From 5da5fcde8f7f050a025a5fca111470784a70a0f9 Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Sat, 31 Oct 2020 00:00:23 +0100 Subject: [PATCH] [System] Some improvements on models and decorator * User: userid is now not nullable * Session: __eq__ fixed * decorator: split decorator and session extration --- flaschengeist/decorator.py | 34 ++++++++++++++++++--------------- flaschengeist/models/session.py | 7 +++++-- flaschengeist/models/user.py | 2 +- 3 files changed, 25 insertions(+), 18 deletions(-) diff --git a/flaschengeist/decorator.py b/flaschengeist/decorator.py index 9e2bbfd..822000e 100644 --- a/flaschengeist/decorator.py +++ b/flaschengeist/decorator.py @@ -1,11 +1,25 @@ from functools import wraps -from flask import request from werkzeug.exceptions import Unauthorized from flaschengeist import logger from flaschengeist.controller import sessionController +def extract_session(permission=None): + from flask import request + try: + token = list(filter(None, request.headers.get("Authorization").split(" ")))[-1] + except AttributeError: + logger.debug("Missing Authorization header or ill-formed") + raise Unauthorized + + session = sessionController.validate_token(token, request.user_agent, permission) + if not session: + logger.debug("token {{ {} }} is invalid".format(token)) + raise Unauthorized + return session + + def login_required(permission=None): """Decorator use to make a route only accessible by logged in users. Sets ``current_session`` into kwargs of wrapped function with session identified by Authorization header. @@ -16,23 +30,13 @@ def login_required(permission=None): Returns: Wrapped function with login (and permission) guard """ - def wrap(func): @wraps(func) def wrapped_f(*args, **kwargs): - try: - token = list(filter(None, request.headers.get("Authorization").split(" ")))[-1] - except AttributeError: - raise Unauthorized - - session = sessionController.validate_token(token, request.user_agent, permission) - if session: - kwargs["current_session"] = session - logger.debug("token {{ {} }} is valid".format(token)) - return func(*args, **kwargs) - else: - logger.info("token {{ {} }} is not valid".format(token)) - raise Unauthorized + session = extract_session(permission) + kwargs["current_session"] = session + logger.debug("token {{ {} }} is valid".format(session.token)) + return func(*args, **kwargs) return wrapped_f diff --git a/flaschengeist/models/session.py b/flaschengeist/models/session.py index 0d49c8b..05da44c 100644 --- a/flaschengeist/models/session.py +++ b/flaschengeist/models/session.py @@ -32,8 +32,11 @@ class Session(db.Model, ModelSerializeMixin): Update the Timestamp to the current Time. """ - logger.debug("update timestamp from session with token {{ {} }}".format(self)) + logger.debug("update timestamp from session with token {{ {} }}".format(self.token)) self.expires = datetime.now(timezone.utc) + timedelta(seconds=self.lifetime) def __eq__(self, token): - return compare_digest(self.token, token) + if isinstance(token, str): + return compare_digest(self.token, token) + else: + return super(Session, self).__eq__(token) diff --git a/flaschengeist/models/user.py b/flaschengeist/models/user.py index dc68ddb..4166cc7 100644 --- a/flaschengeist/models/user.py +++ b/flaschengeist/models/user.py @@ -48,7 +48,7 @@ class User(db.Model, ModelSerializeMixin): """ __tablename__ = "user" - userid: str = db.Column(db.String(30)) + userid: str = db.Column(db.String(30), nullable=False) display_name: str = db.Column(db.String(30)) firstname: str = db.Column(db.String(30)) lastname: str = db.Column(db.String(30))