def try_login(self, userkey, password, remember, client_ip, client_data = None, options = None): """ Tries to perform a login for the user with the given key (e.g. email or username); password; :param userkey: the user key (email address or username) :param password: :param remember: whether to have a longer expiration time or not :param client_ip: ip of the client for which the function has been called :param client_data: optional client data :param options: extra options :return: """ # get account data account_data = self.get_account(userkey) if account_data is None: return False, "AccountNotFound" login_attempts = self.get_failed_login_attempts(userkey) tooManyAttempts = self.options.failed_login_attempts_limit <= login_attempts if tooManyAttempts: return False, "TooManyAttempts" # error: too many attempts in the last minutes, for this user check_password = options is None or options["automatic_no_password"] is None if check_password: # generate hash of given password, appending salt hsh = self.get_hash(password, account_data.salt) if account_data.hash != hsh: # the key exists, but the password is wrong self.report_login_attempt(userkey, client_ip) # exit return False, "WrongPassword" # check if the account is confirmed if self.options.requires_account_confirmation and not account_data.confirmed: return False, "RequireConfirmation" # check if the account was banned if hasattr(account_data, "banned") and account_data.banned == True: return False, "BannedAccount" # get session expiration expiration = self.get_new_expiration(remember) # save session session = self.options.store.create_session(userkey, expiration, client_ip, client_data) del account_data.salt del account_data.hash return True, { "principal": Principal(account_data.id, account_data, session, True), "session": Session.from_dict(session) }
def initialize_anonymous_session(self, client_ip, client_data): """ Initializes a session for an anonymous user. :param client_ip: :param navigator: :return: """ expiration = self.get_new_expiration(True) userkey = None # save session session = self.options.store.create_session(userkey, expiration, client_ip, client_data) return { "principal": Principal(None, None, session, False), "session": Session.from_dict(session) }
def try_login_by_session_key(self, sessionkey): """ Tries to perform login by user session key. :param sessionkey: :return: boolean, session, account """ # returns bool, principal if sessionkey is None: return False, None session = self.options.store.get_session(sessionkey) if session is None: return False, None # convert into a class session = Session.from_dict(session) now = datetime.datetime.now() if session.expiration < now: return False, None if session.anonymous: return True, { "principal": Principal(None, None, session, False), "session": session } # get account data account = self.options.store.get_account(session.userkey) if account is None: return False, None # return session and account data return True, { "principal": Principal(account["id"], account, session, True), "session": session }
def try_login(self, userkey, password, remember, client_ip, client_data=None, options=None): """ Tries to perform a login for the user with the given key (e.g. email or username); password; :param userkey: the user key (email address or username) :param password: :param remember: whether to have a longer expiration time or not :param client_ip: ip of the client for which the function has been called :param client_data: optional client data :param options: extra options :return: """ # get account data account_data = self.get_account(userkey) if account_data is None: return False, "AccountNotFound" login_attempts = self.get_failed_login_attempts(userkey) tooManyAttempts = self.options.failed_login_attempts_limit <= login_attempts if tooManyAttempts: return False, "TooManyAttempts" # error: too many attempts in the last minutes, for this user check_password = options is None or options[ "automatic_no_password"] is None if check_password: # generate hash of given password, appending salt hsh = self.get_hash(password, account_data.salt) if account_data.hash != hsh: # the key exists, but the password is wrong self.report_login_attempt(userkey, client_ip) # exit return False, "WrongPassword" # check if the account is confirmed if self.options.requires_account_confirmation and not account_data.confirmed: return False, "RequireConfirmation" # check if the account was banned if hasattr(account_data, "banned") and account_data.banned == True: return False, "BannedAccount" # get session expiration expiration = self.get_new_expiration(remember) # save session session = self.options.store.create_session(userkey, expiration, client_ip, client_data) del account_data.salt del account_data.hash return True, { "principal": Principal(account_data.id, account_data, session, True), "session": Session.from_dict(session) }