Exemple #1
0
 def log_in_success(self, form):
     request = self.request
     user = (
         AuthUser.get_by_login(form['username']) or
         AuthUser.get_by_email(form['username'])
     )
     headers = remember(request, user.auth_id)
     return HTTPSeeOther(headers=headers, location=get_came_from(request))
Exemple #2
0
def search_user(username):
    user = None
    if '@' in username:
        user = AuthUser.get_by_email(username)
    if not user:
        user = AuthUser.get_by_username(username)
    if not user:
        user = AuthUser.get_by_login(username)
    return user
Exemple #3
0
def search_user(username):
    user = None
    if '@' in username:
        user = AuthUser.get_by_email(username)
    if not user:
        user = AuthUser.get_by_username(username)
    if not user:
        user = AuthUser.get_by_login(username)
    return user
Exemple #4
0
def register_validator(node, kw):
    """Validate a username and password."""
    valid = False
    if "password" in kw:
        if kw["password"] != kw.get("password2", None):
            raise Invalid(node, "Passwords should match!")
    used = AuthUser.get_by_login(kw["username"])
    used = used or AuthUser.get_by_email(kw["email"])
    if used:
        raise Invalid(node, "That username or email is taken.")
Exemple #5
0
def forgot_password(request):
    """ forgot_password(request):
    no return value, called with route_url('apex_forgot_password', request)
    """
    title = _('Forgot my password')

    if asbool(apex_settings('use_recaptcha_on_forgot')):
        if apex_settings('recaptcha_public_key') and apex_settings(
                'recaptcha_private_key'):
            ForgotForm.captcha = RecaptchaField(
                public_key=apex_settings('recaptcha_public_key'),
                private_key=apex_settings('recaptcha_private_key'),
            )
    form = ForgotForm(request.POST, \
               captcha={'ip_address': request.environ['REMOTE_ADDR']})
    if request.method == 'POST' and form.validate():
        """ Special condition - if email imported from OpenID/Auth, we can
            direct the person to the appropriate login through a flash
            message.
        """
        if form.data['email']:
            user = AuthUser.get_by_email(form.data['email'])
            if user.login:
                provider_name = auth_provider.get(user.login[1], 'Unknown')
                flash(_('You used %s as your login provider' % \
                     provider_name))
                return HTTPFound(location=route_url('apex_login', \
                                          request))
        if form.data['username']:
            user = AuthUser.get_by_username(form.data['username'])
        if user:
            timestamp = time.time() + 3600
            hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \
                                apex_settings('auth_secret'), timestamp), \
                                user.email).hexdigest()[0:10]
            time_key = base64.urlsafe_b64encode('%d' % timestamp)
            email_hash = '%s%s' % (hmac_key, time_key)
            apex_email_forgot(request, user.id, user.email, email_hash)
            flash(_('Password Reset email sent.'))
            return HTTPFound(location=route_url('apex_login', \
                                                request))
        flash(_('An error occurred, please contact the support team.'))
    return {'title': title, 'form': form, 'action': 'forgot'}
Exemple #6
0
def forgot_password(request):
    """ forgot_password(request):
    no return value, called with route_url('apex_forgot_password', request)
    """
    title = _('Forgot my password')

    if asbool(apex_settings('use_recaptcha_on_forgot')):
        if apex_settings('recaptcha_public_key') and \
            apex_settings('recaptcha_private_key'):
            ForgotForm.captcha = RecaptchaField(
                public_key=apex_settings('recaptcha_public_key'),
                private_key=apex_settings('recaptcha_private_key'),
            )
    form = ForgotForm(request.POST, \
               captcha={'ip_address': request.environ['REMOTE_ADDR']})
    if request.method == 'POST' and form.validate():
        """ Special condition - if email imported from OpenID/Auth, we can
            direct the person to the appropriate login through a flash
            message.
        """
        if form.data['email']:
            user = AuthUser.get_by_email(form.data['email'])
            if user.provider != 'local':
                provider_name = user.provider
                flash(_('You used %s as your login provider' % \
                     provider_name))
                return HTTPFound(location=route_url('apex_login', \
                                          request))
        if form.data['login']:
            user = AuthUser.get_by_login(form.data['login'])
        if user:
            timestamp = time.time()+3600
            hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \
                                apex_settings('auth_secret'), timestamp), \
                                user.email).hexdigest()[0:10]
            time_key = base64.urlsafe_b64encode('%d' % timestamp)
            email_hash = '%s%s' % (hmac_key, time_key)
            apex_email_forgot(request, user.id, user.email, email_hash)
            flash(_('Password Reset email sent.'))
            return HTTPFound(location=route_url('apex_login', \
                                                request))
        flash(_('An error occurred, please contact the support team.'))
    return {'title': title, 'form': form, 'action': 'forgot'}
Exemple #7
0
def login_validator(node, kw):
    """Validate a username and password."""
    valid = False
    if 'username' in kw:
        kwargs = {
            'login': kw['username'],
            'password': kw['password'],
        }
        valid = AuthUser.check_password(**kwargs)
        # XXX: extend apex to get user by login or email
        if not valid:
            user = AuthUser.get_by_email(kw['username'])
            if user:
                del kwargs['login']
                kwargs['id'] = user.id
                valid = AuthUser.check_password(**kwargs)
    if not valid:
        raise Invalid(
            node,
            "Your username or password is incorrect."
        )
Exemple #8
0
 def validate_email(form, field):
     if AuthUser.get_by_email(field.data) is None:
         raise validators.ValidationError(_('Sorry that email doesn\'t exist.'))
Exemple #9
0
def apex_callback(request):
    """ apex_callback(request):
    no return value, called with route_url('apex_callback', request)

    This is the URL that Velruse returns an OpenID request to
    """
    redir = request.GET.get('came_from',
                route_url(apex_settings('came_from_route'), request))
    headers = []
    login_failed = True
    reason = _('Login failed!')
    if 'token' in request.POST:
        token = request.POST['token']
        auth = apexid_from_token(token)
        if auth:
            login_failed = False
            user, email = None, ''
            if 'emails' in  auth['profile']:
                emails = auth['profile']['emails']
                if isinstance(emails[0], dict):
                    email = auth['profile']['emails'][0]['value']
                else:
                    email = auth['profile']['emails'][0]
            else:
                email = auth['profile'].get('verifiedEmail', '').strip()
            # first try by email
            if email:
                user = AuthUser.get_by_email(email)
            # then by id
            if user is None:
                user = search_user(auth['apexid'])
            if not user:
                user_infos = {'login': auth['apexid'], 'username': auth['name']}
                if email:
                    user_infos['email'] = email
                user = create_user(**user_infos)
                if apex_settings('create_openid_after'):
                    openid_after = get_module(apex_settings('create_openid_after'))
                    request = openid_after().after_signup(request, user)
            if apex_settings('openid_required'):
                openid_required = False
                for required in apex_settings('openid_required').split(','):
                    if not getattr(user, required):
                        openid_required = True
                if openid_required:
                    request.session['id'] = user.id
                    return HTTPFound(location='%s?came_from=%s' % \
                        (route_url('apex_openid_required', request), \
                        request.GET.get('came_from', \
                        route_url(apex_settings('came_from_route'), request))))
            using_ldap = 'ldap' in [a.get('domain', '') 
                                    for a in auth.get(
                                        "profile", {}).get("accounts", [])]
            external_user = True
            internal_user = using_ldap
            headers = apex_remember(request, user.id, 
                                    internal_user=internal_user, 
                                    external_user=external_user)
            redir = request.GET.get('came_from', \
                        route_url(apex_settings('came_from_route'), request))
            flash(_('Successfully Logged in, welcome!'), 'success')
        else:
            auth = get_velruse_token(token)
            reasont = ''
            if auth.get('code', None):
                reasont += 'Code %s : ' % auth['code']
            if auth.get('description', ''):
                reasont += _(auth['description'])
            if reasont:
                reason = reasont
            login_failed = True
    if login_failed:
        flash(reason)
    return HTTPFound(location=redir, headers=headers)
Exemple #10
0
 def validate_email(form, field):
     if AuthUser.get_by_email(field.data) is None:
         raise validators.ValidationError(
             _('Sorry that email doesn\'t exist.'))
Exemple #11
0
def register_validator(node, kw):
    used = AuthUser.get_by_login(kw['username'])
    used = used or AuthUser.get_by_email(kw['email'])
    if used:
        raise Invalid(node, "That username or email is taken.")
Exemple #12
0
 def log_in_success(self, form):
     request = self.request
     user = (AuthUser.get_by_login(form['username'])
             or AuthUser.get_by_email(form['username']))
     headers = remember(request, user.auth_id)
     return HTTPSeeOther(headers=headers, location=get_came_from(request))
Exemple #13
0
def apex_callback(request):
    """ apex_callback(request):
    no return value, called with route_url('apex_callback', request)

    This is the URL that Velruse returns an OpenID request to
    """
    redir = request.GET.get(
        'came_from', route_url(apex_settings('came_from_route'), request))
    headers = []
    login_failed = True
    reason = _('Login failed!')
    if 'token' in request.POST:
        token = request.POST['token']
        auth = apexid_from_token(token)
        if auth:
            login_failed = False
            user, email = None, ''
            if 'emails' in auth['profile']:
                emails = auth['profile']['emails']
                if isinstance(emails[0], dict):
                    email = auth['profile']['emails'][0]['value']
                else:
                    email = auth['profile']['emails'][0]
            else:
                email = auth['profile'].get('verifiedEmail', '').strip()
            # first try by email
            if email:
                user = AuthUser.get_by_email(email)
            # then by id
            if user is None:
                user = search_user(auth['apexid'])
            if not user:
                user_infos = {
                    'login': auth['apexid'],
                    'username': auth['name']
                }
                if email:
                    user_infos['email'] = email
                user = create_user(**user_infos)
                if apex_settings('create_openid_after'):
                    openid_after = get_module(
                        apex_settings('create_openid_after'))
                    request = openid_after().after_signup(request, user)
            if apex_settings('openid_required'):
                openid_required = False
                for required in apex_settings('openid_required').split(','):
                    if not getattr(user, required):
                        openid_required = True
                if openid_required:
                    request.session['id'] = user.id
                    return HTTPFound(location='%s?came_from=%s' % \
                        (route_url('apex_openid_required', request), \
                        request.GET.get('came_from', \
                        route_url(apex_settings('came_from_route'), request))))
            using_ldap = 'ldap' in [
                a.get('domain', '')
                for a in auth.get("profile", {}).get("accounts", [])
            ]
            external_user = True
            internal_user = using_ldap
            headers = apex_remember(request,
                                    user.id,
                                    internal_user=internal_user,
                                    external_user=external_user)
            redir = request.GET.get('came_from', \
                        route_url(apex_settings('came_from_route'), request))
            flash(_('Successfully Logged in, welcome!'), 'success')
        else:
            auth = get_velruse_token(token)
            reasont = ''
            if auth.get('code', None):
                reasont += 'Code %s : ' % auth['code']
            if auth.get('description', ''):
                reasont += _(auth['description'])
            if reasont:
                reason = reasont
            login_failed = True
    if login_failed:
        flash(reason)
    return HTTPFound(location=redir, headers=headers)
Exemple #14
0
 def validate_email(form, field):
     if AuthUser.get_by_email(field.data) is not None:
         raise validators.ValidationError(_('Sorry that email already exists.'))