def authenticate(self, identification, password=None, check_password=True):
session = orm.sessionmaker()
org_key = Organization.resource_name.lower() + '_id'
user = None
try:
# if it looks like an email, lookup against the email column
django.core.validators.validate_email(identification)
filters = {'email': identification}
if auth_settings.BAPH_AUTH_UNIQUE_WITHIN_ORG:
filters[org_key] = Organization.get_current_id()
user = session.query(User).filter_by(**filters).first()
except django.core.validators.ValidationError:
# this wasn't an email
pass
if not user:
# email lookup failed, try username lookup if enabled
if auth_settings.BAPH_AUTH_WITHOUT_USERNAMES:
# usernames are not valid login credentials
return None
filters = {User.USERNAME_FIELD: identification}
if auth_settings.BAPH_AUTH_UNIQUE_WITHIN_ORG:
filters[org_key] = Organization.get_current_id()
user = session.query(User).filter_by(**filters).first()
if not user:
return None
if check_password:
if user.check_password(password):
return user
return None
else:
return user
def authenticate(self, identification, password=None, check_password=True):
session = orm.sessionmaker()
org_key = Organization.resource_name.lower() + '_id'
user = None
try:
# if it looks like an email, lookup against the email column
django.core.validators.validate_email(identification)
filters = {'email': identification}
if auth_settings.BAPH_AUTH_UNIQUE_WITHIN_ORG:
filters[org_key] = Organization.get_current_id()
user = session.query(User).filter_by(**filters).first()
except django.core.validators.ValidationError:
# this wasn't an email
pass
if not user:
# email lookup failed, try username lookup if enabled
if auth_settings.BAPH_AUTH_WITHOUT_USERNAMES:
# usernames are not valid login credentials
return None
filters = {User.USERNAME_FIELD: identification}
if auth_settings.BAPH_AUTH_UNIQUE_WITHIN_ORG:
filters[org_key] = Organization.get_current_id()
user = session.query(User).filter_by(**filters).first()
if not user:
return None
if check_password:
if user.check_password(password):
return user
return None
else: return user
def get_consumer(self, request, oauth_request, consumer_key):
org_id = Organization.get_current_id(request)
col_key = Organization.get_column_key()
col = getattr(User, col_key)
session = orm.sessionmaker()
consumer = (
session.query(OAuthConsumer)
.join(OAuthConsumer.user)
.filter(OAuthConsumer.key == oauth_request["oauth_consumer_key"])
.filter(or_(col == org_id, User.is_superuser == True))
.first()
)
if not consumer:
raise InvalidConsumerError()
return consumer
def clean_email(self):
filters = {'email': self.cleaned_data['email']}
if settings.BAPH_AUTH_UNIQUE_WITHIN_ORG:
org_key = Organization._meta.model_name + '_id'
filters[org_key] = Organization.get_current_id()
session = orm.sessionmaker()
user = session.query(User) \
.options(joinedload('signup')) \
.filter_by(**filters) \
.first()
if user and user.signup and user.signup.activation_key != settings.BAPH_ACTIVATED:
raise forms.ValidationError(_('This email is already taken but '
'not yet confirmed. Please check your email for verification '
'steps.'))
if user:
raise forms.ValidationError(_('This email is already taken'))
return self.cleaned_data['email']
def get_current_permissions(self):
if hasattr(self, '_perm_cache'):
return self._perm_cache
from baph.auth.models import Organization
current_org_id = str(Organization.get_current_id())
perms = {}
for org_id, org_perms in self.get_all_permissions().items():
if not org_id in (None, current_org_id):
continue
for rsrc, rsrc_perms in org_perms.items():
if not rsrc in perms:
perms[rsrc] = {}
for action, action_perms in rsrc_perms.items():
if not action in perms[rsrc]:
perms[rsrc][action] = set()
perms[rsrc][action].update(action_perms)
setattr(self, '_perm_cache', perms)
return perms
def get_current_permissions(self):
if hasattr(self, '_perm_cache'):
return self._perm_cache
from baph.auth.models import Organization
current_org_id = str(Organization.get_current_id())
perms = {}
for org_id, org_perms in self.get_all_permissions().items():
if not org_id in (None, current_org_id):
continue
for rsrc, rsrc_perms in org_perms.items():
if not rsrc in perms:
perms[rsrc] = {}
for action, action_perms in rsrc_perms.items():
if not action in perms[rsrc]:
perms[rsrc][action] = set()
perms[rsrc][action].update(action_perms)
setattr(self, '_perm_cache', perms)
return perms
def clean_email(self):
""" Validate that the email is not already in use """
if self.cleaned_data['email'].lower() == self.user.email:
raise forms.ValidationError(_(u'You\'re already known under this '
'email.'))
filters = {'email': self.cleaned_data['email']}
if settings.BAPH_AUTH_UNIQUE_WITHIN_ORG:
org_key = Organization._meta.model_name + '_id'
filters[org_key] = Organization.get_current_id()
session = orm.sessionmaker()
user = session.query(User) \
.filter(User.email != self.user.email) \
.filter_by(**filters) \
.first()
if user:
raise forms.ValidationError(_(u'This email is already in use. '
'Please supply a different email.'))
return self.cleaned_data['email']
def clean_org_unique_field(self, key, **kwargs):
org_key = Organization._meta.model_name + '_id'
kwargs[org_key] = Organization.get_current_id()
return self.clean_unique_field(key, **kwargs)
