Fix login and token stuff

2024-08-30 18:23:09 +00:00 · 2022-04-14 18:48:46 +03:00 · 2022-04-14 18:48:46 +03:00 · 20d32c04ce
commit 20d32c04ce
parent 1aa0d65cf7
2 changed files with 30 additions and 7 deletions
--- a/app/classes/web/base_handler.py
+++ b/app/classes/web/base_handler.py
@ -56,11 +56,25 @@ class BaseHandler(tornado.web.RequestHandler):
        return remote_ip

    current_user: t.Tuple[t.Optional[ApiKeys], t.Dict[str, t.Any], t.Dict[str, t.Any]]
+    """
+    A variable that contains the current user's data. Please see
+    Please only use this with routes using the `@tornado.web.authenticated` decorator.
+    """

    def get_current_user(
        self,
-    ) -> t.Tuple[t.Optional[ApiKeys], t.Dict[str, t.Any], t.Dict[str, t.Any]]:
-        return self.controller.authentication.check_err(self.get_cookie("token"))
+    ) -> t.Optional[
+        t.Tuple[t.Optional[ApiKeys], t.Dict[str, t.Any], t.Dict[str, t.Any]]
+    ]:
+        """
+        Get the token's API key, the token's payload and user data.
+
+        Returns:
+            t.Optional[ApiKeys]: The API key of the token.
+            t.Dict[str, t.Any]: The token's payload.
+            t.Dict[str, t.Any]: The user's data from the database.
+        """
+        return self.controller.authentication.check(self.get_cookie("token"))

    def autobleach(self, name, text):
        for r in self.redactables:
@ -117,8 +131,18 @@ class BaseHandler(tornado.web.RequestHandler):
        )

    def _auth_get_api_token(self) -> t.Optional[str]:
+        """Get an API token from the request
+
+        The API token is searched in the following order:
+            1. The `token` query parameter
+            2. The `Authorization` header
+            3. The `token` cookie
+
+        Returns:
+            t.Optional[str]: The API token or None if no token was found.
+        """
        logger.debug("Searching for specified token")
-        api_token = self.get_argument("token", None)
+        api_token = self.get_query_argument("token", None)
        if api_token is None and self.request.headers.get("Authorization"):
            api_token = bearer_pattern.sub(
                "", self.request.headers.get("Authorization")
--- a/app/classes/web/routes/api/auth/login.py
+++ b/app/classes/web/routes/api/auth/login.py
@ -3,7 +3,6 @@ import json
 from jsonschema import validate
 from jsonschema.exceptions import ValidationError
 from app.classes.models.users import Users
-from app.classes.shared.authentication import Authentication
 from app.classes.shared.helpers import Helpers
 from app.classes.web.base_api_handler import BaseApiHandler

@ -51,7 +50,7 @@ class ApiAuthLoginHandler(BaseApiHandler):
        password = data["password"]

        # pylint: disable=no-member
-        user_data = self.controller.users.get_or_none(Users.username == username)
+        user_data = Users.get_or_none(Users.username == username)

        if user_data is None:
            return self.finish_json(
@ -79,14 +78,14 @@ class ApiAuthLoginHandler(BaseApiHandler):

            # log this login
            self.controller.management.add_to_audit_log(
-                user_data.user_id, "Logged in", 0, self.get_remote_ip()
+                user_data.user_id, "Logged in via the API", 0, self.get_remote_ip()
            )

            self.finish_json(
                200,
                {
                    "status": "ok",
-                    "token": Authentication.generate(user_data.user_id),
+                    "token": self.controller.authentication.generate(user_data.user_id),
                    "user_id": user_data.user_id,
                },
            )