linotp.controllers.base module

The Controller’s Base class

class linotp.controllers.base.BaseController(name, install_name='', **kwargs)

Bases: Blueprint

BaseController class - will be called with every request

before_handler()

Call derived controller’s legacy __before__ method if it exists

This method is called before each request is processed.

default_url_prefix = ''

Suggested URL to access this controller.

The URL at which this controller will be available depends on a number of factors. These are, in order of priority: 1. Any explicit path in the settings CONTROLLERS=ControllerName:PATH 2. The controller’s base_url_prefix setting 3. The name of the controller

jwt_check()

Check whether the current request needs to be authenticated using JWT, and if so, whether it contains a valid JWT access token. The login name from the access token is stored in the request_context[‘AuthUser’] via quering the jwt identity with get_jwt_identiy for the benefit of lib.user.getUserFromRequest().

jwt_exempt = False
parse_requesting_user()

load the requesting user

The result is placed into request_context[‘RequestUser’]

property request_params
class linotp.controllers.base.ControllerMetaClass(name, bases, dct)

Bases: type

This is used to determine the list of methods of a new controller that should be made available as API endpoints. Basically every method whose name does not start with an underscore has a Flask route to it added in the blueprint when a controller class is instantiated.

class linotp.controllers.base.JWTMixin

Bases: object

Provides login and logout methods that generate or dispose of JWT access tokens (and double-submit tokens for CSRF protection).

This is a mixin class so we can keep all the JWT stuff closely together instead of spreading it out across various controllers.

login()

POST /base/login

manage authentication

Checks a user’s credentials and issues them a JWT access token if their credentials are valid. We’re using cookies to store the access token plus a double-submit token for CSRF protection, which makes it easy to refresh access tokens transparently if they are nearing expiry.

Parameters
  • username – the name of the user

  • password – the password of the user

Returns

a json document and the jwt cookies are replied

logout()

Logs a user out by obliterating their JWT access token cookies. NOTE: We may wish to block further use of the access token in question in case the user has saved a copy somewhere. See the Flask-JWT-Extended docs for ideas about how to do this.

linotp.controllers.base.add_hyphenated_url(f)

Decorator that sets the hyphenated_url attribute on a function. We could set the attribute directly after the function definition but this way it looks nicer, and the code in the other file doesn’t need to know about the attribute.

linotp.controllers.base.jwt_exempt(f)

Decorator for methods that should be exempt from JWT validation.

linotp.controllers.base.jwt_refresh(response)

Transparently refresh a JWT access token that is close to expiry. This is pretty much straight from the Flask-JWT-Extended docs, except we’re making the refresh period configurable.

linotp.controllers.base.methods(mm=['GET'])

Decorator to specify the allowable HTTP methods for a controller/blueprint method. It turns out that Flask.add_url_rule looks at a function object’s methods property when figuring out what HTTP methods should be allowed on a view, so that’s where we’re putting the methods list.