class MembershipStore(MongoStore):
    Represents a Sessions and Accounts Storage manager for MongoDB utilized to manage Membership for an application.
    It can be used to handle global authentication; or per-area authentication.
    Contains data access logic for accounts and sessions.

    defaults = {
        "accounts_collection": "accounts",
        "sessions_collection": "sessions",
        "login_attempts_collection": "login_attempts",
        "user_key_field": "email"

    def __init__(self, options = None):
        if options is None:
            options = {}
        params = dict(self.defaults, **options)
        self.options = Bunch()

    def configure(self):
        Configure the db, creating the needed collections and theirs indexes.
        :return: self
        opt = self.options
        db_collections = db.collection_names(include_system_collections=False)

        accounts_collection = opt.accounts_collection
        sessions_collection = opt.sessions_collection
        login_attempts_collection = opt.login_attempts_collection
        user_key_field = opt.user_key_field

        if accounts_collection not in db_collections:
            # create the account collection
            accounts = db.create_collection(accounts_collection)
            accounts.create_index([(user_key_field, ASCENDING)])

        if sessions_collection not in db_collections:
            # create the sessions collection
            sessions = db.create_collection(sessions_collection)
            sessions.create_index([(user_key_field, ASCENDING)])
            sessions.create_index([("guid", ASCENDING)])

        if login_attempts_collection and login_attempts_collection not in db_collections:
            # create the login attempts collection
            login_attempts = db.create_collection(login_attempts_collection)
            login_attempts.create_index([(user_key_field, ASCENDING)])

        return self

    def get_account_condition(self, userkey):
        Returns account search condition.
        :param userkey: user key
        :return: condition for a mongodb search
        a = {
            self.options.user_key_field: userkey
        return a

    def get_account(self, userkey):
        Gets the account data associated with the user with the given key.
        :param userkey: user key
        collection = db[self.options.accounts_collection]
        condition = self.get_account_condition(userkey)
        data = collection.find_one(condition)
        return self.normalize_id(data)

    def get_account_by_id(self, account_id):
        Gets the account data associated with the user with the given id.
        :param id: user id
        collection = db[self.options.accounts_collection]
        condition = {
            "_id": ObjectId(account_id)
        data = collection.find_one(condition)
        return self.normalize_id(data)

    def get_accounts(self, options):
        Gets a list of all application accounts.
        collection = db[self.options.accounts_collection]
        return self.get_catalog_page(collection, options)

    def get_sessions(self, options):
        Gets a list of current sessions.
        collection = db[self.options.sessions_collection]
        return self.get_catalog_page(collection, options)

    def get_session(self, sessionkey):
        Gets the session with the given key.
        :param sessionkey: session guid
        collection = db[self.options.sessions_collection]
        data = collection.find_one({ "guid": sessionkey })
        if not data:
            return None
        #set user key
        data["userkey"] = data[self.options.user_key_field]
        return self.normalize_id(data)

    def create_session(self, userkey, expiration, client_ip, client_data):
        Creates a session in the database.
        :param userkey: key of the user for whom we are initializing the session
        :param expiration: expiration datetime of the session
        :param client_ip: ip of the client for whom this function is invoked
        :param client_data: client speficif information (e.g. browser navigator)
        collection = db[self.options.sessions_collection]
        data = {
          "guid": str(uuid.uuid1()),
          self.options.user_key_field: userkey,
          "anonymous": userkey is None or userkey == False,
          "expiration": expiration,
          "client_ip": client_ip,
          "client_data": client_data,

        result = collection.insert_one(data)
        session_id = result.inserted_id
        data = collection.find_one({ "_id": session_id })
        return self.normalize_id(data)

    def create_account(self, userkey, hashedpassword, salt, data, roles = None):
        Creates a new account
        :param userkey: user key (e.g. email or username)
        :param hashedpassword: hashed password
        :param salt: salt used to hash the account password
        :param data: extra account data
        collection = db[self.options.accounts_collection]
        account_data = {
            self.options.user_key_field: userkey,
            "hash": hashedpassword,
            "salt": salt,
            "data": data,
            "roles": roles,
        result = collection.insert_one(account_data)
        return {
            "id": str(result.inserted_id)

    def save_session_data(self, sessionkey, data):
        Stores data for the session with the given key.
        :param sessionkey: session guid.
        :param data: session data
        collection = db[self.options.sessions_collection]
        condition = {
            "guid": sessionkey
        update = {
            "data": data
        collection.update_one(condition, update)

    def get_session_data(self, sessionkey):
        Gets the data associated with the session with the given key.
        :param sessionkey: session guid.
        collection = db[self.options.sessions_collection]
        condition = {
            "guid": sessionkey
        session = collection.find_one(condition)
        return session["data"]

    def destroy_session(self, sessionkey):
        collection = db[self.options.sessions_collection]
        condition = {
            "guid": sessionkey

    def get_failed_login_attempts(self, userkey, start, end):
        Gets the number of failed login attempts for a user with a given key, in the last minutes.
        :param userkey: key of the user for whom we are initializing the session
        :param start: start datetime to check for login attempts
        :param end: end datetime to check for login attempts
        condition = {
            self.options.user_key_field: userkey,
            "timestamp": { "$gte": start, "$lt": end }
        collection = db[self.options.login_attempts_collection]
        attempts = collection.find(condition)
        return attempts.count()

    def save_login_attempt(self, userkey, client_ip, time):
        Stores a failed login attempt in database
        :param userkey: key of the user for whom the login attempt must be stored
        :param client_ip: ip of the client for which the method is invoked
        :param time: timestamp of the login attempt
        data = {
            self.options.user_key_field: userkey,
            "client_ip": client_ip,
            "timestamp": time
        collection = db[self.options.login_attempts_collection]

    def update_account(self, userkey, data):
        Updates the account associated to the user with the given key.
        :param userkey: key of the user whose account must be deleted
        :param data: new account data
        collection = db[self.options.accounts_collection]
        condition = self.get_account_condition(userkey)
        collection.update_one(condition, { "$set": data })

    def delete_account(self, userkey):
        Deletes the account associated to the user with the given key.
        :param userkey: key of the user whose account must be deleted
        collection = db[self.options.accounts_collection]
        condition = self.get_account_condition(userkey)
class ReportsStore(MongoStore):
    Represents a storage manager for MongoDB based application reports.

    defaults =  {
      "messages_collection": "app_messages",
      "exceptions_collection": "app_exceptions"

    def __init__(self, options = None):
        if options is None:
            options = {}
        params = dict(self.defaults, **options)
        self.options = Bunch()

    def configure(self):
        Configure the db, creating the needed collections and theirs indexes.
        :return: self
        opt = self.options
        db_collections = db.collection_names(include_system_collections=False)

        messages_collection = opt.messages_collection
        exceptions_collection = opt.exceptions_collection

        if messages_collection not in db_collections:
            # create the messages collection
            messages = db.create_collection(messages_collection)

        if exceptions_collection not in db_collections:
            # create the sessions collection
            exceptions = db.create_collection(exceptions_collection)

        return self

    def store_message(self, message, time, kind = "Normal"):
        Stores an application message in database.
        :param message: message to store
        :param time: timestamp
        :param kind: the kind of message (e.g. Normal, Warning, etc.)
        :return: message data
        collection = db[self.options.messages_collection]
        data = {
          "message": message,
          "timestamp": time,
          "kind": kind

        result = collection.insert_one(data)
        message_id = result.inserted_id
        data = collection.find_one({ "_id": message_id })
        return self.normalize_id(data)

    def store_exception(self, message, time, typename, callstack):
        Stores an application exception in database.
        :param ex: exception to store
        :param time: timestamp
        :param callstack: exception callstack
        :return: data stored in db
        collection = db[self.options.exceptions_collection]
        data = {
          "message": message,
          "timestamp": time,
          "type": typename,
          "callstack": callstack

        result = collection.insert_one(data)
        ex_id = result.inserted_id
        data = collection.find_one({ "_id": ex_id })
        return self.normalize_id(data)

    def get_messages(self, options):
        Gets a paginated subset of application messages.
        collection = db[self.options.messages_collection]
        data = self.get_catalog_page(collection, options)
        return data

    def get_exceptions(self, options):
        Gets a paginated subset of application exceptions.
        collection = db[self.options.exceptions_collection]
        data = self.get_catalog_page(collection, options)
        return data
class MembershipProvider:
    Provides business logic to provide user authentication.

    It can be used to handle global authentication; or per-area authentication.
    Contains business logic for Login, Logout, ChangePassword.

    defaults = {
        "host": None,  # the host used when generating emails
        "short_time_expiration": 1e3 * 60 * 20,
        "long_time_expiration": 1e3 * 60 * 60 * 24 * 365,
        "failed_login_attempts_limit": 4,
        "minutes_limit": 15,
        "requires_account_confirmation": False

    def __init__(self):
        store = self.get_membership_store()
        options = self.get_options()
        if options is None:
            options = {}
        params = dict(self.defaults, **options)
        self.validate_store(store) = store
        self.options = Bunch()
        self.principal_type = self.get_principal_type()

    def get_membership_store(self):
        Returns the membership store used by this membership provider.

        This method must be implemented in subclasses.
        name = type(self).__name__
        raise NotImplementedError(
            "{} does not implement 'get_membership_store'.".format(name))

    def get_options(self):
        Returns options to override the default parameters.
        return {}

    def get_principal_type(self):
        Returns the membership store used by this membership provider.

        This method can be implemented to set specific Principal types by implementation.
        return Principal

    def get_hash(password, salt):
        Returns an hashed version of password, created using the given salt

        :param password: original password, to obfuscate with the given salt
        :param salt: salt to use to hash a password
        :return: hashed version of password
        key = (password + salt).encode("utf-8")
        return hashlib.sha224(key).hexdigest()

    def get_new_salt():
        Returns a new salt to be used to hash password

        :return: {String} new salt to be used to hash passwords
        alphabet = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
        return ''.join(random.choice(alphabet) for _ in range(16))

    def validate_store(store):
        Validates the store option passed when instantiating a MembershipProvider.
        :param store: store
        # TODO: use abstract class!?
        req = [
            "get_account", "get_accounts", "get_session",
            "get_session_by_guid", "create_account", "update_account",
            "create_session", "destroy_session", "save_session_data",
            "get_session_data", "get_failed_login_attempts",
        for name in req:
            if not hasattr(store, name):
                raise Exception("The given store does not implement `" + name +
                                "` member")

    def get_account(self, userkey):
        Gets the account with the given key.
        :param userkey: key of the user (e.g. email or username)
        data =
        if data is None:
            return None
        result = Bunch()
        return result

    def get_account_by_id(self, account_id):
        Gets the account details by id
        :param account_id: account id
        :return: account
        data =
        if data is None:
            return None
        del data["salt"]
        del data["hash"]
        result = Bunch()
        return result

    def get_accounts(self, options):
        Gets the list of all application accounts.
        # define searchable properties
        options["search_properties"] = ["email", "roles"]
        data =
        # NB !!!
        # Salt and hashed password must be kept private in this case.
        for item in data.subset:
        return data

    def get_sessions(self, options):
        Gets the list of current user sessions.
        # define searchable properties
        options["search_properties"] = [
            "email", "client_data.user_agent", "client_ip"
        data =
        for o in data.subset:
            if o["client_data"]:
                o["user_agent"] = o["client_data"]["user_agent"]
                o["user_agent"] = ""
            del o["client_data"]
        return data

    def prepare_account_data(self, account):
        Prepares account data, to share it outside of bll.
        Salt and hashed password must be never get out of bll.
        del account["salt"]
        del account["hash"]
        if "roles" not in account:
            account["roles"] = []
        return account

    def validate_userkey(self, userkey):
        if userkey is None or re.match("^\s*$", userkey):
            return False
        return True

    def get_account_defaults(self):
        return {}

    def create_account(self,
        Creates a new user account.

        :param userkey: key of the user (e.g. email or username)
        :param password: account clear password (e.g. user defined password)
        :param data: dict, optional account data
        if not self.validate_userkey(userkey) or not self.validate_password(
            return False, "InvalidParameter"

        # verify that an account with the same key doesn't exist already
        account_data =
        if account_data is not None:
            return False, "AccountAlreadyExisting"
        if data is None:
            data = {}
        if roles is None:
            roles = []
        salt = self.get_new_salt()
        hashedpassword = self.get_hash(password, salt)
        data = dict(self.get_account_defaults(), **data)

        if self.options.requires_account_confirmation:
            # set a confirmation token inside the account data
            confirmation_token = str(uuid.uuid1())
            data["confirmation_token"] = confirmation_token

        account_data =, hashedpassword, salt,
                                                 data, roles)

        # TODO: if desired, implement send email logic
        return True, account_data

    def is_password_correct(self, account_id, password):
        require_params(account_id=account_id, password=password)

        if not self.validate_password(password):
            return False

        account_data =
        if account_data is None:
            raise ValueError("AccountNotFound")

        hsh = self.get_hash(password, account_data["salt"])
        if account_data["hash"] != hsh:
            return False
        return True

    def update_password(self, userkey, password):
        Updates the password for the account with the given key.

        :param userkey: key of the user (e.g. email or username)
        :param password: account clear password (e.g. user defined password)
        if not self.validate_userkey(userkey) or not self.validate_password(
            return False, "InvalidParameter"

        account_data =
        if account_data is None:
            return False, "Account not found"
        salt = account_data["salt"]
        hashedpassword = self.get_hash(password, salt), {"hash": hashedpassword})
        return True, ""

    def delete_account(self, userkey):
        Deletes the account with the given userkey
        :param userkey: the user key (email address or username)
        :return: success, error
        account =
        if account is None:
            return False, "AccountNotFound"
        return True, None

    def delete_account_with_validation(self,
        Deletes the account with the given id, validating its password.
        :param account_id:
        :param current_password:
        account =
        if account is None:
            return False, "AccountNotFound"
        hsh = self.get_hash(current_password, account["salt"])
        if account.get("hash") != hsh:
            return False, "InvalidPassword"

        # delete the account
        deleted =
        if not deleted:
            return False, "NoDocumentDeleted"

        # TODO: if desired, implement farewell email here
        return True, None

    def confirm_account(self, account_id, confirmation_token):
        Confirms the account with the given id and using the given confirmation token.
        if not account_id or account_id.isspace():
            raise ArgumentNullException("account_id")
        if not confirmation_token or confirmation_token.isspace():
            raise ArgumentNullException("confirmation_token")

        account_data =
        if not account_data:
            raise ValueError("Account not found")

        if account_data.get("confirmed") is True:
            return True

        if account_data.get("confirmation_token") != confirmation_token:
            raise ValueError("Invalid confirmation token for account `%s`" %
                             account_id), {"confirmed": True},
                                        unset_data={"confirmation_token": ""})
        return True

    def ban_account(self, userkey):
        Bans the account with the given userkey.
        :param userkey: the user key (email address or username)
        :return: success, error
        return self.update_account(userkey, {"banned": True})

    def update_account(self, userkey, data):
        Updates the account with the given key; setting the data.
        :param userkey: the user key (email address or username)
        :param data: account data to update
        :return: self
        account =
        if account is None:
            return False, "AccountNotFound", data)
        return True, None

    def try_login(self,
        Tries to perform a login for the user with the given key (e.g. email or username); password;
        :param userkey: the user key (email address or username)
        :param password:
        :param remember: whether to have a longer expiration time or not
        :param client_ip: ip of the client for which the function has been called
        :param client_data: optional client data
        :param options: extra options
        # get account data
        account_data = self.get_account(userkey)
        if account_data is None:
            return False, "WrongCombo"

        login_attempts = self.get_failed_login_attempts(userkey)
        too_many_attempts = self.options.failed_login_attempts_limit <= login_attempts
        if too_many_attempts:
            # log information

            return False, "TooManyAttempts"
            # error: too many attempts in the last minutes, for this user

        if check_password:
            # generate hash of given password, appending salt
            hsh = self.get_hash(password, account_data.salt)
            if account_data.hash != hsh:
                # the key exists, but the password is wrong
                self.report_login_attempt(userkey, client_ip)
                # exit
                return False, "WrongCombo"

        # check if the account is confirmed
        if self.options.requires_account_confirmation and not account_data.confirmed:
            return False, "RequireConfirmation"

        # check if the account was banned
        if hasattr(account_data, "banned") and account_data.banned is True:
            return False, "BannedAccount"

        # get session expiration
        expiration = self.get_new_expiration(remember)
        # save session
        session =, expiration, client_ip,
        session = Session.from_dict(session)

        del account_data.salt
        del account_data.hash
        principal = self.principal_type

        # TODO: if desired, implement sending of email here "new login from..."

        return True, AuthenticationResult(
            principal(, account_data, session, True), session)

    def report_login_attempt(self, userkey, client_ip):
        Reports a login attempt, storing it in the persistence layer.

        :param userkey: the user key (email address or username)
        :param client_ip: ip of the client
        now = datetime.datetime.utcnow(), client_ip, now)
        return self

    def validate_password_reset_token(self, account_id, token):
        account_data =
        if account_data is None:
            return False, "AccountNotFound"

        password_reset_token = account_data.get("passwordResetToken")
        if not password_reset_token or password_reset_token.isspace():
            return False, "MissingPasswordResetToken"

        if password_reset_token != token:
            return False, "InvalidToken"

        return True, None

    def change_password(self, account_id, current_password, password_one,
        This function is used when a user wants to change a password, using the current password

        account_data =
        if account_data is None:
            raise InvalidOperation("Account not found")

        # validate current password
        if not self.is_password_correct(account_id, current_password):
            raise ValueError("WrongPassword")

        # validate passwords
        valid_passwords, error = self.validate_passwords(
            password_one, password_two)
        if not valid_passwords:
            raise ValueError("Passwords are not valid: " + error)

        # update account password
        salt = self.get_new_salt()
        hashedpassword = self.get_hash(password_one, salt)
        # commit the change:, hashedpassword, salt)
        return True, None

    def commit_password_reset(self, account_id, token, password_one,
        This function is used when a user requested a password change, using a token that was sent by email.
        It validates a token that was set previously.

        :param account_id: id of the account of which the password should be changed
        :param token: password reset token
        :param password_one: first password
        :param password_two: password repetition

        account_data =
        if account_data is None:
            raise InvalidOperation("Account not found")

        password_reset_token = account_data.get("passwordResetToken")
        if not password_reset_token or password_reset_token.isspace():
            raise InvalidOperation("Password reset token not initialized")

        if password_reset_token != token:
            raise ValueError("Invalid password reset token")

        # validate passwords
        valid_passwords, error = self.validate_passwords(
            password_one, password_two)
        if not valid_passwords:
            raise ValueError("Passwords are not valid: " + error)

        salt = self.get_new_salt()
        hashedpassword = self.get_hash(password_one, salt)
        # commit the change:, hashedpassword, salt)
        return True

    def get_failed_login_attempts(self, userkey):
        Gets the number of failed login attempts for a userkey in the amount of minutes defined by MinutesLimit option.
        :param userkey: the user key (email address or username)
        now = datetime.datetime.utcnow()
        ms = self.options.minutes_limit * 60 * 1e3
        start = now - datetime.timedelta(milliseconds=ms)
        count =, start, now)
        return count

    async def try_login_by_session_key(self, sessionkey):
        Tries to perform login by user session key.
        :param sessionkey:
        :return: boolean, session, account
        # returns bool, principal
        if sessionkey is None:
            return False, None

        session = await
        if session is None:
            return False, None

        # convert into a class
        session = Session.from_dict(session)

        now = datetime.datetime.utcnow()
        if session.expiration < now:
            return False, None
        principal_type = self.principal_type
        if session.anonymous:
            return True, AuthenticationResult(
                principal_type(None, None, session, False), session)

        # get account data
        account = await

        if account is None:
            return False, None

        # return session and account data
        principal_type = self.principal_type
        return True, AuthenticationResult(
            principal_type(account["id"], account, session, True), session)

    async def initialize_anonymous_session(self, client_ip, client_data):
        Initializes a session for an anonymous user.

        :param client_ip: ip of the client
        :param client_data: information about the client software
        expiration = self.get_new_expiration(True)
        user_id = None
        session_data = await, expiration,
                                                       client_ip, client_data)
        session = Session.from_dict(session_data)
        principal_type = self.principal_type
        return AuthenticationResult(principal_type(None, None, session, False),

    def get_new_expiration(self, remember=None):
        Returns the expiration for a new session, based on the provider settings and if the user wants to be remembered.
        for longer or not.

        :param remember: boolean
        :return: datetime
        if remember is None:
            remember = False
        now = datetime.datetime.utcnow()
        ms = self.options.long_time_expiration if remember else self.options.short_time_expiration
        expiration = now + datetime.timedelta(milliseconds=ms)
        return expiration

    def save_session_data(self, sessionkey, data):
        Stores session data in the database.
        :param sessionkey: the key of the session
        :param data: dictionary of data to store in database
        """, data)
        return self

    def get_session_data(self, sessionkey):
        Gets the data associated with the given session, in database.
        :param sessionkey: the key of the session
        :return: dict
        return self.options.get_session_data(sessionkey)

    def destroy_session(self, sessionkey):
        Destroys the session with the given key.
        :param sessionkey: key of the session to destroy.
        :return: self
        return self

    def validate_new_passwords(self, pass_one, pass_two):
        if pass_one != pass_two:
            return False
        if not self.validate_password(pass_one):
            return False
        return True

    def validate_passwords(self, password_one, password_two):
        Validates the two given passwords.

        :param password_one: first password written by user.
        :param password_two: password confirmation.
        :return: success, error
        if not password_one or not password_two:
            return False, "missing password"
        if password_one != password_two:
            return False, "password mismatch"
        v = password_two
        valid = self.validate_password(v)
        if not valid:
            return False, "password too weak"
        return True, None

    def validate_password(self, password):
        Validates a single value to see if it's suitable for a password.

        :param password: value to validate.
        if not password or password.isspace():
            return False
        l = len(password)
        if l < 6:
            # too simple, either way
            return False

        if l > 50:
            # too long: the interface allows maximum 50 chars
            return False

        keys = OrderedDict.fromkeys(password).keys()
        keys_length = len(keys)

        if keys_length < 3:
            # the password is too weak, it contains less than 3 different types of character
            return False

        forbidden = {"password", "qwerty", "123456", "1234567"}
        if password.lower() in forbidden:
            return False
        return True
class MembershipStore(MongoStore):
    Represents a Sessions and Accounts Storage manager for MongoDB utilized to manage Membership for an application.
    It can be used to handle global authentication; or per-area authentication.
    Contains data access logic for accounts and sessions.

    defaults = {
        "accounts_collection": "accounts",
        "sessions_collection": "sessions",
        "login_attempts_collection": "login_attempts",
        "user_key_field": "email"

    def __init__(self, options=None):
        if options is None:
            options = {}
        params = dict(self.defaults, **options)
        self.options = Bunch()

    def configure(self):
        Configure the db, creating the needed collections and theirs indexes.
        :return: self
        opt = self.options
        db_collections = db.collection_names(include_system_collections=False)

        accounts_collection = opt.accounts_collection
        sessions_collection = opt.sessions_collection
        login_attempts_collection = opt.login_attempts_collection
        user_key_field = opt.user_key_field

        if accounts_collection not in db_collections:
            # create the account collection
            accounts = db.create_collection(accounts_collection)
            accounts.create_index([(user_key_field, ASCENDING)])

        if sessions_collection not in db_collections:
            # create the sessions collection
            sessions = db.create_collection(sessions_collection)
            sessions.create_index([(user_key_field, ASCENDING)])
            sessions.create_index([("guid", ASCENDING)])

        if login_attempts_collection and login_attempts_collection not in db_collections:
            # create the login attempts collection
            login_attempts = db.create_collection(login_attempts_collection)
            login_attempts.create_index([(user_key_field, ASCENDING)])

        return self

    def get_account_condition(self, userkey):
        Returns account search condition.
        :param userkey: user key
        :return: condition for a mongodb search
        a = {self.options.user_key_field: userkey}
        return a

    def get_account(self, userkey):
        Gets the account data associated with the user with the given key.
        :param userkey: user key
        collection = db[self.options.accounts_collection]
        condition = self.get_account_condition(userkey)
        data = collection.find_one(condition)
        return self.normalize_id(data)

    def get_account_by_id(self, account_id):
        Gets the account data associated with the user with the given id.
        :param id: user id
        collection = db[self.options.accounts_collection]
        condition = {"_id": ObjectId(account_id)}
        data = collection.find_one(condition)
        return self.normalize_id(data)

    def get_accounts(self, options):
        Gets a list of all application accounts.
        collection = db[self.options.accounts_collection]
        return self.get_catalog_page(collection, options)

    def get_sessions(self, options):
        Gets a list of current sessions.
        collection = db[self.options.sessions_collection]
        return self.get_catalog_page(collection, options)

    def get_session(self, sessionkey):
        Gets the session with the given key.
        :param sessionkey: session guid
        collection = db[self.options.sessions_collection]
        data = collection.find_one({"guid": sessionkey})
        if not data:
            return None
        #set user key
        data["userkey"] = data[self.options.user_key_field]
        return self.normalize_id(data)

    def create_session(self, userkey, expiration, client_ip, client_data):
        Creates a session in the database.
        :param userkey: key of the user for whom we are initializing the session
        :param expiration: expiration datetime of the session
        :param client_ip: ip of the client for whom this function is invoked
        :param client_data: client speficif information (e.g. browser navigator)
        collection = db[self.options.sessions_collection]
        data = {
            "guid": str(uuid.uuid1()),
            self.options.user_key_field: userkey,
            "anonymous": userkey is None or userkey == False,
            "expiration": expiration,
            "client_ip": client_ip,
            "client_data": client_data,

        result = collection.insert_one(data)
        session_id = result.inserted_id
        data = collection.find_one({"_id": session_id})
        return self.normalize_id(data)

    def create_account(self, userkey, hashedpassword, salt, data, roles=None):
        Creates a new account
        :param userkey: user key (e.g. email or username)
        :param hashedpassword: hashed password
        :param salt: salt used to hash the account password
        :param data: extra account data
        collection = db[self.options.accounts_collection]
        account_data = {
            self.options.user_key_field: userkey,
            "hash": hashedpassword,
            "salt": salt,
            "data": data,
            "roles": roles,
        result = collection.insert_one(account_data)
        return {"id": str(result.inserted_id)}

    def save_session_data(self, sessionkey, data):
        Stores data for the session with the given key.
        :param sessionkey: session guid.
        :param data: session data
        collection = db[self.options.sessions_collection]
        condition = {"guid": sessionkey}
        update = {"data": data}
        collection.update_one(condition, update)

    def get_session_data(self, sessionkey):
        Gets the data associated with the session with the given key.
        :param sessionkey: session guid.
        collection = db[self.options.sessions_collection]
        condition = {"guid": sessionkey}
        session = collection.find_one(condition)
        return session["data"]

    def destroy_session(self, sessionkey):
        collection = db[self.options.sessions_collection]
        condition = {"guid": sessionkey}

    def get_failed_login_attempts(self, userkey, start, end):
        Gets the number of failed login attempts for a user with a given key, in the last minutes.
        :param userkey: key of the user for whom we are initializing the session
        :param start: start datetime to check for login attempts
        :param end: end datetime to check for login attempts
        condition = {
            self.options.user_key_field: userkey,
            "timestamp": {
                "$gte": start,
                "$lt": end
        collection = db[self.options.login_attempts_collection]
        attempts = collection.find(condition)
        return attempts.count()

    def save_login_attempt(self, userkey, client_ip, time):
        Stores a failed login attempt in database
        :param userkey: key of the user for whom the login attempt must be stored
        :param client_ip: ip of the client for which the method is invoked
        :param time: timestamp of the login attempt
        data = {
            self.options.user_key_field: userkey,
            "client_ip": client_ip,
            "timestamp": time
        collection = db[self.options.login_attempts_collection]

    def update_account(self, userkey, data):
        Updates the account associated to the user with the given key.
        :param userkey: key of the user whose account must be deleted
        :param data: new account data
        collection = db[self.options.accounts_collection]
        condition = self.get_account_condition(userkey)
        collection.update_one(condition, {"$set": data})

    def delete_account(self, userkey):
        Deletes the account associated to the user with the given key.
        :param userkey: key of the user whose account must be deleted
        collection = db[self.options.accounts_collection]
        condition = self.get_account_condition(userkey)
class ReportsManager():
    Provides business logic to log application specific messages in a database.

    defaults = {"store": None}

    def __init__(self, options=None):
        if options is None:
            options = {}
        params = dict(self.defaults, **options)
        self.options = Bunch()

    def get_messages(self, options):
        Gets a paginated result of messages.
        :param options: pagination options
        :return: catalog page
        if options is None:
            raise Exception("Missing pagination options.")
        options["search_properties"] = ["message"]

    def get_exceptions(self, options):
        Gets a paginated result of exceptions.
        :param options: pagination options
        :return: catalog page
        if options is None:
            raise Exception("Missing pagination options.")
        options["search_properties"] = ["type", "message", "callstack"]

    def log_message(self, message, kind="Normal"):
        Logs a message
        :param message: application message to store
        :param kind: kind of message
        now =
        return, now, kind)

    def log_exception(self, ex=None):
        Logs an exception in database.
        :param ex: exception object
        now =
        exc_type, exc_value, exc_traceback = sys.exc_info()
        if ex is None:
            ex = exc_value
        call_stack = "\n".join(traceback.format_tb(exc_traceback))
        message = ex.message if hasattr(ex, "message") \
            else exc_value.args[0] if len(exc_value.args) > 0 else str(ex)
        return, now, str(exc_type),

    def try_log_exception(self, ex=None):
        Tries to log an exception in database; does nothing if the log itself causes exception.
        :param ex: exception object
        except Exception:

    def log_warning(self, message):
        Logs a warning message
        :param message: application message to store
        now =
        return, now, "Warning")

    def validate_store_option(params):
        Validates the store option passed when instantiating a ReportsManager.
        :param params: constructor options
        if params["store"] is None:
            raise Exception("Missing `store` option")
        req = [
            "store_message", "store_exception", "get_messages",
        for name in req:
            if not hasattr(params["store"], name):
                raise Exception("The given store does not implement `" + name +
                                "` member")