Ejemplo n.º 1
0
def check_password(user,
                   pwd,
                   doctype="User",
                   fieldname="password",
                   delete_tracker_cache=True):
    """Checks if user and password are correct, else raises frappe.AuthenticationError"""

    result = (frappe.qb.from_(Auth).select(
        Auth.name, Auth.password).where((Auth.doctype == doctype)
                                        & (Auth.name == user)
                                        & (Auth.fieldname == fieldname)
                                        & (Auth.encrypted == 0)).limit(1).run(
                                            as_dict=True))

    if not result or not passlibctx.verify(pwd, result[0].password):
        raise frappe.AuthenticationError(_("Incorrect User or Password"))

    # lettercase agnostic
    user = result[0].name

    # TODO: This need to be deleted after checking side effects of it.
    # We have a `LoginAttemptTracker` that can take care of tracking related cache.
    if delete_tracker_cache:
        delete_login_failed_cache(user)

    if not passlibctx.needs_update(result[0].password):
        update_password(user, pwd, doctype, fieldname)

    return user
Ejemplo n.º 2
0
def check_password(user, pwd, doctype='User', fieldname='password'):
    '''Checks if user and password are correct, else raises frappe.AuthenticationError'''

    auth = frappe.db.sql("""select name, `password`, salt from `__Auth`
		where doctype=%(doctype)s and name=%(name)s and fieldname=%(fieldname)s and encrypted=0
		and (
			(salt is null and `password`=password(%(pwd)s))
			or `password`=password(concat(%(pwd)s, salt))
		)""", {
        'doctype': doctype,
        'name': user,
        'fieldname': fieldname,
        'pwd': pwd
    },
                         as_dict=True)

    if not auth:
        raise frappe.AuthenticationError('Incorrect User or Password')

    salt = auth[0].salt
    if not salt:
        # sets salt and updates password
        update_password(user, pwd, doctype, fieldname)

    # lettercase agnostic
    user = auth[0].name

    return user
Ejemplo n.º 3
0
def check_password(user,
                   pwd,
                   doctype='User',
                   fieldname='password',
                   delete_tracker_cache=True):
    '''Checks if user and password are correct, else raises frappe.AuthenticationError'''

    auth = frappe.db.sql("""select `name`, `password` from `__Auth`
		where `doctype`=%(doctype)s and `name`=%(name)s and `fieldname`=%(fieldname)s and `encrypted`=0""",
                         {
                             'doctype': doctype,
                             'name': user,
                             'fieldname': fieldname
                         },
                         as_dict=True)

    if not auth or not passlibctx.verify(pwd, auth[0].password):
        raise frappe.AuthenticationError(_('Incorrect User or Password'))

    # lettercase agnostic
    user = auth[0].name

    # TODO: This need to be deleted after checking side effects of it.
    # We have a `LoginAttemptTracker` that can take care of tracking related cache.
    if delete_tracker_cache:
        delete_login_failed_cache(user)

    if not passlibctx.needs_update(auth[0].password):
        update_password(user, pwd, doctype, fieldname)

    return user
Ejemplo n.º 4
0
def check_password(user, pwd, doctype='User', fieldname='password'):
	'''Checks if user and password are correct, else raises frappe.AuthenticationError'''

	auth = frappe.db.sql("""select name, `password` from `__Auth`
		where doctype=%(doctype)s and name=%(name)s and fieldname=%(fieldname)s and encrypted=0""",
		{'doctype': doctype, 'name': user, 'fieldname': fieldname}, as_dict=True)

	if not auth or not passlibctx.verify(pwd, auth[0].password):
		raise frappe.AuthenticationError(_('Incorrect User or Password'))

	# lettercase agnostic
	user = auth[0].name
	delete_login_failed_cache(user)

	if not passlibctx.needs_update(auth[0].password):
		update_password(user, pwd, doctype, fieldname)

	return user
Ejemplo n.º 5
0
def logged_and_redirect(user_name,password,email,contact_no):
	
	save = False

	if not frappe.db.exists("User", email):
		# is signup disabled?
		if frappe.utils.cint(frappe.db.get_single_value("Website Settings", "disable_signup")):
			raise SignupDisabledError

		save = True
		user = frappe.new_doc("User")

		user.update({
			"doctype":"User",
			"first_name": user_name,
			"email": email,
			"enabled": 1,
			"new_password": password,
			"user_type": "System User"
		})

		user.flags.ignore_permissions = True
		user.flags.no_welcome_mail = True
		user.save()
		user.add_roles("Accounts User","Purchase Master Manager","Sales Master Manager")
		make_redirect_url(email,contact_no)

	if frappe.session.user and frappe.session.user == email:
		flag = "User already logged in"
		make_redirect_url(email,contact_no,flag)	

	# elif email == check_password(email,password):
	# 	make_redirect_url(email,contact_no)

	elif password == get_salt_key(email)[0]["salt"]:
		make_redirect_url(email,contact_no)	

	else:
		raise frappe.AuthenticationError('Incorrect User or key')	
def check_pin(user, pin):
    doctype = 'User'
    fieldname = 'pin'
    '''Checks if user and password are correct, else raises frappe.AuthenticationError'''

    auth = frappe.db.sql("""select `name`, `password` from `__Auth`
    where `doctype`=%(doctype)s and `name`=%(name)s and `fieldname`=%(fieldname)s and `encrypted`=1""",
                         {
                             'doctype': doctype,
                             'name': user,
                             'fieldname': fieldname
                         },
                         as_dict=True)

    # if not auth or not passlibctx.verify(pin, auth[0].password):
    if not auth or not pin == decrypt(auth[0].password):
        raise frappe.AuthenticationError(_('Incorrect User or Password'))

    # lettercase agnostic
    user = auth[0].name
    delete_login_failed_cache(user)

    frappe.local.login_manager.login_as(user)