Ejemplo n.º 1
0
 def change_password(self, user_id, password, new_password):
   user_id = user_id.lower()
   account_key = _account_key(user_id)
   account = self.db.hmget(account_key, 'user_id', 'password')
   if account[0] != user_id or not secret.verify_password(password, account[1]):
     raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
   self.db.hset(account_key, 'password', secret.password_hash(new_password))
Ejemplo n.º 2
0
 def create_session(self,
                    user_id=None,
                    password=None,
                    verify_password=True,
                    key=None):
     '''Create a new session for the account with the given ``user_id`` and ``password``, or an anonymous
   session if anonymous sessions are enabled. This method returns a subclass of ``TotoSession``
   designed for the current backing database. Pass ``verify_password=False`` to create a session
   without checking the password. This feature can be used to implement alternative authentication
   methods like Facebook, Twitter or Google+.
 '''
     if not user_id:
         user_id = ''
     user_id = user_id.lower()
     account = user_id and self._get_account(user_id)
     if user_id and (not account or
                     (verify_password and not secret.verify_password(
                         password, account['password']))):
         raise TotoException(ERROR_USER_NOT_FOUND,
                             "Invalid user ID or password")
     session_id = TotoSession.generate_id()
     expires = time() + (user_id and self.session_ttl
                         or self.anon_session_ttl)
     session_data = {
         'user_id': user_id,
         'expires': expires,
         'session_id': session_id
     }
     if key:
         session_data['key'] = key
     self._prepare_session(account, session_data)
     if not self._cache_session_data(session_data):
         self._store_session(session_id, session_data)
     session = self._instantiate_session(session_data, self._session_cache)
     return session
Ejemplo n.º 3
0
 def create_session(self,
                    user_id=None,
                    password=None,
                    verify_password=True):
     if not user_id:
         user_id = ''
     account = user_id and self.db.accounts.find_one({'user_id': user_id})
     if user_id and (not account or
                     (verify_password and not secret.verify_password(
                         password, account['password']))):
         raise TotoException(ERROR_USER_NOT_FOUND,
                             "Invalid user ID or password")
     session_id = MongoDBSession.generate_id()
     expires = time() + (user_id and self.session_ttl
                         or self.anon_session_ttl)
     session_data = {
         'user_id': user_id,
         'expires': expires,
         'session_id': session_id
     }
     if not self._cache_session_data(session_data):
         self.db.sessions.remove({
             'user_id': user_id,
             'expires': {
                 '$lt': time()
             }
         })
         self.db.sessions.insert(session_data)
     session = MongoDBSession(self.db, session_data, self._session_cache)
     session._verified = True
     return session
Ejemplo n.º 4
0
 def create_session(self,
                    user_id=None,
                    password=None,
                    verify_password=True):
     user_id = user_id.lower()
     if not user_id:
         user_id = ''
     account_key = _account_key(user_id)
     account = user_id and password and self.db.hmget(
         account_key, 'user_id', 'password')
     if user_id and (account[0] != user_id or
                     (verify_password and
                      not secret.verify_password(password, account[1]))):
         raise TotoException(ERROR_USER_NOT_FOUND,
                             "Invalid user ID or password")
     session_id = RedisSession.generate_id()
     ttl = (user_id and self.session_ttl or self.anon_session_ttl)
     expires = time() + ttl
     session_key = _session_key(session_id)
     session_data = {
         'user_id': user_id,
         'expires': expires,
         'session_id': session_id
     }
     if not self._cache_session_data(session_data):
         self.db.setex(session_key, int(ttl),
                       TotoSession.dumps(session_data))
     session = RedisSession(self.db, session_data, self._session_cache)
     session._verified = True
     return session
Ejemplo n.º 5
0
 def create_session(self,
                    user_id=None,
                    password=None,
                    verify_password=True):
     if not user_id:
         user_id = ''
     user_id = user_id.lower()
     account = user_id and self.db.get(
         "select account_id, password from account where user_id = %s",
         user_id)
     if user_id and (not account or
                     (verify_password and not secret.verify_password(
                         password, account['password']))):
         raise TotoException(ERROR_USER_NOT_FOUND,
                             "Invalid user ID or password")
     session_id = MySQLdbSession.generate_id()
     expires = time() + (user_id and self.session_ttl
                         or self.anon_session_ttl)
     session_data = {
         'user_id': user_id,
         'expires': expires,
         'session_id': session_id,
         'account_id': account['account_id']
     }
     if not self._cache_session_data(session_data):
         self.db.execute(
             "delete from session where account_id = %s and expires <= %s",
             account['account_id'], time())
         self.db.execute(
             "insert into session (account_id, expires, session_id) values (%s, %s, %s)",
             account['account_id'], expires, session_id)
     session = MySQLdbSession(self.db, session_data, self._session_cache)
     session._verified = True
     return session
Ejemplo n.º 6
0
 def change_password(self, user_id, password, new_password):
   user_id = user_id.lower()
   account = self.db.get("select account_id, user_id, password from account where user_id = %s", user_id)
   if not account or not secret.verify_password(password, account['password']):
     raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
   self.db.execute("update account set password = %s where account_id = %s", secret.password_hash(new_password), account['account_id'])
   self.clear_sessions(user_id)
Ejemplo n.º 7
0
 def change_password(self, user_id, password, new_password):
   '''Updates the password for the account with the given ``user_id`` and ``password`` to match
   ``new_password`` for all future requests.
   '''
   user_id = user_id.lower()
   account = self._get_account(user_id)
   if not account or not secret.verify_password(password, account['password']):
     raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
   self._update_password(user_id, account, secret.password_hash(new_password))
Ejemplo n.º 8
0
 def change_password(self, user_id, password, new_password):
     user_id = user_id.lower()
     account_key = _account_key(user_id)
     account = self.db.hmget(account_key, 'user_id', 'password')
     if account[0] != user_id or not secret.verify_password(
             password, account[1]):
         raise TotoException(ERROR_USER_NOT_FOUND,
                             "Invalid user ID or password")
     self.db.hset(account_key, 'password',
                  secret.password_hash(new_password))
Ejemplo n.º 9
0
 def change_password(self, user_id, password, new_password):
     '''Updates the password for the account with the given ``user_id`` and ``password`` to match
 ``new_password`` for all future requests.
 '''
     user_id = user_id.lower()
     account = self._get_account(user_id)
     if not account or not secret.verify_password(password,
                                                  account['password']):
         raise TotoException(ERROR_USER_NOT_FOUND,
                             "Invalid user ID or password")
     self._update_password(user_id, account,
                           secret.password_hash(new_password))
Ejemplo n.º 10
0
 def change_password(self, user_id, password, new_password):
     account = self.db.accounts.find_one({'user_id': user_id})
     if not account or not secret.verify_password(password,
                                                  account['password']):
         raise TotoException(ERROR_USER_NOT_FOUND,
                             "Invalid user ID or password")
     self.db.accounts.update(
         {'user_id': user_id},
         {'$set': {
             'password': secret.password_hash(new_password)
         }})
     self.clear_sessions(user_id)
Ejemplo n.º 11
0
 def create_session(self, user_id=None, password=None):
   if not user_id:
     user_id = ''
   account = user_id and self.db.accounts.find_one({'user_id': user_id})
   if user_id and (not account or not secret.verify_password(password, account['password'])):
     raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
   session_id = base64.b64encode(uuid.uuid4().bytes, '-_')[:-2]
   self.db.sessions.remove({'user_id': user_id, 'expires': {'$lt': time()}})
   expires = time() + (user_id and self.session_ttl or self.anon_session_ttl)
   self.db.sessions.insert({'user_id': user_id, 'expires': expires, 'session_id': session_id})
   session = MongoDBSession(self.db, {'user_id': user_id, 'expires': expires, 'session_id': session_id})
   session._verified = True
   return session
Ejemplo n.º 12
0
 def change_password(self, user_id, password, new_password):
     user_id = user_id.lower()
     account = self.db.get(
         "select account_id, user_id, password from account where user_id = %s",
         user_id)
     if not account or not secret.verify_password(password,
                                                  account['password']):
         raise TotoException(ERROR_USER_NOT_FOUND,
                             "Invalid user ID or password")
     self.db.execute(
         "update account set password = %s where account_id = %s",
         secret.password_hash(new_password), account['account_id'])
     self.clear_sessions(user_id)
Ejemplo n.º 13
0
 def create_session(self, user_id=None, password=None, verify_password=True):
   if not user_id:
     user_id = ''
   user_id = user_id.lower()
   account = user_id and self.db.get("select * from account where user_id = %s", (user_id,))
   if user_id and (not account or (verify_password and not secret.verify_password(password, account['password']))):
     raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
   session_id = base64.b64encode(uuid.uuid4().bytes, '-_')[:-2]
   self.db.execute("delete from session where account_id = %s and expires <= %s", (account['account_id'], time()))
   expires = time() + (user_id and self.session_ttl or self.anon_session_ttl)
   self.db.execute("insert into session (account_id, expires, session_id) values (%s, %s, %s)", (account['account_id'], expires, session_id))
   session = PostgresSession(self.db, {'user_id': user_id, 'expires': expires, 'session_id': session_id, 'account_id': account['account_id']})
   session._verified = True
   return session
Ejemplo n.º 14
0
 def create_session(self, user_id=None, password=None, verify_password=True):
   if not user_id:
     user_id = ''
   account = user_id and self.db.accounts.find_one({'user_id': user_id})
   if user_id and (not account or (verify_password and not secret.verify_password(password, account['password']))):
     raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
   session_id = MongoDBSession.generate_id()
   expires = time() + (user_id and self.session_ttl or self.anon_session_ttl)
   session_data = {'user_id': user_id, 'expires': expires, 'session_id': session_id}
   if not self._cache_session_data(session_data):
     self.db.sessions.remove({'user_id': user_id, 'expires': {'$lt': time()}})
     self.db.sessions.insert(session_data)
   session = MongoDBSession(self.db, session_data, self._session_cache)
   return session
Ejemplo n.º 15
0
 def create_session(self, user_id=None, password=None, verify_password=True):
   if not user_id:
     user_id = ''
   user_id = user_id.lower()
   account = user_id and self.db.get("select account_id, password from account where user_id = %s", user_id)
   if user_id and (not account or (verify_password and not secret.verify_password(password, account['password']))):
     raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
   session_id = MySQLdbSession.generate_id()
   expires = time() + (user_id and self.session_ttl or self.anon_session_ttl)
   session_data = {'user_id': user_id, 'expires': expires, 'session_id': session_id, 'account_id': account['account_id']}
   if not self._cache_session_data(session_data):
     self.db.execute("delete from session where account_id = %s and expires <= %s", account['account_id'], time())
     self.db.execute("insert into session (account_id, expires, session_id) values (%s, %s, %s)", account['account_id'], expires, session_id)
   session = MySQLdbSession(self.db, session_data, self._session_cache)
   session._verified = True
   return session
Ejemplo n.º 16
0
 def create_session(self, user_id=None, password=None):
   user_id = user_id.lower()
   if not user_id:
     user_id = ''
   account_key = _account_key(user_id)
   account = user_id and password and self.db.hmget(account_key, 'user_id', 'password')
   if user_id and (account[0] != user_id or not secret.verify_password(password, account[1])):
     raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
   session_id = base64.b64encode(uuid.uuid4().bytes, '-_')[:-2]
   ttl = (user_id and self.session_ttl or self.anon_session_ttl)
   expires = time() + ttl
   session_key = _session_key(session_id)
   self.db.hmset(session_key, {'user_id': user_id, 'expires': expires, 'session_id': session_id})
   self.db.expire(session_key, ttl)
   session = RedisSession(self.db, {'user_id': user_id, 'expires': expires, 'session_id': session_id})
   session._verified = True
   return session
Ejemplo n.º 17
0
 def create_session(self, user_id=None, password=None, verify_password=True):
   user_id = user_id.lower()
   if not user_id:
     user_id = ''
   account_key = _account_key(user_id)
   account = user_id and password and self.db.hmget(account_key, 'user_id', 'password')
   if user_id and (account[0] != user_id or (verify_password and not secret.verify_password(password, account[1]))):
     raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
   session_id = RedisSession.generate_id()
   ttl = (user_id and self.session_ttl or self.anon_session_ttl)
   expires = time() + ttl
   session_key = _session_key(session_id)
   session_data = {'user_id': user_id, 'expires': expires, 'session_id': session_id}
   if not self._cache_session_data(session_data):
     self.db.setex(session_key, int(ttl), TotoSession.dumps(session_data))
   session = RedisSession(self.db, session_data, self._session_cache)
   session._verified = True
   return session
Ejemplo n.º 18
0
 def create_session(self, user_id=None, password=None, verify_password=True, key=None):
   '''Create a new session for the account with the given ``user_id`` and ``password``, or an anonymous
     session if anonymous sessions are enabled. This method returns a subclass of ``TotoSession``
     designed for the current backing database. Pass ``verify_password=False`` to create a session
     without checking the password. This feature can be used to implement alternative authentication
     methods like Facebook, Twitter or Google+.
   '''
   if not user_id:
     user_id = ''
   user_id = user_id.lower()
   account = user_id and self._get_account(user_id)
   if user_id and (not account or (verify_password and not secret.verify_password(password, account['password']))):
     raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
   session_id = TotoSession.generate_id()
   expires = time() + (user_id and self.session_ttl or self.anon_session_ttl)
   session_data = {'user_id': user_id, 'expires': expires, 'session_id': session_id}
   if key:
     session_data['key'] = key
   self._prepare_session(account, session_data)
   if not self._cache_session_data(session_data):
     self._store_session(session_id, session_data)
   session = self._instantiate_session(session_data, self._session_cache)
   return session
Ejemplo n.º 19
0
 def change_password(self, user_id, password, new_password):
   account = self.db.accounts.find_one({'user_id': user_id})
   if not account or not secret.verify_password(password, account['password']):
     raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
   self.db.accounts.update({'user_id': user_id}, {'$set': {'password': secret.password_hash(new_password)}})
   self.clear_sessions(user_id)