aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth/authorisation/users/masquerade/views.py
blob: 43286a114382997ba3da6010ac61d1b0ecc6f71f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
"""Endpoints for user masquerade"""
from uuid import UUID
from functools import partial

from flask import request, jsonify, Response, Blueprint

from gn3.auth.db_utils import with_db_connection
from gn3.auth.authorisation.errors import InvalidData
from gn3.auth.authorisation.checks import require_json

from gn3.auth.authentication.users import user_by_id
from gn3.auth.authentication.oauth2.resource_server import require_oauth

from .models import masquerade_as

masq = Blueprint("masquerade", __name__)

@masq.route("/", methods=["POST"])
@require_oauth("profile user masquerade")
@require_json
def masquerade() -> Response:
    """Masquerade as a particular user."""
    with require_oauth.acquire("profile user masquerade") as token:
        masqueradee_id = UUID(request.json["masquerade_as"])#type: ignore[index]
        if masqueradee_id == token.user.user_id:
            raise InvalidData("You are not allowed to masquerade as yourself.")

        masq_user = with_db_connection(partial(
            user_by_id, user_id=masqueradee_id))
        def __masq__(conn):
            new_token = masquerade_as(conn, original_token=token, masqueradee=masq_user)
            return new_token
        def __dump_token__(tok):
            return {
                key: value for key, value in (tok._asdict().items())
                if key in ("access_token", "refresh_token", "expires_in",
                           "token_type")
            }
        return jsonify({
            "original": {
                "user": token.user._asdict(),
                "token": __dump_token__(token)
            },
            "masquerade_as": {
                "user": masq_user._asdict(),
                "token": __dump_token__(with_db_connection(__masq__))
            }
        })