def authenticate(self,
request,
user_id=None,
username=None,
email=None,
user=None,
password=None,
**kw):
odm = request.app.odm()
try:
if not user:
with odm.begin() as session:
query = session.query(odm.user)
if user_id:
user = query.get(user_id)
elif username:
user = query.filter_by(username=username).one()
elif email:
email = normalise_email(email)
user = query.filter_by(email=email).one()
else:
raise AuthenticationError('Invalid credentials')
if user and self.crypt_verify(user.password, password):
return user
else:
raise NoResultFound
except NoResultFound:
if username:
raise AuthenticationError('Invalid username or password')
elif email:
raise AuthenticationError('Invalid email or password')
else:
raise AuthenticationError('Invalid credentials')
def create_user(self,
request,
username=None,
password=None,
email=None,
first_name=None,
last_name=None,
active=False,
superuser=False,
**kwargs):
'''Create a new user.
Either ``username`` or ``email`` must be provided.
'''
odm = request.app.odm()
email = normalise_email(email)
assert username or email
with odm.begin() as session:
if not username:
username = email
user = odm.user(username=username,
password=self.password(password),
email=email,
first_name=first_name,
last_name=last_name,
active=active,
superuser=superuser)
session.add(user)
return user
def create_user(self, request, username=None, password=None, email=None,
name=None, surname=None, active=False, superuser=False,
**kwargs):
manager = request.app.odm('nosql').user
email = normalise_email(email)
assert username or email
if username:
if manager.filter(username=username).all():
raise sessions.AuthenticationError(
'%s already used' % username)
if email and manager.filter(email=email).all():
raise sessions.AuthenticationError('%s already used' % email)
if not username:
username = email
active = False
registration = False
else:
registration = not active
user = manager(username=username, password=self.password(password),
email=email, name=name, surname=surname,
active=active, superuser=superuser, **kwargs).save()
if registration: # create registration email if user is not active
self.get_or_create_registration(request, user)
return user
def authenticate(self, request, user_id=None, username=None, email=None,
password=None, **kw):
odm = request.app.odm()
with odm.begin() as session:
query = session.query(odm.user)
try:
if user_id:
user = query.get(user_id)
elif username:
user = query.filter_by(username=username).one()
elif email:
user = query.filter_by(email=normalise_email(email)).one()
else:
raise AuthenticationError('Invalid credentials')
if user and self.decript(user.password) == password:
return user
else:
raise odm.ModelNotFound
except NoResultFound:
if username:
raise AuthenticationError('Invalid username or password')
elif email:
raise AuthenticationError('Invalid email or password')
else:
raise AuthenticationError('Invalid credentials')
def create_user(self, request, username=None, password=None, email=None,
first_name=None, last_name=None, active=False,
superuser=False, **kwargs):
'''Create a new user.
Either ``username`` or ``email`` must be provided.
'''
odm = request.app.odm()
email = normalise_email(email)
assert username or email
with odm.begin() as session:
if not username:
username = email
user = odm.user(username=username,
password=self.password(password),
email=email,
first_name=first_name,
last_name=last_name,
active=active,
superuser=superuser)
session.add(user)
return user
def get_user(self,
request,
user_id=None,
token_id=None,
username=None,
email=None,
auth_key=None,
**kw):
'''Securely fetch a user by id, username or email
Returns user or nothing
'''
odm = request.app.odm()
if token_id and user_id:
with odm.begin() as session:
query = session.query(odm.token)
query = query.filter_by(user_id=user_id, id=token_id)
query.update({'last_access': datetime.utcnow()},
synchronize_session=False)
if not query.count():
return
if auth_key:
with odm.begin() as session:
query = session.query(odm.registration)
reg = query.get(auth_key)
if reg and not reg.confirmed and reg.expiry > datetime.now():
user_id = reg.user_id
else:
return
with odm.begin() as session:
query = session.query(odm.user)
try:
if user_id:
user = query.get(user_id)
elif username:
user = query.filter_by(username=username).one()
elif email:
user = query.filter_by(email=normalise_email(email)).one()
else:
return
except NoResultFound:
return
return user
def get_user(self, request, user_id=None, token_id=None, username=None,
email=None, auth_key=None, **kw):
'''Securely fetch a user by id, username or email
Returns user or nothing
'''
odm = request.app.odm()
if token_id and user_id:
with odm.begin() as session:
query = session.query(odm.token)
query = query.filter_by(user_id=user_id, id=token_id)
query.update({'last_access': datetime.utcnow()},
synchronize_session=False)
if not query.count():
return
if auth_key:
with odm.begin() as session:
query = session.query(odm.registration)
reg = query.get(auth_key)
if reg and not reg.confirmed and reg.expiry > datetime.now():
user_id = reg.user_id
else:
return
with odm.begin() as session:
query = session.query(odm.user)
try:
if user_id:
user = query.get(user_id)
elif username:
user = query.filter_by(username=username).one()
elif email:
user = query.filter_by(email=normalise_email(email)).one()
else:
return
except NoResultFound:
return
return user
def get_user(self, request, user_id=None, username=None, email=None, **kw):
'''Securely fetch a user by id, username or email
Returns user or nothing
'''
odm = request.app.odm()
with odm.begin() as session:
query = session.query(odm.user)
try:
if user_id:
user = query.get(user_id)
elif username:
user = query.filter_by(username=username).one()
elif email:
user = query.filter_by(email=normalise_email(email)).one()
else:
return
except NoResultFound:
return
return user
def authenticate(self, request, user_id=None, username=None, email=None,
password=None, **kw):
manager = request.app.odm('nosql').user
user = None
try:
if user_id:
user = manager.get(user_id)
elif username:
user = manager.get(username=username)
elif email:
user = manager.get(email=normalise_email(email))
else:
raise AuthenticationError('Invalid credentials')
if user and self.decript(user.password) == password:
return user
else:
raise odm.ModelNotFound
except odm.ModelNotFound:
if username:
raise AuthenticationError('Invalid username or password')
elif email:
raise AuthenticationError('Invalid email or password')
else:
raise AuthenticationError('Invalid credentials')
def run(self, options, interactive=False):
username = options.username
password = options.password
email = options.email
if not username or not password or not email:
interactive = True
request = self.app.wsgi_request()
auth_backend = self.app.auth_backend
if interactive: # pragma nocover
def_username = get_def_username(request, auth_backend)
input_msg = 'Username'
if def_username:
input_msg += ' (Leave blank to use %s)' % def_username
username = None
email = None
password = None
try:
# Get a username
while not username:
username = input(input_msg + ': ')
if def_username and username == '':
username = def_username
if not RE_VALID_USERNAME.match(username):
self.write_err('Error: That username is invalid. Use '
'only letters, digits and underscores.')
username = None
else:
user = auth_backend.get_user(request,
username=username)
if user is not None:
self.write_err(
"Error: That username is already taken.\n")
username = None
while not email:
email = input('Email: ')
try:
email = normalise_email(email)
except Exception:
self.write_err('Error: That email is invalid.')
email = None
else:
user = auth_backend.get_user(request, email=email)
if user is not None:
self.write_err(
"Error: That email is already taken.")
email = None
# Get a password
while 1:
if not password:
password = getpass.getpass()
password2 = getpass.getpass('Password (again): ')
if password != password2:
self.write_err(
"Error: Your passwords didn't match.")
password = None
continue
if password.strip() == '':
self.write_err(
"Error: Blank passwords aren't allowed.")
password = None
continue
break
except KeyboardInterrupt:
self.write_err('\nOperation cancelled.')
sys.exit(1)
user = auth_backend.create_superuser(request,
username=username,
email=normalise_email(email),
password=password)
if user:
self.write("Superuser %s created successfully.\n" % user.username)
else:
self.write_err("ERROR: could not create superuser")
return user
