コード例 #1
0
ファイル: hg.py プロジェクト: cidvbi/PathogenPortal
 def __authenticate( self, username, password ):
     # Instantiate a database connection
     engine = sqlalchemy.create_engine( self.db_url )
     connection = engine.connect()
     result_set = connection.execute( "select email, password from galaxy_user where username = '******'" % username.lower() )
     for row in result_set:
         # Should only be 1 row...
         db_email = row[ 'email' ]
         db_password = row[ 'password' ]
     connection.close()
     # Check if password matches db_password when hashed.
     return new_secure_hash( text_type=password ) == db_password
コード例 #2
0
ファイル: users.py プロジェクト: bwlang/galaxy
 def get_activation_token(self, trans, email):
     """
     Check for the activation token. Create new activation token and store it in the database if no token found.
     """
     user = trans.sa_session.query(trans.app.model.User).filter(trans.app.model.User.table.c.email == email).first()
     activation_token = user.activation_token
     if activation_token is None:
         activation_token = hash_util.new_secure_hash(str(random.getrandbits(256)))
         user.activation_token = activation_token
         trans.sa_session.add(user)
         trans.sa_session.flush()
     return activation_token
コード例 #3
0
 def get_activation_token(self, trans, email):
     """
     Check for the activation token. Create new activation token and store it in the database if no token found.
     """
     user = trans.sa_session.query(trans.app.model.User).filter(trans.app.model.User.table.c.email == email).first()
     activation_token = user.activation_token
     if activation_token is None:
         activation_token = hash_util.new_secure_hash(str(random.getrandbits(256)))
         user.activation_token = activation_token
         trans.sa_session.add(user)
         trans.sa_session.flush()
     return activation_token
コード例 #4
0
 def __authenticate( self, username, password ):
     db_password = None
     # Instantiate a database connection
     engine = sqlalchemy.create_engine( self.db_url )
     connection = engine.connect()
     result_set = connection.execute( "select email, password from galaxy_user where username = '******'" % username.lower() )
     for row in result_set:
         # Should only be 1 row...
         db_password = row[ 'password' ]
     connection.close()
     if db_password:
         # Check if password matches db_password when hashed.
         return new_secure_hash( text_type=password ) == db_password
     return False
コード例 #5
0
 def set_password_cleartext(self, cleartext):
     message = validate_password_str(cleartext)
     if message:
         raise Exception("Invalid password: %s" % message)
     """Set 'self.password' to the digest of 'cleartext'."""
     self.password = new_secure_hash(text_type=cleartext)
コード例 #6
0
 def check_password(self, cleartext):
     """Check if 'cleartext' matches 'self.password' when hashed."""
     return self.password == new_secure_hash(text_type=cleartext)
コード例 #7
0
ファイル: __init__.py プロジェクト: AAFC-MBB/galaxy-1
 def set_password_cleartext( self, cleartext ):
     """Set 'self.password' to the digest of 'cleartext'."""
     self.password = new_secure_hash( text_type=cleartext )
コード例 #8
0
ファイル: __init__.py プロジェクト: AAFC-MBB/galaxy-1
 def check_password( self, cleartext ):
     """Check if 'cleartext' matches 'self.password' when hashed."""
     return self.password == new_secure_hash( text_type=cleartext )
コード例 #9
0
ファイル: users.py プロジェクト: msauria/galaxy
    def purge(self, user, flush=True):
        """Purge the given user. They must have the deleted flag already."""
        if not self.app.config.allow_user_deletion:
            raise exceptions.ConfigDoesNotAllowException(
                'The configuration of this Galaxy instance does not allow admins to delete or purge users.'
            )
        if not user.deleted:
            raise exceptions.MessageException(
                'User \'%s\' has not been deleted, so they cannot be purged.' %
                user.email)
        private_role = self.app.security_agent.get_private_user_role(user)
        # Delete History
        for active_history in user.active_histories:
            self.session().refresh(active_history)
            for hda in active_history.active_datasets:
                # Delete HistoryDatasetAssociation
                hda.deleted = True
                self.session().add(hda)
            active_history.deleted = True
            self.session().add(active_history)
        # Delete UserGroupAssociations
        for uga in user.groups:
            self.session().delete(uga)
        # Delete UserRoleAssociations EXCEPT FOR THE PRIVATE ROLE
        for ura in user.roles:
            if ura.role_id != private_role.id:
                self.session().delete(ura)
        # Delete UserAddresses
        for address in user.addresses:
            self.session().delete(address)
        compliance_log = logging.getLogger('COMPLIANCE')
        compliance_log.info(f'delete-user-event: {user.username}')
        # Maybe there is some case in the future where an admin needs
        # to prove that a user was using a server for some reason (e.g.
        # a court case.) So we make this painfully hard to recover (and
        # not immediately reversable) in line with GDPR, but still
        # leave open the possibility to prove someone was part of the
        # server just in case. By knowing the exact email + approximate
        # time of deletion, one could run through hashes for every
        # second of the surrounding days/weeks.
        pseudorandom_value = str(int(time.time()))
        # Replace email + username with a (theoretically) unreversable
        # hash. If provided with the username we can probably re-hash
        # to identify if it is needed for some reason.
        #
        # Deleting multiple times will re-hash the username/email
        email_hash = new_secure_hash(user.email + pseudorandom_value)
        uname_hash = new_secure_hash(user.username + pseudorandom_value)
        # We must also redact username
        for role in user.all_roles():
            if self.app.config.redact_username_during_deletion:
                role.name = role.name.replace(user.username, uname_hash)
                role.description = role.description.replace(
                    user.username, uname_hash)

            if self.app.config.redact_email_during_deletion:
                role.name = role.name.replace(user.email, email_hash)
                role.description = role.description.replace(
                    user.email, email_hash)
            user.email = email_hash
            user.username = uname_hash
        # Redact user addresses as well
        if self.app.config.redact_user_address_during_deletion:
            user_addresses = self.session().query(self.app.model.UserAddress) \
                .filter(self.app.model.UserAddress.user_id == user.id).all()
            for addr in user_addresses:
                addr.desc = new_secure_hash(addr.desc + pseudorandom_value)
                addr.name = new_secure_hash(addr.name + pseudorandom_value)
                addr.institution = new_secure_hash(addr.institution +
                                                   pseudorandom_value)
                addr.address = new_secure_hash(addr.address +
                                               pseudorandom_value)
                addr.city = new_secure_hash(addr.city + pseudorandom_value)
                addr.state = new_secure_hash(addr.state + pseudorandom_value)
                addr.postal_code = new_secure_hash(addr.postal_code +
                                                   pseudorandom_value)
                addr.country = new_secure_hash(addr.country +
                                               pseudorandom_value)
                addr.phone = new_secure_hash(addr.phone + pseudorandom_value)
                self.session().add(addr)
        # Purge the user
        super().purge(user, flush=flush)
コード例 #10
0
ファイル: __init__.py プロジェクト: zero-raspberry/galaxy
 def set_password_cleartext(self, cleartext):
     """Set 'self.password' to the digest of 'cleartext'."""
     self.password = new_secure_hash(text_type=cleartext)
コード例 #11
0
ファイル: __init__.py プロジェクト: ashvark/galaxy
 def hash_dependencies(self, resolved_dependencies):
     """Return hash for dependencies"""
     resolved_dependencies = [(dep.name, dep.version, dep.exact, dep.dependency_type) for dep in resolved_dependencies]
     hash_str = json.dumps(sorted(resolved_dependencies))
     return hash_util.new_secure_hash(hash_str)[:8]  # short hash
コード例 #12
0
 def hash_dependencies(self, resolved_dependencies):
     """Return hash for dependencies"""
     resolved_dependencies = [(dep.name, dep.version, dep.exact, dep.dependency_type) for dep in resolved_dependencies]
     hash_str = json.dumps(sorted(resolved_dependencies))
     return hash_util.new_secure_hash(hash_str)[:8]  # short hash