Example #1
0
def login(username, password):
    try:
        session = web.ctx.session
    except Exception as e:
        raise StandardError(e)
    try:
        the_user = Users.objects.get(username=username)
    except Exception as e:
        raise StandardError("User Not Found")
    if not auth.is_password_match(password, the_user['hashed_pwd'], the_user['salt']):
        raise StandardError("Password do not match")
    try:
        #Generate a random token that will be compared from session data against user token
        created_token = auth.create_token(the_user['userid'])
        #set this token in session
        session.token = created_token
        #Set other session values
        session.userid = the_user['userid']
        session.authenticated = True
        session.priv_lev = the_user['priv_lev']

        #Update user tokens
        #MongoDb/MongoEngine Using Atomic Updates
        #mongodb.users.update( { 'username': dbUser['username'] },
        #{ '$set': { 'tokens':dbUser['tokens'] } }
        #)
        #Update Query in MongoEngine
        #https://github.com/hmarr/mongoengine/blob/master/docs/guide/querying.rst
        Users.objects(username=the_user['username']).update_one(
            push__tokens = created_token
            #set__tokens__S = created_token
        )

        #Remove expired tokens from curent user
        for token in the_user['tokens']:
            if auth.is_token_expired(token, token_lifetime):
                token_exp.append(token)
                Users.objects(username=the_user['username']).update_one(
                    pull__tokens = token
                )

        #Get Our user object.
        user_obj = Users.objects.get(username=the_user['username'])
        ret_obj = {}

        ret_obj['userid'] = serializers.SerializeObject(user_obj['userid'])
        ret_obj['name'] = serializers.SerializeObject(user_obj['name'])
        ret_obj['username'] = serializers.SerializeObject(user_obj['username'])
        ret_obj['priv_lev'] = serializers.SerializeObject(user_obj['priv_lev'])

        r_dict = dict(r='ok',data=ret_obj)
        #returns true
        return r_dict

    except Exception as e:
        raise StandardError(e)

    #Hacking attempt
    raise StandardError("Not Allowed")
Example #2
0
def updateUser(userObj):
    try:

        if userObj['is_default']=="true" and not userObj['priv_lev'] == "2":
            return "err", "UNABLE_TO_STABLISH_DEFAULT_TO_NON_ADMIN"
        try:
            #Get user with Id
            current_user = Users.objects.get(id=userObj['oid'])
        except Exception as e:
            raise StandardError("User Not Found")

        #Set salt'n hashed password
        if 'current_password' and 'new_password' in userObj:
            current_password    = userObj['current_password']
            new_password        = userObj['new_password']
            del userObj['current_password']
            del userObj['new_password']

        try:
            #Try to remove default from user who has that token, to this always at the end
            if userObj['is_default']=="true":
                remove_default_to = Users.objects(isdefault='true').update(
                    set__isdefault = "false"
                )
        except: pass

        #Trying to update password?
        if len(current_password)>0 or len(new_password)>0:
            #Verify if current password provided matches with the one in mongo
            #To updt pwd manually just remove the following 2 lines
            if not auth.is_password_match(current_password, current_user['hashed_pwd'], current_user['salt']):
                return "err", "CURRENT_PASSWORD_NOT_VALID"
            if not len(new_password)>5:
                return "err", "MUST_PROVIDE_NEW_PASSWORD"
            if current_password == new_password:
                return "err", "PASSWORDS_MUST_NOT_BE_THE_SAME"
            #Generate salt and hashed password for new password
            userObj['salt'] = crypt_ops.get_a_bunch_of_salt()
            userObj['hashed_pwd'] = auth.get_hashed_password(new_password, userObj['salt'])
            #Update Query With Password
            update_results = Users.objects(id=userObj['oid']).update(
                set__name           = userObj['name'],
                set__username       = userObj['username'],
                set__email          = userObj['email'],
                set__salt           = userObj['salt'],
                set__hashed_pwd     = userObj['hashed_pwd'],
                set__priv_lev       = int(userObj['priv_lev']),
                set__isdefault     = userObj['is_default']
            )
        else:
            #Update Query without password
            update_results = Users.objects(id=userObj['oid']).update(
                set__name           = userObj['name'],
                set__username       = userObj['username'],
                set__email          = userObj['email'],
                set__priv_lev       = int(userObj['priv_lev']),
                set__isdefault     = userObj['is_default']
            )

        if not update_results==1:
            #Oops! something went wrong
            raise StandardError("Unable to update user data")

        #Return user object
        r_obj = exclude_fields(userObj)
        return "ok", r_obj

    except Exception as e:
        raise StandardError(e)