def logout(self, mesg): session.destroy() if mesg == "depleted": flash(self.model.spiel('quota_depleted'), 'error') else: flash(self.model.spiel('logout'), 'error') self.log.info('Logging off %s', request.gateway_session_id) request.gateway_session.logoff(request.gateway_session_id) if 'sessacct' in self.config: time.sleep(2) print 'Checking for accounting stop..' for n in range(4): sessacct = self.model.getSessionByIP() print ' ', sessacct if not sessacct: break if sessacct['Acct-Status-Type'] == 'Stop': break time.sleep(1) else: print 'XXXXX' time.sleep(2) for n in range(4): if not request.gateway_session.session_sync(request, session): break time.sleep(1) return redirect(url_for('login_form'))
def email_confirm(user_id, secret): if session.ok and user_id != session["user"]["user_id"]: session.destroy() try: users.email_confirm_check(user_id, secret, session["user"] if session.ok else None) except users.EmailAlreadyConfirmed: return render_template("login/email-confirm.html", already_confirmed=True, next=login_next()) except users.BadSecret: return render_template("login/email-confirm.html", bad_secret=True) if not session.ok and request.method == "POST": password = request.form["password"] try: user = users.password_login("user_id", user_id, password) except users.BadPassword: return render_template("login/email-confirm.html", unauthenticated=True, bad_password=True, user_id=user_id, secret=secret) else: logger.info("logging in user %s (during email confirmation)", user["user_id"]) session.create(user) if not session.ok: return render_template("login/email-confirm.html", unauthenticated=True, user_id=user_id, secret=secret) users.email_confirm(user_id) return render_template("login/email-confirm.html", confirmed=True, next=login_next())
def logout(): current_app.logger.info('logout: {user}', extra={'user': user_logging_string(current_user)}) terms_of_use.set_session_flag(False) if current_app.config['REDIS_SESSIONS']: session.destroy() logout_user() return redirect('/2/login')
def ldap_logout(): """ Log a user out from the LDAP server. Args: timed_out (bool): If True, the users client side session timed-out. Returns: HTTP Response (werkzeug.wrappers.Response): Redirects the user to the home page """ timed_out = request.args.get('timed_out', False) logout_user() create_auth_event( auth_event_type=event_type.USER_FAILED_LOG_IN, user_guid=session["user_id"], new_value={ 'success': True, 'type': current_app.config['AUTH_TYPE'], 'timed_out': timed_out } ) session.destroy() if timed_out: flash("Your session timed out. Please login again", category="info") return redirect(url_for("main.index"))
def password_login(): if session.ok: session.destroy() email = request.form["email"].lower() password = request.form["password"] try: user = users.password_login("email", email, password) except users.ShouldUseRaven: return render_template("login/password-login.html", should_use_raven=True, email=email) except users.EmailNotFound: return render_template("login/password-login.html", bad_email=True, email=email) except users.BadPassword: return render_template("login/password-login.html", bad_password=True, email=email) except users.UserDisabled: return user_disabled_response() else: logger.info("logging in user %s (via password; email %s)", user["user_id"], email) session.create(user) return redirect(login_next())
def before_request(): if current_user.is_authenticated: last_login = session['last_login'] time = datetime.datetime.now() - last_login print(time.seconds) if time.seconds > 900: # 30minutes logout_user() session.destroy() resp = make_response(redirect(url_for('home_page'))) if resp.headers['Location'] == '/': return resp elif session.get('otp_session'): otp_session = session['otp_session'] interval = datetime.datetime.now() - otp_session if interval.seconds > 60: session.destroy() flash('Enter OTP within 60 seconds') resp = make_response(redirect(url_for('login'))) if resp.headers['Location'] == '/login': return resp # print(psutil.net_io_counters()) session.permanent = True app.permanent_session_lifetime = datetime.timedelta(days=1) session.modified = True g.user = current_user if not os.environ.get('IS_PROD'): test.kvsession_extension.cleanup_sessions(app)
def lost_password_form(self): if 'do' in request.args and request.args['do'] == 'captcha_img': if 'pw_captcha' not in session: abort(503) else: response = make_response(session['pw_captcha'].image()) response.headers.add('Content-Type', 'image/png') return response phase = int(request.args['phase']) if 'phase' in request.args else 1 if phase == 1: session.wipe(exception_keys=['_flashes']) session['confirmation_form_type'] = 'lost_password' request.response.data = render_template_string(request.templates['lost_password1'], templates=request.template_objects) elif phase == 2 and 'confirmation_email_address' in session: session['security_qa'] = security_qa = request.kenan.GetUserSecurityQuestion(session['confirmation_email_address']) if security_qa == False: self.log.info('Lost password for %s kenan security question query failed', session['confirmation_email_address']) session.destroy() flash(self.model.spiel('system_timeout', code='17ba0'), 'error') return redirect(url_for('lost_password_form')) request.response.data = render_template_string(request.templates['lost_password2'], security_qa=security_qa, templates=request.template_objects) elif phase == 3 and 'confirmation_answer_ok' in session: if 'pw_captcha' not in session: session['pw_captcha'] = captcha(request.gateway_session_id) self.log.info('Captcha Validation: %s', session['pw_captcha']._generate_words()) request.response.data = render_template_string(request.templates['lost_password3'], templates=request.template_objects) else: return redirect('/lost_password?phase=1') return request.response
def logout(): """ Unified logout endpoint for all authentication types. GET Args: timeout (bool): If True, logout is being called due to a session timeout. forced_logout (bool): If True, logout is being called due to a duplicate session. Returns: HTTP Response (werkzeug.wrappers.Response): Redirect to the appropriate logout endpoint. """ timeout = request.args.get("timeout", False) forced_logout = request.args.get("forced_logout", False) if current_app.config["USE_LDAP"]: return redirect( url_for("auth.ldap_logout", timeout=timeout, forced_logout=forced_logout) ) elif current_app.config["USE_SAML"]: return redirect( url_for( "auth.saml", slo="true", timeout=timeout, forced_logout=forced_logout ) ) elif current_app.config["USE_LOCAL_AUTH"]: logout_user() session.destroy() if timeout: flash("Your session timed out. Please login again", category="info") return redirect(url_for("main.index")) return abort(404)
def _do_account_logon(self, subscriber_id, password): del(session['Password']) # Send account-logon CoA to ISG self.log.info('Sending logon %s:%s to WAG..', subscriber_id, password) logon_result, logon_message, logon_attrs = request.gateway_session.logon(subscriber_id, password, request.gateway_session_id) if not logon_result: session.destroy() if type(logon_message) == type(u''): self.log.error('Login.end system_error [%s]: WAG login CoANaK: %s', subscriber_id, logon_message) if logon_message == 'Access denied, session limit exceeded': flash(self.model.spiel('session_control'), 'error') else: flash(self.model.spiel('system_timeout', code='902ba'), 'error') else: self.log.error('Login.end system_error [%s]: WAG session login returned CoANaK', subscriber_id) flash(self.model.spiel('system_timeout', code='fe5db'), 'error') return redirect(url_for('login_form')) #!!!!!!!!!!!!!!!!!!!!!!!!!!! # GATEWAY SESSION NOW VALID #!!!!!!!!!!!!!!!!!!!!!!!!!!! session['Gateway-Session'] = True self.model.save_login_time(session['Subscriber-Id']) self.log.info('Login.end ok [%s]', subscriber_id) request.response.headers.add('X-Login-Successful', '1') request.response.data = render_template_string(request.templates['welcome'], templates=request.template_objects) return request.response
def logout(self, mesg): session.destroy() if mesg == "depleted": flash(self.model.spiel('quota_depleted'), 'error') else: flash(self.model.spiel('logout'), 'error') request.gateway_session.logoff(request.gateway_session_id) return redirect(url_for('login_form'))
def logout(): if not is_logged_in(): return redirect(url_for('login')) else: session.destroy() sess_ext.cleanup_sessions() return render_template('logout.html')
def expire_session(app, user): logger.debug("Cleanup sessions") session.destroy() KVSessionExtension(app=app).cleanup_sessions(app) user_ip = request.headers.get('X-Forwarded-For', request.remote_addr) user_logout_at = datetime.datetime.now() audit_logger.info(f"User [{user.username}] logged out from IP [{user_ip}] at [{user_logout_at}]")
def logout(): logout_user() session.destroy() print(session) resp = make_response(redirect(url_for('home_page'))) if resp.headers['Location'] == '/': return resp else: abort(404)
def logout_from_all(): """ Log out from all services """ # Delete all session data and the session cookie session.clear() session.destroy() response = app.make_response(json.dumps({"logged_out": True})) response.delete_cookie(app.session_cookie_name) return response
def signout(): print session deleteSessionDirectory(session['session_dir']) try: session.destroy() except: print 'session.destroy failed' print session return redirect(url_for('agreement'))
def destroy_immediately(): # from issue # 1. Set a session. # works implicitly # 2. Update session with keys. session['foo'] = 'bar' # 3. Destroy. session.destroy() # 4. Check if destroy worked. # ???? # 5. PROFIT return 'PROFIT'
def current(): searchForm = SearchForm() if current_user.is_authenticated: form = ChangePasswordForm() if form.validate_on_submit(): if request.content_type != r'application/x-www-form-urlencoded': log.logger.error('Incorrect request content format at /current route') abort(404) if utils.banned_characters(form.currentPassword.data): log.logger.critical('Malicious character detected in support route. An attempt to inject is possible') abort(404) user = Models.Customer.query.filter_by(username=current_user.username).first() saved_hash= user.password_hash password_hashed = utils.generate_hash(form.currentPassword.data,user.password_salt) if saved_hash == password_hashed: if utils.banned_characters(form.confirm.data.upper(),matches='({0})'.format(str(escape(current_user.username.upper())))): flash('Password should not contain anything related to your username. Please try again!') resp = make_response(redirect(url_for('current_password'))) if resp.headers['Location'] == '/current': return resp elif utils.read_common_password(form.confirm.data) or utils.banned_characters(form.confirm.data.upper(),matches='(PASSWORD)') or utils.banned_characters(form.confirm.data.upper(), matches='(PASSWORD)') or utils.banned_characters(form.confirm.data.upper(), matches='(ADMIN)'): flash('This password is either too common and subsceptiple to hackers or password contain words like \"username\" or \"password\" or \"admin\"') resp = make_response(redirect(url_for('current_password'))) if resp.headers['Location'] == '/current_password': return resp else: try: user = Models.Customer.query.filter_by(username=current_user.username).first() new_salt = utils.generate_salt() new_hash = utils.generate_hash(form.confirm.data,new_salt) user.password_salt = new_salt user.password_hash = new_hash Models.database.session.commit() logout_user() session.destroy() flash('Password has changed,please try to login with new credential') resp = make_response(redirect(url_for('login'))) if resp.headers['Location'] == '/login': return resp except: Models.database.session.rollback() else: flash('Invalid current password') resp = make_response(redirect(url_for('current_password'))) if resp.headers['Location'] == '/current': return resp else: abort(404)
def login_submit(self): # Send account-logon CoA to ISG self.log.info('Sending logon %s:%s to WAG..', subscriber_id, password) logon = request.gateway_session.logon(subscriber_id, password, request.gateway_session_id) if not logon[0]: self.log.debug('WAG account_logon CoA-NaK') session.destroy() flash('Service not available. Try again later.', 'error') return redirect(url_for('login_form')) session['Gateway-Session'] = True self.model.save_login_time(session['Subscriber-Id']) request.response.data = render_template_string(request.templates['welcome'], templates=request.template_objects) return request.response
def password_forgotten(): if session.ok: session.destroy() email = request.form["email"].lower() try: users.reset_password_begin(email) except users.ShouldUseRaven: return render_template("login/password-forgotten.html", should_use_raven=True, email=email) except users.EmailNotFound: return render_template("login/password-forgotten.html", bad_email=True, email=email) except users.UserDisabled: return user_disabled_response() else: return render_template("login/password-forgotten-success.html", email=email)
def logout(): """Logout user --- tags: - auth security: - basicAuth: [] responses: 200: description: Message type: object properties: message: type: string """ if current_app.config['REDIS_SESSIONS']: session.destroy() logout_user() return jsonify(message='The user was logged out successfully'), 200
def email_reset(user_id, secret): if session.ok: session.destroy() # technically we could race between checking and resetting, allowing # a user to reset their password twice, but that achieves nothing try: user = users.reset_password_check(user_id, secret) except users.BadSecret: logger.warning("bad email_reset link (user %s)", user_id) return render_template("login/email-reset.html", invalid=True) if request.method == "GET": return render_template("login/email-reset.html", ready=True, user_id=user_id, secret=secret, email=user["email"]) else: password = request.form["password"] password_again = request.form["password_again"] errors = {} if len(password) < 8: errors["password_short"] = True elif password != password_again: errors["password_again_bad"] = True if errors: return render_template("login/email-reset.html", user_id=user_id, secret=secret, email=user["email"], change_failed=True, **errors) else: users.reset_password(user_id, password) if not user["email_confirmed"]: # user arrived here via a link in an email, and is logged in users.email_confirm(user_id) session.create(user) return render_template("login/email-reset.html", success=True, next=login_next())
def oauth_logout(): timed_out = eval_request_bool(request.args.get('timeout')) forced_logout = eval_request_bool(request.args.get('forced_logout')) if forced_logout: user_session = redis_get_user_session(current_user.session_id) if user_session is not None: user_session.destroy() if timed_out: flash("Your session timed out. Please login again", category='info') if 'token' in session: revoke_and_remove_access_token() if current_user.is_anonymous: return redirect(url_for("main.index")) update_object({'session_id': None}, Users, (current_user.guid, current_user.auth_user_type)) logout_user() session.destroy() if forced_logout: return redirect(url_for("auth.login")) return redirect(url_for("main.index"))
def password_signup(): if session.ok: session.destroy() email = request.form["email"].lower() email_again = request.form["email_again"].lower() password = request.form["password"] password_again = request.form["password_again"] errors = {} if email.endswith("@cam.ac.uk"): email_again = "" errors["should_use_raven"] = True elif not email_regex.match(email): email_again = "" errors["email_invalid"] = True elif email != email_again: email_again = "" errors["email_again_bad"] = True if len(password) < 8: errors["password_short"] = True elif password != password_again: errors["password_again_bad"] = True if not errors: with utils.with_savepoint("email_unique") as rollback: try: # the link advertises password signup as for alumni user = users.new_password_user(email, password, 'alumnus') except users.EmailAlreadyExists: rollback() errors["email_already_exists"] = True except users.ShouldUseRaven: errors["should_use_raven"] = True if errors: return render_template("login/password-signup.html", email=email, email_again=email_again, **errors) else: session.create(user) return redirect(login_next())
def check_csrf_token(): if request.method in ('POST', 'PATCH', 'PUT', 'DELETE'): old_csrf_valid = is_csrf_token_valid() new_csrf_valid = check_valid_csrf() if not (old_csrf_valid or new_csrf_valid): current_app.logger.info( 'csrf.invalid_token: Aborting request, user_id: {user_id}', extra={'user_id': session.get('user_id', '<unknown')}) if current_app.config.get('REDIS_SESSIONS'): session.destroy() rollbar.report_message( 'csrf.invalid_token: Aborting request check_csrf_token()', 'error', request) abort( 400, 'Your session has timed out, please delete your cookies and restart your browser.' '<br> If you continue to experience this issue, ' 'please <a href="https://marketplace1.zendesk.com/hc/en-gb/requests/new">contact us</a>' )
def saml_sls(saml_sp, user_guid): """Process a SAML LogoutResponse from the IdP Args: saml_sp (OneLogin_Saml2_Auth): SAML SP Instance user_guid (str): Unique identifier for user being logged out. Returns: Response Object: Redirect the user to the Home Page. """ dscb = session.destroy() url = saml_sp.process_slo(delete_session_cb=dscb) errors = saml_sp.get_errors() logout_user() if not errors: create_auth_event( auth_event_type=event_type.USER_LOGGED_OUT, user_guid=user_guid, new_value={ 'success': True, 'type': current_app.config['AUTH_TYPE'] } ) return redirect(url) if url else redirect(url_for('main.index')) else: error_message = "Errors on SAML Logout:\n{errors}".format(errors='\n'.join(errors)) current_app.logger.exception(error_message) create_auth_event( auth_event_type=event_type.USER_FAILED_LOG_OUT, user_guid=user_guid, new_value={ 'success': False, 'type': current_app.config['AUTH_TYPE'], 'errors': error_message } ) flash("Sorry! An unexpected error has occurred. Please try again later.", category='danger') return redirect(url_for('main.index'))
def login_submit(self): if 'sq' in request.args and 'force_update_sq' in session: if 'sq_question' not in request.form or 'sq_answer' not in request.form: return abort(403) user = self.model.get_user_info_from_session() if not user: return abort(403) update_sq = request.kenan.UpdateUserSecurityQuestion(user['user_id'], request.form['sq_question'], request.form['sq_answer']) if type(update_sq) != type(u''): self.log.error('Security question update failed. Connection timed out.') flash(self.model.spiel('system_timeout', code='f1abd'), 'error') return redirect('/pldt/auth?sq') update_sq = int(update_sq) if update_sq == 0: self.log.info('Security question update successful!') del(session['force_update_sq']) return self._do_account_logon(session['Subscriber-Id'], session['Password']) else: self.log.error('Security question update failed. Error code %s returned.', update_sq) flash(self.model.spiel('system_timeout', code='1574b'), 'error') return redirect('/pldt/auth?sq') # normal login starts here #username = str(request.form['principal']) if 'principal' in request.form else None #password = str(request.form['credential']) if 'credential' in request.form else None username = request.form.get('principal', None) password = request.form.get('credential', None) #domain = request.form.get('domain', None) #print request.args, request.form, request.headers if username == None or password == None: #or paytype == None: self.log.info('Missing login information (%s|%s)', username, password) return redirect(url_for('login_form')) paytype = 'postpaid' if username.find('@') == -1: username = username.upper() password = password.upper() paytype = 'prepaid' domain = self.config['prepaid_domain'] if paytype == 'postpaid': username = username.lower() orig_username = username username = username.replace('@', ':') domain = self.config['postpaid_domain'] if username == "" or password == "": flash(self.model.spiel('login_invalid_input'), 'error') return redirect(url_for('login_form')) subscriber_id = '%s@%s' % (username, domain) self.log.info('Login.start [%s]: password is ***', subscriber_id) # # Voucher System if paytype == 'prepaid': user = self.model.vms_get_user(username, password) if user == False: self.log.info('Login.end user_error [%s]: User does not exist/incorrect password', subscriber_id) flash(self.model.spiel('invalid_account'), 'error') return redirect(url_for('login_form')) # Check if initial login if 'activated_datetime' not in user: batch = self.model.vms_get_batch(user['batch_id']) if batch == None: self.log.info('Login.end system_error [%s]: Batch does not exist', subscriber_id) flash(self.model.spiel('system_timeout', code='bc33e'), 'error') return redirect(url_for('login_form')) package = self.model.vms_get_package(batch['package']) if package == None: self.log.info('Login.end system_error [%s]: Package does not exist', subscriber_id) flash(self.model.spiel('system_timeout', code='0a57c'), 'error') return redirect(url_for('login_form')) # Provisioning Stages for case in switch(user['stage']): #~ STAGE 1. ADDUSER if case(1): self.log.info('Creating SDB user %s', subscriber_id) adduser = request.sdb.vmsAddUser(user['username'], user['username'], user['hash_password'], batch['domain'], batch['organization_qualified_name'], package['user_profile_set'], user['expiry'] if 'expiry' in user else batch['expiry']) print 'addUser', adduser try: if 'target' in adduser and 'error' in adduser['target']: print 'ADDUSER ERROR', adduser self.log.info('Login.end system_error [%s]: Unable to provision initial login', subscriber_id) flash(self.model.spiel('system_timeout', code='7719a'), 'error') return redirect(url_for('login_form')) except Exception, err: print 'exception error on adduser', err self.log.info('Login.end system_error [%s]: Unable to provision initial login (exception)', subscriber_id) flash(self.model.spiel('system_timeout', code='22d20'), 'error') return redirect(url_for('login_form')) self.model.vms_db.batch_users.update({'_id': ObjectId(user['_id'])}, {'$set': {'stage': 2}}) #~ STAGE 2. ADD SESSION RIGHT if case(2): self.log.info('Adding prepaid session right %s to %s', package, subscriber_id) if package['usage_type'] == 'time': addsessionright = request.bpc.AddTimeSessionRight(subscriber_id=subscriber_id, validity=package['credit_validity'], time=package['cap'], data='Time_PLDT_WiFi_Prepaid') elif package['usage_type'] == 'volume-aggregate': addsessionright = request.bpc.AddVolumeSessionRight(subscriber_id=subscriber_id, validity=package['credit_validity'], volume=package['cap'], data='Volume_PLDT_WiFi_Prepaid') elif package['usage_type'] == 'volume-downlink': addsessionright = request.bpc.AddVolumeSessionRight(subscriber_id=subscriber_id, validity=package['credit_validity'], volume=package['cap'], data='Volume_PLDT_WiFi_Prepaid', direction='downlink') elif package['usage_type'] == 'volume-uplink': addsessionright = request.bpc.AddVolumeSessionRight(subscriber_id=subscriber_id, validity=package['credit_validity'], volume=package['cap'], data='Volume_PLDT_WiFi_Prepaid', direction='uplink') if type(addsessionright) == type({}) and 'success' in addsessionright: self.log.info('Prepaid SR id %s successfully added to %s', addsessionright['success']['session-right']['id'], subscriber_id) else: self.log.info('Failed Adding SR %s to %s', package, subscriber_id) session.destroy() flash(self.model.spiel('system_timeout', code='c1dfd'), 'error') return redirect(url_for('login_form')) self.model.vms_db.batch_users.update({'_id': ObjectId(user['_id'])}, {'$set': {'status': 3, 'remarks': 'None', 'stage': 3}}) self.model.vms_tag_activated(username) password = user['hash_password']
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!! if paytype == 'prepaid': if 'prepaid_last_login_attempt' in session: prepaid_last_login_attempt_elapsed = time.time() - session['prepaid_last_login_attempt'] print 'ELAPSES', prepaid_last_login_attempt_elapsed waitfor = 10 if prepaid_last_login_attempt_elapsed < waitfor: #time.sleep(waitfor - prepaid_last_login_attempt_elapsed) return 'Login too fast!' session['prepaid_last_login_attempt'] = time.time() # Iterate over the session rights if not request.bpc.process_session_rights(session, ignore_base=True): session.destroy() self.log.error('Login.end system_error [%s]: BPC session rights processing returned False', subscriber_id) flash(self.model.spiel('system_timeout', code='1b645'), 'error') return redirect(url_for('login_form')) # Intercept blank session rights if session['rights'] == {}: self.log.info('Login.end user_error [%s]: Session rights empty', subscriber_id) session.destroy() flash(self.model.spiel('quota_depleted'), 'error') return redirect(url_for('login_form')) self.model.vms_tag_last_accessed(username) elif paytype == 'postpaid': # Validate Kenan
def logout(): if signed_in() or app.debug: session.destroy() return redirect('/')
def delete_session(): session.destroy() return 'ok'
def ldap_logout(timed_out=False, forced_logout=False): logout_user() session.destroy() if timed_out: flash("Your session timed out. Please login again", category='info') return redirect(url_for('main.index'))
def del_session(): print 'before destroy session' session.destroy() print 'after destroy session' return 'session deleted from db.'
def logout(): if session.ok: utils.check_csrf() session.destroy() return redirect(url_for("info.index"))
def new_game(): session.destroy() init_adventure() return redirect(url_for('player'))
def logout(): # Delete the session logout_user() session.destroy() return jsonify(msg="Logged out successfully", status=200, redirect=url_for('login'))
def logout(): session.destroy() return redirect(url_for('index'))
def login_submit(self): #username = hashlib.md5(request.gateway_session_id).hexdigest()[:16] username = str(request.form['msisdn']) if 'msisdn' in request.form else None password = '******' domain = 'freewifi.smart.com.ph' if username == None: return redirect(url_for('login_form')) # Check MSISDN input msisdn_valid, username, msisdn_error_message = self.model.check_msisdn(username) subscriber_id = '%s@%s' % (username, domain) self.log.info('Login.start [%s]: password is ***', subscriber_id) if not msisdn_valid: self.log.info('Login.end user_error [%s]: Invalid MSISDN: %s', subscriber_id, msisdn_error_message) flash(self.model.spiels['non_smart_msisdn']) return redirect(url_for('login_form')) msisdn_logged = self.model.subscribers_7107.find_one({'_id':username}) if msisdn_logged is None: if 'email' in request.form and 'age_range' in request.form: email = request.form.get('email') age_range = request.form.get('age_range') gender = request.form.get('gender') if email is None or age_range is None or gender is None: flash('Incomplete parameters') self.log.info('Login.end user_error [%s]: Incomplete parameters', subscriber_id) return redirect(url_for('login_form') + '?q=1') if 'q' not in session: session['q'] = {'msisdn': username} session['q']['email'] = email session['q']['age_range'] = age_range session['q']['gender'] = gender if not self.model.valid_email_re.match(email): flash('Invalid email address') self.log.info('Login.end user_error [%s]: Invalid Email: %s', subscriber_id, email) return redirect(url_for('login_form') + '?q=1') if age_range == 'null': flash('Please select age range') self.log.info('Login.end user_error [%s]: No age range selection', subscriber_id) return redirect(url_for('login_form') + '?q=1') if gender == 'null': flash('Please select gender') self.log.info('Login.end user_error [%s]: No gender selection', subscriber_id) return redirect(url_for('login_form') + '?q=1') print 'STORE:', self.model.subscribers_7107.insert({'_id':username, 'email':email, 'age_range':age_range, 'gender':gender, 'timestamp':datetime.datetime.now()}) self.log.info('Login.info [%s] Email[%s] AgeRange[%s] Gender[%s]', username, email, age_range, gender) else: self.log.info('First login attempt by %s, redirecting to form', username) session['q'] = {'msisdn': username} return redirect(url_for('login_form') + '?q=1') #!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Portal Session is now Valid #!!!!!!!!!!!!!!!!!!!!!!!!!!!!! session['Subscriber-Id'] = subscriber_id #!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Portal Session is now Valid #!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Send account-logon CoA to ISG self.log.info('Sending logon %s:%s to WAG..', subscriber_id, password) logon = request.gateway_session.logon(subscriber_id, password, request.gateway_session_id) if not logon[0]: self.log.error('Login.end system_error [%s]: WAG session login returned CoA-NaK', subscriber_id) session.destroy() if logon[1]: flash(logon[1], 'error') else: flash('coanak', 'error') return redirect(url_for('login_form')) session['Gateway-Session'] = True self.model.save_login_time(session['Subscriber-Id']) self.log.info('Login.end ok [%s]', subscriber_id) self.model.sessions_7107.insert({'msisdn':username, 'user_agent':request.user_agent, 'ip_address':request.environ['REMOTE_ADDR']}) request.response.data = render_template_string(request.templates['welcome'], templates=request.template_objects) return request.response
def raven_response(): if session.ok: session.destroy() try: r = raven.Response(request.args["WLS-Response"]) except ValueError as e: logger.warning("Invalid raven response: %s", e) abort(400) if r.url != url_for(".raven_response", _external=True): logger.warning("Invalid raven response: bad url") abort(400) issue_delta = (datetime.utcnow() - r.issue).total_seconds() if not -5 < issue_delta < 15: logger.warning("Invalid raven response: bad issue") return redirect(url_for(".raven_error", reason="error")) if not r.success: if r.status == ucam_webauth.STATUS_CANCELLED: return redirect(url_for(".raven_error", reason="cancelled")) else: return redirect(url_for(".raven_error", reason="error")) if "current" not in r.ptags: return redirect(url_for(".raven_error", reason="alumni")) user = users.get_raven_user(r.principal) if user is None: # end the transaction: it's safe to do so, and the lookup # operation is slow postgres.commit() try: lookup_data = lookup.get_crsid(r.principal) except lookup.LookupFailed: # lookup logs its own errors lookup_data = {} # This could happen, I guess... if lookup_data.get("person_type") == "alumnus": logger.warning("%s has current ptag but lookup yielded " "person_type=alumnus", r.principal) return redirect(url_for(".raven_error", reason="alumni")) # ensure that the .rollback() in except: doesn't destroy anything # (if we couldn't end the transaction above we could use savepoints) assert postgres.connection.get_transaction_status() == \ psycopg2.extensions.TRANSACTION_STATUS_IDLE try: user = users.new_raven_user(r.principal, r.ptags, lookup_data) except users.CRSIDAlreadyExists: logger.warning("Raced with another request to create Raven user " "for crsid %s", r.principal) postgres.connection.rollback() user = users.get_raven_user(r.principal) assert user is not None # for a disabled password user, we reject it during authentication # (in users.password_login). For Raven, we'll have to do it here. if not user["enable_login"]: return redirect(url_for(".raven_error", reason="disabled")) logger.info("logging in user %s (via Raven %s)", user["user_id"], r.principal) session.create(user) return redirect(login_next())
def logout(): session.destroy()
def expire_session(app, user): logger.debug("Cleanup sessions") session.destroy() KVSessionExtension(app=app).cleanup_sessions(app)
def destroy(): session.destroy() return "session destroyed"
def lost_password_submit(self): formtype = 'lost_password' phase = int(request.form['phase']) if 'phase' in request.form else 1 self.log.info('Lost password submit phase %s', phase) print session if len(session) == 0: self.log.debug('Session is empty. Ejecting.') return redirect(url_for('login_form')) # Phase 1: Email Address Entry if phase == 1: if 'confirmation_activation_ok' in session: del(session['confirmation_activation_ok']) # Valid Email check email_address = str(request.form['user_id']) if 'user_id' in request.form else '' if email_address == '': self.log.info('Invalid User Id (email) %s', email_address) session.destroy() flash(self.model.spiel('invalid_email_address'), 'error') return redirect(url_for('lost_password_form')) if not self.model.check_email_address(email_address): self.log.info('Invalid User Id (email) %s', email_address) session.destroy() flash(self.model.spiel('invalid_email_address'), 'error') return redirect(url_for('lost_password_form')) getuser = request.sdb.getUser(email_address.replace('@', ':'), self.config['postpaid_domain']) if getuser == False: self.log.error('SDB.getUser returned False') flash(self.model.spiel('system_timeout', code='7b520'), 'error') return redirect(url_for('login_form')) # User does not exist if 'error' in getuser['target']: self.log.info('Lost Password: account %s does not exist.', email_address) session.destroy() flash(self.model.spiel('invalid_account'), 'error') return redirect(url_for('lost_password_form')) # User Exists else: session['confirmation_email_address'] = email_address if request.entrypoint_redirected: return redirect(network_path_url_for('%s_form' % (formtype)) + '?phase=2') else: return redirect(url_for('lost_password_form') + '?phase=2') # Phase 2: Security Answer Entry elif phase == 2 and 'security_qa' in session: submitted_security_answer = request.form['security_answer'] if 'security_answer' in request.form else '' self.log.debug('Compare [%s]=[%s]', submitted_security_answer, session['security_qa']['answer']) if submitted_security_answer.lower() == session['security_qa']['answer'].lower(): self.log.debug('Answer to the security question correct.') session['confirmation_answer_ok'] = True return redirect(url_for('lost_password_form') + '?phase=3') else: self.log.debug('Answer to the security question incorrect.') flash(self.model.spiel('incorrect_security_answer'), 'error') return redirect(url_for('lost_password_form') + '?phase=2') # Phase 3: Password entry elif phase == 3 and 'confirmation_answer_ok' in session: if 'password1' not in request.form or 'password2' not in request.form: self.log.debug('Password1 and Password2 is not present on the submitted data.') return redirect(url_for('lost_password_form') + '?phase=3') if request.form['password1'] != request.form['password2']: self.log.debug('Password confirmation does not match.') flash(self.model.spiel('password_match_error'), 'error') return redirect(url_for('lost_password_form') + '?phase=3') submitted_password = request.form['password1'] # No password validation yet #if not self.model.validate_password(submitted_password): # self.log.debug('Invalid Password') # flash(self.model.spiel('invalid_password'), 'error') # return redirect(url_for('lost_password_form') + '?phase=3') if 'captcha' in request.form and 'pw_captcha' in session: self.log.info('CAPTCHA entered: %s expected: %s', request.form['captcha'], session['pw_captcha']._generate_words()) if session['pw_captcha'].verify(request.form['captcha']): self.log.info('CAPTCH MATCH') del(session['pw_captcha']) else: self.log.debug('Password confirmation does not match.') flash(self.model.spiel('incorrect_captcha'), 'error') return redirect(url_for('lost_password_form') + '?phase=3') # Hash the password submitted_password = utils.password_hash(submitted_password) # Send updateUser API call to BWS SDB change_password = request.sdb.changePassword(session['confirmation_email_address'].replace('@', ':'), submitted_password) try: if 'target' in change_password and 'error' in change_password['target']: self.log.info('UpdateUser Error: %s %s', change_password['target']['error']['code'], change_password['target']['error']['message']) change_password = False except Exception, err: if change_password == False: self.log.info('UpdateUser connection timed out.') else: self.log.info('UpdateUser Exception: %s', err) change_password = False if change_password == False: flash(self.model.spiel('system_timeout', code='fa35e'), 'error') return redirect(url_for('lost_password_form') + '?phase=3') # Send an email API to PLDT # are we going to show a spiel if this fails? send_email = request.kenan.ResetPassword(session['confirmation_email_address']) if send_email == False: pass else: send_email = int(send_email) if send_email <= -1: #error pass elif send_email >= 1: #error pass #ok print send_email, type(send_email) session.wipe(exception_keys=['_flashes']) flash('successful change password spiel', 'info') return redirect('/')
def logout(): session.destroy() return redirect('/')
def destroy(): session.destroy() return 'session destroyed'
def confirmation_submit(self, formtype): phase = int(request.form['phase']) if 'phase' in request.form else 1 self.log.info('Confirmation submit phase %s type %s', phase, formtype) print session if len(session) == 0: self.log.debug('Session is empty. Ejecting.') return redirect(url_for('login_form')) # Phase 1: Mobile Number Entry if phase == 1: if 'confirmation_activation_ok' in session: del(session['confirmation_activation_ok']) # if 'confirmation_activation_code' in session: # del(session['confirmation_activation_code']) # if 'confirmation_mobile_number' in session: # del(session['confirmation_mobile_number']) # Valid MSISDN Check domain = self.config['domain'] msisdn_valid, mobile_number, msisdn_error_message = self.model.check_msisdn(request.form['mobile_number']) if not msisdn_valid: self.log.info('Invalid MSISDN %s: %s', request.form['mobile_number'], msisdn_error_message) session.destroy() flash(msisdn_error_message) return redirect(url_for('%s_form' % (formtype))) getuser = request.sdb.getUser(mobile_number, domain) if getuser == False: self.log.error('SDB.getUser returned False') flash(self.model.spiel('system_timeout', code='7b520'), 'error') return redirect(url_for('login_form')) previous_confirmation = self.model.get_confirmation(mobile_number, formtype) if previous_confirmation: session['confirmation_mobile_number'] = mobile_number if request.entrypoint_redirected: return redirect(network_path_url_for('%s_form' % (formtype)) + '?phase=2') else: return redirect(url_for('%s_form' % (formtype)) + '?phase=2') # User does not exist if 'error' in getuser['target']: if formtype == 'register': if getuser['target']['error']['code'] == 'USR-00001': # send confirmation pass else: self.log.error('Get user_error Code %s' % (getuser['target']['error']['code'])) return redirect(url_for('login_form')) elif formtype == 'lost_password': self.log.info('Lost Password: account %s does not exist.', mobile_number) session.destroy() flash(self.model.spiel('invalid_account'), 'error') return redirect(url_for('%s_form' % (formtype))) # User Exists else: if formtype == 'register': try: aaa_user_status = getuser['target']['result']['user']['status']['value'] except Exception as ex: self.log.error('Register error: %s@%s Getuser parsing: %s', username, domain, getuser) flash(self.model.spiel('system_timeout', code='472b0'), 'error') return redirect(url_for('%s_form' % (formtype))) if aaa_user_status == 'active': session.destroy() self.log.info('Register: account %s already exists.', mobile_number) flash(self.model.spiel('account_exists'), 'error') return redirect(url_for('login_form')) else: # send confirmation pass elif formtype == 'lost_password': # CHECK sps_requests for existing entry if self.model.sps_requests.find_one({'msisdn': mobile_number, 'sms_sent': False, 'type': 'CHPWD'}, sort=([('request_datetime', pymongo.DESCENDING)])) != None: session.destroy() flash(self.model.spiel('change_password_pending_request')) return redirect(url_for('%s_form' % (formtype))) session['confirmation_mobile_number'] = mobile_number if not self.send_activation_code(mobile_number, formtype): self.log.error('smsc.send returned False') flash(self.model.spiel('system_timeout', code='9e6a5'), 'error') return redirect(url_for('login_form')) if request.entrypoint_redirected: return redirect(network_path_url_for('%s_form' % (formtype)) + '?phase=2') else: return redirect(url_for('%s_form' % (formtype)) + '?phase=2') # !!! # send confirmation # CHECK sps_requests for existing entry if self.model.sps_requests.find_one({'msisdn': mobile_number, 'sms_sent': False, 'type': 'NWCON'}, sort=([('request_datetime', pymongo.DESCENDING)])) != None: self.log.info('registration pending for %s', mobile_number) session.destroy() flash(self.model.spiel('registration_pending_request')) return redirect(url_for('%s_form' % (formtype))) session['confirmation_mobile_number'] = mobile_number if not self.send_activation_code(mobile_number, formtype): self.log.error('smsc.send returned False') flash(self.model.spiel('system_timeout', code='9e6a5'), 'error') return redirect(url_for('login_form')) if request.entrypoint_redirected: return redirect(network_path_url_for('%s_form' % (formtype)) + '?phase=2') else: return redirect(url_for('%s_form' % (formtype)) + '?phase=2') # Phase 2: Activation Code Entry elif phase == 2 and 'confirmation_mobile_number' in session: submitted_activation_code = request.form['activation_code'] if 'activation_code' in request.form else '' current_confirmation = self.model.get_confirmation(session['confirmation_mobile_number'], formtype) if not current_confirmation: return redirect(url_for('%s_form' % (formtype)) + '?phase=1') current_activation_code = current_confirmation['code'] self.log.debug('Compare [%s]=[%s]', submitted_activation_code, current_activation_code) if submitted_activation_code == current_activation_code: self.log.debug('Confirmation code ok.') session['confirmation_activation_ok'] = True session['confirmation_id'] = current_confirmation['_id'] return redirect(url_for('%s_form' % (formtype)) + '?phase=3') else: self.log.debug('Confirmation code incorrect.') flash(self.model.spiel('incorrect_activation_code'), 'error') return redirect(url_for('%s_form' % (formtype)) + '?phase=2') # Phase 3: Password entry elif phase == 3 and 'confirmation_activation_ok' in session: if 'password1' not in request.form or 'password2' not in request.form: self.log.debug('Password1 and Password2 is not present on the submitted data.') return redirect(url_for('%s_form' % (formtype)) + '?phase=3') if request.form['password1'] != request.form['password2']: self.log.debug('Password confirmation does not match.') flash(self.model.spiel('password_match_error'), 'error') return redirect(url_for('%s_form' % (formtype)) + '?phase=3') submitted_password = request.form['password1'] if not self.model.validate_password(submitted_password): self.log.debug('Invalid Password') flash(self.model.spiel('invalid_password'), 'error') return redirect(url_for('%s_form' % (formtype)) + '?phase=3') # Hash the password submitted_password = utils.password_hash(submitted_password) ## Check if the user exists mobile_number = session['confirmation_mobile_number'] domain = self.config['domain'] getuser = request.sdb.getUser(mobile_number, domain) if getuser == False: self.log.error('SDB.getUser returned False') flash(self.model.spiel('system_timeout', code='91032'), 'error') return redirect(url_for('login_form')) # User doesnt exist if 'error' in getuser['target']: if getuser['target']['error']['code'] == 'USR-00001': if formtype == 'register': pass # Go SPS elif formtype == 'lost_password': self.log.error('Lost Password: SDB Account does not exist.') flash(self.model.spiel('invalid_account'), 'error') return redirect(url_for('login_form')) else: self.log.error('SDB Error: %s', getuser['target']['error']['code']) return redirect(url_for('login_form')) # User exists else: if formtype == 'register': try: aaa_user_status = getuser['target']['result']['user']['status']['value'] except Exception as ex: self.log.error('Register error: %s@%s Getuser parsing: %s', username, domain, getuser) flash(self.model.spiel('system_timeout', code='472b0'), 'error') return redirect(url_for('%s_form' % (formtype))) if aaa_user_status == 'active': self.log.error('Register: SDB Account exists.') flash(self.model.spiel('account_exists'), 'error') return redirect(url_for('login_form')) #else Go SPS! elif formtype == 'lost_password': subscriber_id = '%s@%s' % (mobile_number, domain) self.log.info('Lost Password: sending to SPS %s:%s now.', subscriber_id, submitted_password) if request.sps.changePassword(mobile_number, submitted_password, self.model, subtype='LOST'): message = self.model.spiel('change_password_sps_request_sent') self.model.tag_confirmation(session['confirmation_id']) else: self.log.error('SPS.changePassword returned False') message = self.model.spiel('system_timeout', code='12c6f') flash(message) return redirect(url_for('login_form')) # !!! # Registration SPS subscriber_id = '%s@%s' % (mobile_number, domain) self.log.info('Register: sending to SPS %s:%s now.', subscriber_id, submitted_password) if request.sps.createAccount(mobile_number, submitted_password, self.model): message = self.model.spiel('registration_sps_request_sent') self.model.tag_confirmation(session['confirmation_id']) else: self.log.error('SPS.createAccount returned False') message = self.model.spiel('system_timeout', code='d435a') flash(message) return redirect(url_for('login_form')) else: return redirect(url_for('%s_form' % (formtype)) + '?phase=1')