Esempio n. 1
0
File: forms.py Progetto: leiyue/seed
    def validate(self):
        if not super(ExtendedLoginForm, self).validate():
            return False

        if self.login_name.data.strip() == '':
            self.login_name.errors.append(get_message('EMAIL_NOT_PROVIDED')[0])
            return False

        if self.password.data.strip() == '':
            self.password.errors.append(get_message('PASSWORD_NOT_PROVIDED')[0])
            return False

        self.user = _datastore.get_user(self.login_name.data)

        if self.user is None:
            self.login_name.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
            return False

        if not self.user.password:
            self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
            return False

        if not verify_and_update_password(self.password.data, self.user):
            self.password.errors.append(get_message('INVALID_PASSWORD')[0])
            return False

        if not self.user.is_active:
            self.login_name.errors.append(get_message('DISABLED_ACCOUNT')[0])
            return False

        return True
Esempio n. 2
0
    def validate(self):

        if self.name.data.strip() == '':
            self.name.errors.append(get_message('NAME_NOT_PROVIDED')[0])
            return False

        if self.password.data.strip() == '':
            self.password.errors.append(
                get_message('PASSWORD_NOT_PROVIDED')[0])
            return False

        self.user = User.first(name=self.name.data)
        if self.user is None:
            self.user = User.create(name=self.name.data,
                                    active=True,
                                    password=encrypt_password(
                                        self.password.data))
            return True

        if self.user is None:
            self.name.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
            return False
        if not self.user.password:
            self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
            return False
        if not verify_and_update_password(self.password.data, self.user):
            self.password.errors.append(get_message('INVALID_PASSWORD')[0])
            return False
        return True
Esempio n. 3
0
def verify_pw(username, password):
    user = services.users.get(email=username)

    if not user:
        return False

    return verify_and_update_password(password, user)
Esempio n. 4
0
    def validate(self):
        if not super(DeploymentLoginForm, self).validate():
            return False

        if self.email.data.strip() == '':
            self.email.errors.append(get_message('EMAIL_NOT_PROVIDED')[0])
            return False

        if self.password.data.strip() == '':
            self.password.errors.append(
                get_message('PASSWORD_NOT_PROVIDED')[0])
            return False

        self.user = _datastore.find_user(email=self.email.data,
                                         deployment=g.deployment)

        if self.user is None:
            self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
            return False
        if not self.user.password:
            self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
            return False
        if not verify_and_update_password(self.password.data, self.user):
            self.password.errors.append(get_message('INVALID_PASSWORD')[0])
            return False
        if requires_confirmation(self.user):
            self.email.errors.append(get_message('CONFIRMATION_REQUIRED')[0])
            return False
        if not self.user.is_active():
            self.email.errors.append(get_message('DISABLED_ACCOUNT')[0])
            return False
        return True
Esempio n. 5
0
    def validate_password(form, field):
        user = db.session.query(User).filter_by(email=form.email.data).first()
        if not user:
            raise ValidationError('Inccorect Email or Password combination')
        if not verify_and_update_password(field.data, user):
            raise ValidationError('Inccorect Email or Password combination')

        login_user(user)
Esempio n. 6
0
def authenticate(username, password):
    user = _datastore.get_user(username)
    if user and verify_and_update_password(password, user):
        _log.info("%s authenticated successfully", username)
        return user
    if not user:
        _log.warn("Authentication failed; unknown username %s", username)
    else:
        _log.warn("Authentication failed; invalid password for %s", username)
Esempio n. 7
0
def _check_json_auth():
    security = current_app.extensions['security']
    auth = request.get_json()
    user = security.datastore.find_user(email=auth['email'])

    if user and utils.verify_and_update_password(auth['password'], user):
        utils.login_user(user)
        return True

    return False
Esempio n. 8
0
File: forms.py Progetto: leiyue/seed
    def validate(self):
        if not super(ExtendedChangePasswordForm, self).validate():
            return False

        if not verify_and_update_password(self.password.data, current_user):
            self.password.errors.append(get_message('INVALID_PASSWORD')[0])
            return False
        if self.password.data.strip() == self.new_password.data.strip():
            self.password.errors.append(get_message('PASSWORD_IS_THE_SAME')[0])
            return False
        return True
Esempio n. 9
0
    def index(self):
        login_user_form = LoginForm()

        if login_user_form.validate_on_submit():
            user = user_datastore.get_user(login_user_form.email.data)
            if verify_and_update_password(login_user_form.password.data, user):
                login_user(user, login_user_form.remember.data)
                return self.render(
                    'admin/master.html')  #redirect(url_for('indexview.index'))

        #self._template_args['login_user_form'] = login_user_form
        return render_template('members.html', login_user_form=login_user_form)


#class NewsPostView(sqla.ModelView):

#    column_list = ['title', 'content', 'date', 'live']
#    column_editable_list = ('live',)
#    form_columns = ['title', 'content']
#    form_widget_args = {
#        'content': {
#            'rows': 15
#        }
#    }

#    def is_accessible(self):
#        return current_user.is_authenticated

#def get_save_return_url(self, model, is_created):
#    return url_for('newspost.index_view')

#def _handle_view(self, name, **kwargs):
#    if not self.is_accessible():
#        return redirect(url_for('loginview.index', next=request.url))

#    def __init__(self, session, **kwargs):
#        super(NewsPostView, self).__init__(NewsPost, session, **kwargs)

#class CategoryView(sqla.ModelView):

#    form_columns = ['name']
#    column_labels = dict(name='Category')

#    def is_accessible(self):
#        return current_user.is_authenticated

#def _handle_view(self, name, **kwargs):
#    if not self.is_accessible():
#        return redirect(url_for('loginview.index', next=request.url))

#    def __init__(self, session,  **kwargs):
#        super(CategoryView, self).__init__(Category, session, **kwargs)
Esempio n. 10
0
    def index(self):
        login_user_form = LoginForm()

        if login_user_form.validate_on_submit():
            user = user_datastore.get_user(login_user_form.email.data)
            if verify_and_update_password(login_user_form.password.data, user):
                login_user(user, login_user_form.remember.data)
                return self.render('admin/master.html')#redirect(url_for('indexview.index'))

        #self._template_args['login_user_form'] = login_user_form
        return render_template('members.html', login_user_form=login_user_form)

#class NewsPostView(sqla.ModelView):

#    column_list = ['title', 'content', 'date', 'live']
#    column_editable_list = ('live',)
#    form_columns = ['title', 'content']
#    form_widget_args = {
#        'content': {
#            'rows': 15
#        }
#    }

#    def is_accessible(self):
#        return current_user.is_authenticated

    #def get_save_return_url(self, model, is_created):
    #    return url_for('newspost.index_view')

    #def _handle_view(self, name, **kwargs):
    #    if not self.is_accessible():
    #        return redirect(url_for('loginview.index', next=request.url))

#    def __init__(self, session, **kwargs):
#        super(NewsPostView, self).__init__(NewsPost, session, **kwargs)

#class CategoryView(sqla.ModelView):

#    form_columns = ['name']
#    column_labels = dict(name='Category')

#    def is_accessible(self):
#        return current_user.is_authenticated

    #def _handle_view(self, name, **kwargs):
    #    if not self.is_accessible():
    #        return redirect(url_for('loginview.index', next=request.url))

#    def __init__(self, session,  **kwargs):
#        super(CategoryView, self).__init__(Category, session, **kwargs)
Esempio n. 11
0
def authenticate(username, password):
    user = _datastore.get_user(username)

    if user and verify_and_update_password(password, user) and user.roles:
        _log.info("%s authenticated successfully, logging in", username)
        login_user(user)
        user.save() #Saving just in case to make sure the login stats are tracked.
        _request_ctx_stack.top.current_user = user
        return user

    if not user:
        _log.warn("Authentication failed; unknown username %s", username)
    else:
        _log.warn("Authentication failed; invalid password for %s", username)
        if not user.roles:
            _log.warn("Authentication failed; No user roles found.")
Esempio n. 12
0
def load_user_from_request(request):
    apikey = request.headers.environ.get('HTTP_X_API_KEY', None)
    if apikey:
        user = user_datastore.find_user(apikey=apikey)
        if not user:
            return None
    else:
        auth = request.headers.get('Authorization')
        if not auth or auth.count(':') != 1:
            return None
        login, password = auth.split(':')
        user = user_datastore.find_user(email=login.strip())
        if user is None:
            return None
        if not verify_and_update_password(password.strip(), user):
            return None
    return user if login_user(user) else None
Esempio n. 13
0
    def validate(self):
        rv = Form.validate(self)
        if not rv:
            return False

        user = db.session.query(User)\
            .filter(func.lower(User.email) == func.lower(self.email.data))\
            .first()
        if user is None:
            self.email.errors.append('Email address is not registered')
            return False

        if not verify_and_update_password(self.password.data, user):
            self.password.errors.append('Password is not valid')
            return False

        self.user = user
        return True
Esempio n. 14
0
    def validate(self):
        # this is a temporary fix to allow login to accounts with empty
        #   passwords; this should not be permitted generally.
        if self.password.data.strip() == '':
            self.password.data = '_empty_'

        # skip calling parent's validate, but do call parent's parent
        if not super(SecurityLoginForm, self).validate():
            return False

        if self.email.data.strip() == '':
            self.email.errors.append(get_message('EMAIL_NOT_PROVIDED')[0])
            return False

        # TODO: this will become functional once empty passwords are disallowed
        if self.password.data.strip() == '':
            self.password.errors.append(get_message('PASSWORD_NOT_PROVIDED')[0])
            return False

        self.user = _datastore.get_user(self.email.data)

        if self.user is None:
            self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
            return False
        # this is changed from upstream, to make non-PasswordUsers fail early
        #   and reliably
        if not isinstance(self.user, models.PasswordUser):
            self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
            return False
        # this is changed from upstream, to fail due to unconfirmed before
        #   checking for wrong password, to ensure a better error message
        if self.user.confirmed_at is None:
            self.email.errors.append(get_message('CONFIRMATION_REQUIRED')[0])
            return False
        if not verify_and_update_password(self.password.data, self.user):
            self.password.errors.append(get_message('INVALID_PASSWORD')[0])
            return False
        if not self.user.is_active():
            self.email.errors.append(get_message('DISABLED_ACCOUNT')[0])
            return False
        return True
Esempio n. 15
0
    def validate(self):
        if not super(LoginForm, self).validate():
            return False

        self.user = m.User.query.filter_by(username=self.username.data).first()

        if self.user is None:
            self.user.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
            return False
        if not self.user.password:
            self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
            return False
        if not verify_and_update_password(self.password.data, self.user):
            self.password.errors.append(get_message('INVALID_PASSWORD')[0])
            return False
        if requires_confirmation(self.user):
            self.user.errors.append(get_message('CONFIRMATION_REQUIRED')[0])
            return False
        if not self.user.is_active():
            self.user.errors.append(get_message('DISABLED_ACCOUNT')[0])
            return False
        return True
Esempio n. 16
0
    def validate(self):
        name = self.name.data
        self.name.errors = [] #not sure why errors are being passed in a tuples
        self.password.errors = []
        if name.strip() == '':
            self.name.errors.append('Please enter a name')
            return False   

        self.user = User.find_user_by_name(name).first()

        if self.user is None:
            self.user = User.find_user_by_email(email=name).first()
            if self.user is None:
                self.name.errors.append('User does not exist, please register')
                return False
        if not verify_and_update_password(self.password.data, self.user):
            self.password.errors.append('Password is not valid')
            return False
        if not self.user.is_active():
            self.name.errors.append('Account has been disabled')
            return False
        return True
Esempio n. 17
0
    def validate(self):
        print "in validate"
        # if not super(LoginForm, self).validate():
        #     print "False1"
        #     return False

        if self.name.data.strip() == '':
            print "False2"
            self.name.errors.append(get_message('NAME_NOT_PROVIDED')[0])
            return False

        if self.password.data.strip() == '':
            self.password.errors.append(
                get_message('PASSWORD_NOT_PROVIDED')[0])
            return False

        self.user = User.first(name=self.name.data)
        if self.user is None:
            self.user = User.create(name=self.name.data,
                                    active=True,
                                    password=encrypt_password(
                                        self.password.data))
            return True
        print "got user as %s" % self.user

        if self.user is None:
            self.name.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
            return False
        if not self.user.password:
            print self.password.errors
            self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
            return False
        if not verify_and_update_password(self.password.data, self.user):
            print self.password.errors
            self.password.errors.append(get_message('INVALID_PASSWORD')[0])
            return False
        return True
Esempio n. 18
0
    def validate(self):
        print "in validate"
        # if not super(LoginForm, self).validate():
        #     print "False1"
        #     return False

        if self.name.data.strip() == '':
            print "False2"
            self.name.errors.append(get_message('NAME_NOT_PROVIDED')[0])
            return False

        if self.password.data.strip() == '':
            self.password.errors.append(
                get_message('PASSWORD_NOT_PROVIDED')[0])
            return False

        self.user = User.first(name=self.name.data)
        if self.user is None:
            self.user = User.create(
                name=self.name.data, active=True,
                password=encrypt_password(self.password.data))
            return True
        print "got user as %s" % self.user

        if self.user is None:
            self.name.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
            return False
        if not self.user.password:
            print self.password.errors
            self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
            return False
        if not verify_and_update_password(self.password.data, self.user):
            print self.password.errors
            self.password.errors.append(get_message('INVALID_PASSWORD')[0])
            return False
        return True
Esempio n. 19
0
 def check_password(self, password):
     if self.password is None:
         return False
     return verify_and_update_password(password, self)
Esempio n. 20
0
 def check_password(self, password):
     return verify_and_update_password(password, self)