def reset_password(): """ Reset password method. Returns a Jinja2 template. """ key = request.args.get('key') if key is None: abort(403) userdict = {} try: timeout = current_app.config.get('ACCOUNT_LINK_EXPIRATION', 3600) userdict = signer.loads(key, max_age=timeout, salt='password-reset') except BadData: abort(403) username = userdict.get('user') if not username or not userdict.get('password'): abort(403) user = user_repo.get_by_name(username) if user.passwd_hash != userdict.get('password'): abort(403) form = ChangePasswordForm(request.body) if form.validate_on_submit(): user.set_password(form.new_password.data) user_repo.update(user) flash(gettext('You reset your password successfully!'), 'success') return _sign_in_user(user) if request.method == 'POST' and not form.validate(): flash(gettext('Please correct the errors'), 'error') response = dict(template='/account/password_reset.html', form=form) return handle_content_type(response)
def reset_password(): """ Reset password method. Returns a Jinja2 template. """ key = request.args.get('key') if key is None: abort(403) userdict = {} try: userdict = signer.loads(key, max_age=3600, salt='password-reset') except BadData: abort(403) username = userdict.get('user') if not username or not userdict.get('password'): abort(403) user = model.user.User.query.filter_by(name=username).first_or_404() if user.passwd_hash != userdict.get('password'): abort(403) form = ChangePasswordForm(request.form) if form.validate_on_submit(): user.set_password(form.new_password.data) db.session.add(user) db.session.commit() login_user(user) flash(gettext('You reset your password successfully!'), 'success') return redirect(url_for('.signin')) if request.method == 'POST' and not form.validate(): flash(gettext('Please correct the errors'), 'error') return render_template('/account/password_reset.html', form=form)
def confirm_account(): key = request.args.get('key') if key is None: abort(403) try: userdict = signer.loads(key, max_age=3600, salt='account-validation') except BadData: abort(403) # First check if the user exists users = user_repo.filter_by(name=userdict['name']) if len(users) == 1 and users[0].name == userdict['name']: u = users[0] u.valid_email = True u.confirmation_email_sent = False u.email_addr = userdict['email_addr'] user_repo.update(u) flash(gettext('Your email has been validated.')) if newsletter.app: return redirect(url_for('account.newsletter_subscribe')) else: return redirect(url_for('home.home')) account = model.user.User(fullname=userdict['fullname'], name=userdict['name'], email_addr=userdict['email_addr'], valid_email=True) account.set_password(userdict['password']) user_repo.save(account) login_user(account, remember=True) flash(gettext('Thanks for signing-up'), 'success') if newsletter.app: return redirect(url_for('account.newsletter_subscribe')) else: return redirect(url_for('home.home'))
def reset_password(): key = request.args.get('key') if key is None: abort(403) userdict = {} try: userdict = signer.loads(key, max_age=3600, salt='password-reset') except BadData: abort(403) username = userdict.get('user') if not username or not userdict.get('password'): abort(403) user = model.User.query.filter_by(name=username).first_or_404() if user.passwd_hash != userdict.get('password'): abort(403) form = ChangePasswordForm(request.form) if form.validate_on_submit(): user.set_password(form.new_password.data) db.session.add(user) db.session.commit() login_user(user) flash(gettext('You reset your password successfully!'), 'success') return redirect(url_for('.profile')) if request.method == 'POST' and not form.validate(): flash(gettext('Please correct the errors'), 'error') return render_template('/account/password_reset.html', form=form)
def reset_password(): """ Reset password method. Returns a Jinja2 template. """ key = request.args.get('key') if key is None: abort(403) userdict = {} try: userdict = signer.loads(key, max_age=3600, salt='password-reset') except BadData: abort(403) username = userdict.get('user') if not username or not userdict.get('password'): abort(403) user = user_repo.get_by_name(username) if user.passwd_hash != userdict.get('password'): abort(403) form = ChangePasswordForm(request.form) if form.validate_on_submit(): user.set_password(form.new_password.data) user_repo.update(user) login_user(user) flash(gettext('You reset your password successfully!'), 'success') return redirect(url_for('.signin')) if request.method == 'POST' and not form.validate(): flash(gettext('Please correct the errors'), 'error') return render_template('/account/password_reset.html', form=form)
def hdfs_file(project_id, cluster, path): if not current_app.config.get('HDFS_CONFIG'): raise NotFound('Not Found') signature = request.args.get('task-signature') if not signature: raise Forbidden('No signature') project = get_project_data(project_id) timeout = project['info'].get('timeout', ContributionsGuard.STAMP_TTL) payload = signer.loads(signature, max_age=timeout) task_id = payload['task_id'] check_allowed(current_user.id, task_id, project, request.path) client = HDFSKerberos(**current_app.config['HDFS_CONFIG'][cluster]) try: content = client.get('/{}'.format(path)) project_encryption = project['info'].get('ext_config', {}).get('encryption', {}) if project_encryption and all(project_encryption.values()): secret = get_secret_from_vault(project_encryption) cipher = AESWithGCM(secret) content = cipher.decrypt(content) except Exception: current_app.logger.exception('Project id {} get task file {}'.format( project_id, path)) raise InternalServerError('An Error Occurred') return Response(content)
def reset_password(): key = request.args.get("key") if key is None: abort(403) userdict = {} try: userdict = signer.loads(key, max_age=3600, salt="password-reset") except BadData: abort(403) username = userdict.get("user") if not username or not userdict.get("password"): abort(403) user = model.User.query.filter_by(name=username).first_or_404() if user.passwd_hash != userdict.get("password"): abort(403) form = ChangePasswordForm(request.form) if form.validate_on_submit(): user.set_password(form.new_password.data) db.session.add(user) db.session.commit() login_user(user) print "Changed password" flash("You reset your password successfully!", "success") return redirect(url_for(".profile")) if request.method == "POST" and not form.validate(): flash("Please correct the errors", "error") return render_template("/account/password_reset.html", form=form)
def reset_password(): """ Reset password method. Returns a Jinja2 template. """ key = request.args.get('key') if key is None: abort(403) userdict = {} try: timeout = current_app.config.get('ACCOUNT_LINK_EXPIRATION', 3600) userdict = signer.loads(key, max_age=timeout, salt='password-reset') except BadData: abort(403) username = userdict.get('user') if not username or not userdict.get('password'): abort(403) user = user_repo.get_by_name(username) if user.passwd_hash != userdict.get('password'): abort(403) form = ChangePasswordForm(request.form) if form.validate_on_submit(): user.set_password(form.new_password.data) user_repo.update(user) flash(gettext('You reset your password successfully!'), 'success') return _sign_in_user(user) if request.method == 'POST' and not form.validate(): flash(gettext('Please correct the errors'), 'error') return render_template('/account/password_reset.html', form=form)
def encrypted_file(store, bucket, project_id, path): """Proxy encrypted task file in a cloud storage""" current_app.logger.info('Project id {} decrypt file. {}'.format( project_id, path)) signature = request.args.get('task-signature') if not signature: current_app.logger.exception('Project id {} no signature {}'.format( project_id, path)) raise Forbidden('No signature') size_signature = len(signature) if size_signature > TASK_SIGNATURE_MAX_SIZE: current_app.logger.exception( 'Project id {}, path {} invalid task signature. Signature length {} exceeds max allowed length {}.' \ .format(project_id, path, size_signature, TASK_SIGNATURE_MAX_SIZE)) raise Forbidden('Invalid signature') project = get_project_data(project_id) timeout = project['info'].get('timeout', ContributionsGuard.STAMP_TTL) payload = signer.loads(signature, max_age=timeout) task_id = payload['task_id'] check_allowed(current_user.id, task_id, project, lambda v: v == request.path) ## download file if bucket != current_app.config.get('S3_REQUEST_BUCKET'): secret = get_encryption_key(project) else: secret = current_app.config.get('FILE_ENCRYPTION_KEY') try: key_name = '/{}/{}'.format(project_id, path) decrypted, key = get_content_and_key_from_s3(bucket, key_name, 'S3_TASK_REQUEST', decrypt=secret, secret=secret) except S3ResponseError as e: current_app.logger.exception( 'Project id {} get task file {} {}'.format(project_id, path, e)) if e.error_code == 'NoSuchKey': raise NotFound('File Does Not Exist') else: raise InternalServerError('An Error Occurred') response = Response(decrypted, content_type=key.content_type) if key.content_encoding: response.headers.add('Content-Encoding', key.content_encoding) if key.content_disposition: response.headers.add('Content-Disposition', key.content_disposition) return response
def hdfs_file(project_id, cluster, path): if not current_app.config.get('HDFS_CONFIG'): raise NotFound('Not Found') signature = request.args.get('task-signature') if not signature: raise Forbidden('No signature') size_signature = len(signature) if size_signature > TASK_SIGNATURE_MAX_SIZE: current_app.logger.exception( 'Project id {}, cluster {} path {} invalid task signature. Signature length {} exceeds max allowed length {}.' \ .format(project_id, cluster, path, size_signature, TASK_SIGNATURE_MAX_SIZE)) raise Forbidden('Invalid signature') project = get_project_data(project_id) timeout = project['info'].get('timeout', ContributionsGuard.STAMP_TTL) payload = signer.loads(signature, max_age=timeout) task_id = payload['task_id'] try: check_allowed( current_user.id, task_id, project, is_valid_hdfs_url(request.path, request.args.to_dict(flat=False))) except Exception: current_app.logger.exception( 'Project id %s not allowed to get file %s %s', project_id, path, str(request.args)) raise current_app.logger.info( "Project id %s, task id %s. Accessing hdfs cluster %s, path %s", project_id, task_id, cluster, path) client = HDFSKerberos(**current_app.config['HDFS_CONFIG'][cluster]) offset = request.args.get('offset') length = request.args.get('length') try: offset = int(offset) if offset else None length = int(length) if length else None content = client.get('/{}'.format(path), offset=offset, length=length) project_encryption = get_project_encryption(project) if project_encryption and all(project_encryption.values()): secret = get_secret_from_vault(project_encryption) cipher = AESWithGCM(secret) content = cipher.decrypt(content) except Exception: current_app.logger.exception( "Project id %s, task id %s, cluster %s, get task file %s, %s", project_id, task_id, cluster, path, str(request.args)) raise InternalServerError('An Error Occurred') return Response(content)
def encrypted_task_payload(project_id, task_id): """Proxy to decrypt encrypted task payload""" current_app.logger.info( 'Project id {}, task id {}, decrypt task payload.'.format( project_id, task_id)) signature = request.args.get('task-signature') if not signature: current_app.logger.exception( 'Project id {}, task id {} has no signature.'.format( project_id, task_id)) raise Forbidden('No signature') size_signature = len(signature) if size_signature > TASK_SIGNATURE_MAX_SIZE: current_app.logger.exception( 'Project id {}, task id {} invalid task signature. Signature length {} exceeds max allowed length {}.' \ .format(project_id, task_id, size_signature, TASK_SIGNATURE_MAX_SIZE)) raise Forbidden('Invalid signature') project = get_project_data(project_id) if not project: current_app.logger.exception('Invalid project id {}.'.format( project_id, task_id)) raise BadRequest('Invalid Project') timeout = project['info'].get('timeout', ContributionsGuard.STAMP_TTL) payload = signer.loads(signature, max_age=timeout) task_id = payload.get('task_id', 0) validate_task(project, task_id, current_user.id) ## decrypt encrypted task data under private_json__encrypted_payload try: secret = get_encryption_key(project) task = task_repo.get_task(task_id) content = task.info.get('private_json__encrypted_payload') if content: cipher = AESWithGCM(secret) content = cipher.decrypt(content) else: content = '' except Exception as e: current_app.logger.exception( 'Project id {} task {} decrypt encrypted data {}'.format( project_id, task_id, e)) raise InternalServerError('An Error Occurred') response = Response(content, content_type='application/json') return response
def confirm_account(): """Confirm account endpoint.""" key = request.args.get('key') if key is None: abort(403) try: timeout = current_app.config.get('ACCOUNT_LINK_EXPIRATION', 3600) userdict = signer.loads(key, max_age=timeout, salt='account-validation') except BadData: abort(403) # First check if the user exists user = user_repo.get_by_name(userdict['name']) if user is not None: return _update_user_with_valid_email(user, userdict['email_addr']) return _create_account(userdict)
def confirm_account(): key = request.args.get('key') if key is None: abort(403) try: userdict = signer.loads(key, max_age=3600, salt='account-validation') except BadData: abort(403) account = model.user.User(fullname=userdict['fullname'], name=userdict['name'], email_addr=userdict['email_addr']) account.set_password(userdict['password']) user_repo.save(account) login_user(account, remember=True) flash(gettext('Thanks for signing-up'), 'success') return redirect(url_for('home.home'))
def confirm_account(): key = request.args.get('key') if key is None: abort(403) try: userdict = signer.loads(key, max_age=3600, salt='account-validation') except BadData: abort(403) account = model.user.User(fullname=userdict['fullname'], name=userdict['name'], email_addr=userdict['email_addr']) account.set_password(userdict['password']) db.session.add(account) db.session.commit() login_user(account, remember=True) flash(gettext('Thanks for signing-up'), 'success') return redirect(url_for('home.home'))
def encrypted_file(store, bucket, project_id, path): """Proxy encrypted task file in a cloud storage""" current_app.logger.info('Project id {} decrypt file. {}'.format( project_id, path)) conn_args = current_app.config.get('S3_TASK_REQUEST', {}) signature = request.args.get('task-signature') if not signature: current_app.logger.exception('Project id {} no signature {}'.format( project_id, path)) raise Forbidden('No signature') project = get_project_data(project_id) timeout = project['info'].get('timeout', ContributionsGuard.STAMP_TTL) payload = signer.loads(signature, max_age=timeout) task_id = payload['task_id'] check_allowed(current_user.id, task_id, project, request.path) ## download file try: key = '/{}/{}'.format(project_id, path) conn = create_connection(**conn_args) _bucket = conn.get_bucket(bucket, validate=False) _key = _bucket.get_key(key, validate=False) content = _key.get_contents_as_string() except S3ResponseError as e: current_app.logger.exception( 'Project id {} get task file {} {}'.format(project_id, path, e)) if e.error_code == 'NoSuchKey': raise NotFound('File Does Not Exist') else: raise InternalServerError('An Error Occurred') ## decyrpt file secret = current_app.config.get('FILE_ENCRYPTION_KEY') cipher = AESWithGCM(secret) decrypted = cipher.decrypt(content) response = Response(decrypted, content_type=_key.content_type) response.headers.add('Content-Encoding', _key.content_encoding) response.headers.add('Content-Disposition', _key.content_disposition) return response
def join_private_team(): key = request.args.get('key') if key is None: abort(403) userdict = {} try: userdict = signer.loads(key, max_age=3600, salt='join-private-team') except BadData: abort(403) username = userdict.get('user') teamname = userdict.get('team') if not username or not teamname or current_user.name != username: abort (403) ''' Add to Public with invitation team ''' team = cached_teams.get_team(teamname) if not team: flash(gettext('This team doesn\'t exists'), 'error') return redirect(url_for('team.myteams')) ''' Search relationship ''' user2team = db.session.query(User2Team)\ .filter(User2Team.user_id == current_user.id)\ .filter(User2Team.team_id == team.id )\ .first() if user2team: flash(gettext('This user is already in this team'), 'error') return redirect(url_for('team.users', name=team.name )) else: user2team = User2Team(user_id = current_user.id, team_id = team.id ) cached_teams.delete_team_summary() db.session.add(user2team) db.session.commit() flash(gettext('Congratulations! You belong to the Public Invitation Only Team'), 'sucess') return redirect(url_for('team.users', name=team.name ))
def encrypted_file(store, bucket, project_id, path): """Proxy encrypted task file in a cloud storage""" current_app.logger.info('Project id {} decrypt file. {}'.format( project_id, path)) signature = request.args.get('task-signature') if not signature: current_app.logger.exception('Project id {} no signature {}'.format( project_id, path)) raise Forbidden('No signature') project = get_project_data(project_id) timeout = project['info'].get('timeout', ContributionsGuard.STAMP_TTL) payload = signer.loads(signature, max_age=timeout) task_id = payload['task_id'] check_allowed(current_user.id, task_id, project, lambda v: v == request.path) ## download file try: key_name = '/{}/{}'.format(project_id, path) decrypted, key = get_content_and_key_from_s3(bucket, key_name, 'S3_TASK_REQUEST', decrypt=True) except S3ResponseError as e: current_app.logger.exception( 'Project id {} get task file {} {}'.format(project_id, path, e)) if e.error_code == 'NoSuchKey': raise NotFound('File Does Not Exist') else: raise InternalServerError('An Error Occurred') response = Response(decrypted, content_type=key.content_type) response.headers.add('Content-Encoding', key.content_encoding) response.headers.add('Content-Disposition', key.content_disposition) return response
def join_private_team(): key = request.args.get('key') if key is None: abort(403) userdict = {} try: userdict = signer.loads(key, max_age=3600, salt='join-private-team') except BadData: abort(403) username = userdict.get('user') teamname = userdict.get('team') if not username or not teamname or current_user.name != username: abort(403) ''' Add to Public with invitation team ''' team = cached_teams.get_team(teamname) if not team: flash(gettext('This team doesn\'t exists'), 'error') return redirect(url_for('team.myteams')) ''' Search relationship ''' user2team = db.session.query(User2Team)\ .filter(User2Team.user_id == current_user.id)\ .filter(User2Team.team_id == team.id )\ .first() if user2team: flash(gettext('This user is already in this team'), 'error') return redirect(url_for('team.users', name=team.name)) else: user2team = User2Team(user_id=current_user.id, team_id=team.id) cached_teams.delete_team_summary() db.session.add(user2team) db.session.commit() flash( gettext( 'Congratulations! You belong to the Public Invitation Only Team' ), 'sucess') return redirect(url_for('team.users', name=team.name))
def get_passwd(self): if self.needs_password(): return signer.loads(self.get_passwd_hash()) return None