class AuthCode(BaseMixin, db.Model):
"""Short-lived authorization tokens."""
__tablename__ = 'authcode'
user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
user = db.relationship(User, primaryjoin=user_id == User.id)
client_id = db.Column(db.Integer,
db.ForeignKey('client.id'),
nullable=False)
client = db.relationship(Client,
primaryjoin=client_id == Client.id,
backref=db.backref("authcodes",
cascade="all, delete-orphan"))
code = db.Column(db.String(44), default=newsecret, nullable=False)
_scope = db.Column('scope', db.Unicode(250), nullable=False)
redirect_uri = db.Column(db.Unicode(250), nullable=False)
used = db.Column(db.Boolean, default=False, nullable=False)
@property
def scope(self):
return self._scope.split(u' ')
@scope.setter
def scope(self, value):
self._scope = u' '.join(value)
scope = db.synonym('_scope', descriptor=scope)
def add_scope(self, additional):
if isinstance(additional, basestring):
additional = [additional]
self.scope = list(set(self.scope).union(set(additional)))
class UserPhone(BaseMixin, db.Model):
__tablename__ = 'userphone'
user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
user = db.relationship(User,
primaryjoin=user_id == User.id,
backref=db.backref('phones',
cascade="all, delete-orphan"))
primary = db.Column(db.Boolean, nullable=False, default=False)
_phone = db.Column('phone', db.Unicode(80), unique=True, nullable=False)
gets_text = db.Column(db.Boolean, nullable=False, default=True)
def __init__(self, phone, **kwargs):
super(UserPhone, self).__init__(**kwargs)
self._phone = phone
@property
def phone(self):
return self._phone
phone = db.synonym('_phone', descriptor=phone)
def __repr__(self):
return u'<UserPhone %s of user %s>' % (self.phone, repr(self.user))
def __unicode__(self):
return unicode(self.phone)
def __str__(self):
return str(self.__unicode__())
class UserEmail(BaseMixin, db.Model):
__tablename__ = 'useremail'
user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
user = db.relationship(User,
primaryjoin=user_id == User.id,
backref=db.backref('emails',
cascade="all, delete-orphan"))
_email = db.Column('email', db.Unicode(80), unique=True, nullable=False)
md5sum = db.Column(db.String(32), unique=True, nullable=False)
primary = db.Column(db.Boolean, nullable=False, default=False)
def __init__(self, email, **kwargs):
super(UserEmail, self).__init__(**kwargs)
self._email = email
self.md5sum = md5(self._email).hexdigest()
@property
def email(self):
return self._email
#: Make email immutable. There is no setter for email.
email = db.synonym('_email', descriptor=email)
def __repr__(self):
return u'<UserEmail %s of user %s>' % (self.email, repr(self.user))
def __unicode__(self):
return unicode(self.email)
def __str__(self):
return str(self.__unicode__())
class UserPhoneClaim(BaseMixin, db.Model):
__tablename__ = 'userphoneclaim'
user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
user = db.relationship(User, primaryjoin=user_id == User.id,
backref=db.backref('phoneclaims', cascade="all, delete-orphan"))
_phone = db.Column('phone', db.Unicode(80), nullable=False)
gets_text = db.Column(db.Boolean, nullable=False, default=True)
verification_code = db.Column(db.Unicode(4), nullable=False, default=newpin)
def __init__(self, phone, **kwargs):
super(UserPhoneClaim, self).__init__(**kwargs)
self.verification_code = newpin()
self._phone = phone
@property
def phone(self):
return self._phone
phone = db.synonym('_phone', descriptor=phone)
def __repr__(self):
return u'<UserPhoneClaim %s of user %s>' % (self.phone, repr(self.user))
def __unicode__(self):
return unicode(self.phone)
def __str__(self):
return str(self.__unicode__())
def permissions(self, user, inherited=None):
perms = super(UserPhoneClaim, self).permissions(user, inherited)
if user and user == self.user:
perms.add('verify')
return perms
class UserEmailClaim(BaseMixin, db.Model):
__tablename__ = 'useremailclaim'
user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
user = db.relationship(User,
primaryjoin=user_id == User.id,
backref=db.backref('emailclaims',
cascade="all, delete-orphan"))
_email = db.Column('email', db.Unicode(80), nullable=True)
verification_code = db.Column(db.String(44),
nullable=False,
default=newsecret)
md5sum = db.Column(db.String(32), nullable=False)
def __init__(self, email, **kwargs):
super(UserEmailClaim, self).__init__(**kwargs)
self.verification_code = newsecret()
self._email = email
self.md5sum = md5(self._email).hexdigest()
@property
def email(self):
return self._email
#: Make email immutable. There is no setter for email.
email = db.synonym('_email', descriptor=email)
def __repr__(self):
return u'<UserEmailClaim %s of user %s>' % (self.email, repr(
self.user))
def __unicode__(self):
return unicode(self.email)
def __str__(self):
return str(self.__unicode__())
def permissions(self, user, inherited=None):
perms = super(UserEmailClaim, self).permissions(user, inherited)
if user and user == self.user:
perms.add('verify')
return perms
class AuthToken(BaseMixin, db.Model):
"""Access tokens for access to data."""
__tablename__ = 'authtoken'
user_id = db.Column(db.Integer, db.ForeignKey('user.id'),
nullable=True) # Null for client-only tokens
user = db.relationship(User, primaryjoin=user_id == User.id)
client_id = db.Column(db.Integer,
db.ForeignKey('client.id'),
nullable=False)
client = db.relationship(Client,
primaryjoin=client_id == Client.id,
backref=db.backref("authtokens",
cascade="all, delete-orphan"))
token = db.Column(db.String(22),
default=newid,
nullable=False,
unique=True)
token_type = db.Column(db.String(250), default='bearer',
nullable=False) # 'bearer', 'mac' or a URL
secret = db.Column(db.String(44), nullable=True)
_algorithm = db.Column('algorithm', db.String(20), nullable=True)
_scope = db.Column('scope', db.Unicode(250), nullable=False)
validity = db.Column(db.Integer, nullable=False,
default=0) # Validity period in seconds
refresh_token = db.Column(db.String(22), nullable=True, unique=True)
# Only one authtoken per user and client. Add to scope as needed
__table_args__ = (db.UniqueConstraint("user_id", "client_id"), {})
def __init__(self, **kwargs):
super(AuthToken, self).__init__(**kwargs)
self.token = newid()
if self.user:
self.refresh_token = newid()
self.secret = newsecret()
def refresh(self):
"""
Create a new token while retaining the refresh token.
"""
if self.refresh_token is not None:
self.token = newid()
self.secret = newsecret()
@property
def scope(self):
return self._scope.split(u' ')
@scope.setter
def scope(self, value):
self._scope = u' '.join(value)
scope = db.synonym('_scope', descriptor=scope)
def add_scope(self, additional):
if isinstance(additional, basestring):
additional = [additional]
self.scope = list(set(self.scope).union(set(additional)))
@property
def algorithm(self):
return self._algorithm
@algorithm.setter
def algorithm(self, value):
if value is None:
self._algorithm = None
self.secret = None
elif value in ['hmac-sha-1', 'hmac-sha-256']:
self._algorithm = value
else:
raise ValueError("Unrecognized algorithm '%s'" % value)
algorithm = db.synonym('_algorithm', descriptor=algorithm)