aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth/authorisation/users/masquerade/views.py
diff options
context:
space:
mode:
Diffstat (limited to 'gn3/auth/authorisation/users/masquerade/views.py')
-rw-r--r--gn3/auth/authorisation/users/masquerade/views.py48
1 files changed, 48 insertions, 0 deletions
diff --git a/gn3/auth/authorisation/users/masquerade/views.py b/gn3/auth/authorisation/users/masquerade/views.py
new file mode 100644
index 0000000..43286a1
--- /dev/null
+++ b/gn3/auth/authorisation/users/masquerade/views.py
@@ -0,0 +1,48 @@
+"""Endpoints for user masquerade"""
+from uuid import UUID
+from functools import partial
+
+from flask import request, jsonify, Response, Blueprint
+
+from gn3.auth.db_utils import with_db_connection
+from gn3.auth.authorisation.errors import InvalidData
+from gn3.auth.authorisation.checks import require_json
+
+from gn3.auth.authentication.users import user_by_id
+from gn3.auth.authentication.oauth2.resource_server import require_oauth
+
+from .models import masquerade_as
+
+masq = Blueprint("masquerade", __name__)
+
+@masq.route("/", methods=["POST"])
+@require_oauth("profile user masquerade")
+@require_json
+def masquerade() -> Response:
+ """Masquerade as a particular user."""
+ with require_oauth.acquire("profile user masquerade") as token:
+ masqueradee_id = UUID(request.json["masquerade_as"])#type: ignore[index]
+ if masqueradee_id == token.user.user_id:
+ raise InvalidData("You are not allowed to masquerade as yourself.")
+
+ masq_user = with_db_connection(partial(
+ user_by_id, user_id=masqueradee_id))
+ def __masq__(conn):
+ new_token = masquerade_as(conn, original_token=token, masqueradee=masq_user)
+ return new_token
+ def __dump_token__(tok):
+ return {
+ key: value for key, value in (tok._asdict().items())
+ if key in ("access_token", "refresh_token", "expires_in",
+ "token_type")
+ }
+ return jsonify({
+ "original": {
+ "user": token.user._asdict(),
+ "token": __dump_token__(token)
+ },
+ "masquerade_as": {
+ "user": masq_user._asdict(),
+ "token": __dump_token__(with_db_connection(__masq__))
+ }
+ })