def get(self, email):
# Get values
server = request.headers.get('server')
# Validate required fields
validation = Validation()
validation.add_required_field('email', email)
validation.add_required_field('server', server)
validation.check_email('email', email)
if not validation.is_valid():
return validation.get_validation_response()
# Validate user exits
user = user_service.get_user_by_email(email)
if user is None:
return Failures.unknown_user_email(email)
if user.auth_source != 'local':
return Failures.wrong_auth_source(user.auth_source)
success, code, message = user_service.send_email_confirm(
user.id, server)
db.session.commit()
if success:
logging.info('LocalUser-controller: RequestConfirm: success: %s',
user.id)
return {'success': True}
else:
if code == 10:
return Failures.rate_exceeded()
return {'success': False, 'message': message, 'code': 520}
def post(self):
# Get values
server = request.headers.get('server')
email = request.form.get('email')
password = request.form.get('password')
# Validate required fields
validation = Validation()
validation.add_required_field('server', server)
validation.add_required_field('email', email)
validation.add_required_field('password', password)
if not validation.is_valid():
return validation.get_validation_response()
# Validate user exists, is validated and is not blocked
user = user_services.get_user_by_email(email)
if user is None:
return Failures.unknown_user_email(email)
if not user.confirmed:
return Failures.email_not_confirmed(email)
if user.blocked:
return Failures.user_blocked(email)
if user.auth_source != 'local':
return Failures.wrong_auth_source(user.auth_source)
if not rate_limiting_services.has_sufficient_tokens(user.id, 'failed-password', 1):
return Failures.rate_exceeded()
# The password might not be encoded correctly when submitted. This
# could cause the check_password method to fault. We trap that
# possibility and address it here.
try:
if not user_services.check_password(user.id, password):
rate_limiting_services.consume_tokens(user.id, 'failed-password', 1)
return Failures.wrong_password(email)
except TypeError:
return Failures.password_unknown_format("Unicode-objects must be encoded before hashing")
db.session.commit()
logging.info('Authenticate-controller: Authenticate: success: %s', email)
return {
'success': True,
'user': {
'id': user.id,
'email': user.email,
'locale': user.locale,
'screenname': user.screen_name,
'authentication-source': user.auth_source,
'bdmonth': user.birth_month,
'bdyear': user.birth_year,
'parent-email': user.parent_email,
'parent-email-source': user.parent_email_source
}}
def post(self):
# Get values
server = request.headers.get('server')
email = request.form.get('email')
password = request.form.get('password')
#browser = request.form.get('browser')
#ip_address = request.form.get('ipAddress')
# Validate required fields
validation = Validation()
validation.add_required_field('server', server)
validation.add_required_field('email', email)
validation.add_required_field('password', password)
#validation.add_required_field('browser', browser)
#validation.add_required_field('ipAddress', ip_address)
if not validation.is_valid():
return validation.get_validation_response()
# Validate user exists, is validated and is not blocked
user = user_services.get_user_by_email(email)
if user is None:
return Failures.unknown_user_email(email)
if not user.confirmed:
return Failures.email_not_confirmed()
if user.blocked:
return Failures.user_blocked()
if user.auth_source != 'local':
return Failures.wrong_auth_source(user.auth_source)
if not rate_limiting_services.has_sufficient_tokens(
user.id, 'failed-password', 1):
return Failures.rate_exceeded()
if not user_services.check_password(user.id, password):
rate_limiting_services.consume_tokens(user.id, 'failed-password',
1)
db.session.commit()
return Failures.wrong_password()
db.session.commit()
logging.info('Authenticate-controller: Authenticate: success: %s',
user.id)
return {
'success': True,
'user': {
'id': user.id,
'email': user.email,
'locale': user.locale,
'screenname': user.screen_name,
'authentication-source': user.auth_source
}
}
def post(self):
# Get values
server = request.headers.get('server')
email = request.form.get('email')
password = request.form.get('password')
# Validate required fields
validation = Validation()
validation.add_required_field('server', server)
validation.add_required_field('email', email)
validation.add_required_field('password', password)
if not validation.is_valid():
return validation.get_validation_response()
# Validate user exists, is validated and is not blocked
user = user_services.get_user_by_email(email)
if user is None:
return Failures.unknown_user_email(email)
if not user.confirmed:
return Failures.email_not_confirmed(email)
if user.blocked:
return Failures.user_blocked(email)
if user.auth_source != 'local':
return Failures.wrong_auth_source(user.auth_source)
if not rate_limiting_services.has_sufficient_tokens(user.id, 'failed-password', 1):
return Failures.rate_exceeded()
if not user_services.check_password(user.id, password):
rate_limiting_services.consume_tokens(user.id, 'failed-password', 1)
db.session.commit()
return Failures.wrong_password(email)
db.session.commit()
logging.info('Authenticate-controller: Authenticate: success: %s', email)
return {'success': True, 'user': {
'id': user.id,
'email': user.email,
'locale': user.locale,
'screenname': user.screen_name,
'authentication-source': user.auth_source,
'bdmonth': user.birth_month,
'bdyear': user.birth_year,
'parent-email': user.parent_email,
'parent-email-source': user.parent_email_source
}}
def get(self, bucket_type, id_user, count):
# Validate required fields
validation = Validation()
validation.add_required_field('bucket_type', bucket_type)
validation.add_required_field('id_user', id_user)
validation.add_required_field('count', count)
if not validation.is_valid():
return validation.get_validation_response()
# Parse numbers
try:
id_user = int(id_user)
except ValueError:
return Failures.not_a_number('idUser', id_user)
try:
count = int(count)
except ValueError:
return Failures.not_a_number('count', count)
# Validate user exists, is validated and is not blocked
user = user_services.get_user(id_user)
if user is None:
return Failures.unknown_user_id(id_user)
if user.blocked:
return Failures.user_blocked()
if not user.confirmed:
return Failures.email_not_confirmed()
bucket_types = app.config['CLOUD_SESSION_PROPERTIES'][
'bucket.types'].split(',')
if bucket_type not in bucket_types:
return Failures.unknown_bucket_type(bucket_type)
result, next_time = rate_limiting_services.consume_tokens(
user.id, bucket_type, 1)
if not result:
db.session.commit()
return Failures.rate_exceeded(
next_time.strftime("%Y-%m-%d %H:%M:%S"))
db.session.commit()
logging.info(
'RateLimiting-controller: ConsumeMultiple: success: %s (%s - %s)',
id_user, bucket_type, count)
return {'success': True}
def get(self, bucket_type, id_user, count):
# Validate required fields
validation = Validation()
validation.add_required_field('bucket_type', bucket_type)
validation.add_required_field('id_user', id_user)
validation.add_required_field('count', count)
if not validation.is_valid():
return validation.get_validation_response()
# Parse numbers
try:
id_user = int(id_user)
except ValueError:
return Failures.not_a_number('idUser', id_user)
try:
count = int(count)
except ValueError:
return Failures.not_a_number('count', count)
# Validate user exists, is validated and is not blocked
user = user_services.get_user(id_user)
if user is None:
return Failures.unknown_user_id(id_user)
if user.blocked:
return Failures.user_blocked()
if not user.confirmed:
return Failures.email_not_confirmed()
bucket_types = app.config['CLOUD_SESSION_PROPERTIES']['bucket.types'].split(',')
if bucket_type not in bucket_types:
return Failures.unknown_bucket_type(bucket_type)
result, next_time = rate_limiting_services.consume_tokens(user.id, bucket_type, 1)
if not result:
db.session.commit()
return Failures.rate_exceeded(next_time.strftime("%Y-%m-%d %H:%M:%S"))
db.session.commit()
logging.info('RateLimiting-controller: ConsumeMultiple: success: %s (%s - %s)', id_user, bucket_type, count)
return {'success': True}
def get(self, email):
# Get server URL
server = request.headers.get('server')
logging.info("Requesting email confirmation for %s from server %s", email, server)
# Validate required fields
validation = Validation()
validation.add_required_field('email', email)
validation.add_required_field('server', server)
validation.check_email('email', email)
if not validation.is_valid():
return validation.get_validation_response()
# Validate user exits
user = user_service.get_user_by_email(email)
if user is None:
return Failures.unknown_user_email(email)
if user.auth_source != 'local':
return Failures.wrong_auth_source(user.auth_source)
success, code, message = user_service.send_email_confirm(user.id, server)
db.session.commit()
if success:
logging.info('LocalUser-controller: RequestConfirm: success: %s', user.id)
return {'success': True}
else:
if code == 10:
return Failures.rate_exceeded()
elif code == 99:
return {
'success': False,
'message': message,
'code': 540
}
else:
return {
'success': False,
'message': message,
'code': 520
}
def get(self, email):
# Get values
server = request.headers.get('server')
# Validate required fields
validation = Validation()
validation.add_required_field('email', email)
validation.add_required_field('server', server)
validation.check_email('email', email)
if not validation.is_valid():
return validation.get_validation_response()
# Validate user exits
user = user_service.get_user_by_email(email)
if user is None:
return Failures.unknown_user_email(email)
if user.auth_source != 'local':
return Failures.wrong_auth_source(user.auth_source)
if not user.confirmed:
return Failures.email_not_confirmed(user.email)
success, code, message = user_service.send_password_reset(user.id, server)
db.session.commit()
if success:
logging.info('LocalUser-controller: RequestPasswordReset: success: %s', user.id)
return {'success': True}
else:
if code == 10:
return Failures.rate_exceeded()
return {
'success': False,
'message': message,
'code': 520
}