def signed_in_person():
email_address = request.environ.get("REMOTE_USER")
if email_address is None:
return None
person = Person.find_by_email(email_address, True)
return person
def check(self, app, environ, start_response):
if not environ.get('REMOTE_USER'):
raise NotAuthenticatedError('Not Authenticated')
person = Person.find_by_email(environ['REMOTE_USER'])
if person is None:
environ['auth_failure'] = 'NO_USER'
raise NotAuthorizedError(
'You are not one of the users allowed to access this resource.'
)
funding = Funding.find_by_id(self.funding_id)
if funding is None:
raise NotAuthorizedError(
"Funding Request doesn't exist"
)
if person != funding.person:
set_role("User doesn't have any of the specified roles")
raise NotAuthorizedError(
"User doesn't have any of the specified roles"
)
return app(environ, start_response)
def validate_python(self, values, state):
assertion = values['assertion']
audience = h.url_for(qualified=True, controller='home').strip("/")
page = urllib2.urlopen('https://verifier.login.persona.org/verify',
urllib.urlencode({ "assertion": assertion,
"audience": audience}))
data = json.load(page)
if data['status'] == 'okay':
c.email = data['email']
c.person = Person.find_by_email(c.email)
if c.person is None:
if not Config.get('account_creation'):
error_message = "Your sign-in details are incorrect; try the 'Forgotten your password' link below."
message = "Login failed"
error_dict = {'email_address': error_message}
raise Invalid(message, values, state, error_dict=error_dict)
# Create a new account for this email address
c.person = Person()
c.person.email_address = data['email']
c.person.activated = True
meta.Session.add(c.person)
meta.Session.commit()
if not c.person.activated:
# Persona returns verified emails only, so might as well confirm this one...
c.person.activated = True
meta.Session.commit()
def _forgotten_password(self):
"""Action to let the user request a password change.
GET returns a form for emailing them the password change
confirmation.
POST checks the form and then creates a confirmation record:
date, email_address, and a url_hash that is a hash of a
combination of date, email_address, and a random nonce.
The email address must exist in the person database.
The second half of the password change operation happens in
the ``confirm`` action.
"""
c.email = self.form_result['email_address']
c.person = Person.find_by_email(c.email)
if c.person is not None:
# Check if there is already a password recovery in progress
reset = PasswordResetConfirmation.find_by_email(c.email)
if reset is not None:
return render('person/in_progress.mako')
# Ok kick one off
c.conf_rec = PasswordResetConfirmation(email_address=c.email)
meta.Session.add(c.conf_rec)
meta.Session.commit()
email(c.email, render('person/confirmation_email.mako'))
return render('person/password_confirmation_sent.mako')
def check(self, app, environ, start_response):
if not environ.get('REMOTE_USER'):
set_redirect()
raise NotAuthenticatedError('Not Authenticated')
person = Person.find_by_email(environ['REMOTE_USER'])
if person is None:
environ['auth_failure'] = 'NO_USER'
raise NotAuthorizedError(
'You are not one of the users allowed to access this resource.'
)
registration = Registration.find_by_id(self.registration_id)
if registration is None:
raise NotAuthorizedError(
"Registration doesn't exist"
)
if person.id <> registration.person_id:
set_role("Registration is not for this user");
raise NotAuthorizedError(
"Registration is not for this user"
)
return app(environ, start_response)
def signed_in_person():
email_address = request.environ.get("REMOTE_USER")
if email_address is None:
return None
person = Person.find_by_email(email_address, True)
return person
def check(self, app, environ, start_response):
if not environ.get('REMOTE_USER'):
set_redirect()
raise NotAuthenticatedError('Not Authenticated')
person = Person.find_by_email(environ['REMOTE_USER'])
if person is None:
environ['auth_failure'] = 'NO_USER'
raise NotAuthorizedError(
'You are not one of the users allowed to access this resource.'
)
proposal = Proposal.find_by_id(self.proposal_id)
if proposal is None:
raise NotAuthorizedError(
"Proposal doesn't exist"
)
if person not in proposal.people:
set_role("User doesn't have any of the specified roles")
raise NotAuthorizedError(
"User doesn't have any of the specified roles"
)
return app(environ, start_response)
def validate_python(self, values, state):
person = Person.find_by_email(values['email_address'])
if person is not None:
msg = "A person with this email already exists. Please try signing in first."
raise Invalid(msg,
values,
state,
error_dict={'email_address': msg})
def validate_python(self, values, state):
c.email = values['email_address']
c.person = Person.find_by_email(c.email)
error_message = None
if c.person is None or not c.person.check_password(values['password']):
error_message = ("Your sign-in details are incorrect; try the"
" 'Forgotten your password' link below or sign up"
" for a new person.")
message = "Login failed"
error_dict = {'email_address': error_message}
raise Invalid(message, values, state, error_dict=error_dict)
def user_exists(self, username):
"""
Returns ``True`` if the user exists, ``False`` otherwise. Users are
case insensitive.
"""
person = Person.find_by_email(username)
if person is not None:
return True
return False
def check(self, app, environ, start_response):
"""
Should return True if the user has the role or
False if the user doesn't exist or doesn't have the role.
In this implementation role names are case insensitive.
"""
if not environ.get('REMOTE_USER'):
if self.error:
raise self.error
set_redirect()
raise NotAuthenticatedError('Not authenticated')
for role in self.roles:
if not self.role_exists(role):
raise NotAuthorizedError("No such role %r exists"%role)
person = Person.find_by_email(environ['REMOTE_USER'])
if person is None:
raise users.AuthKitNoSuchUserError(
"No such user %r" % environ['REMOTE_USER'])
if not person.activated:
#set_role('User account must be activated')
raise NotAuthorizedError(
"User account must be activated"
)
if self.all:
for role in self.roles:
if not self.user_has_role(person, role):
if self.error:
raise self.error
else:
set_role("User doesn't have the role %s"%role.lower())
raise NotAuthorizedError(
"User doesn't have the role %s"%role.lower()
)
return app(environ, start_response)
else:
for role in self.roles:
if self.user_has_role(person, role):
return app(environ, start_response)
if self.error:
raise self.error
else:
set_role("User doesn't have any of the specified roles")
raise NotAuthorizedError(
"User doesn't have any of the specified roles"
)
def validate_python(self, values, state):
c.email = values['email_address']
c.person = Person.find_by_email(c.email)
error_message = None
if c.person is None:
error_message = "Your sign-in details are incorrect; try the 'Forgotten your password' link below or sign up for a new person."
elif not c.person.activated:
error_message = "You haven't yet confirmed your registration, please refer to your email for instructions on how to do so."
elif not c.person.check_password(values['password']):
error_message = "Your sign-in details are incorrect; try the 'Forgotten your password' link below or sign up for a new person."
if error_message:
message = "Login failed"
error_dict = {'email_address': error_message}
raise Invalid(message, values, state, error_dict=error_dict)
def validate_python(self, values, state):
c.email = values['email_address']
c.person = Person.find_by_email(c.email)
error_message = None
if c.person is None:
error_message = "Your sign-in details are incorrect; try the 'Forgotten your password' link below or sign up for a new person."
elif not c.person.activated:
error_message = "You haven't yet confirmed your registration, please refer to your email for instructions on how to do so."
elif not c.person.check_password(values['password']):
error_message = "Your sign-in details are incorrect; try the 'Forgotten your password' link below or sign up for a new person."
if error_message:
message = "Login failed"
error_dict = {'email_address': error_message}
raise Invalid(message, values, state, error_dict=error_dict)
def check(self, app, environ, start_response):
if not environ.get('REMOTE_USER'):
set_redirect()
raise NotAuthenticatedError('Not Authenticated')
person = Person.find_by_email(environ['REMOTE_USER'])
if Person is None:
environ['auth_failure'] = 'NO_USER'
raise NotAuthorizedError(
'You are not one of the users allowed to access this resource.'
)
return app(environ, start_response)
def check(self, app, environ, start_response):
if not environ.get('REMOTE_USER'):
set_redirect()
raise NotAuthenticatedError('Not Authenticated')
person = Person.find_by_email(environ['REMOTE_USER'])
if Person is None:
environ['auth_failure'] = 'NO_USER'
raise NotAuthorizedError(
'You are not one of the users allowed to access this resource.'
)
return app(environ, start_response)
def _reset_password(self, url_hash):
"""Confirm a password change request, and let the user change
their password.
`url_hash` is a hash of the email address, with which we can
look up the confuirmation record in the database.
If `url_hash` doesn't exist, 404.
If `url_hash` exists and the date is older than 24 hours,
warn the user, offer to send a new confirmation, and delete the
confirmation record.
GET returns a form for setting their password, with their email
address already shown.
POST checks that the email address (in the session, not in the
form) is part of a valid person record (again). If the record
exists, then update the password, hashed. Report success to the
user. Delete the confirmation record.
If the record doesn't exist, throw an error, delete the
confirmation record.
"""
c.conf_rec = PasswordResetConfirmation.find_by_url_hash(url_hash)
now = datetime.datetime.now(c.conf_rec.timestamp.tzinfo)
delta = now - c.conf_rec.timestamp
if delta > datetime.timedelta(hours=24):
# this confirmation record has expired
meta.Session.delete(c.conf_rec)
meta.Session.commit()
return render('person/expired.mako')
c.person = Person.find_by_email(c.conf_rec.email_address)
if c.person is None:
raise RuntimeError, "Person doesn't exist %s" % c.conf_rec.email_address
# set the password
c.person.password = self.form_result['password']
# also make sure the person is activated
c.person.activated = True
# delete the conf rec
meta.Session.delete(c.conf_rec)
meta.Session.commit()
h.flash('Your password has been updated!')
self.finish_login(c.person.email_address)
def check(self, app, environ, start_response):
"""
Should return True if the user has the role or
False if the user doesn't exist or doesn't have the role.
In this implementation role names are case insensitive.
"""
if not environ.get('REMOTE_USER'):
if self.error:
raise self.error
set_redirect()
raise NotAuthenticatedError('Not authenticated')
for role in self.roles:
if not self.role_exists(role):
raise Exception("No such role %r exists" % role)
person = Person.find_by_email(environ['REMOTE_USER'])
if person is None:
raise users.AuthKitNoSuchUserError("No such user %r" %
environ['REMOTE_USER'])
if not person.activated:
#set_role('User account must be activated')
raise NotAuthorizedError("User account must be activated")
if self.all:
for role in self.roles:
if not self.user_has_role(person, role):
if self.error:
raise self.error
else:
set_role("User doesn't have the role %s" %
role.lower())
raise NotAuthorizedError(
"User doesn't have the role %s" % role.lower())
return app(environ, start_response)
else:
for role in self.roles:
if self.user_has_role(person, role):
return app(environ, start_response)
if self.error:
raise self.error
else:
set_role("User doesn't have any of the specified roles")
raise NotAuthorizedError(
"User doesn't have any of the specified roles")
def user_has_role(self, username, role):
"""
Returns ``True`` if the user has the role specified, ``False``
otherwise. Raises an exception if the user doesn't exist.
"""
if not self.user_exists(username.lower()):
raise users.AuthKitNoSuchUserError("No such user %r"%username.lower())
if not self.role_exists(role.lower()):
raise users.AuthKitNoSuchRoleError("No such role %r"%role.lower())
person = Person.find_by_email(username)
if person is None:
return False
for role_ in person.roles:
if role_.name == role.lower():
return True
return False
def check(self, app, environ, start_response):
if not environ.get('REMOTE_USER'):
set_redirect()
raise NotAuthenticatedError('Not Authenticated')
person = Person.find_by_email(environ['REMOTE_USER'])
if person is None:
set_redirect()
environ['auth_failure'] = 'NO_USER'
raise NotAuthorizedError(
'You are not one of the users allowed to access this resource.'
)
if not person.activated:
set_redirect()
if 'is_active' in dir(meta.Session):
meta.Session.flush()
meta.Session.close()
redirect(url(controller="person", action="activate"))
return app(environ, start_response)
def check(self, app, environ, start_response):
if not environ.get('REMOTE_USER'):
set_redirect()
raise NotAuthenticatedError('Not Authenticated')
person = Person.find_by_email(environ['REMOTE_USER'])
if person is None:
set_redirect()
environ['auth_failure'] = 'NO_USER'
raise NotAuthorizedError(
'You are not one of the users allowed to access this resource.'
)
if not person.activated:
set_redirect()
if 'is_active' in dir(meta.Session):
meta.Session.flush()
meta.Session.close()
redirect(url(controller="person", action="activate"))
return app(environ, start_response)
def validate_python(self, values, state):
person = Person.find_by_email(values['email_address'])
if person is not None:
msg = "A person with this email already exists. Please try signing in first."
raise Invalid(msg, values, state, error_dict={'email_address': msg})
def validate_python(self, value, state):
person = Person.find_by_email(value)
if person is None:
msg = 'Your supplied e-mail does not exist in our database. Please try again or if you continue to have problems, contact %s.' % klf_info['contact_email']
raise Invalid(msg, value, state, error_dict={'email_address': msg})
def validate_python(self, value, state):
person = Person.find_by_email(value)
if person is None:
msg = 'Your supplied e-mail does not exist in our database. Please try again or if you continue to have problems, contact %s.' % lca_info[
'contact_email']
raise Invalid(msg, value, state, error_dict={'email_address': msg})
