aboutsummaryrefslogtreecommitdiff
path: root/gn_auth/auth/authorisation/users/masquerade/views.py
blob: 71cf98d819286f41e82b5692bfd8771c0d6de0ad (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
"""Endpoints for user masquerade"""
from dataclasses import asdict
from uuid import UUID
from functools import partial

from flask import request, jsonify, Response, Blueprint

from gn_auth.auth.errors import InvalidData

from ...checks import require_json
from ....db.sqlite3 import with_db_connection
from ....authentication.users import user_by_id
from ....authentication.oauth2.resource_server import require_oauth

from .models import masquerade_as

masq = Blueprint("masquerade", __name__)

@masq.route("/", methods=["POST"])
@require_oauth("profile user masquerade")
@require_json
def masquerade() -> Response:
    """Masquerade as a particular user."""
    with require_oauth.acquire("profile user masquerade") as token:
        masqueradee_id = UUID(request.json["masquerade_as"])#type: ignore[index]
        if masqueradee_id == token.user.user_id:
            raise InvalidData("You are not allowed to masquerade as yourself.")

        masq_user = with_db_connection(partial(
            user_by_id, user_id=masqueradee_id))
        def __masq__(conn):
            new_token = masquerade_as(conn, original_token=token, masqueradee=masq_user)
            return new_token
        def __dump_token__(tok):
            return {
                key: value for key, value in tok.items()
                if key in ("access_token", "refresh_token", "expires_in",
                           "token_type")
            }
        return jsonify({
            "original": {
                "user": asdict(token.user),
                "token": __dump_token__(token)
            },
            "masquerade_as": {
                "user": asdict(masq_user),
                "token": __dump_token__(with_db_connection(__masq__))
            }
        })