API: auth - minor refactor

2018-05-09 17:00:22 +02:00 · 2018-05-09 17:00:22 +02:00 · b77270ce07
commit b77270ce07
parent be65388dd2
1 changed files with 44 additions and 50 deletions
--- a/mpwo_api/mpwo_api/users/utils.py
+++ b/mpwo_api/mpwo_api/users/utils.py
@ -16,6 +16,19 @@ def is_valid_email(email):
    return re.match(mail_pattern, email) is not None


+def register_controls(username, email, password, password_conf):
+    ret = ''
+    if not 2 < len(username) < 13:
+        ret += 'Username: 3 to 12 characters required.\n'
+    if not is_valid_email(email):
+        ret += 'Valid email must be provided.\n'
+    if password != password_conf:
+        ret += 'Password and password confirmation don\'t match.\n'
+    if len(password) < 8:
+        ret += 'Password: 8 characters required.\n'
+    return ret
+
+
 def verify_extension(file_type, req):
    response_object = {'status': 'success'}

@ -45,26 +58,37 @@ def verify_extension(file_type, req):
    return response_object


+def verify_user(current_request, verify_admin):
+    response_object = {
+        'status': 'error',
+        'message': 'Something went wrong. Please contact us.'
+    }
+    code = 401
+    auth_header = current_request.headers.get('Authorization')
+    if not auth_header:
+        response_object['message'] = 'Provide a valid auth token.'
+        code = 403
+        return response_object, code, None
+    auth_token = auth_header.split(" ")[1]
+    resp = User.decode_auth_token(auth_token)
+    if isinstance(resp, str):
+        response_object['message'] = resp
+        return response_object, code, None
+    user = User.query.filter_by(id=resp).first()
+    if not user:
+        return response_object, code, None
+    if verify_admin and not is_admin(resp):
+        response_object['message'] = 'You do not have permissions.'
+        return response_object, code, None
+    return None, None, resp
+
+
 def authenticate(f):
    @wraps(f)
    def decorated_function(*args, **kwargs):
-        response_object = {
-            'status': 'error',
-            'message': 'Something went wrong. Please contact us.'
-        }
-        code = 401
-        auth_header = request.headers.get('Authorization')
-        if not auth_header:
-            response_object['message'] = 'Provide a valid auth token.'
-            code = 403
-            return jsonify(response_object), code
-        auth_token = auth_header.split(" ")[1]
-        resp = User.decode_auth_token(auth_token)
-        if isinstance(resp, str):
-            response_object['message'] = resp
-            return jsonify(response_object), code
-        user = User.query.filter_by(id=resp).first()
-        if not user:
+        verify_admin = False
+        response_object, code, resp = verify_user(request, verify_admin)
+        if response_object:
            return jsonify(response_object), code
        return f(resp, *args, **kwargs)

@ -74,40 +98,10 @@ def authenticate(f):
 def authenticate_as_admin(f):
    @wraps(f)
    def decorated_function(*args, **kwargs):
-        response_object = {
-            'status': 'error',
-            'message': 'Something went wrong. Please contact us.'
-        }
-        code = 401
-        auth_header = request.headers.get('Authorization')
-        if not auth_header:
-            response_object['message'] = 'Provide a valid auth token.'
-            code = 403
-            return jsonify(response_object), code
-        auth_token = auth_header.split(" ")[1]
-        resp = User.decode_auth_token(auth_token)
-        if isinstance(resp, str):
-            response_object['message'] = resp
-            return jsonify(response_object), code
-        user = User.query.filter_by(id=resp).first()
-        if not user:
-            return jsonify(response_object), code
-        if not is_admin(resp):
-            response_object['message'] = 'You do not have permissions.'
+        verify_admin = True
+        response_object, code, resp = verify_user(request, verify_admin)
+        if response_object:
            return jsonify(response_object), code
        return f(resp, *args, **kwargs)

    return decorated_function
-
-
-def register_controls(username, email, password, password_conf):
-    ret = ''
-    if not 2 < len(username) < 13:
-        ret += 'Username: 3 to 12 characters required.\n'
-    if not is_valid_email(email):
-        ret += 'Valid email must be provided.\n'
-    if password != password_conf:
-        ret += 'Password and password confirmation don\'t match.\n'
-    if len(password) < 8:
-        ret += 'Password: 8 characters required.\n'
-    return ret