diff --git a/flaschengeist/modules/auth/__init__.py b/flaschengeist/modules/auth/__init__.py index 1c3f036..01f9495 100644 --- a/flaschengeist/modules/auth/__init__.py +++ b/flaschengeist/modules/auth/__init__.py @@ -65,34 +65,32 @@ def _login(): @auth_bp.route("/auth", methods=["GET"]) @login_required() -def _get_sessions(access_token: Session, **kwargs): - tokens = sessionController.get_users_sessions(access_token._user) - a = messageController.Message(access_token._user, "Go", "Bar") - messageController.send_message(a) - return jsonify(tokens) +def _get_sessions(current_session, **kwargs): + sessions = sessionController.get_users_sessions(current_session._user) + return jsonify(sessions) @auth_bp.route("/auth/", methods=["DELETE"]) @login_required() -def _delete_session(access_token, token, **kwargs): +def _delete_session(token, current_session, **kwargs): logger.debug("Try to delete access token {{ {} }}".format(token)) - token = sessionController.get_session(token, access_token._user) - if not token: + session = sessionController.get_session(token, current_session._user) + if not session: logger.debug("Token not found in database!") # Return 403 error, so that users can not bruteforce tokens # Valid tokens from other users and invalid tokens now are looking the same raise Forbidden - sessionController.delete_session(token) + sessionController.delete_session(session) sessionController.clear_expired() return jsonify({"ok": "ok"}) @auth_bp.route("/auth/", methods=["GET"]) @login_required() -def _get_session(token, access_token, **kwargs): +def _get_session(token, current_session, **kwargs): logger.debug("get token {{ {} }}".format(token)) - session = sessionController.get_session(token, access_token._user) - if not token: + session = sessionController.get_session(token, current_session._user) + if not session: # Return 403 error, so that users can not bruteforce tokens # Valid tokens from other users and invalid tokens now are looking the same raise Forbidden @@ -101,10 +99,10 @@ def _get_session(token, access_token, **kwargs): @auth_bp.route("/auth//user", methods=["GET"]) @login_required() -def _get_assocd_user(token, access_token, **kwargs): +def _get_assocd_user(token, current_session, **kwargs): logger.debug("get token {{ {} }}".format(token)) - session = sessionController.get_session(token, access_token._user) - if not token: + session = sessionController.get_session(token, current_session._user) + if not session: # Return 403 error, so that users can not bruteforce tokens # Valid tokens from other users and invalid tokens now are looking the same raise Forbidden @@ -113,16 +111,16 @@ def _get_assocd_user(token, access_token, **kwargs): @auth_bp.route("/auth/", methods=["PUT"]) @login_required() -def _set_lifetime(token, access_token, **kwargs): - token = sessionController.get_token(token, access_token._user) - if not token: +def _set_lifetime(token, current_session, **kwargs): + session = sessionController.get_session(token, current_session._user) + if not session: # Return 403 error, so that users can not bruteforce tokens # Valid tokens from other users and invalid tokens now are looking the same raise Forbidden try: lifetime = request.get_json()["value"] logger.debug("set lifetime {{ {} }} to access token {{ {} }}".format(lifetime, token)) - sessionController.set_lifetime(token, lifetime) + sessionController.set_lifetime(session, lifetime) return jsonify({"ok": "ok"}) except (KeyError, TypeError): raise BadRequest diff --git a/flaschengeist/modules/schedule/__init__.py b/flaschengeist/modules/schedule/__init__.py index 3fceeff..7ab76a3 100644 --- a/flaschengeist/modules/schedule/__init__.py +++ b/flaschengeist/modules/schedule/__init__.py @@ -74,7 +74,7 @@ def __get_events(year=datetime.now().year, month=datetime.now().month, day=None, year (int, optional): year to query, defaults to current year month (int, optional): month to query (if set), defaults to current month day (int, optional): day to query events for (if set) - **kwargs: contains at least access_token (see flaschengeist.decorator) + **kwargs: contains at least current_session (see flaschengeist.decorator) Returns: JSON list containing events found Raises: diff --git a/flaschengeist/modules/users/__init__.py b/flaschengeist/modules/users/__init__.py index 3f7cec5..0309967 100644 --- a/flaschengeist/modules/users/__init__.py +++ b/flaschengeist/modules/users/__init__.py @@ -62,7 +62,7 @@ def __delete_user(uid, **kwargs): @users_bp.route("/users/", methods=["PUT"]) @login_required() -def __edit_user(uid, access_token ,**kwargs): +def __edit_user(uid, current_session, **kwargs): logger.debug("Modify information of user {{ {} }}".format(uid)) user = userController.get_user(uid) data = request.get_json() @@ -70,7 +70,7 @@ def __edit_user(uid, access_token ,**kwargs): password = None new_password = data["new_password"] if "new_password" in data else None - if uid != access_token._user.userid: + if uid != current_session._user.userid: if not user.has_permission(_permission_edit): return Forbidden else: diff --git a/flaschengeist/system/decorator.py b/flaschengeist/system/decorator.py index 4e5e2e6..aa6533d 100644 --- a/flaschengeist/system/decorator.py +++ b/flaschengeist/system/decorator.py @@ -11,9 +11,9 @@ def login_required(permission=None): @wraps(func) def wrapped_f(*args, **kwargs): token = list(filter(None, request.headers.get("Authorization").split(" ")))[-1] - access_token = sessionController.validate_token(token, request.user_agent, permission) - if access_token: - kwargs["access_token"] = access_token + session = sessionController.validate_token(token, request.user_agent, permission) + if session: + kwargs["current_session"] = session logger.debug("token {{ {} }} is valid".format(token)) return func(*args, **kwargs) else: