summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPiotr Dobrowolski <admin@tastycode.pl>2017-10-11 18:33:20 +0200
committerPiotr Dobrowolski <admin@tastycode.pl>2017-10-11 18:33:20 +0200
commit09fd19fff7ad1540045f9e4c9096a94e5f1fe67b (patch)
tree33b167d70581a8c444d9616029b84cd8008cc01e
parentc4d6f5c03982faeee1a6f7b40100424090c3d966 (diff)
downloadbitvend-09fd19fff7ad1540045f9e4c9096a94e5f1fe67b.tar.gz
bitvend-09fd19fff7ad1540045f9e4c9096a94e5f1fe67b.tar.bz2
bitvend-09fd19fff7ad1540045f9e4c9096a94e5f1fe67b.tar.xz
bitvend-09fd19fff7ad1540045f9e4c9096a94e5f1fe67b.zip
Migrate to Flask-SpaceAuth
-rw-r--r--bitvend/__init__.py17
-rw-r--r--bitvend/admin.py2
-rw-r--r--bitvend/auth.py87
-rw-r--r--bitvend/templates/base.html8
-rw-r--r--bitvend/views.py26
-rw-r--r--requirements.txt1
6 files changed, 21 insertions, 120 deletions
diff --git a/bitvend/__init__.py b/bitvend/__init__.py
index 1e9257e..4ffe997 100644
--- a/bitvend/__init__.py
+++ b/bitvend/__init__.py
@@ -2,25 +2,36 @@ import flask
from bitvend.processor import PaymentProcessor
from bitvend.mdb import BitvendCashlessMDBDevice
+from spaceauth import SpaceAuth
dev = BitvendCashlessMDBDevice()
proc = PaymentProcessor(dev)
+spaceauth = SpaceAuth()
from bitvend.utils import to_local_currency, from_local_currency, format_btc, \
sat_to_btc
-from bitvend.models import db, Transaction
-from bitvend.auth import login_manager
+from bitvend.models import db, Transaction, User
import bitvend.views
import bitvend.admin
+@spaceauth.user_loader
+def bitvend_user_loader(username, profile=None):
+ u = User.find(username)
+
+ if not u:
+ u = User(uid=username)
+ db.session.add(u)
+ db.session.commit()
+
+ return u
def create_app():
app = flask.Flask(__name__)
app.config.from_object('bitvend.default_settings')
db.init_app(app)
- login_manager.init_app(app)
+ spaceauth.init_app(app)
dev.init_app(app)
proc.init_app(app)
diff --git a/bitvend/admin.py b/bitvend/admin.py
index 24271de..c803181 100644
--- a/bitvend/admin.py
+++ b/bitvend/admin.py
@@ -3,7 +3,7 @@ from flask_login import current_user, fresh_login_required
from bitvend.models import db, Transaction
from bitvend.forms import ManualForm
-from bitvend.auth import cap_required
+from spaceauth import cap_required
admin_required = cap_required('staff')
diff --git a/bitvend/auth.py b/bitvend/auth.py
deleted file mode 100644
index 5ad9154..0000000
--- a/bitvend/auth.py
+++ /dev/null
@@ -1,87 +0,0 @@
-import requests
-import functools
-import time
-from flask import session, flash, redirect, request, current_app, abort
-from flask_login import login_user, LoginManager, logout_user, current_user
-from flask_login.signals import user_logged_out
-from bitvend.models import User, db
-from sqlalchemy import func
-
-
-login_manager = LoginManager()
-login_manager.refresh_view = "bitvend.login"
-login_manager.needs_refresh_message = (
- u"To protect your account, please reauthenticate to access this page."
-)
-login_manager.needs_refresh_message_category = "info"
-
-@login_manager.user_loader
-def load_user(user_id):
- return User.find(user_id)
-
-def try_login(username, password):
- resp = requests.post('https://auth.hackerspace.pl/', data={
- 'login': username,
- 'password': password
- })
-
- if resp.status_code == 200:
- u = User.find(username)
-
- if not u:
- u = User(uid=username)
- db.session.add(u)
- db.session.commit()
-
- login_user(u, remember=True)
-
- return True
-
- return False
-
-
-def cap_check(capability, user=None):
- if not current_user.is_authenticated:
- return False
-
- user = user or current_user.get_id()
-
- cache_key = '{}-{}'.format(user, capability)
- cached_cap = session.get('_caps', {}).get(cache_key, (False, 0))
-
- if cached_cap[1] > time.time():
- return cached_cap[0]
-
- allowed = requests.get(
- 'https://capacifier.hackerspace.pl/%s/%s' % (capability, user)
- ).status_code == 200
-
- if '_caps' not in session:
- session['_caps'] = {}
-
- session['_caps'][cache_key] = \
- (allowed, time.time() + current_app.config.get('CAP_TTL', 3600))
-
- return allowed
-
-
-@user_logged_out.connect
-def caps_cleanup(app, user):
- # Cleanup caps cache
- if '_caps' in session:
- session.pop('_caps')
-
-
-def cap_required(capability):
- '''Checks if user has desired capacifier capability'''
-
- def inner(func):
- @functools.wraps(func)
- def wrapped(*args, **kwargs):
- if not cap_check(capability):
- abort(403)
-
- return func(*args, **kwargs)
-
- return wrapped
- return inner
diff --git a/bitvend/templates/base.html b/bitvend/templates/base.html
index d3c2c9c..3a8b49b 100644
--- a/bitvend/templates/base.html
+++ b/bitvend/templates/base.html
@@ -52,9 +52,9 @@
<span class="icon-bar"></span>
</button>
{% if current_user.is_authenticated %}
- <a href="{{ url_for('bitvend.logout') }}" class="navbar-brand pull-right hidden-md hidden-lg"><small>Logout</small></a>
+ <a href="{{ url_for('spaceauth.logout') }}" class="navbar-brand pull-right hidden-md hidden-lg"><small>Logout</small></a>
{% else %}
- <a href="{{ url_for('bitvend.login') }}" class="navbar-brand pull-right hidden-md hidden-lg"><small>Login</small></a>
+ <a href="{{ url_for('spaceauth.login') }}" class="navbar-brand pull-right hidden-md hidden-lg"><small>Login</small></a>
{% endif %}
</div>
<div class="navbar-collapse collapse" id="navbar-main">
@@ -65,14 +65,14 @@
{% if current_user.is_authenticated %}
<ul class="nav navbar-right navbar-nav">
- <li><a href="{{ url_for('bitvend.logout') }}">Logout</a>
+ <li><a href="{{ url_for('spaceauth.logout') }}">Logout</a>
</ul>
<p class="navbar-text navbar-right">
<small>Logged in as:</small> <b>{{ current_user }}</b>
</p>
{% else %}
<ul class="nav navbar-right navbar-nav">
- <li><a href="{{ url_for('bitvend.login') }}">Login</a></li>
+ <li><a href="{{ url_for('spaceauth.login') }}">Login</a></li>
</ul>
{% endif %}
diff --git a/bitvend/views.py b/bitvend/views.py
index 33eed02..7e424cb 100644
--- a/bitvend/views.py
+++ b/bitvend/views.py
@@ -1,7 +1,6 @@
from flask import Blueprint, render_template, redirect, request, flash, \
url_for, jsonify
from flask import current_app as app
-from flask_login import login_required, current_user, logout_user
import six
import qrcode
@@ -9,10 +8,10 @@ import qrcode.image.svg
from bitvend import dev, proc
from bitvend.models import db, User, Transaction, NoFunds
-from bitvend.auth import try_login, cap_required
from bitvend.forms import TransferForm
from bitvend.graphs import gen_main_graph
+from spaceauth import login_required, current_user, cap_required
bp = Blueprint('bitvend', __name__, template_folder='templates')
@@ -72,29 +71,6 @@ def transfer():
return redirect(url_for('.index'))
-@bp.route('/login')
-def login():
- return render_template('login.html', next=request.args.get('next'))
-
-@bp.route('/login', methods=['POST'])
-def login_submit():
- if try_login(request.form.get('username'), request.form.get('password')):
- flash('Login successful', 'success')
-
- if request.form.get('next'):
- return redirect(request.form.get('next'))
-
- return redirect('/')
-
- flash('Login failed', 'danger')
- return redirect(url_for('.login'))
-
-@bp.route('/logout')
-@login_required
-def logout():
- logout_user()
- return redirect(url_for('.index'))
-
@bp.route('/log')
@login_required
@cap_required('staff')
diff --git a/requirements.txt b/requirements.txt
index 253ae77..1c74264 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -18,3 +18,4 @@ websocket-client==0.40.0
Werkzeug==0.11.15
WTForms==2.1
blinker>=1.3
+-e git+https://code.hackerspace.pl/informatic/flask-spaceauth#egg=Flask-SpaceAuth