|
|
|
|
from functools import wraps
|
|
|
|
|
from flask import (
|
|
|
|
|
request, Response, session, flash, redirect, url_for, abort
|
|
|
|
|
)
|
|
|
|
|
from settings import app_password, app_user, app_secret
|
|
|
|
|
import random
|
|
|
|
|
import string
|
|
|
|
|
from itsdangerous import TimedJSONWebSignatureSerializer as Serializer
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def csrf_token_generator(size=40, chars=string.ascii_uppercase + string.digits):
|
|
|
|
|
return ''.join(random.choice(chars) for _ in range(size))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def generate_auth_token(user, expiration=600):
|
|
|
|
|
s = Serializer(app_secret, expires_in=expiration)
|
|
|
|
|
return s.dumps({'id': 1})
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def check_basic_auth(user, passwd):
|
|
|
|
|
'''
|
|
|
|
|
TODO: check token too -- password will be 'unused'
|
|
|
|
|
'''
|
|
|
|
|
if user != app_user or passwd != app_password:
|
|
|
|
|
return False
|
|
|
|
|
else:
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def authenticate():
|
|
|
|
|
"""Sends a 401 response that enables basic auth"""
|
|
|
|
|
return Response(
|
|
|
|
|
'Could not verify your access level for that URL.\n'
|
|
|
|
|
'You have to login with proper credentials', 401,
|
|
|
|
|
{'WWW-Authenticate': 'Basic realm="Login Required"'}
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def requires_auth(f):
|
|
|
|
|
'''
|
|
|
|
|
REQUEST.json
|
|
|
|
|
only gets basic authentication
|
|
|
|
|
REQUEST.get
|
|
|
|
|
redirect to login page
|
|
|
|
|
'''
|
|
|
|
|
@wraps(f)
|
|
|
|
|
def decorated(*args, **kwargs):
|
|
|
|
|
auth = session.get('logged_in')
|
|
|
|
|
if auth:
|
|
|
|
|
return f(*args, **kwargs)
|
|
|
|
|
basic_auth = request.authorization
|
|
|
|
|
if not check_basic_auth(basic_auth.username, basic_auth.password):
|
|
|
|
|
if not request.json:
|
|
|
|
|
return redirect(url_for('hello_world'))
|
|
|
|
|
else:
|
|
|
|
|
abort(401)
|
|
|
|
|
|
|
|
|
|
return f(*args, **kwargs)
|
|
|
|
|
return decorated
|
