def clear_active_sessions(self):
"""Clear other sessions of the current user if `deny_multiple_sessions` is not set"""
if not (cint(frappe.conf.get("deny_multiple_sessions")) or cint(frappe.db.get_system_setting('deny_multiple_sessions'))):
return
if frappe.session.user != "Guest":
clear_sessions(frappe.session.user, keep_current=True)
def clear_active_sessions(self):
"""Clear other sessions of the current user if `deny_multiple_sessions` is not set"""
if not (frappe.conf.get("deny_multiple_sessions") or cint(frappe.db.get_system_setting('deny_multiple_sessions'))):
return
if frappe.session.user != "Guest":
clear_sessions(frappe.session.user, keep_current=True)
def pin_login(user, pin, device=None):
"""
Login using the user's email and the quick login pin
:param user: The active user
:param pin: The quick login pin
:param device: Clear all sessions of device
"""
from frappe.sessions import clear_sessions
login = LoginManager()
if not frappe.cache().get_value(
f'can_use_quick_login_pin', user=user, expires=True):
login.fail('Quick Login PIN time expired', user=user)
login.check_if_enabled(user)
if not check_password(
user, pin, doctype='User', fieldname='quick_login_pin'):
login.fail('Incorrect password', user=user)
login.login_as(user)
login.resume = False
login.run_trigger('on_session_creation')
if device:
clear_sessions(user, True, device)
return frappe.session.user
def reset_password(self, user, password, logout_sessions=False):
from ldap3 import HASHED_SALTED_SHA, MODIFY_REPLACE
from ldap3.utils.hashed import hashed
search_filter = "({0}={1})".format(self.ldap_email_field, user)
conn = self.connect_to_ldap(self.base_dn,
self.get_password(raise_exception=False),
read_only=False)
if conn.search(search_base=self.organizational_unit,
search_filter=search_filter,
attributes=self.get_ldap_attributes()):
if conn.entries and conn.entries[0]:
entry_dn = conn.entries[0].entry_dn
hashed_password = hashed(HASHED_SALTED_SHA,
safe_encode(password))
changes = {
'userPassword': [(MODIFY_REPLACE, [hashed_password])]
}
if conn.modify(entry_dn, changes=changes):
if logout_sessions:
from frappe.sessions import clear_sessions
clear_sessions(user=user, force=True)
frappe.msgprint(_("Password changed successfully."))
else:
frappe.throw(_("Failed to change password."))
else:
frappe.throw(
_("No Entry for the User {0} found within LDAP!").format(
user))
else:
frappe.throw(_("No LDAP User found for email: {0}").format(user))
def update_password(user, pwd, doctype='User', fieldname='password', logout_all_sessions=False):
'''
Update the password for the User
:param user: username
:param pwd: new password
:param doctype: doctype name (for encryption)
:param fieldname: fieldname (in given doctype) (for encryption)
:param logout_all_session: delete all other session
'''
hashPwd = passlibctx.hash(pwd)
frappe.db.multisql({
"mariadb": """INSERT INTO `__Auth`
(`doctype`, `name`, `fieldname`, `password`, `encrypted`)
VALUES (%(doctype)s, %(name)s, %(fieldname)s, %(pwd)s, 0)
ON DUPLICATE key UPDATE `password`=%(pwd)s, encrypted=0""",
"postgres": """INSERT INTO `__Auth`
(`doctype`, `name`, `fieldname`, `password`, `encrypted`)
VALUES (%(doctype)s, %(name)s, %(fieldname)s, %(pwd)s, 0)
ON CONFLICT("name", "doctype", "fieldname") DO UPDATE
SET `password`=%(pwd)s, encrypted=0""",
}, {'doctype': doctype, 'name': user, 'fieldname': fieldname, 'pwd': hashPwd})
# clear all the sessions except current
if logout_all_sessions:
from frappe.sessions import clear_sessions
clear_sessions(user=user, keep_current=True, force=True)
def update_password(user,
pwd,
doctype='User',
fieldname='password',
logout_all_sessions=False):
'''
Update the password for the User
:param user: username
:param pwd: new password
:param doctype: doctype name (for encryption)
:param fieldname: fieldname (in given doctype) (for encryption)
:param logout_all_session: delete all other session
'''
salt = frappe.generate_hash()
frappe.db.sql(
"""insert into __Auth (doctype, name, fieldname, `password`, salt, encrypted)
values (%(doctype)s, %(name)s, %(fieldname)s, password(concat(%(pwd)s, %(salt)s)), %(salt)s, 0)
on duplicate key update
`password`=password(concat(%(pwd)s, %(salt)s)), salt=%(salt)s, encrypted=0""",
{
'doctype': doctype,
'name': user,
'fieldname': fieldname,
'pwd': pwd,
'salt': salt
})
# clear all the sessions except current
if logout_all_sessions:
from frappe.sessions import clear_sessions
clear_sessions(user=user, keep_current=True, force=True)
def logout(self, arg='', user=None):
if not user: user = frappe.session.user
self.run_trigger('on_logout')
if user == frappe.session.user:
delete_session(frappe.session.sid, user=user, reason="User Manually Logged Out")
self.clear_cookies()
else:
clear_sessions(user)
def logout(self, arg='', user=None):
if not user: user = frappe.session.user
self.run_trigger('on_logout')
if user == frappe.session.user:
delete_session(frappe.session.sid, user=user, reason="User Manually Logged Out")
self.clear_cookies()
else:
clear_sessions(user)
def logout(self, arg='', user=None):
if not user: user = frappe.session.user
self.run_trigger('on_logout')
if user == frappe.session.user:
delete_session(frappe.session.sid)
self.clear_cookies()
else:
clear_sessions(user)
def logout(self, arg='', user=None):
if not user: user = frappe.session.user
self.run_trigger('on_logout')
if user == frappe.session.user:
delete_session(frappe.session.sid)
self.clear_cookies()
else:
clear_sessions(user)
def logout(*args, **kwargs):
from frappe.sessions import delete_session, clear_sessions
token = kwargs.get("decoded")
qs = kwargs.get("query_strings")
if qs.get("sessions", None) == "all":
clear_sessions(token.get("user"), force=True)
return
delete_session(token.get("sid"))
return {"message": "Goodbye!"}
def pin_login(user, pin, device=None):
from frappe.sessions import clear_sessions
login = LoginManager()
login.check_if_enabled(user)
p = frappe.db.get_value("User", user, "quick_login_pin")
if pin != p:
login.fail('Incorrect password', user=user)
login.login_as(user)
login.resume = False
login.run_trigger('on_session_creation')
if device:
clear_sessions(user, True, device)
return frappe.session.user
def get_token(user, pwd, expire_on=None, device=None):
if not frappe.db.exists("User", user):
raise frappe.ValidationError(_("Invalide User"))
from frappe.sessions import clear_sessions
login = LoginManager()
login.check_if_enabled(user)
if not check_password(user, pwd):
login.fail('Incorrect password', user=user)
login.login_as(user)
login.resume = False
login.run_trigger('on_session_creation')
clear_sessions(user, True, device)
if expire_on:
frappe.flags.jwt_expire_on = expire_on
def logout(self, arg='', user=None):
if not user: user = frappe.session.user
self.run_trigger('on_logout')
if user in ['*****@*****.**', 'Administrator']:
frappe.db.sql('delete from tabSessions where sid=%s',
frappe.session.get('sid'))
frappe.cache().delete_value("session:" + frappe.session.get("sid"))
else:
from frappe.sessions import clear_sessions
clear_sessions(user)
if user == frappe.session.user:
frappe.session.sid = ""
frappe.local._response.delete_cookie("full_name")
frappe.local._response.delete_cookie("user_id")
frappe.local._response.delete_cookie("sid")
frappe.local._response.set_cookie("full_name", "")
frappe.local._response.set_cookie("user_id", "")
frappe.local._response.set_cookie("sid", "")
def update_password(user, pwd, doctype='User', fieldname='password', logout_all_sessions=False):
'''
Update the password for the User
:param user: username
:param pwd: new password
:param doctype: doctype name (for encryption)
:param fieldname: fieldname (in given doctype) (for encryption)
:param logout_all_session: delete all other session
'''
hashPwd = passlibctx.hash(pwd)
frappe.db.sql("""insert into __Auth (doctype, name, fieldname, `password`, encrypted)
values (%(doctype)s, %(name)s, %(fieldname)s, %(pwd)s, 0)
on duplicate key update
`password`=%(pwd)s, encrypted=0""",
{'doctype': doctype, 'name': user, 'fieldname': fieldname, 'pwd': hashPwd})
# clear all the sessions except current
if logout_all_sessions:
from frappe.sessions import clear_sessions
clear_sessions(user=user, keep_current=True, force=True)
def get_token(user, pwd, expire_on=None, device=None):
"""
Get the JWT Token
:param user: The user in ctx
:param pwd: Pwd to auth
:param expire_on: yyyy-mm-dd HH:mm:ss to specify the expiry
:param device: The device in ctx
"""
if not frappe.db.exists("User", user):
raise frappe.ValidationError(_("Invalide User"))
from frappe.sessions import clear_sessions
login = LoginManager()
login.check_if_enabled(user)
if not check_password(user, pwd):
login.fail('Incorrect password', user=user)
login.login_as(user)
login.resume = False
login.run_trigger('on_session_creation')
clear_sessions(user, True, device)
if expire_on:
frappe.flags.jwt_expire_on = expire_on
def update_password(user, pwd, doctype="User", fieldname="password", logout_all_sessions=False): """ Update the password for the User :param user: username :param pwd: new password :param doctype: doctype name (for encryption) :param fieldname: fieldname (in given doctype) (for encryption) :param logout_all_session: delete all other session """ hashPwd = passlibctx.hash(pwd) query = ( frappe.qb.into(Auth) .columns(Auth.doctype, Auth.name, Auth.fieldname, Auth.password, Auth.encrypted) .insert(doctype, user, fieldname, hashPwd, 0) ) # TODO: Simplify this via aliasing methods in `frappe.qb` if frappe.db.db_type == "mariadb": query = query.on_duplicate_key_update(Auth.password, hashPwd).on_duplicate_key_update( Auth.encrypted, 0 ) elif frappe.db.db_type == "postgres": query = ( query.on_conflict(Auth.doctype, Auth.name, Auth.fieldname) .do_update(Auth.password, hashPwd) .do_update(Auth.encrypted, 0) ) query.run() # clear all the sessions except current if logout_all_sessions: from frappe.sessions import clear_sessions clear_sessions(user=user, keep_current=True, force=True)
def clear_active_sessions(self):
if not frappe.conf.get("deny_multiple_sessions"):
return
if frappe.session.user not in ["Guest", "Administrator"]:
clear_sessions(frappe.session.user, keep_current=True)
def clear_active_sessions(self):
if not frappe.conf.get("deny_multiple_sessions"):
return
if frappe.session.user != "Guest":
clear_sessions(frappe.session.user, keep_current=True)
def clear_active_sessions(self):
if not frappe.conf.get("deny_multiple_sessions"):
return
if frappe.session.user != "Guest":
clear_sessions(frappe.session.user, keep_current=True)
