), admin.pk, expire=expire) return response
async def strava_callback(background_task: BackgroundTasks, code: str, scope: str, state: str = None): client = Client() token_response = client.exchange_code_for_token( client_id=STRAVA_CLIENT_ID, client_secret=STRAVA_CLIENT_SECRET, code=code) client = Client(access_token=token_response['access_token']) athlete = client.get_athlete() try: strava_athlete = await StravaAthlete.objects.get(id=athlete.id) except orm_exceptions.NoMatch: strava_athlete = await StravaAthlete.objects.create( id=athlete.id, access_token=token_response['access_token'], refresh_token=token_response['refresh_token'], token_expiration_datetime=datetime.utcfromtimestamp(token_response['expires_at']).isoformat()) background_task.add_task(new_athlete, strava_athlete) response = RedirectResponse('/reports') jwt_token = create_jwt_token(sub=strava_athlete.id) response.set_cookie( key="jwt_token", value=jwt_token, httponly=True) return response
def edit_pasien_post( id: int, nama: Optional[str] = Form(...), alamat: Optional[str] = Form(...), no_hp: Optional[str] =Form(...), tempat_lahir: Optional[str] = Form(...), tanggal_lahir: Optional[str] = Form(...), bpjs: Optional[bool] = Form(...), db: Session = Depends(get_db_session), user: UserRetrieve = Depends(crud_user.get_current_user_login), ): pasien = crud_pasien.get(id=id, db=db) pasien_in = PasienUpdate( nama=nama, alamat=alamat, no_hp=no_hp, tempat_lahir=tempat_lahir, tanggal_lahir=tanggal_lahir, bpjs=bpjs ).dict(exclude_unset=True) pasien_update = crud_pasien.update(db=db, db_obj=pasien, obj_in=pasien_in) response = RedirectResponse('/admin/pasien', status_code=status.HTTP_302_FOUND) if pasien_update: response.set_cookie(key='success', value='Update success') else: response.set_cookie(key='error', value='Gagal update') return response
async def discord_oauth_redir(): state_key = token_urlsafe(20) response = RedirectResponse( f"https://discordapp.com/api/v7/oauth2/authorize?client_id={config['client_id']}&state={state_key}&redirect_uri={config['redirect_url']}&response_type=code&scope=identify%20connections&prompt=none", status_code=307) # We won't need this cookie 5 minutes later response.set_cookie(key="state_key", value=state_key, expires=300) return response
async def discord_oauth_redir(): state_key = token_urlsafe(20) response = RedirectResponse( f"{API_LOCATION}/oauth2/authorize?client_id={CLIENT_ID}&state={state_key}&redirect_uri={REDIRECT_URI}&response_type=code&scope=identify guilds&prompt=none", status_code=307) # We won't need this cookie 5 minutes later response.set_cookie(key="state_key", value=state_key, expires=300) return response
async def post(self, request): response = RedirectResponse(url=request.headers['referer'], status_code=303) if request.cookies.get('theme'): response.delete_cookie('theme') else: response.set_cookie('theme', 'default-dark') return response
async def discord_oauth_redir(): state_key = token_urlsafe(20) response = RedirectResponse( f"{API_LOCATION}/oauth2/authorize?client_id={CLIENT_ID}&state={state_key}&redirect_uri={REDIRECT_URI}&response_type=code&scope=identify guilds", status_code=307 ) response.set_cookie(key="state_key", value=state_key) return response
async def oauth2_callback(request:Request): host = request.headers["host"] if "X-Forwarded-Ssl" in request.headers and request.headers["X-Forwarded-Ssl"] == 'on': protocol = "https" else: protocol = request.url.scheme cid = "ceiamin" callback = protocol+"://" + host + "/frontend/oauth2Callback/" state = request.query_params['state'] #session_state = request.rel_url.query['session_state'] saved_state = request.cookies["ceiamin_oauth_state"] code = request.query_params['code'] form = aiohttp.FormData({"grant_type":"authorization_code", "code":code, "client_id":cid, "redirect_uri": callback}) resp: ClientResponse = None try: if state != saved_state: raise Exception("State "+state+" != "+saved_state) openClientSession: ClientSession = aiohttp.ClientSession(connector=aiohttp.TCPConnector(ssl=(settings.TEST==0))) resp: ClientResponse = await openClientSession.post(settings.OAUTH2_TOKEN_URL, data=form()) body = await resp.read() print("Corpo da resposta HTTP para obter token") print(body) jsonToken = json.loads(body) key = "Bearer " + jsonToken["access_token"] aheaders = CIMultiDict() aheaders.add("Authorization", key) userInfo: ClientResponse = await openClientSession.get(settings.OAUTH2_USERINFO_URL, headers=aheaders) body = await userInfo.read() jsonUser = json.loads(body) except: traceback.print_exc() res = PlainTextResponse("Autorização falhou.", status_code=403) return res finally: if resp: resp.close() sessionId = str(uuid.uuid1()) encoded_jwt = jwt.encode({'session': sessionId, 'user': jsonUser["preferred_username"], "timeini":str(datetime.now().timestamp()) }, secret, algorithm='HS256') if isinstance(encoded_jwt, str): encoded_jwt_str = encoded_jwt else: encoded_jwt_str = encoded_jwt.decode("utf-8") response = RedirectResponse("/frontend") response.set_cookie("ceiaminsession", encoded_jwt_str, path="/") return response
async def post_login(request: Request, username: str = Form(...), password: str = Form(...)): if username != 'admin' and password != '1q2w3e4r': templates.TemplateResponse('login.html', context={'request': request}) else: rr = RedirectResponse('/', status_code=303) rr.set_cookie(key="token", value='yes') rr.set_cookie(key="expire", value= str((datetime.datetime.now() \ + datetime.timedelta(minutes=30)).strftime('%y/%m/%d %H:%M:%S'))) return rr
async def spotify_callback(code : str): key = ''.join(random.choice(string.ascii_uppercase) for _ in range(16)) SPOTIFY_USERS[key] = await from_code( spotify.User, SPOTIFY_CLIENT, code, redirect_uri=REDIRECT_URI, ) response = RedirectResponse(url="/") response.set_cookie(key="spotify_user_id", value=key) return response
async def create_token(api_key: api_key.APIKey = fastapi.Depends(auth.get_api_key)): response = RedirectResponse(url="/docs") response.set_cookie( config.api_key_name, value=api_key, domain=config.{{ cookiecutter.python_package }}_host, httponly=True, max_age=1800, expires=1800, ) return response
async def auth(request: Request, token: str): urls = {'beer': 'add_beer', 'wine': 'add_wine', 'vodka': 'add_vodka'} """Метод для принятия авторизации""" try: payload = jwt.decode(token, JWT_SECRET_KEY, algorithms=[JWT_ALGORITHM]) except (jwt.DecodeError, jwt.ExpiredSignatureError): return RedirectResponse(AUTH_SERVER_LINK) redirect_to = urls.get(payload['section'], '/') response = RedirectResponse(request.url_for(redirect_to)) response.set_cookie(key='Authorization', value=token) return response
def login(form_data: OAuth2PasswordRequestForm = Depends()): username, password = form_data.username, form_data.password if ((not callable(app.auth) and username in app.auth and app.auth[username] == password) or (callable(app.auth) and app.auth.__call__(username, password))): token = secrets.token_urlsafe(16) app.tokens[token] = username response = RedirectResponse(url="/", status_code=status.HTTP_302_FOUND) response.set_cookie(key="access-token", value=token, httponly=True) return response else: raise HTTPException(status_code=400, detail="Incorrect credentials.")
async def route_login_action(access_token: str = Form(...)): response = RedirectResponse(url="/", status_code=status.HTTP_303_SEE_OTHER) response.set_cookie( self.api_key_name, value=access_token, domain=self.app.app_config.domain, httponly=True, max_age=60 * 60 * 24 * 30, expires=60 * 60 * 24 * 30, ) return response
async def callback(code: str, db: Session = Depends(deps.get_db)): token = cred.request_user_token(code) with spotify.token_as(token): info = spotify.current_user() existing = crud.spotify.get(db_session=db, id=info.id) if not existing: crud.spotify.create(db_session=db, obj_in=SpotifyCreate(id=info.id, refresh_token=token.refresh_token)) else: crud.spotify.update(db_session=db, db_obj=existing, obj_in=SpotifyUpdate(id=info.id, refresh_token=token.refresh_token)) response = RedirectResponse("whoami", status_code=HTTP_303_SEE_OTHER) response.set_cookie("username", info.id) return response
async def login(request): """ Validate form, login and authenticate user with JWT token """ path = request.query_params['next'] data = await request.form() form = LoginForm(data) username = form.username.data password = form.password.data if request.method == "POST" and form.validate(): try: results = await User.get( username=username) hashed_password = results.password valid_password = check_password(password, hashed_password) if not valid_password: user_error = "Invalid username or password" return templates.TemplateResponse( "accounts/login.html", { "request": request, "form": form, "user_error": user_error }, ) # update login counter and login time results.login_count += 1 results.last_login = datetime.datetime.now() await results.save() response = RedirectResponse(BASE_HOST + path, status_code=302) response.set_cookie( "jwt", generate_jwt(results.username), httponly=True ) response.set_cookie( "admin", ADMIN, httponly=True ) return response except: # noqa user_error = "Please register you don't have account" return templates.TemplateResponse( "accounts/login.html", { "request": request, "form": form, "user_error": user_error, }, ) return templates.TemplateResponse("accounts/login.html", { "request": request, "form": form, "path": path })