def get(self):
"""
Generate token to client application
"""
service = request.args['service']
scope = request.args.get('scope')
if request.authorization:
username = request.authorization.get('username')
password = request.authorization.get('password')
user_id = AuthBusiness.login(username, password)['user_id']
else:
user_id, _, _ = get_userinfo_by_token()
auth_client = AuthBusiness.token(user_id, service, scope)
return auth_client
def post(self):
"""
Logging in to the system
"""
data, status = validate(request.json, 'login')
if status is False:
raise BadRequest(json.dumps(data))
auth = AuthBusiness.login(data['username'], data['password'])
if not auth:
raise InternalServerError('Error logging!')
return auth
def post(self, action, user_id, client_id):
"""
authorize or revoke authorization from a customer
"""
if action.lower() not in ['authorize', 'revoke']:
raise BadRequest('Action not found. Set "authorize or revoke"!')
if not request.json or len(request.json.get('scope', [])) <= 0:
raise BadRequest('Scope is missing!')
status = AuthBusiness.authorize_revoke_client(action, user_id,
client_id,
request.json['scope'])
if not status:
raise InternalServerError('Error while {}'.format(action))
return {"message": "Updated User!"}
def get_userinfo_by_token(client_id=False):
try:
bearer, authorization = request.headers['Authorization'].split()
if 'bearer' not in bearer.lower():
raise Forbidden('Invalid token!')
except Exception:
raise Forbidden('Token is required!')
if authorization:
result, status = AuthBusiness.decode_auth_token(authorization)
if status:
user = UsersBusiness.get_by_id(result["id"])
if user:
if client_id:
client = ClientsBusiness.get_by_id(client_id)
if not client:
raise NotFound('Client not Found!')
return str(user['_id']), user['credential']['grants'], client
return str(user['_id']), user['credential']['grants'], False
raise NotFound('User not found')
raise Unauthorized(str(result))
raise Forbidden('Token is required!')