aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2024-07-25 14:54:43 -0500
committerFrederick Muriuki Muriithi2024-07-26 16:45:30 -0500
commit0dd6a3b3c8464f80375918148fe2c6cdacd8f462 (patch)
tree358b87862c31f9f6a792e6bd547ec2ec8eb13a6f
parent8fad53065943cb5f909ae783db1b95f06faa8915 (diff)
downloadgn-uploader-0dd6a3b3c8464f80375918148fe2c6cdacd8f462.tar.gz
authorisation module: utilities for basic authorisation.
-rw-r--r--uploader/authorisation.py28
1 files changed, 28 insertions, 0 deletions
diff --git a/uploader/authorisation.py b/uploader/authorisation.py
new file mode 100644
index 0000000..71b42fa
--- /dev/null
+++ b/uploader/authorisation.py
@@ -0,0 +1,28 @@
+"""Authorisation utilities."""
+from functools import wraps
+from urllib.parse import urljoin
+
+from flask import flash, redirect
+
+from uploader import session
+from uploader.oauth2.client import oauth2_client, authserver_uri
+
+def require_login(function):
+ """Check that the user is logged in before executing `func`."""
+ @wraps(function)
+ def __is_session_valid__(*args, **kwargs):
+ """Check that the user is logged in and their token is valid."""
+ def __clear_session__(_no_token):
+ session.clear_session_info()
+ flash("You need to be logged in.", "alert-danger")
+ return redirect("/")
+
+ def __with_token__(token):
+ resp = oauth2_client().get(
+ urljoin(authserver_uri(), "auth/user/"))
+ userdetails = resp.json()
+ if not userdetails.get("error"):
+ return function(*args, **kwargs)
+ return __clear_session__(token)
+ return session.user_token().either(__clear_session__, __with_token__)
+ return __is_session_valid__