aji/authsquare
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixing the list bug on profile roles and not to use try, so the abort can work well.

Browse Source
This commit is contained in:
Dita Aji Pratama 2024-08-14 11:25:54 +07:00
parent 50fcd41add
commit 6d0126911b
1 changed files with 106 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

204
app/procedure/validation.py
View File

@ -11,110 +11,118 @@ class validation():
def account(self, APIADDR, allowed_roles): def account(self, APIADDR, allowed_roles):
response = {} response = {}
try: loggorilla.prcss(APIADDR, "Define parameters")
loggorilla.prcss(APIADDR, "Define parameters") beaker_session = request.environ.get('beaker.session')
beaker_session = request.environ.get('beaker.session') jwt = beaker_session["token"] if "token" in beaker_session else None
jwt = beaker_session["token"] if "token" in beaker_session else None if jwt is None:
if jwt is None: loggorilla.fyinf(APIADDR, "Guest")
loggorilla.fyinf(APIADDR, "Guest") r_session = {}
r_session = {} r_profile = {
r_profile = { "username" :None,
"username" :None, "email" :None,
"email" :None, "phone" :None,
"phone" :None, "roles" :[0]
"roles" :[0] }
} else:
else: loggorilla.fyinf(APIADDR, "With JWT")
loggorilla.fyinf(APIADDR, "With JWT")
loggorilla.prcss(APIADDR, "Get JWT payload data") loggorilla.prcss(APIADDR, "Get JWT payload data")
payload = tokenguard.decode(jwt, globalvar.ssh['key']['public']) payload = tokenguard.decode(jwt, globalvar.ssh['key']['public'])
loggorilla.prcss(APIADDR, "Get dependency data") loggorilla.prcss(APIADDR, "Get dependency data")
db_main = mariadb.connect(**database.db_main) db_main = mariadb.connect(**database.db_main)
cursor = db_main.cursor(dictionary=True) cursor = db_main.cursor(dictionary=True)
cursor.execute(f"SELECT * FROM auth_session WHERE id = %s ; ", (payload["session"]["id"],) ) loggorilla.prcss(APIADDR, "Get dependency data: Session")
r_session = cursor.fetchone() cursor.execute(f"SELECT * FROM auth_session WHERE id = %s ; ", (payload["session"]["id"],) )
r_session = cursor.fetchone()
cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.* FROM auth_profile_verification LEFT JOIN auth_profile ON auth_profile.id = auth_profile_verification.auth_profile WHERE auth_profile.token = %s AND auth_profile_verification.type = 'email' AND auth_profile_verification.verified = 1 ; ", (r_session['token'],) ) loggorilla.prcss(APIADDR, "Get dependency data: Profile")
r_profile = cursor.fetchone() cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.* FROM auth_profile_verification LEFT JOIN auth_profile ON auth_profile.id = auth_profile_verification.auth_profile WHERE auth_profile.token = %s AND auth_profile_verification.type = 'email' AND auth_profile_verification.verified = 1 ; ", (r_session['token'],) )
r_profile = cursor.fetchone()
cursor.execute(f"SELECT auth_roles FROM auth_profile_roles WHERE auth_profile = %s ; ", (r_profile['id'],) ) loggorilla.prcss(APIADDR, "Get dependency data: Roles: execute")
r_roles = cursor.fetchall() cursor.execute(f"SELECT auth_roles FROM auth_profile_roles WHERE auth_profile = %s ; ", (r_profile['id'],) )
r_profile['roles'] = r_roles['auth_roles'] loggorilla.prcss(APIADDR, "Get dependency data: Roles: fetchall")
r_roles = cursor.fetchall()
loggorilla.fyinf(APIADDR, f"r_roles: {r_roles}")
loggorilla.prcss(APIADDR, "Get dependency data: Roles: variable replace")
r_profile['roles'] = [item['auth_roles'] for item in r_roles]
cursor.close() loggorilla.prcss(APIADDR, "Get dependency data: Close DB")
db_main.close() cursor.close()
db_main.close()
loggorilla.prcss(APIADDR, "Validation") loggorilla.prcss(APIADDR, "Validation")
if 0 not in r_profile['roles'] and datetime.datetime.now() > r_session['end']: if 0 not in r_profile['roles'] and datetime.datetime.now() > r_session['end']:
loggorilla.prcss(APIADDR, "Deleting") loggorilla.prcss(APIADDR, "Deleting")
self.cursor.execute("DELETE FROM auth_session WHERE id = %s ; ", (r_session['id'],) ) self.cursor.execute("DELETE FROM auth_session WHERE id = %s ; ", (r_session['id'],) )
loggorilla.prcss(APIADDR, "Giving response") loggorilla.prcss(APIADDR, "Giving response")
loggorilla.accss(APIADDR, "Expired. Your session removed." ) loggorilla.accss(APIADDR, "Expired. Your session removed." )
loggorilla.accss(APIADDR, f"Session: {r_session}" ) loggorilla.accss(APIADDR, f"Session: {r_session}" )
loggorilla.accss(APIADDR, f"Profile: {r_profile}" ) loggorilla.accss(APIADDR, f"Session ID: {r_session['id']}" )
response["status" ] = "failed" loggorilla.accss(APIADDR, f"Profile: {r_profile}" )
response["desc" ] = "Expired. Your session removed."
response["data" ] = {
"valid" :{
"status" : 0,
"desc" : "expired"
},
"session" : r_session,
"profile" : r_profile
}
redirect('/logout?msg=expired')
elif 0 not in r_profile['roles'] and r_profile["count"] == 0:
loggorilla.prcss(APIADDR, "Giving response")
loggorilla.accss(APIADDR, "No active account for this" )
loggorilla.accss(APIADDR, f"Session: {r_session}" )
loggorilla.accss(APIADDR, f"Profile: {r_profile}" )
response["status" ] = "failed"
response["desc" ] = "No active account for this"
response["data" ] = {
"message" : "Please contact us if you still had a problem",
"valid" :{
"status" : 0,
"desc" : "fake"
},
"session" : r_session,
"profile" : r_profile
}
abort(403, "Please contact us if you still had a problem.") # 403 Forbidden
elif any(role in allowed_roles for role in r_profile['roles']):
loggorilla.prcss(APIADDR, "Giving response")
loggorilla.accss(APIADDR, "User roles authorized" )
response["status" ] = "success"
response["desc" ] = "User roles authorized"
response["data" ] = {
"valid" :{
"status" : 1,
"desc" : "authorized"
},
"session" : r_session,
"profile" : r_profile
}
return response
else:
loggorilla.prcss(APIADDR, "Giving response")
loggorilla.accss(APIADDR, "User roles unauthorized" )
loggorilla.accss(APIADDR, f"Session: {r_session}" )
loggorilla.accss(APIADDR, f"Profile: {r_profile}" )
response["status" ] = "failed"
response["desc" ] = "User roles unauthorized"
response["data" ] = {
"valid" :{
"status" : 0,
"desc" : "unauthorized"
},
"session" : r_session,
"profile" : r_profile
}
abort(401, "User roles unauthorized") # 401 Unauthorized
except Exception as e:
loggorilla.error(APIADDR, str(e) )
response["status" ] = "failed" response["status" ] = "failed"
response["desc" ] = "Internal Server Error. Please contact us if you still have an error." response["desc" ] = "Expired. Your session removed."
response["data" ] = {
"valid" :{
"status" : 0,
"desc" : "expired"
},
"session" : r_session,
"profile" : r_profile
}
redirect('/logout?msg=expired')
elif 0 not in r_profile['roles'] and r_profile["count"] == 0:
loggorilla.prcss(APIADDR, "Giving response")
loggorilla.accss(APIADDR, "No active account for this" )
loggorilla.accss(APIADDR, f"Session: {r_session}" )
loggorilla.accss(APIADDR, f"Session ID: {r_session['id']}" )
loggorilla.accss(APIADDR, f"Profile: {r_profile}" )
response["status" ] = "failed"
response["desc" ] = "No active account for this"
response["data" ] = {
"message" : "Please contact us if you still had a problem",
"valid" :{
"status" : 0,
"desc" : "fake"
},
"session" : r_session,
"profile" : r_profile
}
abort(403, "Please contact us if you still had a problem.") # 403 Forbidden
elif any(role in allowed_roles for role in r_profile['roles']):
loggorilla.prcss(APIADDR, "Giving response")
loggorilla.accss(APIADDR, "User roles authorized" )
response["status" ] = "success"
response["desc" ] = "User roles authorized"
response["data" ] = {
"valid" :{
"status" : 1,
"desc" : "authorized"
},
"session" : r_session,
"profile" : r_profile
}
return response return response
else:
loggorilla.prcss(APIADDR, "Giving response")
loggorilla.accss(APIADDR, "User roles unauthorized" )
loggorilla.accss(APIADDR, f"Session ID : {r_session['id']}" )
loggorilla.accss(APIADDR, f"Session Start : {r_session['start'].strftime('%Y-%m-%d %H:%M:%S')}" )
loggorilla.accss(APIADDR, f"Session End : {r_session['end'].strftime('%Y-%m-%d %H:%M:%S')}" )
loggorilla.accss(APIADDR, f"Profile ID : {r_profile['id']}" )
loggorilla.accss(APIADDR, f"Profile Username : {r_profile['username']}" )
loggorilla.accss(APIADDR, f"Profile Email : {r_profile['email']}" )
loggorilla.accss(APIADDR, f"Profile Phone : {r_profile['phone']}" )
response["status" ] = "failed"
response["desc" ] = "User roles unauthorized"
response["data" ] = {
"valid" :{
"status" : 0,
"desc" : "unauthorized"
},
"session" : r_session,
"profile" : r_profile
}
abort(401, "User roles unauthorized") # 401 Unauthorized