def logout(self, mesg):
session.destroy()
if mesg == "depleted":
flash(self.model.spiel('quota_depleted'), 'error')
else:
flash(self.model.spiel('logout'), 'error')
self.log.info('Logging off %s', request.gateway_session_id)
request.gateway_session.logoff(request.gateway_session_id)
if 'sessacct' in self.config:
time.sleep(2)
print 'Checking for accounting stop..'
for n in range(4):
sessacct = self.model.getSessionByIP()
print ' ', sessacct
if not sessacct:
break
if sessacct['Acct-Status-Type'] == 'Stop':
break
time.sleep(1)
else:
print 'XXXXX'
time.sleep(2)
for n in range(4):
if not request.gateway_session.session_sync(request, session):
break
time.sleep(1)
return redirect(url_for('login_form'))
def email_confirm(user_id, secret):
if session.ok and user_id != session["user"]["user_id"]:
session.destroy()
try:
users.email_confirm_check(user_id, secret,
session["user"] if session.ok else None)
except users.EmailAlreadyConfirmed:
return render_template("login/email-confirm.html",
already_confirmed=True, next=login_next())
except users.BadSecret:
return render_template("login/email-confirm.html", bad_secret=True)
if not session.ok and request.method == "POST":
password = request.form["password"]
try:
user = users.password_login("user_id", user_id, password)
except users.BadPassword:
return render_template("login/email-confirm.html",
unauthenticated=True, bad_password=True,
user_id=user_id, secret=secret)
else:
logger.info("logging in user %s (during email confirmation)",
user["user_id"])
session.create(user)
if not session.ok:
return render_template("login/email-confirm.html",
unauthenticated=True,
user_id=user_id, secret=secret)
users.email_confirm(user_id)
return render_template("login/email-confirm.html",
confirmed=True, next=login_next())
def logout():
current_app.logger.info('logout: {user}', extra={'user': user_logging_string(current_user)})
terms_of_use.set_session_flag(False)
if current_app.config['REDIS_SESSIONS']:
session.destroy()
logout_user()
return redirect('/2/login')
def ldap_logout():
"""
Log a user out from the LDAP server.
Args:
timed_out (bool): If True, the users client side session timed-out.
Returns:
HTTP Response (werkzeug.wrappers.Response): Redirects the user to the home page
"""
timed_out = request.args.get('timed_out', False)
logout_user()
create_auth_event(
auth_event_type=event_type.USER_FAILED_LOG_IN,
user_guid=session["user_id"],
new_value={
'success': True,
'type': current_app.config['AUTH_TYPE'],
'timed_out': timed_out
}
)
session.destroy()
if timed_out:
flash("Your session timed out. Please login again", category="info")
return redirect(url_for("main.index"))
def password_login():
if session.ok:
session.destroy()
email = request.form["email"].lower()
password = request.form["password"]
try:
user = users.password_login("email", email, password)
except users.ShouldUseRaven:
return render_template("login/password-login.html",
should_use_raven=True, email=email)
except users.EmailNotFound:
return render_template("login/password-login.html",
bad_email=True, email=email)
except users.BadPassword:
return render_template("login/password-login.html",
bad_password=True, email=email)
except users.UserDisabled:
return user_disabled_response()
else:
logger.info("logging in user %s (via password; email %s)",
user["user_id"], email)
session.create(user)
return redirect(login_next())
def before_request():
if current_user.is_authenticated:
last_login = session['last_login']
time = datetime.datetime.now() - last_login
print(time.seconds)
if time.seconds > 900: # 30minutes
logout_user()
session.destroy()
resp = make_response(redirect(url_for('home_page')))
if resp.headers['Location'] == '/':
return resp
elif session.get('otp_session'):
otp_session = session['otp_session']
interval = datetime.datetime.now() - otp_session
if interval.seconds > 60:
session.destroy()
flash('Enter OTP within 60 seconds')
resp = make_response(redirect(url_for('login')))
if resp.headers['Location'] == '/login':
return resp
# print(psutil.net_io_counters())
session.permanent = True
app.permanent_session_lifetime = datetime.timedelta(days=1)
session.modified = True
g.user = current_user
if not os.environ.get('IS_PROD'):
test.kvsession_extension.cleanup_sessions(app)
def lost_password_form(self):
if 'do' in request.args and request.args['do'] == 'captcha_img':
if 'pw_captcha' not in session:
abort(503)
else:
response = make_response(session['pw_captcha'].image())
response.headers.add('Content-Type', 'image/png')
return response
phase = int(request.args['phase']) if 'phase' in request.args else 1
if phase == 1:
session.wipe(exception_keys=['_flashes'])
session['confirmation_form_type'] = 'lost_password'
request.response.data = render_template_string(request.templates['lost_password1'], templates=request.template_objects)
elif phase == 2 and 'confirmation_email_address' in session:
session['security_qa'] = security_qa = request.kenan.GetUserSecurityQuestion(session['confirmation_email_address'])
if security_qa == False:
self.log.info('Lost password for %s kenan security question query failed', session['confirmation_email_address'])
session.destroy()
flash(self.model.spiel('system_timeout', code='17ba0'), 'error')
return redirect(url_for('lost_password_form'))
request.response.data = render_template_string(request.templates['lost_password2'], security_qa=security_qa, templates=request.template_objects)
elif phase == 3 and 'confirmation_answer_ok' in session:
if 'pw_captcha' not in session:
session['pw_captcha'] = captcha(request.gateway_session_id)
self.log.info('Captcha Validation: %s', session['pw_captcha']._generate_words())
request.response.data = render_template_string(request.templates['lost_password3'], templates=request.template_objects)
else:
return redirect('/lost_password?phase=1')
return request.response
def logout():
"""
Unified logout endpoint for all authentication types.
GET Args:
timeout (bool): If True, logout is being called due to a session timeout.
forced_logout (bool): If True, logout is being called due to a duplicate session.
Returns:
HTTP Response (werkzeug.wrappers.Response): Redirect to the appropriate logout endpoint.
"""
timeout = request.args.get("timeout", False)
forced_logout = request.args.get("forced_logout", False)
if current_app.config["USE_LDAP"]:
return redirect(
url_for("auth.ldap_logout", timeout=timeout, forced_logout=forced_logout)
)
elif current_app.config["USE_SAML"]:
return redirect(
url_for(
"auth.saml", slo="true", timeout=timeout, forced_logout=forced_logout
)
)
elif current_app.config["USE_LOCAL_AUTH"]:
logout_user()
session.destroy()
if timeout:
flash("Your session timed out. Please login again", category="info")
return redirect(url_for("main.index"))
return abort(404)
def _do_account_logon(self, subscriber_id, password):
del(session['Password'])
# Send account-logon CoA to ISG
self.log.info('Sending logon %s:%s to WAG..', subscriber_id, password)
logon_result, logon_message, logon_attrs = request.gateway_session.logon(subscriber_id, password, request.gateway_session_id)
if not logon_result:
session.destroy()
if type(logon_message) == type(u''):
self.log.error('Login.end system_error [%s]: WAG login CoANaK: %s', subscriber_id, logon_message)
if logon_message == 'Access denied, session limit exceeded':
flash(self.model.spiel('session_control'), 'error')
else:
flash(self.model.spiel('system_timeout', code='902ba'), 'error')
else:
self.log.error('Login.end system_error [%s]: WAG session login returned CoANaK', subscriber_id)
flash(self.model.spiel('system_timeout', code='fe5db'), 'error')
return redirect(url_for('login_form'))
#!!!!!!!!!!!!!!!!!!!!!!!!!!!
# GATEWAY SESSION NOW VALID
#!!!!!!!!!!!!!!!!!!!!!!!!!!!
session['Gateway-Session'] = True
self.model.save_login_time(session['Subscriber-Id'])
self.log.info('Login.end ok [%s]', subscriber_id)
request.response.headers.add('X-Login-Successful', '1')
request.response.data = render_template_string(request.templates['welcome'], templates=request.template_objects)
return request.response
def logout(self, mesg):
session.destroy()
if mesg == "depleted":
flash(self.model.spiel('quota_depleted'), 'error')
else:
flash(self.model.spiel('logout'), 'error')
request.gateway_session.logoff(request.gateway_session_id)
return redirect(url_for('login_form'))
def logout():
if not is_logged_in():
return redirect(url_for('login'))
else:
session.destroy()
sess_ext.cleanup_sessions()
return render_template('logout.html')
def expire_session(app, user):
logger.debug("Cleanup sessions")
session.destroy()
KVSessionExtension(app=app).cleanup_sessions(app)
user_ip = request.headers.get('X-Forwarded-For', request.remote_addr)
user_logout_at = datetime.datetime.now()
audit_logger.info(f"User [{user.username}] logged out from IP [{user_ip}] at [{user_logout_at}]")
def logout():
logout_user()
session.destroy()
print(session)
resp = make_response(redirect(url_for('home_page')))
if resp.headers['Location'] == '/':
return resp
else:
abort(404)
def logout_from_all():
"""
Log out from all services
"""
# Delete all session data and the session cookie
session.clear()
session.destroy()
response = app.make_response(json.dumps({"logged_out": True}))
response.delete_cookie(app.session_cookie_name)
return response
def signout():
print session
deleteSessionDirectory(session['session_dir'])
try:
session.destroy()
except:
print 'session.destroy failed'
print session
return redirect(url_for('agreement'))
def destroy_immediately():
# from issue
# 1. Set a session.
# works implicitly
# 2. Update session with keys.
session['foo'] = 'bar'
# 3. Destroy.
session.destroy()
# 4. Check if destroy worked.
# ????
# 5. PROFIT
return 'PROFIT'
def current():
searchForm = SearchForm()
if current_user.is_authenticated:
form = ChangePasswordForm()
if form.validate_on_submit():
if request.content_type != r'application/x-www-form-urlencoded':
log.logger.error('Incorrect request content format at /current route')
abort(404)
if utils.banned_characters(form.currentPassword.data):
log.logger.critical('Malicious character detected in support route. An attempt to inject is possible')
abort(404)
user = Models.Customer.query.filter_by(username=current_user.username).first()
saved_hash= user.password_hash
password_hashed = utils.generate_hash(form.currentPassword.data,user.password_salt)
if saved_hash == password_hashed:
if utils.banned_characters(form.confirm.data.upper(),matches='({0})'.format(str(escape(current_user.username.upper())))):
flash('Password should not contain anything related to your username. Please try again!')
resp = make_response(redirect(url_for('current_password')))
if resp.headers['Location'] == '/current':
return resp
elif utils.read_common_password(form.confirm.data) or utils.banned_characters(form.confirm.data.upper(),matches='(PASSWORD)') or utils.banned_characters(form.confirm.data.upper(), matches='(PASSWORD)') or utils.banned_characters(form.confirm.data.upper(), matches='(ADMIN)'):
flash('This password is either too common and subsceptiple to hackers or password contain words like \"username\" or \"password\" or \"admin\"')
resp = make_response(redirect(url_for('current_password')))
if resp.headers['Location'] == '/current_password':
return resp
else:
try:
user = Models.Customer.query.filter_by(username=current_user.username).first()
new_salt = utils.generate_salt()
new_hash = utils.generate_hash(form.confirm.data,new_salt)
user.password_salt = new_salt
user.password_hash = new_hash
Models.database.session.commit()
logout_user()
session.destroy()
flash('Password has changed,please try to login with new credential')
resp = make_response(redirect(url_for('login')))
if resp.headers['Location'] == '/login':
return resp
except:
Models.database.session.rollback()
else:
flash('Invalid current password')
resp = make_response(redirect(url_for('current_password')))
if resp.headers['Location'] == '/current':
return resp
else:
abort(404)
def destroy_immediately():
# from issue
# 1. Set a session.
# works implicitly
# 2. Update session with keys.
session['foo'] = 'bar'
# 3. Destroy.
session.destroy()
# 4. Check if destroy worked.
# ????
# 5. PROFIT
return 'PROFIT'
def login_submit(self):
# Send account-logon CoA to ISG
self.log.info('Sending logon %s:%s to WAG..', subscriber_id, password)
logon = request.gateway_session.logon(subscriber_id, password, request.gateway_session_id)
if not logon[0]:
self.log.debug('WAG account_logon CoA-NaK')
session.destroy()
flash('Service not available. Try again later.', 'error')
return redirect(url_for('login_form'))
session['Gateway-Session'] = True
self.model.save_login_time(session['Subscriber-Id'])
request.response.data = render_template_string(request.templates['welcome'], templates=request.template_objects)
return request.response
def password_forgotten():
if session.ok:
session.destroy()
email = request.form["email"].lower()
try:
users.reset_password_begin(email)
except users.ShouldUseRaven:
return render_template("login/password-forgotten.html",
should_use_raven=True, email=email)
except users.EmailNotFound:
return render_template("login/password-forgotten.html",
bad_email=True, email=email)
except users.UserDisabled:
return user_disabled_response()
else:
return render_template("login/password-forgotten-success.html",
email=email)
def logout():
"""Logout user
---
tags:
- auth
security:
- basicAuth: []
responses:
200:
description: Message
type: object
properties:
message:
type: string
"""
if current_app.config['REDIS_SESSIONS']:
session.destroy()
logout_user()
return jsonify(message='The user was logged out successfully'), 200
def email_reset(user_id, secret):
if session.ok:
session.destroy()
# technically we could race between checking and resetting, allowing
# a user to reset their password twice, but that achieves nothing
try:
user = users.reset_password_check(user_id, secret)
except users.BadSecret:
logger.warning("bad email_reset link (user %s)", user_id)
return render_template("login/email-reset.html", invalid=True)
if request.method == "GET":
return render_template("login/email-reset.html", ready=True,
user_id=user_id, secret=secret,
email=user["email"])
else:
password = request.form["password"]
password_again = request.form["password_again"]
errors = {}
if len(password) < 8:
errors["password_short"] = True
elif password != password_again:
errors["password_again_bad"] = True
if errors:
return render_template("login/email-reset.html",
user_id=user_id, secret=secret,
email=user["email"],
change_failed=True, **errors)
else:
users.reset_password(user_id, password)
if not user["email_confirmed"]:
# user arrived here via a link in an email, and is logged in
users.email_confirm(user_id)
session.create(user)
return render_template("login/email-reset.html",
success=True, next=login_next())
def oauth_logout():
timed_out = eval_request_bool(request.args.get('timeout'))
forced_logout = eval_request_bool(request.args.get('forced_logout'))
if forced_logout:
user_session = redis_get_user_session(current_user.session_id)
if user_session is not None:
user_session.destroy()
if timed_out:
flash("Your session timed out. Please login again", category='info')
if 'token' in session:
revoke_and_remove_access_token()
if current_user.is_anonymous:
return redirect(url_for("main.index"))
update_object({'session_id': None}, Users, (current_user.guid, current_user.auth_user_type))
logout_user()
session.destroy()
if forced_logout:
return redirect(url_for("auth.login"))
return redirect(url_for("main.index"))
def password_signup():
if session.ok:
session.destroy()
email = request.form["email"].lower()
email_again = request.form["email_again"].lower()
password = request.form["password"]
password_again = request.form["password_again"]
errors = {}
if email.endswith("@cam.ac.uk"):
email_again = ""
errors["should_use_raven"] = True
elif not email_regex.match(email):
email_again = ""
errors["email_invalid"] = True
elif email != email_again:
email_again = ""
errors["email_again_bad"] = True
if len(password) < 8:
errors["password_short"] = True
elif password != password_again:
errors["password_again_bad"] = True
if not errors:
with utils.with_savepoint("email_unique") as rollback:
try:
# the link advertises password signup as for alumni
user = users.new_password_user(email, password, 'alumnus')
except users.EmailAlreadyExists:
rollback()
errors["email_already_exists"] = True
except users.ShouldUseRaven:
errors["should_use_raven"] = True
if errors:
return render_template("login/password-signup.html",
email=email, email_again=email_again, **errors)
else:
session.create(user)
return redirect(login_next())
def check_csrf_token():
if request.method in ('POST', 'PATCH', 'PUT', 'DELETE'):
old_csrf_valid = is_csrf_token_valid()
new_csrf_valid = check_valid_csrf()
if not (old_csrf_valid or new_csrf_valid):
current_app.logger.info(
'csrf.invalid_token: Aborting request, user_id: {user_id}',
extra={'user_id': session.get('user_id', '<unknown')})
if current_app.config.get('REDIS_SESSIONS'):
session.destroy()
rollbar.report_message(
'csrf.invalid_token: Aborting request check_csrf_token()',
'error', request)
abort(
400,
'Your session has timed out, please delete your cookies and restart your browser.'
'<br> If you continue to experience this issue, '
'please <a href="https://marketplace1.zendesk.com/hc/en-gb/requests/new">contact us</a>'
)
def saml_sls(saml_sp, user_guid):
"""Process a SAML LogoutResponse from the IdP
Args:
saml_sp (OneLogin_Saml2_Auth): SAML SP Instance
user_guid (str): Unique identifier for user being logged out.
Returns:
Response Object: Redirect the user to the Home Page.
"""
dscb = session.destroy()
url = saml_sp.process_slo(delete_session_cb=dscb)
errors = saml_sp.get_errors()
logout_user()
if not errors:
create_auth_event(
auth_event_type=event_type.USER_LOGGED_OUT,
user_guid=user_guid,
new_value={
'success': True,
'type': current_app.config['AUTH_TYPE']
}
)
return redirect(url) if url else redirect(url_for('main.index'))
else:
error_message = "Errors on SAML Logout:\n{errors}".format(errors='\n'.join(errors))
current_app.logger.exception(error_message)
create_auth_event(
auth_event_type=event_type.USER_FAILED_LOG_OUT,
user_guid=user_guid,
new_value={
'success': False,
'type': current_app.config['AUTH_TYPE'],
'errors': error_message
}
)
flash("Sorry! An unexpected error has occurred. Please try again later.", category='danger')
return redirect(url_for('main.index'))
def login_submit(self):
if 'sq' in request.args and 'force_update_sq' in session:
if 'sq_question' not in request.form or 'sq_answer' not in request.form:
return abort(403)
user = self.model.get_user_info_from_session()
if not user:
return abort(403)
update_sq = request.kenan.UpdateUserSecurityQuestion(user['user_id'], request.form['sq_question'], request.form['sq_answer'])
if type(update_sq) != type(u''):
self.log.error('Security question update failed. Connection timed out.')
flash(self.model.spiel('system_timeout', code='f1abd'), 'error')
return redirect('/pldt/auth?sq')
update_sq = int(update_sq)
if update_sq == 0:
self.log.info('Security question update successful!')
del(session['force_update_sq'])
return self._do_account_logon(session['Subscriber-Id'], session['Password'])
else:
self.log.error('Security question update failed. Error code %s returned.', update_sq)
flash(self.model.spiel('system_timeout', code='1574b'), 'error')
return redirect('/pldt/auth?sq')
# normal login starts here
#username = str(request.form['principal']) if 'principal' in request.form else None
#password = str(request.form['credential']) if 'credential' in request.form else None
username = request.form.get('principal', None)
password = request.form.get('credential', None)
#domain = request.form.get('domain', None)
#print request.args, request.form, request.headers
if username == None or password == None: #or paytype == None:
self.log.info('Missing login information (%s|%s)', username, password)
return redirect(url_for('login_form'))
paytype = 'postpaid'
if username.find('@') == -1:
username = username.upper()
password = password.upper()
paytype = 'prepaid'
domain = self.config['prepaid_domain']
if paytype == 'postpaid':
username = username.lower()
orig_username = username
username = username.replace('@', ':')
domain = self.config['postpaid_domain']
if username == "" or password == "":
flash(self.model.spiel('login_invalid_input'), 'error')
return redirect(url_for('login_form'))
subscriber_id = '%s@%s' % (username, domain)
self.log.info('Login.start [%s]: password is ***', subscriber_id)
#
# Voucher System
if paytype == 'prepaid':
user = self.model.vms_get_user(username, password)
if user == False:
self.log.info('Login.end user_error [%s]: User does not exist/incorrect password', subscriber_id)
flash(self.model.spiel('invalid_account'), 'error')
return redirect(url_for('login_form'))
# Check if initial login
if 'activated_datetime' not in user:
batch = self.model.vms_get_batch(user['batch_id'])
if batch == None:
self.log.info('Login.end system_error [%s]: Batch does not exist', subscriber_id)
flash(self.model.spiel('system_timeout', code='bc33e'), 'error')
return redirect(url_for('login_form'))
package = self.model.vms_get_package(batch['package'])
if package == None:
self.log.info('Login.end system_error [%s]: Package does not exist', subscriber_id)
flash(self.model.spiel('system_timeout', code='0a57c'), 'error')
return redirect(url_for('login_form'))
# Provisioning Stages
for case in switch(user['stage']):
#~ STAGE 1. ADDUSER
if case(1):
self.log.info('Creating SDB user %s', subscriber_id)
adduser = request.sdb.vmsAddUser(user['username'], user['username'], user['hash_password'], batch['domain'], batch['organization_qualified_name'], package['user_profile_set'], user['expiry'] if 'expiry' in user else batch['expiry'])
print 'addUser', adduser
try:
if 'target' in adduser and 'error' in adduser['target']:
print 'ADDUSER ERROR', adduser
self.log.info('Login.end system_error [%s]: Unable to provision initial login', subscriber_id)
flash(self.model.spiel('system_timeout', code='7719a'), 'error')
return redirect(url_for('login_form'))
except Exception, err:
print 'exception error on adduser', err
self.log.info('Login.end system_error [%s]: Unable to provision initial login (exception)', subscriber_id)
flash(self.model.spiel('system_timeout', code='22d20'), 'error')
return redirect(url_for('login_form'))
self.model.vms_db.batch_users.update({'_id': ObjectId(user['_id'])}, {'$set': {'stage': 2}})
#~ STAGE 2. ADD SESSION RIGHT
if case(2):
self.log.info('Adding prepaid session right %s to %s', package, subscriber_id)
if package['usage_type'] == 'time':
addsessionright = request.bpc.AddTimeSessionRight(subscriber_id=subscriber_id, validity=package['credit_validity'], time=package['cap'], data='Time_PLDT_WiFi_Prepaid')
elif package['usage_type'] == 'volume-aggregate':
addsessionright = request.bpc.AddVolumeSessionRight(subscriber_id=subscriber_id, validity=package['credit_validity'], volume=package['cap'], data='Volume_PLDT_WiFi_Prepaid')
elif package['usage_type'] == 'volume-downlink':
addsessionright = request.bpc.AddVolumeSessionRight(subscriber_id=subscriber_id, validity=package['credit_validity'], volume=package['cap'], data='Volume_PLDT_WiFi_Prepaid', direction='downlink')
elif package['usage_type'] == 'volume-uplink':
addsessionright = request.bpc.AddVolumeSessionRight(subscriber_id=subscriber_id, validity=package['credit_validity'], volume=package['cap'], data='Volume_PLDT_WiFi_Prepaid', direction='uplink')
if type(addsessionright) == type({}) and 'success' in addsessionright:
self.log.info('Prepaid SR id %s successfully added to %s', addsessionright['success']['session-right']['id'], subscriber_id)
else:
self.log.info('Failed Adding SR %s to %s', package, subscriber_id)
session.destroy()
flash(self.model.spiel('system_timeout', code='c1dfd'), 'error')
return redirect(url_for('login_form'))
self.model.vms_db.batch_users.update({'_id': ObjectId(user['_id'])}, {'$set': {'status': 3, 'remarks': 'None', 'stage': 3}})
self.model.vms_tag_activated(username)
password = user['hash_password']
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
if paytype == 'prepaid':
if 'prepaid_last_login_attempt' in session:
prepaid_last_login_attempt_elapsed = time.time() - session['prepaid_last_login_attempt']
print 'ELAPSES', prepaid_last_login_attempt_elapsed
waitfor = 10
if prepaid_last_login_attempt_elapsed < waitfor:
#time.sleep(waitfor - prepaid_last_login_attempt_elapsed)
return 'Login too fast!'
session['prepaid_last_login_attempt'] = time.time()
# Iterate over the session rights
if not request.bpc.process_session_rights(session, ignore_base=True):
session.destroy()
self.log.error('Login.end system_error [%s]: BPC session rights processing returned False', subscriber_id)
flash(self.model.spiel('system_timeout', code='1b645'), 'error')
return redirect(url_for('login_form'))
# Intercept blank session rights
if session['rights'] == {}:
self.log.info('Login.end user_error [%s]: Session rights empty', subscriber_id)
session.destroy()
flash(self.model.spiel('quota_depleted'), 'error')
return redirect(url_for('login_form'))
self.model.vms_tag_last_accessed(username)
elif paytype == 'postpaid':
# Validate Kenan
def logout():
if signed_in() or app.debug:
session.destroy()
return redirect('/')
def delete_session():
session.destroy()
return 'ok'
def ldap_logout(timed_out=False, forced_logout=False):
logout_user()
session.destroy()
if timed_out:
flash("Your session timed out. Please login again", category='info')
return redirect(url_for('main.index'))
def del_session():
print 'before destroy session'
session.destroy()
print 'after destroy session'
return 'session deleted from db.'
def logout():
if session.ok:
utils.check_csrf()
session.destroy()
return redirect(url_for("info.index"))
def new_game():
session.destroy()
init_adventure()
return redirect(url_for('player'))
def logout():
# Delete the session
logout_user()
session.destroy()
return jsonify(msg="Logged out successfully", status=200, redirect=url_for('login'))
def logout():
session.destroy()
return redirect(url_for('index'))
def login_submit(self):
#username = hashlib.md5(request.gateway_session_id).hexdigest()[:16]
username = str(request.form['msisdn']) if 'msisdn' in request.form else None
password = '******'
domain = 'freewifi.smart.com.ph'
if username == None:
return redirect(url_for('login_form'))
# Check MSISDN input
msisdn_valid, username, msisdn_error_message = self.model.check_msisdn(username)
subscriber_id = '%s@%s' % (username, domain)
self.log.info('Login.start [%s]: password is ***', subscriber_id)
if not msisdn_valid:
self.log.info('Login.end user_error [%s]: Invalid MSISDN: %s', subscriber_id, msisdn_error_message)
flash(self.model.spiels['non_smart_msisdn'])
return redirect(url_for('login_form'))
msisdn_logged = self.model.subscribers_7107.find_one({'_id':username})
if msisdn_logged is None:
if 'email' in request.form and 'age_range' in request.form:
email = request.form.get('email')
age_range = request.form.get('age_range')
gender = request.form.get('gender')
if email is None or age_range is None or gender is None:
flash('Incomplete parameters')
self.log.info('Login.end user_error [%s]: Incomplete parameters', subscriber_id)
return redirect(url_for('login_form') + '?q=1')
if 'q' not in session:
session['q'] = {'msisdn': username}
session['q']['email'] = email
session['q']['age_range'] = age_range
session['q']['gender'] = gender
if not self.model.valid_email_re.match(email):
flash('Invalid email address')
self.log.info('Login.end user_error [%s]: Invalid Email: %s', subscriber_id, email)
return redirect(url_for('login_form') + '?q=1')
if age_range == 'null':
flash('Please select age range')
self.log.info('Login.end user_error [%s]: No age range selection', subscriber_id)
return redirect(url_for('login_form') + '?q=1')
if gender == 'null':
flash('Please select gender')
self.log.info('Login.end user_error [%s]: No gender selection', subscriber_id)
return redirect(url_for('login_form') + '?q=1')
print 'STORE:', self.model.subscribers_7107.insert({'_id':username, 'email':email, 'age_range':age_range, 'gender':gender, 'timestamp':datetime.datetime.now()})
self.log.info('Login.info [%s] Email[%s] AgeRange[%s] Gender[%s]', username, email, age_range, gender)
else:
self.log.info('First login attempt by %s, redirecting to form', username)
session['q'] = {'msisdn': username}
return redirect(url_for('login_form') + '?q=1')
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Portal Session is now Valid
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
session['Subscriber-Id'] = subscriber_id
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Portal Session is now Valid
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Send account-logon CoA to ISG
self.log.info('Sending logon %s:%s to WAG..', subscriber_id, password)
logon = request.gateway_session.logon(subscriber_id, password, request.gateway_session_id)
if not logon[0]:
self.log.error('Login.end system_error [%s]: WAG session login returned CoA-NaK', subscriber_id)
session.destroy()
if logon[1]:
flash(logon[1], 'error')
else:
flash('coanak', 'error')
return redirect(url_for('login_form'))
session['Gateway-Session'] = True
self.model.save_login_time(session['Subscriber-Id'])
self.log.info('Login.end ok [%s]', subscriber_id)
self.model.sessions_7107.insert({'msisdn':username, 'user_agent':request.user_agent, 'ip_address':request.environ['REMOTE_ADDR']})
request.response.data = render_template_string(request.templates['welcome'], templates=request.template_objects)
return request.response
def raven_response():
if session.ok:
session.destroy()
try:
r = raven.Response(request.args["WLS-Response"])
except ValueError as e:
logger.warning("Invalid raven response: %s", e)
abort(400)
if r.url != url_for(".raven_response", _external=True):
logger.warning("Invalid raven response: bad url")
abort(400)
issue_delta = (datetime.utcnow() - r.issue).total_seconds()
if not -5 < issue_delta < 15:
logger.warning("Invalid raven response: bad issue")
return redirect(url_for(".raven_error", reason="error"))
if not r.success:
if r.status == ucam_webauth.STATUS_CANCELLED:
return redirect(url_for(".raven_error", reason="cancelled"))
else:
return redirect(url_for(".raven_error", reason="error"))
if "current" not in r.ptags:
return redirect(url_for(".raven_error", reason="alumni"))
user = users.get_raven_user(r.principal)
if user is None:
# end the transaction: it's safe to do so, and the lookup
# operation is slow
postgres.commit()
try:
lookup_data = lookup.get_crsid(r.principal)
except lookup.LookupFailed:
# lookup logs its own errors
lookup_data = {}
# This could happen, I guess...
if lookup_data.get("person_type") == "alumnus":
logger.warning("%s has current ptag but lookup yielded "
"person_type=alumnus", r.principal)
return redirect(url_for(".raven_error", reason="alumni"))
# ensure that the .rollback() in except: doesn't destroy anything
# (if we couldn't end the transaction above we could use savepoints)
assert postgres.connection.get_transaction_status() == \
psycopg2.extensions.TRANSACTION_STATUS_IDLE
try:
user = users.new_raven_user(r.principal, r.ptags, lookup_data)
except users.CRSIDAlreadyExists:
logger.warning("Raced with another request to create Raven user "
"for crsid %s", r.principal)
postgres.connection.rollback()
user = users.get_raven_user(r.principal)
assert user is not None
# for a disabled password user, we reject it during authentication
# (in users.password_login). For Raven, we'll have to do it here.
if not user["enable_login"]:
return redirect(url_for(".raven_error", reason="disabled"))
logger.info("logging in user %s (via Raven %s)",
user["user_id"], r.principal)
session.create(user)
return redirect(login_next())
def logout():
session.destroy()
def expire_session(app, user):
logger.debug("Cleanup sessions")
session.destroy()
KVSessionExtension(app=app).cleanup_sessions(app)
def destroy():
session.destroy()
return "session destroyed"
def del_session():
print 'before destroy session'
session.destroy()
print 'after destroy session'
return 'session deleted from db.'
def lost_password_submit(self):
formtype = 'lost_password'
phase = int(request.form['phase']) if 'phase' in request.form else 1
self.log.info('Lost password submit phase %s', phase)
print session
if len(session) == 0:
self.log.debug('Session is empty. Ejecting.')
return redirect(url_for('login_form'))
# Phase 1: Email Address Entry
if phase == 1:
if 'confirmation_activation_ok' in session:
del(session['confirmation_activation_ok'])
# Valid Email check
email_address = str(request.form['user_id']) if 'user_id' in request.form else ''
if email_address == '':
self.log.info('Invalid User Id (email) %s', email_address)
session.destroy()
flash(self.model.spiel('invalid_email_address'), 'error')
return redirect(url_for('lost_password_form'))
if not self.model.check_email_address(email_address):
self.log.info('Invalid User Id (email) %s', email_address)
session.destroy()
flash(self.model.spiel('invalid_email_address'), 'error')
return redirect(url_for('lost_password_form'))
getuser = request.sdb.getUser(email_address.replace('@', ':'), self.config['postpaid_domain'])
if getuser == False:
self.log.error('SDB.getUser returned False')
flash(self.model.spiel('system_timeout', code='7b520'), 'error')
return redirect(url_for('login_form'))
# User does not exist
if 'error' in getuser['target']:
self.log.info('Lost Password: account %s does not exist.', email_address)
session.destroy()
flash(self.model.spiel('invalid_account'), 'error')
return redirect(url_for('lost_password_form'))
# User Exists
else:
session['confirmation_email_address'] = email_address
if request.entrypoint_redirected:
return redirect(network_path_url_for('%s_form' % (formtype)) + '?phase=2')
else:
return redirect(url_for('lost_password_form') + '?phase=2')
# Phase 2: Security Answer Entry
elif phase == 2 and 'security_qa' in session:
submitted_security_answer = request.form['security_answer'] if 'security_answer' in request.form else ''
self.log.debug('Compare [%s]=[%s]', submitted_security_answer, session['security_qa']['answer'])
if submitted_security_answer.lower() == session['security_qa']['answer'].lower():
self.log.debug('Answer to the security question correct.')
session['confirmation_answer_ok'] = True
return redirect(url_for('lost_password_form') + '?phase=3')
else:
self.log.debug('Answer to the security question incorrect.')
flash(self.model.spiel('incorrect_security_answer'), 'error')
return redirect(url_for('lost_password_form') + '?phase=2')
# Phase 3: Password entry
elif phase == 3 and 'confirmation_answer_ok' in session:
if 'password1' not in request.form or 'password2' not in request.form:
self.log.debug('Password1 and Password2 is not present on the submitted data.')
return redirect(url_for('lost_password_form') + '?phase=3')
if request.form['password1'] != request.form['password2']:
self.log.debug('Password confirmation does not match.')
flash(self.model.spiel('password_match_error'), 'error')
return redirect(url_for('lost_password_form') + '?phase=3')
submitted_password = request.form['password1']
# No password validation yet
#if not self.model.validate_password(submitted_password):
# self.log.debug('Invalid Password')
# flash(self.model.spiel('invalid_password'), 'error')
# return redirect(url_for('lost_password_form') + '?phase=3')
if 'captcha' in request.form and 'pw_captcha' in session:
self.log.info('CAPTCHA entered: %s expected: %s', request.form['captcha'], session['pw_captcha']._generate_words())
if session['pw_captcha'].verify(request.form['captcha']):
self.log.info('CAPTCH MATCH')
del(session['pw_captcha'])
else:
self.log.debug('Password confirmation does not match.')
flash(self.model.spiel('incorrect_captcha'), 'error')
return redirect(url_for('lost_password_form') + '?phase=3')
# Hash the password
submitted_password = utils.password_hash(submitted_password)
# Send updateUser API call to BWS SDB
change_password = request.sdb.changePassword(session['confirmation_email_address'].replace('@', ':'), submitted_password)
try:
if 'target' in change_password and 'error' in change_password['target']:
self.log.info('UpdateUser Error: %s %s', change_password['target']['error']['code'], change_password['target']['error']['message'])
change_password = False
except Exception, err:
if change_password == False:
self.log.info('UpdateUser connection timed out.')
else:
self.log.info('UpdateUser Exception: %s', err)
change_password = False
if change_password == False:
flash(self.model.spiel('system_timeout', code='fa35e'), 'error')
return redirect(url_for('lost_password_form') + '?phase=3')
# Send an email API to PLDT
# are we going to show a spiel if this fails?
send_email = request.kenan.ResetPassword(session['confirmation_email_address'])
if send_email == False:
pass
else:
send_email = int(send_email)
if send_email <= -1:
#error
pass
elif send_email >= 1:
#error
pass
#ok
print send_email, type(send_email)
session.wipe(exception_keys=['_flashes'])
flash('successful change password spiel', 'info')
return redirect('/')
def logout():
session.destroy()
return redirect(url_for('index'))
def logout():
session.destroy()
def logout():
session.destroy()
return redirect('/')
def destroy():
session.destroy()
return 'session destroyed'
def confirmation_submit(self, formtype):
phase = int(request.form['phase']) if 'phase' in request.form else 1
self.log.info('Confirmation submit phase %s type %s', phase, formtype)
print session
if len(session) == 0:
self.log.debug('Session is empty. Ejecting.')
return redirect(url_for('login_form'))
# Phase 1: Mobile Number Entry
if phase == 1:
if 'confirmation_activation_ok' in session:
del(session['confirmation_activation_ok'])
# if 'confirmation_activation_code' in session:
# del(session['confirmation_activation_code'])
# if 'confirmation_mobile_number' in session:
# del(session['confirmation_mobile_number'])
# Valid MSISDN Check
domain = self.config['domain']
msisdn_valid, mobile_number, msisdn_error_message = self.model.check_msisdn(request.form['mobile_number'])
if not msisdn_valid:
self.log.info('Invalid MSISDN %s: %s', request.form['mobile_number'], msisdn_error_message)
session.destroy()
flash(msisdn_error_message)
return redirect(url_for('%s_form' % (formtype)))
getuser = request.sdb.getUser(mobile_number, domain)
if getuser == False:
self.log.error('SDB.getUser returned False')
flash(self.model.spiel('system_timeout', code='7b520'), 'error')
return redirect(url_for('login_form'))
previous_confirmation = self.model.get_confirmation(mobile_number, formtype)
if previous_confirmation:
session['confirmation_mobile_number'] = mobile_number
if request.entrypoint_redirected:
return redirect(network_path_url_for('%s_form' % (formtype)) + '?phase=2')
else:
return redirect(url_for('%s_form' % (formtype)) + '?phase=2')
# User does not exist
if 'error' in getuser['target']:
if formtype == 'register':
if getuser['target']['error']['code'] == 'USR-00001':
# send confirmation
pass
else:
self.log.error('Get user_error Code %s' % (getuser['target']['error']['code']))
return redirect(url_for('login_form'))
elif formtype == 'lost_password':
self.log.info('Lost Password: account %s does not exist.', mobile_number)
session.destroy()
flash(self.model.spiel('invalid_account'), 'error')
return redirect(url_for('%s_form' % (formtype)))
# User Exists
else:
if formtype == 'register':
try:
aaa_user_status = getuser['target']['result']['user']['status']['value']
except Exception as ex:
self.log.error('Register error: %s@%s Getuser parsing: %s', username, domain, getuser)
flash(self.model.spiel('system_timeout', code='472b0'), 'error')
return redirect(url_for('%s_form' % (formtype)))
if aaa_user_status == 'active':
session.destroy()
self.log.info('Register: account %s already exists.', mobile_number)
flash(self.model.spiel('account_exists'), 'error')
return redirect(url_for('login_form'))
else:
# send confirmation
pass
elif formtype == 'lost_password':
# CHECK sps_requests for existing entry
if self.model.sps_requests.find_one({'msisdn': mobile_number, 'sms_sent': False, 'type': 'CHPWD'}, sort=([('request_datetime', pymongo.DESCENDING)])) != None:
session.destroy()
flash(self.model.spiel('change_password_pending_request'))
return redirect(url_for('%s_form' % (formtype)))
session['confirmation_mobile_number'] = mobile_number
if not self.send_activation_code(mobile_number, formtype):
self.log.error('smsc.send returned False')
flash(self.model.spiel('system_timeout', code='9e6a5'), 'error')
return redirect(url_for('login_form'))
if request.entrypoint_redirected:
return redirect(network_path_url_for('%s_form' % (formtype)) + '?phase=2')
else:
return redirect(url_for('%s_form' % (formtype)) + '?phase=2')
# !!!
# send confirmation
# CHECK sps_requests for existing entry
if self.model.sps_requests.find_one({'msisdn': mobile_number, 'sms_sent': False, 'type': 'NWCON'}, sort=([('request_datetime', pymongo.DESCENDING)])) != None:
self.log.info('registration pending for %s', mobile_number)
session.destroy()
flash(self.model.spiel('registration_pending_request'))
return redirect(url_for('%s_form' % (formtype)))
session['confirmation_mobile_number'] = mobile_number
if not self.send_activation_code(mobile_number, formtype):
self.log.error('smsc.send returned False')
flash(self.model.spiel('system_timeout', code='9e6a5'), 'error')
return redirect(url_for('login_form'))
if request.entrypoint_redirected:
return redirect(network_path_url_for('%s_form' % (formtype)) + '?phase=2')
else:
return redirect(url_for('%s_form' % (formtype)) + '?phase=2')
# Phase 2: Activation Code Entry
elif phase == 2 and 'confirmation_mobile_number' in session:
submitted_activation_code = request.form['activation_code'] if 'activation_code' in request.form else ''
current_confirmation = self.model.get_confirmation(session['confirmation_mobile_number'], formtype)
if not current_confirmation:
return redirect(url_for('%s_form' % (formtype)) + '?phase=1')
current_activation_code = current_confirmation['code']
self.log.debug('Compare [%s]=[%s]', submitted_activation_code, current_activation_code)
if submitted_activation_code == current_activation_code:
self.log.debug('Confirmation code ok.')
session['confirmation_activation_ok'] = True
session['confirmation_id'] = current_confirmation['_id']
return redirect(url_for('%s_form' % (formtype)) + '?phase=3')
else:
self.log.debug('Confirmation code incorrect.')
flash(self.model.spiel('incorrect_activation_code'), 'error')
return redirect(url_for('%s_form' % (formtype)) + '?phase=2')
# Phase 3: Password entry
elif phase == 3 and 'confirmation_activation_ok' in session:
if 'password1' not in request.form or 'password2' not in request.form:
self.log.debug('Password1 and Password2 is not present on the submitted data.')
return redirect(url_for('%s_form' % (formtype)) + '?phase=3')
if request.form['password1'] != request.form['password2']:
self.log.debug('Password confirmation does not match.')
flash(self.model.spiel('password_match_error'), 'error')
return redirect(url_for('%s_form' % (formtype)) + '?phase=3')
submitted_password = request.form['password1']
if not self.model.validate_password(submitted_password):
self.log.debug('Invalid Password')
flash(self.model.spiel('invalid_password'), 'error')
return redirect(url_for('%s_form' % (formtype)) + '?phase=3')
# Hash the password
submitted_password = utils.password_hash(submitted_password)
## Check if the user exists
mobile_number = session['confirmation_mobile_number']
domain = self.config['domain']
getuser = request.sdb.getUser(mobile_number, domain)
if getuser == False:
self.log.error('SDB.getUser returned False')
flash(self.model.spiel('system_timeout', code='91032'), 'error')
return redirect(url_for('login_form'))
# User doesnt exist
if 'error' in getuser['target']:
if getuser['target']['error']['code'] == 'USR-00001':
if formtype == 'register':
pass # Go SPS
elif formtype == 'lost_password':
self.log.error('Lost Password: SDB Account does not exist.')
flash(self.model.spiel('invalid_account'), 'error')
return redirect(url_for('login_form'))
else:
self.log.error('SDB Error: %s', getuser['target']['error']['code'])
return redirect(url_for('login_form'))
# User exists
else:
if formtype == 'register':
try:
aaa_user_status = getuser['target']['result']['user']['status']['value']
except Exception as ex:
self.log.error('Register error: %s@%s Getuser parsing: %s', username, domain, getuser)
flash(self.model.spiel('system_timeout', code='472b0'), 'error')
return redirect(url_for('%s_form' % (formtype)))
if aaa_user_status == 'active':
self.log.error('Register: SDB Account exists.')
flash(self.model.spiel('account_exists'), 'error')
return redirect(url_for('login_form'))
#else Go SPS!
elif formtype == 'lost_password':
subscriber_id = '%s@%s' % (mobile_number, domain)
self.log.info('Lost Password: sending to SPS %s:%s now.', subscriber_id, submitted_password)
if request.sps.changePassword(mobile_number, submitted_password, self.model, subtype='LOST'):
message = self.model.spiel('change_password_sps_request_sent')
self.model.tag_confirmation(session['confirmation_id'])
else:
self.log.error('SPS.changePassword returned False')
message = self.model.spiel('system_timeout', code='12c6f')
flash(message)
return redirect(url_for('login_form'))
# !!!
# Registration SPS
subscriber_id = '%s@%s' % (mobile_number, domain)
self.log.info('Register: sending to SPS %s:%s now.', subscriber_id, submitted_password)
if request.sps.createAccount(mobile_number, submitted_password, self.model):
message = self.model.spiel('registration_sps_request_sent')
self.model.tag_confirmation(session['confirmation_id'])
else:
self.log.error('SPS.createAccount returned False')
message = self.model.spiel('system_timeout', code='d435a')
flash(message)
return redirect(url_for('login_form'))
else:
return redirect(url_for('%s_form' % (formtype)) + '?phase=1')
