def login(username, password): try: session = web.ctx.session except Exception as e: raise StandardError(e) try: the_user = Users.objects.get(username=username) except Exception as e: raise StandardError("User Not Found") if not auth.is_password_match(password, the_user['hashed_pwd'], the_user['salt']): raise StandardError("Password do not match") try: #Generate a random token that will be compared from session data against user token created_token = auth.create_token(the_user['userid']) #set this token in session session.token = created_token #Set other session values session.userid = the_user['userid'] session.authenticated = True session.priv_lev = the_user['priv_lev'] #Update user tokens #MongoDb/MongoEngine Using Atomic Updates #mongodb.users.update( { 'username': dbUser['username'] }, #{ '$set': { 'tokens':dbUser['tokens'] } } #) #Update Query in MongoEngine #https://github.com/hmarr/mongoengine/blob/master/docs/guide/querying.rst Users.objects(username=the_user['username']).update_one( push__tokens = created_token #set__tokens__S = created_token ) #Remove expired tokens from curent user for token in the_user['tokens']: if auth.is_token_expired(token, token_lifetime): token_exp.append(token) Users.objects(username=the_user['username']).update_one( pull__tokens = token ) #Get Our user object. user_obj = Users.objects.get(username=the_user['username']) ret_obj = {} ret_obj['userid'] = serializers.SerializeObject(user_obj['userid']) ret_obj['name'] = serializers.SerializeObject(user_obj['name']) ret_obj['username'] = serializers.SerializeObject(user_obj['username']) ret_obj['priv_lev'] = serializers.SerializeObject(user_obj['priv_lev']) r_dict = dict(r='ok',data=ret_obj) #returns true return r_dict except Exception as e: raise StandardError(e) #Hacking attempt raise StandardError("Not Allowed")
def updateUser(userObj): try: if userObj['is_default']=="true" and not userObj['priv_lev'] == "2": return "err", "UNABLE_TO_STABLISH_DEFAULT_TO_NON_ADMIN" try: #Get user with Id current_user = Users.objects.get(id=userObj['oid']) except Exception as e: raise StandardError("User Not Found") #Set salt'n hashed password if 'current_password' and 'new_password' in userObj: current_password = userObj['current_password'] new_password = userObj['new_password'] del userObj['current_password'] del userObj['new_password'] try: #Try to remove default from user who has that token, to this always at the end if userObj['is_default']=="true": remove_default_to = Users.objects(isdefault='true').update( set__isdefault = "false" ) except: pass #Trying to update password? if len(current_password)>0 or len(new_password)>0: #Verify if current password provided matches with the one in mongo #To updt pwd manually just remove the following 2 lines if not auth.is_password_match(current_password, current_user['hashed_pwd'], current_user['salt']): return "err", "CURRENT_PASSWORD_NOT_VALID" if not len(new_password)>5: return "err", "MUST_PROVIDE_NEW_PASSWORD" if current_password == new_password: return "err", "PASSWORDS_MUST_NOT_BE_THE_SAME" #Generate salt and hashed password for new password userObj['salt'] = crypt_ops.get_a_bunch_of_salt() userObj['hashed_pwd'] = auth.get_hashed_password(new_password, userObj['salt']) #Update Query With Password update_results = Users.objects(id=userObj['oid']).update( set__name = userObj['name'], set__username = userObj['username'], set__email = userObj['email'], set__salt = userObj['salt'], set__hashed_pwd = userObj['hashed_pwd'], set__priv_lev = int(userObj['priv_lev']), set__isdefault = userObj['is_default'] ) else: #Update Query without password update_results = Users.objects(id=userObj['oid']).update( set__name = userObj['name'], set__username = userObj['username'], set__email = userObj['email'], set__priv_lev = int(userObj['priv_lev']), set__isdefault = userObj['is_default'] ) if not update_results==1: #Oops! something went wrong raise StandardError("Unable to update user data") #Return user object r_obj = exclude_fields(userObj) return "ok", r_obj except Exception as e: raise StandardError(e)