ScoDoc/app/api/auth.py

97 lines
3.1 KiB
Python
Raw Permalink Normal View History

2021-09-09 12:49:23 +02:00
# -*- coding: UTF-8 -*
# Authentication code borrowed from Miguel Grinberg's Mega Tutorial
# (see https://github.com/miguelgrinberg/microblog)
# and modified for ScoDoc
2021-09-09 12:49:23 +02:00
# Under The MIT License (MIT)
# Copyright (c) 2017 Miguel Grinberg
# Permission is hereby granted, free of charge, to any person obtaining a copy of
# this software and associated documentation files (the "Software"), to deal in
# the Software without restriction, including without limitation the rights to
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
# the Software, and to permit persons to whom the Software is furnished to do so,
# subject to the following conditions:
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
from functools import wraps
from flask import abort
from flask import g
2021-09-09 12:49:23 +02:00
from flask_httpauth import HTTPBasicAuth, HTTPTokenAuth
2022-05-03 08:55:56 +02:00
from app import log
2021-09-09 12:49:23 +02:00
from app.auth.models import User
from app.api.errors import error_response
basic_auth = HTTPBasicAuth()
token_auth = HTTPTokenAuth()
@basic_auth.verify_password
def verify_password(username, password):
2022-05-03 13:35:17 +02:00
"Verify password for this user"
user = User.query.filter_by(user_name=username).first()
2021-09-09 12:49:23 +02:00
if user and user.check_password(password):
g.current_user = user
2022-05-03 13:35:17 +02:00
# note: est aussi basic_auth.current_user()
2021-09-09 12:49:23 +02:00
return user
@basic_auth.error_handler
def basic_auth_error(status):
2022-05-03 13:35:17 +02:00
"error response (401 for invalid auth.)"
2021-09-09 12:49:23 +02:00
return error_response(status)
@token_auth.verify_token
2022-05-03 13:35:17 +02:00
def verify_token(token) -> User:
"Retrouve l'utilisateur à partir du jeton"
user = User.check_token(token) if token else None
g.current_user = user
return user
2021-09-09 12:49:23 +02:00
@token_auth.error_handler
def token_auth_error(status):
2022-05-03 13:35:17 +02:00
"rréponse en cas d'erreur d'auth."
2021-09-09 12:49:23 +02:00
return error_response(status)
@token_auth.get_user_roles
def get_user_roles(user):
return user.roles
def token_permission_required(permission):
2022-05-03 13:35:17 +02:00
"Décorateur pour les fontions de l'API ScoDoc"
def decorator(f):
@wraps(f)
def decorated_function(*args, **kwargs):
2022-05-03 13:35:17 +02:00
# token_auth.login_required()
current_user = basic_auth.current_user()
if not current_user or not current_user.has_permission(permission, None):
if current_user:
log(f"API permission denied (user {current_user})")
2022-05-03 08:55:56 +02:00
else:
2022-05-03 13:35:17 +02:00
log("API permission denied (no user supplied)")
abort(403)
return f(*args, **kwargs)
2022-05-03 13:35:17 +02:00
# return decorated_function(token_auth.login_required())
return decorated_function
return decorator