[System] Consistent variable names

This commit is contained in:
Ferdinand Thiessen 2020-10-28 14:42:48 +01:00
parent 993abf4148
commit bda76e200a
4 changed files with 23 additions and 25 deletions

View File

@ -65,34 +65,32 @@ def _login():
@auth_bp.route("/auth", methods=["GET"]) @auth_bp.route("/auth", methods=["GET"])
@login_required() @login_required()
def _get_sessions(access_token: Session, **kwargs): def _get_sessions(current_session, **kwargs):
tokens = sessionController.get_users_sessions(access_token._user) sessions = sessionController.get_users_sessions(current_session._user)
a = messageController.Message(access_token._user, "Go", "Bar") return jsonify(sessions)
messageController.send_message(a)
return jsonify(tokens)
@auth_bp.route("/auth/<token>", methods=["DELETE"]) @auth_bp.route("/auth/<token>", methods=["DELETE"])
@login_required() @login_required()
def _delete_session(access_token, token, **kwargs): def _delete_session(token, current_session, **kwargs):
logger.debug("Try to delete access token {{ {} }}".format(token)) logger.debug("Try to delete access token {{ {} }}".format(token))
token = sessionController.get_session(token, access_token._user) session = sessionController.get_session(token, current_session._user)
if not token: if not session:
logger.debug("Token not found in database!") logger.debug("Token not found in database!")
# Return 403 error, so that users can not bruteforce tokens # Return 403 error, so that users can not bruteforce tokens
# Valid tokens from other users and invalid tokens now are looking the same # Valid tokens from other users and invalid tokens now are looking the same
raise Forbidden raise Forbidden
sessionController.delete_session(token) sessionController.delete_session(session)
sessionController.clear_expired() sessionController.clear_expired()
return jsonify({"ok": "ok"}) return jsonify({"ok": "ok"})
@auth_bp.route("/auth/<token>", methods=["GET"]) @auth_bp.route("/auth/<token>", methods=["GET"])
@login_required() @login_required()
def _get_session(token, access_token, **kwargs): def _get_session(token, current_session, **kwargs):
logger.debug("get token {{ {} }}".format(token)) logger.debug("get token {{ {} }}".format(token))
session = sessionController.get_session(token, access_token._user) session = sessionController.get_session(token, current_session._user)
if not token: if not session:
# Return 403 error, so that users can not bruteforce tokens # Return 403 error, so that users can not bruteforce tokens
# Valid tokens from other users and invalid tokens now are looking the same # Valid tokens from other users and invalid tokens now are looking the same
raise Forbidden raise Forbidden
@ -101,10 +99,10 @@ def _get_session(token, access_token, **kwargs):
@auth_bp.route("/auth/<token>/user", methods=["GET"]) @auth_bp.route("/auth/<token>/user", methods=["GET"])
@login_required() @login_required()
def _get_assocd_user(token, access_token, **kwargs): def _get_assocd_user(token, current_session, **kwargs):
logger.debug("get token {{ {} }}".format(token)) logger.debug("get token {{ {} }}".format(token))
session = sessionController.get_session(token, access_token._user) session = sessionController.get_session(token, current_session._user)
if not token: if not session:
# Return 403 error, so that users can not bruteforce tokens # Return 403 error, so that users can not bruteforce tokens
# Valid tokens from other users and invalid tokens now are looking the same # Valid tokens from other users and invalid tokens now are looking the same
raise Forbidden raise Forbidden
@ -113,16 +111,16 @@ def _get_assocd_user(token, access_token, **kwargs):
@auth_bp.route("/auth/<token>", methods=["PUT"]) @auth_bp.route("/auth/<token>", methods=["PUT"])
@login_required() @login_required()
def _set_lifetime(token, access_token, **kwargs): def _set_lifetime(token, current_session, **kwargs):
token = sessionController.get_token(token, access_token._user) session = sessionController.get_session(token, current_session._user)
if not token: if not session:
# Return 403 error, so that users can not bruteforce tokens # Return 403 error, so that users can not bruteforce tokens
# Valid tokens from other users and invalid tokens now are looking the same # Valid tokens from other users and invalid tokens now are looking the same
raise Forbidden raise Forbidden
try: try:
lifetime = request.get_json()["value"] lifetime = request.get_json()["value"]
logger.debug("set lifetime {{ {} }} to access token {{ {} }}".format(lifetime, token)) logger.debug("set lifetime {{ {} }} to access token {{ {} }}".format(lifetime, token))
sessionController.set_lifetime(token, lifetime) sessionController.set_lifetime(session, lifetime)
return jsonify({"ok": "ok"}) return jsonify({"ok": "ok"})
except (KeyError, TypeError): except (KeyError, TypeError):
raise BadRequest raise BadRequest

View File

@ -74,7 +74,7 @@ def __get_events(year=datetime.now().year, month=datetime.now().month, day=None,
year (int, optional): year to query, defaults to current year year (int, optional): year to query, defaults to current year
month (int, optional): month to query (if set), defaults to current month month (int, optional): month to query (if set), defaults to current month
day (int, optional): day to query events for (if set) day (int, optional): day to query events for (if set)
**kwargs: contains at least access_token (see flaschengeist.decorator) **kwargs: contains at least current_session (see flaschengeist.decorator)
Returns: Returns:
JSON list containing events found JSON list containing events found
Raises: Raises:

View File

@ -62,7 +62,7 @@ def __delete_user(uid, **kwargs):
@users_bp.route("/users/<uid>", methods=["PUT"]) @users_bp.route("/users/<uid>", methods=["PUT"])
@login_required() @login_required()
def __edit_user(uid, access_token ,**kwargs): def __edit_user(uid, current_session, **kwargs):
logger.debug("Modify information of user {{ {} }}".format(uid)) logger.debug("Modify information of user {{ {} }}".format(uid))
user = userController.get_user(uid) user = userController.get_user(uid)
data = request.get_json() data = request.get_json()
@ -70,7 +70,7 @@ def __edit_user(uid, access_token ,**kwargs):
password = None password = None
new_password = data["new_password"] if "new_password" in data else None new_password = data["new_password"] if "new_password" in data else None
if uid != access_token._user.userid: if uid != current_session._user.userid:
if not user.has_permission(_permission_edit): if not user.has_permission(_permission_edit):
return Forbidden return Forbidden
else: else:

View File

@ -11,9 +11,9 @@ def login_required(permission=None):
@wraps(func) @wraps(func)
def wrapped_f(*args, **kwargs): def wrapped_f(*args, **kwargs):
token = list(filter(None, request.headers.get("Authorization").split(" ")))[-1] token = list(filter(None, request.headers.get("Authorization").split(" ")))[-1]
access_token = sessionController.validate_token(token, request.user_agent, permission) session = sessionController.validate_token(token, request.user_agent, permission)
if access_token: if session:
kwargs["access_token"] = access_token kwargs["current_session"] = session
logger.debug("token {{ {} }} is valid".format(token)) logger.debug("token {{ {} }} is valid".format(token))
return func(*args, **kwargs) return func(*args, **kwargs)
else: else: