def do(data, resource): body = {} params = data['params'] email = params['email'] password = params['password'] extra = params.get('extra', {}) salt = Salt.get_salt(32) password_hash = hash_password(password, salt) password_meta = { 'count': len(password), 'count_lowercase': len([c for c in password if c.islower()]), 'count_uppercase': len([c for c in password if c.isupper()]), 'count_special': len([c for c in password if c in string.punctuation]), } partition = 'user' data['params']['login_method'] = 'email_login' login_conf = get_login_method(data, resource)['item'] register_policy_code = login_conf.get('register_policy_code', None) if not data.get('admin', False): if not match_policy(register_policy_code, extra, password_meta): body['error'] = error.REGISTER_POLICY_VIOLATION return body default_group_name = login_conf['default_group_name'] enabled = login_conf['enabled'] if enabled == 'true': enabled = True elif enabled == 'false': enabled = False if not enabled: body['error'] = error.EMAIL_LOGIN_INVALID return body instructions = [(None, ('email', 'eq', email))] items, end_key = resource.db_query(partition, instructions) users = list(items) if len(users) > 0: body['error'] = error.EXISTING_ACCOUNT return body else: item = { 'email': email, 'password_hash': password_hash, 'salt': salt, 'groups': [default_group_name], 'login_method': 'email_login', } # Put extra value in the item for key in extra: if key not in item: item[key] = extra[key] resource.db_put_item(partition, item) body['item'] = item return body
def do(data, resource): body = {} params = data['params'] email = params.get('email', None) password = params.get('password', None) client_timestamp = params.get('client_timestamp', time.time()) client_timestamp = int(client_timestamp) data['params']['login_method'] = 'email_login' login_conf = get_login_method(data, resource)['item'] enabled = login_conf['enabled'] if enabled == 'true': enabled = True elif enabled == 'false': enabled = False if not enabled: body['error'] = error.EMAIL_LOGIN_INVALID return body instructions = [ (None, ('email', 'eq', email)), ('and', ('login_method', 'eq', 'email_login')), ] items, end_key = resource.db_query('user', instructions) if len(items) > 0: user = items[0] password_hash = user['password_hash'] salt = user['salt'] if password_hash == hash_password(password, salt): user_id = user['id'] session_id = token_urlsafe(32) session_public_key = token_urlsafe(32) session_item = { 'use_secure': True, # 세션 보안 사용 '__spk': session_public_key, 'user_id': user_id, 'session_type': 'email_login', 'client_ip': data.get('client_ip', None), 'timestamp_offset': client_timestamp - int(time.time()) } _ = resource.db_put_item('session', session_item, Hash.sha3_512(session_id)) body['session_id'] = session_id body['__spk'] = session_public_key body['user_id'] = user_id else: body['error'] = error.WRONG_PASSWORD else: body['error'] = error.NO_SUCH_ACCOUNT return body
def do(data, resource): body = {} params = data['params'] guest_id = params.get('guest_id', None) data['params']['login_method'] = 'guest_login' login_conf = get_login_method(data, resource)['body']['item'] default_group_name = login_conf['default_group_name'] enabled = login_conf['enabled'] if enabled == 'true': enabled = True elif enabled == 'false': enabled = False if not enabled: body['error'] = error.GUEST_LOGIN_INVALID return Response(body) if guest_id: item = resource.db_get_item(guest_id) if item: session_id = put_guest_session(resource, guest_id) body['session_id'] = session_id body['guest_id'] = guest_id return Response(body) else: body['error'] = error.NO_SUCH_GUEST return Response(body) else: guest_id = shortuuid.uuid() email = '{}@guest.com'.format(shortuuid.uuid()) item = { 'email': email, 'groups': [default_group_name], 'login_method': 'guest_login', } resource.db_put_item('user', item, item_id=guest_id) session_id = put_guest_session(resource, guest_id) body['session_id'] = session_id body['guest_id'] = guest_id return Response(body)
def do(data, resource): body = {} user = data['user'] params = data['params'] current_password = params.get('current_password') new_password = params.get('new_password') password_hash = user['password_hash'] salt = user['salt'] data['params']['login_method'] = 'email_login' login_conf = get_login_method(data, resource)['item'] register_policy_code = login_conf.get('register_policy_code', None) password_meta = { 'count': len(new_password), 'count_lowercase': len([c for c in new_password if c.islower()]), 'count_uppercase': len([c for c in new_password if c.isupper()]), 'count_special': len([c for c in new_password if c in string.punctuation]), } if not data.get('admin', False): if not match_policy(register_policy_code, user, password_meta): body['error'] = error.REGISTER_POLICY_VIOLATION return body if hash_password(current_password, salt) == password_hash: new_password_hash = hash_password(new_password, salt) # user['password_hash'] = new_password_hash user_id = user.get('id') success = resource.db_update_item_v2( user_id, { 'partition': 'user', 'password_hash': password_hash, 'updated_date': float(time.time()) }) body['user_id'] = user.get('id') body['success'] = success else: body['error'] = error.PERMISSION_DENIED return body
def do(data, resource): body = {} params = data['params'] email = params.get('email', None) password = params.get('password', None) data['params']['login_method'] = 'email_login' login_conf = get_login_method(data, resource)['item'] enabled = login_conf['enabled'] if enabled == 'true': enabled = True elif enabled == 'false': enabled = False if not enabled: body['error'] = error.EMAIL_LOGIN_INVALID return body instructions = [ (None, ('email', 'eq', email)), ('and', ('login_method', 'eq', 'email_login')), ] items, end_key = resource.db_query('user', instructions) if len(items) > 0: user = items[0] password_hash = user['password_hash'] salt = user['salt'] if password_hash == hash_password(password, salt): user_id = user['id'] session_id = token_urlsafe(32) session_item = { 'user_id': user_id, 'session_type': 'email_login', } _ = resource.db_put_item('session', session_item, Hash.sha3_512(session_id)) body['session_id'] = session_id else: body['error'] = error.WRONG_PASSWORD else: body['error'] = error.NO_SUCH_ACCOUNT return body
def do(data, resource): body = {} params = data['params'] user = data.get('user', None) session_id = params.get('session_id', None) data['params']['login_method'] = 'guest_login' login_conf = get_login_method(data, resource)['item'] default_group_name = login_conf['default_group_name'] enabled = login_conf['enabled'] if enabled == 'true': enabled = True elif enabled == 'false': enabled = False if not enabled: body['error'] = error.GUEST_LOGIN_INVALID return body if user: body['session_id'] = session_id body['guest_id'] = user['id'] return body else: guest_id = shortuuid.uuid() email = '{}@guest.com'.format(shortuuid.uuid()) item = { 'email': email, 'groups': [default_group_name], 'login_method': 'guest_login', 'name': 'Guest' } resource.db_put_item('user', item, item_id=guest_id) session_id = put_guest_session(resource, guest_id) body['session_id'] = session_id body['guest_id'] = guest_id return body
def do(data, resource): body = {} params = data['params'] email = params['email'] password = params['password'] # 추가적으로 삽입할 데이터들을 가져옵니다. extra = params.get('extra', {}) # 빈 값들은 세팅에서 제외합니다. extra = { key: value for key, value in extra.items() if value != '' and value != {} and value != [] } # 높은 암호화 수준을 위해 Salt 를 랜덤 생성합니다. salt = Salt.get_salt(32) # 사용자가 입력한 password 를 salt 와 함께 sha3_512 으로 해싱합니다. password_hash = hash_password(password, salt) # 비밀번호 정책 기준을 충족하는지 체크하기 위해 delegate 함수로 비밀번호의 메타 정보를 체크합니다. password_meta = { 'count': len(password), 'count_lowercase': len([c for c in password if c.islower()]), 'count_uppercase': len([c for c in password if c.isupper()]), 'count_special': len([c for c in password if c in string.punctuation]), } partition = 'user' data['params']['login_method'] = 'email_login' login_conf = get_login_method(data, resource)['item'] # 사용자의 가입 정책기준을 가져옵니다. register_policy_code = login_conf.get('register_policy_code', None) if not data.get('admin', False): # 사용자 가입 정책에 부합하는지 확인합니다. 부합하지 않으면 정책 위반 에러를 리턴합니다. if not match_policy(register_policy_code, extra, password_meta): body['error'] = error.REGISTER_POLICY_VIOLATION return body # 시스템의 Login config 에 저장된대 기본 가입 그룹 이름을 가져옵니다. default_group_name = login_conf['default_group_name'] # 시스템에서 로그인이 허용되는지 체크합니다. enabled = login_conf['enabled'] if enabled == 'true': enabled = True elif enabled == 'false': enabled = False # 로그인 허용이 되지 않는 경우입니다. if not enabled: body['error'] = error.EMAIL_LOGIN_INVALID return body # email 로 사용자가 있는지 확인합니다. instructions = [[None, 'email', 'eq', email]] items, end_key = resource.db_query(partition, instructions) users = list(items) # 이미 해당 이메일로 가입된 멤버가 있는 경우 if len(users) > 0: body['error'] = error.EXISTING_ACCOUNT return body else: # 해싱된 비밀번호로 회원 가입을 진행합니다. item = { 'id': str(uuid()), 'email': email, 'password_hash': password_hash, 'salt': salt, 'groups': [default_group_name], 'login_method': 'email_login', } # Put extra value in the item for key in extra: if key not in item: item[key] = extra[key] resource.db_put_item(partition, item, item_id=item['id']) body['item'] = item return body