def login(self,session):
"""
Logs a user in if their password matches
arguments:
session -- (Session) object from flask
return the reponse object
"""
try:
safeDictionary = RequestDictionary(self.request)
username = safeDictionary.getValue('username')
password = safeDictionary.getValue('password')
try:
user = self.interfaces.userDb.getUserByEmail(username)
except Exception as e:
raise ValueError("user name and or password invalid")
if(not self.interfaces.userDb.checkStatus(user,"approved")):
raise ValueError("user name and or password invalid")
# Only check if user is active after they've logged in for the first time
if user.last_login_date is not None and not self.isUserActive(user):
raise ValueError("Your account has expired. Please contact an administrator.")
try:
if(self.interfaces.userDb.checkPassword(user,password,self.bcrypt)):
# We have a valid login
LoginSession.login(session,user.user_id)
permissionList = []
for permission in self.interfaces.userDb.getPermssionList():
if(self.interfaces.userDb.hasPermission(user, permission.name)):
permissionList.append(permission.permission_type_id)
self.interfaces.userDb.updateLastLogin(user)
return JsonResponse.create(StatusCode.OK,{"message":"Login successful","user_id": int(user.user_id),"name":user.name,"title":user.title ,"agency":user.agency, "permissions" : permissionList})
else :
raise ValueError("user name and or password invalid")
except Exception as e:
LoginSession.logout(session)
raise ValueError("user name and or password invalid")
except (TypeError, KeyError, NotImplementedError) as e:
# Return a 400 with appropriate message
return JsonResponse.error(e,StatusCode.CLIENT_ERROR)
except ValueError as e:
# Return a 401 for login denied
return JsonResponse.error(e,StatusCode.LOGIN_REQUIRED)
except Exception as e:
# Return 500
return JsonResponse.error(e,StatusCode.INTERNAL_ERROR)
return self.response
def create_session_and_response(self, session, user):
"""Create a session."""
LoginSession.login(session, user.user_id)
sess = GlobalDB.db().session
updateLastLogin(user)
agency_name = sess.query(CGAC.agency_name).\
filter(CGAC.cgac_code == user.cgac_code).\
one_or_none()
return JsonResponse.create(StatusCode.OK, {"message": "Login successful", "user_id": int(user.user_id),
"name": user.name, "title": user.title,
"agency_name": agency_name,
"cgac_code": user.cgac_code, "permission": user.permission_type_id})
def create_session_and_response(session, user):
""" Create a session.
Args:
session: Session object from flask
user: Users object
Returns:
JsonResponse containing the JSON for the user
"""
LoginSession.login(session, user.user_id)
data = json_for_user(user, session['sid'])
data['message'] = 'Login successful'
return JsonResponse.create(StatusCode.OK, data)
def create_session_and_response(session, user):
""" Create a session.
Args:
session: Session object from flask
user: Users object
Returns:
JsonResponse containing the JSON for the user
"""
LoginSession.login(session, user.user_id)
data = json_for_user(user, session['sid'])
data['message'] = 'Login successful'
return JsonResponse.create(StatusCode.OK, data)
def create_session_and_response(self, session, user):
# Create session
LoginSession.login(session, user.user_id)
permissionList = []
for permission in self.interfaces.userDb.getPermissionList():
if (self.interfaces.userDb.hasPermission(user, permission.name)):
permissionList.append(permission.permission_type_id)
self.interfaces.userDb.updateLastLogin(user)
agency_name = self.interfaces.validationDb.getAgencyName(
user.cgac_code)
return JsonResponse.create(
StatusCode.OK, {
"message": "Login successful",
"user_id": int(user.user_id),
"name": user.name,
"title": user.title,
"agency_name": agency_name,
"cgac_code": user.cgac_code,
"permissions": permissionList
})
def login(self, session):
"""
Logs a user in if their password matches
arguments:
session -- (Session) object from flask
return the reponse object
"""
try:
safeDictionary = RequestDictionary(self.request)
username = safeDictionary.getValue('username')
password = safeDictionary.getValue('password')
try:
user = self.interfaces.userDb.getUserByEmail(username)
except Exception as e:
raise ValueError("user name and or password invalid")
if (not self.interfaces.userDb.checkStatus(user, "approved")):
raise ValueError("user name and or password invalid")
# Only check if user is active after they've logged in for the first time
if user.last_login_date is not None and not self.isUserActive(
user):
raise ValueError(
"Your account has expired. Please contact an administrator."
)
try:
if (self.interfaces.userDb.checkPassword(
user, password, self.bcrypt)):
# We have a valid login
LoginSession.login(session, user.user_id)
permissionList = []
for permission in self.interfaces.userDb.getPermssionList(
):
if (self.interfaces.userDb.hasPermission(
user, permission.name)):
permissionList.append(
permission.permission_type_id)
self.interfaces.userDb.updateLastLogin(user)
return JsonResponse.create(
StatusCode.OK, {
"message": "Login successful",
"user_id": int(user.user_id),
"name": user.name,
"title": user.title,
"agency": user.agency,
"permissions": permissionList
})
else:
raise ValueError("user name and or password invalid")
except Exception as e:
LoginSession.logout(session)
raise ValueError("user name and or password invalid")
except (TypeError, KeyError, NotImplementedError) as e:
# Return a 400 with appropriate message
return JsonResponse.error(e, StatusCode.CLIENT_ERROR)
except ValueError as e:
# Return a 401 for login denied
return JsonResponse.error(e, StatusCode.LOGIN_REQUIRED)
except Exception as e:
# Return 500
return JsonResponse.error(e, StatusCode.INTERNAL_ERROR)
return self.response
def login(self,session):
"""
Logs a user in if their password matches
arguments:
session -- (Session) object from flask
return the reponse object
"""
try:
safeDictionary = RequestDictionary(self.request)
username = safeDictionary.getValue('username')
password = safeDictionary.getValue('password')
try:
user = self.interfaces.userDb.getUserByEmail(username)
except Exception as e:
raise ValueError("Invalid username and/or password")
if(not self.interfaces.userDb.checkStatus(user,"approved")):
raise ValueError("Invalid username and/or password")
# Only check if user is active after they've logged in for the first time
if user.last_login_date is not None and self.isAccountExpired(user):
raise ValueError("Your account has expired. Please contact an administrator.")
# for whatever reason, your account is not active, therefore it's locked
if not self.isUserActive(user):
raise ValueError("Your account has been locked. Please contact an administrator.")
try:
if(self.interfaces.userDb.checkPassword(user,password,self.bcrypt)):
# We have a valid login
# Reset incorrect password attempt count to 0
self.resetPasswordCount(user)
LoginSession.login(session,user.user_id)
permissionList = []
for permission in self.interfaces.userDb.getPermissionList():
if(self.interfaces.userDb.hasPermission(user, permission.name)):
permissionList.append(permission.permission_type_id)
self.interfaces.userDb.updateLastLogin(user)
agency_name = self.interfaces.validationDb.getAgencyName(user.cgac_code)
return JsonResponse.create(StatusCode.OK,{"message":"Login successful","user_id": int(user.user_id),
"name":user.name,"title":user.title,"agency_name":agency_name,
"cgac_code":user.cgac_code, "permissions" : permissionList})
else :
# increase incorrect password attempt count by 1
# if this is the 3rd incorrect attempt, lock account
self.incrementPasswordCount(user)
if user.incorrect_password_attempts == 3:
raise ValueError("Your account has been locked due to too many failed login attempts. Please contact an administrator.")
raise ValueError("Invalid username and/or password")
except ValueError as ve:
LoginSession.logout(session)
raise ve
except Exception as e:
LoginSession.logout(session)
raise ValueError("Invalid username and/or password")
except (TypeError, KeyError, NotImplementedError) as e:
# Return a 400 with appropriate message
return JsonResponse.error(e,StatusCode.CLIENT_ERROR)
except ValueError as e:
# Return a 401 for login denied
return JsonResponse.error(e,StatusCode.LOGIN_REQUIRED)
except Exception as e:
# Return 500
return JsonResponse.error(e,StatusCode.INTERNAL_ERROR)
return self.response
def create_session_and_response(session, user):
"""Create a session."""
LoginSession.login(session, user.user_id)
data = json_for_user(user)
data['message'] = 'Login successful'
return JsonResponse.create(StatusCode.OK, data)
def login(self, session):
"""
Logs a user in if their password matches
arguments:
session -- (Session) object from flask
return the reponse object
"""
try:
safeDictionary = RequestDictionary(self.request)
username = safeDictionary.getValue('username')
password = safeDictionary.getValue('password')
try:
user = self.interfaces.userDb.getUserByEmail(username)
except Exception as e:
raise ValueError("Invalid username and/or password")
if (not self.interfaces.userDb.checkStatus(user, "approved")):
raise ValueError("Invalid username and/or password")
# Only check if user is active after they've logged in for the first time
if user.last_login_date is not None and self.isAccountExpired(
user):
raise ValueError(
"Your account has expired. Please contact an administrator."
)
# for whatever reason, your account is not active, therefore it's locked
if not self.isUserActive(user):
raise ValueError(
"Your account has been locked. Please contact an administrator."
)
try:
if (self.interfaces.userDb.checkPassword(
user, password, self.bcrypt)):
# We have a valid login
# Reset incorrect password attempt count to 0
self.resetPasswordCount(user)
LoginSession.login(session, user.user_id)
permissionList = []
for permission in self.interfaces.userDb.getPermissionList(
):
if (self.interfaces.userDb.hasPermission(
user, permission.name)):
permissionList.append(
permission.permission_type_id)
self.interfaces.userDb.updateLastLogin(user)
agency_name = self.interfaces.validationDb.getAgencyName(
user.cgac_code)
return JsonResponse.create(
StatusCode.OK, {
"message": "Login successful",
"user_id": int(user.user_id),
"name": user.name,
"title": user.title,
"agency_name": agency_name,
"cgac_code": user.cgac_code,
"permissions": permissionList
})
else:
# increase incorrect password attempt count by 1
# if this is the 3rd incorrect attempt, lock account
self.incrementPasswordCount(user)
if user.incorrect_password_attempts == 3:
raise ValueError(
"Your account has been locked due to too many failed login attempts. Please contact an administrator."
)
raise ValueError("Invalid username and/or password")
except ValueError as ve:
LoginSession.logout(session)
raise ve
except Exception as e:
LoginSession.logout(session)
raise ValueError("Invalid username and/or password")
except (TypeError, KeyError, NotImplementedError) as e:
# Return a 400 with appropriate message
return JsonResponse.error(e, StatusCode.CLIENT_ERROR)
except ValueError as e:
# Return a 401 for login denied
return JsonResponse.error(e, StatusCode.LOGIN_REQUIRED)
except Exception as e:
# Return 500
return JsonResponse.error(e, StatusCode.INTERNAL_ERROR)
return self.response
def create_session_and_response(session, user):
"""Create a session."""
LoginSession.login(session, user.user_id)
data = json_for_user(user)
data['message'] = 'Login successful'
return JsonResponse.create(StatusCode.OK, data)