From 311711168711d7db2568e6f03a2a2569bb5892ec Mon Sep 17 00:00:00 2001
From: Eibriel <eibriel@yahoo.com.ar>
Date: Tue, 7 Apr 2015 12:42:50 -0300
Subject: [PATCH] Check if the token is valid

---
 attract/application/__init__.py | 55 +++++++++++++++++++++++++++------
 1 file changed, 45 insertions(+), 10 deletions(-)

diff --git a/attract/application/__init__.py b/attract/application/__init__.py
index 77739731..b11faa3b 100644
--- a/attract/application/__init__.py
+++ b/attract/application/__init__.py
@@ -1,7 +1,9 @@
+import os
+
 from eve import Eve
 
-import random
-import string
+# import random
+# import string
 
 from eve.auth import TokenAuth
 from eve.auth import BasicAuth
@@ -9,9 +11,45 @@ from eve.io.mongo import Validator
 from bson import ObjectId
 
 
+class SystemUtility():
+    def __new__(cls, *args, **kwargs):
+        raise TypeError("Base class may not be instantiated")
+
+    @staticmethod
+    def blender_id_endpoint():
+        """Gets the endpoint for the authentication API. If the env variable
+        is defined, it's possible to override the (default) production address.
+        """
+        return os.environ.get(
+            'BLENDER_ID_ENDPOINT', "https://www.blender.org/id")
+
+
+def validate(token):
+    import requests
+    payload = dict(
+        token=token)
+    try:
+        r = requests.post("{0}/u/validate_token".format(
+            SystemUtility.blender_id_endpoint()), data=payload)
+    except requests.exceptions.ConnectionError as e:
+        raise e
+
+    if r.status_code == 200:
+        message = r.json()['message']
+        valid = r.json()['valid']
+    else:
+        message = ""
+        valid = False
+    return dict(valid=valid, message=message)
+
+
 class TokensAuth(TokenAuth):
     def check_auth(self, token, allowed_roles, resource, method):
-        tokens = app.data.driver.db['tokens']
+        # print (token)
+        validation = validate(token)
+        # print validation['message']
+        return validation['valid']
+        """tokens = app.data.driver.db['tokens']
         lookup = {'token': token}
         token = tokens.find_one(lookup)
         if not token:
@@ -23,7 +61,7 @@ class TokensAuth(TokenAuth):
         user = users.find_one(lookup)
         if not user:
             return False
-        return token
+        return token"""
 
 class BasicsAuth(BasicAuth):
     def check_auth(self, username, password, allowed_roles, resource, method):
@@ -63,14 +101,11 @@ class ValidateCustomFields(Validator):
                 field, "Error validating properties")
 
 
-def add_token(documents):
-    # Don't use this in production:
-    # You should at least make sure that the token is unique.
-    # print ("Adding Token")
+"""def add_token(documents):
     for document in documents:
         document["token"] = (''.join(random.choice(string.ascii_uppercase)
-                                     for x in range(10)))
+                                     for x in range(10)))"""
 
 
 app = Eve(validator=ValidateCustomFields, auth=MyTokenAuth)
-app.on_insert_tokens += add_token
+# app.on_insert_tokens += add_token