def manage_user(access_token, user_data, next_url):
"""Manage the user after signin"""
user = user_repo.get_by(facebook_user_id=user_data['id'])
if user is None:
facebook_token = dict(oauth_token=access_token)
info = dict(facebook_token=facebook_token)
user = user_repo.get_by_name(user_data['username'])
# NOTE: Sometimes users at Facebook validate their accounts without
# registering an e-mail (see this http://stackoverflow.com/a/17809808)
email = None
if user_data.get('email'):
email = user_repo.get_by(email_addr=user_data['email'])
if user is None and email is None:
if not user_data.get('email'):
user_data['email'] = "None"
user = User(fullname=user_data['name'],
name=user_data['username'],
email_addr=user_data['email'],
facebook_user_id=user_data['id'],
info=info)
user_repo.save(user)
return user
else:
return None
else:
return user
def manage_user(access_token, user_data):
"""Manage the user after signin"""
# We have to store the oauth_token in the session to get the USER fields
user = user_repo.get_by(google_user_id=user_data['id'])
google_token = dict(oauth_token=access_token)
# user never signed on
if user is None:
info = dict(google_token=google_token)
name = username_from_full_name(user_data['name'])
user = user_repo.get_by_name(name)
email = user_repo.get_by(email_addr=user_data['email'])
if ((user is None) and (email is None)):
user = User(fullname=user_data['name'],
name=name,
email_addr=user_data['email'],
google_user_id=user_data['id'],
info=info)
user_repo.save(user)
if newsletter.is_initialized():
newsletter.subscribe_user(user)
return user
else:
return None
else:
user.info['google_token'] = google_token
# Update the name to fit with new paradigm to avoid UTF8 problems
if type(user.name) == unicode or ' ' in user.name:
user.name = username_from_full_name(user.name)
user_repo.save(user)
return user
def manage_user(access_token, user_data, next_url):
"""Manage the user after signin"""
# We have to store the oauth_token in the session to get the USER fields
user = user_repo.get_by(google_user_id=user_data['id'])
# user never signed on
if user is None:
google_token = dict(oauth_token=access_token)
info = dict(google_token=google_token)
name = user_data['name'].encode('ascii', 'ignore').lower().replace(" ", "")
user = user_repo.get_by_name(name)
email = user_repo.get_by(email_addr=user_data['email'])
if ((user is None) and (email is None)):
user = User(fullname=user_data['name'],
name=user_data['name'].encode('ascii', 'ignore')
.lower().replace(" ", ""),
email_addr=user_data['email'],
google_user_id=user_data['id'],
info=info)
user_repo.save(user)
return user
else:
return None
else:
# Update the name to fit with new paradigm to avoid UTF8 problems
if type(user.name) == unicode or ' ' in user.name:
user.name = user.name.encode('ascii', 'ignore').lower().replace(" ", "")
user_repo.update(user)
return user
def manage_user(access_token, user_data):
"""Manage the user after signin"""
user = user_repo.get_by(facebook_user_id=user_data['id'])
facebook_token = dict(oauth_token=access_token)
if user is None:
info = dict(facebook_token=facebook_token)
name = username_from_full_name(user_data['name'])
user_exists = user_repo.get_by_name(name) is not None
# NOTE: Sometimes users at Facebook validate their accounts without
# registering an e-mail (see this http://stackoverflow.com/a/17809808)
email_exists = (user_data.get('email') is not None and
user_repo.get_by(email_addr=user_data['email']) is not None)
if not user_exists and not email_exists:
if not user_data.get('email'):
user_data['email'] = name
user = User(fullname=user_data['name'],
name=name,
email_addr=user_data['email'],
facebook_user_id=user_data['id'],
info=info)
user_repo.save(user)
if newsletter.is_initialized() and user.email_addr != name:
newsletter.subscribe_user(user)
return user
else:
return None
else:
user.info['facebook_token'] = facebook_token
user_repo.save(user)
return user
def manage_user(access_token, user_data, next_url):
"""Manage the user after signin"""
user = user_repo.get_by(facebook_user_id=user_data['id'])
if user is None:
facebook_token = dict(oauth_token=access_token)
info = dict(facebook_token=facebook_token)
user = user_repo.get_by_name(user_data['username'])
# NOTE: Sometimes users at Facebook validate their accounts without
# registering an e-mail (see this http://stackoverflow.com/a/17809808)
email = None
if user_data.get('email'):
email = user_repo.get_by(email_addr=user_data['email'])
if user is None and email is None:
if not user_data.get('email'):
user_data['email'] = "None"
user = User(fullname=user_data['name'],
name=user_data['username'],
email_addr=user_data['email'],
facebook_user_id=user_data['id'],
info=info)
user_repo.save(user)
if newsletter.app and user.email_addr != "None":
newsletter.subscribe_user(user)
return user
else:
return None
else:
return user
def manage_user(user_data):
"""Manage the user after signin"""
# We have to store the oauth_token in the session to get the USER fields
user = user_repo.get_by(mykaarma_user_id=user_data['id'])
# user never signed on
if user is None:
user_by_email = user_repo.get_by(email_addr=user_data['email'])
if (user_by_email is None):
"""Generate 4 digit alphanumeric string with digits and lowercase characters"""
name = get_mykaarma_username_from_full_name(user_data['name'])
"""check if already a user present with the same name, if yes, generate another random string"""
user = user_repo.get_by_name(name)
while (user is not None):
name = get_mykaarma_username_from_full_name(user_data['name'])
user = user_repo.get_by_name(name)
"""add user"""
user = User(fullname=user_data['name'],
name=name,
email_addr=user_data['email'],
mykaarma_user_id=user_data['id'])
user_repo.save(user)
if newsletter.is_initialized():
newsletter.subscribe_user(user)
return user
else:
return add_through_email(user_by_email, user_data)
else:
return user
def manage_user(access_token, user_data):
"""Manage the user after signin"""
# We have to store the oauth_token in the session to get the USER fields
user = user_repo.get_by(google_user_id=user_data['id'])
# user never signed on
if user is None:
google_token = dict(oauth_token=access_token)
info = dict(google_token=google_token)
name = username_from_full_name(user_data['name'])
user = user_repo.get_by_name(name)
email = user_repo.get_by(email_addr=user_data['email'])
if ((user is None) and (email is None)):
user = User(fullname=user_data['name'],
name=name,
email_addr=user_data['email'],
google_user_id=user_data['id'],
info=info)
user_repo.save(user)
if newsletter.is_initialized():
newsletter.subscribe_user(user)
return user
else:
return None
else:
# Update the name to fit with new paradigm to avoid UTF8 problems
if type(user.name) == unicode or ' ' in user.name:
user.name = username_from_full_name(user.name)
user_repo.update(user)
return user
def manage_user(access_token, user_data):
"""Manage the user after signin"""
user = user_repo.get_by(facebook_user_id=user_data['id'])
if user is None:
facebook_token = dict(oauth_token=access_token)
info = dict(facebook_token=facebook_token)
name = username_from_full_name(user_data['name'])
user_exists = user_repo.get_by_name(name) is not None
# NOTE: Sometimes users at Facebook validate their accounts without
# registering an e-mail (see this http://stackoverflow.com/a/17809808)
email_exists = (user_data.get('email') is not None and
user_repo.get_by(email_addr=user_data['email']) is not None)
if not user_exists and not email_exists:
if not user_data.get('email'):
user_data['email'] = name
user = User(fullname=user_data['name'],
name=name,
email_addr=user_data['email'],
facebook_user_id=user_data['id'],
info=info)
user_repo.save(user)
if newsletter.is_initialized() and user.email_addr != name:
newsletter.subscribe_user(user)
return user
else:
return None
else:
return user
def handle_bloomberg_response():
sso_settings = current_app.config.get('BSSO_SETTINGS')
auth = OneLogin_Saml2_Auth(prepare_onelogin_request(), sso_settings)
auth.process_response()
errors = auth.get_errors()
if errors:
# BSSO was unable to authenticate the user
error_reason = auth.get_last_error_reason()
current_app.logger.error('BSSO auth error(s): %s %s', errors,
error_reason)
flash(gettext('There was a problem during the sign in process.'),
'error')
return redirect(url_for('home.home'))
elif auth.is_authenticated:
# User is authenticated on BSSO, load user from GIGwork API.
attributes = auth.get_attributes()
user = user_repo.get_by(
email_addr=unicode(attributes['emailAddress'][0]).lower())
if user is not None:
# User is authenticated on BSSO and already has a GIGwork account.
return _sign_in_user(user, next_url=request.form.get('RelayState'))
else:
# User is authenticated on BSSO, but does not yet have a GIGwork account, auto create one.
user_data = {}
try:
user_data['fullname'] = attributes['firstName'][
0] + " " + attributes['lastName'][0]
user_data['email_addr'] = attributes['emailAddress'][0]
user_data['name'] = attributes['username'][0]
user_data['data_access'] = ["L4"]
user_data['password'] = generate_password()
create_account(user_data, auto_create=True)
flash('A new account has been created for you using BSSO.')
user = user_repo.get_by(
email_addr=unicode(user_data['email_addr'].lower()))
return _sign_in_user(user,
next_url=request.form.get('RelayState'))
except Exception as error:
brand = current_app.config['BRAND']
current_app.logger.exception(
'Auto-account creation error: %s, for user attributes: %s',
error, attributes)
flash(
gettext(
'There was a problem signing you in. Please contact your {} administrator.'
.format(brand)), 'error')
return redirect(url_for('home.home'))
else:
# Failed to authenticate user on BSSO.
current_app.logger.exception('BSSO login error')
flash(
gettext(
'We were unable authenticate and log you into an account. Please contact a Gigwork administrator.'
), 'error')
return redirect(url_for('home.home'))
def test_signin_create(self, ldap_mock):
"""Test signin creates a PYBOSSA user."""
with patch.dict(self.flask_app.config, {'LDAP_HOST': '127.0.0.1'}):
url = '/account/signin'
payload = {'email': 'cn', 'password': '******'}
ldap_mock.bind_user.return_value = True
ldap_mock.get_object_details.return_value = self.ldap_user
res = self.app.post(url,
data=json.dumps(payload),
content_type='application/json')
user = user_repo.get_by(ldap='cn')
data = json.loads(res.data)
assert data['status'] == SUCCESS, data
assert data['next'] == '/', data
assert user.name == self.ldap_user['uid'][0], user
assert user.email_addr == self.ldap_user['cn'][0], user
ldap_mock.bind_user.return_value = False
res = self.app.post(url,
data=json.dumps(payload),
content_type='application/json')
data = json.loads(res.data)
msg = 'User LDAP credentials are wrong.'
assert data['flash'] == msg, data
assert data['status'] == 'info', data
def manage_user_login(user, user_data, next_url):
"""Manage user login."""
if user is None:
# Give a hint for the user
user = user_repo.get_by(email_addr=user_data.get('email'))
if user is not None:
msg, method = get_user_signup_method(user)
flash(msg, 'info')
if method == 'local':
return redirect(url_for_app_type('account.forgot_password'))
else:
return redirect(url_for_app_type('account.signin'))
else:
return redirect(url_for_app_type('account.signin'))
else:
login_user(user, remember=True)
flash("Welcome back %s" % user.fullname, 'success')
request_email = (user.email_addr == user.name)
if request_email:
flash("Please update your e-mail address in your profile page")
return redirect(url_for_app_type('account.update_profile',
name=user.name))
if (not request_email and user.newsletter_prompted is False
and newsletter.is_initialized()):
return redirect(url_for_app_type('account.newsletter_subscribe',
next=next_url))
return redirect(next_url)
def otpvalidation(email):
print '********** inside otpvalidation. request: %r' % request
form = OTPForm(request.form)
otp = int(form.otp.data)
print '************ user email: %r' % email
user = user_repo.get_by(email_addr=email)
if request.method == 'POST' and form.validate():
if otpauths.get(email) is not None:
otpsecret = otpauths[email]
if (otpsecret.valid_totp(otp, period=600)):
# user provided valid otp, signin user
msg = gettext("OTP verified. You are logged in to the system")
flash(msg, 'note')
_sign_in_user(user)
return redirect(url_for("home.home"))
else:
# invalid otp
msg = gettext("Invalid one time password")
flash(msg, 'error')
_email_two_factor_auth(user)
otpform = OTPForm(request.form)
return render_template('/account/otpvalidation.html',
title="Verify OTP",
form=form,
user=user)
def manage_user_login(user, user_data, next_url):
"""Manage user login."""
if user is None:
# Give a hint for the user
user = user_repo.get_by(email_addr=user_data['email'])
if user is not None:
msg, method = get_user_signup_method(user)
flash(msg, 'info')
if method == 'local':
return redirect(url_for('account.forgot_password'))
else:
return redirect(url_for('account.signin'))
else:
return redirect(url_for('account.signin'))
else:
first_login = False
login_user(user, remember=True)
flash("Welcome back %s" % user.fullname, 'success')
request_email = False
if (user.email_addr == "None"):
request_email = True
if request_email:
if first_login: # pragma: no cover
flash("This is your first login, please add a valid e-mail")
else:
flash("Please update your e-mail address in your profile page")
return redirect(url_for('account.update_profile', name=user.name))
if (user.email_addr != "None" and user.newsletter_prompted is False
and newsletter.app):
return redirect(
url_for('account.newsletter_subscribe', next=next_url))
return redirect(next_url)
def manage_user(access_token, user_data):
"""Manage the user after signin"""
# Twitter API does not provide a way
# to get the e-mail so we will ask for it
# only the first time
twitter_token = dict(oauth_token=access_token["oauth_token"], oauth_token_secret=access_token["oauth_token_secret"])
info = dict(twitter_token=twitter_token)
user = user_repo.get_by(twitter_user_id=user_data["user_id"])
if user is not None:
user.info["twitter_token"] = twitter_token
user_repo.save(user)
return user
user = user_repo.get_by_name(user_data["screen_name"])
if user is not None:
return None
user = User(
fullname=user_data["screen_name"],
name=user_data["screen_name"],
email_addr=user_data["screen_name"],
twitter_user_id=user_data["user_id"],
info=info,
)
user_repo.save(user)
return user
def manage_user_login(user, user_data, next_url):
"""Manage user login."""
if user is None:
# Give a hint for the user
user = user_repo.get_by(email_addr=user_data['email'])
if user is not None:
msg, method = get_user_signup_method(user)
flash(msg, 'info')
if method == 'local':
return redirect(url_for('account.forgot_password'))
else:
return redirect(url_for('account.signin'))
else:
return redirect(url_for('account.signin'))
else:
first_login = False
login_user(user, remember=True)
flash("Welcome back %s" % user.fullname, 'success')
request_email = False
if (user.email_addr == "None"):
request_email = True
if request_email:
if first_login: # pragma: no cover
flash("This is your first login, please add a valid e-mail")
else:
flash("Please update your e-mail address in your profile page")
return redirect(url_for('account.update_profile', name=user.name))
if (user.email_addr != "None" and user.newsletter_prompted is False
and newsletter.app):
return redirect(url_for('account.newsletter_subscribe', next=next_url))
return redirect(next_url)
def manage_user_login(user, user_data, next_url):
"""Manage user login."""
if user is None:
# Give a hint for the user
user = user_repo.get_by(email_addr=user_data.get('email'))
if user is not None:
msg, method = get_user_signup_method(user)
flash(msg, 'info')
if method == 'local':
return redirect(url_for_app_type('account.forgot_password',
_hash_last_flash=True))
else:
return redirect(url_for_app_type('account.signin',
_hash_last_flash=True))
else:
return redirect(url_for_app_type('account.signin',
_hash_last_flash=True))
else:
login_user(user, remember=True)
flash("Welcome back %s" % user.fullname, 'success')
if ((user.email_addr != user.name) and user.newsletter_prompted is False
and newsletter.is_initialized()):
return redirect(url_for_app_type('account.newsletter_subscribe',
next=next_url,
_hash_last_flash=True))
return redirect(next_url)
def manage_user_login(user, user_data, next_url):
"""Manage user login."""
if user is None:
# Give a hint for the user
user = user_repo.get_by(email_addr=user_data.get('email'))
if user is not None:
msg, method = get_user_signup_method(user)
flash(msg, 'info')
if method == 'local':
return redirect(url_for('account.forgot_password'))
else:
return redirect(url_for('account.signin'))
else:
return redirect(url_for('account.signin'))
else:
login_user(user, remember=True)
flash("Welcome back %s" % user.fullname, 'success')
request_email = (user.email_addr == user.name)
if request_email:
flash("Please update your e-mail address in your profile page")
return redirect(url_for('account.update_profile', name=user.name))
if (not request_email and user.newsletter_prompted is False
and newsletter.is_initialized()):
return redirect(url_for('account.newsletter_subscribe', next=next_url))
return redirect(next_url)
def test_webhook_handler_owner_pro(self):
"""Test WEBHOOK view works for pro owner."""
# Admin/owner
self.register()
self.signin()
self.signout()
# User
self.register(name="Iser")
self.signin(email="*****@*****.**", password="******")
owner = user_repo.get_by(name="Iser")
owner.pro = True
user_repo.save(owner)
project = ProjectFactory.create(owner=owner)
url = "/project/%s/webhook" % project.short_name
res = self.app.get(url)
assert res.status_code == 200, res.status_code
assert "Created" in res.data
assert "Payload" in res.data
url = "/project/%s/webhook?failed=true" % project.short_name
res = self.app.get(url)
assert res.status_code == 200, res.status_code
assert "Created" in res.data
assert "Payload" in res.data
url = "/project/%s/webhook?all=true" % project.short_name
res = self.app.get(url)
assert res.status_code == 200, res.status_code
assert "Created" in res.data
assert "Payload" in res.data
def _create_account_Auth(user_data):
new_user = model.user.User(fullname=user_data['fullname'],
name=user_data['name'],
email_addr=user_data['email_addr'],
valid_email=True,
auth_user_id=user_data['auth_user_id'],
admin=False)
password = GenPasswd2(8, string.digits) + GenPasswd2(
15, string.ascii_letters)
new_user.set_password(password)
userxemail = user_repo.get_by(email_addr=user_data['email_addr'])
if userxemail:
if userxemail.auth_user_id is None:
new_user = userxemail
new_user.auth_user_id = user_data['auth_user_id']
user_repo.update(new_user)
flash(gettext(u'Bienvenido') + " " + new_user.fullname, 'success')
return _sign_in_user(new_user)
else:
flash(
gettext(
u'El email ya está registrado en nuestro sistema bajo otra cuenta con otras credenciales. No ha sido posible iniciar sesión. Inicie sesión utilizando la cuenta original que uso para registrarse por primera vez con esta dirección de correo.'
), 'error')
return redirect_content_type(url_for("home.home"))
else:
userduplicatename = user_repo.get_by_name(name=new_user.name)
if userduplicatename:
new_user.name = new_user.name + GenRandomString(
6, string.ascii_lowercase)
user_repo.save(new_user)
flash(gettext(u'Gracias por registrarte.'), 'success')
return _sign_in_user(new_user)
def forgot_password():
"""
Request a forgotten password for a user.
Returns a Jinja2 template.
"""
form = ForgotPasswordForm(request.body)
if form.validate_on_submit():
user = user_repo.get_by(email_addr=form.email_addr.data)
if user and user.email_addr:
msg = dict(subject='Account Recovery',
recipients=[user.email_addr])
if user.twitter_user_id:
msg['body'] = render_template(
'/account/email/forgot_password_openid.md',
user=user, account_name='Twitter')
msg['html'] = render_template(
'/account/email/forgot_password_openid.html',
user=user, account_name='Twitter')
elif user.facebook_user_id:
msg['body'] = render_template(
'/account/email/forgot_password_openid.md',
user=user, account_name='Facebook')
msg['html'] = render_template(
'/account/email/forgot_password_openid.html',
user=user, account_name='Facebook')
elif user.google_user_id:
msg['body'] = render_template(
'/account/email/forgot_password_openid.md',
user=user, account_name='Google')
msg['html'] = render_template(
'/account/email/forgot_password_openid.html',
user=user, account_name='Google')
else:
userdict = {'user': user.name, 'password': user.passwd_hash}
key = signer.dumps(userdict, salt='password-reset')
recovery_url = url_for_app_type('.reset_password',
key=key, _external=True)
msg['body'] = render_template(
'/account/email/forgot_password.md',
user=user, recovery_url=recovery_url)
msg['html'] = render_template(
'/account/email/forgot_password.html',
user=user, recovery_url=recovery_url)
mail_queue.enqueue(send_mail, msg)
flash(gettext("We've sent you an email with account "
"recovery instructions!"),
'success')
else:
flash(gettext("We don't have this email in our records. "
"You may have signed up with a different "
"email or used Twitter, Facebook, or "
"Google to sign-in"), 'error')
if request.method == 'POST' and not form.validate():
flash(gettext('Something went wrong, please correct the errors on the '
'form'), 'error')
data = dict(template='/account/password_forgot.html',
form=form)
return handle_content_type(data)
def callback():
global auth0
try:
auth0.authorize_access_token()
except Exception:
pass
msg_1 = gettext(
u"Se ha producido un error al iniciar sesión con su cuenta. Los datos introducidos son incorrectos. Por favor, vuelva a intentarlo, pulsando de nuevo sobre “Iniciar sesión”."
)
flash(msg_1, 'error')
return redirect_content_type(url_for("home.home"))
resp = auth0.get('userinfo')
userinfo = resp.json()
auth_user_id = userinfo['sub']
user = user_repo.get_by(auth_user_id=auth_user_id)
if user:
msg_1 = gettext(u"Bienvenido") + " " + user.fullname
flash(msg_1, 'success')
return _sign_in_user(user)
else:
account = dict(fullname=userinfo['nickname'],
name=userinfo['nickname'],
email_addr=userinfo['email'],
auth_user_id=auth_user_id)
return _create_account_Auth(account)
def manage_user_login(user, user_data, next_url):
"""Manage user login."""
if user is None:
# Give a hint for the user
user = user_repo.get_by(email_addr=user_data.get('email'))
if user is not None:
msg, method = get_user_signup_method(user)
flash(msg, 'info')
if method == 'local':
return redirect(url_for_app_type('account.forgot_password',
_hash_last_flash=True))
else:
return redirect(url_for_app_type('account.signin',
_hash_last_flash=True))
else:
return redirect(url_for_app_type('account.signin',
_hash_last_flash=True))
else:
login_user(user, remember=True)
flash("Welcome back %s" % user.fullname, 'success')
if ((user.email_addr != user.name) and user.newsletter_prompted is False
and newsletter.is_initialized()):
return redirect(url_for_app_type('account.newsletter_subscribe',
next=next_url,
_hash_last_flash=True))
return redirect(next_url)
def forgot_password():
"""
Request a forgotten password for a user.
Returns a Jinja2 template.
"""
form = ForgotPasswordForm(request.body)
if form.validate_on_submit():
user = user_repo.get_by(email_addr=form.email_addr.data)
if user and user.email_addr:
msg = dict(subject='Account Recovery',
recipients=[user.email_addr])
if user.twitter_user_id:
msg['body'] = render_template(
'/account/email/forgot_password_openid.md',
user=user, account_name='Twitter')
msg['html'] = render_template(
'/account/email/forgot_password_openid.html',
user=user, account_name='Twitter')
elif user.facebook_user_id:
msg['body'] = render_template(
'/account/email/forgot_password_openid.md',
user=user, account_name='Facebook')
msg['html'] = render_template(
'/account/email/forgot_password_openid.html',
user=user, account_name='Facebook')
elif user.google_user_id:
msg['body'] = render_template(
'/account/email/forgot_password_openid.md',
user=user, account_name='Google')
msg['html'] = render_template(
'/account/email/forgot_password_openid.html',
user=user, account_name='Google')
else:
userdict = {'user': user.name, 'password': user.passwd_hash}
key = signer.dumps(userdict, salt='password-reset')
recovery_url = url_for_app_type('.reset_password',
key=key, _external=True)
msg['body'] = render_template(
'/account/email/forgot_password.md',
user=user, recovery_url=recovery_url)
msg['html'] = render_template(
'/account/email/forgot_password.html',
user=user, recovery_url=recovery_url)
mail_queue.enqueue(send_mail, msg)
flash(gettext("We've sent you an email with account "
"recovery instructions!"),
'success')
else:
flash(gettext("We don't have this email in our records. "
"You may have signed up with a different "
"email or used Twitter, Facebook, or "
"Google to sign-in"), 'error')
if request.method == 'POST' and not form.validate():
flash(gettext('Something went wrong, please correct the errors on the '
'form'), 'error')
data = dict(template='/account/password_forgot.html',
form=form)
return handle_content_type(data)
def manage_user(access_token, user_data):
"""Manage the user after signin"""
# Twitter API does not provide a way
# to get the e-mail so we will ask for it
# only the first time
info = dict(twitter_token=access_token)
user = user_repo.get_by(twitter_user_id=user_data['user_id'])
if user is not None:
user.info['twitter_token'] = access_token
user_repo.save(user)
return user
user = user_repo.get_by_name(user_data['screen_name'])
if user is not None:
return None
user = User(fullname=user_data['screen_name'],
name=user_data['screen_name'],
email_addr=user_data['screen_name'],
twitter_user_id=user_data['user_id'],
info=info)
user_repo.save(user)
return user
def manage_user(access_token, user_data):
"""Manage the user after signin"""
# Twitter API does not provide a way
# to get the e-mail so we will ask for it
# only the first time
info = dict(twitter_token=access_token)
user = user_repo.get_by(twitter_user_id=user_data['user_id'])
if user is not None:
user.info['twitter_token'] = access_token
user_repo.save(user)
return user
user = user_repo.get_by_name(user_data['screen_name'])
if user is not None:
return None
user = User(fullname=user_data['screen_name'],
name=user_data['screen_name'],
email_addr=user_data['screen_name'],
twitter_user_id=user_data['user_id'],
info=info)
user_repo.save(user)
return user
def test_webhook_handler_owner_pro(self):
"""Test WEBHOOK view works for pro owner."""
# Admin/owner
self.register()
self.signout()
# User
self.register(name="Iser")
owner = user_repo.get_by(name="Iser")
owner.pro = True
user_repo.save(owner)
project = ProjectFactory.create(owner=owner)
url = "/project/%s/webhook" % project.short_name
res = self.app.get(url)
assert res.status_code == 200, res.status_code
assert "Created" in res.data
assert "Payload" in res.data
url = "/project/%s/webhook?failed=true" % project.short_name
res = self.app.get(url)
assert res.status_code == 200, res.status_code
assert "Created" in res.data
assert "Payload" in res.data
url = "/project/%s/webhook?all=true" % project.short_name
res = self.app.get(url)
assert res.status_code == 200, res.status_code
assert "Created" in res.data
assert "Payload" in res.data
def get_enabled_users(user_emails):
from pybossa.core import user_repo
enabled_users = []
for ue in user_emails:
user = user_repo.get_by(email_addr=ue)
if user and user.enabled:
enabled_users.append(ue)
return enabled_users
def signin():
"""
Signin method for PyBossa users.
Returns a Jinja2 template with the result of signing process.
"""
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
password = form.password.data
email = form.email.data
user = user_repo.get_by(email_addr=email)
if user and user.check_password(password):
if twofactor_auth == False:
msg_1 = gettext("Welcome back") + " " + user.fullname
flash(msg_1, 'success')
return _sign_in_user(user)
else:
_email_two_factor_auth(user)
otpform = OTPForm(request.form)
return render_template('/account/otpvalidation.html',
title="Verify OTP",
form=otpform,
user=user)
elif user:
msg, method = get_user_signup_method(user)
if method == 'local':
msg = gettext("Ooops, Incorrect email/password")
flash(msg, 'error')
else:
flash(msg, 'info')
else:
msg = gettext("Ooops, we didn't find you in the system, \
did you sign up?")
flash(msg, 'info')
if request.method == 'POST' and not form.validate():
flash(gettext('Please correct the errors'), 'error')
auth = {'twitter': False, 'facebook': False, 'google': False}
if current_user.is_anonymous():
# If Twitter is enabled in config, show the Twitter Sign in button
if ('twitter' in current_app.blueprints): # pragma: no cover
auth['twitter'] = True
if ('facebook' in current_app.blueprints): # pragma: no cover
auth['facebook'] = True
if ('google' in current_app.blueprints): # pragma: no cover
auth['google'] = True
return render_template('account/signin.html',
title="Sign in",
form=form,
auth=auth,
next=request.args.get('next'))
else:
# User already signed in, so redirect to home page
return redirect(url_for("home.home"))
def test_webhook_handler_owner_non_pro(self):
"""Test WEBHOOK view works for non pro owner."""
# Admin
self.register()
self.signout()
# User
self.register(name="Iser")
owner = user_repo.get_by(name="Iser")
project = ProjectFactory.create(owner=owner)
url = "/project/%s/webhook" % project.short_name
res = self.app.get(url)
assert res.status_code == 403, res.status_code
def test_webhook_handler_owner_non_pro(self):
"""Test WEBHOOK view works for non pro owner."""
# Admin
self.register()
self.signout()
# User
self.register(name="Iser")
owner = user_repo.get_by(name="Iser")
project = ProjectFactory.create(owner=owner)
url = "/project/%s/webhook" % project.short_name
res = self.app.get(url)
assert res.status_code == 403, res.status_code
def signin():
"""
Signin method for PYBOSSA users.
Returns a Jinja2 template with the result of signing process.
"""
return abort(404)
#identificador = request.args.get('i')
#if identificador != "admin":
# return redirect_content_type(url_for("home.home"))
form = LoginForm(request.body)
if request.method == 'POST' and form.validate():
password = form.password.data
email = form.email.data
user = user_repo.get_by(email_addr=email)
if user and user.check_password(password):
msg_1 = gettext(u"Bienvenido") + " " + user.fullname
flash(msg_1, 'success')
return _sign_in_user(user)
elif user:
msg, method = get_user_signup_method(user)
if method == 'local':
msg = gettext(u"Usuario y contraseña incorrecto.")
flash(msg, 'error')
else:
flash(msg, 'error')
else:
msg = gettext("El usuario no existe en el sistema.")
flash(msg, 'error')
if request.method == 'POST' and not form.validate():
flash(gettext(u'Por favor corrige los errores'), 'error')
auth = {'twitter': False, 'facebook': False, 'google': False}
if current_user.is_anonymous():
# If Twitter is enabled in config, show the Twitter Sign in button
if ('twitter' in current_app.blueprints): # pragma: no cover
auth['twitter'] = True
if ('facebook' in current_app.blueprints): # pragma: no cover
auth['facebook'] = True
if ('google' in current_app.blueprints): # pragma: no cover
auth['google'] = True
response = dict(template='account/signin.html',
title="Sign in",
form=form,
auth=auth,
next=request.args.get('next'))
return handle_content_type(response)
else:
# User already signed in, so redirect to home page
return redirect_content_type(url_for("home.home"))
def set_gravatar(name):
"""Set gravatar for a user."""
user = user_repo.get_by(name=name)
if not user:
abort(404)
ensure_authorized_to('update', user)
gravatar.set(user)
flash(gettext('Your avatar has been updated! It may \
take some minutes to refresh...'), 'success')
return redirect(url_for('account.update_profile', name=user.name))
def signin():
"""
Signin method for PyBossa users.
Returns a Jinja2 template with the result of signing process.
"""
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
password = form.password.data
email = form.email.data
user = user_repo.get_by(email_addr=email)
if user and user.check_password(password):
login_user(user, remember=True)
msg_1 = gettext("Welcome back") + " " + user.fullname
flash(msg_1, 'success')
if user.newsletter_prompted is False and newsletter.app:
return redirect(url_for('account.newsletter_subscribe',
next=request.args.get('next')))
return redirect(request.args.get("next") or url_for("home.home"))
elif user:
msg, method = get_user_signup_method(user)
if method == 'local':
msg = gettext("Ooops, Incorrect email/password")
flash(msg, 'error')
else:
flash(msg, 'info')
else:
msg = gettext("Ooops, we didn't find you in the system, \
did you sign in?")
flash(msg, 'info')
if request.method == 'POST' and not form.validate():
flash(gettext('Please correct the errors'), 'error')
auth = {'twitter': False, 'facebook': False, 'google': False}
if current_user.is_anonymous():
# If Twitter is enabled in config, show the Twitter Sign in button
if ('twitter' in current_app.blueprints): # pragma: no cover
auth['twitter'] = True
if ('facebook' in current_app.blueprints): # pragma: no cover
auth['facebook'] = True
if ('google' in current_app.blueprints): # pragma: no cover
auth['google'] = True
return render_template('account/signin.html',
title="Sign in",
form=form, auth=auth,
next=request.args.get('next'))
else:
# User already signed in, so redirect to home page
return redirect(url_for("home.home"))
def test_signin_existing(self, ldap_mock, create_mock):
"""Test signin logs in an LDAP existing PYBOSSA user."""
user = UserFactory.create(name='cn', email_addr='cn', ldap='cn')
with patch.dict(self.flask_app.config, {'LDAP_HOST': '127.0.0.1'}):
url = '/account/signin'
payload = {'email': 'cn', 'password': '******'}
ldap_mock.bind_user.return_value = True
ldap_mock.get_object_details.return_value = self.ldap_user
res = self.app.post(url, data=json.dumps(payload),
content_type='application/json')
user = user_repo.get_by(ldap='cn')
data = json.loads(res.data)
assert data['next'] == '/', data
assert create_mock.called is False
def test_signin_existing(self, ldap_mock, create_mock):
"""Test signin logs in an LDAP existing PYBOSSA user."""
user = UserFactory.create(name='cn', email_addr='cn', ldap='cn')
with patch.dict(self.flask_app.config, {'LDAP_HOST': '127.0.0.1'}):
url = '/account/signin'
payload = {'email': 'cn', 'password': '******'}
ldap_mock.bind_user.return_value = True
ldap_mock.get_object_details.return_value = self.ldap_user
res = self.app.post(url,
data=json.dumps(payload),
content_type='application/json')
user = user_repo.get_by(ldap='cn')
data = json.loads(res.data)
assert data['next'] == '/', data
assert create_mock.called is False
def manage_user(access_token, user_data, next_url):
"""Manage the user after signin"""
# We have to store the oauth_token in the session to get the USER fields
user = user_repo.get_by(google_user_id=user_data['id'])
# user never signed on
if user is None:
google_token = dict(oauth_token=access_token)
info = dict(google_token=google_token)
name = user_data['name'].encode('ascii',
'ignore').lower().replace(" ", "")
user = user_repo.get_by_name(name)
email = user_repo.get_by(email_addr=user_data['email'])
if ((user is None) and (email is None)):
user = User(fullname=user_data['name'],
name=user_data['name'].encode(
'ascii', 'ignore').lower().replace(" ", ""),
email_addr=user_data['email'],
google_user_id=user_data['id'],
info=info)
user_repo.save(user)
if newsletter.app:
newsletter.subscribe_user(user)
return user
else:
return None
else:
# Update the name to fit with new paradigm to avoid UTF8 problems
if type(user.name) == unicode or ' ' in user.name:
user.name = user.name.encode('ascii',
'ignore').lower().replace(" ", "")
user_repo.update(user)
return user
def grant_access_with_api_key(secure_app):
from pybossa.core import user_repo
import pybossa.model as model
from flask import _request_ctx_stack
apikey = None
if not secure_app:
apikey = request.args.get('api_key', None)
if 'Authorization' in request.headers:
apikey = request.headers.get('Authorization')
if apikey:
user = user_repo.get_by(api_key=apikey)
if user and user.enabled:
user.last_login = model.make_timestamp()
user_repo.update(user)
_request_ctx_stack.top.user = user
def oauth_authorized(resp): # pragma: no cover
#print "OAUTH authorized method called"
next_url = url_for('home.home')
if resp is None or request.args.get('error'):
flash(u'You denied the request to sign in.', 'error')
flash(u'Reason: ' + request.args['error'], 'error')
if request.args.get('error'):
return redirect(url_for('account.signin'))
return redirect(next_url)
headers = {'Authorization': ' '.join(['OAuth', resp['access_token']])}
url = 'https://www.googleapis.com/oauth2/v1/userinfo'
try:
r = requests.get(url, headers=headers)
except requests.exceptions.http_error:
# Unauthorized - bad token
if r.status_code == 401:
return redirect(url_for('account.signin'))
return r.content
access_token = resp['access_token']
session['oauth_token'] = access_token
import json
user_data = json.loads(r.content)
user = manage_user(access_token, user_data, next_url)
if user is None:
# Give a hint for the user
user = user_repo.get_by(email_addr=user_data['email'])
if user is None:
name = user_data['name'].encode('ascii', 'ignore').lower().replace(' ', '')
user = user_repo.get_by_name(name)
msg, method = get_user_signup_method(user)
flash(msg, 'info')
if method == 'local':
return redirect(url_for('account.forgot_password'))
else:
return redirect(url_for('account.signin'))
else:
login_user(user, remember=True)
flash("Welcome back %s" % user.fullname, 'success')
return redirect(next_url)
def otpvalidation(token):
email = otp.retrieve_email_for_token(token)
if not email:
flash(gettext('Please sign in.'), 'error')
return redirect_content_type(url_for('account.signin'))
form = OTPForm(request.body)
user_otp = form.otp.data
if type(email) == bytes:
email = email.decode('utf-8')
user = user_repo.get_by(email_addr=email)
current_app.logger.info('validating otp for user email: {}'.format(email))
if request.method == 'POST' and form.validate():
otp_code = otp.retrieve_user_otp_secret(email)
if type(otp_code) == bytes:
otp_code = otp_code.decode('utf-8')
if otp_code is not None:
print(otp_code, user_otp)
if otp_code == user_otp:
msg = gettext('OTP verified. You are logged in to the system')
flash(msg, 'success')
otp.expire_token(token)
return _sign_in_user(user)
else:
msg = gettext('Invalid one time password, a newly generated '
'one time password was sent to your email.')
flash(msg, 'error')
else:
msg = gettext('Expired one time password, a newly generated one '
'time password was sent to your email.')
flash(msg, 'error')
current_app.logger.info(('Invalid OTP. retrieved: {}, submitted: {}, '
'email: {}').format(otp_code, user_otp,
email))
_email_two_factor_auth(user, True)
form.otp.data = ''
response = dict(template='/account/otpvalidation.html',
title='Verify OTP',
form=form,
user=user.to_public_json(),
next=request.args.get('next'),
token=token)
return handle_content_type(response)
def test_webhook_handler_owner_non_pro(self):
"""Test WEBHOOK view works for non pro owner."""
# Admin
self.register()
self.signin()
self.signout()
# User
self.register(name="Iser")
self.signin(email="*****@*****.**", password="******")
owner = user_repo.get_by(name="Iser")
project = ProjectFactory.create(owner=owner)
url = "/project/%s/webhook" % project.short_name
res = self.app.get(url)
assert res.status_code == 403, res.status_code
url = "/project/%s/webhook?all=true" % project.short_name
res = self.app.get(url)
assert res.status_code == 403, res.status_code
url = "/project/%s/webhook?failed=true" % project.short_name
res = self.app.get(url)
assert res.status_code == 403, res.status_code
def handle_bloomberg_response():
sso_settings = current_app.config.get('BSSO_SETTINGS')
auth = OneLogin_Saml2_Auth(prepare_onelogin_request(), sso_settings)
auth.process_response()
errors = auth.get_errors()
if errors:
error_reason = auth.get_last_error_reason()
current_app.logger.error('BSSO auth error(s): %s %s', errors,
error_reason)
flash(gettext('There was a problem during the sign in process.'),
'error')
return redirect(url_for('home.home'))
if auth.is_authenticated():
attributes = auth.get_attributes()
user = user_repo.get_by(
email_addr=unicode(attributes['emailAddress'][0]))
return _sign_in_user(user, next_url=request.form.get('RelayState'))
else:
current_app.logger.error('BSSO authentication failed')
flash(gettext('Authentication failed.'), 'error')
return redirect(url_for('home.home'))
def manage_user_login(user, user_data, next_url):
"""Manage user login."""
if user is None:
# Give a hint for the user
user = user_repo.get_by(email_addr=user_data["email"])
if user is None:
name = username_from_full_name(user_data["name"])
user = user_repo.get_by_name(name)
msg, method = get_user_signup_method(user)
flash(msg, "info")
if method == "local":
return redirect(url_for("account.forgot_password"))
else:
return redirect(url_for("account.signin"))
else:
login_user(user, remember=True)
flash("Welcome back %s" % user.fullname, "success")
if user.newsletter_prompted is False and newsletter.is_initialized():
return redirect(url_for("account.newsletter_subscribe", next=next_url))
return redirect(next_url)
def oauth_authorized(resp): # pragma: no cover
next_url = request.args.get('next') or url_for('home.home')
if resp is None:
flash(u'You denied the request to sign in.', 'error')
flash(u'Reason: ' + request.args['error_reason'] +
' ' + request.args['error_description'], 'error')
return redirect(next_url)
# We have to store the oauth_token in the session to get the USER fields
access_token = resp['access_token']
session['oauth_token'] = (resp['access_token'], '')
user_data = facebook.oauth.get('/me').data
user = manage_user(access_token, user_data, next_url)
if user is None:
# Give a hint for the user
user = user_repo.get_by(email_addr=user_data['email'])
if user is not None:
msg, method = get_user_signup_method(user)
flash(msg, 'info')
if method == 'local':
return redirect(url_for('account.forgot_password'))
else:
return redirect(url_for('account.signin'))
else:
return redirect(url_for('account.signin'))
else:
first_login = False
login_user(user, remember=True)
flash("Welcome back %s" % user.fullname, 'success')
request_email = False
if (user.email_addr == "None"):
request_email = True
if request_email:
if first_login:
flash("This is your first login, please add a valid e-mail")
else:
flash("Please update your e-mail address in your profile page")
return redirect(url_for('account.update_profile', name=user.name))
return redirect(next_url)
def manage_user_login(user, user_data, next_url):
"""Manage user login."""
if user is None:
# Give a hint for the user
user = user_repo.get_by(email_addr=user_data['email'])
if user is None:
name = user_data['name'].encode('ascii', 'ignore').lower().replace(' ', '')
user = user_repo.get_by_name(name)
msg, method = get_user_signup_method(user)
flash(msg, 'info')
if method == 'local':
return redirect(url_for('account.forgot_password'))
else:
return redirect(url_for('account.signin'))
else:
login_user(user, remember=True)
flash("Welcome back %s" % user.fullname, 'success')
if user.newsletter_prompted is False and newsletter.app:
return redirect(url_for('account.newsletter_subscribe',
next=next_url))
return redirect(next_url)
def manage_user_login(user, user_data, next_url):
"""Manage user login."""
if user is None:
# Give a hint for the user
user = user_repo.get_by(email_addr=user_data['email'])
if user is None:
name = username_from_full_name(user_data['name'])
user = user_repo.get_by_name(name)
msg, method = get_user_signup_method(user)
flash(msg, 'info')
if method == 'local':
return redirect(url_for('account.forgot_password'))
else:
return redirect(url_for('account.signin'))
else:
login_user(user, remember=True)
flash("Welcome back %s" % user.fullname, 'success')
if user.newsletter_prompted is False and newsletter.is_initialized():
return redirect(
url_for('account.newsletter_subscribe', next=next_url))
return redirect(next_url)
def get(self, oid):
"""Get all completed tasks. Need admin access"""
try:
ensure_authorized_to('read', self.__class__)
# check admin access
if 'api_key' in request.args.keys():
apikey = request.args['api_key']
user = user_repo.get_by(api_key=apikey)
if not user or user.admin is False:
raise BadRequest("Insufficient privilege to the request")
else:
raise BadRequest("Insufficient privilege to the request")
# set filter from args
# add 'state'='completed' if missing
filters = {}
filters['state'] = 'completed'
for k in request.args.keys():
if k not in ['limit', 'offset', 'api_key']:
# 'exported' column belongs to Task class
# ignore it for attr check in TaskRun class
# but add it to filter so that its checked
# against Task class in filter_completed_task_runs_by
if k not in ['exported']:
# Raise an error if the k arg is not a column
getattr(self.__class__, k)
filters[k] = request.args[k]
# set limit, offset
limit, offset = self._set_limit_and_offset()
# query database to obtain the requested data
query = task_repo.filter_tasks_by(limit=limit,
offset=offset,
**filters)
json_response = self._create_json_response(query, oid)
return Response(json_response, mimetype='application/json')
except Exception as e:
return error.format_exception(
e, target=self.__class__.__name__.lower(), action='GET')
def manage_user(access_token, user_data):
"""Manage the user after signin"""
# Weibo API does not provide a way
# to get the e-mail so we will ask for it
# only the first time
weibo_token=dict(oauth_token=access_token)
info = dict(weibo_token=access_token,
avatar_url=user_data['profile_image_url'])
# alreay exist
user = user_repo.get_by(weibo_user_id=user_data['id'])
if user is not None:
user.info['weibo_token'] = info
user_repo.save(user)
return user
user = User(fullname=user_data['screen_name'],
name=user_data['screen_name'],
email_addr=user_data['screen_name'],
weibo_user_id=user_data['id'],
info=info)
user_repo.save(user)
return user
def test_signin_create(self, ldap_mock):
"""Test signin creates a PYBOSSA user."""
with patch.dict(self.flask_app.config, {'LDAP_HOST': '127.0.0.1'}):
url = '/account/signin'
payload = {'email': 'cn', 'password': '******'}
ldap_mock.bind_user.return_value = True
ldap_mock.get_object_details.return_value = self.ldap_user
res = self.app.post(url, data=json.dumps(payload),
content_type='application/json')
user = user_repo.get_by(ldap='cn')
data = json.loads(res.data)
assert data['status'] == SUCCESS, data
assert data['next'] == '/', data
assert user.name == self.ldap_user['uid'][0], user
assert user.email_addr == self.ldap_user['cn'][0], user
ldap_mock.bind_user.return_value = False
res = self.app.post(url, data=json.dumps(payload),
content_type='application/json')
data = json.loads(res.data)
msg = 'User LDAP credentials are wrong.'
assert data['flash'] == msg, data
assert data['status'] == 'info', data
def manage_user(access_token, user_data):
"""Manage the user after signin"""
# Weibo API does not provide a way
# to get the e-mail so we will ask for it
# only the first time
weibo_token=dict(oauth_token=access_token)
info = dict(weibo_token=access_token,
avatar_url=user_data['profile_image_url'])
# alreay exist
user = user_repo.get_by(weibo_user_id=user_data['id'])
if user is not None:
user.info['weibo_token'] = info
user_repo.save(user)
return user
user = User(fullname=user_data['screen_name'],
name=user_data['screen_name'],
email_addr=user_data['screen_name'],
weibo_user_id=user_data['id'],
info=info)
user_repo.save(user)
return user
def otpvalidation(token):
email = otp.retrieve_email_for_token(token)
if not email:
flash(gettext('Please sign in.'), 'error')
return redirect_content_type(url_for('account.signin'))
form = OTPForm(request.body)
user_otp = form.otp.data
user = user_repo.get_by(email_addr=email)
current_app.logger.info('validating otp for user email: {}'.format(email))
if request.method == 'POST' and form.validate():
otp_code = otp.retrieve_user_otp_secret(email)
if otp_code is not None:
if otp_code == user_otp:
msg = gettext('OTP verified. You are logged in to the system')
flash(msg, 'success')
otp.expire_token(token)
return _sign_in_user(user)
else:
msg = gettext('Invalid one time password, a newly generated '
'one time password was sent to your email.')
flash(msg, 'error')
else:
msg = gettext('Expired one time password, a newly generated one '
'time password was sent to your email.')
flash(msg, 'error')
current_app.logger.info(('Invalid OTP. retrieved: {}, submitted: {}, '
'email: {}').format(otp_code, user_otp, email))
_email_two_factor_auth(user, True)
form.otp.data = ''
response = dict(template='/account/otpvalidation.html',
title='Verify OTP',
form=form,
user=user.to_public_json(),
next=request.args.get('next'),
token=token)
return handle_content_type(response)
def forgot_password():
"""
Request a forgotten password for a user.
Returns a Jinja2 template.
"""
form = ForgotPasswordForm(request.body)
if form.validate_on_submit():
user = user_repo.get_by(email_addr=form.email_addr.data)
if user and user.email_addr:
msg = dict(subject=u'Recuperación de Cuenta',
recipients=[user.email_addr])
if user.twitter_user_id:
msg['body'] = render_template(
'/account/email/forgot_password_openid.md',
user=user,
account_name='Twitter')
msg['html'] = render_template(
'/account/email/forgot_password_openid.html',
user=user,
account_name='Twitter')
elif user.facebook_user_id:
msg['body'] = render_template(
'/account/email/forgot_password_openid.md',
user=user,
account_name='Facebook')
msg['html'] = render_template(
'/account/email/forgot_password_openid.html',
user=user,
account_name='Facebook')
elif user.google_user_id:
msg['body'] = render_template(
'/account/email/forgot_password_openid.md',
user=user,
account_name='Google')
msg['html'] = render_template(
'/account/email/forgot_password_openid.html',
user=user,
account_name='Google')
else:
userdict = {'user': user.name, 'password': user.passwd_hash}
key = signer.dumps(userdict, salt='password-reset')
recovery_url = url_for('.reset_password',
key=key,
_external=True)
msg['body'] = render_template(
'/account/email/forgot_password.md',
user=user,
recovery_url=recovery_url)
msg['html'] = render_template(
'/account/email/forgot_password.html',
user=user,
recovery_url=recovery_url)
mail_queue.enqueue(send_mail, msg)
flash(
gettext(
u"Te enviamos un correo electrónico con las instrucciones de recuperación!"
), 'success')
else:
flash(
gettext(
u"No tenemos este correo electrónico en nuestros registros. Es posible que se haya registrado con un correo electrónico diferente o haya utilizado Twitter, Facebook o Google para iniciar sesión."
), 'error')
if request.method == 'POST' and not form.validate():
flash(
gettext('Something went wrong, please correct the errors on the '
'form'), 'error')
data = dict(template='/account/password_forgot.html', form=form)
return handle_content_type(data)
def signin():
"""
Signin method for PYBOSSA users.
Returns a Jinja2 template with the result of signing process.
"""
form = LoginForm(request.body)
isLdap = current_app.config.get('LDAP_HOST', False)
if (request.method == 'POST' and form.validate()
and isLdap is False):
password = form.password.data
email = form.email.data
user = user_repo.get_by(email_addr=email)
if user and user.check_password(password):
if not current_app.config.get('ENABLE_TWO_FACTOR_AUTH'):
msg_1 = gettext("Welcome back") + " " + user.fullname
flash(msg_1, 'success')
return _sign_in_user(user)
else:
_email_two_factor_auth(user)
url_token = otp.generate_url_token(user.email_addr)
return redirect_content_type(url_for('account.otpvalidation',
token=url_token,
next=request.args.get('next')))
elif user:
msg, method = get_user_signup_method(user)
if method == 'local':
msg = gettext("Ooops, Incorrect email/password")
flash(msg, 'error')
else:
flash(msg, 'info')
else:
msg = gettext("Ooops, we didn't find you in the system, \
did you sign up?")
flash(msg, 'info')
if (request.method == 'POST' and form.validate()
and isLdap):
password = form.password.data
cn = form.email.data
ldap_user = None
if ldap.bind_user(cn, password):
ldap_user = ldap.get_object_details(cn)
key = current_app.config.get('LDAP_USER_FILTER_FIELD')
value = ldap_user[key][0]
user_db = user_repo.get_by(ldap=value)
if (user_db is None):
keyfields = current_app.config.get('LDAP_PYBOSSA_FIELDS')
user_data = dict(fullname=ldap_user[keyfields['fullname']][0],
name=ldap_user[keyfields['name']][0],
email_addr=ldap_user[keyfields['email_addr']][0],
valid_email=True,
ldap=value,
consent=False)
_create_account(user_data, ldap_disabled=False)
else:
login_user(user_db, remember=True)
else:
msg = gettext("User LDAP credentials are wrong.")
flash(msg, 'info')
if request.method == 'POST' and not form.validate():
flash(gettext('Please correct the errors'), 'error')
auth = {'twitter': False, 'facebook': False, 'google': False, 'wechat': False, 'weibo' : False}
if current_user.is_anonymous():
# If Twitter is enabled in config, show the Twitter Sign in button
if (isLdap is False):
for isp in OAuthProviders:
if (isp in current_app.blueprints): # pragma: no cover
auth[isp] = True
response = dict(template='account/signin.html',
title="Sign in",
form=form,
auth=auth,
next=request.args.get('next'))
return handle_content_type(response)
else:
# User already signed in, so redirect to home page
return redirect_content_type(url_for("home.home"))
def signin():
"""
Signin method for PYBOSSA users.
Returns a Jinja2 template with the result of signing process.
"""
form = LoginForm(request.body)
isLdap = current_app.config.get('LDAP_HOST', False)
if (request.method == 'POST' and form.validate() and isLdap is False):
password = form.password.data
email_addr = form.email.data.lower()
user = user_repo.search_by_email(email_addr=email_addr)
if user and not user.enabled:
brand = current_app.config['BRAND']
flash(
gettext('Your account is disabled. '
'Please contact your {} administrator.'.format(brand)),
'error')
return redirect(url_for('home.home'))
if user and user.check_password(password):
if not current_app.config.get('ENABLE_TWO_FACTOR_AUTH'):
msg_1 = gettext('Welcome back') + ' ' + user.fullname
flash(msg_1, 'success')
return _sign_in_user(user)
else:
_email_two_factor_auth(user)
url_token = otp.generate_url_token(user.email_addr)
next_url = is_own_url_or_else(request.args.get('next'),
url_for('home.home'))
return redirect_content_type(
url_for('account.otpvalidation',
token=url_token,
next=next_url))
elif user:
msg, method = get_user_signup_method(user)
if method == 'local':
msg = gettext('Ooops, Incorrect email/password')
flash(msg, 'error')
else:
flash(msg, 'info')
else:
msg = gettext("Ooops, we didn't find you in the system, \
did you sign up?")
flash(msg, 'info')
if (request.method == 'POST' and form.validate() and isLdap):
password = form.password.data
cn = form.email.data
ldap_user = None
if ldap.bind_user(cn, password):
ldap_user = ldap.get_object_details(cn)
key = current_app.config.get('LDAP_USER_FILTER_FIELD')
value = ldap_user[key][0]
user_db = user_repo.get_by(ldap=value)
if (user_db is None):
keyfields = current_app.config.get('LDAP_PYBOSSA_FIELDS')
user_data = dict(
fullname=ldap_user[keyfields['fullname']][0],
name=ldap_user[keyfields['name']][0],
email_addr=ldap_user[keyfields['email_addr']][0],
valid_email=True,
ldap=value,
consent=True)
create_account(user_data, ldap_disabled=False)
else:
login_user(user_db, remember=True)
else:
msg = gettext("User LDAP credentials are wrong.")
flash(msg, 'info')
if request.method == 'POST' and not form.validate():
flash(gettext('Please correct the errors'), 'error')
auth = {'twitter': False, 'facebook': False, 'google': False}
if current_user.is_anonymous():
# If Twitter is enabled in config, show the Twitter Sign in button
if (isLdap is False):
if ('twitter' in current_app.blueprints): # pragma: no cover
auth['twitter'] = True
if ('facebook' in current_app.blueprints): # pragma: no cover
auth['facebook'] = True
if ('google' in current_app.blueprints): # pragma: no cover
auth['google'] = True
next_url = is_own_url_or_else(request.args.get('next'),
url_for('home.home'))
response = dict(template='account/signin.html',
title="Sign in",
form=form,
auth=auth,
next=next_url)
return handle_content_type(response)
else:
# User already signed in, so redirect to home page
return redirect_content_type(url_for("home.home"))
