def _on_signin(self, data, auth_info, provider):
"""
Callback whenever a new or existing user is signing in
Args:
data Dictionary containing the user's info retrieved from the provider
auth_info Dictionary containing the authentication info retrieved from the provider
provider String representing the name of the provider (i.e. google, facebook)
"""
auth_id = '%s:%s' % (provider, data['id'])
logging.info('Looking for a user with id %s', auth_id)
user = self.auth.store.user_model.get_by_auth_id(auth_id)
_attrs = self._to_user_model_attrs(data, self.USER_ATTRS[provider])
if self.should_create_admin():
logging.info('Creating admin user')
_attrs['is_admin'] = 'YES'
ok, user = self.auth.store.user_model.create_user(auth_id, **_attrs)
if ok:
self.auth.set_session(self.auth.store.user_to_dict(user))
return self.redirect('/admin')
should_update_user = False
if user:
logging.info('Found existing user to log in')
# Existing users might've changed their profile data so we update our
# local model if they have.
for property in user._properties:
if property in _attrs and getattr(user, property) != _attrs[property]:
logging.info('Updating existing user credentials')
should_update_user = True
break
else:
user = self.check_if_user_exists(_attrs)
if user:
logging.info('Existing user logging in with new provider')
should_update_user = True
user.auth_ids.append(auth_id)
else:
pending_user_list = PendingUsersList.shared_list()
if pending_user_list.is_user_approved(_attrs['email_address']):
logging.info('Creating a brand new user')
ok, user = self.auth.store.user_model.create_user(auth_id, **_attrs)
else:
logging.info('User {0} is not approved'.format(_attrs['email_address']))
pending_user_list.add_user_to_approval_waitlist(_attrs['email_address'])
return self.redirect('/login')
if should_update_user:
user.populate(**_attrs)
user.put()
self.auth.set_session(self.auth.store.user_to_dict(user))
if user.is_admin_user():
return self.redirect('/admin')
# Else go to the profile page
self.redirect('/profile')
def post(self):
'''
Login attempt or request for account
'''
email_address = self.request.POST['email']
try:
request_account = self.request.POST['request_account']
except KeyError:
request_account = False
# Login attempt, need to grab password too
password = self.request.POST['password']
try:
user = self.auth.get_user_by_password(email_address, password, remember=True)
# Success, put user in the session and redirect to home page
# Has this user been approved? Or is the user the admin? Login either way
pending_users_list = PendingUsersList.shared_list()
userdb = User.get_by_id(user["user_id"])
if hasattr(userdb, 'is_admin'):
isAdmin = userdb.is_admin
else:
isAdmin = False
if not isAdmin and pending_users_list.email_verification_required and not userdb.is_verified():
context = {
'error_alert': True,
'alert_message': 'You need to verify your account before you can login.'
}
return self.render_response('login.html', **context)
if not isAdmin and pending_users_list.admin_approval_required and not pending_users_list.is_user_approved(email_address):
# Not approved, add to approval waitlist
pending_users_list.add_user_to_approval_waitlist(email_address)
context = {
'error_alert': True,
'alert_message': 'You need to be approved by the admin before you can login.'
}
return self.render_response('login.html', **context)
# All Clear
self.auth.set_session(user)
return self.redirect('/')
except (InvalidAuthIdError, InvalidPasswordError) as e:
logging.info('Login failed for user: {0} with exception: {1}'.format(email_address, e))
context = {
'error_alert': True,
'alert_message': 'The email or password you entered is incorrect.'
}
return self.render_response('login.html', **context)
def post(self):
'''
Login attempt or request for account
'''
email_address = self.request.POST['email']
try:
request_account = self.request.POST['request_account']
except KeyError:
request_account = False
# Login attempt, need to grab password too
password = self.request.POST['password']
try:
user = self.auth.get_user_by_password(email_address,
password,
remember=True)
# Success, put user in the session and redirect to home page
# Has this user been approved? Or is the user the admin? Login either way
pending_users_list = PendingUsersList.shared_list()
userdb = User.get_by_id(user["user_id"])
if hasattr(userdb, 'is_admin'):
isAdmin = userdb.is_admin
else:
isAdmin = False
if pending_users_list.is_user_approved(email_address) or isAdmin:
self.auth.set_session(user)
return self.redirect('/')
else:
# Not approved, add to approval waitlist
pending_users_list.add_user_to_approval_waitlist(email_address)
context = {
'error_alert':
True,
'alert_message':
'You need to be approved by the admin before you can login.'
}
return self.render_response('login.html', **context)
except (InvalidAuthIdError, InvalidPasswordError) as e:
logging.info(
'Login failed for user: {0} with exception: {1}'.format(
email_address, e))
context = {
'error_alert': True,
'alert_message':
'The email or password you entered is incorrect.'
}
return self.render_response('login.html', **context)
def post(self):
'''
Login attempt or request for account
'''
email_address = self.request.POST['email']
try:
request_account = self.request.POST['request_account']
except KeyError:
request_account = False
if request_account:
# Just an email address here, we should first make sure they havent been approved
pending_users_list = PendingUsersList.shared_list()
if pending_users_list.is_user_approved(email_address):
context = {
'approved_user_message': True
}
return self.render_response('user_registration.html', **context)
# Now add to approval waitlist
success = pending_users_list.add_user_to_approval_waitlist(email_address)
if success:
context = {
'success_alert': True,
'alert_message': 'Successfully requested an account!'
}
return self.render_response('login.html', **context)
else:
context = {
'error_alert': True,
'alert_message': 'You have already requested an account.'
}
return self.render_response('login.html', **context)
else:
# Login attempt, need to grab password too
password = self.request.POST['password']
try:
user = self.auth.get_user_by_password(email_address, password, remember=True)
# Success, put user in the session and redirect to home page
self.auth.set_session(user)
return self.redirect('/')
except (InvalidAuthIdError, InvalidPasswordError) as e:
logging.info('Login failed for user: {0} with exception: {1}'.format(email_address, e))
context = {
'error_alert': True,
'alert_message': 'The email or password you entered is incorrect.'
}
return self.render_response('login.html', **context)
def request_user_account(cls, email_address):
'''
'''
# Check if already approved
pending_users_list = PendingUsersList.shared_list()
if pending_users_list.is_user_approved(email_address):
result = {
'success': True,
'approved': True
}
return result
# Now add to approval waitlist
success = pending_users_list.add_user_to_approval_waitlist(email_address)
if success:
result = { 'success': True }
return result
else:
# User already requested an account...
result = { 'success': False }
return result
def register_new_user(cls, params):
'''
'''
email_address = params[cls.PARAM_USER_EMAIL]
password = params[cls.PARAM_USER_PASS]
name = params[cls.PARAM_USER_NAME]
# Has this user been approved?
pending_users_list = PendingUsersList.shared_list()
if pending_users_list.is_user_approved(email_address):
# Then create the user
_attrs = {
'email_address': email_address,
'name': name,
'password_raw': password
}
success, user = cls.auth.store.user_model.create_user(
email_address,
**_attrs
)
if success:
# Remove the user from the approved list now
pending_users_list.remove_user_from_approved_list(email_address)
result = { 'success': True }
return result
else:
# Some unexpected error
logging.info("Acount registration failed for: {0}".format(user))
result = { 'success': False }
return result
else:
# Not approved
result = {
'success': False,
'message': 'You need to be approved by the admin before you can create an account.'
}
return result
def post(self):
'''
This is where user registration takes place, both for regular users as well as admins.
An admin registers by presenting a secret token in the query string, which will be sent with the
POST data.
A user can register only if they have been approved by the admin, i.e. they are in the approved_users
list (see admin.py).
'''
logging.info(self.request.POST)
try:
secret_key = self.request.POST['secret_key']
except KeyError:
secret_key = None
if secret_key is None:
# Normal user registration
logging.info('Registering a normal user...')
user_email = self.request.POST['email']
# Just an email address here, we should first make sure they havent been approved
pending_users_list = PendingUsersList.shared_list()
# Now add to approval waitlist
if pending_users_list.is_user_approved(user_email):
success = True
approved = True
elif pending_users_list.user_exists(user_email):
success = True
approved = False
else:
success = pending_users_list.add_user_to_approval_waitlist(user_email)
approved = False
if success:
# Then create the user
_attrs = {
'email_address': user_email,
'name': self.request.POST['name'],
'password_raw': self.request.POST['password']
}
success, user = self.auth.store.user_model.create_user(user_email, **_attrs)
if success:
if approved:
context = {
'success_alert': True,
'alert_message': 'Account creation successful! Your account is approved and you can log in immediately.'
}
else:
context = {
'success_alert': True,
'alert_message': 'Account creation successful! Once an admin has approved your account, you can login.'
}
return self.render_response('login.html', **context)
else:
logging.info("Acount registration failed for: {0}".format(user))
context = {
'email_address': self.request.POST['email'],
'name': self.request.POST['name'],
'user_registration_failed': True
}
return self.render_response('user_registration.html', **context)
else:
context = {
'error_alert': True,
'alert_message': 'You have already requested an account.'
}
return self.render_response('login.html', **context)
else:
# Attempt to create an admin user
logging.info('Registering an admin user...')
# Check the secret key again
secret_key_attempt = SecretKey(key_string=secret_key)
if secret_key_attempt.isEqualToAdminKey():
# Then we can attempt to create an admin
if User.admin_exists():
logging.info("Admin already exists...")
# Delete the token from the DB and redirect to login, only one admin allowed
SecretKey.clear_stored_key()
return self.redirect('/login')
else:
# CREATE THE ADMIN ALREADY
_attrs = {
'email_address': self.request.POST['email'],
'name': self.request.POST['name'],
'password_raw': self.request.POST['password'],
'is_admin': 'YES'
}
success, user = self.auth.store.user_model.create_user(_attrs['email_address'], **_attrs)
if success:
# Invalidate the token
SecretKey.clear_stored_key()
context = {
'success_alert': True,
'alert_message': 'Account creation successful! You may now log in with your new account.'
}
return self.render_response('login.html', **context)
else:
context = {
'email_address': self.request.POST['email'],
'name': self.request.POST['name'],
'user_registration_failed': True
}
return self.render_response('user_registration.html', **context)
else:
# Unauthorized secret key
context = {
'error_alert': True,
'alert_message': 'Invalid secret token.'
}
return self.render_response('login.html', **context)
def post(self):
'''
This is where user registration takes place, both for regular users as well as admins.
An admin registers by presenting a secret token in the query string, which will be sent with the
POST data.
A user can register only if they have been approved by the admin, i.e. they are in the approved_users
list (see admin.py).
'''
try:
secret_key = self.request.POST['secret_key']
except KeyError:
secret_key = None
if secret_key is None:
# Normal user registration
logging.info('Registering a normal user...')
user_email = self.request.POST['email']
# Just an email address here, we should first make sure they havent been approved
pending_users_list = PendingUsersList.shared_list()
# Now add to approval waitlist
if pending_users_list.is_user_approved(user_email):
success = True
approved = True
elif pending_users_list.user_exists(user_email):
success = True
approved = False
else:
success = pending_users_list.add_user_to_approval_waitlist(
user_email)
approved = False
if success:
# Then create the user
_attrs = {
'email_address': user_email,
'name': self.request.POST['name'],
'password_raw': self.request.POST['password']
}
success, user = self.auth.store.user_model.create_user(
user_email, **_attrs)
if success:
if approved:
context = {
'success_alert':
True,
'alert_message':
'Account creation successful! Your account is approved and you can log in immediately.'
}
else:
context = {
'success_alert':
True,
'alert_message':
'Account creation successful! Once an admin has approved your account, you can login.'
}
return self.render_response('login.html', **context)
else:
logging.info(
"Acount registration failed for: {0}".format(user))
context = {
'email_address': self.request.POST['email'],
'name': self.request.POST['name'],
'user_registration_failed': True
}
return self.render_response('user_registration.html',
**context)
else:
context = {
'error_alert': True,
'alert_message': 'You have already requested an account.'
}
return self.render_response('login.html', **context)
else:
# Attempt to create an admin user
logging.info('Registering an admin user...')
# Check the secret key again
secret_key_attempt = SecretKey(key_string=secret_key)
if secret_key_attempt.isEqualToAdminKey():
# Then we can attempt to create an admin
if User.admin_exists():
logging.info("Admin already exists...")
# Delete the token from the DB and redirect to login, only one admin allowed
SecretKey.clear_stored_key()
return self.redirect('/login')
else:
# CREATE THE ADMIN ALREADY
_attrs = {
'email_address': self.request.POST['email'],
'name': self.request.POST['name'],
'password_raw': self.request.POST['password'],
'is_admin': 'YES'
}
success, user = self.auth.store.user_model.create_user(
_attrs['email_address'], **_attrs)
if success:
# Invalidate the token
SecretKey.clear_stored_key()
context = {
'success_alert':
True,
'alert_message':
'Account creation successful! You may now log in with your new account.'
}
return self.render_response('login.html', **context)
else:
context = {
'email_address': self.request.POST['email'],
'name': self.request.POST['name'],
'user_registration_failed': True
}
return self.render_response('user_registration.html',
**context)
else:
# Unauthorized secret key
context = {
'error_alert': True,
'alert_message': 'Invalid secret token.'
}
return self.render_response('login.html', **context)
def post(self):
'''
This is where user registration takes place, both for regular users as well as admins.
An admin registers by presenting a secret token in the query string, which will be sent with the
POST data.
A user can register only if they have been approved by the admin, i.e. they are in the approved_users
list (see admin.py).
'''
try:
secret_key = self.request.POST['secret_key']
except KeyError:
secret_key = None
if secret_key is None:
# Normal user registration
logging.info('Registering a normal user...')
user_email = self.request.POST['email']
# Just an email address here, we should first make sure they have not been approved
pending_users_list = PendingUsersList.shared_list()
# If the user does not exist, we create it.
if not bool(User.get_by_auth_id(user_email)):
_attrs = {
'email_address': user_email,
'name': self.request.POST['name'],
'password_raw': self.request.POST['password'],
'verified': False
}
success, user = self.auth.store.user_model.create_user(user_email, **_attrs)
if success:
# check if user is preapproved
if pending_users_list.is_user_approved(user_email):
success = True
approved = True
# Has the user been preapproved? If so, we just verify it.
user.verified = True
user.put()
else:
success = pending_users_list.add_user_to_approval_waitlist(user_email)
approved = False
if success:
if approved or (not pending_users_list.email_verification_required and not pending_users_list.admin_approval_required):
context = {
'success_alert': True,
'alert_message': 'Account creation successful! Your account is approved and you can log in immediately.'
}
elif pending_users_list.email_verification_required:
# Create a signup token for the user and send a verification email
token = str(uuid.uuid4())
user.signup_token = token
user.signup_token_time_created=None
user.put()
EmailConfig.send_verification_email(user_email, token)
context = {
'success_alert': True,
'alert_message': 'Account creation successful! You will recieve a verification email, please follow the instructions to activate your account.'
}
elif pending_users_list.admin_approval_required:
context = {
'success_alert': True,
'alert_message': 'Account creation successful! Once an admin has approved your account, you can login.'
}
return self.render_response('login.html', **context)
logging.info("Account registration failed for: {0}".format(user))
context = {
'email_address': self.request.POST['email'],
'name': self.request.POST['name'],
'user_registration_failed': True
}
return self.render_response('user_registration.html', **context)
else:
context = {
'error_alert': True,
'alert_message': 'You have already requested an account.'
}
return self.render_response('login.html', **context)
else:
# Attempt to create an admin user
logging.info('Registering an admin user...')
# Check the secret key again
secret_key_attempt = SecretKey(key_string=secret_key)
if secret_key_attempt.isEqualToAdminKey():
# Then we can attempt to create an admin
if User.admin_exists():
logging.info("Admin already exists...")
# Redirect to login, only one admin allowed
return self.redirect('/login?secret_key={0}'.format(secret_key))
else:
# CREATE THE ADMIN ALREADY
_attrs = {
'email_address': self.request.POST['email'],
'name': self.request.POST['name'],
'password_raw': self.request.POST['password'],
'is_admin': 'YES',
'verified': True
}
success, user = self.auth.store.user_model.create_user(_attrs['email_address'], **_attrs)
if success:
# Invalidate the token
SecretKey.clear_stored_key()
if 'user_mode' in self.request.POST:
if self.request.POST['user_mode'] == 'single':
logging.info("UserRegistrationPage: user_mode set to single")
SingleMultiUserMode.set_single_user_mode()
elif self.request.POST['user_mode'] == 'multi':
logging.info("UserRegistrationPage: user_mode set to multi")
SingleMultiUserMode.set_multi_user_mode()
else:
logging.info("UserRegistrationPage: unknown user_mode {0}".format(self.request.POST['user_mode']))
else:
logging.info("UserRegistrationPage: user_mode not set")
return self.redirect('/login?secret_key={0}'.format(secret_key))
else:
context = {
'email_address': self.request.POST['email'],
'name': self.request.POST['name'],
'user_registration_failed': True
}
return self.render_response('user_registration.html', **context)
else:
# Unauthorized secret key
context = {
'error_alert': True,
'alert_message': 'Invalid secret token.'
}
return self.render_response('login.html', **context)
def post(self):
'''
This is where user registration takes place, both for regular users as well as admins.
An admin registers by presenting a secret token in the query string, which will be sent with the
POST data.
A user can register only if they have been approved by the admin, i.e. they are in the approved_users
list (see admin.py).
'''
try:
secret_key = self.request.POST['secret_key']
except KeyError:
secret_key = None
if secret_key is None:
# Normal user registration
logging.info('Registering a normal user...')
user_email = self.request.POST['email']
# Just an email address here, we should first make sure they have not been approved
pending_users_list = PendingUsersList.shared_list()
# If the user does not exist, we create it.
if not bool(User.get_by_auth_id(user_email)):
_attrs = {
'email_address': user_email,
'name': self.request.POST['name'],
'password_raw': self.request.POST['password'],
'verified': False
}
success, user = self.auth.store.user_model.create_user(
user_email, **_attrs)
if success:
# check if user is preapproved
if pending_users_list.is_user_approved(user_email):
success = True
approved = True
# Has the user been preapproved? If so, we just verify it.
user.verified = True
user.put()
else:
success = pending_users_list.add_user_to_approval_waitlist(
user_email)
approved = False
if success:
if approved or (
not pending_users_list.email_verification_required
and
not pending_users_list.admin_approval_required):
context = {
'success_alert':
True,
'alert_message':
'Account creation successful! Your account is approved and you can log in immediately.'
}
elif pending_users_list.email_verification_required:
# Create a signup token for the user and send a verification email
token = str(uuid.uuid4())
user.signup_token = token
user.signup_token_time_created = None
user.put()
EmailConfig.send_verification_email(user_email, token)
context = {
'success_alert':
True,
'alert_message':
'Account creation successful! You will recieve a verification email, please follow the instructions to activate your account.'
}
elif pending_users_list.admin_approval_required:
context = {
'success_alert':
True,
'alert_message':
'Account creation successful! Once an admin has approved your account, you can login.'
}
return self.render_response('login.html', **context)
logging.info(
"Account registration failed for: {0}".format(user))
context = {
'email_address': self.request.POST['email'],
'name': self.request.POST['name'],
'user_registration_failed': True
}
return self.render_response('user_registration.html',
**context)
else:
context = {
'error_alert': True,
'alert_message': 'You have already requested an account.'
}
return self.render_response('login.html', **context)
else:
# Attempt to create an admin user
logging.info('Registering an admin user...')
# Check the secret key again
secret_key_attempt = SecretKey(key_string=secret_key)
if secret_key_attempt.isEqualToAdminKey():
# Then we can attempt to create an admin
if User.admin_exists():
logging.info("Admin already exists...")
# Redirect to login, only one admin allowed
return self.redirect(
'/login?secret_key={0}'.format(secret_key))
else:
# CREATE THE ADMIN ALREADY
_attrs = {
'email_address': self.request.POST['email'],
'name': self.request.POST['name'],
'password_raw': self.request.POST['password'],
'is_admin': 'YES',
'verified': True
}
success, user = self.auth.store.user_model.create_user(
_attrs['email_address'], **_attrs)
if success:
# Invalidate the token
SecretKey.clear_stored_key()
if 'user_mode' in self.request.POST:
if self.request.POST['user_mode'] == 'single':
logging.info(
"UserRegistrationPage: user_mode set to single"
)
SingleMultiUserMode.set_single_user_mode()
elif self.request.POST['user_mode'] == 'multi':
logging.info(
"UserRegistrationPage: user_mode set to multi"
)
SingleMultiUserMode.set_multi_user_mode()
else:
logging.info(
"UserRegistrationPage: unknown user_mode {0}"
.format(self.request.POST['user_mode']))
else:
logging.info(
"UserRegistrationPage: user_mode not set")
return self.redirect(
'/login?secret_key={0}'.format(secret_key))
else:
context = {
'email_address': self.request.POST['email'],
'name': self.request.POST['name'],
'user_registration_failed': True
}
return self.render_response('user_registration.html',
**context)
else:
# Unauthorized secret key
context = {
'error_alert': True,
'alert_message': 'Invalid secret token.'
}
return self.render_response('login.html', **context)