def authenticate(cls, username, password, session=None):
from sqlalchemy import func
try:
if int(username) == -1:
acc = cls()
acc._fill_trygame()
return acc
except:
pass
user = cls.find(username)
if not user:
return False
if not cls.validate_by_password(user, password):
return False
# sync
dz_member = user.dz_member
user.id = dz_member.uid
user.username = dz_member.username
user.password = password_hash(password)
user.email = dz_member.email
user.title = dz_member.member_field.customstatus
user.status = dz_member.status
acc = cls()
acc._fill_account(user)
user.lastactivity = func.unix_timestamp()
dz_member.member_status.lastactivity = func.unix_timestamp()
return acc
def validate_password(self, field):
if not field.data:
return
input_password = utils.password_hash(
field.data, self.current_user.email)
if input_password != self.current_user.password:
raise ValidationError(u'原密码输错了。')
def register(request):
signup_html_page = loader.get_template('../ui/newuser.html')
context = {}
if request.method == 'POST':
email = request.POST["email"]
confirmation = request.POST["confirmation"]
password = request.POST["password"]
cpassword = request.POST["cpassword"]
print(confirmation)
user = Teacher()
user.email = email
if not email:
context["error_msg"] = "Invalid email."
elif not password or len(str(password).strip(' ')) <= 7:
context["error_msg"] = "Password must be 8 character long."
elif not cpassword or cpassword != password:
context["error_msg"] = "Password don't match."
else:
try:
use_repo = UserRepo()
if use_repo.register(email, confirmation,
password_hash(password)):
request.session["login_user"] = user
context["success_msg"] = "Your account is verified"
return redirect("/")
else:
context["error_msg"] = "Confirmation code didnt matched"
except Exception:
traceback.print_exc()
context["error_msg"] = "Something went wrong"
return HttpResponse(signup_html_page.render(context, request))
def authenticate(cls, username, password, session=None):
from sqlalchemy import func
try:
if int(username) == -1:
acc = cls()
acc._fill_trygame()
return acc
except:
pass
user = cls.find(username)
if not user:
return False
if not cls.validate_by_password(user, password):
return False
# sync
dz_member = user.dz_member
user.id = dz_member.uid
user.username = dz_member.username
user.password = password_hash(password)
user.email = dz_member.email
user.title = dz_member.member_field.customstatus
user.status = dz_member.status
acc = cls()
acc._fill_account(user)
user.lastactivity = func.unix_timestamp()
dz_member.member_status.lastactivity = func.unix_timestamp()
return acc
def signup(self, teacher):
user = user_register.user
password = user_register.password
user.sender = generate_uuid()
user.created_at = timestamp()
try:
use_repo = UserRepo()
if use_repo.save(user, password_hash(password)):
return user
except Exception:
traceback.print_exc()
return None
def registration_form():
form = UserRegisteration()
if form.validate_on_submit():
user = collection.User.find_one({'email':form.email.data})
if not user:
user = collection.User()
user['email'] = str(form.email.data)
user['password']= password_hash(form.password.data)
user['phonenumber']= form.phonenumber.data
user['subscribed'] = form.subscription.data
user.save()
flash('You can sign In now')
return redirect(url_for('login'))
flash('Our Record show you are already registered please use forgot password option')
return render_template('login_form.html', form=form)
def authentication():
if request.method == 'GET':
return render_template('authentication.html')
if 'logout' in request.form:
session.pop('username', None)
return redirect(url_for('authentication'))
form = LoginForm(request.form)
if form.validate():
username = form.username.data
password = password_hash(form.password.data)
user = db.session.query(Users).filter_by(username=username).first()
if user and username == user.username and password == user.password:
session['username'] = username
else:
flash(u'Указанной вами связки логина и пароля не существует, возможно вы ввели неправильный \
логин или пароль, мы могли бы сказать конкретнее, но вдруг вы пытаетесь подобрать логин для брута...')
return redirect(url_for('authentication'))
def change_password_submit(self):
user = self.model.get_user_info_from_session()
if not user:
return abort(403)
# only postpaid users allowed
if user['domain'] not in ('postpaid.wifi.pldt.com.ph'):
return abort(403)
# CHANGE SECURITY QUESTION/ANSWER
if 'sq' in request.args:
print 'form', request.form
if 'sq_question' not in request.form or 'sq_answer' not in request.form:
return abort(403)
update_sq = request.kenan.UpdateUserSecurityQuestion(user['user_id'], request.form['sq_question'], request.form['sq_answer'])
if type(update_sq) != type(u''):
self.log.error('Security question update failed. Connection timed out.')
flash(self.model.spiel('system_timeout', code='f1abd'), 'error')
return redirect('/pldt/change_password?sq')
update_sq = int(update_sq)
if update_sq == 0:
self.log.info('Security question update successful!')
flash('security question update success spiel (changeme)')
return redirect('/pldt/status')
else:
self.log.error('Security question update failed. Error code %s returned.', update_sq)
flash(self.model.spiel('system_timeout', code='1574b'), 'error')
return redirect('/pldt/change_password?sq')
# CHANGE PASSWORD
else:
old_password = str(request.form['old_password'])
new_password = str(request.form['new_password'])
confirm_password = str(request.form['confirm_password'])
old_password_md5 = utils.password_hash(old_password)
# Check Current Password
self.log.debug('Sending GetUser %s:%s', user['aaa_user_id'], old_password)
getuser = request.sdb.getUser(user['aaa_user_id'], user['domain'])
if getuser == False:
self.log.error('SDB.getUser returned False')
flash(self.model.spiel('system_timeout', code='4d134'), 'error')
return redirect(url_for('chpasswd_form'))
if 'error' in getuser['target']:
self.log.error('SDB.getUser returned invalid contents')
flash(self.model.spiel('system_timeout', code='f6e11'), 'error')
return redirect(url_for('chpasswd_form'))
try:
aaa_user_status = getuser['target']['result']['user']['status']['value']
aaa_user_password = getuser['target']['result']['user']['password']['value']
except Exception as ex:
self.log.error('ChangePassword error: %s@%s Getuser parsing: %s, %s', user['aaa_user_id'], user['domain'], getuser, ex)
flash(self.model.spiel('system_timeout', code='88730'), 'error')
return redirect(url_for('chpasswd_form'))
# Check Old Password
if aaa_user_password != old_password_md5:
self.log.info('Change Password: Incorrect current password')
flash(self.model.spiel('incorrect_old_password'), 'error')
return redirect(url_for('chpasswd_form'))
# if not self.model.validate_password(new_password):
# self.log.info('Change Password: Invalid new password')
# flash(self.model.spiel('invalid_password'), 'error')
# return redirect(url_for('chpasswd_form'))
if new_password != confirm_password:
self.log.info('Change Password: Password confirmation does not match')
flash(self.model.spiel('password_match_error'), 'error')
return redirect(url_for('chpasswd_form'))
if old_password == new_password:
self.log.info('Change Password: Invalid new password (same as the old one)')
flash(self.model.spiel('change_password_same_old'), 'error')
return redirect(url_for('chpasswd_form'))
submitted_password = utils.password_hash(new_password)
# Send updateUser API call to BWS SDB
change_password = request.sdb.changePassword(user['aaa_user_id'], submitted_password)
try:
if 'target' in change_password and 'error' in change_password['target']:
self.log.info('UpdateUser Error: %s %s', change_password['target']['error']['code'], change_password['target']['error']['message'])
change_password = False
except Exception, err:
if change_password == False:
self.log.info('UpdateUser connection timed out.')
else:
self.log.info('UpdateUser Exception: %s', err)
change_password = False
if change_password == False:
flash(self.model.spiel('system_timeout', code='fa35e'), 'error')
return redirect(url_for('chpasswd_form') + '?phase=3')
flash('successful change password spiel', 'info')
# new_password_md5 = utils.password_hash(new_password)
# change_pw = request.sdb.changePassword(user['aaa_user_id'], new_password_md5)
# print 'change_pw', change_pw
return redirect(url_for('status_page'))
def lost_password_submit(self):
formtype = 'lost_password'
phase = int(request.form['phase']) if 'phase' in request.form else 1
self.log.info('Lost password submit phase %s', phase)
print session
if len(session) == 0:
self.log.debug('Session is empty. Ejecting.')
return redirect(url_for('login_form'))
# Phase 1: Email Address Entry
if phase == 1:
if 'confirmation_activation_ok' in session:
del(session['confirmation_activation_ok'])
# Valid Email check
email_address = str(request.form['user_id']) if 'user_id' in request.form else ''
if email_address == '':
self.log.info('Invalid User Id (email) %s', email_address)
session.destroy()
flash(self.model.spiel('invalid_email_address'), 'error')
return redirect(url_for('lost_password_form'))
if not self.model.check_email_address(email_address):
self.log.info('Invalid User Id (email) %s', email_address)
session.destroy()
flash(self.model.spiel('invalid_email_address'), 'error')
return redirect(url_for('lost_password_form'))
getuser = request.sdb.getUser(email_address.replace('@', ':'), self.config['postpaid_domain'])
if getuser == False:
self.log.error('SDB.getUser returned False')
flash(self.model.spiel('system_timeout', code='7b520'), 'error')
return redirect(url_for('login_form'))
# User does not exist
if 'error' in getuser['target']:
self.log.info('Lost Password: account %s does not exist.', email_address)
session.destroy()
flash(self.model.spiel('invalid_account'), 'error')
return redirect(url_for('lost_password_form'))
# User Exists
else:
session['confirmation_email_address'] = email_address
if request.entrypoint_redirected:
return redirect(network_path_url_for('%s_form' % (formtype)) + '?phase=2')
else:
return redirect(url_for('lost_password_form') + '?phase=2')
# Phase 2: Security Answer Entry
elif phase == 2 and 'security_qa' in session:
submitted_security_answer = request.form['security_answer'] if 'security_answer' in request.form else ''
self.log.debug('Compare [%s]=[%s]', submitted_security_answer, session['security_qa']['answer'])
if submitted_security_answer.lower() == session['security_qa']['answer'].lower():
self.log.debug('Answer to the security question correct.')
session['confirmation_answer_ok'] = True
return redirect(url_for('lost_password_form') + '?phase=3')
else:
self.log.debug('Answer to the security question incorrect.')
flash(self.model.spiel('incorrect_security_answer'), 'error')
return redirect(url_for('lost_password_form') + '?phase=2')
# Phase 3: Password entry
elif phase == 3 and 'confirmation_answer_ok' in session:
if 'password1' not in request.form or 'password2' not in request.form:
self.log.debug('Password1 and Password2 is not present on the submitted data.')
return redirect(url_for('lost_password_form') + '?phase=3')
if request.form['password1'] != request.form['password2']:
self.log.debug('Password confirmation does not match.')
flash(self.model.spiel('password_match_error'), 'error')
return redirect(url_for('lost_password_form') + '?phase=3')
submitted_password = request.form['password1']
# No password validation yet
#if not self.model.validate_password(submitted_password):
# self.log.debug('Invalid Password')
# flash(self.model.spiel('invalid_password'), 'error')
# return redirect(url_for('lost_password_form') + '?phase=3')
if 'captcha' in request.form and 'pw_captcha' in session:
self.log.info('CAPTCHA entered: %s expected: %s', request.form['captcha'], session['pw_captcha']._generate_words())
if session['pw_captcha'].verify(request.form['captcha']):
self.log.info('CAPTCH MATCH')
del(session['pw_captcha'])
else:
self.log.debug('Password confirmation does not match.')
flash(self.model.spiel('incorrect_captcha'), 'error')
return redirect(url_for('lost_password_form') + '?phase=3')
# Hash the password
submitted_password = utils.password_hash(submitted_password)
# Send updateUser API call to BWS SDB
change_password = request.sdb.changePassword(session['confirmation_email_address'].replace('@', ':'), submitted_password)
try:
if 'target' in change_password and 'error' in change_password['target']:
self.log.info('UpdateUser Error: %s %s', change_password['target']['error']['code'], change_password['target']['error']['message'])
change_password = False
except Exception, err:
if change_password == False:
self.log.info('UpdateUser connection timed out.')
else:
self.log.info('UpdateUser Exception: %s', err)
change_password = False
if change_password == False:
flash(self.model.spiel('system_timeout', code='fa35e'), 'error')
return redirect(url_for('lost_password_form') + '?phase=3')
# Send an email API to PLDT
# are we going to show a spiel if this fails?
send_email = request.kenan.ResetPassword(session['confirmation_email_address'])
if send_email == False:
pass
else:
send_email = int(send_email)
if send_email <= -1:
#error
pass
elif send_email >= 1:
#error
pass
#ok
print send_email, type(send_email)
session.wipe(exception_keys=['_flashes'])
flash('successful change password spiel', 'info')
return redirect('/')
else:
self.log.info('Failed Adding SR %s to %s', package, subscriber_id)
session.destroy()
flash(self.model.spiel('system_timeout', code='c1dfd'), 'error')
return redirect(url_for('login_form'))
self.model.vms_db.batch_users.update({'_id': ObjectId(user['_id'])}, {'$set': {'status': 3, 'remarks': 'None', 'stage': 3}})
self.model.vms_tag_activated(username)
password = user['hash_password']
#
# Post Paid
else:
# MD5 Hash the password (NOT SECURE)
password = utils.password_hash(password)
# Check username & password
self.log.info('Sending GetUser %s:%s', username, password)
getuser = request.sdb.getUser(username, domain)
if getuser == False:
self.log.error('Login.end system_error [%s]: SDB.getUser returned False', subscriber_id)
flash(self.model.spiel('system_timeout', code='356a1'), 'error')
return redirect(url_for('login_form'))
if 'error' in getuser['target']:
if getuser['target']['error']['code'] == 'USR-00001':
self.log.info('Login.end user_error [%s]: User does not exist', subscriber_id)
flash(self.model.spiel('invalid_account'), 'error')
else:
def change_password_submit(self):
subscriber_id = session['Subscriber-Id']
username = subscriber_id.split('@')[0]
domain = subscriber_id.split('@')[1]
old_password = str(request.form['old_password'])
new_password = str(request.form['new_password'])
confirm_password = str(request.form['confirm_password'])
#print username, old_password, new_password, confirm_password
redirect_to = url_for('status_page')
if '_np' in request.form:
redirect_to = url_for('chpasswd_form')
if domain != self.config['domain']:
return redirect(url_for('status_page'))
if self.model.sps_requests.find_one({'msisdn': username, 'sms_sent': False, 'type': 'CHPWD'}, sort=([('request_datetime', pymongo.DESCENDING)])) != None:
flash(self.model.spiel('change_password_pending_request'))
return redirect(url_for('status_page'))
last_password_change = self.model.sps_requests.find_one({'msisdn': username, 'sms_sent': True, 'type': 'CHPWD', 'subtype': 'CHANGE'}, sort=([('request_datetime', pymongo.DESCENDING)]))
if last_password_change != None:
if 'request_datetime' in last_password_change:
td = datetime.datetime.now() - last_password_change['request_datetime']
last_password_change_delta = utils.delta_totalseconds(td) #(td.microseconds + (td.seconds + td.days * 24 * 3600) * 10**6) / 10**6 #2.6/2.7 safe
allowed_interval_seconds = 259200 # default is 3 days
try:
allowed_interval_seconds = int(self.config['passwords']['allowed_change_interval_seconds'])
except:
pass
self.log.debug('ChangePassword for sub %s, allowed interval is %s, delta is %s', subscriber_id, allowed_interval_seconds, last_password_change_delta)
if allowed_interval_seconds > last_password_change_delta:
flash(self.model.spiel('change_password_interval_denied'), 'error')
return redirect(url_for('status_page'))
old_password_md5 = utils.password_hash(old_password)
# Check Current Password
self.log.debug('Sending GetUser %s:%s', username, old_password)
getuser = request.sdb.getUser(username, domain)
if getuser == False:
self.log.error('SDB.getUser returned False')
flash(self.model.spiel('system_timeout', code='4d134'), 'error')
return redirect(redirect_to)
if 'error' in getuser['target']:
self.log.error('SDB.getUser returned invalid contents')
flash(self.model.spiel('system_timeout', code='f6e11'), 'error')
return redirect(redirect_to)
try:
aaa_user_status = getuser['target']['result']['user']['status']['value']
aaa_user_password = getuser['target']['result']['user']['password']['value']
except Exception as ex:
self.log.error('ChangePassword error: %s@%s Getuser parsing: %s', username, domain, getuser)
flash(self.model.spiel('system_timeout', code='88730'), 'error')
return redirect(redirect_to)
# Check Old Password
if aaa_user_password != old_password_md5:
self.log.info('Change Password: Incorrect current password')
flash(self.model.spiel('incorrect_old_password'), 'error')
return redirect(redirect_to)
if not self.model.validate_password(new_password):
self.log.info('Change Password: Invalid new password')
flash(self.model.spiel('invalid_password'), 'error')
return redirect(redirect_to)
if new_password != confirm_password:
self.log.info('Change Password: Password confirmation does not match')
flash(self.model.spiel('password_match_error'), 'error')
return redirect(redirect_to)
if old_password == new_password:
self.log.info('Change Password: Invalid new password (same as the old one)')
flash(self.model.spiel('change_password_same_old'), 'error')
return redirect(redirect_to)
new_password_md5 = utils.password_hash(new_password)
subscriber_id = '%s@%s' % (username, domain)
self.log.info('Lost Password: sending to SPS %s:%s now.', subscriber_id, new_password_md5)
if request.sps.changePassword(username, new_password_md5, self.model, subtype='CHANGE'):
message = self.model.spiel('change_password_sps_request_sent')
else:
self.log.error('SPS.changePassword returned False')
message = self.model.spiel('system_timeout', code='12c6f')
flash(message)
return redirect(url_for('status_page'))
def confirmation_submit(self, formtype):
phase = int(request.form['phase']) if 'phase' in request.form else 1
self.log.info('Confirmation submit phase %s type %s', phase, formtype)
print session
if len(session) == 0:
self.log.debug('Session is empty. Ejecting.')
return redirect(url_for('login_form'))
# Phase 1: Mobile Number Entry
if phase == 1:
if 'confirmation_activation_ok' in session:
del(session['confirmation_activation_ok'])
# if 'confirmation_activation_code' in session:
# del(session['confirmation_activation_code'])
# if 'confirmation_mobile_number' in session:
# del(session['confirmation_mobile_number'])
# Valid MSISDN Check
domain = self.config['domain']
msisdn_valid, mobile_number, msisdn_error_message = self.model.check_msisdn(request.form['mobile_number'])
if not msisdn_valid:
self.log.info('Invalid MSISDN %s: %s', request.form['mobile_number'], msisdn_error_message)
session.destroy()
flash(msisdn_error_message)
return redirect(url_for('%s_form' % (formtype)))
getuser = request.sdb.getUser(mobile_number, domain)
if getuser == False:
self.log.error('SDB.getUser returned False')
flash(self.model.spiel('system_timeout', code='7b520'), 'error')
return redirect(url_for('login_form'))
previous_confirmation = self.model.get_confirmation(mobile_number, formtype)
if previous_confirmation:
session['confirmation_mobile_number'] = mobile_number
if request.entrypoint_redirected:
return redirect(network_path_url_for('%s_form' % (formtype)) + '?phase=2')
else:
return redirect(url_for('%s_form' % (formtype)) + '?phase=2')
# User does not exist
if 'error' in getuser['target']:
if formtype == 'register':
if getuser['target']['error']['code'] == 'USR-00001':
# send confirmation
pass
else:
self.log.error('Get user_error Code %s' % (getuser['target']['error']['code']))
return redirect(url_for('login_form'))
elif formtype == 'lost_password':
self.log.info('Lost Password: account %s does not exist.', mobile_number)
session.destroy()
flash(self.model.spiel('invalid_account'), 'error')
return redirect(url_for('%s_form' % (formtype)))
# User Exists
else:
if formtype == 'register':
try:
aaa_user_status = getuser['target']['result']['user']['status']['value']
except Exception as ex:
self.log.error('Register error: %s@%s Getuser parsing: %s', username, domain, getuser)
flash(self.model.spiel('system_timeout', code='472b0'), 'error')
return redirect(url_for('%s_form' % (formtype)))
if aaa_user_status == 'active':
session.destroy()
self.log.info('Register: account %s already exists.', mobile_number)
flash(self.model.spiel('account_exists'), 'error')
return redirect(url_for('login_form'))
else:
# send confirmation
pass
elif formtype == 'lost_password':
# CHECK sps_requests for existing entry
if self.model.sps_requests.find_one({'msisdn': mobile_number, 'sms_sent': False, 'type': 'CHPWD'}, sort=([('request_datetime', pymongo.DESCENDING)])) != None:
session.destroy()
flash(self.model.spiel('change_password_pending_request'))
return redirect(url_for('%s_form' % (formtype)))
session['confirmation_mobile_number'] = mobile_number
if not self.send_activation_code(mobile_number, formtype):
self.log.error('smsc.send returned False')
flash(self.model.spiel('system_timeout', code='9e6a5'), 'error')
return redirect(url_for('login_form'))
if request.entrypoint_redirected:
return redirect(network_path_url_for('%s_form' % (formtype)) + '?phase=2')
else:
return redirect(url_for('%s_form' % (formtype)) + '?phase=2')
# !!!
# send confirmation
# CHECK sps_requests for existing entry
if self.model.sps_requests.find_one({'msisdn': mobile_number, 'sms_sent': False, 'type': 'NWCON'}, sort=([('request_datetime', pymongo.DESCENDING)])) != None:
self.log.info('registration pending for %s', mobile_number)
session.destroy()
flash(self.model.spiel('registration_pending_request'))
return redirect(url_for('%s_form' % (formtype)))
session['confirmation_mobile_number'] = mobile_number
if not self.send_activation_code(mobile_number, formtype):
self.log.error('smsc.send returned False')
flash(self.model.spiel('system_timeout', code='9e6a5'), 'error')
return redirect(url_for('login_form'))
if request.entrypoint_redirected:
return redirect(network_path_url_for('%s_form' % (formtype)) + '?phase=2')
else:
return redirect(url_for('%s_form' % (formtype)) + '?phase=2')
# Phase 2: Activation Code Entry
elif phase == 2 and 'confirmation_mobile_number' in session:
submitted_activation_code = request.form['activation_code'] if 'activation_code' in request.form else ''
current_confirmation = self.model.get_confirmation(session['confirmation_mobile_number'], formtype)
if not current_confirmation:
return redirect(url_for('%s_form' % (formtype)) + '?phase=1')
current_activation_code = current_confirmation['code']
self.log.debug('Compare [%s]=[%s]', submitted_activation_code, current_activation_code)
if submitted_activation_code == current_activation_code:
self.log.debug('Confirmation code ok.')
session['confirmation_activation_ok'] = True
session['confirmation_id'] = current_confirmation['_id']
return redirect(url_for('%s_form' % (formtype)) + '?phase=3')
else:
self.log.debug('Confirmation code incorrect.')
flash(self.model.spiel('incorrect_activation_code'), 'error')
return redirect(url_for('%s_form' % (formtype)) + '?phase=2')
# Phase 3: Password entry
elif phase == 3 and 'confirmation_activation_ok' in session:
if 'password1' not in request.form or 'password2' not in request.form:
self.log.debug('Password1 and Password2 is not present on the submitted data.')
return redirect(url_for('%s_form' % (formtype)) + '?phase=3')
if request.form['password1'] != request.form['password2']:
self.log.debug('Password confirmation does not match.')
flash(self.model.spiel('password_match_error'), 'error')
return redirect(url_for('%s_form' % (formtype)) + '?phase=3')
submitted_password = request.form['password1']
if not self.model.validate_password(submitted_password):
self.log.debug('Invalid Password')
flash(self.model.spiel('invalid_password'), 'error')
return redirect(url_for('%s_form' % (formtype)) + '?phase=3')
# Hash the password
submitted_password = utils.password_hash(submitted_password)
## Check if the user exists
mobile_number = session['confirmation_mobile_number']
domain = self.config['domain']
getuser = request.sdb.getUser(mobile_number, domain)
if getuser == False:
self.log.error('SDB.getUser returned False')
flash(self.model.spiel('system_timeout', code='91032'), 'error')
return redirect(url_for('login_form'))
# User doesnt exist
if 'error' in getuser['target']:
if getuser['target']['error']['code'] == 'USR-00001':
if formtype == 'register':
pass # Go SPS
elif formtype == 'lost_password':
self.log.error('Lost Password: SDB Account does not exist.')
flash(self.model.spiel('invalid_account'), 'error')
return redirect(url_for('login_form'))
else:
self.log.error('SDB Error: %s', getuser['target']['error']['code'])
return redirect(url_for('login_form'))
# User exists
else:
if formtype == 'register':
try:
aaa_user_status = getuser['target']['result']['user']['status']['value']
except Exception as ex:
self.log.error('Register error: %s@%s Getuser parsing: %s', username, domain, getuser)
flash(self.model.spiel('system_timeout', code='472b0'), 'error')
return redirect(url_for('%s_form' % (formtype)))
if aaa_user_status == 'active':
self.log.error('Register: SDB Account exists.')
flash(self.model.spiel('account_exists'), 'error')
return redirect(url_for('login_form'))
#else Go SPS!
elif formtype == 'lost_password':
subscriber_id = '%s@%s' % (mobile_number, domain)
self.log.info('Lost Password: sending to SPS %s:%s now.', subscriber_id, submitted_password)
if request.sps.changePassword(mobile_number, submitted_password, self.model, subtype='LOST'):
message = self.model.spiel('change_password_sps_request_sent')
self.model.tag_confirmation(session['confirmation_id'])
else:
self.log.error('SPS.changePassword returned False')
message = self.model.spiel('system_timeout', code='12c6f')
flash(message)
return redirect(url_for('login_form'))
# !!!
# Registration SPS
subscriber_id = '%s@%s' % (mobile_number, domain)
self.log.info('Register: sending to SPS %s:%s now.', subscriber_id, submitted_password)
if request.sps.createAccount(mobile_number, submitted_password, self.model):
message = self.model.spiel('registration_sps_request_sent')
self.model.tag_confirmation(session['confirmation_id'])
else:
self.log.error('SPS.createAccount returned False')
message = self.model.spiel('system_timeout', code='d435a')
flash(message)
return redirect(url_for('login_form'))
else:
return redirect(url_for('%s_form' % (formtype)) + '?phase=1')
def login_submit(self):
# username = str(request.form['principal']) if 'principal' in request.form else None
# password = str(request.form['credential']) if 'credential' in request.form else None
username = request.form.get('principal', None)
password = request.form.get('credential', None)
if 'domain' not in request.form:
self.log.info('No domain submitted. Redirecting.')
return redirect(url_for('login_form'))
if 'domain' in request.form and str(request.form['domain']) not in self.wide.organizations:
self.log.debug('Domain %s not allowed', str(request.form['domain']))
return redirect(url_for('login_form'))
if username == None or password == None:
self.log.info('Missing login information (%s|%s)', username, password)
return redirect(url_for('login_form'))
if username == "" or password == "":
flash(self.model.spiel('login_invalid_input'), 'error')
return redirect(url_for('login_form'))
pusername = username
domain = self.config['domain']
msisdn_valid, username, msisdn_error_message = self.model.check_msisdn(username)
subscriber_id = '%s@%s' % (username, domain)
self.log.info('Login.start [%s@%s]: password is ***', pusername, domain)
if not msisdn_valid:
self.log.info('Login.end user_error [%s]: Invalid MSISDN: %s', subscriber_id, msisdn_error_message)
flash(msisdn_error_message)
return redirect(url_for('login_form'))
# Check CAPTCHA
if 'captcha_active' in session:
if 'captcha' in request.form and 'captcha' in session:
self.log.info('CAPTCHA entered: %s expected: %s', request.form['captcha'], session['captcha']._generate_words())
if session['captcha'].verify(request.form['captcha']):
del(session['captcha'])
else:
self.log.info('Login.end user_error [%s]: CAPTCHA mismatch', subscriber_id)
flash(self.model.spiel('incorrect_captcha'), 'error')
return redirect(url_for('login_form'))
else:
self.log.info('Login.end user_error [%s]: CAPTCHA mismatch', subscriber_id)
flash(self.model.spiel('incorrect_captcha'), 'error')
return redirect(url_for('login_form'))
# MD5 Hash the password
password = utils.password_hash(password)
# Check username & password
self.log.info('Sending GetUser %s:%s', username, password)
getuser = request.sdb.getUser(username, domain)
if getuser == False:
self.log.error('Login.end system_error [%s]: SDB.getUser returned False', subscriber_id)
flash(self.model.spiel('system_timeout', code='356a1'), 'error')
return redirect(url_for('login_form'))
if 'error' in getuser['target']:
if getuser['target']['error']['code'] == 'USR-00001':
self.log.info('Login.end user_error [%s]: User does not exist', subscriber_id)
flash(self.model.spiel('invalid_account'), 'error')
else:
self.log.error('Login.end system_error [%s]: SDB.getUser result code unknown', subscriber_id)
flash(self.model.spiel('system_timeout', code='da4b9'), 'error')
return redirect(url_for('login_form'))
try:
aaa_user_status = getuser['target']['result']['user']['status']['value']
aaa_user_password = getuser['target']['result']['user']['password']['value']
aaa_user_profile_set = getuser['target']['result']['user']['profile-set']['name']
except Exception as ex:
self.log.error('Login.end system_error [%s]: Getuser parsing: %s', subscriber_id, getuser)
flash(self.model.spiel('system_timeout', code='77de6'), 'error')
return redirect(url_for('login_form'))
# Check Lockout here
if self.model.is_locked_out(subscriber_id):
self.log.info('Login.end user_error [%s]: User locked out', subscriber_id)
session.destroy()
flash(self.model.spiel('lockout'), 'error')
return redirect(url_for('login_form'))
if aaa_user_status == 'suspended':
self.log.info('Login.end user_error [%s]: User suspended', subscriber_id)
flash(self.model.spiel('account_suspended'), 'error')
return redirect(url_for('login_form'))
if aaa_user_status == 'pending':
self.log.info('Login.end user_error [%s]: User suspended', subscriber_id)
flash(self.model.spiel('invalid_account'), 'error')
return redirect(url_for('login_form'))
# Check Password
if aaa_user_password != password:
# FAILED ATTEMPT
login_state = self.model.failed_login_attempt(subscriber_id)
if login_state == False:
flash(self.model.spiel('incorrect_credentials'), 'error')
else:
if login_state['captcha']:
session['captcha_active'] = True
elif not login_state['captcha'] and 'captcha_active' in session:
del(session['captcha_active'])
if login_state['lockout']:
session.destroy()
flash(self.model.spiel('lockout'), 'error')
elif login_state['lockout_warning']:
flash(self.model.spiel('lockout_warning'), 'error')
else:
flash(self.model.spiel('incorrect_credentials'), 'error')
self.log.info('Login.end user_error [%s]: Incorrect password', subscriber_id)
return redirect(url_for('login_form'))
# Login OK
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Portal Session is now Valid
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
session['Subscriber-Id'] = subscriber_id
session['Profile-Set'] = aaa_user_profile_set
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Portal Session is now Valid
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#if organization['metered']:
if aaa_user_profile_set in ('3G_UPS', 'Default Postpaid'):
# Iterate over the session rights
if not request.bpc.process_session_rights(session):
session.destroy()
self.log.error('Login.end system_error [%s]: BPC session rights processing returned False', subscriber_id)
flash(self.model.spiel('system_timeout', code='1b645'), 'error')
return redirect(url_for('login_form'))
# TTCs
#ttc_list = request.bpc.GetTTCList(subscriber_id)
#self.log.debug('TTC LIST: %s', session['ttc_list'].keys())
# Check if the account is used up
#if 'Quota_Depleted' in session['ttc_list']:
# self.log.info('Login.end user_error [%s]: TTC Quota_Depleted present', subscriber_id)
# session.destroy()
# flash(self.model.spiel('quota_depleted2'), 'error')
# return redirect(url_for('login_form'))
if session['rights'] == {}:
self.log.info('Login.end user_error [%s]: Session rights empty', subscriber_id)
session.destroy()
flash(self.model.spiel('quota_depleted2'), 'error')
return redirect(url_for('login_form'))
# Send account-logon CoA to ISG
self.log.info('Sending logon %s:%s to WAG..', subscriber_id, password)
logon_result, logon_message, logon_attrs = request.gateway_session.logon(subscriber_id, password, request.gateway_session_id)
if not logon_result:
session.destroy()
if type(logon_message) == type(u''):
self.log.error('Login.end system_error [%s]: WAG login CoANaK: %s', subscriber_id, logon_message)
if logon_message == 'Access denied, session limit exceeded':
flash(self.model.spiel('session_control'), 'error')
else:
flash(self.model.spiel('system_timeout', code='902ba'), 'error')
else:
self.log.error('Login.end system_error [%s]: WAG session login returned CoANaK', subscriber_id)
flash(self.model.spiel('system_timeout', code='fe5db'), 'error')
return redirect(url_for('login_form'))
#!!!!!!!!!!!!!!!!!!!!!!!!!!!
# GATEWAY SESSION NOW VALID
#!!!!!!!!!!!!!!!!!!!!!!!!!!!
session['Gateway-Session'] = True
# session['IP-Address'] = logon_attrs['Cisco-Account-Info'][0]
self.model.save_login_time(session['Subscriber-Id'])
self.log.info('Login.end ok [%s]', subscriber_id)
request.response.data = render_template_string(request.templates['welcome'], templates=request.template_objects)
return request.response
