def groupfinder(userid, request):
""" Returns ACL formatted list of groups for the userid in the
current request
"""
auth = AuthID.get_by_id(userid)
if auth:
return [('group:%s' % group.name) for group in auth.groups]
def groupfinder(userid, request):
""" Returns ACL formatted list of groups for the userid in the
current request
"""
auth = AuthID.get_by_id(userid)
if auth:
return [('group:%s' % group.name) for group in auth.groups]
def create_user(**kwargs):
"""
::
from apex.lib.libapex import create_user
create_user(username='******', password='******', active='Y')
Optional Parameters:
display_name
group
Returns: AuthID object
"""
auth_id = AuthID(active=kwargs.get('active', 'Y'))
if 'display_name' in kwargs:
auth_id.display_name = kwargs['display_name']
del kwargs['display_name']
user = AuthUser(login=kwargs['username'], password=kwargs['password'],
active=kwargs.get('active', 'Y'))
auth_id.users.append(user)
if 'group' in kwargs:
try:
group = DBSession.query(AuthGroup). \
filter(AuthGroup.name == kwargs['group']).one()
auth_id.groups.append(group)
except NoResultFound:
pass
del kwargs['group']
for key, value in list(kwargs.items()):
setattr(user, key, value)
DBSession.add(auth_id)
DBSession.add(user)
DBSession.flush()
return user
def create_user(**kwargs):
"""
::
from apex.lib.libapex import create_user
create_user(username='******', password='******', active='Y')
Optional Parameters:
display_name
group
Returns: AuthID object
"""
auth_id = AuthID(active=kwargs.get('active', 'Y'))
if 'display_name' in kwargs:
auth_id.display_name = kwargs['display_name']
del kwargs['display_name']
user = AuthUser(login=kwargs['username'], password=kwargs['password'], \
active=kwargs.get('active', 'Y'))
auth_id.users.append(user)
if 'group' in kwargs:
try:
group = DBSession.query(AuthGroup). \
filter(AuthGroup.name==kwargs['group']).one()
auth_id.groups.append(group)
except NoResultFound:
pass
del kwargs['group']
for key, value in kwargs.items():
setattr(user, key, value)
DBSession.add(auth_id)
DBSession.add(user)
DBSession.flush()
return user
def apex_callback(request):
""" apex_callback(request):
no return value, called with route_url('apex_callback', request)
This is the URL that Velruse returns an OpenID request to
"""
redir = request.GET.get('came_from', \
route_url(apex_settings('came_from_route'), request))
headers = []
if 'token' in request.POST:
auth = apexid_from_token(request.POST['token'])
if auth:
user = AuthUser.get_by_login(auth['id'])
if not user:
auth_info = auth['profile']['accounts'][0]
id = AuthID()
DBSession.add(id)
user = AuthUser(
login=auth_info['userid'],
provider=auth_info['domain'],
)
if auth['profile'].has_key('verifiedEmail'):
user.email = auth['profile']['verifiedEmail']
id.users.append(user)
if apex_settings('default_user_group'):
for name in apex_settings('default_user_group'). \
split(','):
group = DBSession.query(AuthGroup). \
filter(AuthGroup.name==name.strip()).one()
id.groups.append(group)
if apex_settings('create_openid_after'):
openid_after = get_module(
apex_settings('create_openid_after'))
openid_after().after_signup(user)
DBSession.flush()
if apex_settings('openid_required'):
openid_required = False
for required in apex_settings('openid_required').split(','):
if not getattr(user, required):
openid_required = True
if openid_required:
request.session['id'] = id.id
request.session['userid'] = user.id
return HTTPFound(location='%s?came_from=%s' % \
(route_url('apex_openid_required', request), \
request.GET.get('came_from', \
route_url(apex_settings('came_from_route'), request))))
headers = apex_remember(request, user)
redir = request.GET.get('came_from', \
route_url(apex_settings('came_from_route'), request))
flash(_('Successfully Logged in, welcome!'), 'success')
return HTTPFound(location=redir, headers=headers)
def sign_up_success(self, form):
request = self.request
db = request.db
id = AuthID()
db.add(id)
user = AuthUser(login=form['username'],
password=form['password'],
email=form['email'])
id.users.append(user)
db.add(user)
db.flush()
headers = remember(request, user.auth_id)
return HTTPSeeOther(headers=headers, location=get_came_from(request))
def includeme(config):
config.include("pyramid_tm")
config.set_request_property(lambda request: DBSession(), "db", reify=True)
config.set_request_property(lambda request: AuthID.get_by_id(authenticated_userid(request)), "user", reify=True)
settings = config.registry.settings
initialize_sql(engine_from_config(settings, "sqlalchemy."), settings)
if not config.registry.queryUtility(IAuthorizationPolicy):
authz_policy = ACLAuthorizationPolicy()
config.set_authorization_policy(authz_policy)
if not config.registry.queryUtility(IAuthenticationPolicy):
auth_secret = settings["h.auth_secret"]
authn_policy = AuthTktAuthenticationPolicy(auth_secret, callback=groupfinder)
config.set_authentication_policy(authn_policy)
config.set_root_factory(RootFactory)
def create_user(self, login):
id = AuthID()
DBSession.add(id)
user = AuthUser(
login=login,
password=self.data['password'],
email=self.data['email'],
)
id.users.append(user)
DBSession.add(user)
settings = get_current_registry().settings
if settings.has_key('apex.default_user_group'):
group = DBSession.query(AuthGroup). \
filter(AuthGroup.name==settings['apex.default_user_group']).one()
id.groups.append(group)
DBSession.flush()
return user
def activate(request):
user_id = request.matchdict.get('user_id')
user = AuthID.get_by_id(user_id)
submitted_hmac = request.matchdict.get('hmac')
current_time = time.time()
time_key = int(base64.b64decode(submitted_hmac[10:]))
if current_time < time_key:
hmac_key = get_hmac_key(user, time_key)
if hmac_key == submitted_hmac[0:10]:
user.active = 'Y'
DBSession.merge(user)
DBSession.flush()
flash(_('Account activated. Please log in.'))
return HTTPFound(location=route_url('apex_login',
request))
flash(_('Invalid request, please try again'))
return HTTPFound(location=route_url(apex_settings('came_from_route'),
request))
def callback(request):
user = None
profile = request.context.profile
if 'id' not in request.session:
user = AuthUser.get_by_login(profile['preferredUsername'])
if not user:
if 'id' in request.session:
auth_id = AuthID.get_by_id(request.session['id'])
else:
auth_id = AuthID()
DBSession.add(auth_id)
user = AuthUser(
login=profile['preferredUsername'],
provider=request.context.provider_name,
)
if 'verifiedEmail' in profile:
user.email = profile['verifiedEmail']
if 'displayName' in profile:
user.display_name = profile['displayName']
# TODO: This may not be unique, handle the error here.
auth_id.users.append(user)
DBSession.add(user)
DBSession.flush()
if apex_settings('default_user_group'):
for name in apex_settings('default_user_group'). \
split(','):
group = DBSession.query(AuthGroup). \
filter(AuthGroup.name == name.strip()).one()
auth_id.groups.append(group)
if apex_settings('create_openid_after'):
openid_after = get_module(apex_settings('create_openid_after'))
openid_after().after_signup(request=request, user=user)
DBSession.flush()
headers = apex_remember(request, user)
redir = request.GET.get(
'came_from',
request.route_path(
apex_settings('came_from_route')
)
)
flash(_('Successfully Logged in, welcome!'), 'success')
return HTTPFound(location=redir, headers=headers)
def activate(request):
"""
"""
user_id = request.matchdict.get('user_id')
user = AuthID.get_by_id(user_id)
submitted_hmac = request.matchdict.get('hmac')
current_time = time.time()
time_key = int(base64.b64decode(submitted_hmac[10:]))
if current_time < time_key:
hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \
apex_settings('auth_secret'), time_key), \
user.email).hexdigest()[0:10]
if hmac_key == submitted_hmac[0:10]:
user.active = 'Y'
DBSession.merge(user)
DBSession.flush()
flash(_('Account activated. Please log in.'))
return HTTPFound(location=route_url('apex_login', \
request))
flash(_('Invalid request, please try again'))
return HTTPFound(location=route_url(apex_settings('came_from_route'), \
request))
def includeme(config):
config.include('pyramid_tm')
config.set_request_property(lambda request: DBSession(), 'db', reify=True)
config.set_request_property(
lambda request: AuthID.get_by_id(authenticated_userid(request)),
'user',
reify=True)
settings = config.registry.settings
initialize_sql(engine_from_config(settings, 'sqlalchemy.'), settings)
if not config.registry.queryUtility(IAuthorizationPolicy):
authz_policy = ACLAuthorizationPolicy()
config.set_authorization_policy(authz_policy)
if not config.registry.queryUtility(IAuthenticationPolicy):
auth_secret = settings['h.auth_secret']
authn_policy = AuthTktAuthenticationPolicy(auth_secret,
callback=groupfinder)
config.set_authentication_policy(authn_policy)
config.set_root_factory(RootFactory)
def reset_password(request):
""" reset_password(request):
no return value, called with route_url('apex_reset_password', request)
"""
title = _('Reset My Password')
if asbool(apex_settings('use_recaptcha_on_reset')):
if apex_settings('recaptcha_public_key') and apex_settings('recaptcha_private_key'):
ResetPasswordForm.captcha = RecaptchaField(
public_key=apex_settings('recaptcha_public_key'),
private_key=apex_settings('recaptcha_private_key'),
)
form = ResetPasswordForm(request.POST, \
captcha={'ip_address': request.environ['REMOTE_ADDR']})
if request.method == 'POST' and form.validate():
user_id = request.matchdict.get('user_id')
user = AuthID.get_by_id(user_id)
submitted_hmac = request.matchdict.get('hmac')
current_time = time.time()
time_key = int(base64.b64decode(submitted_hmac[10:]))
if current_time < time_key:
hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \
apex_settings('auth_secret'), time_key), \
user.email).hexdigest()[0:10]
if hmac_key == submitted_hmac[0:10]:
#FIXME reset email, no such attribute email
user.password = form.data['password']
DBSession.merge(user)
DBSession.flush()
flash(_('Password Changed. Please log in.'))
return HTTPFound(location=route_url('apex_login', \
request))
else:
flash(_('Invalid request, please try again'))
return HTTPFound(location=route_url('apex_forgot', \
request))
return {'title': title, 'form': form, 'action': 'reset'}
def user(self):
user = None
if authenticated_userid(self):
user = AuthID.get_by_id(authenticated_userid(self))
return user
def apex_callback(request):
""" apex_callback(request):
no return value, called with route_url('apex_callback', request)
This is the URL that Velruse returns an OpenID request to
"""
redir = request.GET.get('came_from', \
route_url(apex_settings('came_from_route'), request))
headers = []
if 'token' in request.POST:
auth = None
try:
auth = apex_id_from_token(request)
except:
# TODO add logging
pass
if auth:
user = None
if not request.session.has_key('id'):
user = AuthUser.get_by_login(auth['id'])
if not user:
id = None
if request.session.has_key('id'):
id = AuthID.get_by_id(request.session['id'])
else:
id = AuthID()
DBSession.add(id)
auth_info = auth['profile']['accounts'][0]
user = AuthUser(
login=auth_info['userid'],
provider=auth_info['domain'],
)
if auth['profile'].has_key('verifiedEmail'):
user.email = auth['profile']['verifiedEmail']
id.users.append(user)
if apex_settings('default_user_group'):
for name in apex_settings('default_user_group'). \
split(','):
group = DBSession.query(AuthGroup). \
filter(AuthGroup.name==name.strip()).one()
id.groups.append(group)
if apex_settings('create_openid_after'):
openid_after = get_module(apex_settings('create_openid_after'))
openid_after().after_signup(request=request, user=user)
DBSession.flush()
if apex_settings('openid_required'):
openid_required = False
for required in apex_settings('openid_required').split(','):
if not getattr(user, required):
openid_required = True
if openid_required:
request.session['id'] = id.id
request.session['userid'] = user.id
return HTTPFound(location='%s?came_from=%s' % \
(route_url('apex_openid_required', request), \
request.GET.get('came_from', \
route_url(apex_settings('came_from_route'), request))))
headers = apex_remember(request, user)
redir = request.GET.get('came_from', \
route_url(apex_settings('came_from_route'), request))
flash(_('Successfully Logged in, welcome!'), 'success')
return HTTPFound(location=redir, headers=headers)
def user(self):
user = None
if authenticated_userid(self):
user = AuthID.get_by_id(authenticated_userid(self))
return user
