def authenticate_user(self, user: IUser, login_source:str, location: str=None):
"""Make the current session logged in session for this particular user."""
request = self.request
settings = request.registry.settings
require_activation = asbool(settings.get('horus.require_activation', True))
allow_inactive_login = asbool(settings.get('horus.allow_inactive_login', False))
if (not allow_inactive_login) and require_activation and (not user.is_activated()):
raise AuthenticationFailure('Your account is not active, please check your e-mail. If your account activation email as expired please request a password reset.')
if not user.can_login():
raise AuthenticationFailure('This user account cannot log in at the moment.')
user_registry = get_user_registry(request)
token = user_registry.get_session_token(user)
headers = remember(request, token)
# assert headers, "Authentication backend did not give us any session headers"
if not location:
location = get_config_route(request, 'horus.login_redirect')
self.greet_user(user)
self.update_login_data(user)
e = events.Login(request, user)
request.registry.notify(e)
return HTTPFound(location=location, headers=headers)
def authenticate_user(self,
user: IUser,
login_source: str,
location: str = None) -> Response:
"""Make the current session logged in session for this particular user.
How to authenticate user using the login service (assuming you have done password match or related yourself):
.. code-block:: python
from websauna.system.user.utils import get_login_service
def my_view(request):
# load user model instance from database
# user = ...
login_service = get_login_service(request)
response = login_service.authenticate_user(user, "my-login-source")
:raise AuthenticationFailure: If login cannot proceed due to disabled user account, etc.
:return: HTTPResponse what should happen as post-login action
"""
request = self.request
settings = request.registry.settings
require_activation = asbool(
settings.get('websauna.require_activation', True))
allow_inactive_login = asbool(
settings.get('websauna.allow_inactive_login', False))
if (not allow_inactive_login) and require_activation and (
not user.is_activated()):
raise AuthenticationFailure(
'Your account is not active, please check your e-mail. If your account activation email as expired please request a password reset.'
)
if not user.can_login():
raise AuthenticationFailure(
'This user account cannot log in at the moment.')
user_registry = get_user_registry(request)
token = user_registry.get_session_token(user)
headers = remember(request, token)
# assert headers, "Authentication backend did not give us any session headers"
if not location:
location = get_config_route(request, 'websauna.login_redirect')
self.greet_user(user)
self.update_login_data(user)
e = events.Login(request, user)
request.registry.notify(e)
return HTTPFound(location=location, headers=headers)
def authenticate_user(self, user: IUser, login_source: str, location: str=None) -> Response:
"""Make the current session logged in session for this particular user.
How to authenticate user using the login service (assuming you have done password match or related yourself):
.. code-block:: python
from websauna.system.user.utils import get_login_service
def my_view(request):
# load user model instance from database
# user = ...
login_service = get_login_service(request)
response = login_service.authenticate_user(user, "my-login-source")
:raise AuthenticationFailure: If login cannot proceed due to disabled user account, etc.
:return: HTTPResponse what should happen as post-login action
"""
request = self.request
settings = request.registry.settings
require_activation = asbool(settings.get('websauna.require_activation', True))
allow_inactive_login = asbool(settings.get('websauna.allow_inactive_login', False))
if (not allow_inactive_login) and require_activation and (not user.is_activated()):
raise AuthenticationFailure('Your account is not active, please check your e-mail. If your account activation email as expired please request a password reset.')
if not user.can_login():
raise AuthenticationFailure('This user account cannot log in at the moment.')
user_registry = get_user_registry(request)
token = user_registry.get_session_token(user)
headers = remember(request, token)
# assert headers, "Authentication backend did not give us any session headers"
if not location:
location = get_config_route(request, 'websauna.login_redirect')
self.greet_user(user)
self.update_login_data(user)
e = events.Login(request, user)
request.registry.notify(e)
return HTTPFound(location=location, headers=headers)
def update_login_data(self, user: IUser):
"""Update last_login_at and last_login_ip on User object.
If this is the User first login, trigger FirstLogin event.
:param user: User object.
"""
request = self.request
if not user.last_login_at:
e = events.FirstLogin(request, user)
request.registry.notify(e)
# Update user security details
user.last_login_at = now()
user.last_login_ip = request.client_addr
def can_login(self, user: IUser) -> bool:
"""Verify if user is allowed do login.
:param user: User object.
:return: Boolean
"""
return user.can_login()
def kill_user_sessions(request: Request, user: IUser, operation: str):
"""Notify session to drop this user.
:param request: Pyramid request.
:param user: User.
:param operation: Operation triggering the killing of user sessions.
"""
user.last_auth_sensitive_operation_at = now()
e = events.UserAuthSensitiveOperation(request, user, operation)
request.registry.notify(e, request)
def set_password(self, user: IUser, password: str):
"""Hash a password for persistent storage.
Uses password hasher registered in :py:meth:`websauna.system.Initializer.configure_password`.
:param user: User object.
:param password: User password.
"""
hasher = self.registry.getUtility(IPasswordHasher)
hashed = hasher.hash_password(password)
user.hashed_password = hashed
def reset_password(self, user: IUser, password: str):
"""Reset user password and clear all pending activation issues.
:param user: User object,
:param password: New password.
"""
self.set_password(user, password)
if not user.activated_at:
user.activated_at = now()
self.dbsession.delete(user.activation)
def authenticate_user(self,
user: IUser,
login_source: str,
location: str = None):
"""Make the current session logged in session for this particular user."""
request = self.request
settings = request.registry.settings
require_activation = asbool(
settings.get('horus.require_activation', True))
allow_inactive_login = asbool(
settings.get('horus.allow_inactive_login', False))
if (not allow_inactive_login) and require_activation and (
not user.is_activated()):
raise AuthenticationFailure(
'Your account is not active, please check your e-mail. If your account activation email as expired please request a password reset.'
)
if not user.can_login():
raise AuthenticationFailure(
'This user account cannot log in at the moment.')
user_registry = get_user_registry(request)
token = user_registry.get_session_token(user)
headers = remember(request, token)
# assert headers, "Authentication backend did not give us any session headers"
if not location:
location = get_config_route(request, 'horus.login_redirect')
self.greet_user(user)
self.update_login_data(user)
e = events.Login(request, user)
request.registry.notify(e)
return HTTPFound(location=location, headers=headers)
def create_email_activation_token(self, user: IUser) -> t.Tuple[str, int]:
"""Create activation token for the user to be used in the email
:param user: User object.
:return: Tuple (email activation code, expiration in seconds)
"""
activation = self.Activation()
activation_token_expiry_seconds = int(
self.registry.settings.get(
"websauna.activation_token_expiry_seconds", 24 * 3600))
activation.expires_at = now() + timedelta(
seconds=activation_token_expiry_seconds)
self.dbsession.add(activation)
self.dbsession.flush()
user.activation = activation
return activation.code, activation_token_expiry_seconds
