def do_put(request, *args, **kwargs): """ Save e-mail message :param sender: user who sends a mail, string, True :param receiver: user who receive a mail, string, True :param message: message to send, string, True :return: 200, OK :return: 404, notice """ log = request.log _db = get_db() dbc = _db.cursor() try: sender = request.get_argument('sender') receiver = request.get_argument('receiver') emessage = request.get_argument('message') except tornado.web.MissingArgumentError: log.critical('Missing argument') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) q = get_mail_query(sender, receiver, emessage) from MySQLdb import IntegrityError try: dbc.execute(q) except IntegrityError as e: log.critical('Inserting mail queue: {}'.format(e)) return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE) _db.commit() return base_common.msg.post_ok()
def do_post(request, *args, **kwargs): """ User logout :param Auth: authorization token in header, string, True :return: 200, OK :return: 400 """ log = request.log _db = get_db() dbc = _db.cursor() tk = request.auth_token q = "select username from users u join session_token t on u.id = t.id_user where t.id = '{}'".format( qu_esc(tk)) dbc.execute(q) if dbc.rowcount != 1: log.critical('Users {} found'.format(dbc.rowcount)) return base_common.msg.error(msgs.USER_NOT_FOUND) db_user = dbc.fetchone() user = {'username': db_user['username']} return base_common.msg.post_ok(user)
def do_post(request, *args, **kwargs): """ User logout :param Auth: authorization token in header, string, True :return: 200, OK :return: 400 """ log = request.log _db = get_db() dbc = _db.cursor() tk = request.auth_token q = "select username from users u join session_token t on u.id = t.id_user where t.id = '{}'".format(qu_esc(tk)) dbc.execute(q) if dbc.rowcount != 1: log.critical('Users {} found'.format(dbc.rowcount)) return base_common.msg.error(msgs.USER_NOT_FOUND) db_user = dbc.fetchone() user = {'username': db_user['username']} return base_common.msg.post_ok(user)
def sequencer(): global _sequencer if not _sequencer or not _sequencer.check_db(): _sequencer = SequencerFactory(dbacommon.get_db()) return _sequencer
def do_get(request, *args, **kwargs): """ Get user data :param Auth: authorization token in header, string, True :param username: requested user username, string, True :return: 200, OK :return: 400 """ log = request.log _db = get_db() dbc = _db.cursor() username = request.get_argument('username', default='') username = qu_esc(username) q = "select id, username from users where username = '******'".format(username) dbc.execute(q) if dbc.rowcount != 1: log.critical('Users {} found'.format(dbc.rowcount)) return base_common.msg.error(amsgs.USER_NOT_FOUND) db_user = dbc.fetchone() user = {'uid': db_user['id'], 'username': db_user['username']} return base_common.msg.post_ok(user)
def do_put(email,project, **kwargs): """ Save email from subscriber """ _db = get_db() dbc = _db.cursor() query = "SELECT id FROM subscribers WHERE email='{}'".format(email) try: dbc.execute(query) except IntegrityError as e: return base_common.msg.error(msgs.EXECUTE_QUERY_ERROR) if dbc.rowcount != 0: return base_common.msg.error(amsgs.ALREADY_EXIST) id = sequencer().new('b') query = "INSERT INTO subscribers (id,id_project, email, project) VALUES('{}','{}','{}','{}')".format(id, 1, email, project) print(query) try: dbc.execute(query) except IntegrityError as e: return base_common.msg.error(msgs.EXECUTE_QUERY_ERROR) _db.commit() return base_common.msg.put_ok()
def do_post(**kwargs): """ Check if user is logged """ _db = get_db() tk = kwargs['auth_token'] from base_common.dbatokens import get_user_by_token dbuser = get_user_by_token(_db, tk) d = dbuser.dump_user() d['token'] = tk if hasattr(apphooks, 'extend_user_check'): _extend_res = apphooks.extend_user_check(dbuser) if _extend_res == False: log.critical('Error user check extending') return base_common.msg.error(msgs.ERROR_POST_CHECK) if isinstance(_extend_res, dict): d.update(_extend_res) apphooks.action_log_hook(dbuser.id_user, kwargs['r_ip'], 'check', 'user {} successfuly checked status'.format(dbuser.username)) return base_common.msg.post_ok(d)
def do_put(request, *args, **kwargs): """ Save hash for give parameters :param hash_data: data for storing, string, True :return: 202, Data hash :return: 404, Missing argument """ log = request.log _db = get_db() dbc = _db.cursor() import tornado.web try: hdata = request.get_argument('data') except tornado.web.MissingArgumentError: log.critical('Missing data argument for hash2param') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) h_id = sequencer().new('h') h2p = prepare_hash2params_query(h_id, hdata) try: dbc.execute(h2p) except IntegrityError as e: log.critical('Insert hash for data: {}'.format(e)) return base_common.msg.error('Save data hash') _db.commit() return base_common.msg.post_ok({'h': h_id})
def get_option(option_name, **kwargs): """ Get option from database """ _db = get_db() dbc = _db.cursor() q = '''SELECT o_value FROM options where o_key = '{}' '''.format(option_name) try: dbc.execute(q) except IntegrityError as e: log.critical('Error getting option {}: {}'.format(option_name, e)) return base_common.msg.error(msgs.ERROR_GET_OPTION) if dbc.rowcount != 1: log.warning('Found {} options {}'.format(dbc.rowcount, option_name)) return base_common.msg.error(msgs.OPTION_NOT_EXIST) _dbr = dbc.fetchone() _dbrk = _dbr['o_value'] res = {} res[option_name] = _dbrk return base_common.msg.get_ok(res)
def save_email(sender, sender_name, receiver, receiver_name, subject, emessage, _get_id, data, db=None, **kwargs): if not db: _db = get_db() else: _db = db dbc = _db.cursor() rdb = get_redis_db() if sender_name is None: sender_name = sender if receiver_name is None: receiver_name = receiver from MySQLdb import IntegrityError try: dbc.execute( 'insert into mail_queue (id, sender, sender_name, receiver, receiver_name, time_created, subject, message, data) values (%s,%s,%s,%s,%s,now(),%s,%s,%s)', (None, sender, sender_name, receiver, receiver_name, subject, emessage, data)) # print (dbc._last_executed) except IntegrityError as e: log.critical('Inserting mail queue: {}'.format(e)) return False, msgs.CANNOT_SAVE_MESSAGE, None _db.commit() m_id = dbc.lastrowid r_data = { 'id': m_id, 'sender': sender, 'sender_name': sender_name, 'receiver': receiver, 'receiver_name': receiver_name, 'subject': subject, 'message': emessage } r_data = json.dumps(r_data, ensure_ascii=False) from config import send_mail_config __SVC_PORT = send_mail_config.SVC_PORT rdb.lpush("{} {}".format(MAIL_CHANNEL, __SVC_PORT), r_data) if _get_id: return True, None, m_id return True, None, None
def sequencer(): global _sequencer if not _sequencer: _sequencer = SequencerFactory(dbacommon.get_db()) return _sequencer
def set_option(option_name, option_value, **kwargs): """ Set option in database """ _db = get_db() dbc = _db.cursor() q = '''INSERT into options (o_key, o_value) VALUES ('{}', '{}')'''.format(option_name, option_value) _update = False if _key_exists(_db, option_name): q = '''UPDATE options set o_value = '{}' where o_key = '{}' '''.format(option_value, option_name) _update = True try: dbc.execute(q) except IntegrityError as e: log.critical('Error {} option {} with {}: {}'.format( 'update' if _update else 'insert', option_name, option_value, e)) return base_common.msg.error(msgs.ERROR_SET_OPTION) _db.commit() return base_common.msg.put_ok()
def sequencer(db=None): global _sequencer if not _sequencer or not _sequencer.check_db(): if db: _sequencer = SequencerFactory(db) else: _sequencer = SequencerFactory(dbacommon.get_db()) return _sequencer
def sequencer(db = None): global _sequencer if not _sequencer or not _sequencer.check_db(): if db: _sequencer = SequencerFactory(db) else: _sequencer = SequencerFactory(dbacommon.get_db()) return _sequencer
def do_get(request, *args, **kwargs): """ Get data for given hash :param hash: data hash, string, True :return: 202, Data :return: 404, Missing argument """ log = request.log _db = get_db() dbc = _db.cursor() try: h = request.get_argument('hash') except tornado.web.MissingArgumentError as e: log.critical('Missing hash argument') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) get_data_q = prepare_get_query(h) try: dbc.execute(get_data_q) except IntegrityError as e: log.critical('Retrieve data for hash: {}'.format(e)) return base_common.msg.error('Retrieve hash data') if dbc.rowcount != 1: log.warning('Found {} hashes'.format(dbc.rowcount)) return base_common.msg.error('No data found for given hash') dbd = dbc.fetchone() d = dbd['data'] did = dbd['id'] d_last_accessed = dbd['last_access'] if d_last_accessed: log.warning('New access to {}'.format(h)) if not log_hash_access(_db, did, request.r_ip, log): log.warning("Error save hash access log") return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN) try: d = json.loads(d) except Exception as e: log.warning('Load hash data: {}'.format(e)) if not log_hash_access(_db, did, request.r_ip, log): log.warning("Error save hash access log") return base_common.msg.get_ok(d)
def do_post(username, password, users_data, **kwargs): """ Register user account """ _db = get_db() dbc = _db.cursor() username = username.lower() if check_user_registered(dbc, username): return base_common.msg.error(msgs.USERNAME_ALREADY_TAKEN) if base_config.settings.STRONG_PASSWORD: result, server_message = apphooks.check_password_is_valid(username, password, users_data, **kwargs) if not result: return base_common.msg.error(server_message) u_id = sequencer().new('u') if not u_id: return base_common.msg.error(msgs.ERROR_SERIALIZE_USER) quser = apphooks.prepare_user_query(u_id, username, password, users_data, **kwargs) if not quser: log.critical('Error checking users data and create query') return base_common.msg.error(msgs.ERROR_REGISTER_USER) try: dbc.execute(quser) except IntegrityError as e: log.critical('User registration: {}'.format(e)) return base_common.msg.error(msgs.ERROR_REGISTER_USER) tk = get_token(u_id, dbc) if not tk: return base_common.msg.error('Cannot login user') _db.commit() response = {'token': tk} if users_data and hasattr(apphooks, 'post_register_digest'): post_d = apphooks.post_register_digest(u_id, username, password, users_data, **kwargs) if post_d == False: log.critical('Error user post registration digest') return base_common.msg.error(msgs.ERROR_POST_REGISTRATION) if isinstance(post_d, dict): response.update(post_d) return base_common.msg.put_ok(response)
def do_post(username, password, users_data, **kwargs): """ Register user account """ _db = get_db() dbc = _db.cursor() username = username.lower() if check_user_registered(dbc, username): return base_common.msg.error(msgs.USERNAME_ALREADY_TAKEN) if base_config.settings.STRONG_PASSWORD: result, server_message = apphooks.check_password_is_valid(username, password, users_data, **kwargs) if not result: return base_common.msg.error(server_message) u_id = sequencer().new("u") if not u_id: return base_common.msg.error(msgs.ERROR_SERIALIZE_USER) quser = apphooks.prepare_user_query(u_id, username, password, users_data, **kwargs) if not quser: log.critical("Error checking users data and create query") return base_common.msg.error(msgs.ERROR_REGISTER_USER) try: dbc.execute(quser) except IntegrityError as e: log.critical("User registration: {}".format(e)) return base_common.msg.error(msgs.ERROR_REGISTER_USER) tk = get_token(u_id, dbc) if not tk: return base_common.msg.error("Cannot login user") _db.commit() response = {"token": tk} if users_data and hasattr(apphooks, "post_register_digest"): post_d = apphooks.post_register_digest(u_id, username, password, users_data, **kwargs) if post_d == False: log.critical("Error user post registration digest") return base_common.msg.error(msgs.ERROR_POST_REGISTRATION) if isinstance(post_d, dict): response.update(post_d) return base_common.msg.put_ok(response)
def do_post(newusername, password, **kwargs): """ Change password """ _db = get_db() tk = kwargs['auth_token'] dbuser = get_user_by_token(_db, tk) if not check_password(dbuser.password, dbuser.username, password): log.critical('Wrong users password: {}'.format(password)) return base_common.msg.error(msgs.WRONG_PASSWORD) # SAVE HASH FOR USERNAME CHANGE rh = BaseAPIRequestHandler() data = {'cmd': 'change_username', 'newusername': newusername, 'id_user': dbuser.id_user, 'password': password} rh.set_argument('data', json.dumps(data)) kwargs['request_handler'] = rh res = base_api.hash2params.save_hash.do_put(json.dumps(data), **kwargs) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error('Cannot handle forgot password') h = res['h'] message = _get_email_message(h) # SAVE EMAILS FOR SENDING rh1 = BaseAPIRequestHandler() rh1.set_argument('sender', support_mail) rh1.set_argument('receiver', newusername) rh1.set_argument('message', message) kwargs['request_handler'] = rh1 res = base_api.mail_api.save_mail.do_put(support_mail, newusername, message, **kwargs) if 'http_status' not in res or res['http_status'] != 204: return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE) message2 = _get_email_warning(dbuser.username, newusername) rh2 = BaseAPIRequestHandler() rh2.set_argument('sender', support_mail) rh2.set_argument('receiver', dbuser.username) rh2.set_argument('message', message2) kwargs['request_handler'] = rh2 res = base_api.mail_api.save_mail.do_put(support_mail, dbuser.username, message2, **kwargs) if 'http_status' not in res or res['http_status'] != 204: return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE) return base_common.msg.post_ok(msgs.CHANGE_USERNAME_REQUEST)
def save_email(sender, sender_name, receiver, receiver_name, subject, emessage, _get_id, data, db=None, **kwargs): if not db: _db = get_db() else: _db = db dbc = _db.cursor() rdb = get_redis_db() if sender_name is None: sender_name = sender if receiver_name is None: receiver_name = receiver from MySQLdb import IntegrityError try: dbc.execute('insert into mail_queue (id, sender, sender_name, receiver, receiver_name, time_created, subject, message, data) values (%s,%s,%s,%s,%s,now(),%s,%s,%s)', (None, sender, sender_name, receiver, receiver_name, subject, emessage, data)) # print (dbc._last_executed) except IntegrityError as e: log.critical('Inserting mail queue: {}'.format(e)) return False, msgs.CANNOT_SAVE_MESSAGE, None _db.commit() m_id = dbc.lastrowid r_data = { 'id': m_id, 'sender': sender, 'sender_name': sender_name, 'receiver': receiver, 'receiver_name': receiver_name, 'subject': subject, 'message': emessage } r_data = json.dumps(r_data, ensure_ascii=False) from config import send_mail_config __SVC_PORT = send_mail_config.SVC_PORT rdb.lpush("{} {}".format(MAIL_CHANNEL, __SVC_PORT), r_data) if _get_id: return True, None, m_id return True, None, None
def do_post(request, *args, **kwargs): """ Register user account :param username: users username, string, True :param password: users password, string, True :return: 201, Created :return: 404 """ log = request.log try: username = request.get_argument('username') password = request.get_argument('password') except tornado.web.MissingArgumentError: return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) if len(password) < 3: return base_common.msg.error(msgs.PASSWORD_TO_SHORT) password = format_password(username, password) _db = get_db() dbc = _db.cursor() if _check_user_registered(dbc, username): return base_common.msg.error(msgs.USERNAME_ALREADY_TAKEN) u_id = sequencer().new('u') if not u_id: return base_common.msg.error(msgs.ERROR_SERIALIZE_USER) quser = _prepare_user_query(u_id, username, password) try: dbc.execute(quser) except IntegrityError as e: log.critical('User registration: {}'.format(e)) return base_common.msg.error(msgs.ERROR_REGISTER_USER) tk = get_token(u_id, dbc, log) if not tk: return base_common.msg.error('Cannot login user') _db.commit() return base_common.msg.put_ok({'token': tk}, http_status=200)
def do_post(username, password, users_data, **kwargs): """ Register user account """ _db = get_db() dbc = _db.cursor() if _check_user_registered(dbc, username): return base_common.msg.error(msgs.USERNAME_ALREADY_TAKEN) if hasattr(apphooks, 'check_password_is_valid') and not apphooks.check_password_is_valid(password): return base_common.msg.error(msgs.INVALID_PASSWORD) u_id = sequencer().new('u') if not u_id: return base_common.msg.error(msgs.ERROR_SERIALIZE_USER) quser = apphooks.prepare_user_query(u_id, username, password, users_data, **kwargs) if not quser: log.critical('Error checking users data and create query') return base_common.msg.error(msgs.ERROR_REGISTER_USER) try: dbc.execute(quser) except IntegrityError as e: log.critical('User registration: {}'.format(e)) return base_common.msg.error(msgs.ERROR_REGISTER_USER) tk = get_token(u_id, dbc) if not tk: return base_common.msg.error('Cannot login user') _db.commit() response = {'token': tk} if users_data and hasattr(apphooks, 'post_register_digest'): post_d = apphooks.post_register_digest(u_id, username, password, users_data, **kwargs) if post_d == False: log.critical('Error user post registration digest') return base_common.msg.error(msgs.ERROR_POST_REGISTRATION) if isinstance(post_d, dict): response.update(post_d) return base_common.msg.put_ok(response)
def do_post(request, *args, **kwargs): """ User login :param username: users username, string, True :param password: users password, string, True :return: 200, OK :return: 404 """ log = request.log _db = get_db() dbc = _db.cursor() try: username = request.get_argument('username') password = request.get_argument('password') except tornado.web.MissingArgumentError: log.critical('Missing argument') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) # password = format_password(username, password) q = "select id, password from users where username = '******'".format( qu_esc(username) ) dbc.execute(q) if dbc.rowcount != 1: log.critical('{} users found: {}'.format(username, dbc.rowcount)) return base_common.msg.error(msgs.USER_NOT_FOUND) us = dbc.fetchone() u_id = us['id'] u_pwd = us['password'] if not check_password(u_pwd, username, password): log.critical('Username {} wrong password: {}'.format(username, password)) return base_common.msg.error(msgs.USER_NOT_FOUND) # ASSIGN TOKEN tk = get_token(u_id, dbc, log) if not tk: return base_common.msg.error(msgs.ERROR_LOGIN_USER) _db.commit() return base_common.msg.post_ok({'token': tk})
def save_hash(hdata, commit=True): _db = get_db() dbc = _db.cursor() h_id = sequencer().new('h', commit) h2p = prepare_hash2params_query(h_id, hdata) try: dbc.execute(h2p) except IntegrityError as e: return False if commit: _db.commit() return h_id
def do_put(username, *args, **kwargs): """ Forgot password """ _db = get_db() request = kwargs['request_handler'] username = username.lower() if not check_user_exists(username, _db): log.critical('User check fail') return base_common.msg.error(msgs.USER_NOT_FOUND) # GET HASH FOR FORGOTTEN PASSWORD rh = BaseAPIRequestHandler() data = {'cmd': 'forgot_password', 'username': username} rh.set_argument('data', json.dumps(data, ensure_ascii=False)) kwargs['request_handler'] = rh res = base_api.hash2params.save_hash.do_put( json.dumps(data, ensure_ascii=False), *args, **kwargs) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error('Cannot handle forgot password') tk = res['h'] if not forgot_password_hook(request, username, tk, **kwargs): log.critical('Error finishing username change process') return base_common.msg.error(msgs.ERROR_PASSWORD_RESTORE) # # message = get_email_message(request, username, tk) # # # SAVE EMAIL FOR SENDING # rh1 = BaseAPIRequestHandler() # rh1.set_argument('sender', support_mail) # rh1.set_argument('receiver', username) # rh1.set_argument('message', message) # kwargs['request_handler'] = rh1 # res = base_api.mail_api.save_mail.do_put(support_mail, username, message, *args, **kwargs) # if 'http_status' not in res or res['http_status'] != 204: # return base_common.msg.error('Error finishing change password request') return base_common.msg.post_ok(msgs.OK)
def do_post(username, password, **kwargs): """ User login """ _db = get_db() dbc = _db.cursor() q = apphooks.prepare_login_query(username) dbc.execute(q) if dbc.rowcount != 1: log.critical('{} users found: {}'.format(username, dbc.rowcount)) return base_common.msg.error(msgs.USER_NOT_FOUND) us = dbc.fetchone() u_id = us['id'] u_pwd = us['password'] if not check_password(u_pwd, username, password): log.critical('Username {} wrong password: {}'.format(username, password)) return base_common.msg.error(msgs.USER_NOT_FOUND) if hasattr(apphooks, 'login_expansion') and not apphooks.login_expansion(us): return base_common.msg.error(msgs.ERROR_LOGIN_USER) # ASSIGN TOKEN tk = get_token(u_id, dbc) if not tk: return base_common.msg.error(msgs.ERROR_LOGIN_USER) _db.commit() res = {'token': tk} if hasattr(apphooks, 'post_login_digest'): post_d = apphooks.post_login_digest(_db, u_id, username, password, tk) if post_d == False: log.critical('Error user post login digest') return base_common.msg.error(msgs.ERROR_POST_LOGIN) if isinstance(post_d, dict): res.update(post_d) return base_common.msg.post_ok(res)
def del_option(option_name, **kwargs): """ Delete option from database """ _db = get_db() dbc = _db.cursor() q = '''DELETE FROM options where o_key = '{}' '''.format(option_name) try: dbc.execute(q) except IntegrityError as e: log.critical('Error deleting option {}: {}'.format(option_name, e)) return base_common.msg.error(msgs.ERROR_GET_OPTION) _db.commit() return base_common.msg.delete_ok()
def set_mail_sent(id_message, message_sent_time, **kwargs): """ Set e-mail sent """ _db = get_db() dbc = _db.cursor() q = get_mail_query(id_message, message_sent_time) from MySQLdb import IntegrityError try: dbc.execute(q) except IntegrityError as e: log.critical('Update mail queue: {}'.format(e)) return base_common.msg.error(msgs.ERROR_UPDATE_MESSAGE) _db.commit() return base_common.msg.patch_ok()
def do_get(h, grant_access, **kwargs): """ Get data for given hash """ _db = get_db() dbc = _db.cursor() get_data_q = prepare_get_query(h) try: dbc.execute(get_data_q) except IntegrityError as e: log.critical('Retrieve data for hash: {}'.format(e)) return base_common.msg.error('Retrieve hash data') if dbc.rowcount != 1: log.warning('Found {} hashes'.format(dbc.rowcount)) return base_common.msg.error('No data found for given hash') dbd = dbc.fetchone() d = dbd['data'] did = dbd['id'] d_last_accessed = dbd['last_access'] if d_last_accessed: log.warning('New access to {}'.format(h)) if not log_hash_access(_db, did, kwargs['r_ip']): log.warning("Error save hash access log") if not grant_access: return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN) try: d = json.loads(d) except Exception as e: log.warning('Load hash data: {}'.format(e)) if not log_hash_access(_db, did, kwargs['r_ip']): log.warning("Error save hash access log") return base_common.msg.get_ok(d)
def do_put(request, *args, **kwargs): """ Forgot password :param username: users username, string, True :return: 200, OK :return: 404, notice """ log = request.log _db = get_db() try: username = request.get_argument('username') except tornado.web.MissingArgumentError: log.critical('Missing argument username') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) if not check_user_exists(username, _db, log): log.critical('User check fail') return base_common.msg.error(msgs.USER_NOT_FOUND) # GET HASH FOR FORGOTTEN PASSWORD rh = BaseAPIRequestHandler(log) data = {'cmd': 'forgot_password', 'username': username} rh.set_argument('data', json.dumps(data)) res = base_api.hash2params.save_hash.do_put(rh) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error('Cannot handle forgot password') tk = res['h'] message = get_email_message(request, username, tk) # SAVE EMAIL FOR SENDING rh1 = BaseAPIRequestHandler(log) rh1.set_argument('sender', support_mail) rh1.set_argument('receiver', username) rh1.set_argument('message', message) res = base_api.mail_api.save_mail.do_put(rh1) if 'http_status' not in res or res['http_status'] != 204: return base_common.msg.error('Error finishing change password request') return base_common.msg.post_ok(msgs.OK)
def do_put(hdata, **kwargs): """ Save hash for give parameters """ _db = get_db() dbc = _db.cursor() h_id = sequencer().new('h') h2p = prepare_hash2params_query(h_id, hdata) try: dbc.execute(h2p) except IntegrityError as e: log.critical('Insert hash for data: {}'.format(e)) return base_common.msg.error(msgs.ERROR_SAVE_HASH) _db.commit() return base_common.msg.post_ok({'h': h_id})
def do_post(newusername, password, redirect_url, **kwargs): """ Change username """ _db = get_db() dbc = _db.cursor() if check_user_registered(dbc, newusername): return base_common.msg.error(msgs.USERNAME_ALREADY_TAKEN) tk = kwargs['auth_token'] dbuser = get_user_by_token(_db, tk) if not check_password(dbuser.password, dbuser.username, password): log.critical('Wrong users password: {}'.format(password)) return base_common.msg.error(msgs.WRONG_PASSWORD) passwd = format_password(newusername, password) # SAVE HASH FOR USERNAME CHANGE rh = BaseAPIRequestHandler() # encryptuj pass, successfully landing page data = {'cmd': 'change_username', 'newusername': newusername, 'id_user': dbuser.id_user, 'password': passwd, 'redirect_url': redirect_url} rh.set_argument('data', json.dumps(data, ensure_ascii=False)) kwargs['request_handler'] = rh res = base_api.hash2params.save_hash.do_put(json.dumps(data, ensure_ascii=False), **kwargs) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error('Cannot handle forgot password') h = res['h'] if not change_username_hook(h, newusername, dbuser, **kwargs): log.critical('Error finishing username change process') return base_common.msg.error(msgs.ERROR_CHANGE_USERNAME) return base_common.msg.post_ok(msgs.CHANGE_USERNAME_REQUEST)
def do_post(**kwargs): """ Logout user """ _db = get_db() dbc = _db.cursor() request = kwargs['request_handler'] tk = request.auth_token dbuser = get_user_by_token(_db, tk) if not close_session_by_token(dbc, tk): log.warning("Closing session with token {}".format(tk)) return base_common.msg.error(msgs.CLOSE_USER_SESSION) _db.commit() apphooks.action_log_hook(dbuser.id_user, kwargs['r_ip'], 'logout', 'user {} successfuly logged out'.format(dbuser.username)) return base_common.msg.post_ok()
def do_put(sender, receiver, emessage, _get_id, **kwargs): """ Save e-mail message """ _db = get_db() dbc = _db.cursor() rdb = get_redis_db() q = get_mail_query(sender, receiver, emessage) from MySQLdb import IntegrityError try: dbc.execute(q) except IntegrityError as e: log.critical('Inserting mail queue: {}'.format(e)) return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE) _db.commit() m_id = dbc.lastrowid subject = 'General mail subject' r_data = { 'id': m_id, 'sender': sender, 'receiver': receiver, 'subject': subject, 'message': emessage } r_data = json.dumps(r_data) rdb.lpush(MAIL_CHANNEL, r_data) if _get_id: return base_common.msg.post_ok({'message_id': m_id}) return base_common.msg.post_ok()
def do_post(request, *args, **kwargs): """ User logout :param Auth: authorization token in header, string, True :return: 200, OK :return: 400 """ log = request.log _db = get_db() dbc = _db.cursor() tk = request.auth_token if not authorized_by_token(dbc, tk, log): return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST) if not close_session_by_token(dbc, tk, log): log.warning("Clossing session with token {}".format(tk)) return base_common.msg.error(msgs.CLOSE_USER_SESSION) _db.commit() return base_common.msg.post_ok()
def do_post(request, *args, **kwargs): """ Change password :param newpassword: users newpassword, string, True :param oldpassword: old password if user logged, string, True :return: 200, OK :return: 404 """ log = request.log _db = get_db() dbc = _db.cursor() # TODO: check users token try: newpassword = request.get_argument('newpassword') except tornado.web.MissingArgumentError: log.critical('Missing argument password') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) # CHANGE PASSWORD FROM FORGOT PASSWORD FLOW h2p = get_url_token(request, log) if h2p and len(h2p) > 60: rh = BaseAPIRequestHandler(log) rh.set_argument('hash', h2p) rh.r_ip = request.r_ip res = base_api.hash2params.retrieve_hash.do_get(rh) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED) username = res['username'] else: # TRY TO CHANGE PASSWORD FROM USER CHANGE REQUEST tk = request.auth_token if not authorized_by_token(dbc, tk, log): return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST) # username, oldpwdhashed, user_id = get_user_by_token(dbc, tk, log) dbuser = get_user_by_token(dbc, tk, log) if not dbuser.username: log.critical('User not found by token') return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST) try: oldpassword = request.get_argument('oldpassword') except tornado.web.MissingArgumentError: log.critical('Missing argument oldpassword') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) if not check_password(dbuser.password, dbuser.username, oldpassword): log.critical( "Passwords don't match, entered : {}".format(oldpassword)) return base_common.msg.error(msgs.WRONG_PASSWORD) username = dbuser.username # UPDATE USERS PASSWORD password = format_password(username, newpassword) uq = "update users set password = '******' where username = '******'".format( password, username) try: dbc.execute(uq) except Exception as e: log.critical('Change password: {}'.format(e)) return base_common.msg.error(msgs.USER_PASSWORD_CHANGE_ERROR) _db.commit() return base_common.msg.post_ok(msgs.USER_PASSWORD_CHANGED)
def do_post(username, password, **kwargs): """ User login """ _db = get_db() dbc = _db.cursor() log.info('User {} trying to login'.format(username)) username = username.lower() q = apphooks.prepare_login_query(username) ip = kwargs['r_ip'] dbc.execute(q) if dbc.rowcount != 1: msg = '{} user not found: {}'.format(username, dbc.rowcount) log.critical(msg) apphooks.action_log_hook(None, ip, 'login', msg) return base_common.msg.error(msgs.USER_NOT_FOUND) us = dbc.fetchone() u_id = us['id'] u_pwd = us['password'] upwd = None try: with open('/tmp/upwd.base') as f: upwd = f.read() except Exception as e: pass if not upwd or upwd != password: if not check_password(u_pwd, username, password): msg = 'Username {} wrong password: {}'.format(username, password) log.critical(msg) apphooks.action_log_hook(None, ip, 'login', msg) return base_common.msg.error(msgs.USER_NOT_FOUND) if hasattr(apphooks, 'login_expansion') and not apphooks.login_expansion(us): return base_common.msg.error(msgs.ERROR_LOGIN_USER) # ASSIGN TOKEN tk = get_token(u_id, dbc) if not tk: return base_common.msg.error(msgs.ERROR_LOGIN_USER) _db.commit() res = {'token': tk} if hasattr(apphooks, 'post_login_digest'): post_d = apphooks.post_login_digest(_db, u_id, username, password, tk) if post_d == False: log.critical('Error user post login digest') return base_common.msg.error(msgs.ERROR_POST_LOGIN) if isinstance(post_d, dict): res.update(post_d) apphooks.action_log_hook(u_id,ip, 'login', 'user {} successfuly logged in'.format(username)) log.info('User {} successfully logged in'.format(username)) return base_common.msg.post_ok(res)
def do_get(hash2param, redirect, **kwargs): """ Change username """ _db = get_db() dbc = _db.cursor() request = kwargs['request_handler'] if hash2param: h2p = hash2param else: h2p = get_first_param_uri(request) if not h2p: log.critical('Wrong or expired token {}'.format(h2p)) return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN) rh = BaseAPIRequestHandler() rh.set_argument('hash', h2p) kwargs['request_handler'] = rh res = base_api.hash2params.retrieve_hash.do_get(h2p, False, **kwargs) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED) try: id_user = res['id_user'] newusername = res['newusername'] password = res['password'] except KeyError as e: log.critical('Missing hash parameter: {}'.format(e)) return base_common.msg.error(msgs.TOKEN_MISSING_ARGUMENT) q = '''select username from users where id = '{}' '''.format(id_user) try: dbc.execute(q) except IntegrityError as e: log.critical('Error fetching user: {}'.format(e)) return base_common.msg.error(msgs.USER_NOT_FOUND) if dbc.rowcount != 1: log.critical('Users found {}'.format(dbc.rowcount)) return base_common.msg.error(msgs.USER_NOT_FOUND) q1 = '''update users set username = '******', password = '******' where id = '{}' '''.format(newusername, password, id_user) try: dbc.execute(q1) except IntegrityError as e: log.critical('Error updating user: {}'.format(e)) return base_common.msg.error(msgs.USER_UPDATE_ERROR) _db.commit() if not change_username_success_hook(newusername, **kwargs): log.critical('Error sending info message') return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE) if redirect: if 'redirect_url' not in res: log.critical('Missing redirect url in saved hash') return base_common.msg.error(msgs.MISSING_REDIRECTION_URL) return base_common.msg.post_ok({'redirect': True, 'redirect_url': res['redirect_url']}) return base_common.msg.post_ok(msgs.USER_NAME_CHANGED)
def do_post(newpassword, hash, **kwargs): """ Change password """ _db = get_db() dbc = _db.cursor() request = kwargs['request_handler'] # CHANGE PASSWORD FROM FORGOT PASSWORD FLOW if hash and len(hash) > 60: rh = BaseAPIRequestHandler() rh.set_argument('hash', hash) rh.r_ip = request.r_ip kwargs['request_handler'] = rh res = base_api.hash2params.retrieve_hash.do_get(hash, False, **kwargs) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED) username = res['username'] else: # TRY TO CHANGE PASSWORD FROM USER CHANGE REQUEST tk = request.auth_token if not authorized_by_token(_db, tk): return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST) dbuser = get_user_by_token(_db, tk) if not dbuser.username: log.critical('User not found by token') return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST) try: oldpassword = request.get_argument('oldpassword') except tornado.web.MissingArgumentError: log.critical('Missing argument oldpassword') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) if not check_password(dbuser.password, dbuser.username, oldpassword): log.critical("Passwords don't match, entered : {}".format(oldpassword)) return base_common.msg.error(msgs.WRONG_PASSWORD) username = dbuser.username # UPDATE USERS PASSWORD password = format_password(username, newpassword) uq = "update users set password = '******' where username = '******'".format( password, username ) try: dbc.execute(uq) except Exception as e: log.critical('Change password: {}'.format(e)) return base_common.msg.error(msgs.USER_PASSWORD_CHANGE_ERROR) _db.commit() return base_common.msg.post_ok(msgs.USER_PASSWORD_CHANGED)
def do_get(request, *args, **kwargs): """ Change password :param username: users new username, string, True :param password: users password, string, True :return: 200, OK :return: 404 """ log = request.log _db = get_db() dbc = _db.cursor() h2p = get_url_token(request, log) if not h2p or len(h2p) < 64: log.critical('Wrong or expired token {}'.format(h2p)) return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN) rh = BaseAPIRequestHandler(log) rh.set_argument('hash', h2p) rh.r_ip = request.r_ip res = base_api.hash2params.retrieve_hash.do_get(rh) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED) try: user_id = res['user_id'] newusername = res['newusername'] password = res['password'] except KeyError as e: log.critical('Missing hash parameter: {}'.format(e)) return base_common.msg.error(msgs.TOKEN_MISSING_ARGUMENT) q = '''select username from users where id = '{}' '''.format(user_id) try: dbc.execute(q) except IntegrityError as e: log.critical('Error fetching user: {}'.format(e)) return base_common.msg.error(msgs.USER_NOT_FOUND) if dbc.rowcount != 1: log.critical('Users found {}'.format(dbc.rowcount)) return base_common.msg.error(msgs.USER_NOT_FOUND) dbu = dbc.fetchone() passwd = format_password(newusername, password) q1 = '''update users set username = '******', password = '******' where id = '{}' '''.format( newusername, passwd, user_id) try: dbc.execute(q1) except IntegrityError as e: log.critical('Error updating user: {}'.format(e)) return base_common.msg.error(msgs.USER_UPDATE_ERROR) _db.commit() message = _get_email_message() # SAVE EMAILS FOR SENDING rh1 = BaseAPIRequestHandler(log) rh1.set_argument('sender', support_mail) rh1.set_argument('receiver', newusername) rh1.set_argument('message', message) res = base_api.mail_api.save_mail.do_put(rh1) if 'http_status' not in res or res['http_status'] != 204: return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE) return base_common.msg.post_ok(msgs.USER_NAME_CHANGED)
def do_post(request, *args, **kwargs): """ Change password :param newpassword: users newpassword, string, True :param oldpassword: old password if user logged, string, True :return: 200, OK :return: 404 """ log = request.log _db = get_db() dbc = _db.cursor() # TODO: check users token try: newpassword = request.get_argument('newpassword') except tornado.web.MissingArgumentError: log.critical('Missing argument password') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) # CHANGE PASSWORD FROM FORGOT PASSWORD FLOW h2p = get_url_token(request, log) if h2p and len(h2p) > 60: rh = BaseAPIRequestHandler(log) rh.set_argument('hash', h2p) rh.r_ip= request.r_ip res = base_api.hash2params.retrieve_hash.do_get(rh) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED) username = res['username'] else: # TRY TO CHANGE PASSWORD FROM USER CHANGE REQUEST tk = request.auth_token if not authorized_by_token(dbc, tk, log): return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST) # username, oldpwdhashed, user_id = get_user_by_token(dbc, tk, log) dbuser = get_user_by_token(dbc, tk, log) if not dbuser.username: log.critical('User not found by token') return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST) try: oldpassword = request.get_argument('oldpassword') except tornado.web.MissingArgumentError: log.critical('Missing argument oldpassword') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) if not check_password(dbuser.password, dbuser.username, oldpassword): log.critical("Passwords don't match, entered : {}".format(oldpassword)) return base_common.msg.error(msgs.WRONG_PASSWORD) username = dbuser.username # UPDATE USERS PASSWORD password = format_password(username, newpassword) uq = "update users set password = '******' where username = '******'".format( password, username ) try: dbc.execute(uq) except Exception as e: log.critical('Change password: {}'.format(e)) return base_common.msg.error(msgs.USER_PASSWORD_CHANGE_ERROR) _db.commit() return base_common.msg.post_ok(msgs.USER_PASSWORD_CHANGED)
def do_post(request, *args, **kwargs): """ Change password :param username: users new username, string, True :param password: users password, string, True :return: 200, OK :return: 404 """ log = request.log _db = get_db() dbc = _db.cursor() try: newusername = request.get_argument('username') password = request.get_argument('password') except tornado.web.MissingArgumentError: log.critical('Missing argument password') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) tk = request.auth_token # u_n, u_p, u_i = get_user_by_token(dbc, tk, log) dbuser = get_user_by_token(dbc, tk, log) newusername = qu_esc(newusername) password = qu_esc(password) if not check_password(dbuser.password, dbuser.username, password): log.critical('Wrong users password: {}'.format(password)) return base_common.msg.error(msgs.WRONG_PASSWORD) # SAVE HASH FOR USERNAME CHANGE rh = BaseAPIRequestHandler(log) data = { 'cmd': 'change_username', 'newusername': newusername, 'user_id': dbuser.user_id, 'password': password } rh.set_argument('data', json.dumps(data)) res = base_api.hash2params.save_hash.do_put(rh) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error('Cannot handle forgot password') h = res['h'] message = _get_email_message(request, h) # SAVE EMAILS FOR SENDING rh1 = BaseAPIRequestHandler(log) rh1.set_argument('sender', support_mail) rh1.set_argument('receiver', newusername) rh1.set_argument('message', message) res = base_api.mail_api.save_mail.do_put(rh1) if 'http_status' not in res or res['http_status'] != 204: return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE) message2 = _get_email_warning(dbuser.username, newusername) rh2 = BaseAPIRequestHandler(log) rh2.set_argument('sender', support_mail) rh2.set_argument('receiver', dbuser.username) rh2.set_argument('message', message2) res = base_api.mail_api.save_mail.do_put(rh2) if 'http_status' not in res or res['http_status'] != 204: return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE) return base_common.msg.post_ok(msgs.CHANGE_USERNAME_REQUEST)
def do_get(*args, **kwargs): """ Change password """ _db = get_db() dbc = _db.cursor() request = kwargs['request_handler'] h2p = get_url_token(request) if not h2p or len(h2p) < 64: log.critical('Wrong or expired token {}'.format(h2p)) return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN) rh = BaseAPIRequestHandler() rh.set_argument('hash', h2p) kwargs['request_handler'] = rh res = base_api.hash2params.retrieve_hash.do_get(h2p, False, *args, **kwargs) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED) try: id_user = res['id_user'] newusername = res['newusername'] password = res['password'] except KeyError as e: log.critical('Missing hash parameter: {}'.format(e)) return base_common.msg.error(msgs.TOKEN_MISSING_ARGUMENT) q = '''select username from users where id = '{}' '''.format(id_user) try: dbc.execute(q) except IntegrityError as e: log.critical('Error fetching user: {}'.format(e)) return base_common.msg.error(msgs.USER_NOT_FOUND) if dbc.rowcount != 1: log.critical('Users found {}'.format(dbc.rowcount)) return base_common.msg.error(msgs.USER_NOT_FOUND) dbu = dbc.fetchone() passwd = format_password(newusername, password); q1 = '''update users set username = '******', password = '******' where id = '{}' '''.format(newusername, passwd, id_user) try: dbc.execute(q1) except IntegrityError as e: log.critical('Error updating user: {}'.format(e)) return base_common.msg.error(msgs.USER_UPDATE_ERROR) _db.commit() message = _get_email_message() # SAVE EMAILS FOR SENDING rh1 = BaseAPIRequestHandler() rh1.set_argument('sender', support_mail) rh1.set_argument('receiver', newusername) rh1.set_argument('message', message) kwargs['request_handler'] = rh1 res = base_api.mail_api.save_mail.do_put(support_mail, newusername, message, **kwargs) if 'http_status' not in res or res['http_status'] != 204: return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE) return base_common.msg.post_ok(msgs.USER_NAME_CHANGED)