def authenticate(self, identification, password=None, check_password=True):
session = orm.sessionmaker()
org_key = Organization.resource_name.lower() + '_id'
user = None
try:
# if it looks like an email, lookup against the email column
django.core.validators.validate_email(identification)
filters = {'email': identification}
if auth_settings.BAPH_AUTH_UNIQUE_WITHIN_ORG:
filters[org_key] = Organization.get_current_id()
user = session.query(User).filter_by(**filters).first()
except django.core.validators.ValidationError:
# this wasn't an email
pass
if not user:
# email lookup failed, try username lookup if enabled
if auth_settings.BAPH_AUTH_WITHOUT_USERNAMES:
# usernames are not valid login credentials
return None
filters = {User.USERNAME_FIELD: identification}
if auth_settings.BAPH_AUTH_UNIQUE_WITHIN_ORG:
filters[org_key] = Organization.get_current_id()
user = session.query(User).filter_by(**filters).first()
if not user:
return None
if check_password:
if user.check_password(password):
return user
return None
else: return user
def authenticate(self, identification, password=None, check_password=True):
session = orm.sessionmaker()
org_key = Organization.resource_name.lower() + '_id'
user = None
try:
# if it looks like an email, lookup against the email column
django.core.validators.validate_email(identification)
filters = {'email': identification}
if auth_settings.BAPH_AUTH_UNIQUE_WITHIN_ORG:
filters[org_key] = Organization.get_current_id()
user = session.query(User).filter_by(**filters).first()
except django.core.validators.ValidationError:
# this wasn't an email
pass
if not user:
# email lookup failed, try username lookup if enabled
if auth_settings.BAPH_AUTH_WITHOUT_USERNAMES:
# usernames are not valid login credentials
return None
filters = {User.USERNAME_FIELD: identification}
if auth_settings.BAPH_AUTH_UNIQUE_WITHIN_ORG:
filters[org_key] = Organization.get_current_id()
user = session.query(User).filter_by(**filters).first()
if not user:
return None
if check_password:
if user.check_password(password):
return user
return None
else:
return user
def send_activation_email(self):
"""
Sends a activation email to the user.
This email is send when the user wants to activate their newly created
user.
"""
context = {'user': self.user,
'without_usernames': settings.BAPH_AUTH_WITHOUT_USERNAMES,
'protocol': get_protocol(),
'activation_days': settings.BAPH_ACTIVATION_DAYS,
'activation_key': self.activation_key,
'org': Organization.get_current(),
}
subject = render_to_string('registration/emails/activation_email_subject.txt',
context)
subject = ''.join(subject.splitlines())
message = render_to_string('registration/emails/activation_email_message.txt',
context)
send_mail(subject,
message,
django_settings.DEFAULT_FROM_EMAIL,
[self.user.email, ])
def get_consumer(self, request, oauth_request, consumer_key):
org_id = Organization.get_current_id(request)
col_key = Organization.get_column_key()
col = getattr(User, col_key)
session = orm.sessionmaker()
consumer = (
session.query(OAuthConsumer)
.join(OAuthConsumer.user)
.filter(OAuthConsumer.key == oauth_request["oauth_consumer_key"])
.filter(or_(col == org_id, User.is_superuser == True))
.first()
)
if not consumer:
raise InvalidConsumerError()
return consumer
def send_confirmation_email(self):
"""
Sends an email to confirm the new email address.
This method sends out two emails. One to the new email address that
contains the ``email_confirmation_key`` which is used to verify this
this email address with :func:`UserenaUser.objects.confirm_email`.
The other email is to the old email address to let the user know that
a request is made to change this email address.
"""
context = {'user': self.user,
'without_usernames': settings.BAPH_AUTH_WITHOUT_USERNAMES,
'new_email': self.email_unconfirmed,
'protocol': get_protocol(),
'confirmation_key': self.email_confirmation_key,
'org': Organization.get_current(),
}
# Email to the old address, if present
subject_old = render_to_string(
'registration/emails/confirmation_email_subject_old.txt', context)
subject_old = ''.join(subject_old.splitlines())
message_old = render_to_string(
'registration/emails/confirmation_email_message_old.txt', context)
if self.user.email:
send_mail(subject_old,
message_old,
django_settings.DEFAULT_FROM_EMAIL,
[self.user.email])
# Email to the new address
subject_new = render_to_string(
'registration/emails/confirmation_email_subject_new.txt', context)
subject_new = ''.join(subject_new.splitlines())
message_new = render_to_string(
'registration/emails/confirmation_email_message_new.txt', context)
send_mail(subject_new,
message_new,
django_settings.DEFAULT_FROM_EMAIL,
[self.email_unconfirmed, ])
def clean_email(self):
filters = {'email': self.cleaned_data['email']}
if settings.BAPH_AUTH_UNIQUE_WITHIN_ORG:
org_key = Organization._meta.model_name + '_id'
filters[org_key] = Organization.get_current_id()
session = orm.sessionmaker()
user = session.query(User) \
.options(joinedload('signup')) \
.filter_by(**filters) \
.first()
if user and user.signup and user.signup.activation_key != settings.BAPH_ACTIVATED:
raise forms.ValidationError(_('This email is already taken but '
'not yet confirmed. Please check your email for verification '
'steps.'))
if user:
raise forms.ValidationError(_('This email is already taken'))
return self.cleaned_data['email']
def get_current_permissions(self):
if hasattr(self, '_perm_cache'):
return self._perm_cache
from baph.auth.models import Organization
current_org_id = str(Organization.get_current_id())
perms = {}
for org_id, org_perms in self.get_all_permissions().items():
if not org_id in (None, current_org_id):
continue
for rsrc, rsrc_perms in org_perms.items():
if not rsrc in perms:
perms[rsrc] = {}
for action, action_perms in rsrc_perms.items():
if not action in perms[rsrc]:
perms[rsrc][action] = set()
perms[rsrc][action].update(action_perms)
setattr(self, '_perm_cache', perms)
return perms
def get_current_permissions(self):
if hasattr(self, '_perm_cache'):
return self._perm_cache
from baph.auth.models import Organization
current_org_id = str(Organization.get_current_id())
perms = {}
for org_id, org_perms in self.get_all_permissions().items():
if not org_id in (None, current_org_id):
continue
for rsrc, rsrc_perms in org_perms.items():
if not rsrc in perms:
perms[rsrc] = {}
for action, action_perms in rsrc_perms.items():
if not action in perms[rsrc]:
perms[rsrc][action] = set()
perms[rsrc][action].update(action_perms)
setattr(self, '_perm_cache', perms)
return perms
def clean_email(self):
""" Validate that the email is not already in use """
if self.cleaned_data['email'].lower() == self.user.email:
raise forms.ValidationError(_(u'You\'re already known under this '
'email.'))
filters = {'email': self.cleaned_data['email']}
if settings.BAPH_AUTH_UNIQUE_WITHIN_ORG:
org_key = Organization._meta.model_name + '_id'
filters[org_key] = Organization.get_current_id()
session = orm.sessionmaker()
user = session.query(User) \
.filter(User.email != self.user.email) \
.filter_by(**filters) \
.first()
if user:
raise forms.ValidationError(_(u'This email is already in use. '
'Please supply a different email.'))
return self.cleaned_data['email']
def save(self, domain_override=None,
subject_template_name='registration/password_reset_subject.txt',
email_template_name='registration/password_reset_email.html',
use_https=False, token_generator=default_token_generator,
from_email=None, request=None):
'''Generates a one-use only link for resetting password and sends to
the user.
'''
from django.core.mail import send_mail
for user in self.users_cache:
if not user.has_usable_password():
continue
if not domain_override:
org = Organization.get_current()
if isinstance(org, dict):
site_name = org['name']
domain = org['host']
else:
site_name = org.name
domain = org.host
else:
site_name = domain = domain_override
site_name =None
c = {
'email': user.email,
'domain': domain,
'site_name': site_name,
'uid': int_to_base36(user.id),
'user': user,
'token': token_generator.make_token(user),
'protocol': use_https and 'https' or 'http',
}
subject = render_to_string(subject_template_name, \
RequestContext(request, c))
subject = ''.join(subject.splitlines())
email = render_to_string(email_template_name, \
RequestContext(request, c))
send_mail(subject, email, from_email, [user.email])
def clean_org_unique_field(self, key, **kwargs):
org_key = Organization._meta.model_name + '_id'
kwargs[org_key] = Organization.get_current_id()
return self.clean_unique_field(key, **kwargs)
