def log_in_success(self, form): request = self.request user = ( AuthUser.get_by_login(form['username']) or AuthUser.get_by_email(form['username']) ) headers = remember(request, user.auth_id) return HTTPSeeOther(headers=headers, location=get_came_from(request))
def search_user(username): user = None if '@' in username: user = AuthUser.get_by_email(username) if not user: user = AuthUser.get_by_username(username) if not user: user = AuthUser.get_by_login(username) return user
def register_validator(node, kw): """Validate a username and password.""" valid = False if "password" in kw: if kw["password"] != kw.get("password2", None): raise Invalid(node, "Passwords should match!") used = AuthUser.get_by_login(kw["username"]) used = used or AuthUser.get_by_email(kw["email"]) if used: raise Invalid(node, "That username or email is taken.")
def apex_callback(request): """ apex_callback(request): no return value, called with route_url('apex_callback', request) This is the URL that Velruse returns an OpenID request to """ redir = request.GET.get('came_from', \ route_url(apex_settings('came_from_route'), request)) headers = [] if 'token' in request.POST: auth = apexid_from_token(request.POST['token']) if auth: user = AuthUser.get_by_login(auth['id']) if not user: auth_info = auth['profile']['accounts'][0] id = AuthID() DBSession.add(id) user = AuthUser( login=auth_info['userid'], provider=auth_info['domain'], ) if auth['profile'].has_key('verifiedEmail'): user.email = auth['profile']['verifiedEmail'] id.users.append(user) if apex_settings('default_user_group'): for name in apex_settings('default_user_group'). \ split(','): group = DBSession.query(AuthGroup). \ filter(AuthGroup.name==name.strip()).one() id.groups.append(group) if apex_settings('create_openid_after'): openid_after = get_module(apex_settings('create_openid_after')) openid_after().after_signup(user) DBSession.flush() if apex_settings('openid_required'): openid_required = False for required in apex_settings('openid_required').split(','): if not getattr(user, required): openid_required = True if openid_required: request.session['id'] = id.id request.session['userid'] = user.id return HTTPFound(location='%s?came_from=%s' % \ (route_url('apex_openid_required', request), \ request.GET.get('came_from', \ route_url(apex_settings('came_from_route'), request)))) headers = apex_remember(request, user) redir = request.GET.get('came_from', \ route_url(apex_settings('came_from_route'), request)) flash(_('Successfully Logged in, welcome!'), 'success') return HTTPFound(location=redir, headers=headers)
def create_public_workspace(registry=None): project_name = PUBLIC_PROJECT_NAME username = PUBLIC_PROJECT_USERNAME project_desc = "%s description" % project_name user_public_email = "%s@internal" % username # imports here for circular import references from apex.models import create_user, AuthUser from mobyle2.core.models.user import User import transaction ausr = AuthUser.get_by_login(username) modified = False if ausr is None: kwargs = {"email": user_public_email, "username": username, "login": username} if registry: kwargs["registry"] = registry ausr = create_user(**kwargs) else: ausr.username = username ausr.email = user_public_email ausr.login = username modified = True # running mobyle2 __init__ recreate default project if deleted # only after we are sure user is created usr = User.by_id(ausr.id) if modified: transaction.commit()
def login_validator(node, kw): """Validate a username and password.""" valid = False if "username" in kw: valid = AuthUser.check_password(login=kw["username"], password=kw["password"]) if not valid: raise Invalid(node, "Your username or password is incorrect.")
def groupfinder(userid, request): """ Returns ACL formatted list of groups for the userid in the current request """ auth = AuthUser.get_by_id(userid) if auth: return [('group:%s' % group.name) for group in auth.groups]
def edit(request): """ edit(request) no return value, called with route_url('apex_edit', request) This function will only work if you have set apex.auth_profile. This is a very simple edit function it works off your auth_profile class, all columns inside your auth_profile class will be rendered. """ title = _('Edit') ProfileForm = model_form( model=get_module(apex_settings('auth_profile')), base_class=ExtendedForm, exclude=('id', 'user_id'), ) record = AuthUser.get_profile(request) form = ProfileForm(obj=record) if request.method == 'POST' and form.validate(): record = merge_session_with_post(record, request.POST.items()) DBSession.merge(record) DBSession.flush() flash(_('Profile Updated')) return HTTPFound(location=request.url) return {'title': title, 'form': form, 'action': 'edit'}
def activate(request): """ """ user_id = request.matchdict.get('user_id') user = AuthUser.get_by_id(user_id) submitted_hmac = request.matchdict.get('hmac') current_time = time.time() time_key = int(base64.b64decode(submitted_hmac[10:])) if current_time < time_key: hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \ apex_settings('auth_secret'), time_key), \ user.email).hexdigest()[0:10] if hmac_key == submitted_hmac[0:10]: user.active = 'Y' DBSession.merge(user) DBSession.flush() flash(_('Account activated. Please log in.')) activated_route = apex_settings('activated_route') if not activated_route: activated_route = 'apex_login' return HTTPFound(location=route_url(activated_route, request)) flash(_('Invalid request, please try again')) return HTTPFound(location=route_url(apex_settings('came_from_route'), \ request))
def login(request): """ login(request) No return value Function called from route_url('apex_login', request) """ title = _('You need to login') came_from = get_came_from(request) if not apex_settings('exclude_local'): if asbool(apex_settings('use_recaptcha_on_login')): if apex_settings('recaptcha_public_key') and apex_settings('recaptcha_private_key'): LoginForm.captcha = RecaptchaField( public_key=apex_settings('recaptcha_public_key'), private_key=apex_settings('recaptcha_private_key'), ) form = LoginForm(request.POST, captcha={'ip_address': request.environ['REMOTE_ADDR']}) else: form = LoginForm(request.POST) else: form = None velruse_forms = generate_velruse_forms(request, came_from) if request.method == 'POST' and form.validate(): user = AuthUser.get_by_login(form.data.get('login')) if user: headers = apex_remember(request, user) return HTTPFound(location=came_from, headers=headers) return {'title': title, 'form': form, 'velruse_forms': velruse_forms, \ 'form_url': request.route_url('apex_login'), 'action': 'login'}
def forgot_password(request): """ forgot_password(request): no return value, called with route_url('apex_forgot_password', request) """ title = _('Forgot my password') if asbool(apex_settings('use_recaptcha_on_forgot')): if apex_settings('recaptcha_public_key') and apex_settings( 'recaptcha_private_key'): ForgotForm.captcha = RecaptchaField( public_key=apex_settings('recaptcha_public_key'), private_key=apex_settings('recaptcha_private_key'), ) form = ForgotForm(request.POST, \ captcha={'ip_address': request.environ['REMOTE_ADDR']}) if request.method == 'POST' and form.validate(): """ Special condition - if email imported from OpenID/Auth, we can direct the person to the appropriate login through a flash message. """ if form.data['email']: user = AuthUser.get_by_email(form.data['email']) if user.provider != 'local': provider_name = user.provider flash(_('You used %s as your login provider' % \ provider_name)) return HTTPFound(location=route_url('apex_login', \ request)) if form.data['login']: user = AuthUser.get_by_login(form.data['login']) if user: timestamp = time.time() + 3600 hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \ apex_settings('auth_secret'), timestamp), \ user.email).hexdigest()[0:10] time_key = base64.urlsafe_b64encode('%d' % timestamp) email_hash = '%s%s' % (hmac_key, time_key) apex_email_forgot(request, user.id, user.email, email_hash) flash(_('Password Reset email sent.')) return HTTPFound(location=route_url('apex_login', \ request)) flash(_('An error occurred, please contact the support team.')) return {'title': title, 'form': form, 'action': 'forgot'}
def forgot_password(request): """ forgot_password(request): no return value, called with route_url('apex_forgot_password', request) """ title = _('Forgot my password') if asbool(apex_settings('use_recaptcha_on_forgot')): if apex_settings('recaptcha_public_key') and \ apex_settings('recaptcha_private_key'): ForgotForm.captcha = RecaptchaField( public_key=apex_settings('recaptcha_public_key'), private_key=apex_settings('recaptcha_private_key'), ) form = ForgotForm(request.POST, \ captcha={'ip_address': request.environ['REMOTE_ADDR']}) if request.method == 'POST' and form.validate(): """ Special condition - if email imported from OpenID/Auth, we can direct the person to the appropriate login through a flash message. """ if form.data['email']: user = AuthUser.get_by_email(form.data['email']) if user.provider != 'local': provider_name = user.provider flash(_('You used %s as your login provider' % \ provider_name)) return HTTPFound(location=route_url('apex_login', \ request)) if form.data['login']: user = AuthUser.get_by_login(form.data['login']) if user: timestamp = time.time()+3600 hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \ apex_settings('auth_secret'), timestamp), \ user.email).hexdigest()[0:10] time_key = base64.urlsafe_b64encode('%d' % timestamp) email_hash = '%s%s' % (hmac_key, time_key) apex_email_forgot(request, user.id, user.email, email_hash) flash(_('Password Reset email sent.')) return HTTPFound(location=route_url('apex_login', \ request)) flash(_('An error occurred, please contact the support team.')) return {'title': title, 'form': form, 'action': 'forgot'}
def callback(request): user = None profile = request.context.profile if 'id' not in request.session: user = AuthUser.get_by_login(profile['preferredUsername']) if not user: if 'id' in request.session: auth_id = AuthID.get_by_id(request.session['id']) else: auth_id = AuthID() DBSession.add(auth_id) user = AuthUser( login=profile['preferredUsername'], provider=request.context.provider_name, ) if 'verifiedEmail' in profile: user.email = profile['verifiedEmail'] if 'displayName' in profile: user.display_name = profile['displayName'] # TODO: This may not be unique, handle the error here. auth_id.users.append(user) DBSession.add(user) DBSession.flush() if apex_settings('default_user_group'): for name in apex_settings('default_user_group'). \ split(','): group = DBSession.query(AuthGroup). \ filter(AuthGroup.name == name.strip()).one() auth_id.groups.append(group) if apex_settings('create_openid_after'): openid_after = get_module(apex_settings('create_openid_after')) openid_after().after_signup(request=request, user=user) DBSession.flush() headers = apex_remember(request, user) redir = request.GET.get( 'came_from', request.route_path( apex_settings('came_from_route') ) ) flash(_('Successfully Logged in, welcome!'), 'success') return HTTPFound(location=redir, headers=headers)
def create_user(**kwargs): """ from apex.lib.libapex import create_user create_user(username='******', password='******', active='Y') Optional Parameters: display_name group Returns: AuthID object """ auth_id = AuthID(active=kwargs.get('active', 'Y')) user = AuthUser(login=kwargs['username'], password=kwargs['password'], active=kwargs.get('active', 'Y')) if 'display_name' in kwargs: user.display_name = kwargs['display_name'] del kwargs['display_name'] auth_id.users.append(user) if 'group' in kwargs: try: group = DBSession.query(AuthGroup).filter( AuthGroup.name == kwargs['group'] ).one() auth_id.groups.append(group) except NoResultFound: pass del kwargs['group'] for key, value in kwargs.items(): setattr(user, key, value) DBSession.add(auth_id) DBSession.add(user) DBSession.flush() return user
def login_validator(node, kw): """Validate a username and password.""" valid = False if 'username' in kw: kwargs = { 'login': kw['username'], 'password': kw['password'], } valid = AuthUser.check_password(**kwargs) # XXX: extend apex to get user by login or email if not valid: user = AuthUser.get_by_email(kw['username']) if user: del kwargs['login'] kwargs['id'] = user.id valid = AuthUser.check_password(**kwargs) if not valid: raise Invalid( node, "Your username or password is incorrect." )
def create_user(self, auth_id, login): id = DBSession.query(AuthID).filter(AuthID.id == auth_id).one() user = AuthUser( login=login, password=self.data['password'], email=self.data['email'], ) id.users.append(user) DBSession.add(user) DBSession.flush() return user
def sign_up_success(self, form): request = self.request db = request.db id = AuthID() db.add(id) user = AuthUser(login=form['username'], password=form['password'], email=form['email']) id.users.append(user) db.add(user) db.flush() headers = remember(request, user.auth_id) return HTTPSeeOther(headers=headers, location=get_came_from(request))
def create_user(self, username): user = AuthUser( username=username, password=self.data['password'], email=self.data['email'], ) DBSession.add(user) settings = get_current_registry().settings if settings.has_key('apex.default_user_group'): group = DBSession.query(AuthGroup). \ filter(AuthGroup.name==settings['apex.default_user_group']).one() user.groups.append(group) DBSession.flush() return user
def change_password(request): """ change_password(request): no return value, called with route_url('apex_change_password', request) """ title = _('Change your Password') came_from = get_came_from(request) form = ChangePasswordForm(request.POST) if request.method == 'POST' and form.validate(): user = AuthUser.get_by_id(authenticated_userid(request)) user.password = form.data['password'] DBSession.merge(user) DBSession.flush() return HTTPFound(location=came_from) return {'title': title, 'form': form, 'action': 'changepass'}
def create_user(**kwargs): """ :: from apex.lib.libapex import create_user create_user(username='******', password='******', active='Y') Optional Parameters: display_name group Returns: AuthID object """ auth_id = AuthID(active=kwargs.get('active', 'Y')) if 'display_name' in kwargs: auth_id.display_name = kwargs['display_name'] del kwargs['display_name'] user = AuthUser(login=kwargs['username'], password=kwargs['password'], \ active=kwargs.get('active', 'Y')) auth_id.users.append(user) if 'group' in kwargs: try: group = DBSession.query(AuthGroup). \ filter(AuthGroup.name==kwargs['group']).one() auth_id.groups.append(group) except NoResultFound: pass del kwargs['group'] for key, value in kwargs.items(): setattr(user, key, value) DBSession.add(auth_id) DBSession.add(user) DBSession.flush() return user
def login(request): """ login(request) No return value Function called from route_url('apex_login', request) """ title = _('You need to login') came_from = get_came_from(request) if apex_settings('login_form_class'): LoginForm = get_module(apex_settings('login_form_class')) else: from apex.forms import LoginForm if not apex_settings('exclude_local'): if asbool(apex_settings('use_recaptcha_on_login')): if apex_settings('recaptcha_public_key') and \ apex_settings('recaptcha_private_key'): LoginForm.captcha = RecaptchaField( public_key=apex_settings('recaptcha_public_key'), private_key=apex_settings('recaptcha_private_key'), ) form = LoginForm(request.POST, captcha={'ip_address': \ request.environ['REMOTE_ADDR']}) else: form = LoginForm(request.POST) else: form = None velruse_forms = generate_velruse_forms(request, came_from) if request.method == 'POST' and form.validate(): user = AuthUser.get_by_login(form.data.get('login')) if user: headers = apex_remember(request, user, \ max_age=apex_settings('max_cookie_age', None)) return HTTPFound(location=came_from, headers=headers) return {'title': title, 'form': form, 'velruse_forms': velruse_forms, \ 'form_url': request.route_url('apex_login'), 'action': 'login'}
def reset_password(request): """ reset_password(request): no return value, called with route_url('apex_reset_password', request) """ title = _('Reset My Password') if asbool(apex_settings('use_recaptcha_on_reset')): if (apex_settings('recaptcha_public_key') and apex_settings('recaptcha_private_key')): ResetPasswordForm.captcha = RecaptchaField( public_key=apex_settings('recaptcha_public_key'), private_key=apex_settings('recaptcha_private_key'), ) form = ResetPasswordForm(request.POST, captcha={'ip_address': request.environ['REMOTE_ADDR']}) if request.method == 'POST' and form.validate(): user_id = request.matchdict.get('user_id') user = AuthUser.get_by_id(user_id) submitted_hmac = request.matchdict.get('hmac') current_time = int(time.time()) time_key = int(base64.b64decode(submitted_hmac[10:])) if current_time < time_key: hmac_key = get_hmac_key(user, time_key) if hmac_key == submitted_hmac[0:10]: #FIXME reset email, no such attribute email user.password = form.data['password'] DBSession.merge(user) DBSession.flush() flash(_('Password Changed. Please log in.')) return HTTPFound(location=route_url('apex_login', request)) else: flash(_('Invalid request, please try again')) return HTTPFound(location=route_url('apex_forgot', request)) else: flash(_('Change request email expired, please try again')) return HTTPFound(location=route_url('apex_forgot', request)) return {'title': title, 'form': form, 'form_url': request.url, "velruse_forms": None}
def openid_required(request): """ openid_required(request) no return value If apex_settings.openid_required is set, and the ax/sx from the OpenID auth doesn't return the required fields, this is called which builds a dynamic form to ask for the missing inforation. Called on Registration or Login with OpenID Authentication. """ title = _('OpenID Registration') came_from = request.params.get('came_from', route_url(apex_settings('came_from_route'), request)) # This fixes the issue with RegisterForm throwing an UnboundLocalError if apex_settings('openid_register_form_class'): OpenIDRequiredForm = get_module( apex_settings('openid_register_form_class')) else: from apex.forms import OpenIDRequiredForm for required in apex_settings('openid_required').split(','): setattr(OpenIDRequiredForm, required, TextField(required, [validators.Required()])) form = OpenIDRequiredForm(request.POST, captcha={'ip_address': request.environ['REMOTE_ADDR']}) if request.method == 'POST' and form.validate(): """ need to have the AuthUser id that corresponds to the login method. """ user = AuthUser.get_by_id(request.session['userid']) for required in apex_settings('openid_required').split(','): setattr(user, required, form.data[required]) DBSession.merge(user) DBSession.flush() headers = apex_remember(request, user) return HTTPFound(location=came_from, headers=headers) return {'title': title, 'form': form, 'action': 'openid_required'}
def openid_required(request): """ openid_required(request) no return value If apex_settings.openid_required is set, and the ax/sx from the OpenID auth doesn't return the required fields, this is called which builds a dynamic form to ask for the missing information. Called on Registration or Login with OpenID Authentication. """ title = _('OpenID Registration') came_from = request.params.get('came_from', \ route_url(apex_settings('came_from_route'), request)) #This fixes the issue with RegisterForm throwing an UnboundLocalError if apex_settings('openid_register_form_class'): OpenIDRequiredForm = get_module( apex_settings('openid_register_form_class')) else: from apex.forms import OpenIDRequiredForm for required in apex_settings('openid_required').split(','): setattr(OpenIDRequiredForm, required, \ TextField(required, [validators.Required()])) form = OpenIDRequiredForm(request.POST, \ captcha={'ip_address': request.environ['REMOTE_ADDR']}) if request.method == 'POST' and form.validate(): """ need to have the AuthUser id that corresponds to the login method. """ user = AuthUser.get_by_id(request.session['userid']) for required in apex_settings('openid_required').split(','): setattr(user, required, form.data[required]) DBSession.merge(user) DBSession.flush() headers = apex_remember(request, user) return HTTPFound(location=came_from, headers=headers) return {'title': title, 'form': form, 'action': 'openid_required'}
def activate(request): """ """ user_id = request.matchdict.get('user_id') user = AuthUser.get_by_id(user_id) submitted_hmac = request.matchdict.get('hmac') current_time = time.time() time_key = int(base64.b64decode(submitted_hmac[10:])) if current_time < time_key: hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \ apex_settings('auth_secret'), time_key), \ user.email).hexdigest()[0:10] if hmac_key == submitted_hmac[0:10]: user.active = 'Y' DBSession.merge(user) DBSession.flush() flash(_('Account activated. Please log in.')) return HTTPFound(location=route_url('apex_login', \ request)) flash(_('Invalid request, please try again')) return HTTPFound(location=route_url(apex_settings('came_from_route'), \ request))
def reset_password(request): """ reset_password(request): no return value, called with route_url('apex_reset_password', request) """ title = _('Reset My Password') if asbool(apex_settings('use_recaptcha_on_reset')): if apex_settings('recaptcha_public_key') and \ apex_settings('recaptcha_private_key'): ResetPasswordForm.captcha = RecaptchaField( public_key=apex_settings('recaptcha_public_key'), private_key=apex_settings('recaptcha_private_key'), ) form = ResetPasswordForm(request.POST, \ captcha={'ip_address': request.environ['REMOTE_ADDR']}) if request.method == 'POST' and form.validate(): user_id = request.matchdict.get('user_id') user = AuthUser.get_by_id(user_id) submitted_hmac = request.matchdict.get('hmac') current_time = time.time() time_key = int(base64.b64decode(submitted_hmac[10:])) if current_time < time_key: hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \ apex_settings('auth_secret'), time_key), \ user.email).hexdigest()[0:10] if hmac_key == submitted_hmac[0:10]: #FIXME reset email, no such attribute email user.password = form.data['password'] DBSession.merge(user) DBSession.flush() flash(_('Password Changed. Please log in.')) return HTTPFound(location=route_url('apex_login', \ request)) else: flash(_('Invalid request, please try again')) return HTTPFound(location=route_url('apex_forgot', \ request)) return {'title': title, 'form': form, 'action': 'reset'}
def reset_password(request): """ reset_password(request): no return value, called with route_url('apex_reset_password', request) """ title = _('Reset My Password') if asbool(apex_settings('use_recaptcha_on_reset')): if apex_settings('recaptcha_public_key') and apex_settings('recaptcha_private_key'): ResetPasswordForm.captcha = RecaptchaField( public_key=apex_settings('recaptcha_public_key'), private_key=apex_settings('recaptcha_private_key'), ) form = ResetPasswordForm(request.POST, \ captcha={'ip_address': request.environ['REMOTE_ADDR']}) if request.method == 'POST' and form.validate(): user_id = request.matchdict.get('user_id') user = AuthUser.get_by_id(user_id) submitted_hmac = request.matchdict.get('hmac') current_time = time.time() time_key = int(base64.b64decode(submitted_hmac[10:])) if current_time < time_key: hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \ apex_settings('auth_secret'), time_key), \ user.email).hexdigest()[0:10] if hmac_key == submitted_hmac[0:10]: user.password = form.data['password'] DBSession.merge(user) DBSession.flush() flash(_('Password Changed. Please log in.')) return HTTPFound(location=route_url('apex_login', \ request)) else: flash(_('Invalid request, please try again')) return HTTPFound(location=route_url('apex_forgot', \ request)) return {'title': title, 'form': form, 'action': 'reset'}
def clean(self): errors = [] if not AuthUser.check_password(username=self.data.get("username"), password=self.data.get("password")): errors.append(_("Login Error -- please try again")) return errors
def apex_callback(request): """ apex_callback(request): no return value, called with route_url('apex_callback', request) This is the URL that Velruse returns an OpenID request to """ redir = request.GET.get('came_from', route_url(apex_settings('came_from_route'), request)) headers = [] login_failed = True reason = _('Login failed!') if 'token' in request.POST: token = request.POST['token'] auth = apexid_from_token(token) if auth: login_failed = False user, email = None, '' if 'emails' in auth['profile']: emails = auth['profile']['emails'] if isinstance(emails[0], dict): email = auth['profile']['emails'][0]['value'] else: email = auth['profile']['emails'][0] else: email = auth['profile'].get('verifiedEmail', '').strip() # first try by email if email: user = AuthUser.get_by_email(email) # then by id if user is None: user = search_user(auth['apexid']) if not user: user_infos = {'login': auth['apexid'], 'username': auth['name']} if email: user_infos['email'] = email user = create_user(**user_infos) if apex_settings('create_openid_after'): openid_after = get_module(apex_settings('create_openid_after')) request = openid_after().after_signup(request, user) if apex_settings('openid_required'): openid_required = False for required in apex_settings('openid_required').split(','): if not getattr(user, required): openid_required = True if openid_required: request.session['id'] = user.id return HTTPFound(location='%s?came_from=%s' % \ (route_url('apex_openid_required', request), \ request.GET.get('came_from', \ route_url(apex_settings('came_from_route'), request)))) using_ldap = 'ldap' in [a.get('domain', '') for a in auth.get( "profile", {}).get("accounts", [])] external_user = True internal_user = using_ldap headers = apex_remember(request, user.id, internal_user=internal_user, external_user=external_user) redir = request.GET.get('came_from', \ route_url(apex_settings('came_from_route'), request)) flash(_('Successfully Logged in, welcome!'), 'success') else: auth = get_velruse_token(token) reasont = '' if auth.get('code', None): reasont += 'Code %s : ' % auth['code'] if auth.get('description', ''): reasont += _(auth['description']) if reasont: reason = reasont login_failed = True if login_failed: flash(reason) return HTTPFound(location=redir, headers=headers)
def apex_callback(request): """ apex_callback(request): no return value, called with route_url('apex_callback', request) This is the URL that Velruse returns an OpenID request to """ redir = request.GET.get('came_from', \ route_url(apex_settings('came_from_route'), request)) headers = [] if 'token' in request.POST: auth = None try: auth = apex_id_from_token(request) except: # TODO add logging pass if auth: user = None if not request.session.has_key('id'): user = AuthUser.get_by_login(auth['id']) if not user: id = None if request.session.has_key('id'): id = AuthID.get_by_id(request.session['id']) else: id = AuthID() DBSession.add(id) auth_info = auth['profile']['accounts'][0] user = AuthUser( login=auth_info['userid'], provider=auth_info['domain'], ) if auth['profile'].has_key('verifiedEmail'): user.email = auth['profile']['verifiedEmail'] id.users.append(user) if apex_settings('default_user_group'): for name in apex_settings('default_user_group'). \ split(','): group = DBSession.query(AuthGroup). \ filter(AuthGroup.name==name.strip()).one() id.groups.append(group) if apex_settings('create_openid_after'): openid_after = get_module( apex_settings('create_openid_after')) openid_after().after_signup(request=request, user=user) DBSession.flush() if apex_settings('openid_required'): openid_required = False for required in apex_settings('openid_required').split(','): if not getattr(user, required): openid_required = True if openid_required: request.session['id'] = id.id request.session['userid'] = user.id return HTTPFound(location='%s?came_from=%s' % \ (route_url('apex_openid_required', request), \ request.GET.get('came_from', \ route_url(apex_settings('came_from_route'), request)))) headers = apex_remember(request, user) redir = request.GET.get('came_from', \ route_url(apex_settings('came_from_route'), request)) flash(_('Successfully Logged in, welcome!'), 'success') return HTTPFound(location=redir, headers=headers)
def clean(self): errors = [] if not AuthUser.check_password(login=self.data.get('login'), \ password=self.data.get('password')): errors.append(_('Login Error -- please try again')) return errors
def validate_login(form, field): if AuthUser.get_by_login(field.data) is not None: raise validators.ValidationError(_('Sorry that username already exists.'))
def log_in_success(self, form): user = AuthUser.get_by_login(form["username"]) headers = remember(self.request, user.auth_id) return HTTPSeeOther(headers=headers, location=self._came_from)
def validate_login(form, field): if AuthUser.get_by_login(field.data) is not None: raise validators.ValidationError( _('Sorry that username already exists.'))
def apex_callback(request): """ apex_callback(request): no return value, called with route_url('apex_callback', request) This is the URL that Velruse returns an OpenID request to """ redir = request.GET.get( 'came_from', route_url(apex_settings('came_from_route'), request)) headers = [] login_failed = True reason = _('Login failed!') if 'token' in request.POST: token = request.POST['token'] auth = apexid_from_token(token) if auth: login_failed = False user, email = None, '' if 'emails' in auth['profile']: emails = auth['profile']['emails'] if isinstance(emails[0], dict): email = auth['profile']['emails'][0]['value'] else: email = auth['profile']['emails'][0] else: email = auth['profile'].get('verifiedEmail', '').strip() # first try by email if email: user = AuthUser.get_by_email(email) # then by id if user is None: user = search_user(auth['apexid']) if not user: user_infos = { 'login': auth['apexid'], 'username': auth['name'] } if email: user_infos['email'] = email user = create_user(**user_infos) if apex_settings('create_openid_after'): openid_after = get_module( apex_settings('create_openid_after')) request = openid_after().after_signup(request, user) if apex_settings('openid_required'): openid_required = False for required in apex_settings('openid_required').split(','): if not getattr(user, required): openid_required = True if openid_required: request.session['id'] = user.id return HTTPFound(location='%s?came_from=%s' % \ (route_url('apex_openid_required', request), \ request.GET.get('came_from', \ route_url(apex_settings('came_from_route'), request)))) using_ldap = 'ldap' in [ a.get('domain', '') for a in auth.get("profile", {}).get("accounts", []) ] external_user = True internal_user = using_ldap headers = apex_remember(request, user.id, internal_user=internal_user, external_user=external_user) redir = request.GET.get('came_from', \ route_url(apex_settings('came_from_route'), request)) flash(_('Successfully Logged in, welcome!'), 'success') else: auth = get_velruse_token(token) reasont = '' if auth.get('code', None): reasont += 'Code %s : ' % auth['code'] if auth.get('description', ''): reasont += _(auth['description']) if reasont: reason = reasont login_failed = True if login_failed: flash(reason) return HTTPFound(location=redir, headers=headers)
def validate_email(form, field): if AuthUser.get_by_email(field.data) is None: raise validators.ValidationError( _('Sorry that email doesn\'t exist.'))
def log_in_success(self, form): request = self.request user = (AuthUser.get_by_login(form['username']) or AuthUser.get_by_email(form['username'])) headers = remember(request, user.auth_id) return HTTPSeeOther(headers=headers, location=get_came_from(request))
def user(self): user = None if authenticated_userid(self): user = AuthUser.get_by_id(authenticated_userid(self)) return user
def validate_username(form, field): if AuthUser.get_by_username(field.data) is None: raise validators.ValidationError(_("Sorry that username doesn't exist."))
def validate_old_password(form, field): request = get_current_request() if not AuthUser.check_password(id=authenticated_userid(request), \ password=field.data): raise validators.ValidationError( _('Your old password doesn\'t match'))
def validate_email(form, field): if AuthUser.get_by_email(field.data) is None: raise validators.ValidationError(_('Sorry that email doesn\'t exist.'))
def validate_login(form, field): if AuthUser.get_by_login(field.data) is None: raise validators.ValidationError( _('Sorry that username doesn\'t exist.'))
def validate_old_password(form, field): request = get_current_request() if not AuthUser.check_password(id=authenticated_userid(request), \ password=field.data): raise validators.ValidationError(_('Your old password doesn\'t match'))
def validate_email(form, field): if AuthUser.get_by_email(field.data) is not None: raise validators.ValidationError(_('Sorry that email already exists.'))
def validate_login(form, field): if AuthUser.get_by_login(field.data) is None: raise validators.ValidationError(_('Sorry that username doesn\'t exist.'))
def register_validator(node, kw): used = AuthUser.get_by_login(kw['username']) used = used or AuthUser.get_by_email(kw['email']) if used: raise Invalid(node, "That username or email is taken.")