mirror of
https://github.com/wassname/flask-security.git
synced 2026-07-01 16:50:07 +08:00
Clean up
This commit is contained in:
@@ -12,7 +12,7 @@
|
||||
from datetime import datetime
|
||||
|
||||
from itsdangerous import BadSignature, SignatureExpired
|
||||
from flask import current_app as app, request, url_for
|
||||
from flask import current_app as app, request
|
||||
from werkzeug.local import LocalProxy
|
||||
|
||||
from .exceptions import ConfirmationError
|
||||
@@ -34,16 +34,13 @@ def send_confirmation_instructions(user):
|
||||
"""
|
||||
token = generate_confirmation_token(user)
|
||||
url = url_for_security('confirm_email', token=token)
|
||||
|
||||
confirmation_link = request.url_root[:-1] + url
|
||||
|
||||
ctx = dict(user=user, confirmation_link=confirmation_link)
|
||||
|
||||
send_mail('Please confirm your email', user.email,
|
||||
'confirmation_instructions', ctx)
|
||||
|
||||
confirm_instructions_sent.send(user, app=app._get_current_object())
|
||||
|
||||
return token
|
||||
|
||||
|
||||
@@ -80,9 +77,7 @@ def confirm_by_token(token):
|
||||
|
||||
user.confirmed_at = datetime.utcnow()
|
||||
_datastore._save_model(user)
|
||||
|
||||
user_confirmed.send(user, app=app._get_current_object())
|
||||
|
||||
return user
|
||||
|
||||
except SignatureExpired:
|
||||
|
||||
@@ -227,8 +227,7 @@ class _SecurityState(object):
|
||||
c[endpoint].append(fn)
|
||||
|
||||
def _run_ctx_processor(self, endpoint):
|
||||
fns = []
|
||||
rv = {}
|
||||
rv, fns = {}, []
|
||||
|
||||
for g in ['all', endpoint]:
|
||||
if g in self.context_processors:
|
||||
@@ -324,20 +323,16 @@ class Security(object):
|
||||
('principal', _get_principal(app)),
|
||||
('pwd_context', _get_pwd_context(app)),
|
||||
('remember_token_serializer', _get_remember_token_serializer(app)),
|
||||
('token_auth_serializer', _get_token_auth_serializer(app))]:
|
||||
('token_auth_serializer', _get_token_auth_serializer(app)),
|
||||
('context_processors', {})]:
|
||||
kwargs[key] = value
|
||||
|
||||
kwargs['context_processors'] = {}
|
||||
|
||||
kwargs['login_serializer'] = (
|
||||
_get_login_serializer(app) if kwargs['passwordless'] else None)
|
||||
|
||||
kwargs['reset_serializer'] = (
|
||||
_get_reset_serializer(app) if kwargs['recoverable'] else None)
|
||||
|
||||
kwargs['confirm_serializer'] = (
|
||||
_get_confirm_serializer(app) if kwargs['confirmable'] else None)
|
||||
|
||||
return _SecurityState(**kwargs)
|
||||
|
||||
def __getattr__(self, name):
|
||||
|
||||
@@ -83,7 +83,6 @@ class UserDatastore(object):
|
||||
def _prepare_create_user_args(self, **kwargs):
|
||||
kwargs.setdefault('active', True)
|
||||
kwargs.setdefault('roles', _security.default_roles)
|
||||
|
||||
roles = kwargs.get('roles', [])
|
||||
|
||||
for i, role in enumerate(roles):
|
||||
@@ -92,7 +91,6 @@ class UserDatastore(object):
|
||||
roles[i] = self.find_role(rn)
|
||||
|
||||
kwargs['roles'] = roles
|
||||
|
||||
pwd_context = _security.pwd_context
|
||||
pw = kwargs['password']
|
||||
|
||||
|
||||
@@ -12,9 +12,8 @@
|
||||
from functools import wraps
|
||||
|
||||
from flask import current_app, Response, request, redirect
|
||||
from flask.ext.login import login_required, login_url, current_user
|
||||
from flask.ext.login import current_user
|
||||
from flask.ext.principal import RoleNeed, Permission, Identity, identity_changed
|
||||
from itsdangerous import BadSignature
|
||||
from werkzeug.local import LocalProxy
|
||||
|
||||
from . import utils
|
||||
@@ -50,19 +49,19 @@ def _get_unauthorized_view():
|
||||
def _check_token():
|
||||
header_key = _security.token_authentication_header
|
||||
args_key = _security.token_authentication_key
|
||||
|
||||
header_token = request.headers.get(header_key, None)
|
||||
token = request.args.get(args_key, header_token)
|
||||
|
||||
serializer = _security.remember_token_serializer
|
||||
rv = False
|
||||
|
||||
try:
|
||||
data = serializer.loads(token)
|
||||
user = _security.datastore.find_user(id=data[0])
|
||||
rv = utils.md5(user.password) == data[1]
|
||||
except:
|
||||
return False
|
||||
pass
|
||||
|
||||
return True if utils.md5(user.password) == data[1] else False
|
||||
return rv
|
||||
|
||||
|
||||
def _check_http_auth():
|
||||
@@ -70,19 +69,15 @@ def _check_http_auth():
|
||||
|
||||
try:
|
||||
user = _security.datastore.find_user(email=auth.username)
|
||||
if utils.verify_password(auth.password, user.password,
|
||||
salt=_security.password_salt,
|
||||
use_hmac=_security.password_hmac):
|
||||
identity_changed.send(current_app._get_current_object(),
|
||||
identity=Identity(user.id))
|
||||
return True
|
||||
except UserNotFoundError:
|
||||
return False
|
||||
|
||||
rv = utils.verify_password(auth.password, user.password,
|
||||
salt=_security.password_salt,
|
||||
use_hmac=_security.password_hmac)
|
||||
|
||||
if rv:
|
||||
identity_changed.send(current_app._get_current_object(),
|
||||
identity=Identity(user.id))
|
||||
|
||||
return rv
|
||||
|
||||
|
||||
def http_auth_required(realm):
|
||||
"""Decorator that protects endpoints using Basic HTTP authentication.
|
||||
@@ -95,17 +90,13 @@ def http_auth_required(realm):
|
||||
def wrapper(*args, **kwargs):
|
||||
if _check_http_auth():
|
||||
return fn(*args, **kwargs)
|
||||
|
||||
r = _security.default_http_auth_realm if callable(realm) else realm
|
||||
h = {'WWW-Authenticate': 'Basic realm="%s"' % r}
|
||||
|
||||
return _get_unauthorized_response(headers=h)
|
||||
|
||||
return wrapper
|
||||
|
||||
if callable(realm):
|
||||
return decorator(realm)
|
||||
|
||||
return decorator
|
||||
|
||||
|
||||
@@ -121,9 +112,7 @@ def auth_token_required(fn):
|
||||
def decorated(*args, **kwargs):
|
||||
if _check_token():
|
||||
return fn(*args, **kwargs)
|
||||
|
||||
return _get_unauthorized_response()
|
||||
|
||||
return decorated
|
||||
|
||||
|
||||
@@ -142,22 +131,16 @@ def roles_required(*roles):
|
||||
:param args: The required roles.
|
||||
"""
|
||||
def wrapper(fn):
|
||||
|
||||
@wraps(fn)
|
||||
def decorated_view(*args, **kwargs):
|
||||
perms = [Permission(RoleNeed(role)) for role in roles]
|
||||
|
||||
for perm in perms:
|
||||
if not perm.can():
|
||||
_logger.debug('Identity does not provide the '
|
||||
'roles: %s' % [r for r in roles])
|
||||
|
||||
return _get_unauthorized_view()
|
||||
|
||||
return fn(*args, **kwargs)
|
||||
|
||||
return decorated_view
|
||||
|
||||
return wrapper
|
||||
|
||||
|
||||
@@ -176,22 +159,15 @@ def roles_accepted(*roles):
|
||||
:param args: The possible roles.
|
||||
"""
|
||||
def wrapper(fn):
|
||||
|
||||
@wraps(fn)
|
||||
def decorated_view(*args, **kwargs):
|
||||
perm = Permission(*[RoleNeed(role) for role in roles])
|
||||
|
||||
if perm.can():
|
||||
return fn(*args, **kwargs)
|
||||
|
||||
r1 = [r for r in roles]
|
||||
r2 = [r.name for r in current_user.roles]
|
||||
|
||||
_logger.debug('Current user does not provide a required role. '
|
||||
'Accepted: %s Provided: %s' % (r1, r2))
|
||||
|
||||
return _get_unauthorized_view()
|
||||
|
||||
return decorated_view
|
||||
|
||||
return wrapper
|
||||
|
||||
@@ -32,7 +32,6 @@ def send_reset_password_instructions(user):
|
||||
"""
|
||||
token = generate_reset_password_token(user)
|
||||
url = url_for_security('reset_password', token=token)
|
||||
|
||||
reset_link = request.url_root[:-1] + url
|
||||
|
||||
send_mail('Password reset instructions',
|
||||
@@ -85,11 +84,8 @@ def reset_by_token(token, password):
|
||||
use_hmac=_security.password_hmac)
|
||||
|
||||
_datastore._save_model(user)
|
||||
|
||||
send_password_reset_notice(user)
|
||||
|
||||
password_reset.send(user, app=app._get_current_object())
|
||||
|
||||
return user
|
||||
|
||||
except SignatureExpired:
|
||||
|
||||
Reference in New Issue
Block a user