API - init resource protector (that also handles current authentication)

2022-05-27 15:51:40 +02:00
parent eeae632b01
commit 44c16f6805
15 changed files with 145 additions and 121 deletions
--- a/fittrackee/users/auth.py
+++ b/fittrackee/users/auth.py
@@ -19,6 +19,7 @@ from fittrackee.emails.tasks import (
    reset_password_email,
 )
 from fittrackee.files import get_absolute_file_path
+from fittrackee.oauth2.server import require_auth
 from fittrackee.responses import (
    ForbiddenErrorResponse,
    HttpResponse,
@@ -32,7 +33,6 @@ from fittrackee.responses import (
 from fittrackee.utils import get_readable_duration
 from fittrackee.workouts.models import Sport

-from .decorators import authenticate
 from .models import User, UserSportPreference
 from .utils.controls import check_password, is_valid_email, register_controls
 from .utils.token import decode_user_token
@@ -252,7 +252,7 @@ def login_user() -> Union[Dict, HttpResponse]:


@auth_blueprint.route('/auth/profile', methods=['GET'])
-@authenticate
+@require_auth()
 def get_authenticated_user_profile(
    auth_user: User,
 ) -> Union[Dict, HttpResponse]:
@@ -354,7 +354,7 @@ def get_authenticated_user_profile(


@auth_blueprint.route('/auth/profile/edit', methods=['POST'])
-@authenticate
+@require_auth()
 def edit_user(auth_user: User) -> Union[Dict, HttpResponse]:
    """
    edit authenticated user profile
@@ -502,7 +502,7 @@ def edit_user(auth_user: User) -> Union[Dict, HttpResponse]:


@auth_blueprint.route('/auth/profile/edit/account', methods=['PATCH'])
-@authenticate
+@require_auth()
 def update_user_account(auth_user: User) -> Union[Dict, HttpResponse]:
    """
    update authenticated user email and password
@@ -712,7 +712,7 @@ def update_user_account(auth_user: User) -> Union[Dict, HttpResponse]:


@auth_blueprint.route('/auth/profile/edit/preferences', methods=['POST'])
-@authenticate
+@require_auth()
 def edit_user_preferences(auth_user: User) -> Union[Dict, HttpResponse]:
    """
    edit authenticated user preferences
@@ -853,7 +853,7 @@ def edit_user_preferences(auth_user: User) -> Union[Dict, HttpResponse]:


@auth_blueprint.route('/auth/profile/edit/sports', methods=['POST'])
-@authenticate
+@require_auth()
 def edit_user_sport_preferences(
    auth_user: User,
 ) -> Union[Dict, HttpResponse]:
@@ -959,7 +959,7 @@ def edit_user_sport_preferences(
@auth_blueprint.route(
    '/auth/profile/reset/sports/<sport_id>', methods=['DELETE']
 )
-@authenticate
+@require_auth()
 def reset_user_sport_preferences(
    auth_user: User, sport_id: int
 ) -> Union[Tuple[Dict, int], HttpResponse]:
@@ -1014,7 +1014,7 @@ def reset_user_sport_preferences(


@auth_blueprint.route('/auth/picture', methods=['POST'])
-@authenticate
+@require_auth()
 def edit_picture(auth_user: User) -> Union[Dict, HttpResponse]:
    """
    update authenticated user picture
@@ -1102,7 +1102,7 @@ def edit_picture(auth_user: User) -> Union[Dict, HttpResponse]:


@auth_blueprint.route('/auth/picture', methods=['DELETE'])
-@authenticate
+@require_auth()
 def del_picture(auth_user: User) -> Union[Tuple[Dict, int], HttpResponse]:
    """
    delete authenticated user picture
--- a/fittrackee/users/decorators.py
+++ b/fittrackee/users/decorators.py
@@ -1,39 +0,0 @@
-from functools import wraps
-from typing import Any, Callable, Union
-
-from flask import request
-
-from fittrackee.responses import HttpResponse
-
-from .utils.controls import verify_user
-
-
-def verify_auth_user(
-    f: Callable, verify_admin: bool, *args: Any, **kwargs: Any
-) -> Union[Callable, HttpResponse]:
-    response_object, user = verify_user(request, verify_admin=verify_admin)
-    if response_object:
-        return response_object
-    return f(user, *args, **kwargs)
-
-
-def authenticate(f: Callable) -> Callable:
-    @wraps(f)
-    def decorated_function(
-        *args: Any, **kwargs: Any
-    ) -> Union[Callable, HttpResponse]:
-        verify_admin = False
-        return verify_auth_user(f, verify_admin, *args, **kwargs)
-
-    return decorated_function
-
-
-def authenticate_as_admin(f: Callable) -> Callable:
-    @wraps(f)
-    def decorated_function(
-        *args: Any, **kwargs: Any
-    ) -> Union[Callable, HttpResponse]:
-        verify_admin = True
-        return verify_auth_user(f, verify_admin, *args, **kwargs)
-
-    return decorated_function
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -12,6 +12,7 @@ from fittrackee.emails.tasks import (
    reset_password_email,
 )
 from fittrackee.files import get_absolute_file_path
+from fittrackee.oauth2.server import require_auth
 from fittrackee.responses import (
    ForbiddenErrorResponse,
    HttpResponse,
@@ -23,7 +24,6 @@ from fittrackee.responses import (
 from fittrackee.utils import get_readable_duration
 from fittrackee.workouts.models import Record, Workout, WorkoutSegment

-from .decorators import authenticate, authenticate_as_admin
 from .exceptions import InvalidEmailException, UserNotFoundException
 from .models import User, UserSportPreference
 from .utils.admin import UserManagerService
@@ -34,7 +34,7 @@ USER_PER_PAGE = 10


@users_blueprint.route('/users', methods=['GET'])
-@authenticate_as_admin
+@require_auth(as_admin=True)
 def get_users(auth_user: User) -> Dict:
    """
    Get all users (regardless their account status), if authenticated user
@@ -235,7 +235,7 @@ def get_users(auth_user: User) -> Dict:


@users_blueprint.route('/users/<user_name>', methods=['GET'])
-@authenticate
+@require_auth()
 def get_single_user(
    auth_user: User, user_name: str
 ) -> Union[Dict, HttpResponse]:
@@ -394,7 +394,7 @@ def get_picture(user_name: str) -> Any:


@users_blueprint.route('/users/<user_name>', methods=['PATCH'])
-@authenticate_as_admin
+@require_auth(as_admin=True)
 def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
    """
    Update user account
@@ -593,7 +593,7 @@ def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:


@users_blueprint.route('/users/<user_name>', methods=['DELETE'])
-@authenticate
+@require_auth()
 def delete_user(
    auth_user: User, user_name: str
 ) -> Union[Tuple[Dict, int], HttpResponse]:
--- a/fittrackee/users/utils/controls.py
+++ b/fittrackee/users/utils/controls.py
@@ -1,15 +1,4 @@
 import re
-from typing import Optional, Tuple
-
-from flask import Request
-
-from fittrackee.responses import (
-    ForbiddenErrorResponse,
-    HttpResponse,
-    UnauthorizedErrorResponse,
-)
-
-from ..models import User


 def is_valid_email(email: str) -> bool:
@@ -58,30 +47,3 @@ def register_controls(username: str, email: str, password: str) -> str:
        ret += 'email: valid email must be provided\n'
    ret += check_password(password)
    return ret
-
-
-def verify_user(
-    current_request: Request, verify_admin: bool
-) -> Tuple[Optional[HttpResponse], Optional[User]]:
-    """
-    Return authenticated user if
-    - the provided token is valid
-    - the user account is active
-    - the user has admin rights if 'verify_admin' is True
-
-    If not, it returns Error Response
-    """
-    default_message = 'provide a valid auth token'
-    auth_header = current_request.headers.get('Authorization')
-    if not auth_header:
-        return UnauthorizedErrorResponse(default_message), None
-    auth_token = auth_header.split(' ')[1]
-    resp = User.decode_auth_token(auth_token)
-    if isinstance(resp, str):
-        return UnauthorizedErrorResponse(resp), None
-    user = User.query.filter_by(id=resp).first()
-    if not user or not user.is_active:
-        return UnauthorizedErrorResponse(default_message), None
-    if verify_admin and not user.admin:
-        return ForbiddenErrorResponse(), None
-    return None, user