def ensure_group_administrator():
db = get_db()
administrator = fetch_user_group('Administrator')
permissions = administrator.permissions
permissions.append(fetch_permission('concept:read'))
permissions.append(fetch_permission('concept:write'))
db.session.commit()
def fetch_user_group(name: str):
user_group = UserGroup.query.filter_by(name=name).first()
if not user_group:
db = get_db()
user_group = UserGroup(name=name)
db.session.add(user_group)
return user_group
def fetch_permission(name: str):
permission = Permission.query.filter_by(name=name).first()
if not permission:
db = get_db()
permission = Permission(name=name)
db.session.add(permission)
return permission
def can_pass(condition, email, failure_message, failure_code=400):
if condition():
from flask import request
from km.database import get_db
from km.model import Authentication
db = get_db()
authentication = Authentication(email=email, ip_address=request.remote_addr, message=failure_message)
db.session.add(authentication)
db.session.commit()
abort(failure_code, message=failure_message)
def register():
from km.database import get_db
from km.model import User
from km.model.user import fetch_user_group
args = create_register_request_args.parse_args()
hash_ = sha256()
hash_.update(args['password'].encode('utf-8'))
user = User(email=args['email'], password=hash_.hexdigest(), first_name=args['firstName'],
last_name=args['lastName'])
user.groups.append(fetch_user_group('User'))
db = get_db()
db.session.add(user)
db.session.commit()
return marshal(user, user_fields), 201
def login():
from km.model import User
from km.database import get_db
db = get_db()
args = create_login_request_args.parse_args()
if not args['email']:
abort(401, message='Missing email.')
can_pass(lambda: not args['password'], args['email'], 'Missing password', 401)
password = sha256()
password.update(args['password'].encode('utf-8'))
user = User.query.filter_by(email=args['email'], password=password.hexdigest()).first()
can_pass(lambda: not user, args['email'], 'E-Mail or password is wrong.', 401)
token, refresh_token, expires = generate_token(user)
return jsonify(
{"access_token": token, 'refresh_token': refresh_token, "expires_at": datetime_to_unixtimestamp(expires)}), 200
def generate_token(user) -> tuple:
from flask import request, current_app
from km.database import get_db
from km.model import Authentication
now = now_()
expires = now + expiration_timespan
refresh_token = create_refresh_token()
auth = Authentication(email=user.email, ip_address=request.remote_addr, refresh_token=refresh_token,
success=True, expires=expires)
print(f"\nNew {now}+{expiration_timespan} = {expires}", flush=True)
db = get_db()
db.session.add(auth)
db.session.commit()
return (jwt.encode(
{'sub': user.email, 'exp': expires, 'aud': current_app.config['JWT_AUDIENCE'], 'iat': now,
'permissions': user.permissions},
current_app.config['PRIVATE_KEY'],
algorithm='RS256'), refresh_token, expires)
def ensure_group_user():
db = get_db()
user = fetch_user_group('User')
permissions = user.permissions
permissions.append(fetch_permission('concept:read'))
db.session.commit()
