[System] Consistent variable names
This commit is contained in:
parent
993abf4148
commit
bda76e200a
|
@ -65,34 +65,32 @@ def _login():
|
||||||
|
|
||||||
@auth_bp.route("/auth", methods=["GET"])
|
@auth_bp.route("/auth", methods=["GET"])
|
||||||
@login_required()
|
@login_required()
|
||||||
def _get_sessions(access_token: Session, **kwargs):
|
def _get_sessions(current_session, **kwargs):
|
||||||
tokens = sessionController.get_users_sessions(access_token._user)
|
sessions = sessionController.get_users_sessions(current_session._user)
|
||||||
a = messageController.Message(access_token._user, "Go", "Bar")
|
return jsonify(sessions)
|
||||||
messageController.send_message(a)
|
|
||||||
return jsonify(tokens)
|
|
||||||
|
|
||||||
|
|
||||||
@auth_bp.route("/auth/<token>", methods=["DELETE"])
|
@auth_bp.route("/auth/<token>", methods=["DELETE"])
|
||||||
@login_required()
|
@login_required()
|
||||||
def _delete_session(access_token, token, **kwargs):
|
def _delete_session(token, current_session, **kwargs):
|
||||||
logger.debug("Try to delete access token {{ {} }}".format(token))
|
logger.debug("Try to delete access token {{ {} }}".format(token))
|
||||||
token = sessionController.get_session(token, access_token._user)
|
session = sessionController.get_session(token, current_session._user)
|
||||||
if not token:
|
if not session:
|
||||||
logger.debug("Token not found in database!")
|
logger.debug("Token not found in database!")
|
||||||
# Return 403 error, so that users can not bruteforce tokens
|
# Return 403 error, so that users can not bruteforce tokens
|
||||||
# Valid tokens from other users and invalid tokens now are looking the same
|
# Valid tokens from other users and invalid tokens now are looking the same
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
sessionController.delete_session(token)
|
sessionController.delete_session(session)
|
||||||
sessionController.clear_expired()
|
sessionController.clear_expired()
|
||||||
return jsonify({"ok": "ok"})
|
return jsonify({"ok": "ok"})
|
||||||
|
|
||||||
|
|
||||||
@auth_bp.route("/auth/<token>", methods=["GET"])
|
@auth_bp.route("/auth/<token>", methods=["GET"])
|
||||||
@login_required()
|
@login_required()
|
||||||
def _get_session(token, access_token, **kwargs):
|
def _get_session(token, current_session, **kwargs):
|
||||||
logger.debug("get token {{ {} }}".format(token))
|
logger.debug("get token {{ {} }}".format(token))
|
||||||
session = sessionController.get_session(token, access_token._user)
|
session = sessionController.get_session(token, current_session._user)
|
||||||
if not token:
|
if not session:
|
||||||
# Return 403 error, so that users can not bruteforce tokens
|
# Return 403 error, so that users can not bruteforce tokens
|
||||||
# Valid tokens from other users and invalid tokens now are looking the same
|
# Valid tokens from other users and invalid tokens now are looking the same
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
|
@ -101,10 +99,10 @@ def _get_session(token, access_token, **kwargs):
|
||||||
|
|
||||||
@auth_bp.route("/auth/<token>/user", methods=["GET"])
|
@auth_bp.route("/auth/<token>/user", methods=["GET"])
|
||||||
@login_required()
|
@login_required()
|
||||||
def _get_assocd_user(token, access_token, **kwargs):
|
def _get_assocd_user(token, current_session, **kwargs):
|
||||||
logger.debug("get token {{ {} }}".format(token))
|
logger.debug("get token {{ {} }}".format(token))
|
||||||
session = sessionController.get_session(token, access_token._user)
|
session = sessionController.get_session(token, current_session._user)
|
||||||
if not token:
|
if not session:
|
||||||
# Return 403 error, so that users can not bruteforce tokens
|
# Return 403 error, so that users can not bruteforce tokens
|
||||||
# Valid tokens from other users and invalid tokens now are looking the same
|
# Valid tokens from other users and invalid tokens now are looking the same
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
|
@ -113,16 +111,16 @@ def _get_assocd_user(token, access_token, **kwargs):
|
||||||
|
|
||||||
@auth_bp.route("/auth/<token>", methods=["PUT"])
|
@auth_bp.route("/auth/<token>", methods=["PUT"])
|
||||||
@login_required()
|
@login_required()
|
||||||
def _set_lifetime(token, access_token, **kwargs):
|
def _set_lifetime(token, current_session, **kwargs):
|
||||||
token = sessionController.get_token(token, access_token._user)
|
session = sessionController.get_session(token, current_session._user)
|
||||||
if not token:
|
if not session:
|
||||||
# Return 403 error, so that users can not bruteforce tokens
|
# Return 403 error, so that users can not bruteforce tokens
|
||||||
# Valid tokens from other users and invalid tokens now are looking the same
|
# Valid tokens from other users and invalid tokens now are looking the same
|
||||||
raise Forbidden
|
raise Forbidden
|
||||||
try:
|
try:
|
||||||
lifetime = request.get_json()["value"]
|
lifetime = request.get_json()["value"]
|
||||||
logger.debug("set lifetime {{ {} }} to access token {{ {} }}".format(lifetime, token))
|
logger.debug("set lifetime {{ {} }} to access token {{ {} }}".format(lifetime, token))
|
||||||
sessionController.set_lifetime(token, lifetime)
|
sessionController.set_lifetime(session, lifetime)
|
||||||
return jsonify({"ok": "ok"})
|
return jsonify({"ok": "ok"})
|
||||||
except (KeyError, TypeError):
|
except (KeyError, TypeError):
|
||||||
raise BadRequest
|
raise BadRequest
|
||||||
|
|
|
@ -74,7 +74,7 @@ def __get_events(year=datetime.now().year, month=datetime.now().month, day=None,
|
||||||
year (int, optional): year to query, defaults to current year
|
year (int, optional): year to query, defaults to current year
|
||||||
month (int, optional): month to query (if set), defaults to current month
|
month (int, optional): month to query (if set), defaults to current month
|
||||||
day (int, optional): day to query events for (if set)
|
day (int, optional): day to query events for (if set)
|
||||||
**kwargs: contains at least access_token (see flaschengeist.decorator)
|
**kwargs: contains at least current_session (see flaschengeist.decorator)
|
||||||
Returns:
|
Returns:
|
||||||
JSON list containing events found
|
JSON list containing events found
|
||||||
Raises:
|
Raises:
|
||||||
|
|
|
@ -62,7 +62,7 @@ def __delete_user(uid, **kwargs):
|
||||||
|
|
||||||
@users_bp.route("/users/<uid>", methods=["PUT"])
|
@users_bp.route("/users/<uid>", methods=["PUT"])
|
||||||
@login_required()
|
@login_required()
|
||||||
def __edit_user(uid, access_token ,**kwargs):
|
def __edit_user(uid, current_session, **kwargs):
|
||||||
logger.debug("Modify information of user {{ {} }}".format(uid))
|
logger.debug("Modify information of user {{ {} }}".format(uid))
|
||||||
user = userController.get_user(uid)
|
user = userController.get_user(uid)
|
||||||
data = request.get_json()
|
data = request.get_json()
|
||||||
|
@ -70,7 +70,7 @@ def __edit_user(uid, access_token ,**kwargs):
|
||||||
password = None
|
password = None
|
||||||
new_password = data["new_password"] if "new_password" in data else None
|
new_password = data["new_password"] if "new_password" in data else None
|
||||||
|
|
||||||
if uid != access_token._user.userid:
|
if uid != current_session._user.userid:
|
||||||
if not user.has_permission(_permission_edit):
|
if not user.has_permission(_permission_edit):
|
||||||
return Forbidden
|
return Forbidden
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -11,9 +11,9 @@ def login_required(permission=None):
|
||||||
@wraps(func)
|
@wraps(func)
|
||||||
def wrapped_f(*args, **kwargs):
|
def wrapped_f(*args, **kwargs):
|
||||||
token = list(filter(None, request.headers.get("Authorization").split(" ")))[-1]
|
token = list(filter(None, request.headers.get("Authorization").split(" ")))[-1]
|
||||||
access_token = sessionController.validate_token(token, request.user_agent, permission)
|
session = sessionController.validate_token(token, request.user_agent, permission)
|
||||||
if access_token:
|
if session:
|
||||||
kwargs["access_token"] = access_token
|
kwargs["current_session"] = session
|
||||||
logger.debug("token {{ {} }} is valid".format(token))
|
logger.debug("token {{ {} }} is valid".format(token))
|
||||||
return func(*args, **kwargs)
|
return func(*args, **kwargs)
|
||||||
else:
|
else:
|
||||||
|
|
Loading…
Reference in New Issue