def log_in_success(self, form):
request = self.request
user = (
AuthUser.get_by_login(form['username']) or
AuthUser.get_by_email(form['username'])
)
headers = remember(request, user.auth_id)
return HTTPSeeOther(headers=headers, location=get_came_from(request))
def search_user(username):
user = None
if '@' in username:
user = AuthUser.get_by_email(username)
if not user:
user = AuthUser.get_by_username(username)
if not user:
user = AuthUser.get_by_login(username)
return user
def register_validator(node, kw):
"""Validate a username and password."""
valid = False
if "password" in kw:
if kw["password"] != kw.get("password2", None):
raise Invalid(node, "Passwords should match!")
used = AuthUser.get_by_login(kw["username"])
used = used or AuthUser.get_by_email(kw["email"])
if used:
raise Invalid(node, "That username or email is taken.")
def apex_callback(request):
""" apex_callback(request):
no return value, called with route_url('apex_callback', request)
This is the URL that Velruse returns an OpenID request to
"""
redir = request.GET.get('came_from', \
route_url(apex_settings('came_from_route'), request))
headers = []
if 'token' in request.POST:
auth = apexid_from_token(request.POST['token'])
if auth:
user = AuthUser.get_by_login(auth['id'])
if not user:
auth_info = auth['profile']['accounts'][0]
id = AuthID()
DBSession.add(id)
user = AuthUser(
login=auth_info['userid'],
provider=auth_info['domain'],
)
if auth['profile'].has_key('verifiedEmail'):
user.email = auth['profile']['verifiedEmail']
id.users.append(user)
if apex_settings('default_user_group'):
for name in apex_settings('default_user_group'). \
split(','):
group = DBSession.query(AuthGroup). \
filter(AuthGroup.name==name.strip()).one()
id.groups.append(group)
if apex_settings('create_openid_after'):
openid_after = get_module(apex_settings('create_openid_after'))
openid_after().after_signup(user)
DBSession.flush()
if apex_settings('openid_required'):
openid_required = False
for required in apex_settings('openid_required').split(','):
if not getattr(user, required):
openid_required = True
if openid_required:
request.session['id'] = id.id
request.session['userid'] = user.id
return HTTPFound(location='%s?came_from=%s' % \
(route_url('apex_openid_required', request), \
request.GET.get('came_from', \
route_url(apex_settings('came_from_route'), request))))
headers = apex_remember(request, user)
redir = request.GET.get('came_from', \
route_url(apex_settings('came_from_route'), request))
flash(_('Successfully Logged in, welcome!'), 'success')
return HTTPFound(location=redir, headers=headers)
def create_public_workspace(registry=None):
project_name = PUBLIC_PROJECT_NAME
username = PUBLIC_PROJECT_USERNAME
project_desc = "%s description" % project_name
user_public_email = "%s@internal" % username
# imports here for circular import references
from apex.models import create_user, AuthUser
from mobyle2.core.models.user import User
import transaction
ausr = AuthUser.get_by_login(username)
modified = False
if ausr is None:
kwargs = {"email": user_public_email, "username": username, "login": username}
if registry:
kwargs["registry"] = registry
ausr = create_user(**kwargs)
else:
ausr.username = username
ausr.email = user_public_email
ausr.login = username
modified = True
# running mobyle2 __init__ recreate default project if deleted
# only after we are sure user is created
usr = User.by_id(ausr.id)
if modified:
transaction.commit()
def login_validator(node, kw):
"""Validate a username and password."""
valid = False
if "username" in kw:
valid = AuthUser.check_password(login=kw["username"], password=kw["password"])
if not valid:
raise Invalid(node, "Your username or password is incorrect.")
def groupfinder(userid, request):
""" Returns ACL formatted list of groups for the userid in the
current request
"""
auth = AuthUser.get_by_id(userid)
if auth:
return [('group:%s' % group.name) for group in auth.groups]
def edit(request):
""" edit(request)
no return value, called with route_url('apex_edit', request)
This function will only work if you have set apex.auth_profile.
This is a very simple edit function it works off your auth_profile
class, all columns inside your auth_profile class will be rendered.
"""
title = _('Edit')
ProfileForm = model_form(
model=get_module(apex_settings('auth_profile')),
base_class=ExtendedForm,
exclude=('id', 'user_id'),
)
record = AuthUser.get_profile(request)
form = ProfileForm(obj=record)
if request.method == 'POST' and form.validate():
record = merge_session_with_post(record, request.POST.items())
DBSession.merge(record)
DBSession.flush()
flash(_('Profile Updated'))
return HTTPFound(location=request.url)
return {'title': title, 'form': form, 'action': 'edit'}
def activate(request):
"""
"""
user_id = request.matchdict.get('user_id')
user = AuthUser.get_by_id(user_id)
submitted_hmac = request.matchdict.get('hmac')
current_time = time.time()
time_key = int(base64.b64decode(submitted_hmac[10:]))
if current_time < time_key:
hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \
apex_settings('auth_secret'), time_key), \
user.email).hexdigest()[0:10]
if hmac_key == submitted_hmac[0:10]:
user.active = 'Y'
DBSession.merge(user)
DBSession.flush()
flash(_('Account activated. Please log in.'))
activated_route = apex_settings('activated_route')
if not activated_route:
activated_route = 'apex_login'
return HTTPFound(location=route_url(activated_route, request))
flash(_('Invalid request, please try again'))
return HTTPFound(location=route_url(apex_settings('came_from_route'), \
request))
def login(request):
""" login(request)
No return value
Function called from route_url('apex_login', request)
"""
title = _('You need to login')
came_from = get_came_from(request)
if not apex_settings('exclude_local'):
if asbool(apex_settings('use_recaptcha_on_login')):
if apex_settings('recaptcha_public_key') and apex_settings('recaptcha_private_key'):
LoginForm.captcha = RecaptchaField(
public_key=apex_settings('recaptcha_public_key'),
private_key=apex_settings('recaptcha_private_key'),
)
form = LoginForm(request.POST,
captcha={'ip_address': request.environ['REMOTE_ADDR']})
else:
form = LoginForm(request.POST)
else:
form = None
velruse_forms = generate_velruse_forms(request, came_from)
if request.method == 'POST' and form.validate():
user = AuthUser.get_by_login(form.data.get('login'))
if user:
headers = apex_remember(request, user)
return HTTPFound(location=came_from, headers=headers)
return {'title': title, 'form': form, 'velruse_forms': velruse_forms, \
'form_url': request.route_url('apex_login'),
'action': 'login'}
def forgot_password(request):
""" forgot_password(request):
no return value, called with route_url('apex_forgot_password', request)
"""
title = _('Forgot my password')
if asbool(apex_settings('use_recaptcha_on_forgot')):
if apex_settings('recaptcha_public_key') and apex_settings(
'recaptcha_private_key'):
ForgotForm.captcha = RecaptchaField(
public_key=apex_settings('recaptcha_public_key'),
private_key=apex_settings('recaptcha_private_key'),
)
form = ForgotForm(request.POST, \
captcha={'ip_address': request.environ['REMOTE_ADDR']})
if request.method == 'POST' and form.validate():
""" Special condition - if email imported from OpenID/Auth, we can
direct the person to the appropriate login through a flash
message.
"""
if form.data['email']:
user = AuthUser.get_by_email(form.data['email'])
if user.provider != 'local':
provider_name = user.provider
flash(_('You used %s as your login provider' % \
provider_name))
return HTTPFound(location=route_url('apex_login', \
request))
if form.data['login']:
user = AuthUser.get_by_login(form.data['login'])
if user:
timestamp = time.time() + 3600
hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \
apex_settings('auth_secret'), timestamp), \
user.email).hexdigest()[0:10]
time_key = base64.urlsafe_b64encode('%d' % timestamp)
email_hash = '%s%s' % (hmac_key, time_key)
apex_email_forgot(request, user.id, user.email, email_hash)
flash(_('Password Reset email sent.'))
return HTTPFound(location=route_url('apex_login', \
request))
flash(_('An error occurred, please contact the support team.'))
return {'title': title, 'form': form, 'action': 'forgot'}
def forgot_password(request):
""" forgot_password(request):
no return value, called with route_url('apex_forgot_password', request)
"""
title = _('Forgot my password')
if asbool(apex_settings('use_recaptcha_on_forgot')):
if apex_settings('recaptcha_public_key') and \
apex_settings('recaptcha_private_key'):
ForgotForm.captcha = RecaptchaField(
public_key=apex_settings('recaptcha_public_key'),
private_key=apex_settings('recaptcha_private_key'),
)
form = ForgotForm(request.POST, \
captcha={'ip_address': request.environ['REMOTE_ADDR']})
if request.method == 'POST' and form.validate():
""" Special condition - if email imported from OpenID/Auth, we can
direct the person to the appropriate login through a flash
message.
"""
if form.data['email']:
user = AuthUser.get_by_email(form.data['email'])
if user.provider != 'local':
provider_name = user.provider
flash(_('You used %s as your login provider' % \
provider_name))
return HTTPFound(location=route_url('apex_login', \
request))
if form.data['login']:
user = AuthUser.get_by_login(form.data['login'])
if user:
timestamp = time.time()+3600
hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \
apex_settings('auth_secret'), timestamp), \
user.email).hexdigest()[0:10]
time_key = base64.urlsafe_b64encode('%d' % timestamp)
email_hash = '%s%s' % (hmac_key, time_key)
apex_email_forgot(request, user.id, user.email, email_hash)
flash(_('Password Reset email sent.'))
return HTTPFound(location=route_url('apex_login', \
request))
flash(_('An error occurred, please contact the support team.'))
return {'title': title, 'form': form, 'action': 'forgot'}
def callback(request):
user = None
profile = request.context.profile
if 'id' not in request.session:
user = AuthUser.get_by_login(profile['preferredUsername'])
if not user:
if 'id' in request.session:
auth_id = AuthID.get_by_id(request.session['id'])
else:
auth_id = AuthID()
DBSession.add(auth_id)
user = AuthUser(
login=profile['preferredUsername'],
provider=request.context.provider_name,
)
if 'verifiedEmail' in profile:
user.email = profile['verifiedEmail']
if 'displayName' in profile:
user.display_name = profile['displayName']
# TODO: This may not be unique, handle the error here.
auth_id.users.append(user)
DBSession.add(user)
DBSession.flush()
if apex_settings('default_user_group'):
for name in apex_settings('default_user_group'). \
split(','):
group = DBSession.query(AuthGroup). \
filter(AuthGroup.name == name.strip()).one()
auth_id.groups.append(group)
if apex_settings('create_openid_after'):
openid_after = get_module(apex_settings('create_openid_after'))
openid_after().after_signup(request=request, user=user)
DBSession.flush()
headers = apex_remember(request, user)
redir = request.GET.get(
'came_from',
request.route_path(
apex_settings('came_from_route')
)
)
flash(_('Successfully Logged in, welcome!'), 'success')
return HTTPFound(location=redir, headers=headers)
def create_user(**kwargs):
"""
from apex.lib.libapex import create_user
create_user(username='******', password='******', active='Y')
Optional Parameters:
display_name
group
Returns: AuthID object
"""
auth_id = AuthID(active=kwargs.get('active', 'Y'))
user = AuthUser(login=kwargs['username'], password=kwargs['password'],
active=kwargs.get('active', 'Y'))
if 'display_name' in kwargs:
user.display_name = kwargs['display_name']
del kwargs['display_name']
auth_id.users.append(user)
if 'group' in kwargs:
try:
group = DBSession.query(AuthGroup).filter(
AuthGroup.name == kwargs['group']
).one()
auth_id.groups.append(group)
except NoResultFound:
pass
del kwargs['group']
for key, value in kwargs.items():
setattr(user, key, value)
DBSession.add(auth_id)
DBSession.add(user)
DBSession.flush()
return user
def login_validator(node, kw):
"""Validate a username and password."""
valid = False
if 'username' in kw:
kwargs = {
'login': kw['username'],
'password': kw['password'],
}
valid = AuthUser.check_password(**kwargs)
# XXX: extend apex to get user by login or email
if not valid:
user = AuthUser.get_by_email(kw['username'])
if user:
del kwargs['login']
kwargs['id'] = user.id
valid = AuthUser.check_password(**kwargs)
if not valid:
raise Invalid(
node,
"Your username or password is incorrect."
)
def create_user(self, auth_id, login):
id = DBSession.query(AuthID).filter(AuthID.id == auth_id).one()
user = AuthUser(
login=login,
password=self.data['password'],
email=self.data['email'],
)
id.users.append(user)
DBSession.add(user)
DBSession.flush()
return user
def sign_up_success(self, form):
request = self.request
db = request.db
id = AuthID()
db.add(id)
user = AuthUser(login=form['username'],
password=form['password'],
email=form['email'])
id.users.append(user)
db.add(user)
db.flush()
headers = remember(request, user.auth_id)
return HTTPSeeOther(headers=headers, location=get_came_from(request))
def create_user(self, username):
user = AuthUser(
username=username,
password=self.data['password'],
email=self.data['email'],
)
DBSession.add(user)
settings = get_current_registry().settings
if settings.has_key('apex.default_user_group'):
group = DBSession.query(AuthGroup). \
filter(AuthGroup.name==settings['apex.default_user_group']).one()
user.groups.append(group)
DBSession.flush()
return user
def change_password(request):
""" change_password(request):
no return value, called with route_url('apex_change_password', request)
"""
title = _('Change your Password')
came_from = get_came_from(request)
form = ChangePasswordForm(request.POST)
if request.method == 'POST' and form.validate():
user = AuthUser.get_by_id(authenticated_userid(request))
user.password = form.data['password']
DBSession.merge(user)
DBSession.flush()
return HTTPFound(location=came_from)
return {'title': title, 'form': form, 'action': 'changepass'}
def change_password(request):
""" change_password(request):
no return value, called with route_url('apex_change_password', request)
"""
title = _('Change your Password')
came_from = get_came_from(request)
form = ChangePasswordForm(request.POST)
if request.method == 'POST' and form.validate():
user = AuthUser.get_by_id(authenticated_userid(request))
user.password = form.data['password']
DBSession.merge(user)
DBSession.flush()
return HTTPFound(location=came_from)
return {'title': title, 'form': form, 'action': 'changepass'}
def create_user(**kwargs):
"""
::
from apex.lib.libapex import create_user
create_user(username='******', password='******', active='Y')
Optional Parameters:
display_name
group
Returns: AuthID object
"""
auth_id = AuthID(active=kwargs.get('active', 'Y'))
if 'display_name' in kwargs:
auth_id.display_name = kwargs['display_name']
del kwargs['display_name']
user = AuthUser(login=kwargs['username'], password=kwargs['password'], \
active=kwargs.get('active', 'Y'))
auth_id.users.append(user)
if 'group' in kwargs:
try:
group = DBSession.query(AuthGroup). \
filter(AuthGroup.name==kwargs['group']).one()
auth_id.groups.append(group)
except NoResultFound:
pass
del kwargs['group']
for key, value in kwargs.items():
setattr(user, key, value)
DBSession.add(auth_id)
DBSession.add(user)
DBSession.flush()
return user
def login(request):
""" login(request)
No return value
Function called from route_url('apex_login', request)
"""
title = _('You need to login')
came_from = get_came_from(request)
if apex_settings('login_form_class'):
LoginForm = get_module(apex_settings('login_form_class'))
else:
from apex.forms import LoginForm
if not apex_settings('exclude_local'):
if asbool(apex_settings('use_recaptcha_on_login')):
if apex_settings('recaptcha_public_key') and \
apex_settings('recaptcha_private_key'):
LoginForm.captcha = RecaptchaField(
public_key=apex_settings('recaptcha_public_key'),
private_key=apex_settings('recaptcha_private_key'),
)
form = LoginForm(request.POST,
captcha={'ip_address': \
request.environ['REMOTE_ADDR']})
else:
form = LoginForm(request.POST)
else:
form = None
velruse_forms = generate_velruse_forms(request, came_from)
if request.method == 'POST' and form.validate():
user = AuthUser.get_by_login(form.data.get('login'))
if user:
headers = apex_remember(request, user, \
max_age=apex_settings('max_cookie_age', None))
return HTTPFound(location=came_from, headers=headers)
return {'title': title, 'form': form, 'velruse_forms': velruse_forms, \
'form_url': request.route_url('apex_login'),
'action': 'login'}
def reset_password(request):
""" reset_password(request):
no return value, called with route_url('apex_reset_password', request)
"""
title = _('Reset My Password')
if asbool(apex_settings('use_recaptcha_on_reset')):
if (apex_settings('recaptcha_public_key') and
apex_settings('recaptcha_private_key')):
ResetPasswordForm.captcha = RecaptchaField(
public_key=apex_settings('recaptcha_public_key'),
private_key=apex_settings('recaptcha_private_key'),
)
form = ResetPasswordForm(request.POST,
captcha={'ip_address': request.environ['REMOTE_ADDR']})
if request.method == 'POST' and form.validate():
user_id = request.matchdict.get('user_id')
user = AuthUser.get_by_id(user_id)
submitted_hmac = request.matchdict.get('hmac')
current_time = int(time.time())
time_key = int(base64.b64decode(submitted_hmac[10:]))
if current_time < time_key:
hmac_key = get_hmac_key(user, time_key)
if hmac_key == submitted_hmac[0:10]:
#FIXME reset email, no such attribute email
user.password = form.data['password']
DBSession.merge(user)
DBSession.flush()
flash(_('Password Changed. Please log in.'))
return HTTPFound(location=route_url('apex_login',
request))
else:
flash(_('Invalid request, please try again'))
return HTTPFound(location=route_url('apex_forgot',
request))
else:
flash(_('Change request email expired, please try again'))
return HTTPFound(location=route_url('apex_forgot', request))
return {'title': title,
'form': form, 'form_url': request.url,
"velruse_forms": None}
def openid_required(request):
""" openid_required(request)
no return value
If apex_settings.openid_required is set, and the ax/sx from the OpenID
auth doesn't return the required fields, this is called which builds
a dynamic form to ask for the missing inforation.
Called on Registration or Login with OpenID Authentication.
"""
title = _('OpenID Registration')
came_from = request.params.get('came_from',
route_url(apex_settings('came_from_route'), request))
# This fixes the issue with RegisterForm throwing an UnboundLocalError
if apex_settings('openid_register_form_class'):
OpenIDRequiredForm = get_module(
apex_settings('openid_register_form_class'))
else:
from apex.forms import OpenIDRequiredForm
for required in apex_settings('openid_required').split(','):
setattr(OpenIDRequiredForm, required,
TextField(required, [validators.Required()]))
form = OpenIDRequiredForm(request.POST,
captcha={'ip_address': request.environ['REMOTE_ADDR']})
if request.method == 'POST' and form.validate():
"""
need to have the AuthUser id that corresponds to the login
method.
"""
user = AuthUser.get_by_id(request.session['userid'])
for required in apex_settings('openid_required').split(','):
setattr(user, required, form.data[required])
DBSession.merge(user)
DBSession.flush()
headers = apex_remember(request, user)
return HTTPFound(location=came_from, headers=headers)
return {'title': title, 'form': form, 'action': 'openid_required'}
def openid_required(request):
""" openid_required(request)
no return value
If apex_settings.openid_required is set, and the ax/sx from the OpenID
auth doesn't return the required fields, this is called which builds
a dynamic form to ask for the missing information.
Called on Registration or Login with OpenID Authentication.
"""
title = _('OpenID Registration')
came_from = request.params.get('came_from', \
route_url(apex_settings('came_from_route'), request))
#This fixes the issue with RegisterForm throwing an UnboundLocalError
if apex_settings('openid_register_form_class'):
OpenIDRequiredForm = get_module(
apex_settings('openid_register_form_class'))
else:
from apex.forms import OpenIDRequiredForm
for required in apex_settings('openid_required').split(','):
setattr(OpenIDRequiredForm, required, \
TextField(required, [validators.Required()]))
form = OpenIDRequiredForm(request.POST, \
captcha={'ip_address': request.environ['REMOTE_ADDR']})
if request.method == 'POST' and form.validate():
"""
need to have the AuthUser id that corresponds to the login
method.
"""
user = AuthUser.get_by_id(request.session['userid'])
for required in apex_settings('openid_required').split(','):
setattr(user, required, form.data[required])
DBSession.merge(user)
DBSession.flush()
headers = apex_remember(request, user)
return HTTPFound(location=came_from, headers=headers)
return {'title': title, 'form': form, 'action': 'openid_required'}
def activate(request):
"""
"""
user_id = request.matchdict.get('user_id')
user = AuthUser.get_by_id(user_id)
submitted_hmac = request.matchdict.get('hmac')
current_time = time.time()
time_key = int(base64.b64decode(submitted_hmac[10:]))
if current_time < time_key:
hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \
apex_settings('auth_secret'), time_key), \
user.email).hexdigest()[0:10]
if hmac_key == submitted_hmac[0:10]:
user.active = 'Y'
DBSession.merge(user)
DBSession.flush()
flash(_('Account activated. Please log in.'))
return HTTPFound(location=route_url('apex_login', \
request))
flash(_('Invalid request, please try again'))
return HTTPFound(location=route_url(apex_settings('came_from_route'), \
request))
def reset_password(request):
""" reset_password(request):
no return value, called with route_url('apex_reset_password', request)
"""
title = _('Reset My Password')
if asbool(apex_settings('use_recaptcha_on_reset')):
if apex_settings('recaptcha_public_key') and \
apex_settings('recaptcha_private_key'):
ResetPasswordForm.captcha = RecaptchaField(
public_key=apex_settings('recaptcha_public_key'),
private_key=apex_settings('recaptcha_private_key'),
)
form = ResetPasswordForm(request.POST, \
captcha={'ip_address': request.environ['REMOTE_ADDR']})
if request.method == 'POST' and form.validate():
user_id = request.matchdict.get('user_id')
user = AuthUser.get_by_id(user_id)
submitted_hmac = request.matchdict.get('hmac')
current_time = time.time()
time_key = int(base64.b64decode(submitted_hmac[10:]))
if current_time < time_key:
hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \
apex_settings('auth_secret'), time_key), \
user.email).hexdigest()[0:10]
if hmac_key == submitted_hmac[0:10]:
#FIXME reset email, no such attribute email
user.password = form.data['password']
DBSession.merge(user)
DBSession.flush()
flash(_('Password Changed. Please log in.'))
return HTTPFound(location=route_url('apex_login', \
request))
else:
flash(_('Invalid request, please try again'))
return HTTPFound(location=route_url('apex_forgot', \
request))
return {'title': title, 'form': form, 'action': 'reset'}
def reset_password(request):
""" reset_password(request):
no return value, called with route_url('apex_reset_password', request)
"""
title = _('Reset My Password')
if asbool(apex_settings('use_recaptcha_on_reset')):
if apex_settings('recaptcha_public_key') and apex_settings('recaptcha_private_key'):
ResetPasswordForm.captcha = RecaptchaField(
public_key=apex_settings('recaptcha_public_key'),
private_key=apex_settings('recaptcha_private_key'),
)
form = ResetPasswordForm(request.POST, \
captcha={'ip_address': request.environ['REMOTE_ADDR']})
if request.method == 'POST' and form.validate():
user_id = request.matchdict.get('user_id')
user = AuthUser.get_by_id(user_id)
submitted_hmac = request.matchdict.get('hmac')
current_time = time.time()
time_key = int(base64.b64decode(submitted_hmac[10:]))
if current_time < time_key:
hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \
apex_settings('auth_secret'), time_key), \
user.email).hexdigest()[0:10]
if hmac_key == submitted_hmac[0:10]:
user.password = form.data['password']
DBSession.merge(user)
DBSession.flush()
flash(_('Password Changed. Please log in.'))
return HTTPFound(location=route_url('apex_login', \
request))
else:
flash(_('Invalid request, please try again'))
return HTTPFound(location=route_url('apex_forgot', \
request))
return {'title': title, 'form': form, 'action': 'reset'}
def clean(self):
errors = []
if not AuthUser.check_password(username=self.data.get("username"), password=self.data.get("password")):
errors.append(_("Login Error -- please try again"))
return errors
def apex_callback(request):
""" apex_callback(request):
no return value, called with route_url('apex_callback', request)
This is the URL that Velruse returns an OpenID request to
"""
redir = request.GET.get('came_from',
route_url(apex_settings('came_from_route'), request))
headers = []
login_failed = True
reason = _('Login failed!')
if 'token' in request.POST:
token = request.POST['token']
auth = apexid_from_token(token)
if auth:
login_failed = False
user, email = None, ''
if 'emails' in auth['profile']:
emails = auth['profile']['emails']
if isinstance(emails[0], dict):
email = auth['profile']['emails'][0]['value']
else:
email = auth['profile']['emails'][0]
else:
email = auth['profile'].get('verifiedEmail', '').strip()
# first try by email
if email:
user = AuthUser.get_by_email(email)
# then by id
if user is None:
user = search_user(auth['apexid'])
if not user:
user_infos = {'login': auth['apexid'], 'username': auth['name']}
if email:
user_infos['email'] = email
user = create_user(**user_infos)
if apex_settings('create_openid_after'):
openid_after = get_module(apex_settings('create_openid_after'))
request = openid_after().after_signup(request, user)
if apex_settings('openid_required'):
openid_required = False
for required in apex_settings('openid_required').split(','):
if not getattr(user, required):
openid_required = True
if openid_required:
request.session['id'] = user.id
return HTTPFound(location='%s?came_from=%s' % \
(route_url('apex_openid_required', request), \
request.GET.get('came_from', \
route_url(apex_settings('came_from_route'), request))))
using_ldap = 'ldap' in [a.get('domain', '')
for a in auth.get(
"profile", {}).get("accounts", [])]
external_user = True
internal_user = using_ldap
headers = apex_remember(request, user.id,
internal_user=internal_user,
external_user=external_user)
redir = request.GET.get('came_from', \
route_url(apex_settings('came_from_route'), request))
flash(_('Successfully Logged in, welcome!'), 'success')
else:
auth = get_velruse_token(token)
reasont = ''
if auth.get('code', None):
reasont += 'Code %s : ' % auth['code']
if auth.get('description', ''):
reasont += _(auth['description'])
if reasont:
reason = reasont
login_failed = True
if login_failed:
flash(reason)
return HTTPFound(location=redir, headers=headers)
def apex_callback(request):
""" apex_callback(request):
no return value, called with route_url('apex_callback', request)
This is the URL that Velruse returns an OpenID request to
"""
redir = request.GET.get('came_from', \
route_url(apex_settings('came_from_route'), request))
headers = []
if 'token' in request.POST:
auth = None
try:
auth = apex_id_from_token(request)
except:
# TODO add logging
pass
if auth:
user = None
if not request.session.has_key('id'):
user = AuthUser.get_by_login(auth['id'])
if not user:
id = None
if request.session.has_key('id'):
id = AuthID.get_by_id(request.session['id'])
else:
id = AuthID()
DBSession.add(id)
auth_info = auth['profile']['accounts'][0]
user = AuthUser(
login=auth_info['userid'],
provider=auth_info['domain'],
)
if auth['profile'].has_key('verifiedEmail'):
user.email = auth['profile']['verifiedEmail']
id.users.append(user)
if apex_settings('default_user_group'):
for name in apex_settings('default_user_group'). \
split(','):
group = DBSession.query(AuthGroup). \
filter(AuthGroup.name==name.strip()).one()
id.groups.append(group)
if apex_settings('create_openid_after'):
openid_after = get_module(
apex_settings('create_openid_after'))
openid_after().after_signup(request=request, user=user)
DBSession.flush()
if apex_settings('openid_required'):
openid_required = False
for required in apex_settings('openid_required').split(','):
if not getattr(user, required):
openid_required = True
if openid_required:
request.session['id'] = id.id
request.session['userid'] = user.id
return HTTPFound(location='%s?came_from=%s' % \
(route_url('apex_openid_required', request), \
request.GET.get('came_from', \
route_url(apex_settings('came_from_route'), request))))
headers = apex_remember(request, user)
redir = request.GET.get('came_from', \
route_url(apex_settings('came_from_route'), request))
flash(_('Successfully Logged in, welcome!'), 'success')
return HTTPFound(location=redir, headers=headers)
def clean(self):
errors = []
if not AuthUser.check_password(login=self.data.get('login'), \
password=self.data.get('password')):
errors.append(_('Login Error -- please try again'))
return errors
def validate_login(form, field):
if AuthUser.get_by_login(field.data) is not None:
raise validators.ValidationError(_('Sorry that username already exists.'))
def log_in_success(self, form):
user = AuthUser.get_by_login(form["username"])
headers = remember(self.request, user.auth_id)
return HTTPSeeOther(headers=headers, location=self._came_from)
def validate_login(form, field):
if AuthUser.get_by_login(field.data) is not None:
raise validators.ValidationError(
_('Sorry that username already exists.'))
def apex_callback(request):
""" apex_callback(request):
no return value, called with route_url('apex_callback', request)
This is the URL that Velruse returns an OpenID request to
"""
redir = request.GET.get(
'came_from', route_url(apex_settings('came_from_route'), request))
headers = []
login_failed = True
reason = _('Login failed!')
if 'token' in request.POST:
token = request.POST['token']
auth = apexid_from_token(token)
if auth:
login_failed = False
user, email = None, ''
if 'emails' in auth['profile']:
emails = auth['profile']['emails']
if isinstance(emails[0], dict):
email = auth['profile']['emails'][0]['value']
else:
email = auth['profile']['emails'][0]
else:
email = auth['profile'].get('verifiedEmail', '').strip()
# first try by email
if email:
user = AuthUser.get_by_email(email)
# then by id
if user is None:
user = search_user(auth['apexid'])
if not user:
user_infos = {
'login': auth['apexid'],
'username': auth['name']
}
if email:
user_infos['email'] = email
user = create_user(**user_infos)
if apex_settings('create_openid_after'):
openid_after = get_module(
apex_settings('create_openid_after'))
request = openid_after().after_signup(request, user)
if apex_settings('openid_required'):
openid_required = False
for required in apex_settings('openid_required').split(','):
if not getattr(user, required):
openid_required = True
if openid_required:
request.session['id'] = user.id
return HTTPFound(location='%s?came_from=%s' % \
(route_url('apex_openid_required', request), \
request.GET.get('came_from', \
route_url(apex_settings('came_from_route'), request))))
using_ldap = 'ldap' in [
a.get('domain', '')
for a in auth.get("profile", {}).get("accounts", [])
]
external_user = True
internal_user = using_ldap
headers = apex_remember(request,
user.id,
internal_user=internal_user,
external_user=external_user)
redir = request.GET.get('came_from', \
route_url(apex_settings('came_from_route'), request))
flash(_('Successfully Logged in, welcome!'), 'success')
else:
auth = get_velruse_token(token)
reasont = ''
if auth.get('code', None):
reasont += 'Code %s : ' % auth['code']
if auth.get('description', ''):
reasont += _(auth['description'])
if reasont:
reason = reasont
login_failed = True
if login_failed:
flash(reason)
return HTTPFound(location=redir, headers=headers)
def validate_email(form, field):
if AuthUser.get_by_email(field.data) is None:
raise validators.ValidationError(
_('Sorry that email doesn\'t exist.'))
def log_in_success(self, form):
request = self.request
user = (AuthUser.get_by_login(form['username'])
or AuthUser.get_by_email(form['username']))
headers = remember(request, user.auth_id)
return HTTPSeeOther(headers=headers, location=get_came_from(request))
def user(self):
user = None
if authenticated_userid(self):
user = AuthUser.get_by_id(authenticated_userid(self))
return user
def user(self):
user = None
if authenticated_userid(self):
user = AuthUser.get_by_id(authenticated_userid(self))
return user
def validate_username(form, field):
if AuthUser.get_by_username(field.data) is None:
raise validators.ValidationError(_("Sorry that username doesn't exist."))
def validate_old_password(form, field):
request = get_current_request()
if not AuthUser.check_password(id=authenticated_userid(request), \
password=field.data):
raise validators.ValidationError(
_('Your old password doesn\'t match'))
def clean(self):
errors = []
if not AuthUser.check_password(login=self.data.get('login'), \
password=self.data.get('password')):
errors.append(_('Login Error -- please try again'))
return errors
def validate_email(form, field):
if AuthUser.get_by_email(field.data) is None:
raise validators.ValidationError(_('Sorry that email doesn\'t exist.'))
def validate_login(form, field):
if AuthUser.get_by_login(field.data) is None:
raise validators.ValidationError(
_('Sorry that username doesn\'t exist.'))
def validate_old_password(form, field):
request = get_current_request()
if not AuthUser.check_password(id=authenticated_userid(request), \
password=field.data):
raise validators.ValidationError(_('Your old password doesn\'t match'))
def validate_email(form, field):
if AuthUser.get_by_email(field.data) is not None:
raise validators.ValidationError(_('Sorry that email already exists.'))
def validate_login(form, field):
if AuthUser.get_by_login(field.data) is None:
raise validators.ValidationError(_('Sorry that username doesn\'t exist.'))
def register_validator(node, kw):
used = AuthUser.get_by_login(kw['username'])
used = used or AuthUser.get_by_email(kw['email'])
if used:
raise Invalid(node, "That username or email is taken.")
