Beispiel #1
0
 def log_in_by_email(cls, email: str, password: str) -> User:
     if cls._email_validation(email):
         session = cls._Session()
         user = session.query(User).filter_by(email=email).first()
         if not user:
             raise AuthenticationException("Wrong Email Address!")
         if cls._password_service.password_verification(
                 user.password, password):
             user.password = None
             return user
         raise AuthenticationException("Wrong Password!")
     raise ValueException("Invalid email address value!")
Beispiel #2
0
 def log_in_by_phone(cls, phone: str, password: str) -> User:
     if cls._phone_validation(phone):
         session = cls._Session()
         user = session.query(User).filter_by(phone=phone).first()
         if not user:
             raise AuthenticationException("Wrong Phone Number!")
         if cls._password_service.password_verification(
                 user.password, password):
             user.password = None
             return user
         raise AuthenticationException("Wrong Password!")
     raise ValueException("Invalid phone value!")
 def hexadecimal_token_validation(
         cls,
         user_id,
         auth_token: str,
         exchange_method: ExchangeMethods = None) -> bool:
     session = cls._Session()
     token = None
     if exchange_method:
         token = session.query(Token).filter_by(
             user_id=user_id,
             exchange_method=exchange_method.value).order_by(
                 desc(Token.requested_time)).first()
     else:
         token = session.query(Token).filter_by(user_id=user_id).order_by(
             desc(Token.requested_time)).first()
     if not token:
         raise SecurityException('User has no token!')
     if token.deactivate:
         raise SecurityException('Token is Deactivated!')
     if datetime.utcnow() > token.time_limit:
         raise TimeoutException('Token is Expired!')
     if secrets.compare_digest(token.hex_token, auth_token):
         token.last_used_time = datetime.utcnow()
         session.commit()
         return token.exchange_method
     token.failed_attempts += 1
     if token.failed_attempts > 3:
         token.deactivate = True
     session.commit()
     if token.deactivate:
         raise SecurityException('Token is Deactivated!')
     raise AuthenticationException('Token is not valid!')
Beispiel #4
0
    def process_request(request):
        try:
            user = authenticate_user_from_request(request)
            set_user(request, user)

        except AuthenticationError, e:
            logging.error(e)
            raise AuthenticationException("Authentication Failed")
 def url_token_validation(cls, url_token: str) -> ():
     session = cls._Session()
     tk = session.query(Token).filter_by(url_token=url_token).first()
     if not tk:
         raise AuthenticationException('Url Token is not valid!')
     if tk.deactivate:
         raise SecurityException('Token is Deactivated!')
     if datetime.utcnow() > tk.time_limit:
         raise TimeoutException('Token is Expired!')
     tk.last_used_time = datetime.utcnow()
     return tk.user.uid, tk.exchange_method
    async def authenticate(self, username, password):
        user_found = await self.user.first({
            'username': username,
            'password': hash_password(password)
        })

        if not user_found:
            raise AuthenticationException()

        token = await self._generate_token(user_obj=user_found)

        return user_found, token
Beispiel #7
0
 def change_password(cls, user_id, old_password, new_password):
     session = cls._Session()
     user = session.query(User).get(user_id)
     if not user:
         raise SecurityException("User doesn't exist!")
     if not cls._password_service.password_verification(
             user.password, old_password):
         raise AuthenticationException("Wrong Password!")
     if not cls._password_service.password_validation(new_password):
         raise ValueException("Entered password is not valid!")
     pss = cls._password_service.hashing_password(new_password)
     user.password = pss
     session.commit()
     return True
def password_verification(origin_password, entered_password: str):
    if is_it_hashed(entered_password):
        raise AuthenticationException("Entered Password is hashed!")
    if sha256.verify(entered_password, origin_password):
        return True
    raise AuthenticationException('Entered password is wrong!')