def is_login_expired(res=None):
"""If expiry is configured, check timestamp
Args:
res (hash): If a hash and return is True, will contain (uid, expiry, and now).
Returns:
bool: true if login is expired
"""
if not cfg.expiry_days:
return False
n = int(srtime.utc_now_as_float())
t = int(cookie.unchecked_get_value(_COOKIE_EXPIRY_TIMESTAMP, 0))
if n <= t:
# cached timestamp less than expiry
return False
# db expiry at most one day from now so we can change expiry_days
# and (in any event) ensure expiry is checked once a day. This
# would also allow us to extend the expired period in the db.
u = auth.logged_in_user()
r = auth.user_registration(u)
t = r.created + cfg.expiry_days
n = srtime.utc_now()
if n > t:
if res is not None:
res.update(uid=u, expiry=t, now=n)
return True
# set expiry in cookie
t2 = n + _ONE_DAY
if t2 < t:
t = t2
t -= datetime.datetime.utcfromtimestamp(0)
cookie.set_value(_COOKIE_EXPIRY_TIMESTAMP, int(t.total_seconds()))
return False
def api_authEmailAuthorized(simulation_type, token):
"""Clicked by user in an email
Token must exist in db and not be expired.
"""
if http_request.is_spider():
sirepo.util.raise_forbidden('robots not allowed')
req = http_request.parse_params(type=simulation_type)
with auth_db.thread_lock:
u = AuthEmailUser.search_by(token=token)
if u and u.expires >= srtime.utc_now():
n = _verify_confirm(req.type, token,
auth.need_complete_registration(u))
u.query.filter(
(AuthEmailUser.user_name == u.unverified_email),
AuthEmailUser.unverified_email != u.unverified_email,
).delete()
u.user_name = u.unverified_email
u.token = None
u.expires = None
u.save()
auth.login(this_module, sim_type=req.type, model=u, display_name=n)
raise AssertionError('auth.login returned unexpectedly')
if not u:
pkdlog('login with invalid token={}', token)
else:
pkdlog(
'login with expired token={}, email={}',
token,
u.unverified_email,
)
# if user is already logged in via email, then continue to the app
if auth.user_if_logged_in(AUTH_METHOD):
pkdlog(
'user already logged in. ignoring invalid token: {}, user: {}',
token,
auth.logged_in_user(),
)
raise sirepo.util.Redirect(sirepo.uri.local_route(req.type))
auth.login_fail_redirect(req.type, this_module, 'email-token')
def purge_guest_users(days=180, confirm=False):
"""Remove old users from db which have not registered.
Args:
days (int): maximum days of untouched files (old is mtime > days)
confirm (bool): delete the directories if True (else don't delete) [False]
Returns:
(list, list): dirs and uids of removed guest users (or to remove if confirm)
"""
days = int(days)
assert days >= 1, \
'{}: days must be a positive integer'
server.init()
from sirepo import srtime
guest_uids = auth.guest_uids()
now = srtime.utc_now()
dirs_and_uids = {}
for d in pkio.sorted_glob(simulation_db.user_dir_name().join('*')):
uid = simulation_db.uid_from_dir_name(d)
if _is_src_dir(d):
continue
if uid not in guest_uids:
continue
for f in pkio.walk_tree(d):
if (now - now.fromtimestamp(f.mtime())).days <= days:
break
else:
dirs_and_uids[d] = uid
if confirm:
pkio.unchecked_remove(*dirs_and_uids.keys())
auth_db.UserRegistration.delete_all_for_column_by_values(
'uid', dirs_and_uids.values())
return dirs_and_uids
def create_token(self):
self.expires = srtime.utc_now() + _EXPIRES_DELTA
self.token = sirepo.util.create_token(self.unverified_email)
