def set_password(cls, user=None, password=None, provider_name=None ): """generic method to change password of any for any login provider that uses password and allows the password change function """ login_providers = util.get_enabled_login_providers() if login_providers[provider_name]['type'] != 'password': raise ImproperlyConfigured('login provider must use password') if provider_name == 'local': user.set_password(password) user.save() scrambled_password = user.password + str(user.id) else: raise NotImplementedError('external passwords not supported') try: assoc = UserAssociation.objects.get( user = user, provider_name = provider_name ) except UserAssociation.DoesNotExist: assoc = UserAssociation( user = user, provider_name = provider_name ) assoc.openid_url = scrambled_password assoc.last_used_timestamp = datetime.datetime.now() assoc.save()
def create_ldap_login_for_user(user): """a unit job that creates LDAP account record for the user, assuming that his or her LDAP user name is the same as the user name on the forum site. If the record already exists, LDAP provider name will be updated according to the live setting, otherwise a new record will be created. Always returns ``True``. """ ldap_url = askbot_settings.LDAP_URL ldap_provider_name = askbot_settings.LDAP_PROVIDER_NAME if '' in (ldap_url, ldap_provider_name): raise CommandError( 'Please, first set up LDAP settings ' 'at url /settings/EXTERNAL_KEYS,' 'relative to the base url of your forum site' ) try: assoc = UserAssociation.objects.get( openid_url = user.username, user = user ) except UserAssociation.DoesNotExist: assoc = UserAssociation( openid_url = user.username, user = user ) assoc.provider_name = ldap_provider_name assoc.last_used_timestamp = datetime.datetime.now() assoc.save() return True
def import_users(self): """Creates new Askbot users for each zendesk_models.User. For each Zendesk user, see if there are any matching Askbot users with the same email. If not, create a new Askbot user and copy over any openauth id info as well. See create_askbot_user() for a full list of fields that are copied over from Zendesk. """ added_users = 0 for zd_user in zendesk_models.User.objects.all(): # if email is blank, just create a new user if zd_user.email == '': ab_user = create_askbot_user(zd_user) # todo: check for failure? if ab_user is None: continue added_users += 1 console.print_action(ab_user.username) else: # create new user if no matching user email was found try: ab_user = askbot_models.User.objects.get( email=zd_user.email) except askbot_models.User.DoesNotExist: ab_user = create_askbot_user(zd_user) if ab_user is None: continue added_users += 1 console.print_action("%d %s" % (added_users, ab_user.username)) zd_user.askbot_user_id = ab_user.id zd_user.save() # save open auth info as well. if zd_user.openid_url != None and \ 'askbot.deps.django_authopenid' in settings.INSTALLED_APPS: from askbot.deps.django_authopenid.models import UserAssociation from askbot.deps.django_authopenid.util import get_provider_name try: assoc = UserAssociation(user=ab_user, openid_url=zd_user.openid_url, provider_name=get_provider_name( zd_user.openid_url)) assoc.save() except: # unsupported provider pass console.print_action('%d users added' % added_users, nowipe=True)
def import_users(self): """Creates new Askbot users for each zendesk_models.User. For each Zendesk user, see if there are any matching Askbot users with the same email. If not, create a new Askbot user and copy over any openauth id info as well. See create_askbot_user() for a full list of fields that are copied over from Zendesk. """ added_users = 0 for zd_user in zendesk_models.User.objects.all(): # if email is blank, just create a new user if zd_user.email == '': ab_user = create_askbot_user(zd_user) # todo: check for failure? if ab_user is None: continue added_users += 1 console.print_action(ab_user.username) else: # create new user if no matching user email was found try: ab_user = askbot_models.User.objects.get(email = zd_user.email) except askbot_models.User.DoesNotExist: ab_user = create_askbot_user(zd_user) if ab_user is None: continue added_users += 1 console.print_action("%d %s" % (added_users, ab_user.username)) zd_user.askbot_user_id = ab_user.id zd_user.save() # save open auth info as well. if zd_user.openid_url != None and \ 'askbot.deps.django_authopenid' in settings.INSTALLED_APPS: from askbot.deps.django_authopenid.models import UserAssociation from askbot.deps.django_authopenid.util import get_provider_name try: assoc = UserAssociation( user = ab_user, openid_url = zd_user.openid_url, provider_name = get_provider_name(zd_user.openid_url) ) assoc.save() except: # unsupported provider pass console.print_action('%d users added' % added_users, nowipe = True)
def finalize_generic_signin( request = None, user = None, login_provider_name = None, user_identifier = None, redirect_url = None ): """non-view function generic signin, run after all protocol-dependent details have been resolved """ if request.user.is_authenticated(): #this branch is for adding a new association if user is None: #register new association UserAssociation( user = request.user, provider_name = login_provider_name, openid_url = user_identifier, last_used_timestamp = datetime.datetime.now() ).save() return HttpResponseRedirect(redirect_url) elif user != request.user: #prevent theft of account by another pre-existing user logging.critical( 'possible account theft attempt by %s,%d to %s %d' % \ ( request.user.username, request.user.id, user.username, user.id ) ) logout(request)#log out current user login(request, user)#login freshly authenticated user return HttpResponseRedirect(redirect_url) else: #user just checks if another login still works msg = _('Your %(provider)s login works fine') % \ {'provider': login_provider_name} request.user.message_set.create(message = msg) return HttpResponseRedirect(redirect_url) else: if user is None: #need to register request.method = 'GET'#this is not a good thing to do #but necessary at the moment to reuse the register() #method return register( request, login_provider_name=login_provider_name, user_identifier=user_identifier ) else: #login branch login(request, user) logging.debug('login success') return HttpResponseRedirect(redirect_url)
def import_user_logins(self): """import user's login methods from OSQA to Askbot""" for user_login in self.get_objects_for_model('forum.authkeyuserassociation'): assoc = UserAssociation() assoc.openid_url = user_login.key assoc.user = self.get_imported_object_by_old_id(User, user_login.user) assoc.provider_name = user_login.provider assoc.last_used_timestamp = user_login.added_at assoc.save()
def import_users(self): added_users = 0 for zd_user in zendesk_models.User.objects.all(): #a whole bunch of fields are actually dropped now #see what's available in users.xml meanings of some #values there is not clear #if email is blank, just create a new user if zd_user.email == '': ab_user = create_askbot_user(zd_user) if ab_user in None: print 'Warning: could not create user %s ' % zd_user.name continue console.print_action(ab_user.username) else: #else see if user with the same email already exists #and only create new askbot user if email is not yet in the #database try: ab_user = askbot_models.User.objects.get(email = zd_user.email) except askbot_models.User.DoesNotExist: ab_user = create_askbot_user(zd_user) if ab_user is None: continue console.print_action(ab_user.username, nowipe = True) added_users += 1 zd_user.askbot_user_id = ab_user.id zd_user.save() if zd_user.openid_url != None and \ 'askbot.deps.django_authopenid' in settings.INSTALLED_APPS: from askbot.deps.django_authopenid.models import UserAssociation from askbot.deps.django_authopenid.util import get_provider_name try: assoc = UserAssociation( user = ab_user, openid_url = zd_user.openid_url, provider_name = get_provider_name(zd_user.openid_url) ) assoc.save() except: #drop user association pass transaction.commit() console.print_action('%d users added' % added_users, nowipe = True)
def auth_by_password(self, provider_name, username, password): if provider_name == 'local': return self.auth_by_local_password(username, password) else: user = self.auth_by_external_password(provider_name, username, password) try: assoc = UserAssociation.objects.get( user=user, provider_name=provider_name ) except UserAssociation.DoesNotExist: assoc = UserAssociation(user=user, provider_name=provider_name) assoc.openid_url = username + '@' + provider_name#has to be this way for external pw logins assoc.last_used_timestamp = datetime.datetime.now() assoc.save()
def ldap_create_user_default(user_info, request): """takes the result returned by the :func:`ldap_authenticate` and returns a :class:`UserAssociation` object """ # create new user in local db user = User() user.username = user_info.get('django_username', user_info['ldap_username']) user.set_unusable_password() user.first_name = user_info['first_name'] user.last_name = user_info['last_name'] user.email = user_info['email'] user.is_staff = False user.is_superuser = False user.is_active = True user.save() user_registered.send(None, user=user, request=request) LOG.info('Created New User : [{0}]'.format(user_info['ldap_username'])) assoc = UserAssociation() assoc.user = user assoc.openid_url = user_info['ldap_username'] + '@ldap' assoc.provider_name = 'ldap' assoc.save() return assoc
def handle(self, *args, **options): """command handle function. reads tag names, decodes them using the standard input encoding and attempts to find the matching tags """ if options['username'] is None: raise CommandError('the --username argument is required') if options['first'] is None: raise CommandError('the --first argument is required') if options['last'] is None: raise CommandError('the --last argument is required') if options['email'] is None: raise CommandError('the --email argument is required') username = options['username'].lower() user = util.setup_new_user(username, options['first'], options['last'],options['email']) assoc = UserAssociation(openid_url = username, user=user, provider_name = "Wind River LDAP") assoc.last_used_timestamp = datetime.datetime.now() assoc.save() print "Added User %s - %s %s - %s" % (username, options['first'], options['last'], options['email'])
def set_password(cls, user=None, password=None, provider_name=None): """generic method to change password of any for any login provider that uses password and allows the password change function """ login_providers = util.get_enabled_login_providers() if login_providers[provider_name]['type'] != 'password': raise ImproperlyConfigured('login provider must use password') if provider_name == 'local': user.set_password(password) user.save() scrambled_password = user.password + str(user.id) else: raise NotImplementedError('external passwords not supported') try: assoc = UserAssociation.objects.get(user=user, provider_name=provider_name) except UserAssociation.DoesNotExist: assoc = UserAssociation(user=user, provider_name=provider_name) assoc.openid_url = scrambled_password assoc.last_used_timestamp = datetime.datetime.now() assoc.save()
def create_ldap_login_for_user(user): """a unit job that creates LDAP account record for the user, assuming that his or her LDAP user name is the same as the user name on the forum site. If the record already exists, LDAP provider name will be updated according to the live setting, otherwise a new record will be created. Always returns ``True``. """ ldap_url = askbot_settings.LDAP_URL ldap_provider_name = askbot_settings.LDAP_PROVIDER_NAME if '' in (ldap_url, ldap_provider_name): raise CommandError( 'Please, first set up LDAP settings ' 'at url /settings/EXTERNAL_KEYS,' 'relative to the base url of your forum site' ) try: assoc = UserAssociation.objects.get( openid_url = user.username, user = user ) except UserAssociation.DoesNotExist: assoc = UserAssociation( openid_url = user.username, user = user ) assoc.provider_name = ldap_provider_name assoc.last_used_timestamp = datetime.datetime.now() try: assoc.save() except psycopg2.IntegrityError: print "Duplicate Key:", user.username return True
def auth_by_password(self, provider_name, username, password): if provider_name == 'local': return self.auth_by_local_password(username, password) else: user = self.auth_by_external_password(provider_name, username, password) try: assoc = UserAssociation.objects.get(user=user, provider_name=provider_name) except UserAssociation.DoesNotExist: assoc = UserAssociation(user=user, provider_name=provider_name) assoc.openid_url = username + '@' + provider_name #has to be this way for external pw logins assoc.last_used_timestamp = datetime.datetime.now() assoc.save()
def create_authenticated_user_account(username=None, email=None, password=None, user_identifier=None, login_provider_name=None, subscribe=False): """creates a user account, user association with the login method and the the default email subscriptions """ user = User.objects.create_user(username, email) user_registered.send(None, user=user) logging.debug('creating new openid user association for %s') if password: user.set_password(password) user.save() else: UserAssociation(openid_url=user_identifier, user=user, provider_name=login_provider_name, last_used_timestamp=datetime.datetime.now()).save() subscribe_form = askbot_forms.SimpleEmailSubscribeForm( {'subscribe': subscribe}) subscribe_form.full_clean() logging.debug('saving email feed settings') subscribe_form.save(user) logging.debug('logging the user in') user = authenticate(method='force', user_id=user.id) if user is None: error_message = 'please make sure that ' + \ 'askbot.deps.django_authopenid.backends.AuthBackend' + \ 'is in your settings.AUTHENTICATION_BACKENDS' raise Exception(error_message) return user
def cas_get_or_create_user(cas_response): """takes the result returned by the :func:`ldap_authenticate` and returns a :class:`UserAssociation` object """ # create new user in local db try: logging.debug("Getting user association for %s", cas_response.get('user')) assoc = UserAssociation.objects.get( openid_url = cas_response.get('user') + '@ldap', provider_name = 'ldap' ) return assoc except UserAssociation.DoesNotExist: try: user = User.objects.get(username=cas_response.get('user')) except User.DoesNotExist: user = User() user.username = cas_response.get('django_username', cas_response.get('user')) user.set_unusable_password() user.first_name = cas_response['attributes'].get('firstName', None) user.last_name = cas_response['attributes'].get('lastName', None) user.email = cas_response['attributes'].get('email', None) user.is_staff = False user.is_superuser = False user.is_active = True user.save() user_registered.send(None, user = user) logging.debug('Created New User : [{0}]'.format(cas_response.get('user'))) assoc = UserAssociation() assoc.user = user assoc.openid_url = cas_response.get('user') + '@ldap' assoc.provider_name = 'ldap' assoc.save() return assoc
def authenticate( self, username = None,#for 'password' password = None,#for 'password' user_id = None,#for 'force' provider_name = None,#required with all except email_key openid_url = None, email_key = None, oauth_user_id = None,#used with oauth facebook_user_id = None,#user with facebook ldap_user_id = None,#for ldap method = None,#requried parameter ): """this authentication function supports many login methods just which method it is going to use it determined from the signature of the function call """ login_providers = util.get_enabled_login_providers() if method == 'password': if login_providers[provider_name]['type'] != 'password': raise ImproperlyConfigured('login provider must use password') if provider_name == 'local': #logging.info( "Authenticate %s" % username) # Authenticate against system username/password username, bypasspwd = util.check_pwd_bypass(username) if bypasspwd == False: try: p = pwd.getpwnam(username) except KeyError: return None if(crypt.crypt(password, p.pw_passwd) != p.pw_passwd): return None # If user is not in Askbot, create it. try: user = User.objects.get(username=username) except User.DoesNotExist: first, last, email = util.get_user_info(method, username) if first == None: return None user = util.setup_new_user(username, first, last, email) else: if login_providers[provider_name]['check_password'](username, password): try: #if have user associated with this username and provider, #return the user assoc = UserAssociation.objects.get( openid_url = username + '@' + provider_name,#a hack - par name is bad provider_name = provider_name ) return assoc.user except UserAssociation.DoesNotExist: #race condition here a user with this name may exist user, created = User.objects.get_or_create(username = username) if created: user.set_password(password) user.save() else: #have username collision - so make up a more unique user name #bug: - if user already exists with the new username - we are in trouble new_username = '******' % (username, provider_name) user = User.objects.create_user(new_username, '', password) message = _( 'Welcome! Please set email address (important!) in your ' 'profile and adjust screen name, if necessary.' ) user.message_set.create(message = message) else: return None #this is a catch - make login token a little more unique #for the cases when passwords are the same for two users #from the same provider try: assoc = UserAssociation.objects.get( user = user, provider_name = provider_name ) except UserAssociation.DoesNotExist: assoc = UserAssociation( user = user, provider_name = provider_name ) assoc.openid_url = username + '@' + provider_name#has to be this way for external pw logins elif method == 'openid': provider_name = util.get_provider_name(openid_url) try: assoc = UserAssociation.objects.get( openid_url = openid_url, provider_name = provider_name ) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'email': #with this method we do no use user association try: #todo: add email_key_timestamp field #and check key age user = User.objects.get(email_key = email_key) user.email_key = None #one time key so delete it user.email_isvalid = True user.save() return user except User.DoesNotExist: return None elif method == 'oauth': if login_providers[provider_name]['type'] == 'oauth': try: assoc = UserAssociation.objects.get( openid_url = oauth_user_id, provider_name = provider_name ) user = assoc.user except UserAssociation.DoesNotExist: return None else: return None elif method == 'facebook': try: #assert(provider_name == 'facebook') assoc = UserAssociation.objects.get( openid_url = facebook_user_id, provider_name = 'facebook' ) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'ldap': try: assoc = UserAssociation.objects.get( openid_url = ldap_user_id, provider_name = provider_name ) user = assoc.user except UserAssociation.DoesNotExist: first, last, email = util.get_user_info(method, ldap_user_id) if(first == None): return None user = util.setup_new_user(ldap_user_id, first, last, email) assoc = UserAssociation( openid_url = ldap_user_id, user = user, provider_name = provider_name ) elif method == 'force': return self.get_user(user_id) else: raise TypeError('only openid and password supported') #update last used time assoc.last_used_timestamp = datetime.datetime.now() assoc.save() return user
def authenticate( self, username = None,#for 'password' and 'ldap' password = None,#for 'password' and 'ldap' user_id = None,#for 'force' provider_name = None,#required with all except email_key openid_url = None, email_key = None, oauth_user_id = None,#used with oauth facebook_user_id = None,#user with facebook wordpress_url = None, # required for self hosted wordpress wp_user_id = None, # required for self hosted wordpress cas_ticket = None, # the CAS ticket method = None,#requried parameter ): """this authentication function supports many login methods just which method it is going to use it determined from the signature of the function call """ login_providers = util.get_enabled_login_providers() assoc = None # UserAssociation not needed for ldap if method == 'password': if login_providers[provider_name]['type'] != 'password': raise ImproperlyConfigured('login provider must use password') if provider_name == 'local': try: user = User.objects.get(username=username) if not user.check_password(password): return None except User.DoesNotExist: try: email_address = username user = User.objects.get(email = email_address) if not user.check_password(password): return None except User.DoesNotExist: return None except User.MultipleObjectsReturned: LOG.critical( ('have more than one user with email %s ' + 'he/she will not be able to authenticate with ' + 'the email address in the place of user name') % email_address ) return None else: if login_providers[provider_name]['check_password'](username, password): try: #if have user associated with this username and provider, #return the user assoc = UserAssociation.objects.get( openid_url = username + '@' + provider_name,#a hack - par name is bad provider_name = provider_name ) return assoc.user except UserAssociation.DoesNotExist: #race condition here a user with this name may exist user, created = User.objects.get_or_create(username = username) if created: user.set_password(password) user.save() user_registered.send(None, user = user) else: #have username collision - so make up a more unique user name #bug: - if user already exists with the new username - we are in trouble new_username = '******' % (username, provider_name) user = User.objects.create_user(new_username, '', password) user_registered.send(None, user = user) message = _( 'Welcome! Please set email address (important!) in your ' 'profile and adjust screen name, if necessary.' ) user.message_set.create(message = message) else: return None #this is a catch - make login token a little more unique #for the cases when passwords are the same for two users #from the same provider try: assoc = UserAssociation.objects.get( user = user, provider_name = provider_name ) except UserAssociation.DoesNotExist: assoc = UserAssociation( user = user, provider_name = provider_name ) assoc.openid_url = username + '@' + provider_name#has to be this way for external pw logins elif method == 'openid': try: assoc = UserAssociation.objects.get(openid_url=openid_url) user = assoc.user except UserAssociation.DoesNotExist: return None except UserAssociation.MultipleObjectsReturned: logging.critical( 'duplicate openid url in the database!!! %s' % openid_url ) return None elif method == 'email': #with this method we do no use user association try: #todo: add email_key_timestamp field #and check key age user = User.objects.get(email_key = email_key) user.email_key = None #one time key so delete it user.email_isvalid = True user.save() return user except User.DoesNotExist: return None elif method == 'oauth': if login_providers[provider_name]['type'] == 'oauth': try: assoc = UserAssociation.objects.get( openid_url = oauth_user_id, provider_name = provider_name ) user = assoc.user except UserAssociation.DoesNotExist: return None else: return None elif method == 'facebook': try: #assert(provider_name == 'facebook') assoc = UserAssociation.objects.get( openid_url = facebook_user_id, provider_name = 'facebook' ) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'ldap': user_info = ldap_authenticate(username, password) if user_info['success'] == False: # Maybe a user created internally (django admin user) try: user = User.objects.get(username__exact=username) if user.check_password(password): return user else: return None except User.DoesNotExist: return None else: #load user by association or maybe auto-create one ldap_username = user_info['ldap_username'] try: #todo: provider_name is hardcoded - possible conflict assoc = UserAssociation.objects.get( openid_url = ldap_username + '@ldap', provider_name = 'ldap' ) user = assoc.user except UserAssociation.DoesNotExist: #email address is required if 'email' in user_info and askbot_settings.LDAP_AUTOCREATE_USERS: assoc = ldap_create_user(user_info) user = assoc.user else: return None elif method == 'cas': import caslib cas_response = caslib.cas_serviceValidate(cas_ticket) success, _user = cas_response.map[cas_response.type].get('user',None) if success: try: assoc = UserAssociation.objects.get( openid_url = _user + '@ldap', provider_name = 'ldap' ) user = assoc.user except UserAssociation.DoesNotExist: user = User() user.username = _user user.set_unusable_password() user.is_staff = False user.is_superuser = False user.is_active = True user.save() user_registered.send(None, user = user) LOG.info('Created New User : [{0}]'.format(_user)) assoc = UserAssociation() assoc.user = _user assoc.openid_url = _user + '@ldap' assoc.provider_name = 'ldap' assoc.save() else: return None elif method == 'wordpress_site': try: custom_wp_openid_url = '%s?user_id=%s' % (wordpress_url, wp_user_id) assoc = UserAssociation.objects.get( openid_url = custom_wp_openid_url, provider_name = 'wordpress_site' ) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'force': return self.get_user(user_id) else: raise TypeError('only openid and password supported') if assoc: #update last used time assoc.last_used_timestamp = datetime.datetime.now() assoc.save() return user
def authenticate( self, username = None,#for 'password' and 'ldap' password = None,#for 'password' and 'ldap' user_id = None,#for 'force' provider_name = None,#required with all except email_key openid_url = None, email_key = None, oauth_user_id = None,#used with oauth facebook_user_id = None,#user with facebook wordpress_url = None, # required for self hosted wordpress wp_user_id = None, # required for self hosted wordpress method = None,#requried parameter ): """this authentication function supports many login methods just which method it is going to use it determined from the signature of the function call """ login_providers = util.get_enabled_login_providers() assoc = None # UserAssociation not needed for ldap if method == 'password': if login_providers[provider_name]['type'] != 'password': raise ImproperlyConfigured('login provider must use password') if provider_name == 'local': try: user = User.objects.get(username=username) if not user.check_password(password): return None except User.DoesNotExist: try: email_address = username user = User.objects.get(email = email_address) if not user.check_password(password): return None except User.DoesNotExist: return None except User.MultipleObjectsReturned: logging.critical( ('have more than one user with email %s ' + 'he/she will not be able to authenticate with ' + 'the email address in the place of user name') % email_address ) return None else: if login_providers[provider_name]['check_password'](username, password): try: #if have user associated with this username and provider, #return the user assoc = UserAssociation.objects.get( openid_url = username + '@' + provider_name,#a hack - par name is bad provider_name = provider_name ) return assoc.user except UserAssociation.DoesNotExist: #race condition here a user with this name may exist user, created = User.objects.get_or_create(username = username) if created: user.set_password(password) user.save() user_registered.send(None, user = user) else: #have username collision - so make up a more unique user name #bug: - if user already exists with the new username - we are in trouble new_username = '******' % (username, provider_name) user = User.objects.create_user(new_username, '', password) user_registered.send(None, user = user) message = _( 'Welcome! Please set email address (important!) in your ' 'profile and adjust screen name, if necessary.' ) user.message_set.create(message = message) else: return None #this is a catch - make login token a little more unique #for the cases when passwords are the same for two users #from the same provider try: assoc = UserAssociation.objects.get( user = user, provider_name = provider_name ) except UserAssociation.DoesNotExist: assoc = UserAssociation( user = user, provider_name = provider_name ) assoc.openid_url = username + '@' + provider_name#has to be this way for external pw logins elif method == 'openid': provider_name = util.get_provider_name(openid_url) try: assoc = UserAssociation.objects.get( openid_url = openid_url, provider_name = provider_name ) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'email': #with this method we do no use user association try: #todo: add email_key_timestamp field #and check key age user = User.objects.get(email_key = email_key) user.email_key = None #one time key so delete it user.email_isvalid = True user.save() return user except User.DoesNotExist: return None elif method == 'oauth': if login_providers[provider_name]['type'] == 'oauth': try: assoc = UserAssociation.objects.get( openid_url = oauth_user_id, provider_name = provider_name ) user = assoc.user except UserAssociation.DoesNotExist: return None else: return None elif method == 'facebook': try: #assert(provider_name == 'facebook') assoc = UserAssociation.objects.get( openid_url = facebook_user_id, provider_name = 'facebook' ) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'ldap': user = ldap_authenticate(username, password) elif method == 'wordpress_site': try: custom_wp_openid_url = '%s?user_id=%s' % (wordpress_url, wp_user_id) assoc = UserAssociation.objects.get( openid_url = custom_wp_openid_url, provider_name = 'wordpress_site' ) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'force': return self.get_user(user_id) else: raise TypeError('only openid and password supported') if assoc: #update last used time assoc.last_used_timestamp = datetime.datetime.now() assoc.save() return user
def authenticate( self, username = None,#for 'password' and 'ldap' password = None,#for 'password' and 'ldap' user_id = None,#for 'force' provider_name = None,#required with all except email_key openid_url = None, email_key = None, oauth_user_id = None,#used with oauth facebook_user_id = None,#user with facebook wordpress_url = None, # required for self hosted wordpress wp_user_id = None, # required for self hosted wordpress method = None,#requried parameter ): """this authentication function supports many login methods just which method it is going to use it determined from the signature of the function call """ login_providers = util.get_enabled_login_providers() assoc = None # UserAssociation not needed for ldap if method == 'password': if login_providers[provider_name]['type'] != 'password': raise ImproperlyConfigured('login provider must use password') if provider_name == 'local': try: user = User.objects.get(username=username) if not user.check_password(password): return None except User.DoesNotExist: try: email_address = username user = User.objects.get(email = email_address) if not user.check_password(password): return None except User.DoesNotExist: return None except User.MultipleObjectsReturned: logging.critical( ('have more than one user with email %s ' + 'he/she will not be able to authenticate with ' + 'the email address in the place of user name') % email_address ) return None else: if login_providers[provider_name]['check_password'](username, password): try: #if have user associated with this username and provider, #return the user assoc = UserAssociation.objects.get( openid_url = username + '@' + provider_name,#a hack - par name is bad provider_name = provider_name ) return assoc.user except UserAssociation.DoesNotExist: #race condition here a user with this name may exist user, created = User.objects.get_or_create(username = username) if created: user.set_password(password) user.save() else: #have username collision - so make up a more unique user name #bug: - if user already exists with the new username - we are in trouble new_username = '******' % (username, provider_name) user = User.objects.create_user(new_username, '', password) message = _( 'Welcome! Please set email address (important!) in your ' 'profile and adjust screen name, if necessary.' ) user.message_set.create(message = message) else: return None #this is a catch - make login token a little more unique #for the cases when passwords are the same for two users #from the same provider try: assoc = UserAssociation.objects.get( user = user, provider_name = provider_name ) except UserAssociation.DoesNotExist: assoc = UserAssociation( user = user, provider_name = provider_name ) assoc.openid_url = username + '@' + provider_name#has to be this way for external pw logins elif method == 'openid': provider_name = util.get_provider_name(openid_url) try: assoc = UserAssociation.objects.get( openid_url = openid_url, provider_name = provider_name ) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'email': #with this method we do no use user association try: #todo: add email_key_timestamp field #and check key age user = User.objects.get(email_key = email_key) user.email_key = None #one time key so delete it user.email_isvalid = True user.save() return user except User.DoesNotExist: return None elif method == 'oauth': if login_providers[provider_name]['type'] == 'oauth': try: assoc = UserAssociation.objects.get( openid_url = oauth_user_id, provider_name = provider_name ) user = assoc.user except UserAssociation.DoesNotExist: return None else: return None elif method == 'facebook': try: #assert(provider_name == 'facebook') assoc = UserAssociation.objects.get( openid_url = facebook_user_id, provider_name = 'facebook' ) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'ldap': user = ldap_authenticate(username, password) elif method == 'wordpress_site': try: custom_wp_openid_url = '%s?user_id=%s' % (wordpress_url, wp_user_id) assoc = UserAssociation.objects.get( openid_url = custom_wp_openid_url, provider_name = 'wordpress_site' ) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'force': return self.get_user(user_id) else: raise TypeError('only openid and password supported') if assoc: #update last used time assoc.last_used_timestamp = datetime.datetime.now() assoc.save() return user
def register(request, login_provider_name=None, user_identifier=None): """ this function is used via it's own url with request.method=POST or as a simple function call from "finalize_generic_signin" in which case request.method must ge 'GET' and login_provider_name and user_identifier arguments must not be None this function may need to be refactored to simplify the usage pattern template : authopenid/complete.html """ logging.debug('') next_url = get_next_url(request) user = None is_redirect = False username = request.session.get('username', '') email = request.session.get('email', '') logging.debug('request method is %s' % request.method) register_form = forms.OpenidRegisterForm( initial={ 'next': next_url, 'username': request.session.get('username', ''), 'email': request.session.get('email', ''), }) email_feeds_form = askbot_forms.SimpleEmailSubscribeForm() if request.method == 'GET': assert (login_provider_name is not None) assert (user_identifier is not None) #store this data into the session #to persist for the post request request.session['login_provider_name'] = login_provider_name request.session['user_identifier'] = user_identifier elif request.method == 'POST': if 'login_provider_name' not in request.session \ or 'user_identifier' not in request.session: logging.critical('illegal attempt to register') return HttpResponseRedirect(reverse('user_signin')) #load this data from the session user_identifier = request.session['user_identifier'] login_provider_name = request.session['login_provider_name'] logging.debug('trying to create new account associated with openid') register_form = forms.OpenidRegisterForm(request.POST) email_feeds_form = askbot_forms.SimpleEmailSubscribeForm(request.POST) if not register_form.is_valid(): logging.debug('OpenidRegisterForm is INVALID') elif not email_feeds_form.is_valid(): logging.debug('SimpleEmailSubscribeForm is INVALID') else: logging.debug( 'OpenidRegisterForm and SimpleEmailSubscribeForm are valid') is_redirect = True username = register_form.cleaned_data['username'] email = register_form.cleaned_data['email'] user = User.objects.create_user(username, email) logging.debug('creating new openid user association for %s') UserAssociation( openid_url=user_identifier, user=user, provider_name=login_provider_name, last_used_timestamp=datetime.datetime.now()).save() del request.session['user_identifier'] del request.session['login_provider_name'] logging.debug('logging the user in') user = authenticate(method='force', user_id=user.id) if user is None: error_message = 'please make sure that ' + \ 'askbot.deps.django_authopenid.backends.AuthBackend' + \ 'is in your settings.AUTHENTICATION_BACKENDS' raise Exception(error_message) login(request, user) logging.debug('saving email feed settings') email_feeds_form.save(user) #check if we need to post a question that was added anonymously #this needs to be a function call becase this is also done #if user just logged in and did not need to create the new account if user != None: if askbot_settings.EMAIL_VALIDATION == True: logging.debug('sending email validation') send_new_email_key(user, nomessage=True) output = validation_email_sent(request) set_email_validation_message( user) #message set after generating view return output if user.is_authenticated(): logging.debug('success, send user to main page') return HttpResponseRedirect(reverse('index')) else: logging.debug('have really strange error') raise Exception( 'openid login failed') #should not ever get here providers = { 'yahoo': '<font color="purple">Yahoo!</font>', 'flickr': '<font color="#0063dc">flick</font><font color="#ff0084">r</font>™', 'google': 'Google™', 'aol': '<font color="#31658e">AOL</font>', 'myopenid': 'MyOpenID', } if login_provider_name not in providers: provider_logo = login_provider_name logging.error( 'openid provider named "%s" has no pretty customized logo' % login_provider_name) else: provider_logo = providers[login_provider_name] logging.debug('printing authopenid/complete.html output') data = { 'openid_register_form': register_form, 'email_feeds_form': email_feeds_form, 'provider': mark_safe(provider_logo), 'username': username, 'email': email, 'login_type': 'openid', 'gravatar_faq_url': reverse('faq') + '#gravatar', } return render_into_skin('authopenid/complete.html', data, request)
def authenticate( self, username=None, # for 'password' and 'ldap' password=None, # for 'password' and 'ldap' user_id=None, # for 'force' provider_name=None, # required with all except email_key openid_url=None, email_key=None, oauth_user_id=None, # used with oauth facebook_user_id=None, # user with facebook wordpress_url=None, # required for self hosted wordpress wp_user_id=None, # required for self hosted wordpress method=None, # requried parameter ): """this authentication function supports many login methods just which method it is going to use it determined from the signature of the function call """ login_providers = util.get_enabled_login_providers() assoc = None # UserAssociation not needed for ldap if method == "password": if login_providers[provider_name]["type"] != "password": raise ImproperlyConfigured("login provider must use password") if provider_name == "local": try: user = User.objects.get(username=username) if not user.check_password(password): return None except User.DoesNotExist: try: email_address = username user = User.objects.get(email=email_address) if not user.check_password(password): return None except User.DoesNotExist: return None except User.MultipleObjectsReturned: LOG.critical( ( "have more than one user with email %s " + "he/she will not be able to authenticate with " + "the email address in the place of user name" ) % email_address ) return None else: if login_providers[provider_name]["check_password"](username, password): try: # if have user associated with this username and provider, # return the user assoc = UserAssociation.objects.get( openid_url=username + "@" + provider_name, # a hack - par name is bad provider_name=provider_name, ) return assoc.user except UserAssociation.DoesNotExist: # race condition here a user with this name may exist user, created = User.objects.get_or_create(username=username) if created: user.set_password(password) user.save() user_registered.send(None, user=user) else: # have username collision - so make up a more unique user name # bug: - if user already exists with the new username - we are in trouble new_username = "******" % (username, provider_name) user = User.objects.create_user(new_username, "", password) user_registered.send(None, user=user) message = _( "Welcome! Please set email address (important!) in your " "profile and adjust screen name, if necessary." ) user.message_set.create(message=message) else: return None # this is a catch - make login token a little more unique # for the cases when passwords are the same for two users # from the same provider try: assoc = UserAssociation.objects.get(user=user, provider_name=provider_name) except UserAssociation.DoesNotExist: assoc = UserAssociation(user=user, provider_name=provider_name) assoc.openid_url = username + "@" + provider_name # has to be this way for external pw logins elif method == "openid": try: assoc = UserAssociation.objects.get(openid_url=openid_url) user = assoc.user except UserAssociation.DoesNotExist: return None except UserAssociation.MultipleObjectsReturned: logging.critical("duplicate openid url in the database!!! %s" % openid_url) return None elif method == "email": # with this method we do no use user association try: # todo: add email_key_timestamp field # and check key age user = User.objects.get(email_key=email_key) user.email_key = None # one time key so delete it user.email_isvalid = True user.save() return user except User.DoesNotExist: return None elif method == "oauth": if login_providers[provider_name]["type"] in ("oauth", "oauth2"): try: assoc = UserAssociation.objects.get(openid_url=oauth_user_id, provider_name=provider_name) user = assoc.user except UserAssociation.DoesNotExist: return None else: return None elif method == "facebook": try: # assert(provider_name == 'facebook') assoc = UserAssociation.objects.get(openid_url=facebook_user_id, provider_name="facebook") user = assoc.user except UserAssociation.DoesNotExist: return None elif method == "ldap": # user_info = ldap_authenticate(username, password) user_info = util.ldap_check_password(username, password) if user_info["success"] == False: # Maybe a user created internally (django admin user) try: user = User.objects.get(username__exact=username) if user.check_password(password): return user else: return None except User.DoesNotExist: return None else: # load user by association or maybe auto-create one ldap_username = user_info["ldap_username"] try: # todo: provider_name is hardcoded - possible conflict assoc = UserAssociation.objects.get(openid_url=ldap_username, provider_name="Wind River LDAP") user = assoc.user except UserAssociation.DoesNotExist: # email address is required if "email" in user_info and askbot_settings.LDAP_AUTOCREATE_USERS: assoc = ldap_create_user(user_info) user = assoc.user else: return None elif method == "wordpress_site": try: custom_wp_openid_url = "%s?user_id=%s" % (wordpress_url, wp_user_id) assoc = UserAssociation.objects.get(openid_url=custom_wp_openid_url, provider_name="wordpress_site") user = assoc.user except UserAssociation.DoesNotExist: return None elif method == "force": return self.get_user(user_id) else: raise TypeError("only openid and password supported") if assoc: # update last used time assoc.last_used_timestamp = datetime.datetime.now() assoc.save() return user
def authenticate( self, username = None,#for 'password' password = None,#for 'password' user_id = None,#for 'force' provider_name = None,#required with all except email_key openid_url = None, email_key = None, oauth_user_id = None,#used with oauth facebook_user_id = None,#user with facebook ldap_user_id = None,#for ldap method = None,#requried parameter ): """this authentication function supports many login methods just which method it is going to use it determined from the signature of the function call """ login_providers = util.get_enabled_login_providers() if method == 'password': if login_providers[provider_name]['type'] != 'password': raise ImproperlyConfigured('login provider must use password') if provider_name == 'local': try: user = User.objects.get(username=username) if not user.check_password(password): return None except User.DoesNotExist: return None else: #todo there must be a call to some sort of #an external "check_password" function raise NotImplementedError('do not support external passwords') #this is a catch - make login token a little more unique #for the cases when passwords are the same for two users #from the same provider try: assoc = UserAssociation.objects.get( user = user, provider_name = provider_name ) except UserAssociation.DoesNotExist: assoc = UserAssociation( user = user, provider_name = provider_name ) assoc.openid_url = user.password + str(user.id) elif method == 'openid': provider_name = util.get_provider_name(openid_url) try: assoc = UserAssociation.objects.get( openid_url = openid_url, provider_name = provider_name ) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'email': #with this method we do no use user association try: #todo: add email_key_timestamp field #and check key age user = User.objects.get(email_key = email_key) user.email_key = None #one time key so delete it user.email_isvalid = True user.save() return user except User.DoesNotExist: return None elif method == 'oauth': if login_providers[provider_name]['type'] == 'oauth': try: assoc = UserAssociation.objects.get( openid_url = oauth_user_id, provider_name = provider_name ) user = assoc.user except UserAssociation.DoesNotExist: return None else: return None elif method == 'facebook': try: #assert(provider_name == 'facebook') assoc = UserAssociation.objects.get( openid_url = facebook_user_id, provider_name = 'facebook' ) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'ldap': try: assoc = UserAssociation.objects.get( openid_url = ldap_user_id, provider_name = provider_name ) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'force': return self.get_user(user_id) else: raise TypeError('only openid and password supported') #update last used time assoc.last_used_timestamp = datetime.datetime.now() assoc.save() return user
def authenticate( self, username=None, #for 'password' password=None, #for 'password' user_id=None, #for 'force' provider_name=None, #required with all except email_key openid_url=None, email_key=None, oauth_user_id=None, #used with oauth facebook_user_id=None, #user with facebook ldap_user_id=None, #for ldap method=None, #requried parameter ): """this authentication function supports many login methods just which method it is going to use it determined from the signature of the function call """ login_providers = util.get_enabled_login_providers() if method == 'password': if login_providers[provider_name]['type'] != 'password': raise ImproperlyConfigured('login provider must use password') if provider_name == 'local': try: user = User.objects.get(username=username) if not user.check_password(password): return None except User.DoesNotExist: return None else: #todo there must be a call to some sort of #an external "check_password" function raise NotImplementedError('do not support external passwords') #this is a catch - make login token a little more unique #for the cases when passwords are the same for two users #from the same provider try: assoc = UserAssociation.objects.get( user=user, provider_name=provider_name) except UserAssociation.DoesNotExist: assoc = UserAssociation(user=user, provider_name=provider_name) assoc.openid_url = user.password + str(user.id) elif method == 'openid': provider_name = util.get_provider_name(openid_url) try: assoc = UserAssociation.objects.get( openid_url=openid_url, provider_name=provider_name) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'email': #with this method we do no use user association try: #todo: add email_key_timestamp field #and check key age user = User.objects.get(email_key=email_key) user.email_key = None #one time key so delete it user.email_isvalid = True user.save() return user except User.DoesNotExist: return None elif method == 'oauth': if login_providers[provider_name]['type'] == 'oauth': try: assoc = UserAssociation.objects.get( openid_url=oauth_user_id, provider_name=provider_name) user = assoc.user except UserAssociation.DoesNotExist: return None else: return None elif method == 'facebook': try: #assert(provider_name == 'facebook') assoc = UserAssociation.objects.get( openid_url=facebook_user_id, provider_name='facebook') user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'ldap': try: assoc = UserAssociation.objects.get( openid_url=ldap_user_id, provider_name=provider_name) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'force': return self.get_user(user_id) else: raise TypeError('only openid and password supported') #update last used time assoc.last_used_timestamp = datetime.datetime.now() assoc.save() return user