1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
"""Endpoints for user masquerade"""
from dataclasses import asdict
from uuid import UUID
from flask import request, jsonify, Response, Blueprint, current_app
from gn_auth.auth.errors import InvalidData
from gn_auth.auth.authorisation.resources.groups.models import user_group
from ....db import sqlite3 as db
from ...checks import require_json
from ....authentication.users import user_by_id
from ....authentication.oauth2.resource_server import require_oauth
from .models import masquerade_as
masq = Blueprint("masquerade", __name__)
@masq.route("/", methods=["POST"])
@require_oauth("profile user masquerade")
@require_json
def masquerade() -> Response:
"""Masquerade as a particular user."""
with (require_oauth.acquire("profile user masquerade") as token,
db.connection(current_app.config["AUTH_DB"]) as conn):
masqueradee_id = UUID(request.json["masquerade_as"])#type: ignore[index]
if masqueradee_id == token.user.user_id:
raise InvalidData("You are not allowed to masquerade as yourself.")
masq_user = user_by_id(conn, user_id=masqueradee_id)
def __masq__(conn):
new_token = masquerade_as(conn, original_token=token, masqueradee=masq_user)
return new_token
return jsonify({
"original": {
"user": asdict(token.user)
},
"masquerade_as": {
"user": asdict(masq_user),
"token": __masq__(conn),
**(user_group(conn, masq_user).maybe(# type: ignore[misc]
{}, lambda grp: {"group": grp}))
}
})
|
