def _on_signin(self, data, auth_info, provider): """ Callback whenever a new or existing user is signing in Args: data Dictionary containing the user's info retrieved from the provider auth_info Dictionary containing the authentication info retrieved from the provider provider String representing the name of the provider (i.e. google, facebook) """ auth_id = '%s:%s' % (provider, data['id']) logging.info('Looking for a user with id %s', auth_id) user = self.auth.store.user_model.get_by_auth_id(auth_id) _attrs = self._to_user_model_attrs(data, self.USER_ATTRS[provider]) if self.should_create_admin(): logging.info('Creating admin user') _attrs['is_admin'] = 'YES' ok, user = self.auth.store.user_model.create_user(auth_id, **_attrs) if ok: self.auth.set_session(self.auth.store.user_to_dict(user)) return self.redirect('/admin') should_update_user = False if user: logging.info('Found existing user to log in') # Existing users might've changed their profile data so we update our # local model if they have. for property in user._properties: if property in _attrs and getattr(user, property) != _attrs[property]: logging.info('Updating existing user credentials') should_update_user = True break else: user = self.check_if_user_exists(_attrs) if user: logging.info('Existing user logging in with new provider') should_update_user = True user.auth_ids.append(auth_id) else: pending_user_list = PendingUsersList.shared_list() if pending_user_list.is_user_approved(_attrs['email_address']): logging.info('Creating a brand new user') ok, user = self.auth.store.user_model.create_user(auth_id, **_attrs) else: logging.info('User {0} is not approved'.format(_attrs['email_address'])) pending_user_list.add_user_to_approval_waitlist(_attrs['email_address']) return self.redirect('/login') if should_update_user: user.populate(**_attrs) user.put() self.auth.set_session(self.auth.store.user_to_dict(user)) if user.is_admin_user(): return self.redirect('/admin') # Else go to the profile page self.redirect('/profile')
def post(self): ''' Login attempt or request for account ''' email_address = self.request.POST['email'] try: request_account = self.request.POST['request_account'] except KeyError: request_account = False # Login attempt, need to grab password too password = self.request.POST['password'] try: user = self.auth.get_user_by_password(email_address, password, remember=True) # Success, put user in the session and redirect to home page # Has this user been approved? Or is the user the admin? Login either way pending_users_list = PendingUsersList.shared_list() userdb = User.get_by_id(user["user_id"]) if hasattr(userdb, 'is_admin'): isAdmin = userdb.is_admin else: isAdmin = False if not isAdmin and pending_users_list.email_verification_required and not userdb.is_verified(): context = { 'error_alert': True, 'alert_message': 'You need to verify your account before you can login.' } return self.render_response('login.html', **context) if not isAdmin and pending_users_list.admin_approval_required and not pending_users_list.is_user_approved(email_address): # Not approved, add to approval waitlist pending_users_list.add_user_to_approval_waitlist(email_address) context = { 'error_alert': True, 'alert_message': 'You need to be approved by the admin before you can login.' } return self.render_response('login.html', **context) # All Clear self.auth.set_session(user) return self.redirect('/') except (InvalidAuthIdError, InvalidPasswordError) as e: logging.info('Login failed for user: {0} with exception: {1}'.format(email_address, e)) context = { 'error_alert': True, 'alert_message': 'The email or password you entered is incorrect.' } return self.render_response('login.html', **context)
def post(self): ''' Login attempt or request for account ''' email_address = self.request.POST['email'] try: request_account = self.request.POST['request_account'] except KeyError: request_account = False # Login attempt, need to grab password too password = self.request.POST['password'] try: user = self.auth.get_user_by_password(email_address, password, remember=True) # Success, put user in the session and redirect to home page # Has this user been approved? Or is the user the admin? Login either way pending_users_list = PendingUsersList.shared_list() userdb = User.get_by_id(user["user_id"]) if hasattr(userdb, 'is_admin'): isAdmin = userdb.is_admin else: isAdmin = False if pending_users_list.is_user_approved(email_address) or isAdmin: self.auth.set_session(user) return self.redirect('/') else: # Not approved, add to approval waitlist pending_users_list.add_user_to_approval_waitlist(email_address) context = { 'error_alert': True, 'alert_message': 'You need to be approved by the admin before you can login.' } return self.render_response('login.html', **context) except (InvalidAuthIdError, InvalidPasswordError) as e: logging.info( 'Login failed for user: {0} with exception: {1}'.format( email_address, e)) context = { 'error_alert': True, 'alert_message': 'The email or password you entered is incorrect.' } return self.render_response('login.html', **context)
def post(self): ''' Login attempt or request for account ''' email_address = self.request.POST['email'] try: request_account = self.request.POST['request_account'] except KeyError: request_account = False if request_account: # Just an email address here, we should first make sure they havent been approved pending_users_list = PendingUsersList.shared_list() if pending_users_list.is_user_approved(email_address): context = { 'approved_user_message': True } return self.render_response('user_registration.html', **context) # Now add to approval waitlist success = pending_users_list.add_user_to_approval_waitlist(email_address) if success: context = { 'success_alert': True, 'alert_message': 'Successfully requested an account!' } return self.render_response('login.html', **context) else: context = { 'error_alert': True, 'alert_message': 'You have already requested an account.' } return self.render_response('login.html', **context) else: # Login attempt, need to grab password too password = self.request.POST['password'] try: user = self.auth.get_user_by_password(email_address, password, remember=True) # Success, put user in the session and redirect to home page self.auth.set_session(user) return self.redirect('/') except (InvalidAuthIdError, InvalidPasswordError) as e: logging.info('Login failed for user: {0} with exception: {1}'.format(email_address, e)) context = { 'error_alert': True, 'alert_message': 'The email or password you entered is incorrect.' } return self.render_response('login.html', **context)
def request_user_account(cls, email_address): ''' ''' # Check if already approved pending_users_list = PendingUsersList.shared_list() if pending_users_list.is_user_approved(email_address): result = { 'success': True, 'approved': True } return result # Now add to approval waitlist success = pending_users_list.add_user_to_approval_waitlist(email_address) if success: result = { 'success': True } return result else: # User already requested an account... result = { 'success': False } return result
def register_new_user(cls, params): ''' ''' email_address = params[cls.PARAM_USER_EMAIL] password = params[cls.PARAM_USER_PASS] name = params[cls.PARAM_USER_NAME] # Has this user been approved? pending_users_list = PendingUsersList.shared_list() if pending_users_list.is_user_approved(email_address): # Then create the user _attrs = { 'email_address': email_address, 'name': name, 'password_raw': password } success, user = cls.auth.store.user_model.create_user( email_address, **_attrs ) if success: # Remove the user from the approved list now pending_users_list.remove_user_from_approved_list(email_address) result = { 'success': True } return result else: # Some unexpected error logging.info("Acount registration failed for: {0}".format(user)) result = { 'success': False } return result else: # Not approved result = { 'success': False, 'message': 'You need to be approved by the admin before you can create an account.' } return result
def post(self): ''' This is where user registration takes place, both for regular users as well as admins. An admin registers by presenting a secret token in the query string, which will be sent with the POST data. A user can register only if they have been approved by the admin, i.e. they are in the approved_users list (see admin.py). ''' logging.info(self.request.POST) try: secret_key = self.request.POST['secret_key'] except KeyError: secret_key = None if secret_key is None: # Normal user registration logging.info('Registering a normal user...') user_email = self.request.POST['email'] # Just an email address here, we should first make sure they havent been approved pending_users_list = PendingUsersList.shared_list() # Now add to approval waitlist if pending_users_list.is_user_approved(user_email): success = True approved = True elif pending_users_list.user_exists(user_email): success = True approved = False else: success = pending_users_list.add_user_to_approval_waitlist(user_email) approved = False if success: # Then create the user _attrs = { 'email_address': user_email, 'name': self.request.POST['name'], 'password_raw': self.request.POST['password'] } success, user = self.auth.store.user_model.create_user(user_email, **_attrs) if success: if approved: context = { 'success_alert': True, 'alert_message': 'Account creation successful! Your account is approved and you can log in immediately.' } else: context = { 'success_alert': True, 'alert_message': 'Account creation successful! Once an admin has approved your account, you can login.' } return self.render_response('login.html', **context) else: logging.info("Acount registration failed for: {0}".format(user)) context = { 'email_address': self.request.POST['email'], 'name': self.request.POST['name'], 'user_registration_failed': True } return self.render_response('user_registration.html', **context) else: context = { 'error_alert': True, 'alert_message': 'You have already requested an account.' } return self.render_response('login.html', **context) else: # Attempt to create an admin user logging.info('Registering an admin user...') # Check the secret key again secret_key_attempt = SecretKey(key_string=secret_key) if secret_key_attempt.isEqualToAdminKey(): # Then we can attempt to create an admin if User.admin_exists(): logging.info("Admin already exists...") # Delete the token from the DB and redirect to login, only one admin allowed SecretKey.clear_stored_key() return self.redirect('/login') else: # CREATE THE ADMIN ALREADY _attrs = { 'email_address': self.request.POST['email'], 'name': self.request.POST['name'], 'password_raw': self.request.POST['password'], 'is_admin': 'YES' } success, user = self.auth.store.user_model.create_user(_attrs['email_address'], **_attrs) if success: # Invalidate the token SecretKey.clear_stored_key() context = { 'success_alert': True, 'alert_message': 'Account creation successful! You may now log in with your new account.' } return self.render_response('login.html', **context) else: context = { 'email_address': self.request.POST['email'], 'name': self.request.POST['name'], 'user_registration_failed': True } return self.render_response('user_registration.html', **context) else: # Unauthorized secret key context = { 'error_alert': True, 'alert_message': 'Invalid secret token.' } return self.render_response('login.html', **context)
def post(self): ''' This is where user registration takes place, both for regular users as well as admins. An admin registers by presenting a secret token in the query string, which will be sent with the POST data. A user can register only if they have been approved by the admin, i.e. they are in the approved_users list (see admin.py). ''' try: secret_key = self.request.POST['secret_key'] except KeyError: secret_key = None if secret_key is None: # Normal user registration logging.info('Registering a normal user...') user_email = self.request.POST['email'] # Just an email address here, we should first make sure they havent been approved pending_users_list = PendingUsersList.shared_list() # Now add to approval waitlist if pending_users_list.is_user_approved(user_email): success = True approved = True elif pending_users_list.user_exists(user_email): success = True approved = False else: success = pending_users_list.add_user_to_approval_waitlist( user_email) approved = False if success: # Then create the user _attrs = { 'email_address': user_email, 'name': self.request.POST['name'], 'password_raw': self.request.POST['password'] } success, user = self.auth.store.user_model.create_user( user_email, **_attrs) if success: if approved: context = { 'success_alert': True, 'alert_message': 'Account creation successful! Your account is approved and you can log in immediately.' } else: context = { 'success_alert': True, 'alert_message': 'Account creation successful! Once an admin has approved your account, you can login.' } return self.render_response('login.html', **context) else: logging.info( "Acount registration failed for: {0}".format(user)) context = { 'email_address': self.request.POST['email'], 'name': self.request.POST['name'], 'user_registration_failed': True } return self.render_response('user_registration.html', **context) else: context = { 'error_alert': True, 'alert_message': 'You have already requested an account.' } return self.render_response('login.html', **context) else: # Attempt to create an admin user logging.info('Registering an admin user...') # Check the secret key again secret_key_attempt = SecretKey(key_string=secret_key) if secret_key_attempt.isEqualToAdminKey(): # Then we can attempt to create an admin if User.admin_exists(): logging.info("Admin already exists...") # Delete the token from the DB and redirect to login, only one admin allowed SecretKey.clear_stored_key() return self.redirect('/login') else: # CREATE THE ADMIN ALREADY _attrs = { 'email_address': self.request.POST['email'], 'name': self.request.POST['name'], 'password_raw': self.request.POST['password'], 'is_admin': 'YES' } success, user = self.auth.store.user_model.create_user( _attrs['email_address'], **_attrs) if success: # Invalidate the token SecretKey.clear_stored_key() context = { 'success_alert': True, 'alert_message': 'Account creation successful! You may now log in with your new account.' } return self.render_response('login.html', **context) else: context = { 'email_address': self.request.POST['email'], 'name': self.request.POST['name'], 'user_registration_failed': True } return self.render_response('user_registration.html', **context) else: # Unauthorized secret key context = { 'error_alert': True, 'alert_message': 'Invalid secret token.' } return self.render_response('login.html', **context)
def post(self): ''' This is where user registration takes place, both for regular users as well as admins. An admin registers by presenting a secret token in the query string, which will be sent with the POST data. A user can register only if they have been approved by the admin, i.e. they are in the approved_users list (see admin.py). ''' try: secret_key = self.request.POST['secret_key'] except KeyError: secret_key = None if secret_key is None: # Normal user registration logging.info('Registering a normal user...') user_email = self.request.POST['email'] # Just an email address here, we should first make sure they have not been approved pending_users_list = PendingUsersList.shared_list() # If the user does not exist, we create it. if not bool(User.get_by_auth_id(user_email)): _attrs = { 'email_address': user_email, 'name': self.request.POST['name'], 'password_raw': self.request.POST['password'], 'verified': False } success, user = self.auth.store.user_model.create_user(user_email, **_attrs) if success: # check if user is preapproved if pending_users_list.is_user_approved(user_email): success = True approved = True # Has the user been preapproved? If so, we just verify it. user.verified = True user.put() else: success = pending_users_list.add_user_to_approval_waitlist(user_email) approved = False if success: if approved or (not pending_users_list.email_verification_required and not pending_users_list.admin_approval_required): context = { 'success_alert': True, 'alert_message': 'Account creation successful! Your account is approved and you can log in immediately.' } elif pending_users_list.email_verification_required: # Create a signup token for the user and send a verification email token = str(uuid.uuid4()) user.signup_token = token user.signup_token_time_created=None user.put() EmailConfig.send_verification_email(user_email, token) context = { 'success_alert': True, 'alert_message': 'Account creation successful! You will recieve a verification email, please follow the instructions to activate your account.' } elif pending_users_list.admin_approval_required: context = { 'success_alert': True, 'alert_message': 'Account creation successful! Once an admin has approved your account, you can login.' } return self.render_response('login.html', **context) logging.info("Account registration failed for: {0}".format(user)) context = { 'email_address': self.request.POST['email'], 'name': self.request.POST['name'], 'user_registration_failed': True } return self.render_response('user_registration.html', **context) else: context = { 'error_alert': True, 'alert_message': 'You have already requested an account.' } return self.render_response('login.html', **context) else: # Attempt to create an admin user logging.info('Registering an admin user...') # Check the secret key again secret_key_attempt = SecretKey(key_string=secret_key) if secret_key_attempt.isEqualToAdminKey(): # Then we can attempt to create an admin if User.admin_exists(): logging.info("Admin already exists...") # Redirect to login, only one admin allowed return self.redirect('/login?secret_key={0}'.format(secret_key)) else: # CREATE THE ADMIN ALREADY _attrs = { 'email_address': self.request.POST['email'], 'name': self.request.POST['name'], 'password_raw': self.request.POST['password'], 'is_admin': 'YES', 'verified': True } success, user = self.auth.store.user_model.create_user(_attrs['email_address'], **_attrs) if success: # Invalidate the token SecretKey.clear_stored_key() if 'user_mode' in self.request.POST: if self.request.POST['user_mode'] == 'single': logging.info("UserRegistrationPage: user_mode set to single") SingleMultiUserMode.set_single_user_mode() elif self.request.POST['user_mode'] == 'multi': logging.info("UserRegistrationPage: user_mode set to multi") SingleMultiUserMode.set_multi_user_mode() else: logging.info("UserRegistrationPage: unknown user_mode {0}".format(self.request.POST['user_mode'])) else: logging.info("UserRegistrationPage: user_mode not set") return self.redirect('/login?secret_key={0}'.format(secret_key)) else: context = { 'email_address': self.request.POST['email'], 'name': self.request.POST['name'], 'user_registration_failed': True } return self.render_response('user_registration.html', **context) else: # Unauthorized secret key context = { 'error_alert': True, 'alert_message': 'Invalid secret token.' } return self.render_response('login.html', **context)
def post(self): ''' This is where user registration takes place, both for regular users as well as admins. An admin registers by presenting a secret token in the query string, which will be sent with the POST data. A user can register only if they have been approved by the admin, i.e. they are in the approved_users list (see admin.py). ''' try: secret_key = self.request.POST['secret_key'] except KeyError: secret_key = None if secret_key is None: # Normal user registration logging.info('Registering a normal user...') user_email = self.request.POST['email'] # Just an email address here, we should first make sure they have not been approved pending_users_list = PendingUsersList.shared_list() # If the user does not exist, we create it. if not bool(User.get_by_auth_id(user_email)): _attrs = { 'email_address': user_email, 'name': self.request.POST['name'], 'password_raw': self.request.POST['password'], 'verified': False } success, user = self.auth.store.user_model.create_user( user_email, **_attrs) if success: # check if user is preapproved if pending_users_list.is_user_approved(user_email): success = True approved = True # Has the user been preapproved? If so, we just verify it. user.verified = True user.put() else: success = pending_users_list.add_user_to_approval_waitlist( user_email) approved = False if success: if approved or ( not pending_users_list.email_verification_required and not pending_users_list.admin_approval_required): context = { 'success_alert': True, 'alert_message': 'Account creation successful! Your account is approved and you can log in immediately.' } elif pending_users_list.email_verification_required: # Create a signup token for the user and send a verification email token = str(uuid.uuid4()) user.signup_token = token user.signup_token_time_created = None user.put() EmailConfig.send_verification_email(user_email, token) context = { 'success_alert': True, 'alert_message': 'Account creation successful! You will recieve a verification email, please follow the instructions to activate your account.' } elif pending_users_list.admin_approval_required: context = { 'success_alert': True, 'alert_message': 'Account creation successful! Once an admin has approved your account, you can login.' } return self.render_response('login.html', **context) logging.info( "Account registration failed for: {0}".format(user)) context = { 'email_address': self.request.POST['email'], 'name': self.request.POST['name'], 'user_registration_failed': True } return self.render_response('user_registration.html', **context) else: context = { 'error_alert': True, 'alert_message': 'You have already requested an account.' } return self.render_response('login.html', **context) else: # Attempt to create an admin user logging.info('Registering an admin user...') # Check the secret key again secret_key_attempt = SecretKey(key_string=secret_key) if secret_key_attempt.isEqualToAdminKey(): # Then we can attempt to create an admin if User.admin_exists(): logging.info("Admin already exists...") # Redirect to login, only one admin allowed return self.redirect( '/login?secret_key={0}'.format(secret_key)) else: # CREATE THE ADMIN ALREADY _attrs = { 'email_address': self.request.POST['email'], 'name': self.request.POST['name'], 'password_raw': self.request.POST['password'], 'is_admin': 'YES', 'verified': True } success, user = self.auth.store.user_model.create_user( _attrs['email_address'], **_attrs) if success: # Invalidate the token SecretKey.clear_stored_key() if 'user_mode' in self.request.POST: if self.request.POST['user_mode'] == 'single': logging.info( "UserRegistrationPage: user_mode set to single" ) SingleMultiUserMode.set_single_user_mode() elif self.request.POST['user_mode'] == 'multi': logging.info( "UserRegistrationPage: user_mode set to multi" ) SingleMultiUserMode.set_multi_user_mode() else: logging.info( "UserRegistrationPage: unknown user_mode {0}" .format(self.request.POST['user_mode'])) else: logging.info( "UserRegistrationPage: user_mode not set") return self.redirect( '/login?secret_key={0}'.format(secret_key)) else: context = { 'email_address': self.request.POST['email'], 'name': self.request.POST['name'], 'user_registration_failed': True } return self.render_response('user_registration.html', **context) else: # Unauthorized secret key context = { 'error_alert': True, 'alert_message': 'Invalid secret token.' } return self.render_response('login.html', **context)