def update(self, db: dataset.Database):
user_table: dataset.Table = db.create_table("users")
user_table.upsert({
"email": self._email,
"name": self._name,
"password": encrypt(self._password),
"aws_access_key_id": encrypt(self._aws_access_key_id),
"aws_secret_key": encrypt(self._aws_secret_key),
"aws_region": encrypt(self._aws_region)}, ['email'])
def validate_user_rights(self, request_data, _session_db, caller_name):
valid_session_data = None
session_user = None
if hasattr(request_data, "session_token"):
session_user = gen.validate_user_rights(_session_db,
request_data.session_token,
caller_name)
if session_user is False:
valid_session_data = login.InvalidSessionToken()
logger.logKnowledge(
"info", "invalid_user_session",
"user:%s, caller_name:%s, request:%s" %
(session_user, caller_name, request.url))
print valid_session_data, session_user
if valid_session_data is None and session_user is not False:
if hasattr(request_data, "request"):
if hasattr(request_data.request, "password") and type(
request_data.request) != consoleadmin.SaveDBServer:
print "password validation"
enc_pwd = encrypt(request_data.request.password)
if gen.verify_password(_session_db, session_user,
enc_pwd) == 0:
valid_session_data = login.InvalidPassword()
logger.logKnowledge(
"info", "invalid_user_password",
"user:%s, caller_name:%s, request:%s" %
(session_user, caller_name, request.url))
return valid_session_data, session_user
def process_mobile_login(db, request, session_user_ip):
login_type = request.login_type
username = request.username
password = request.password
encrypt_password = encrypt(password)
try:
response = verify_login(db, username, encrypt_password)
is_success = response[0]
if is_success is False:
return login.InvalidCredentials(None)
username = response[2]
verified_login = response[3]
user_info = response[4]
forms = response[5]
user_category_id = verified_login.get('user_category_id')
if is_success is False and username is None:
return login.InvalidCredentials(None)
if is_success:
if user_category_id == 3:
return mobile_user_login_respone(db, login_type,
session_user_ip, user_info,
forms)
else:
return login.InvalidCredentials(None)
except Exception, e:
print e
def process_verify_password(db, request, user_id):
password = request.password
encrypt_password = encrypt(password)
response = verify_password(db, user_id, encrypt_password)
if response == 0:
return generalprotocol.InvalidPassword()
else:
return generalprotocol.VerifyPasswordSuccess()
def verify_password(db, user_id, password):
ec_password = encrypt(password)
q = "SELECT username from tbl_user_login_details where user_id = %s and password = %s"
data_list = db.select_one(q, [user_id, ec_password])
if data_list is None:
return False
else:
return True
def check_already_used_password(db, password, user_id):
result = db.call_proc("sp_forgot_password_old_pass_check", (
encrypt(password),
user_id,
))
print "len(result)--", len(result)
if len(result) > 0:
return False
else:
return True
def verify_new_password(db, new_password, user_id):
encrypted_password = encrypt(new_password)
row = db.call_proc("sp_verify_password", (
user_id,
encrypted_password,
))
if (int(row[0]["count"]) <= 0):
return True
else:
return False
def process_reset_password(db, request):
user_id = validate_reset_token(db, request.reset_token)
if user_id is not None:
if check_already_used_password(db, encrypt(request.new_password),
user_id):
update_password(db, request.new_password, user_id)
delete_used_token(db, request.reset_token)
return clientlogin.ResetPasswordSuccess()
else:
return clientlogin.EnterDifferentPassword()
else:
return clientlogin.InvalidResetToken()
def verify_password(db, password, user_id):
print password
encrypted_password = encrypt(password)
print encrypted_password
row = db.call_proc("sp_verify_password", (
user_id,
encrypted_password,
))
if (int(row[0]["count"]) <= 0):
return False
else:
return True
def process_save_logindetails(db, request, company_id):
username = request.username
password = request.password
# duplication username validation
if check_username_duplicate(db, username) is False:
return clientlogin.UsernameAlreadyExists()
else:
encrypt_password = encrypt(password)
token = request.token
if save_login_details(db, token, username, encrypt_password,
company_id):
return clientlogin.SaveRegistrationSuccess()
else:
return clientlogin.InvalidSessionToken()
def update_password(db, password, user_id):
result = db.call_proc_with_multiresult_set(
"sp_tbl_user_login_details_update", (user_id, encrypt(password)), 1)
if len(result) == 0:
raise fetch_error()
employee_name = result[0][0]["username"]
action = "\"%s\" has updated his/her password" % (employee_name)
db.save_activity(user_id, 0, action)
if result:
return True
else:
return False
def process_login(db, request, client_id, session_user_ip):
login_type = request.login_type
username = request.username
short_name = request.short_name
encrypt_password = encrypt(request.password)
user_ip = session_user_ip
user_id = verify_username(db, username)
if user_id is None:
return clientlogin.InvalidCredentials(None)
else:
response = verify_login(db, username, encrypt_password)
print response
if response is False:
return invalid_credentials(db, user_id, session_user_ip)
elif response == "blocked" or response == "disabled":
return clientlogin.DisabledUser()
else:
delete_login_failure_history(db, user_id)
return user_login_response(db, response, client_id, user_ip,
short_name, login_type.lower())
