Ejemplo n.º 1
0
def verify_password(username_or_token, password):
    if _config and _config.auth.secret_key and username_or_token == DEFAULT_USERNAME:
        return False
    user = User.verify_auth_token(username_or_token)
    if not user:
        # try to authenticate with username/password
        user = User.find_user_by_name(username_or_token)
        if not user or not user.verify_password(password):
            return False
    g.user = user
    return True
Ejemplo n.º 2
0
def _init_default_user():
    if not User.find_user_by_name(DEFAULT_USERNAME):
        message = register_user(DEFAULT_USERNAME, DEFAULT_PASSWORD)
        if message:
            raise Exception(message)
        logging.info('Created default user `{}`'.format(DEFAULT_USERNAME))
    else:
        logging.info(
            'Default user `{}` already exists'.format(DEFAULT_USERNAME))
Ejemplo n.º 3
0
def run_set_activation(username, value):
    user = User.find_user_by_name(username)

    if not user:
        raise ValueError("Username `{}` not found".format(username))

    user.active = value
    user.save()
    print('User`s `{}` active state changed to {}'.format(username, value))
Ejemplo n.º 4
0
Archivo: users.py Proyecto: rbax/plynx
def run_create_user(email, username, password):
    if not username:
        raise ValueError('Username must be specified')
    password = password or ''
    user = User()
    user.username = username
    user.email = email
    user.hash_password(password)
    user.save()
    print('User `{}` created'.format(username))
    return user
Ejemplo n.º 5
0
    def create_demo_user():
        if not DemoUserManager.demo_config.enabled:
            return None

        user = User()
        user.username = '******'.format(DemoUserManager._id_generator())
        user.hash_password(DemoUserManager._id_generator(size=8))
        user.save()
        return user
Ejemplo n.º 6
0
Archivo: user.py Proyecto: rbax/plynx
def post_user():
    data = json.loads(request.data)
    app.logger.warn(data)
    action = data.get('action', '')
    old_password = data.get('old_password', '')
    new_password = data.get('new_password', '')
    if action == UserPostAction.MODIFY:
        posted_user = User.from_dict(data['user'])
        existing_user = UserCollectionManager.find_user_by_name(
            posted_user.username)
        if not existing_user:
            return make_fail_response('User not found'), 404
        if g.user.username != posted_user.username and IAMPolicies.IS_ADMIN not in g.user.policies:
            return make_fail_response(
                'You don`t have permission to modify this user'), 401

        if set(posted_user.policies) != set(existing_user.policies):
            if IAMPolicies.IS_ADMIN not in g.user.policies:
                return make_fail_response(
                    'You don`t have permission to modify policies'), 401
            existing_user.policies = posted_user.policies

        if new_password:
            if not existing_user.verify_password(old_password):
                return make_fail_response('Incorrect password'), 401
            existing_user.hash_password(new_password)

        existing_user.settings = posted_user.settings

        existing_user.save()
        if g.user.username == posted_user.username:
            g.user = posted_user

        is_admin = IAMPolicies.IS_ADMIN in g.user.policies
        user_obj = existing_user.to_dict()
        user_obj['_is_admin'] = is_admin
        user_obj[
            '_readonly'] = existing_user._id != g.user._id and not is_admin
        del user_obj['password_hash']

        return make_success_response({
            'user': user_obj,
        })
    else:
        raise Exception('Unknown action: `{}`'.format(action))

    raise NotImplementedError("Nothing is to return")
Ejemplo n.º 7
0
Archivo: common.py Proyecto: rbax/plynx
def register_user(username, password, email):
    """Register a new user.

    Args:
        username    (str):  Username
        password    (str):  Pasword
        email       (str):  Email

    Return:
        (User):     New user DB Object
    """
    if not username:
        raise RegisterUserException(
            'Missing username',
            error_code=RegisterUserExceptionCode.EMPTY_USERNAME)
    if username != DEFAULT_USERNAME and not password:
        raise RegisterUserException(
            'Missing password',
            error_code=RegisterUserExceptionCode.EMPTY_PASSWORD)
    if UserCollectionManager.find_user_by_name(username):
        raise RegisterUserException(
            'Username is taken',
            error_code=RegisterUserExceptionCode.USERNAME_ALREADY_EXISTS)
    if username != DEFAULT_USERNAME and not re.match(
            r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)", email):
        raise RegisterUserException(
            'Invalid email: `{}`'.format(email),
            error_code=RegisterUserExceptionCode.INVALID_EMAIL)
    if username != DEFAULT_USERNAME and UserCollectionManager.find_user_by_email(
            email):
        raise RegisterUserException(
            'Email already exists',
            error_code=RegisterUserExceptionCode.EMAIL_ALREADY_EXISTS)
    if len(username) < 6 or len(username) > 22:
        raise RegisterUserException(
            'Lenght of the username must be between 6 and 22',
            error_code=RegisterUserExceptionCode.INVALID_LENGTH_OF_USERNAME)

    user = User()
    user.username = username
    user.email = email
    user.hash_password(password)
    user.save()
    return user
Ejemplo n.º 8
0
def register_user(username, password):
    """Register a new user.

    Args:
        username    (str):  Username
        password    (str):  Pasword

    Return:
        (str):  None if success, or error message if failed
    """
    if username is None or password is None:
        return 'Missing username or password'

    if User.find_user_by_name(username):
        return 'User with name `{}` already exists'.format(username)

    user = User()
    user.username = username
    user.hash_password(password)
    user.save()
    return None
Ejemplo n.º 9
0
Archivo: users.py Proyecto: rbax/plynx
def run_list_users():
    for user_dict in User.find_users():
        user = User.from_dict(user_dict)
        print(','.join(map(str, [user._id, user.username])))