auth fixes

2021-07-14 14:45:31 +00:00
parent 6c9337be4c
commit d304362684
5 changed files with 38 additions and 17 deletions
--- a/auth/authenticate.py
+++ b/auth/authenticate.py
@@ -2,7 +2,7 @@ from functools import wraps
 from typing import Optional, Tuple

 from graphql import GraphQLResolveInfo
-import jwt
+from jwt import DecodeError, ExpiredSignatureError
 from starlette.authentication import AuthenticationBackend
 from starlette.requests import HTTPConnection

@@ -29,14 +29,14 @@ class _Authenticate:
        """
        try:
            payload = Token.decode(token)
-        except exceptions.ExpiredSignatureError:
+        except ExpiredSignatureError:
            payload = Token.decode(token, verify_exp=False)
            if not await cls.exists(payload.user_id, token):
                raise InvalidToken("Login expired, please login again")
            if payload.device == "mobile":  # noqa
                "we cat set mobile token to be valid forever"
                return payload
-        except exceptions.JWTDecodeError as e:
+        except DecodeError as e:
            raise InvalidToken("token format error") from e
        else:
            if not await cls.exists(payload.user_id, token):
@@ -73,5 +73,4 @@ def login_required(func):
        if not auth.logged_in:
            raise OperationNotAllowed(auth.error_message or "Please login")
        return await func(parent, info, *args, **kwargs)
-
    return wrap
--- a/auth/identity.py
+++ b/auth/identity.py
@@ -4,6 +4,8 @@ from orm import User as OrmUser
 from orm.base import global_session
 from auth.validations import User

+from sqlalchemy import or_
+

 class Identity:
 	@staticmethod
@@ -12,14 +14,22 @@ class Identity:
 		if not user:
 			raise ObjectNotExist("User does not exist")
 		user = User(**user.dict())
+		if user.password is None:
+			raise InvalidPassword("Wrong user password")
 		if not Password.verify(password, user.password):
 			raise InvalidPassword("Wrong user password")
 		return user
 	
 	@staticmethod
-	def identity_oauth(oauth_id, input) -> User:
-		user = global_session.query(OrmUser).filter_by(oauth_id=oauth_id).first()
+	def identity_oauth(input) -> User:
+		user = global_session.query(OrmUser).filter(
+			or_(OrmUser.oauth_id == input["oauth_id"], OrmUser.email == input["email"])
+			).first()
 		if not user:
 			user = OrmUser.create(**input)
+		if not user.oauth_id:
+			user.oauth_id = input["oauth_id"]
+			global_session.commit()
+
 		user = User(**user.dict())
 		return user
--- a/auth/oauth.py
+++ b/auth/oauth.py
@@ -63,6 +63,6 @@ async def oauth_authorize(request):
 		"email" : profile["email"],
 		"username" : profile["name"]
 	}
-	user = Identity.identity_oauth(oauth_id=oauth_id, input=user_input)
+	user = Identity.identity_oauth(user_input)
 	token = await Authorize.authorize(user, device="pc", auto_delete=False)
 	return PlainTextResponse(token)