diff options
| author | Frederick Muriuki Muriithi | 2023-08-04 10:10:28 +0300 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2023-08-04 10:20:09 +0300 |
| commit | 8b7c598407a5fea9a3d78473e72df87606998cd4 (patch) | |
| tree | 8526433a17eca6b511feb082a0574f9b15cb9469 /gn_auth/auth/authorisation/users/masquerade/views.py | |
| parent | f7fcbbcc014686ac597b783a8dcb38b43024b9d6 (diff) | |
| download | gn-auth-8b7c598407a5fea9a3d78473e72df87606998cd4.tar.gz | |
Copy over files from GN3 repository.
Diffstat (limited to 'gn_auth/auth/authorisation/users/masquerade/views.py')
| -rw-r--r-- | gn_auth/auth/authorisation/users/masquerade/views.py | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/gn_auth/auth/authorisation/users/masquerade/views.py b/gn_auth/auth/authorisation/users/masquerade/views.py new file mode 100644 index 0000000..43286a1 --- /dev/null +++ b/gn_auth/auth/authorisation/users/masquerade/views.py @@ -0,0 +1,48 @@ +"""Endpoints for user masquerade""" +from uuid import UUID +from functools import partial + +from flask import request, jsonify, Response, Blueprint + +from gn3.auth.db_utils import with_db_connection +from gn3.auth.authorisation.errors import InvalidData +from gn3.auth.authorisation.checks import require_json + +from gn3.auth.authentication.users import user_by_id +from gn3.auth.authentication.oauth2.resource_server import require_oauth + +from .models import masquerade_as + +masq = Blueprint("masquerade", __name__) + +@masq.route("/", methods=["POST"]) +@require_oauth("profile user masquerade") +@require_json +def masquerade() -> Response: + """Masquerade as a particular user.""" + with require_oauth.acquire("profile user masquerade") as token: + masqueradee_id = UUID(request.json["masquerade_as"])#type: ignore[index] + if masqueradee_id == token.user.user_id: + raise InvalidData("You are not allowed to masquerade as yourself.") + + masq_user = with_db_connection(partial( + user_by_id, user_id=masqueradee_id)) + def __masq__(conn): + new_token = masquerade_as(conn, original_token=token, masqueradee=masq_user) + return new_token + def __dump_token__(tok): + return { + key: value for key, value in (tok._asdict().items()) + if key in ("access_token", "refresh_token", "expires_in", + "token_type") + } + return jsonify({ + "original": { + "user": token.user._asdict(), + "token": __dump_token__(token) + }, + "masquerade_as": { + "user": masq_user._asdict(), + "token": __dump_token__(with_db_connection(__masq__)) + } + }) |