def userActionsId(action, id):
user = user_datastore.get_user(id)
if user != None and user != []:
#Removes a user
if action == "remove":
if user != current_user:
user_datastore.delete_user(user)
db.session.commit()
return json.dumps({"status": "user removed"})
else:
return json.dumps({"status" : "user could not be removed"})
#Edits a user
elif action == "edit":
form = forms.EditUserForm(request.form)
if form.validate():
if form.password != "":
verify_and_update_password(form.password.data, user)
if form.role.entries != []:
user.setRoles(form.role.entries)
return json.dumps(user.display())
#Displays a users' information
elif action == "display":
if user != None:
return json.dumps(user.display())
else:
return json.dumps({"status" : "could not display user"})
return json.dumps({"status" : "user does not exist"})
def test_register_user(self, apidb, testapi, role, invite):
data = {"firstName":"myFirstName", "lastName":"myLastName", "email":"*****@*****.**", "password":"******", "token":invite.token}
resp = testapi.post_json(url_for('v1.AuthView:register_user'), data)
#test register user creates user but confirmed_at is not set
u = User.query.filter_by(email=data['email']).first()
from flask_security.utils import verify_and_update_password
verify_and_update_password(user=u, password='******').should_not.be.none
u.confirmed_at.should.be.none
return resp
def post(self):
if request.json:
data = request.json
user = self.model.query.filter(self.model.email == data['email']).first()
if user and verify_and_update_password(data['password'], user) and login_user(user):
user_data = self.schema().dump(user).data
return jsonify({'success': 200, 'data': user_data})
else:
return make_response(jsonify({'error': 403, 'data': 'invalid data'}), 403)
else:
data = request.form
user = self.model.query.filter(self.model.email == data['email']).first()
if user and verify_and_update_password(data['password'], user) and login_user(user):
return redirect('/test/v1/admin/', 302)
def validate(self):
""" this is a slimmed down version of the default validate function
where username is used instead of email for user authentication
"""
if self.password.data.strip() == '':
flash('password required')
return False
if self.username.data.strip() == '':
flash('username required')
return False
self.user = User.query.filter_by(username=self.username.data).first()
if not self.user:
flash('invalid username')
current_app.logger.warning('invalid login attempt by {}'.format(self.username.data))
return False
if not verify_and_update_password(self.password.data, self.user):
current_app.logger.warning('invalid password')
flash('invalid password')
return False
return True
def validate(self):
self.email_or_login.errors, self.password.errors = [], []
if self.email_or_login.data.strip() == '':
self.email_or_login.errors.append(get_message('LOGIN_NOT_PROVIDED')[0])
return False
if self.password.data.strip() == '':
self.password.errors.append(get_message('PASSWORD_NOT_PROVIDED')[0])
return False
self.user = _datastore.find_user(login=self.email_or_login.data.strip())
if self.user is None:
self.user = _datastore.find_user(email=self.email_or_login.data.strip())
if self.user is None:
self.email_or_login.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
if not self.user.password:
self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
return False
if not verify_and_update_password(self.password.data, self.user):
self.password.errors.append(get_message('INVALID_PASSWORD')[0])
return False
if not self.user.is_active:
self.email_or_login.errors.append(get_message('DISABLED_ACCOUNT')[0])
return False
return True
def authenticate_user(user_id):
"""Return the user's account balance if user and password match, return False otherwise"""
user = DB.User.query.get(user_id)
if not user:
return str(False)
if verify_and_update_password(request.args["password"], user):
return str(user.bar_account_balance)
return str(False)
def authenticate(username, password, scopes):
user = user_datastore.get_user(username)
if user and verify_and_update_password(password, user):
scope_perms = []
for scope in scopes:
scope_perms.append(user.has_role(scope))
if all(scope_perms):
return user
def upgrade():
app = current_app
db.session.flush()
current_salt = Keys.query.filter_by(name = 'SECURITY_PASSWORD_SALT').first().value
app.config.update(dict(SECURITY_PASSWORD_SALT=current_salt))
app.config['SECURITY_PASSWORD_HASH'] = config.SECURITY_PASSWORD_HASH
if app.extensions.get('security') is None:
user_datastore = SQLAlchemyUserDatastore(db, User, Role)
Security(app, user_datastore, register_blueprint=False)
else:
app.config['SECURITY_PASSWORD_SALT'] = current_salt
users = User.query.all()
# This will upgrade the plaintext password of all the user as per the
# SECURITY_PASSWORD_HASH.
for user in users:
if user.password is not None:
verify_and_update_password(user.password, user)
db.session.commit()
def post(self):
form = UserLeaveForm()
if form.validate_on_submit():
if verify_and_update_password(form.password.data, current_user):
flash("Your input is correct.")
is_pw_correct = True
current_user.is_want_leave = True
db.session.commit()
return render_template('main/leave.html', form=form, is_pw_correct=is_pw_correct)
else:
flash("Your input is not correct.")
return redirect(url_for('AuthView:get'))
def login():
data = request.json
user = user_datastore.get_user(data['email'])
if not user:
return "Invalid username or password", 401
if not verify_and_update_password(data['password'], user):
return "Invalid username or password", 401
login_user(user)
return jsonify({
'auth_token': user.get_auth_token(),
'email': user.email
})
def test_add_admin(self):
email = '*****@*****.**'
password = '******'
add_admin(email, password)
user = User.query.filter_by(email=email).first()
admin_role = Role.query.filter_by(name='admin').first()
self.assertEqual(user.email, email)
self.assertTrue(user.active)
self.assertIn(admin_role, user.roles)
self.assertTrue(verify_password('password', user.password))
self.assertTrue(verify_and_update_password(password, user))
def login_user():
if "email" not in request.json:
return error_response(errors.AUTH_EMAIL_MISSING, 400)
if "password" not in request.json:
return error_response(errors.AUTH_PSSWD_MISSING, 400)
# email and password are in the posted data.
user = User.query.filter_by(email=request.json.get("email")).first()
psswd_check = False
if user:
psswd_check = verify_and_update_password(request.json.get("password"), user)
if user and psswd_check:
login(user, remember=True)
return jsonify(user.to_dict())
else:
return error_response(errors.AUTH_INCORRECT_CREDENTIALS, 401)
def login():
"""直接使用flask-security的工具方法完成登陆验证"""
username = request.json.get('username', '')
passwd = request.json.get('password', '')
security = current_app.extensions['security']
datastore = security.datastore
user = datastore.get_user(username)
if not verify_and_update_password(passwd, user):
return jsonres(metacode=401, msg=u'用户不在在或密码不正确')
login_user(user)
loginRes = dict(authentication_token=user.get_auth_token(), nickname=(user.nickname or user.email), avatar=user.avatar)
return jsonres(rv=dict(user=loginRes))
def upgrade():
app = current_app
db.session.flush()
current_salt = Keys.query.filter_by(
name='SECURITY_PASSWORD_SALT').first().value
app.config.update(dict(SECURITY_PASSWORD_SALT=current_salt))
app.config['SECURITY_PASSWORD_HASH'] = config.SECURITY_PASSWORD_HASH
if app.extensions.get('security') is None:
user_datastore = SQLAlchemyUserDatastore(db, User, Role)
Security(app, user_datastore, register_blueprint=False)
else:
app.config['SECURITY_PASSWORD_SALT'] = current_salt
users = User.query.with_entities(
User.id, User.email, User.password, User.active, User.confirmed_at)\
.all()
# This will upgrade the plaintext password of all the user as per the
# SECURITY_PASSWORD_HASH.
for user in users:
if user.password is not None:
verify_and_update_password(user.password, user)
db.session.commit()
def change_password():
form = ChangePwdForm(request.form)
if form.validate():
user = User.query.filter(User.id == request.form['user_id']).first()
if utils.verify_and_update_password(request.form['old_pwd'], user):
if request.form['new_pwd_1'] == request.form['new_pwd_2']:
new_password_encrypted = utils.hash_password(request.form['new_pwd_1'])
user.password = new_password_encrypted
db.session.commit()
logout_user()
return redirect(url_for('profile'))
return "Sorry, did you input different new passwords?"
else:
return "Sorry, is your old password correct?"
return "Sorry, is there something wring in your information?"
def login_user():
if 'email' not in request.json:
return error_response(errors.AUTH_EMAIL_MISSING, 400)
if 'password' not in request.json:
return error_response(errors.AUTH_PSSWD_MISSING, 400)
# email and password are in the posted data.
user = User.query.filter_by(email=request.json.get('email')).first()
psswd_check = False
if user:
psswd_check = verify_and_update_password(request.json.get('password'),
user)
if user and psswd_check:
login(user, remember=True)
return jsonify(user.to_dict())
else:
return error_response(errors.AUTH_INCORRECT_CREDENTIALS, 401)
def validate(self):
user_ip = request.headers.get('X-Forwarded-For', request.remote_addr)
time_now = datetime.datetime.now()
# Use super of LoginForm, not super of CustomLoginForm, since I
# want to skip the LoginForm validate logic
if not super(LoginForm, self).validate():
audit_logger.warning(
f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}]"
)
return False
self.email.data = remove_null_caracters(self.email.data)
self.user = _datastore.find_user(username=self.email.data)
if self.user is None:
audit_logger.warning(
f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}] - "
f"Reason: [Invalid Username]")
self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
self.user.password = remove_null_caracters(self.user.password)
if not self.user.password:
audit_logger.warning(
f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}] - "
f"Reason: [Invalid Password]")
self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
self.password.data = remove_null_caracters(self.password.data)
if not verify_and_update_password(self.password.data, self.user):
audit_logger.warning(
f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}] - "
f"Reason: [Invalid Password]")
self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
# if requires_confirmation(self.user):
# self.email.errors.append(get_message('CONFIRMATION_REQUIRED')[0])
# return False
if not self.user.is_active:
audit_logger.warning(
f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}] - "
f"Reason: [Disabled Account]")
self.email.errors.append(get_message('DISABLED_ACCOUNT')[0])
return False
return True
def validate(self):
if not super(LoginForm, self).validate():
return False
# Verify username field is not blank. We don't concern ourselves with email
# because we don't use that to validate
if self.username.data.strip() == '':
self.username.errors.append('USERNAME NOT PROVIDED')
return False
# If the password field is left blank, fail.
if self.password.data.strip() == '':
self.password.errors.append('PASSWORD NOT PROVIDED')
return False
# set the user to be the user name in the field and look it up
# in the database
self.user = security.datastore.get_user(self.username.data)
# Ensure the user exists in the database
if self.user is None:
self.username.errors.append('INCORRECT USERNAME/PASSWORD')
return False
# Ensure the password was set
if not self.user.password:
self.password.errors.append('PASSWORD WAS NOT SET')
return False
# Verify the password provided matches what is in the database for that user
if not verify_and_update_password(self.password.data, self.user):
self.password.errors.append('INCORRECT USERNAME/PASSWORD')
return False
# If user confirmation is enabled and the user has not confirmed, deny access
if requires_confirmation(self.user):
self.user.errors.append('CONFIRMATION REQUIRED')
return False
# Make sure that the user account is active and not disabled
if not self.user.is_active:
self.username.errors.append('DISABLED ACCOUNT')
return False
# If all other checks are passed, the user is valid
return True
def load_user_from_request(request):
apikey = request.headers.environ.get("HTTP_X_API_KEY", None)
if apikey:
user = user_datastore.find_user(apikey=apikey)
if not user:
return None
else:
auth = request.headers.get("Authorization")
if not auth or auth.count(":") != 1:
return None
login, password = auth.split(":")
user = user_datastore.find_user(email=login.strip())
if user is None:
return None
if not verify_and_update_password(password.strip(), user):
return None
return user if login_user(user) else None
def _try_local_auth(self):
self.user = _datastore.find_user(username=self.email.data)
if not self.user:
self.email.errors.append(get_message("USER_DOES_NOT_EXIST")[0])
return False
if not self.user.password:
self.password.errors.append(get_message("PASSWORD_NOT_SET")[0])
return False
if not verify_and_update_password(self.password.data, self.user):
self.password.errors.append(get_message("INVALID_PASSWORD")[0])
return False
if requires_confirmation(self.user):
self.email.errors.append(get_message("CONFIRMATION_REQUIRED")[0])
return False
if not self.user.is_active:
self.email.errors.append(get_message("DISABLED_ACCOUNT")[0])
return False
return True
def validate(self):
self.user = _datastore.get_user(self.email.data)
if self.user is None:
self.email.validate(self)
self.email.errors.append("User or password invalid.")
return False
if not verify_and_update_password(self.password.data, self.user):
self.password.errors.append(get_message('INVALID_PASSWORD')[0])
return False
if not self.user.password:
self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
return False
if requires_confirmation(self.user):
self.email.errors.append(get_message('CONFIRMATION_REQUIRED')[0])
return False
if not self.user.is_active:
self.email.errors.append(get_message('DISABLED_ACCOUNT')[0])
return False
return True
def get_jwt() -> Tuple[str, int]:
"""
Get a JWT to use for accessing the api.
Works outside of a session context by posting the user credentials. This is conceptually equivalent to logging
in via the login form.
:return: JWT provided via a JSON object (or error)
"""
if current_user and current_user.is_authenticated:
return jsonify(jwt=create_jwt_for_user(current_user)), 200
credentials = request.get_json(force=True)
if not credentials or 'email' not in credentials or 'password' not in credentials:
return jsonify(error="Incomplete credentials."), 400
user = user_datastore.find_user(email=credentials['email'])
if verify_and_update_password(credentials['password'], user):
jwt_json: str = jsonify(jwt=create_jwt_for_user(user))
return jwt_json, 200
jwt_error_json: str = jsonify(error="Could not authenticate user.")
return jwt_error_json, 401
def login_post():
email = request.form.get('email')
password = request.form.get('password')
remember = True if request.form.get('remember') else False
user = User.objects(email=email).first()
# ToDo: There is username enumeration here.
# Check if enabled account
if not user or not user.active:
flash('This account has been disabled')
return redirect(url_for('auth.login'))
# check if user actually exists
if not user or not verify_and_update_password(password, user):
flash('Please check your login details and try again.')
return redirect(url_for('auth.login'))
# ToDo: Need to put a real check for remember me in here
login_user(user, remember=remember)
return redirect(url_for('dashboard.main_dashboard'))
def login():
print("data", request.get_json())
data = json.loads(request.get_json()['data'])
print("data", data)
# auth = request.authorization
user = user_datastore.find_user(email=data['email'])
if user:
if (verify_and_update_password(data['password'], user)):
token = jwt.encode(
{
'user':
data['email'],
'exp':
datetime.datetime.utcnow() + datetime.timedelta(minutes=10)
},
app.config['SECRET_KEY'],
algorithm="HS256")
print("Logged as ", data['email'])
return jsonify({'token': token})
return make_response('Could not verify!', 401,
{'WWW-Authenticate': 'Basic realm="Login Required"'})
def validate(self):
if not super(ExtendedLoginForm, self).validate():
return False
self.user = user_datastore.get_user(self.email.data)
if self.user is None:
self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
# Reduce timing variation between existing and non-existung users
hash_password(self.password.data)
return False
if not self.user.password:
self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
# Reduce timing variation between existing and non-existung users
hash_password(self.password.data)
return False
if not verify_and_update_password(self.password.data, self.user):
self.password.errors.append(get_message('INVALID_PASSWORD')[0])
return False
if not self.user.is_active:
self.email.errors.append(get_message('DISABLED_ACCOUNT')[0])
return False
return True
def validate(self):
if not super(LoginForm, self).validate():
return False
if not self.username.data.strip():
self.username.errors.append("Username not provided")
return False
if not self.password.data.strip():
self.password.errors.append(
get_message("PASSWORD_NOT_PROVIDED")[0])
return False
username = self.username.data
self.user = _security.datastore.find_user(username=username)
if not self.user:
logger.warning("not found {} using username field, "
"now using fallback with email".format(username))
self.user = _security.datastore.find_user(email=username)
if self.user is None:
self.username.errors.append(get_message("USER_DOES_NOT_EXIST")[0])
return False
if not self.user.password:
self.password.errors.append(get_message("PASSWORD_NOT_SET")[0])
return False
if not verify_and_update_password(self.password.data, self.user):
self.password.errors.append(get_message("INVALID_PASSWORD")[0])
return False
if requires_confirmation(self.user):
self.username.errors.append(
get_message("CONFIRMATION_REQUIRED")[0])
return False
if not self.user.is_active:
self.username.errors.append(get_message("DISABLED_ACCOUNT")[0])
return False
return True
def validate(self):
# Use super of LoginForm, not super of CustomLoginForm, since I
# want to skip the LoginForm validate logic
if not super(LoginForm, self).validate():
return False
self.user = _datastore.get_user(self.email.data)
if self.user is None:
self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
if not self.user.password:
self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
if not verify_and_update_password(self.password.data, self.user):
self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
# if requires_confirmation(self.user):
# self.email.errors.append(get_message('CONFIRMATION_REQUIRED')[0])
# return False
if not self.user.is_active:
self.email.errors.append(get_message('DISABLED_ACCOUNT')[0])
return False
return True
def validate(self):
# Use super of LoginForm, not super of CustomLoginForm, since I
# want to skip the LoginForm validate logic
if not super(LoginForm, self).validate():
return False
self.user = _datastore.get_user(self.email.data)
if self.user is None:
self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
if not self.user.password:
self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
if not verify_and_update_password(self.password.data, self.user):
self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
# if requires_confirmation(self.user):
# self.email.errors.append(get_message('CONFIRMATION_REQUIRED')[0])
# return False
if not self.user.is_active:
self.email.errors.append(get_message('DISABLED_ACCOUNT')[0])
return False
return True
def validate_login(self, form):
if self.validate():
user = db.query(User).filter(
or_(User.name == form['username'],
User.email == form['username']))
if user.count() > 0:
usermodel = user.one()
if not verify_and_update_password(form['password'], usermodel):
self.error = u'用户名或密码错误'
return False
if usermodel.active == 0:
self.error = u'用户尚未激活,登陆邮箱激活'
return False
self.id = usermodel.id
self.__setattr__('is_authenticated', True)
session['uid'] = usermodel.id
session['username'] = usermodel.name
return usermodel
else:
self.error = u'用户' + form['username'] + u'不存在'
return False
else:
return False
def check_password(self, password):
return verify_and_update_password(password, self)
def set_pass(self, user, passw):
"""
Regenerate an user's password hash.
"""
verify_and_update_password(passw, user)
return True
def check_user_pass(user, passw):
"""
Checks an user's password.
"""
return verify_and_update_password(passw, user)
def check_password(self, password: str):
return verify_and_update_password(password, self)
def check_password(self, value):
return verify_and_update_password(value, self)
def verify_password(self, password=None, new_password=None, **kwargs):
"""Verify password is not invalid."""
if not verify_and_update_password(password, current_user):
_abort(get_message("INVALID_PASSWORD")[0], "password")
if password == new_password:
_abort(get_message("PASSWORD_IS_THE_SAME")[0], "password")
def check_user_pass(user, passw):
"""
Checks an user's password.
"""
return verify_and_update_password(passw, user)
def users():
form = UserForm()
dform = DeleteForm()
form.roles.choices = [
(r.name, r.description)
for r in models.Role.query.order_by(models.Role.name.asc()).all()
]
if current_app.config['AJAX_CALL_ENABLED']:
form.associate_group_id.choices = []
associate_group_id = current_user.associate_group_id
if associate_group_id and is_region_role():
form.associate_group_id.choices = [
(ag.id, ag.name)
for ag in models.AssociateGroup.query.filter_by(
id=associate_group_id).all()
]
return render_template('admin/user.html', form=form, dform=dform)
else:
province_id = current_user.province_id
if province_id and is_region_role():
us = models.User.query.filter_by(province_id=province_id).all()
form.province_id.choices = [
(p.province_id, p.type + " " + p.name)
for p in models.Province.query.filter_by(
province_id=province_id).all()
]
else:
us = models.User.query.all()
form.province_id.choices = []
# form create or edit submit
if request.method == 'POST' and form.data['submit']:
if not check_role(crud_role):
return redirect(url_for(request.endpoint))
form.province_id.choices = [(form.province_id.data,
form.province_id.label.text)]
# edit user
if form.id.data:
# remove required validator in fields pass and confirm
# when form is edit form
setattr(form.password, 'validators', [match_pass])
setattr(form.confirm, 'validators', [])
if form.validate_on_submit():
edit_user = user_datastore.find_user(id=form.id.data)
if form.old_password.data:
if not security_utils.verify_and_update_password(
form.old_password.data, edit_user):
flash(str(__('Old password is wrong!')), 'error')
# TODO: fix return to keep current state of form
return redirect(url_for(request.endpoint))
else:
edit_user.password = security_utils.hash_password(
form.password.data)
temp_user = sqla.session.query(models.User) \
.filter_by(email=form.email.data).all()
if not check_user_email(temp_user, edit_user.email):
form.email.errors.append(__('The email was existed!'))
flash(str(__('The email was existed!')), 'error')
else:
edit_user.email = form.email.data
edit_user.fullname = form.fullname.data
if form.province_id.data != edit_user.province_id:
edit_user.province = models.Province.query \
.filter_by(province_id=form.province_id.data) \
.one()
for new_role in form.roles.data:
role_is_added = False
for r in edit_user.roles:
if new_role == r.name:
role_is_added = True
break
if not role_is_added:
user_datastore.add_role_to_user(
edit_user.email, new_role)
temp_roles = list(edit_user.roles)
for old_role in temp_roles:
if old_role.name not in form.roles.data:
user_datastore.remove_role_from_user(
edit_user.email, old_role.name)
user_datastore.put(edit_user)
for user in us:
if user.id == edit_user.id:
us.remove(user)
us.append(edit_user)
flash(str(__('Update user success!')), 'success')
return redirect(url_for(request.endpoint))
else:
flash(str(__('The form is not validated!')), 'error')
# add user
else:
setattr(form.password, 'validators',
[data_required, match_pass])
setattr(form.confirm, 'validators', [data_required])
form.id.data = str(uuid.uuid4())
if form.validate_on_submit():
if not user_datastore.find_user(email=form.email.data):
province = models.Province.query.filter_by(
province_id=form.province_id.data).one()
user_datastore.create_user(
id=form.id.data,
email=form.email.data,
fullname=form.fullname.data,
province=province,
password=security_utils.hash_password(
form.password.data))
sqla.session.commit()
for role in form.roles.data:
user_datastore.add_role_to_user(
form.email.data, role)
sqla.session.commit()
flash(str(__('Add user success!')), 'success')
return redirect(url_for(request.endpoint))
else:
form.email.errors.append(__('The email was existed!'))
flash(str(__('The email was existed!')), 'error')
else:
flash(str(__('The form is not validated!')), 'error')
# form delete submit
if request.method == 'POST' and dform.data['submit_del']:
if not check_role(crud_role):
return redirect(url_for(request.endpoint))
elif dform.validate_on_submit():
del_user = user_datastore.find_user(id=dform.id.data)
user_datastore.delete_user(del_user)
sqla.session.commit()
flash(str(__('Delete user success!')), 'success')
return redirect(url_for(request.endpoint))
return render_template('admin/user.html',
us=us,
form=form,
dform=dform)
def validate(self):
if not super(DeploymentLoginForm, self).validate():
participant = models.Participant.query.filter(
models.Participant.participant_id == self.email.data.strip(),
models.Participant.password == self.password.data.strip(),
models.Participant.participant_set ==
g.event.participant_set).join(models.ParticipantRole).filter(
models.ParticipantRole.name == '$FC').first()
if participant:
# get the field co-ordinator user and create it if necessary
_user = _datastore.find_user(email=current_app.config.get(
'APOLLO_FIELD_COORDINATOR_EMAIL'))
if not _user:
_role = _datastore.find_or_create_role(
'field-coordinator', deployment=g.deployment)
_user = _datastore.create_user(
email=current_app.config.get(
'APOLLO_FIELD_COORDINATOR_EMAIL'),
username='',
password='',
deployment=g.deployment,
roles=[_role])
self.user = _datastore.get_user(
current_app.config.get('APOLLO_FIELD_COORDINATOR_EMAIL'))
session['participant'] = participant.id
return True
else:
return False
else:
if self.email.data.strip() == '':
self.email.errors.append(get_message('EMAIL_NOT_PROVIDED')[0])
return False
if self.password.data.strip() == '':
self.password.errors.append(
get_message('PASSWORD_NOT_PROVIDED')[0])
return False
# check by the user identity attributes defined in
# the settings
for identity_attribute in current_app.config.get(
'SECURITY_USER_IDENTITY_ATTRIBUTES'):
kwargs = {
'deployment': g.deployment,
identity_attribute: self.email.data
}
self.user = _datastore.find_user(**kwargs)
if self.user:
break
if self.user is None:
self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
if not self.user.password:
self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
return False
if not verify_and_update_password(self.password.data, self.user):
self.password.errors.append(get_message('INVALID_PASSWORD')[0])
return False
if requires_confirmation(self.user):
self.email.errors.append(
get_message('CONFIRMATION_REQUIRED')[0])
return False
if not self.user.is_active:
self.email.errors.append(get_message('DISABLED_ACCOUNT')[0])
return False
return True
def set_pass(self, user, passw):
"""
Regenerate an user's password hash.
"""
verify_and_update_password(passw, user)
return True
def verify_and_update_password(self, password):
return verify_and_update_password(password, self)
