def change_password(self, user_id, password, new_password):
user_id = user_id.lower()
account_key = _account_key(user_id)
account = self.db.hmget(account_key, 'user_id', 'password')
if account[0] != user_id or not secret.verify_password(password, account[1]):
raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
self.db.hset(account_key, 'password', secret.password_hash(new_password))
def create_session(self,
user_id=None,
password=None,
verify_password=True,
key=None):
'''Create a new session for the account with the given ``user_id`` and ``password``, or an anonymous
session if anonymous sessions are enabled. This method returns a subclass of ``TotoSession``
designed for the current backing database. Pass ``verify_password=False`` to create a session
without checking the password. This feature can be used to implement alternative authentication
methods like Facebook, Twitter or Google+.
'''
if not user_id:
user_id = ''
user_id = user_id.lower()
account = user_id and self._get_account(user_id)
if user_id and (not account or
(verify_password and not secret.verify_password(
password, account['password']))):
raise TotoException(ERROR_USER_NOT_FOUND,
"Invalid user ID or password")
session_id = TotoSession.generate_id()
expires = time() + (user_id and self.session_ttl
or self.anon_session_ttl)
session_data = {
'user_id': user_id,
'expires': expires,
'session_id': session_id
}
if key:
session_data['key'] = key
self._prepare_session(account, session_data)
if not self._cache_session_data(session_data):
self._store_session(session_id, session_data)
session = self._instantiate_session(session_data, self._session_cache)
return session
def create_session(self,
user_id=None,
password=None,
verify_password=True):
if not user_id:
user_id = ''
account = user_id and self.db.accounts.find_one({'user_id': user_id})
if user_id and (not account or
(verify_password and not secret.verify_password(
password, account['password']))):
raise TotoException(ERROR_USER_NOT_FOUND,
"Invalid user ID or password")
session_id = MongoDBSession.generate_id()
expires = time() + (user_id and self.session_ttl
or self.anon_session_ttl)
session_data = {
'user_id': user_id,
'expires': expires,
'session_id': session_id
}
if not self._cache_session_data(session_data):
self.db.sessions.remove({
'user_id': user_id,
'expires': {
'$lt': time()
}
})
self.db.sessions.insert(session_data)
session = MongoDBSession(self.db, session_data, self._session_cache)
session._verified = True
return session
def create_session(self,
user_id=None,
password=None,
verify_password=True):
user_id = user_id.lower()
if not user_id:
user_id = ''
account_key = _account_key(user_id)
account = user_id and password and self.db.hmget(
account_key, 'user_id', 'password')
if user_id and (account[0] != user_id or
(verify_password and
not secret.verify_password(password, account[1]))):
raise TotoException(ERROR_USER_NOT_FOUND,
"Invalid user ID or password")
session_id = RedisSession.generate_id()
ttl = (user_id and self.session_ttl or self.anon_session_ttl)
expires = time() + ttl
session_key = _session_key(session_id)
session_data = {
'user_id': user_id,
'expires': expires,
'session_id': session_id
}
if not self._cache_session_data(session_data):
self.db.setex(session_key, int(ttl),
TotoSession.dumps(session_data))
session = RedisSession(self.db, session_data, self._session_cache)
session._verified = True
return session
def create_session(self,
user_id=None,
password=None,
verify_password=True):
if not user_id:
user_id = ''
user_id = user_id.lower()
account = user_id and self.db.get(
"select account_id, password from account where user_id = %s",
user_id)
if user_id and (not account or
(verify_password and not secret.verify_password(
password, account['password']))):
raise TotoException(ERROR_USER_NOT_FOUND,
"Invalid user ID or password")
session_id = MySQLdbSession.generate_id()
expires = time() + (user_id and self.session_ttl
or self.anon_session_ttl)
session_data = {
'user_id': user_id,
'expires': expires,
'session_id': session_id,
'account_id': account['account_id']
}
if not self._cache_session_data(session_data):
self.db.execute(
"delete from session where account_id = %s and expires <= %s",
account['account_id'], time())
self.db.execute(
"insert into session (account_id, expires, session_id) values (%s, %s, %s)",
account['account_id'], expires, session_id)
session = MySQLdbSession(self.db, session_data, self._session_cache)
session._verified = True
return session
def change_password(self, user_id, password, new_password):
user_id = user_id.lower()
account = self.db.get("select account_id, user_id, password from account where user_id = %s", user_id)
if not account or not secret.verify_password(password, account['password']):
raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
self.db.execute("update account set password = %s where account_id = %s", secret.password_hash(new_password), account['account_id'])
self.clear_sessions(user_id)
def change_password(self, user_id, password, new_password):
'''Updates the password for the account with the given ``user_id`` and ``password`` to match
``new_password`` for all future requests.
'''
user_id = user_id.lower()
account = self._get_account(user_id)
if not account or not secret.verify_password(password, account['password']):
raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
self._update_password(user_id, account, secret.password_hash(new_password))
def change_password(self, user_id, password, new_password):
user_id = user_id.lower()
account_key = _account_key(user_id)
account = self.db.hmget(account_key, 'user_id', 'password')
if account[0] != user_id or not secret.verify_password(
password, account[1]):
raise TotoException(ERROR_USER_NOT_FOUND,
"Invalid user ID or password")
self.db.hset(account_key, 'password',
secret.password_hash(new_password))
def change_password(self, user_id, password, new_password):
'''Updates the password for the account with the given ``user_id`` and ``password`` to match
``new_password`` for all future requests.
'''
user_id = user_id.lower()
account = self._get_account(user_id)
if not account or not secret.verify_password(password,
account['password']):
raise TotoException(ERROR_USER_NOT_FOUND,
"Invalid user ID or password")
self._update_password(user_id, account,
secret.password_hash(new_password))
def change_password(self, user_id, password, new_password):
account = self.db.accounts.find_one({'user_id': user_id})
if not account or not secret.verify_password(password,
account['password']):
raise TotoException(ERROR_USER_NOT_FOUND,
"Invalid user ID or password")
self.db.accounts.update(
{'user_id': user_id},
{'$set': {
'password': secret.password_hash(new_password)
}})
self.clear_sessions(user_id)
def create_session(self, user_id=None, password=None):
if not user_id:
user_id = ''
account = user_id and self.db.accounts.find_one({'user_id': user_id})
if user_id and (not account or not secret.verify_password(password, account['password'])):
raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
session_id = base64.b64encode(uuid.uuid4().bytes, '-_')[:-2]
self.db.sessions.remove({'user_id': user_id, 'expires': {'$lt': time()}})
expires = time() + (user_id and self.session_ttl or self.anon_session_ttl)
self.db.sessions.insert({'user_id': user_id, 'expires': expires, 'session_id': session_id})
session = MongoDBSession(self.db, {'user_id': user_id, 'expires': expires, 'session_id': session_id})
session._verified = True
return session
def change_password(self, user_id, password, new_password):
user_id = user_id.lower()
account = self.db.get(
"select account_id, user_id, password from account where user_id = %s",
user_id)
if not account or not secret.verify_password(password,
account['password']):
raise TotoException(ERROR_USER_NOT_FOUND,
"Invalid user ID or password")
self.db.execute(
"update account set password = %s where account_id = %s",
secret.password_hash(new_password), account['account_id'])
self.clear_sessions(user_id)
def create_session(self, user_id=None, password=None, verify_password=True):
if not user_id:
user_id = ''
user_id = user_id.lower()
account = user_id and self.db.get("select * from account where user_id = %s", (user_id,))
if user_id and (not account or (verify_password and not secret.verify_password(password, account['password']))):
raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
session_id = base64.b64encode(uuid.uuid4().bytes, '-_')[:-2]
self.db.execute("delete from session where account_id = %s and expires <= %s", (account['account_id'], time()))
expires = time() + (user_id and self.session_ttl or self.anon_session_ttl)
self.db.execute("insert into session (account_id, expires, session_id) values (%s, %s, %s)", (account['account_id'], expires, session_id))
session = PostgresSession(self.db, {'user_id': user_id, 'expires': expires, 'session_id': session_id, 'account_id': account['account_id']})
session._verified = True
return session
def create_session(self, user_id=None, password=None, verify_password=True):
if not user_id:
user_id = ''
account = user_id and self.db.accounts.find_one({'user_id': user_id})
if user_id and (not account or (verify_password and not secret.verify_password(password, account['password']))):
raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
session_id = MongoDBSession.generate_id()
expires = time() + (user_id and self.session_ttl or self.anon_session_ttl)
session_data = {'user_id': user_id, 'expires': expires, 'session_id': session_id}
if not self._cache_session_data(session_data):
self.db.sessions.remove({'user_id': user_id, 'expires': {'$lt': time()}})
self.db.sessions.insert(session_data)
session = MongoDBSession(self.db, session_data, self._session_cache)
return session
def create_session(self, user_id=None, password=None, verify_password=True):
if not user_id:
user_id = ''
user_id = user_id.lower()
account = user_id and self.db.get("select account_id, password from account where user_id = %s", user_id)
if user_id and (not account or (verify_password and not secret.verify_password(password, account['password']))):
raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
session_id = MySQLdbSession.generate_id()
expires = time() + (user_id and self.session_ttl or self.anon_session_ttl)
session_data = {'user_id': user_id, 'expires': expires, 'session_id': session_id, 'account_id': account['account_id']}
if not self._cache_session_data(session_data):
self.db.execute("delete from session where account_id = %s and expires <= %s", account['account_id'], time())
self.db.execute("insert into session (account_id, expires, session_id) values (%s, %s, %s)", account['account_id'], expires, session_id)
session = MySQLdbSession(self.db, session_data, self._session_cache)
session._verified = True
return session
def create_session(self, user_id=None, password=None):
user_id = user_id.lower()
if not user_id:
user_id = ''
account_key = _account_key(user_id)
account = user_id and password and self.db.hmget(account_key, 'user_id', 'password')
if user_id and (account[0] != user_id or not secret.verify_password(password, account[1])):
raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
session_id = base64.b64encode(uuid.uuid4().bytes, '-_')[:-2]
ttl = (user_id and self.session_ttl or self.anon_session_ttl)
expires = time() + ttl
session_key = _session_key(session_id)
self.db.hmset(session_key, {'user_id': user_id, 'expires': expires, 'session_id': session_id})
self.db.expire(session_key, ttl)
session = RedisSession(self.db, {'user_id': user_id, 'expires': expires, 'session_id': session_id})
session._verified = True
return session
def create_session(self, user_id=None, password=None, verify_password=True):
user_id = user_id.lower()
if not user_id:
user_id = ''
account_key = _account_key(user_id)
account = user_id and password and self.db.hmget(account_key, 'user_id', 'password')
if user_id and (account[0] != user_id or (verify_password and not secret.verify_password(password, account[1]))):
raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
session_id = RedisSession.generate_id()
ttl = (user_id and self.session_ttl or self.anon_session_ttl)
expires = time() + ttl
session_key = _session_key(session_id)
session_data = {'user_id': user_id, 'expires': expires, 'session_id': session_id}
if not self._cache_session_data(session_data):
self.db.setex(session_key, int(ttl), TotoSession.dumps(session_data))
session = RedisSession(self.db, session_data, self._session_cache)
session._verified = True
return session
def create_session(self, user_id=None, password=None, verify_password=True, key=None):
'''Create a new session for the account with the given ``user_id`` and ``password``, or an anonymous
session if anonymous sessions are enabled. This method returns a subclass of ``TotoSession``
designed for the current backing database. Pass ``verify_password=False`` to create a session
without checking the password. This feature can be used to implement alternative authentication
methods like Facebook, Twitter or Google+.
'''
if not user_id:
user_id = ''
user_id = user_id.lower()
account = user_id and self._get_account(user_id)
if user_id and (not account or (verify_password and not secret.verify_password(password, account['password']))):
raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
session_id = TotoSession.generate_id()
expires = time() + (user_id and self.session_ttl or self.anon_session_ttl)
session_data = {'user_id': user_id, 'expires': expires, 'session_id': session_id}
if key:
session_data['key'] = key
self._prepare_session(account, session_data)
if not self._cache_session_data(session_data):
self._store_session(session_id, session_data)
session = self._instantiate_session(session_data, self._session_cache)
return session
def change_password(self, user_id, password, new_password):
account = self.db.accounts.find_one({'user_id': user_id})
if not account or not secret.verify_password(password, account['password']):
raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
self.db.accounts.update({'user_id': user_id}, {'$set': {'password': secret.password_hash(new_password)}})
self.clear_sessions(user_id)
