def clear_login_attempts(self):
userid = self.request.form.get('userid')
user = api.user.get(userid)
lockout = LockoutManager(self.context, userid)
lockout.clear()
lockout = LockoutManager(self.context, user.getUserName())
lockout.clear()
def authenticate(self, username=None, password=None, country=None):
"""
return true if successfull
"""
if not self.is_zope_root:
manager = LockoutManager(self.context, username)
if manager.maxed_number_of_attempts():
raise AuthenticationMaxedLoginAttempts()
manager.add_attempt()
for acl_users in self.get_acl_users():
# if not root, could be more than one to check against
user = acl_users.authenticate(username, password, self.request)
if user:
break
if user is None:
return False, user
if not self.is_zope_root:
manager.clear()
if user.getRoles() == ['Authenticated']:
raise AuthenticationUserDisabled()
if self.registry:
allowed_countries = self.registry.get(
'plone.restrict_logins_to_countries')
if allowed_countries and country:
if country not in allowed_countries:
if not self.country_exception_granted(user.getId()):
raise AuthenticationCountryBlocked()
if not self.is_zope_root:
member = api.user.get(user.getId())
reset_password = member.getProperty(
'reset_password_required', False)
reset_time = member.getProperty('reset_password_time', None)
if reset_password and reset_time:
if reset_time + (24 * 60 * 60) < time.time():
raise AuthenticationPasswordResetWindowExpired()
acl_users.session._setupSession(user.getId(), self.request.response)
notify(UserLoggedInEvent(user))
return True, user
def authenticate(self,
username=None,
password=None,
country=None,
login=True):
"""return true if successfull
login: if a successful authentication should result in the user being
logged in
"""
if not self.is_zope_root:
manager = LockoutManager(self.context, username)
if manager.maxed_number_of_attempts():
raise AuthenticationMaxedLoginAttempts()
manager.add_attempt()
for acl_users in self.get_acl_users():
# if not root, could be more than one to check against
user = acl_users.authenticate(username, password, self.request)
if user:
break
if user is None:
return False, user
if not self.is_zope_root:
manager.clear()
if user.getRoles() == ['Authenticated']:
raise AuthenticationUserDisabled()
if self.registry:
allowed_countries = self.registry.get(
'plone.restrict_logins_to_countries')
if allowed_countries and country:
if country not in allowed_countries:
if not self.country_exception_granted(user.getId()):
raise AuthenticationCountryBlocked()
if not self.is_zope_root:
member = api.user.get(user.getId())
reset_password = member.getProperty('reset_password_required',
False)
reset_time = member.getProperty('reset_password_time', None)
if reset_password and reset_time:
if reset_time + (24 * 60 * 60) < time.time():
raise AuthenticationPasswordResetWindowExpired()
if login:
acl_users.session._setupSession(user.getId(),
self.request.response)
try:
notify(UserLoggedInEvent(user))
except ConnectionStateError:
# On root login, it's possible no db state
# is loaded but the key ring needs to be rotated.
# This can cause an difficult to reproduce error.
# Really, we don't care so much if we see this
# error here. It'll get rotated another time.
pass
return True, user
def __call__(self):
manager = LockoutManager(self.context, self.request.get('username'))
self.attempts = manager.get_attempts_this_window()
self.manager = manager
return self.index()