def check_pwd(toyz_settings, user_id, pwd): """ Check to see if a users password matches the one stored in the database. Parameters - toyz_settings ( :py:class:`toyz.utils.core.ToyzSettings` ): Settings for the current application - user_id (*string* ): Id of the user logging in - pwd: (*string* ): password the user has entered Returns - valid_login (*bool* ): True if the user name and password match """ from passlib.context import CryptContext pwd_context = CryptContext(**toyz_settings.security.pwd_context) users = db_utils.get_all_ids(toyz_settings.db, user_type='user_id') if user_id not in users: # Dummy check to prevent a timing attack to guess user names pwd_context.verify('foo', 'bar') return False user_hash = db_utils.get_param(toyz_settings.db, 'pwd', user_id=user_id) return pwd_context.verify(pwd, user_hash)
def load_user_settings(toyz_settings, tid, params): """ Load settings for a given user Parameters - toyz_settings ( :py:class:`toyz.utils.core.ToyzSettings`): Settings for the toyz application - tid (*string* ): Task ID of the client user running the task - params (*dict* ): Any parameters sent by the client (**None** for this function) Response for all users - id: 'user_settings' - shortcuts (*dict* ): Dictionary of ``shortcut_name: shortcut_path`` 's for the user - workspaces (*dict* ): Dictionary of ``workspace_name: workspace_settings`` for the user Additional response keys for users in the **modify_toyz** group - modules (*list* ): List of toyz modules the user can run - toyz (*dict* ): Dictionary of ``toy_name: path_to_toy`` 's that the user can run Additional reponse keys for admins - config (*dict* ): Configuration settings for the application - db (*dict* ): Database settings - web (*dict*): Web settings - security (*dict* ): Security settings - users (*list* ): list of all users in the database - groups (*list* ): list of all groups in the database - user_settings (*dict* ): Settings for a specified user (initially the *admin*) - group_settings (*dict* ): Settings for a specified group (initially the *admin* group) """ from toyz.utils import third_party dbs = toyz_settings.db old_shortcuts = db_utils.get_param(dbs, 'shortcuts', user_id=tid['user_id']) shortcuts = core.check_user_shortcuts(toyz_settings, tid['user_id'], old_shortcuts) workspaces = db_utils.get_param(dbs, 'workspaces', user_id=tid['user_id']) response = { 'id':'user_settings', 'shortcuts': shortcuts, 'workspaces': workspaces } # set the default workspace sharing options if len(workspaces)>0: response['workspace'] = sorted(workspaces.keys())[0] groups = db_utils.get_param(toyz_settings.db, 'groups', user_id=tid['user_id']) # Only allow administrators to modify user settings if tid['user_id']=='admin' or 'admin' in groups: all_users = db_utils.get_all_ids(dbs, 'user_id') all_groups = db_utils.get_all_ids(dbs, 'group_id') user_settings = load_user_info(toyz_settings, tid, { 'user_id': 'admin', 'user_attr': ['groups', 'modules', 'toyz', 'paths'], }) group_settings = load_user_info(toyz_settings, tid, { 'group_id': 'admin', 'user_attr': ['groups', 'modules', 'toyz', 'paths'], }) del user_settings['id'] del group_settings['id'] user_settings['user_id'] = 'admin' group_settings['group_id'] = 'admin' response.update({ 'config': toyz_settings.config.__dict__, 'db': toyz_settings.db.__dict__, 'web': toyz_settings.web.__dict__, 'security': toyz_settings.security.__dict__, 'users': all_users, 'groups': all_groups, 'user_settings': user_settings, 'group_settings': group_settings }) # Only allow power users to modify toyz they have access to if 'modify_toyz' in groups or 'admin' in groups or tid['user_id'] == 'admin': response.update({ 'modules': db_utils.get_param(dbs, 'modules', user_id=tid['user_id']), 'toyz': db_utils.get_param(dbs, 'toyz', user_id=tid['user_id']) }) return response
def load_user_settings(toyz_settings, tid, params): """ Load settings for a given user Parameters - toyz_settings ( :py:class:`toyz.utils.core.ToyzSettings`): Settings for the toyz application - tid (*string* ): Task ID of the client user running the task - params (*dict* ): Any parameters sent by the client (**None** for this function) Response for all users - id: 'user_settings' - shortcuts (*dict* ): Dictionary of ``shortcut_name: shortcut_path`` 's for the user - workspaces (*dict* ): Dictionary of ``workspace_name: workspace_settings`` for the user Additional response keys for users in the **modify_toyz** group - modules (*list* ): List of toyz modules the user can run - toyz (*dict* ): Dictionary of ``toy_name: path_to_toy`` 's that the user can run Additional reponse keys for admins - config (*dict* ): Configuration settings for the application - db (*dict* ): Database settings - web (*dict*): Web settings - security (*dict* ): Security settings - users (*list* ): list of all users in the database - groups (*list* ): list of all groups in the database - user_settings (*dict* ): Settings for a specified user (initially the *admin*) - group_settings (*dict* ): Settings for a specified group (initially the *admin* group) """ from toyz.utils import third_party dbs = toyz_settings.db old_shortcuts = db_utils.get_param(dbs, 'shortcuts', user_id=tid['user_id']) shortcuts = core.check_user_shortcuts(toyz_settings, tid['user_id'], old_shortcuts) workspaces = db_utils.get_param(dbs, 'workspaces', user_id=tid['user_id']) response = { 'id': 'user_settings', 'shortcuts': shortcuts, 'workspaces': workspaces } # set the default workspace sharing options if len(workspaces) > 0: response['workspace'] = sorted(workspaces.keys())[0] groups = db_utils.get_param(toyz_settings.db, 'groups', user_id=tid['user_id']) # Only allow administrators to modify user settings if tid['user_id'] == 'admin' or 'admin' in groups: all_users = db_utils.get_all_ids(dbs, 'user_id') all_groups = db_utils.get_all_ids(dbs, 'group_id') user_settings = load_user_info( toyz_settings, tid, { 'user_id': 'admin', 'user_attr': ['groups', 'modules', 'toyz', 'paths'], }) group_settings = load_user_info( toyz_settings, tid, { 'group_id': 'admin', 'user_attr': ['groups', 'modules', 'toyz', 'paths'], }) del user_settings['id'] del group_settings['id'] user_settings['user_id'] = 'admin' group_settings['group_id'] = 'admin' response.update({ 'config': toyz_settings.config.__dict__, 'db': toyz_settings.db.__dict__, 'web': toyz_settings.web.__dict__, 'security': toyz_settings.security.__dict__, 'users': all_users, 'groups': all_groups, 'user_settings': user_settings, 'group_settings': group_settings }) # Only allow power users to modify toyz they have access to if 'modify_toyz' in groups or 'admin' in groups or tid[ 'user_id'] == 'admin': response.update({ 'modules': db_utils.get_param(dbs, 'modules', user_id=tid['user_id']), 'toyz': db_utils.get_param(dbs, 'toyz', user_id=tid['user_id']) }) return response