2020-02-18 21:38:56 +00:00
|
|
|
import datetime
|
|
|
|
|
|
|
|
import jwt
|
2020-07-30 02:45:56 +00:00
|
|
|
from marshmallow import fields
|
2020-03-16 17:37:31 +00:00
|
|
|
from marshmallow_sqlalchemy import SQLAlchemyAutoSchema
|
2020-02-18 21:38:56 +00:00
|
|
|
|
|
|
|
from crc import db, app
|
|
|
|
from crc.api.common import ApiError
|
|
|
|
|
|
|
|
|
|
|
|
class UserModel(db.Model):
|
|
|
|
__tablename__ = 'user'
|
|
|
|
id = db.Column(db.Integer, primary_key=True)
|
|
|
|
uid = db.Column(db.String, unique=True)
|
|
|
|
email_address = db.Column(db.String)
|
|
|
|
display_name = db.Column(db.String)
|
2020-02-20 20:35:07 +00:00
|
|
|
affiliation = db.Column(db.String, nullable=True)
|
|
|
|
eppn = db.Column(db.String, nullable=True)
|
|
|
|
first_name = db.Column(db.String, nullable=True)
|
|
|
|
last_name = db.Column(db.String, nullable=True)
|
|
|
|
title = db.Column(db.String, nullable=True)
|
2020-07-30 02:45:56 +00:00
|
|
|
|
2020-06-12 17:46:10 +00:00
|
|
|
# TODO: Add Department and School
|
2020-05-22 15:56:43 +00:00
|
|
|
|
2020-07-27 18:38:57 +00:00
|
|
|
def is_admin(self):
|
|
|
|
# Currently admin abilities are set in the configuration, but this
|
|
|
|
# may change in the future.
|
|
|
|
return self.uid in app.config['ADMIN_UIDS']
|
2020-03-24 18:15:21 +00:00
|
|
|
|
2020-02-18 21:38:56 +00:00
|
|
|
def encode_auth_token(self):
|
|
|
|
"""
|
|
|
|
Generates the Auth Token
|
|
|
|
:return: string
|
|
|
|
"""
|
2020-06-11 15:29:58 +00:00
|
|
|
hours = float(app.config['TOKEN_AUTH_TTL_HOURS'])
|
2020-02-18 21:38:56 +00:00
|
|
|
payload = {
|
|
|
|
'exp': datetime.datetime.utcnow() + datetime.timedelta(hours=hours, minutes=0, seconds=0),
|
|
|
|
'iat': datetime.datetime.utcnow(),
|
|
|
|
'sub': self.uid
|
|
|
|
}
|
|
|
|
return jwt.encode(
|
|
|
|
payload,
|
2020-07-10 15:26:15 +00:00
|
|
|
app.config.get('SECRET_KEY'),
|
2020-06-11 15:29:58 +00:00
|
|
|
algorithm='HS256',
|
2020-02-18 21:38:56 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
def decode_auth_token(auth_token):
|
|
|
|
"""
|
|
|
|
Decodes the auth token
|
|
|
|
:param auth_token:
|
|
|
|
:return: integer|string
|
|
|
|
"""
|
|
|
|
try:
|
2020-07-10 15:26:15 +00:00
|
|
|
payload = jwt.decode(auth_token, app.config.get('SECRET_KEY'), algorithms='HS256')
|
2020-03-24 18:15:21 +00:00
|
|
|
return payload
|
2020-02-18 21:38:56 +00:00
|
|
|
except jwt.ExpiredSignatureError:
|
2020-06-11 15:29:58 +00:00
|
|
|
raise ApiError('token_expired', 'The Authentication token you provided expired and must be renewed.')
|
2020-02-18 21:38:56 +00:00
|
|
|
except jwt.InvalidTokenError:
|
2020-06-11 15:29:58 +00:00
|
|
|
raise ApiError('token_invalid', 'The Authentication token you provided is invalid. You need a new token. ')
|
2020-02-18 21:38:56 +00:00
|
|
|
|
|
|
|
|
2020-03-16 17:37:31 +00:00
|
|
|
class UserModelSchema(SQLAlchemyAutoSchema):
|
2020-02-18 21:38:56 +00:00
|
|
|
class Meta:
|
|
|
|
model = UserModel
|
2020-03-16 17:37:31 +00:00
|
|
|
load_instance = True
|
|
|
|
include_relationships = True
|
2020-07-30 14:17:02 +00:00
|
|
|
is_admin = fields.Method('get_is_admin', dump_only=True)
|
2020-02-18 21:38:56 +00:00
|
|
|
|
2020-07-30 14:17:02 +00:00
|
|
|
def get_is_admin(self, obj):
|
|
|
|
return obj.is_admin()
|
2020-07-30 16:40:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
class AdminSessionModel(db.Model):
|
|
|
|
__tablename__ = 'admin_session'
|
|
|
|
id = db.Column(db.Integer, primary_key=True)
|
|
|
|
token = db.Column(db.String, unique=True)
|
|
|
|
admin_impersonate_uid = db.Column(db.String)
|