changes to app_token
This commit is contained in:
parent
5bda9e8d83
commit
4498be544b
7 changed files with 71 additions and 85 deletions
|
|
@ -58,36 +58,36 @@ def introspect() -> ResponseReturnValue:
|
|||
return jsonify(token_info)
|
||||
|
||||
|
||||
@api_views.route('/login/<service_name>', methods=['POST'])
|
||||
def email_login(service_name: str) -> ResponseReturnValue:
|
||||
if service_name not in lenticular_services:
|
||||
return '', 404
|
||||
service = lenticular_services[service_name]
|
||||
# @api_views.route('/login/<service_name>', methods=['POST'])
|
||||
# def email_login(service_name: str) -> ResponseReturnValue:
|
||||
# if service_name not in lenticular_services:
|
||||
# return '', 404
|
||||
# service = lenticular_services[service_name]
|
||||
|
||||
if not request.is_json:
|
||||
return jsonify({}), 400
|
||||
req_payload = request.get_json() # type: Any
|
||||
# if not request.is_json:
|
||||
# return jsonify({}), 400
|
||||
# req_payload = request.get_json() # type: Any
|
||||
|
||||
if not isinstance(req_payload, dict):
|
||||
return 'bad request', 400
|
||||
# if not isinstance(req_payload, dict):
|
||||
# return 'bad request', 400
|
||||
|
||||
password = req_payload["password"]
|
||||
username = req_payload["username"]
|
||||
# password = req_payload["password"]
|
||||
# username = req_payload["username"]
|
||||
|
||||
if '@' in username:
|
||||
username = username.split('@')[0]
|
||||
# if '@' in username:
|
||||
# username = username.split('@')[0]
|
||||
|
||||
user = User.query.filter_by(username=username.lower()).first() # type: Optional[User]
|
||||
if user is None:
|
||||
logger.warning(f'login with invalid username')
|
||||
return jsonify({}), 403
|
||||
# user = User.query.filter_by(username=username.lower()).first() # type: Optional[User]
|
||||
# if user is None:
|
||||
# logger.warning(f'login with invalid username')
|
||||
# return jsonify({}), 403
|
||||
|
||||
for app_token in user.get_tokens_by_service(service):
|
||||
if secrets.compare_digest(password, app_token.token):
|
||||
app_token.last_used = datetime.now()
|
||||
db.session.commit()
|
||||
return jsonify({'username': user.username}), 200
|
||||
# for app_token in user.get_token_by_name(service):
|
||||
# if secrets.compare_digest(password, app_token.token):
|
||||
# app_token.last_used = datetime.now()
|
||||
# db.session.commit()
|
||||
# return jsonify({'username': user.username}), 200
|
||||
|
||||
logger.warning(f'login with invalid password for {username}')
|
||||
return jsonify({}), 403
|
||||
# logger.warning(f'login with invalid password for {username}')
|
||||
# return jsonify({}), 403
|
||||
|
||||
|
|
|
|||
|
|
@ -153,17 +153,14 @@ def app_token() -> ResponseReturnValue:
|
|||
delete_form=delete_form,
|
||||
services=lenticular_services)
|
||||
|
||||
@frontend_views.route('/app_token/<service_name>/new', methods=['GET','POST'])
|
||||
def app_token_new(service_name: str) -> ResponseReturnValue:
|
||||
if service_name not in lenticular_services:
|
||||
return '', 404
|
||||
service = lenticular_services[service_name]
|
||||
@frontend_views.route('/app_token/new', methods=['GET','POST'])
|
||||
def app_token_new() -> ResponseReturnValue:
|
||||
form = AppTokenForm()
|
||||
|
||||
if form.validate_on_submit():
|
||||
user_any = get_current_user() # type: Any
|
||||
user = user_any # type: User
|
||||
app_token = AppToken.new(user, service, "")
|
||||
app_token = AppToken.new(user, name="",scopes="")
|
||||
form.populate_obj(app_token)
|
||||
# check for duplicate names
|
||||
for user_app_token in user.app_tokens:
|
||||
|
|
@ -171,23 +168,18 @@ def app_token_new(service_name: str) -> ResponseReturnValue:
|
|||
return 'name already exist', 400
|
||||
user.app_tokens.append(app_token)
|
||||
db.session.commit()
|
||||
return render_template('frontend/app_token_new_show.html.j2', service=service, app_token=app_token)
|
||||
return render_template('frontend/app_token_new_show.html.j2', app_token=app_token)
|
||||
|
||||
|
||||
return render_template('frontend/app_token_new.html.j2',
|
||||
form=form,
|
||||
service=service)
|
||||
form=form)
|
||||
|
||||
@frontend_views.route('/app_token/<service_name>/<app_token_name>', methods=["POST"])
|
||||
def app_token_delete(service_name: str, app_token_name: str) -> ResponseReturnValue:
|
||||
@frontend_views.route('/app_token/<app_token_name>', methods=["POST"])
|
||||
def app_token_delete(app_token_name: str) -> ResponseReturnValue:
|
||||
form = AppTokenDeleteForm()
|
||||
|
||||
if service_name not in lenticular_services:
|
||||
return '', 404
|
||||
|
||||
service = lenticular_services[service_name]
|
||||
if form.validate_on_submit():
|
||||
app_token = get_current_user().get_token(service, app_token_name)
|
||||
app_token = get_current_user().get_token_by_name(app_token_name)
|
||||
if app_token is None:
|
||||
return 'not found', 404
|
||||
db.session.delete(app_token)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue