def authenticate_user(self, user: IUser, login_source:str, location: str=None): """Make the current session logged in session for this particular user.""" request = self.request settings = request.registry.settings require_activation = asbool(settings.get('horus.require_activation', True)) allow_inactive_login = asbool(settings.get('horus.allow_inactive_login', False)) if (not allow_inactive_login) and require_activation and (not user.is_activated()): raise AuthenticationFailure('Your account is not active, please check your e-mail. If your account activation email as expired please request a password reset.') if not user.can_login(): raise AuthenticationFailure('This user account cannot log in at the moment.') user_registry = get_user_registry(request) token = user_registry.get_session_token(user) headers = remember(request, token) # assert headers, "Authentication backend did not give us any session headers" if not location: location = get_config_route(request, 'horus.login_redirect') self.greet_user(user) self.update_login_data(user) e = events.Login(request, user) request.registry.notify(e) return HTTPFound(location=location, headers=headers)
def authenticate_user(self, user: IUser, login_source: str, location: str = None) -> Response: """Make the current session logged in session for this particular user. How to authenticate user using the login service (assuming you have done password match or related yourself): .. code-block:: python from websauna.system.user.utils import get_login_service def my_view(request): # load user model instance from database # user = ... login_service = get_login_service(request) response = login_service.authenticate_user(user, "my-login-source") :raise AuthenticationFailure: If login cannot proceed due to disabled user account, etc. :return: HTTPResponse what should happen as post-login action """ request = self.request settings = request.registry.settings require_activation = asbool( settings.get('websauna.require_activation', True)) allow_inactive_login = asbool( settings.get('websauna.allow_inactive_login', False)) if (not allow_inactive_login) and require_activation and ( not user.is_activated()): raise AuthenticationFailure( 'Your account is not active, please check your e-mail. If your account activation email as expired please request a password reset.' ) if not user.can_login(): raise AuthenticationFailure( 'This user account cannot log in at the moment.') user_registry = get_user_registry(request) token = user_registry.get_session_token(user) headers = remember(request, token) # assert headers, "Authentication backend did not give us any session headers" if not location: location = get_config_route(request, 'websauna.login_redirect') self.greet_user(user) self.update_login_data(user) e = events.Login(request, user) request.registry.notify(e) return HTTPFound(location=location, headers=headers)
def authenticate_user(self, user: IUser, login_source: str, location: str=None) -> Response: """Make the current session logged in session for this particular user. How to authenticate user using the login service (assuming you have done password match or related yourself): .. code-block:: python from websauna.system.user.utils import get_login_service def my_view(request): # load user model instance from database # user = ... login_service = get_login_service(request) response = login_service.authenticate_user(user, "my-login-source") :raise AuthenticationFailure: If login cannot proceed due to disabled user account, etc. :return: HTTPResponse what should happen as post-login action """ request = self.request settings = request.registry.settings require_activation = asbool(settings.get('websauna.require_activation', True)) allow_inactive_login = asbool(settings.get('websauna.allow_inactive_login', False)) if (not allow_inactive_login) and require_activation and (not user.is_activated()): raise AuthenticationFailure('Your account is not active, please check your e-mail. If your account activation email as expired please request a password reset.') if not user.can_login(): raise AuthenticationFailure('This user account cannot log in at the moment.') user_registry = get_user_registry(request) token = user_registry.get_session_token(user) headers = remember(request, token) # assert headers, "Authentication backend did not give us any session headers" if not location: location = get_config_route(request, 'websauna.login_redirect') self.greet_user(user) self.update_login_data(user) e = events.Login(request, user) request.registry.notify(e) return HTTPFound(location=location, headers=headers)
def update_login_data(self, user: IUser): """Update last_login_at and last_login_ip on User object. If this is the User first login, trigger FirstLogin event. :param user: User object. """ request = self.request if not user.last_login_at: e = events.FirstLogin(request, user) request.registry.notify(e) # Update user security details user.last_login_at = now() user.last_login_ip = request.client_addr
def can_login(self, user: IUser) -> bool: """Verify if user is allowed do login. :param user: User object. :return: Boolean """ return user.can_login()
def kill_user_sessions(request: Request, user: IUser, operation: str): """Notify session to drop this user. :param request: Pyramid request. :param user: User. :param operation: Operation triggering the killing of user sessions. """ user.last_auth_sensitive_operation_at = now() e = events.UserAuthSensitiveOperation(request, user, operation) request.registry.notify(e, request)
def set_password(self, user: IUser, password: str): """Hash a password for persistent storage. Uses password hasher registered in :py:meth:`websauna.system.Initializer.configure_password`. :param user: User object. :param password: User password. """ hasher = self.registry.getUtility(IPasswordHasher) hashed = hasher.hash_password(password) user.hashed_password = hashed
def reset_password(self, user: IUser, password: str): """Reset user password and clear all pending activation issues. :param user: User object, :param password: New password. """ self.set_password(user, password) if not user.activated_at: user.activated_at = now() self.dbsession.delete(user.activation)
def authenticate_user(self, user: IUser, login_source: str, location: str = None): """Make the current session logged in session for this particular user.""" request = self.request settings = request.registry.settings require_activation = asbool( settings.get('horus.require_activation', True)) allow_inactive_login = asbool( settings.get('horus.allow_inactive_login', False)) if (not allow_inactive_login) and require_activation and ( not user.is_activated()): raise AuthenticationFailure( 'Your account is not active, please check your e-mail. If your account activation email as expired please request a password reset.' ) if not user.can_login(): raise AuthenticationFailure( 'This user account cannot log in at the moment.') user_registry = get_user_registry(request) token = user_registry.get_session_token(user) headers = remember(request, token) # assert headers, "Authentication backend did not give us any session headers" if not location: location = get_config_route(request, 'horus.login_redirect') self.greet_user(user) self.update_login_data(user) e = events.Login(request, user) request.registry.notify(e) return HTTPFound(location=location, headers=headers)
def create_email_activation_token(self, user: IUser) -> t.Tuple[str, int]: """Create activation token for the user to be used in the email :param user: User object. :return: Tuple (email activation code, expiration in seconds) """ activation = self.Activation() activation_token_expiry_seconds = int( self.registry.settings.get( "websauna.activation_token_expiry_seconds", 24 * 3600)) activation.expires_at = now() + timedelta( seconds=activation_token_expiry_seconds) self.dbsession.add(activation) self.dbsession.flush() user.activation = activation return activation.code, activation_token_expiry_seconds