def bootstrap_auth(app):
'''Bootstrap all the necessary authentication support if it is enabled.'''
# Check that the admin credentials are valid.
if not app.config.get('ADMINISTRATOR'):
sys.exit('You did not provide an administrator username.')
if not app.config.get('ADMIN_PASSWORD'):
sys.exit('You did not provide an administrator password.')
# Store the credentials of the admin account.
admin = app.user_storage.find_by_name(app.config['ADMINISTRATOR'])
if admin is None:
pwhash = security.generate_password_hash(app.config['ADMIN_PASSWORD'])
# No admin for this account name so create one.
admin = User(
app.config['ADMINISTRATOR'],
'', # The admin does not use email.
'password',
pwhash)
app.user_storage.create(admin)
else:
# The configuration file may have changed the password so always update
# the administrator's password.
pwhash = security.generate_password_hash(app.config['ADMIN_PASSWORD'])
admin.password_digest = pwhash
app.user_storage.update(admin)
def bootstrap_auth(app):
'''Bootstrap all the necessary authentication support if it is enabled.'''
# Check that the admin credentials are valid.
if not app.config.get('ADMINISTRATOR'):
sys.exit('You did not provide an administrator username.')
if not app.config.get('ADMIN_PASSWORD'):
sys.exit('You did not provide an administrator password.')
# Store the credentials of the admin account.
admin = app.user_storage.find_by_name(app.config['ADMINISTRATOR'])
if admin is None:
pwhash = security.generate_password_hash(app.config['ADMIN_PASSWORD'])
# No admin for this account name so create one.
admin = User(app.config['ADMINISTRATOR'],
'', # The admin does not use email.
'password',
pwhash)
app.user_storage.create(admin)
else:
# The configuration file may have changed the password so always update
# the administrator's password.
pwhash = security.generate_password_hash(app.config['ADMIN_PASSWORD'])
admin.password_digest = pwhash
app.user_storage.update(admin)
def test_create_generates_id(self):
user = User('mblayman', '*****@*****.**', 'password', 'passwd_digest')
self.storage.create(user)
self.assertEqual(u'0', user.user_id)
user = User('laymanmb', '*****@*****.**', 'password', 'passwd_digest')
self.storage.create(user)
self.assertEqual(u'1', user.user_id)
def test_create(self):
user = User('mblayman', '*****@*****.**', 'password', 'passwd_digest')
self.storage.create(user)
m = hashlib.md5()
m.update('mblayman')
user_path = os.path.join(self.storage._path, m.hexdigest())
self.assertTrue(os.path.exists(user_path), 'The user was stored.')
def test_find_by_email(self):
user = User('mblayman', '*****@*****.**', 'password', 'passwd_digest')
self.storage.create(user)
found_user = self.storage.find_by_email(user.email)
self.assertTrue(user.user_id, found_user.user_id)
missing_user = self.storage.find_by_email('*****@*****.**')
self.assertTrue(missing_user is None, 'An unknown user returns None.')
def _load_user(self, user_file):
'''Load a user from a file.'''
if not os.path.exists(user_file):
return None
with open(user_file, 'r') as f:
data = json.loads(f.read())
return User(data['name'], data['email'], data['login_type'],
data['password_digest'], data['user_id'])
def test_find_by_email_when_no_email(self):
user = User(
'mblayman',
'', # No email address
'password',
'passwd_digest')
self.storage.create(user)
missing_user = self.storage.find_by_email(user.email)
self.assertTrue(missing_user is None,
'A user with no email returns None.')
def persona_login():
# Must have the assertion.
if 'assertion' not in request.form:
abort(400)
location = app.config['SERVER_NAME']
if location is None:
# Do a best guess effort of the localhost and port number.
location = ':'.join(['localhost', str(app.config['SERVER_PORT'])])
# Send the assertion to Mozilla's verifier service.
assertion_info = {
'assertion': request.form['assertion'],
'audience': location,
}
r = requests.post('https://verifier.login.persona.org/verify',
data=assertion_info,
verify=True)
if not r.ok:
print('Failed to post to Persona.')
abort(500)
data = r.json()
if data.get('status') == 'okay':
user = app.user_storage.find_by_email(data['email'])
if user is None:
# Generate a password that the Persona user will not be told about.
# This is to help prevent hackers from logging in using an empty
# password hash of a Persona user.
password = util.generate_password()
pwhash = security.generate_password_hash(password)
user = User(
data['email'], # Use the email as the username.
data['email'],
'persona',
pwhash)
app.user_storage.create(user)
login_user(user)
return jsonify({
# Pass back whatever redirect was provided.
'next': request.form.get('next')
})
else:
abort(401)
def add_user():
if current_user.name != app.config['ADMINISTRATOR']:
flash('You don\'t have permission to do that.')
return redirect(url_for('index'))
form = AddUserForm()
if form.validate_on_submit():
password = util.generate_password()
pwhash = security.generate_password_hash(password)
user = User(
form.username.data,
'', # Email is not used.
'password',
pwhash)
app.user_storage.create(user)
return render_template('user_confirmation.html',
username=form.username.data,
password=password)
return render_template('add_user.html', form=form)
def register():
if not app.config['ALLOW_REGISTRATION']:
flash('You don\'t have permission to do that.')
return redirect(url_for('index'))
form = RegisterForm()
if form.validate_on_submit():
pwhash = security.generate_password_hash(form.password.data)
user = User(
form.username.data,
'', # Email is not used.
'password',
pwhash)
app.user_storage.create(user)
login_user(user)
message = ('Hi, {username}. You\'ve successfully registered!'.format(
username=form.username.data))
flash(message, category='success')
# Do a redirect so a refresh won't attempt to add the user again.
return redirect(url_for('index'))
return render_template('register.html', form=form)
def test_create_fails_with_existing_user(self):
user = User('mblayman', '*****@*****.**', 'password', 'passwd_digest')
self.storage.create(user)
self.assertRaises(UserStorageError, self.storage.create, user)
def setUp(self):
self.user = User('mblayman', '*****@*****.**', 'password', 'digest')