Gergely Hegedus
1f06c40c4c
Media-Token can be used only to access the content, but unable to modify user data
82 lines
No EOL
3.5 KiB
Python
82 lines
No EOL
3.5 KiB
Python
from flask import request, jsonify
|
|
from .require_decorators import get_cropped_otp
|
|
from .require_decorators import get_cropped_token
|
|
from . import token_generator_util
|
|
from .data import dao_registration_tokens
|
|
from .data import dao_users
|
|
from .data import dao_session
|
|
from .data.data_models import DataError
|
|
from .data.data_models import RegisteringUser
|
|
from .data.data_models import User
|
|
from .data.data_models import ResponseCode
|
|
from .data.data_models import Session
|
|
from math import trunc
|
|
|
|
def handle_register(username, password):
|
|
one_time_password = get_cropped_otp(request.form.get('otp') or '')
|
|
if not dao_registration_tokens.is_valid_token(one_time_password):
|
|
errorResponse = jsonify({'message':'Invalid Token!','code':ResponseCode.UNKNOWN_REGISTRATION_TOKEN})
|
|
return errorResponse, 400
|
|
|
|
one_time_password_secret = token_generator_util.generate_otp_secret()
|
|
user = RegisteringUser(name = username, password = password, otp_secret = one_time_password_secret)
|
|
result = dao_users.insert_user(user)
|
|
if (result is DataError.USER_NAME_NOT_VALID):
|
|
errorResponse = jsonify({'message':'Username is already taken!','code':ResponseCode.ALREADY_TAKEN_USERNAME})
|
|
return errorResponse, 400
|
|
|
|
dao_registration_tokens.delete_token(one_time_password)
|
|
secret_url = token_generator_util.get_url(user.name, one_time_password_secret)
|
|
return jsonify({'otp_secret': secret_url}), 200
|
|
|
|
def handle_login(user: User):
|
|
if user.was_otp_verified:
|
|
successResponse = jsonify({'message':'User found!','code':ResponseCode.SUCCESS_FOUND_USER})
|
|
return successResponse, 200
|
|
else:
|
|
secret_url = token_generator_util.get_url(username=user.name, secret=user.otp_secret)
|
|
return jsonify({'otp_secret': secret_url}), 200
|
|
|
|
def handle_otp_verification(user: User):
|
|
one_time_password = get_cropped_otp(request.form.get('otp') or '')
|
|
is_otp_ok = token_generator_util.verify_otp(user.otp_secret, one_time_password)
|
|
if (is_otp_ok):
|
|
dao_users.update_user_otp_verification(user.id, True)
|
|
session = token_generator_util.generate_session(user.id)
|
|
dao_session.insert_user_session(session)
|
|
return _jsonify_session(session), 200
|
|
else:
|
|
errorResponse = jsonify({'message':'Invalid Token!','code':ResponseCode.INVALID_OTP})
|
|
return errorResponse, 400
|
|
|
|
def handle_logout():
|
|
access_token = get_cropped_token(request.headers.get('Authorization'))
|
|
if (access_token is None):
|
|
return '', 200
|
|
else:
|
|
dao_session.delete_user_session(access_token = access_token)
|
|
return '', 200
|
|
|
|
def handle_refresh_token():
|
|
refresh_token = get_cropped_token(request.form.get('refresh_token'))
|
|
if refresh_token is None:
|
|
errorResponse = jsonify({'message':'Invalid Refresh Token!','code':ResponseCode.INVALID_REFRESH_TOKEN})
|
|
return errorResponse, 400
|
|
|
|
user_id = dao_session.get_user_for_refresh_token(refresh_token)
|
|
if user_id is None:
|
|
errorResponse = jsonify({'message':'Invalid Refresh Token!','code':ResponseCode.INVALID_REFRESH_TOKEN})
|
|
return errorResponse, 400
|
|
|
|
new_session = token_generator_util.generate_session(user_id)
|
|
dao_session.swap_refresh_session(refresh_token = refresh_token, session = new_session)
|
|
|
|
return _jsonify_session(new_session), 200
|
|
|
|
def _jsonify_session(session: Session):
|
|
return jsonify({
|
|
'access_token': session.access_token,
|
|
'media_token': session.media_token,
|
|
'refresh_token': session.refresh_token,
|
|
'expires_at': trunc(session.access_expires_at)
|
|
}) |