db.py

from os import environ
from hydra_client import HydraAdmin
from flask_login import UserMixin
from graphqlclient import GraphQLClient
import json

GRAPHQL_URL = environ['GRAPHQL_URL']
graphql_client = GraphQLClient(GRAPHQL_URL)


class User(UserMixin):
    def __init__(self, username):
        self.id = username
        self.username = username
        self.active = False
        self._load_remote_user_info()

    def _load_remote_user_info(self):
        """Loads userdata from remote GraphQL API"""
        querystring = '''{{
        getUser(username: "{0}"){{
            email,
            active
            }}}}'''.format(self.username)
        result = json.loads(graphql_client.execute(querystring))
        if "data" in result and result["data"]["getUser"] is not None:
            self.active = result["data"]["getUser"]["active"]
            self.email = result["data"]["getUser"]["email"]

    def _verify_password(self, password):
        """Verifies cleartext password

        Sends the cleartext `password` to the GraphQL API
        which verifies the password by hashing it and comparing it to a stored password
        hash.

        Args:
            password: cleartext password

        Returns:
            Boolean result of password verification
        """
        password = password.replace('"', '\\"')
        querystring = '''{{
        verifyPassword(
            username: "{0}",
            password: "{1}")
            }}'''.format(self.username, password)
        result = json.loads(graphql_client.execute(querystring))
        verified = False
        if "data" in result:
            verified = result["data"]["verifyPassword"]
        return verified

    def authenticate(self, password):
        return self.active and self._verify_password(password)