Ejemplos de get_login_method en Python

Ejemplo n.º 1

def do(data, resource):
    body = {}
    params = data['params']

    email = params['email']
    password = params['password']
    extra = params.get('extra', {})

    salt = Salt.get_salt(32)
    password_hash = hash_password(password, salt)
    password_meta = {
        'count': len(password),
        'count_lowercase': len([c for c in password if c.islower()]),
        'count_uppercase': len([c for c in password if c.isupper()]),
        'count_special': len([c for c in password if c in string.punctuation]),
    }

    partition = 'user'
    data['params']['login_method'] = 'email_login'
    login_conf = get_login_method(data, resource)['item']
    register_policy_code = login_conf.get('register_policy_code', None)

    if not data.get('admin', False):
        if not match_policy(register_policy_code, extra, password_meta):
            body['error'] = error.REGISTER_POLICY_VIOLATION
            return body

    default_group_name = login_conf['default_group_name']
    enabled = login_conf['enabled']
    if enabled == 'true':
        enabled = True
    elif enabled == 'false':
        enabled = False

    if not enabled:
        body['error'] = error.EMAIL_LOGIN_INVALID
        return body

    instructions = [(None, ('email', 'eq', email))]
    items, end_key = resource.db_query(partition, instructions)
    users = list(items)
    if len(users) > 0:
        body['error'] = error.EXISTING_ACCOUNT
        return body
    else:
        item = {
            'email': email,
            'password_hash': password_hash,
            'salt': salt,
            'groups': [default_group_name],
            'login_method': 'email_login',
        }
        # Put extra value in the item
        for key in extra:
            if key not in item:
                item[key] = extra[key]
        resource.db_put_item(partition, item)
        body['item'] = item
        return body

Ejemplo n.º 2

Archivo: login_secure.py Proyecto: hubaimaster/aws-interface

def do(data, resource):
    body = {}
    params = data['params']

    email = params.get('email', None)
    password = params.get('password', None)
    client_timestamp = params.get('client_timestamp', time.time())
    client_timestamp = int(client_timestamp)

    data['params']['login_method'] = 'email_login'
    login_conf = get_login_method(data, resource)['item']
    enabled = login_conf['enabled']
    if enabled == 'true':
        enabled = True
    elif enabled == 'false':
        enabled = False

    if not enabled:
        body['error'] = error.EMAIL_LOGIN_INVALID
        return body

    instructions = [
        (None, ('email', 'eq', email)),
        ('and', ('login_method', 'eq', 'email_login')),
    ]
    items, end_key = resource.db_query('user', instructions)
    if len(items) > 0:
        user = items[0]
        password_hash = user['password_hash']
        salt = user['salt']
        if password_hash == hash_password(password, salt):
            user_id = user['id']
            session_id = token_urlsafe(32)
            session_public_key = token_urlsafe(32)

            session_item = {
                'use_secure': True,  # 세션 보안 사용
                '__spk': session_public_key,
                'user_id': user_id,
                'session_type': 'email_login',
                'client_ip': data.get('client_ip', None),
                'timestamp_offset': client_timestamp - int(time.time())
            }
            _ = resource.db_put_item('session', session_item,
                                     Hash.sha3_512(session_id))
            body['session_id'] = session_id
            body['__spk'] = session_public_key
            body['user_id'] = user_id
        else:
            body['error'] = error.WRONG_PASSWORD
    else:
        body['error'] = error.NO_SUCH_ACCOUNT
    return body

Ejemplo n.º 3

Archivo: guest.py Proyecto: tronze/aws-interface

def do(data, resource):
    body = {}
    params = data['params']

    guest_id = params.get('guest_id', None)

    data['params']['login_method'] = 'guest_login'
    login_conf = get_login_method(data, resource)['body']['item']

    default_group_name = login_conf['default_group_name']
    enabled = login_conf['enabled']
    if enabled == 'true':
        enabled = True
    elif enabled == 'false':
        enabled = False

    if not enabled:
        body['error'] = error.GUEST_LOGIN_INVALID
        return Response(body)

    if guest_id:
        item = resource.db_get_item(guest_id)
        if item:
            session_id = put_guest_session(resource, guest_id)
            body['session_id'] = session_id
            body['guest_id'] = guest_id
            return Response(body)
        else:
            body['error'] = error.NO_SUCH_GUEST
            return Response(body)
    else:
        guest_id = shortuuid.uuid()
        email = '{}@guest.com'.format(shortuuid.uuid())
        item = {
            'email': email,
            'groups': [default_group_name],
            'login_method': 'guest_login',
        }
        resource.db_put_item('user', item, item_id=guest_id)
        session_id = put_guest_session(resource, guest_id)
        body['session_id'] = session_id
        body['guest_id'] = guest_id
        return Response(body)

Ejemplo n.º 4

Archivo: change_password.py Proyecto: hubaimaster/aws-interface

def do(data, resource):
    body = {}
    user = data['user']
    params = data['params']

    current_password = params.get('current_password')
    new_password = params.get('new_password')

    password_hash = user['password_hash']
    salt = user['salt']

    data['params']['login_method'] = 'email_login'
    login_conf = get_login_method(data, resource)['item']
    register_policy_code = login_conf.get('register_policy_code', None)

    password_meta = {
        'count': len(new_password),
        'count_lowercase': len([c for c in new_password if c.islower()]),
        'count_uppercase': len([c for c in new_password if c.isupper()]),
        'count_special':
        len([c for c in new_password if c in string.punctuation]),
    }

    if not data.get('admin', False):
        if not match_policy(register_policy_code, user, password_meta):
            body['error'] = error.REGISTER_POLICY_VIOLATION
            return body

    if hash_password(current_password, salt) == password_hash:
        new_password_hash = hash_password(new_password, salt)
        # user['password_hash'] = new_password_hash
        user_id = user.get('id')
        success = resource.db_update_item_v2(
            user_id, {
                'partition': 'user',
                'password_hash': password_hash,
                'updated_date': float(time.time())
            })
        body['user_id'] = user.get('id')
        body['success'] = success
    else:
        body['error'] = error.PERMISSION_DENIED
    return body

Ejemplo n.º 5

Archivo: login.py Proyecto: sskimin4/aws-interface

def do(data, resource):
    body = {}
    params = data['params']

    email = params.get('email', None)
    password = params.get('password', None)

    data['params']['login_method'] = 'email_login'
    login_conf = get_login_method(data, resource)['item']
    enabled = login_conf['enabled']
    if enabled == 'true':
        enabled = True
    elif enabled == 'false':
        enabled = False

    if not enabled:
        body['error'] = error.EMAIL_LOGIN_INVALID
        return body

    instructions = [
        (None, ('email', 'eq', email)),
        ('and', ('login_method', 'eq', 'email_login')),
    ]
    items, end_key = resource.db_query('user', instructions)
    if len(items) > 0:
        user = items[0]
        password_hash = user['password_hash']
        salt = user['salt']
        if password_hash == hash_password(password, salt):
            user_id = user['id']
            session_id = token_urlsafe(32)
            session_item = {
                'user_id': user_id,
                'session_type': 'email_login',
            }
            _ = resource.db_put_item('session', session_item,
                                     Hash.sha3_512(session_id))
            body['session_id'] = session_id
        else:
            body['error'] = error.WRONG_PASSWORD
    else:
        body['error'] = error.NO_SUCH_ACCOUNT
    return body

Ejemplo n.º 6

def do(data, resource):
    body = {}
    params = data['params']
    user = data.get('user', None)
    session_id = params.get('session_id', None)

    data['params']['login_method'] = 'guest_login'
    login_conf = get_login_method(data, resource)['item']

    default_group_name = login_conf['default_group_name']
    enabled = login_conf['enabled']
    if enabled == 'true':
        enabled = True
    elif enabled == 'false':
        enabled = False

    if not enabled:
        body['error'] = error.GUEST_LOGIN_INVALID
        return body

    if user:
        body['session_id'] = session_id
        body['guest_id'] = user['id']
        return body
    else:
        guest_id = shortuuid.uuid()
        email = '{}@guest.com'.format(shortuuid.uuid())
        item = {
            'email': email,
            'groups': [default_group_name],
            'login_method': 'guest_login',
            'name': 'Guest'
        }
        resource.db_put_item('user', item, item_id=guest_id)
        session_id = put_guest_session(resource, guest_id)
        body['session_id'] = session_id
        body['guest_id'] = guest_id
        return body

Ejemplo n.º 7

def do(data, resource):
    body = {}
    params = data['params']

    email = params['email']
    password = params['password']

    # 추가적으로 삽입할 데이터들을 가져옵니다.
    extra = params.get('extra', {})

    # 빈 값들은 세팅에서 제외합니다.
    extra = {
        key: value
        for key, value in extra.items()
        if value != '' and value != {} and value != []
    }

    # 높은 암호화 수준을 위해 Salt 를 랜덤 생성합니다.
    salt = Salt.get_salt(32)

    # 사용자가 입력한 password 를 salt 와 함께 sha3_512 으로 해싱합니다.
    password_hash = hash_password(password, salt)

    # 비밀번호 정책 기준을 충족하는지 체크하기 위해 delegate 함수로 비밀번호의 메타 정보를 체크합니다.
    password_meta = {
        'count': len(password),
        'count_lowercase': len([c for c in password if c.islower()]),
        'count_uppercase': len([c for c in password if c.isupper()]),
        'count_special': len([c for c in password if c in string.punctuation]),
    }

    partition = 'user'
    data['params']['login_method'] = 'email_login'
    login_conf = get_login_method(data, resource)['item']

    # 사용자의 가입 정책기준을 가져옵니다.
    register_policy_code = login_conf.get('register_policy_code', None)

    if not data.get('admin', False):
        # 사용자 가입 정책에 부합하는지 확인합니다. 부합하지 않으면 정책 위반 에러를 리턴합니다.
        if not match_policy(register_policy_code, extra, password_meta):
            body['error'] = error.REGISTER_POLICY_VIOLATION
            return body

    # 시스템의 Login config 에 저장된대 기본 가입 그룹 이름을 가져옵니다.
    default_group_name = login_conf['default_group_name']

    # 시스템에서 로그인이 허용되는지 체크합니다.
    enabled = login_conf['enabled']
    if enabled == 'true':
        enabled = True
    elif enabled == 'false':
        enabled = False

    # 로그인 허용이 되지 않는 경우입니다.
    if not enabled:
        body['error'] = error.EMAIL_LOGIN_INVALID
        return body

    # email 로 사용자가 있는지 확인합니다.
    instructions = [[None, 'email', 'eq', email]]
    items, end_key = resource.db_query(partition, instructions)
    users = list(items)

    # 이미 해당 이메일로 가입된 멤버가 있는 경우
    if len(users) > 0:
        body['error'] = error.EXISTING_ACCOUNT
        return body
    else:
        # 해싱된 비밀번호로 회원 가입을 진행합니다.
        item = {
            'id': str(uuid()),
            'email': email,
            'password_hash': password_hash,
            'salt': salt,
            'groups': [default_group_name],
            'login_method': 'email_login',
        }
        # Put extra value in the item
        for key in extra:
            if key not in item:
                item[key] = extra[key]
        resource.db_put_item(partition, item, item_id=item['id'])
        body['item'] = item
        return body