[System] Some improvements on models and decorator

* User: userid is now not nullable
* Session: __eq__ fixed
* decorator: split decorator and session extration
This commit is contained in:
Ferdinand Thiessen 2020-10-31 00:00:23 +01:00
parent 9455920141
commit 5da5fcde8f
3 changed files with 25 additions and 18 deletions

View File

@ -1,11 +1,25 @@
from functools import wraps
from flask import request
from werkzeug.exceptions import Unauthorized
from flaschengeist import logger
from flaschengeist.controller import sessionController
def extract_session(permission=None):
from flask import request
try:
token = list(filter(None, request.headers.get("Authorization").split(" ")))[-1]
except AttributeError:
logger.debug("Missing Authorization header or ill-formed")
raise Unauthorized
session = sessionController.validate_token(token, request.user_agent, permission)
if not session:
logger.debug("token {{ {} }} is invalid".format(token))
raise Unauthorized
return session
def login_required(permission=None):
"""Decorator use to make a route only accessible by logged in users.
Sets ``current_session`` into kwargs of wrapped function with session identified by Authorization header.
@ -16,23 +30,13 @@ def login_required(permission=None):
Returns:
Wrapped function with login (and permission) guard
"""
def wrap(func):
@wraps(func)
def wrapped_f(*args, **kwargs):
try:
token = list(filter(None, request.headers.get("Authorization").split(" ")))[-1]
except AttributeError:
raise Unauthorized
session = sessionController.validate_token(token, request.user_agent, permission)
if session:
session = extract_session(permission)
kwargs["current_session"] = session
logger.debug("token {{ {} }} is valid".format(token))
logger.debug("token {{ {} }} is valid".format(session.token))
return func(*args, **kwargs)
else:
logger.info("token {{ {} }} is not valid".format(token))
raise Unauthorized
return wrapped_f

View File

@ -32,8 +32,11 @@ class Session(db.Model, ModelSerializeMixin):
Update the Timestamp to the current Time.
"""
logger.debug("update timestamp from session with token {{ {} }}".format(self))
logger.debug("update timestamp from session with token {{ {} }}".format(self.token))
self.expires = datetime.now(timezone.utc) + timedelta(seconds=self.lifetime)
def __eq__(self, token):
if isinstance(token, str):
return compare_digest(self.token, token)
else:
return super(Session, self).__eq__(token)

View File

@ -48,7 +48,7 @@ class User(db.Model, ModelSerializeMixin):
"""
__tablename__ = "user"
userid: str = db.Column(db.String(30))
userid: str = db.Column(db.String(30), nullable=False)
display_name: str = db.Column(db.String(30))
firstname: str = db.Column(db.String(30))
lastname: str = db.Column(db.String(30))