def authenticate(self, authorization: http.Header,
settings: Settings) -> Union[Auth, None]:
if authorization is None:
return None
if not authorization.startswith('Bearer '):
return None
bearer = authorization.split(' ', 1)[1].strip()
try:
token = jwt.decode(
bearer,
algorithms=settings['JWT'].get('ALGORITHMS', ['EC256']),
secret=settings['JWT'].get('SECRET', ''),
**settings['JWT'].get('EXTRA', {}),
)
except jwt.MissingRequiredClaimError as ex:
log.warning('JWT Missing claim: %s', ex.claim)
return None
except jwt.InvalidTokenError as ex:
log.exception('JWT Invalid Token: %s', ex.__class__.__name__)
return None
return self.get_account(token)
def put_publisher(session: Session, username: str, full_name: str,
img_url: str, email: str, password: str,
authorization: http.Header):
ba = "".join(authorization.split())
decode = base64.b64decode(ba[5:]).decode('utf-8')
usernamex, passwordx = decode.split(':')
isAdmin = session.query(Admin).filter_by(
username=usernamex).first() and session.query(Admin).filter_by(
password=passwordx).first()
queryset = session.query(Publisher).filter_by(email=email).first()
if isAdmin:
if email is not None:
if queryset:
if queryset and username is not None:
queryset.username = username
if queryset and full_name is not None:
queryset.full_name = full_name
if queryset and email is not None:
queryset.email = email
if queryset and img_url is not None:
queryset.img_url = img_url
if queryset and password is not None:
queryset.password = password
return {'message': 'success edit publisher'}
else:
return {'message': 'email not found !'}
else:
return {'message': 'please input your email !'}
else:
return {'massage': 'not authorized'}
def add_culinary(session: Session, auth: Auth, culinary_name: str,
description: str, location: str, img_url: str,
authorization: http.Header):
ba = "".join(authorization.split())
decode = base64.b64decode(ba[5:]).decode('utf-8')
username, password = decode.split(':')
isPublisher = session.query(Publisher).filter_by(
username=username).first() and session.query(Publisher).filter_by(
password=password).first()
query = session.query(Publisher).filter_by(
username=auth.get_user_id()).first()
if isPublisher:
if query:
addCulinary = Culinary(publisher=auth.get_user_id(),
culinary_name=culinary_name,
description=description,
location=location,
img_url=img_url)
session.add(addCulinary)
session.commit()
return {'message': 'success add culinary'}
else:
return {'message': 'error add culinary'}
else:
return {'message': 'not authorized'}
def resolve(self, cookie: http.Header) -> typing.Dict[str, Cookie]:
cookies = dict()
if cookie:
for c in cookie.split(";"):
key, val = c.strip().split("=", 1)
cookies[key] = Cookie(val)
return cookies
def get_token(session: Session, auth: Auth, authorization: http.Header):
if authorization is None:
return {'message': 'not authorization and please login'}
ba = "".join(authorization.split())
decode = base64.b64decode(ba[5:]).decode('utf-8')
username, password = decode.split(':')
query_admin = session.query(Admin).filter_by(
username=auth.get_user_id()).first()
query_publisher = session.query(Publisher).filter_by(
username=auth.get_user_id()).first()
if query_admin:
if query_admin.password == password:
return {
'username': auth.get_user_id(),
'user_id': query_admin.id,
'basic_token': ba[5:],
}
else:
return {'message': 'auth Password wrong !'}
elif query_publisher:
if query_publisher.password == password:
return {
'username': auth.get_user_id(),
'user_id': query_publisher.id,
'token': ba[5:],
}
else:
return {'message': 'auth Password wrong !'}
else:
return {'message': 'error authorization'}
def authenticate(self, authorization: Header):
if authorization is None:
return None
scheme, token = authorization.split()
if scheme.lower() != 'token':
return None
if token == 'Abigale@123$':
return Authenticated('admin', user=User('admin', True))
def authenticate(self, authorization: http.Header, settings: Settings):
if not authorization:
raise Unauthorized()
scheme, token = authorization.split()
try:
payload = jwt.decode(token,
settings['JWT_SECRET'],
algorithms=['HS256'])
return Authenticated(payload['user_id'])
except jwt.exceptions.InvalidTokenError:
raise Unauthorized()
def get_token_from_header(authorization: http.Header):
if authorization is None:
raise AuthenticationFailed('Authorization header is missing.')
try:
scheme, token = authorization.split()
except ValueError:
raise AuthenticationFailed(
'Could not seperate Authorization scheme and token.')
if scheme.lower() != 'bearer':
raise AuthenticationFailed(
'Authorization scheme not supported, try Bearer')
return token
def authenticate_user(authorization: http.Header):
"""
Determine the user associated with a request, using a token Bearer.
"""
if authorization is None:
return None
try:
scheme, token = authorization.split()
if scheme.lower() != 'bearer':
return None
return User(jwt.decode(token, PUBLIC_KEY, algorithms=['RS256']))
except (ValueError, jwt.InvalidTokenError):
return None
def authenticate(self, authorization: http.Header):
"""
Determine the user associated with a request, using HTTP Basic Authentication.
"""
if authorization is None:
return None
scheme, token = authorization.split()
if scheme.lower() != 'basic':
return None
username, password = base64.b64decode(token).decode('utf-8').split(':')
return Authenticated(username)
def authenticate(self, authorization: http.Header):
if authorization is None:
return None
scheme, token = authorization.split()
if scheme.lower() != 'bearer':
return None
if token != SECRET_KEY:
return None
return Authenticated('spider')
def get_jwt(authorization: http.Header, settings: Settings):
if authorization is None:
raise AuthenticationFailed(
'Authorization header is missing.') from None
try:
scheme, token = authorization.split()
except ValueError:
raise AuthenticationFailed(
'Could not seperate Authorization scheme and token.') from None
if scheme.lower() != 'bearer':
raise AuthenticationFailed(
'Authorization scheme not supported, try Bearer') from None
return JWT(token=token, settings=settings)
def authenticate(self, authorization: Header, mongo: Database):
if authorization is None:
return None
scheme, token = authorization.split()
if scheme.lower() != 'basic':
return None
token = base64.b64decode(token).decode("utf-8")
username, password = token.split(":")
user = mongo.users.find_one({"username": username, "password": password})
if user is not None:
username = user['username']
is_admin = user['isAdmin']
return Authenticated(username, user=User(username, is_admin))
def resolve(self, authorization: http.Header) -> User:
"""
Determine the user associated with a request, using HTTP Basic Authentication.
"""
if authorization is None:
return None
scheme, token = authorization.split()
if scheme.lower() != 'basic':
return None
username, password = base64.b64decode(token).decode('utf-8').split(':')
if not self.check_authentication(username, password):
raise exceptions.Forbidden('Incorrect username or password.')
return User(username)
def add_admin(session: Session, username: str, full_name: str, img_url: str,
email: str, password: str, authorization: http.Header):
ba = "".join(authorization.split())
decode = base64.b64decode(ba[5:]).decode('utf-8')
usernamex, passwordx = decode.split(':')
isAdmin = session.query(Admin).filter_by(
username=usernamex).first() and session.query(Admin).filter_by(
password=passwordx).first()
if isAdmin:
add_Admin = Admin(username, full_name, img_url, email, password)
session.add(add_Admin)
session.commit()
return {'message': 'success add admin'}
else:
return {'message': 'not authorized'}
def authenticate(self, authorization: http.Header, session: Session):
"""
Determine the user associated with a request based on a token sent over the Authorization
header.
"""
if authorization is None:
return None
scheme, token = authorization.split()
if scheme.lower() != 'token':
return None
user_token = session.Token.objects.filter(key=token).first()
if not user_token:
return None
return Authenticated(user_token.user.username, user=user_token.user)
def authenticate(self, authorization: http.Header,
repository: repo.Repository):
if authorization is None:
return None
scheme, token = authorization.split(' ', 1)
if scheme.lower() != 'bearer':
return None
user = repository.find_token_user(token)
if user is None:
return None
user = repository.find_token_user(token)
if user is None:
return None
return Authenticated(user.email, user=user, token=token)
def delete_publisher(session: Session, email: str, authorization: http.Header):
ba = "".join(authorization.split())
decode = base64.b64decode(ba[5:]).decode('utf-8')
username, password = decode.split(':')
isAdmin = session.query(Admin).filter_by(
username=username).first() and session.query(Admin).filter_by(
password=password).first()
queryset = session.query(Publisher).filter_by(email=email).first()
if isAdmin:
if queryset:
session.delete(queryset)
return {"message": "success delete publisher"}
else:
return {"message": "error delete publisher"}
else:
return {'massage': 'not authorized'}
def token_logout(authorization: http.Header):
from django_apistar.authentication.models import Token
if not authorization:
return None
scheme, token = authorization.split()
if scheme.lower() != 'bearer':
return None
try:
user = Token.objects.get(key=token).user
except Token.DoesNotExist:
return None
if user:
user.auth_token.delete()
return http.JSONResponse({"message": "Logged out."}, status_code=200)
def resolve(self, authorization: http.Header):
"""
Determine the user associated with a request, using Token Authentication.
"""
from django_apistar.authentication.models import Token
if authorization is None:
return None
scheme, token = authorization.split()
if scheme.lower() != 'bearer':
return None
try:
user = Token.objects.get(key=token).user
except Token.DoesNotExist:
return None
return user
def authenticate(self, authorization: http.Header,
repository: repo.Repository):
if authorization is None:
return None
scheme, token = authorization.split(' ', 1)
if scheme.lower() != 'basic':
return None
username, password = base64.b64decode(token).decode('utf-8').split(
':', 1)
user = repository.find_token_user(password)
if user is None:
return None
if username != '' and username != user.email:
return None
return Authenticated(user.email, user=user, token=password)
def resolve(self, authorization: http.Header) -> User:
"""
Determina el usuario asociado con una peticion, usando Token de autenticacion
"""
if authorization is None:
return None
scheme, token = authorization.split()
if scheme.lower() != 'token':
return None
try:
token = jwt.decode(jwt=token, key=SECRET_KEY, algorithm=ALGORITHM)
user = UserDAO()
user = user.users.find_one({'_id': ObjectId(token['user'])})
if user:
return User(_id=str(user['_id']),
username=user['username'],
groups=user['groups'])
except Exception as e:
raise exceptions.BadRequest(str(e))
return None
def authenticate(self, authorization: http.Header, settings: Settings):
if authorization is None:
raise Unauthorized({
'error_code': 'AuthorizationHeaderMissing',
'message': "Authorization header is missing",
})
scheme, token = authorization.split(None, 1)
if scheme.lower() != 'bearer':
raise Forbidden({
'error_code':
'InvalidAuthorizationHeaderFormat',
'message':
'Authorization header is in invalid format, should be "Bearer TOKEN"',
})
try:
token = jwt.decode(token,
key=self.pubkey,
audience=None,
options={'verify_aud': False})
except jwt.InvalidTokenError as e:
headers = {
'WWW-Authenticate': 'Bearer error="invalid_token"',
}
raise Unauthorized(
{
'error_code': 'InvalidAccessTokenError',
'message': "Access token is invalid: {token_error}",
'token_error': str(e),
},
headers=headers)
if token['iss'] != settings['QVARN']['TOKEN_ISSUER']:
headers = {
'WWW-Authenticate': 'Bearer error="invalid_token"',
}
raise Unauthorized(
{
'error_code':
'InvalidAccessTokenError',
'message':
"Access token is invalid: {token_error}",
'token_error':
'Expected issuer %s, got %s' %
(settings['QVARN']['TOKEN_ISSUER'], token['iss']),
},
headers=headers)
if 'sub' not in token:
headers = {
'WWW-Authenticate': 'Bearer error="invalid_token"',
}
raise Unauthorized(
{
'error_code': 'InvalidAccessTokenError',
'message': "Access token is invalid: {token_error}",
'token_error': 'Invalid subject (sub)',
},
headers=headers)
return Authenticated('user', token=token)
