Example #1
0
File: core.py Project: 0x414A/toyz
def check_pwd(toyz_settings, user_id, pwd):
    """
    Check to see if a users password matches the one stored in the database.
    
    Parameters
        - toyz_settings ( :py:class:`toyz.utils.core.ToyzSettings` ): Settings for the current 
          application
        - user_id (*string* ): Id of the user logging in
        - pwd: (*string* ): password the user has entered
    
    Returns
        - valid_login (*bool* ): True if the user name and password match
    """
    from passlib.context import CryptContext
    pwd_context = CryptContext(**toyz_settings.security.pwd_context)
    users = db_utils.get_all_ids(toyz_settings.db, user_type='user_id')
    if user_id not in users:
        # Dummy check to prevent a timing attack to guess user names
        pwd_context.verify('foo', 'bar')
        return False
    user_hash = db_utils.get_param(toyz_settings.db, 'pwd', user_id=user_id)
    return pwd_context.verify(pwd, user_hash)
Example #2
0
File: core.py Project: fred3m/toyz
def check_pwd(toyz_settings, user_id, pwd):
    """
    Check to see if a users password matches the one stored in the database.
    
    Parameters
        - toyz_settings ( :py:class:`toyz.utils.core.ToyzSettings` ): Settings for the current 
          application
        - user_id (*string* ): Id of the user logging in
        - pwd: (*string* ): password the user has entered
    
    Returns
        - valid_login (*bool* ): True if the user name and password match
    """
    from passlib.context import CryptContext
    pwd_context = CryptContext(**toyz_settings.security.pwd_context)
    users = db_utils.get_all_ids(toyz_settings.db, user_type='user_id')
    if user_id not in users:
        # Dummy check to prevent a timing attack to guess user names
        pwd_context.verify('foo', 'bar')
        return False
    user_hash = db_utils.get_param(toyz_settings.db, 'pwd', user_id=user_id)
    return pwd_context.verify(pwd, user_hash)
Example #3
0
File: tasks.py Project: 0x414A/toyz
def load_user_settings(toyz_settings, tid, params):
    """
    Load settings for a given user
    
    Parameters
        - toyz_settings ( :py:class:`toyz.utils.core.ToyzSettings`): Settings for the toyz 
          application
        - tid (*string* ): Task ID of the client user running the task
        - params (*dict* ): Any parameters sent by the client (**None** for this function)
    
    Response for all users
        - id: 'user_settings'
        - shortcuts (*dict* ): Dictionary of ``shortcut_name: shortcut_path`` 's for the user
        - workspaces (*dict* ): Dictionary of ``workspace_name: workspace_settings`` for the
          user
    
    Additional response keys for users in the **modify_toyz** group
        - modules (*list* ): List of toyz modules the user can run
        - toyz (*dict* ): Dictionary of ``toy_name: path_to_toy`` 's that the user can run
    
    Additional reponse keys for admins
        - config (*dict* ): Configuration settings for the application
        - db (*dict* ): Database settings
        - web (*dict*): Web settings
        - security (*dict* ): Security settings
        - users (*list* ): list of all users in the database
        - groups (*list* ): list of all groups in the database
        - user_settings (*dict* ): Settings for a specified user (initially the *admin*)
        - group_settings (*dict* ): Settings for a specified group (initially the *admin* group)
    """
    from toyz.utils import third_party
    dbs = toyz_settings.db
    old_shortcuts = db_utils.get_param(dbs, 'shortcuts', user_id=tid['user_id'])
    shortcuts = core.check_user_shortcuts(toyz_settings, tid['user_id'], old_shortcuts)
    workspaces = db_utils.get_param(dbs, 'workspaces', user_id=tid['user_id'])
    
    response = {
        'id':'user_settings',
        'shortcuts': shortcuts,
        'workspaces': workspaces
    }
    # set the default workspace sharing options
    if len(workspaces)>0:
        response['workspace'] = sorted(workspaces.keys())[0]
    
    groups = db_utils.get_param(toyz_settings.db, 'groups', user_id=tid['user_id'])
    
    # Only allow administrators to modify user settings
    if tid['user_id']=='admin' or 'admin' in groups:
        all_users = db_utils.get_all_ids(dbs, 'user_id')
        all_groups = db_utils.get_all_ids(dbs, 'group_id')
        user_settings = load_user_info(toyz_settings, tid, {
            'user_id': 'admin',
            'user_attr': ['groups', 'modules', 'toyz', 'paths'],
        })
        group_settings = load_user_info(toyz_settings, tid, {
            'group_id': 'admin',
            'user_attr': ['groups', 'modules', 'toyz', 'paths'],
        })
        del user_settings['id']
        del group_settings['id']
        
        user_settings['user_id'] = 'admin'
        group_settings['group_id'] = 'admin'
        response.update({
            'config': toyz_settings.config.__dict__,
            'db': toyz_settings.db.__dict__,
            'web': toyz_settings.web.__dict__,
            'security': toyz_settings.security.__dict__,
            'users': all_users,
            'groups': all_groups,
            'user_settings': user_settings,
            'group_settings': group_settings
        })
    
    # Only allow power users to modify toyz they have access to
    if 'modify_toyz' in groups or 'admin' in groups or tid['user_id'] == 'admin':
        response.update({
            'modules': db_utils.get_param(dbs, 'modules', user_id=tid['user_id']),
            'toyz': db_utils.get_param(dbs, 'toyz', user_id=tid['user_id'])
        })
    return response
Example #4
0
File: tasks.py Project: fred3m/toyz
def load_user_settings(toyz_settings, tid, params):
    """
    Load settings for a given user
    
    Parameters
        - toyz_settings ( :py:class:`toyz.utils.core.ToyzSettings`): Settings for the toyz 
          application
        - tid (*string* ): Task ID of the client user running the task
        - params (*dict* ): Any parameters sent by the client (**None** for this function)
    
    Response for all users
        - id: 'user_settings'
        - shortcuts (*dict* ): Dictionary of ``shortcut_name: shortcut_path`` 's for the user
        - workspaces (*dict* ): Dictionary of ``workspace_name: workspace_settings`` for the
          user
    
    Additional response keys for users in the **modify_toyz** group
        - modules (*list* ): List of toyz modules the user can run
        - toyz (*dict* ): Dictionary of ``toy_name: path_to_toy`` 's that the user can run
    
    Additional reponse keys for admins
        - config (*dict* ): Configuration settings for the application
        - db (*dict* ): Database settings
        - web (*dict*): Web settings
        - security (*dict* ): Security settings
        - users (*list* ): list of all users in the database
        - groups (*list* ): list of all groups in the database
        - user_settings (*dict* ): Settings for a specified user (initially the *admin*)
        - group_settings (*dict* ): Settings for a specified group (initially the *admin* group)
    """
    from toyz.utils import third_party
    dbs = toyz_settings.db
    old_shortcuts = db_utils.get_param(dbs,
                                       'shortcuts',
                                       user_id=tid['user_id'])
    shortcuts = core.check_user_shortcuts(toyz_settings, tid['user_id'],
                                          old_shortcuts)
    workspaces = db_utils.get_param(dbs, 'workspaces', user_id=tid['user_id'])

    response = {
        'id': 'user_settings',
        'shortcuts': shortcuts,
        'workspaces': workspaces
    }
    # set the default workspace sharing options
    if len(workspaces) > 0:
        response['workspace'] = sorted(workspaces.keys())[0]

    groups = db_utils.get_param(toyz_settings.db,
                                'groups',
                                user_id=tid['user_id'])

    # Only allow administrators to modify user settings
    if tid['user_id'] == 'admin' or 'admin' in groups:
        all_users = db_utils.get_all_ids(dbs, 'user_id')
        all_groups = db_utils.get_all_ids(dbs, 'group_id')
        user_settings = load_user_info(
            toyz_settings, tid, {
                'user_id': 'admin',
                'user_attr': ['groups', 'modules', 'toyz', 'paths'],
            })
        group_settings = load_user_info(
            toyz_settings, tid, {
                'group_id': 'admin',
                'user_attr': ['groups', 'modules', 'toyz', 'paths'],
            })
        del user_settings['id']
        del group_settings['id']

        user_settings['user_id'] = 'admin'
        group_settings['group_id'] = 'admin'
        response.update({
            'config': toyz_settings.config.__dict__,
            'db': toyz_settings.db.__dict__,
            'web': toyz_settings.web.__dict__,
            'security': toyz_settings.security.__dict__,
            'users': all_users,
            'groups': all_groups,
            'user_settings': user_settings,
            'group_settings': group_settings
        })

    # Only allow power users to modify toyz they have access to
    if 'modify_toyz' in groups or 'admin' in groups or tid[
            'user_id'] == 'admin':
        response.update({
            'modules':
            db_utils.get_param(dbs, 'modules', user_id=tid['user_id']),
            'toyz':
            db_utils.get_param(dbs, 'toyz', user_id=tid['user_id'])
        })
    return response