session and logout features with sending the token inside the body
This commit is contained in:
parent
cb257cb443
commit
c85c2ac8ff
24
handler.py
24
handler.py
@ -89,6 +89,26 @@ def index():
|
||||
}
|
||||
return public_reset.reset().html(params)
|
||||
|
||||
@app.route('/logout')
|
||||
def index():
|
||||
beaker_session = request.environ.get('beaker.session')
|
||||
if "token" in beaker_session:
|
||||
params = {
|
||||
"jwt" : beaker_session["token"],
|
||||
"type" : "out"
|
||||
}
|
||||
response_session = api_auth.auth().session(params)
|
||||
response_logout = api_auth.auth().logout(params)
|
||||
if response_session['status'] == 'success' and response_logout['status'] == 'success' :
|
||||
redirect('/?message=logout success')
|
||||
else:
|
||||
print('logout failed')
|
||||
print(f"response session: {response_session['status']}")
|
||||
print(f"response logout: {response_logout['status']}")
|
||||
redirect('/?message=logout failed')
|
||||
else:
|
||||
redirect('/')
|
||||
|
||||
@app.route('/api/auth/register/<roles>', method=['OPTIONS', 'POST'])
|
||||
def index(roles):
|
||||
try:
|
||||
@ -208,7 +228,7 @@ def index(type):
|
||||
return None
|
||||
else:
|
||||
response.content_type = 'application/json'
|
||||
params = {}
|
||||
params = request.json
|
||||
params["type" ] = type
|
||||
return json.dumps(api_auth.auth().session(params), indent = 2).encode()
|
||||
except Exception as e:
|
||||
@ -221,7 +241,7 @@ def index():
|
||||
if request.method == 'OPTIONS':
|
||||
return None
|
||||
else:
|
||||
params = {}
|
||||
params = request.json
|
||||
return json.dumps(api_auth.auth().logout(params), indent = 2).encode()
|
||||
except Exception as e:
|
||||
print(str(e),flush=True)
|
||||
|
||||
@ -297,21 +297,24 @@ class auth:
|
||||
loggorilla.prcss(APIADDR, "Get the token from params")
|
||||
jwt = params["jwt" ]
|
||||
else:
|
||||
loggorilla.fyinf(APIADDR, "type is not 'set': get the jwt from Header")
|
||||
loggorilla.prcss(APIADDR, "Extract the token from Header")
|
||||
auth_header = request.get_header('Authorization')
|
||||
loggorilla.prcss(APIADDR, "Check the bearer")
|
||||
if auth_header.split(' ')[0] == 'Bearer':
|
||||
loggorilla.fyinf(APIADDR, "Use bearer")
|
||||
jwt = auth_header.split(' ')[1]
|
||||
else:
|
||||
loggorilla.fyinf(APIADDR, "Not use bearer")
|
||||
jwt = None
|
||||
jwt = params["jwt" ]
|
||||
#loggorilla.fyinf(APIADDR, "type is not 'set': get the jwt from Header")
|
||||
#loggorilla.prcss(APIADDR, "Extract the token from Header")
|
||||
#auth_header = request.get_header('Authorization')
|
||||
#loggorilla.prcss(APIADDR, "Check the bearer")
|
||||
#if auth_header.split(' ')[0] == 'Bearer':
|
||||
# loggorilla.fyinf(APIADDR, "Use bearer")
|
||||
# jwt = auth_header.split(' ')[1]
|
||||
#else:
|
||||
# loggorilla.fyinf(APIADDR, "Not use bearer")
|
||||
# jwt = None
|
||||
payload = tokenguard.decode(jwt, globalvar.ssh['key']['public'])
|
||||
session_id = payload["session"]["id"]
|
||||
session_beaker = request.environ.get('beaker.session')
|
||||
if type == 'set':
|
||||
loggorilla.prcss(APIADDR, "Set authorization on header")
|
||||
bottle_response.set_header("Authorization", f"Bearer {jwt}")
|
||||
loggorilla.prcss(APIADDR, "Set session")
|
||||
session_beaker["token"] = jwt
|
||||
session_beaker.save()
|
||||
response["status" ] = "success"
|
||||
response["desc" ] = "Session set"
|
||||
elif type == 'check':
|
||||
@ -332,8 +335,8 @@ class auth:
|
||||
"status":"active"
|
||||
}
|
||||
elif type == 'out':
|
||||
loggorilla.prcss(APIADDR, "Remove Authorization header")
|
||||
bottle_response.set_header("Authorization", "")
|
||||
loggorilla.prcss(APIADDR, "Out session")
|
||||
session_beaker.delete()
|
||||
response["status" ] = "success"
|
||||
response["desc" ] = "Session out"
|
||||
else:
|
||||
@ -452,36 +455,28 @@ class auth:
|
||||
return response
|
||||
|
||||
def logout(self, params):
|
||||
APIADDR = "/api/auth/logout"
|
||||
APIADDR = "/logout"
|
||||
loggorilla.prcss(APIADDR, "Define parameters")
|
||||
response = {}
|
||||
loggorilla.prcss(APIADDR, "Extract the token from Header")
|
||||
auth_header = request.get_header('Authorization')
|
||||
loggorilla.prcss(APIADDR, "Check the bearer")
|
||||
if auth_header.split(' ')[0] == 'Bearer':
|
||||
loggorilla.fyinf(APIADDR, "Use bearer")
|
||||
jwt = auth_header.split(' ')[1]
|
||||
else:
|
||||
loggorilla.fyinf(APIADDR, "Not use bearer")
|
||||
jwt = None
|
||||
jwt = params["jwt" ]
|
||||
payload = tokenguard.decode(jwt, globalvar.ssh['key']['public'])
|
||||
session_id = payload["session"]["id"]
|
||||
self.cursor.execute("BEGIN;")
|
||||
try:
|
||||
loggorilla.prcss(APIADDR, "Deleting")
|
||||
self.cursor.execute("DELETE FROM auth_session WHERE id = %s ; ", (session_id,) )
|
||||
loggorilla.prcss(APIADDR, "Giving response")
|
||||
loggorilla.fyinf(APIADDR, f"Session {session_id} removed.")
|
||||
loggorilla.prcss(APIADDR, "Giving response")
|
||||
response["status" ] = "success"
|
||||
response["desc" ] = f"Your session removed."
|
||||
response["desc" ] = f"Session ({session_id}) removed."
|
||||
except Exception as e:
|
||||
loggorilla.prcss(APIADDR, "Rollback")
|
||||
self.cursor.execute("ROLLBACK;")
|
||||
loggorilla.error(APIADDR, str(e) )
|
||||
response["status" ] = "failed"
|
||||
response["desc" ] = "Internal Server Error. Please contact us if you still have an error. for detail"
|
||||
response["desc" ] = "Internal Server Error. Please contact us if you still have an error. for detail"
|
||||
finally:
|
||||
self.cursor.execute("COMMIT;")
|
||||
self.cursor.close()
|
||||
self.db_main.close()
|
||||
return response
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user