def create_password_reset_token(self, email):
"""Sets password reset token for user.
:param email: Email to be used.
:return: [User, password reset token, token expiration in seconds]. ``None`` if user is disabled or is not email login based.
"""
user = self.get_by_email(email)
assert user, "Got password reset request for non-existing email".format(
email)
if not self.can_login(user):
return None
activation_token_expiry_seconds = int(
self.registry.settings.get(
"tm.registry.activation_token_expiry_seconds", 24 * 3600))
activation = self.Activation()
activation.expires_at = now() + timedelta(
seconds=activation_token_expiry_seconds)
self.dbsession.add(activation)
self.dbsession.flush()
user.activation = activation
assert user.activation.code, "Could not generate the password reset code"
return user, activation.code, activation_token_expiry_seconds
def user_auth_details_changes(event: UserAuthSensitiveOperation):
"""Default logic how to invalidate sessions on user auth detail changes.
If you are using different session management model you can install a custom handle.
:param event: Incoming event instance
"""
user = event.user
# Update the timestamp which session validation checks on every request
user.last_auth_sensitive_operation_at = now()
def activate_user(request, dbsession: Session, user: User):
"""Checks to perform when the user becomes a valid user for the first time.
If this user has already started sign up process through email we need to cancel that.
"""
user.activated_at = now()
# Cancel any pending email activations if the user chooses the option to use social media login
if user.activation:
dbsession.delete(user.activation)
def reset_password(self, user, password):
"""Reset user password and clear all pending activation issues.
:param user: User object,
:param password: New password.
"""
self.set_password(user, password)
if not user.activated_at:
user.activated_at = now()
self.dbsession.delete(user.activation)
def update_login_data(self, user: User):
"""Update last_login_at and last_login_ip on User object.
If this is the User first login, trigger FirstLogin event.
:param user: User object.
"""
request = self.request
if not user.last_login_at:
e = events.FirstLogin(request, user)
request.registry.notify(e)
# Update user security details
user.last_login_at = now()
user.last_login_ip = request.client_addr
def create_blank_user(self, user_model: t.Callable[..., User],
dbsession: Session, email: str) -> User:
"""Create a new blank user instance as we could not find matching user with the existing details.
:param user_model: Class to be used for user creation.
:param dbsession: SQLAlchemy Session object.
:param email: User email.
:return: Newly created user.
"""
user = user_model(email=email)
dbsession.add(user)
dbsession.flush()
user.username = user.generate_username()
user.registration_source = self.provider_id
user.activated_at = now()
return user
def create_email_activation_token(self, user):
"""Create activation token for the user to be used in the email
:param user: User object.
:return: Tuple (email activation code, expiration in seconds)
"""
activation = self.Activation()
activation_token_expiry_seconds = int(
self.registry.settings.get(
"tm.registry.activation_token_expiry_seconds", 24 * 3600))
activation.expires_at = now() + timedelta(
seconds=activation_token_expiry_seconds)
self.dbsession.add(activation)
self.dbsession.flush()
user.activation = activation
return activation.code, activation_token_expiry_seconds
def create(dbsession,
username: str,
email: str,
password: t.Optional[str] = None,
source: str = 'initialize_db_script',
admin: bool = False) -> User:
"""Create a new site user from command line.
:param dbsession:
:param username: Username, usually an email.
:param email: User's email.
:param password: Password.
:param source: Source of this user, in here, initialize_db_script.
:param admin: Set this user to admin. The first user is always implicitly admin.
:return: Newly created user.
"""
u = dbsession.query(User).filter_by(email=email).first()
if u is not None:
return u
u = User(email=email, username=username)
dbsession.add(u)
dbsession.flush() # Make sure u.user_data is set
if password:
# from tm.system.user.userregistry import UserRegistry
# user_registry = UserRegistry()
# user_registry.set_password(u, password)
from tm.system.user.password import Argon2Hasher
hasher = Argon2Hasher()
hashed = hasher.hash_password(password)
u.hashed_password = hashed
u.registration_source = source
u.activated_at = now()
# request.registry.notify(UserCreated(request, u))
if admin:
group = dbsession.query(Group).filter_by(name='admin').one_or_none()
group.users.append(u)
return u
def activate_user_by_email_token(self, token):
"""Get user by a password token issued earlier.
Consume any activation token.
:param token: Password token to be used to return the user.
:return: User instance of none if token is not found.
"""
activation = self.dbsession.query(
self.Activation).filter(self.Activation.code == token).first()
if activation:
if activation.is_expired():
return None
user = self.get_by_activation(activation)
user.activated_at = now()
self.dbsession.delete(activation)
return user
return None
def create_authorization_code(self, user: User, login_source: str = None):
"""Sets authorization code for user.
:param user: User
:return: [User, authorization_code, authorization_code_expiry_seconds]. ``None`` if user is not allowed to login
"""
if not user.can_login():
return None
authorization_code_expiry_seconds = int(
self.registry.settings.get(
"tm.oauth.authorization_code_expiry_seconds", 30))
auth_code = self.AuthorizationCode()
auth_code.expires_at = now() + timedelta(
seconds=authorization_code_expiry_seconds)
self.dbsession.add(auth_code)
self.dbsession.flush()
user.authorization_code = auth_code
assert user.authorization_code.code, "Could not generate the authorization code"
return user, auth_code.code, authorization_code_expiry_seconds