def getGateways(self, session):
'''
@see: IAuthenticationService.getGateways
'''
olderThan = self.session().query(current_timestamp()).scalar()
olderThan -= self._sessionTimeOut
sql = self.session().query(LoginMapped)
sql = sql.filter(LoginMapped.Session == session)
sql = sql.filter(LoginMapped.AccessedOn > olderThan)
try: login = sql.one()
except NoResultFound: return ()
assert isinstance(login, LoginMapped), 'Invalid login %s' % login
login.AccessedOn = current_timestamp()
self.session().flush((login,))
self.session().expunge(login)
commitNow()
# We need to fore the commit because if there is an exception while processing the request we need to make
# sure that the last access has been updated.
proc = self._processing
assert isinstance(proc, Processing), 'Invalid processing %s' % proc
solicit = proc.execute(FILL_CLASSES, solicit=proc.ctx.solicit(acl=login.User)).solicit
assert isinstance(solicit, Solicit), 'Invalid solicit %s' % solicit
return solicit.gateways or ()
def performLogin(self, authentication):
'''
@see: IAuthenticationService.performLogin
'''
assert isinstance(authentication, Authentication), 'Invalid authentication %s' % authentication
if authentication.Token is None:
raise InvalidError(_('The login token is required'), Authentication.Token)
if authentication.HashedToken is None:
raise InvalidError(_('The hashed login token is required'), Authentication.HashedToken)
if authentication.UserName is None:
raise InvalidError(_('A user name is required for authentication'), Authentication.UserName)
olderThan = self.session().query(current_timestamp()).scalar()
olderThan -= self._authenticationTimeOut
sql = self.session().query(TokenMapped)
sql = sql.filter(TokenMapped.Token == authentication.Token)
sql = sql.filter(TokenMapped.requestedOn > olderThan)
if sql.delete() > 0:
commitNow() # We make sure that the delete has been performed
sql = self.session().query(UserMapped)
sql = sql.filter(func.lower(UserMapped.UserName) == authentication.UserName.lower()).filter(UserMapped.Active == True)
try:
user = sql.one()
except NoResultFound: user = None
if user is not None:
assert isinstance(user, UserMapped), 'Invalid user %s' % user
hashedToken = hmac.new(bytes(user.UserName, 'utf8'),
bytes(user.password, 'utf8'), hashlib.sha512).hexdigest()
hashedToken = hmac.new(bytes(hashedToken, 'utf8'),
bytes(authentication.Token, 'utf8'), hashlib.sha512).hexdigest()
if authentication.HashedToken == hashedToken:
hash = hashlib.sha512()
hash.update(urandom(self.authentication_token_size))
login = LoginMapped()
login.Session = hash.hexdigest()
login.User = user.Id
login.CreatedOn = login.AccessedOn = current_timestamp()
self.session().add(login)
return login
raise InvalidError(_('Invalid credentials'))
