def signin(request):
req = request.json_body
login = req['login']
password = req['password']
# login = request.POST.get('login', '')
# password = request.POST.get('password', '')
user = DBSession.query(User).filter_by(login=login).first()
if user and user.check_password(password):
client = Client(user_id=user.id)
user.clients.append(client)
DBSession.add(client)
DBSession.flush()
headers = remember(request, principal=client.id)
response = Response()
response.headers = headers
locale_id = user.default_locale_id
if not locale_id:
locale_id = 1
response.set_cookie(key='locale_id', value=str(locale_id))
response.set_cookie(key='client_id', value=str(client.id))
result = dict()
result['client_id'] = client.id
request.response.status = HTTPOk.code
# request.response.headers = headers
# return response
return HTTPOk(headers=response.headers, json_body=result)
# return result
return HTTPUnauthorized(location=request.route_url('login'))
def login_cheat(request): # TODO: test
next = request.params.get('next') or request.route_url('dashboard')
login = request.json_body.get('login', '')
passwordhash = request.json_body.get('passwordhash', '')
log.debug("Logging in with cheat method:" + login)
user = DBSession.query(User).filter_by(login=login).first()
if user and user.password.hash == passwordhash:
log.debug("Login successful")
client = Client(user_id=user.id)
user.clients.append(client)
DBSession.add(client)
DBSession.flush()
headers = remember(request, principal=client.id)
response = Response()
response.headers = headers
locale_id = user.default_locale_id
if not locale_id:
locale_id = 1
response.set_cookie(key='locale_id', value=str(locale_id))
response.set_cookie(key='client_id', value=str(client.id))
headers = remember(request, principal=client.id)
return response
log.debug("Login unsuccessful for " + login)
return HTTPUnauthorized(location=request.route_url('login'))
def login_post(request): # tested
next = request.params.get('next') or request.route_url('home')
login = request.POST.get('login', '')
password = request.POST.get('password', '')
# print(login)
log.debug(login)
user = DBSession.query(User).filter_by(login=login).first()
if user and user.check_password(password):
client = Client(user_id=user.id)
user.clients.append(client)
DBSession.add(client)
DBSession.flush()
headers = remember(request, principal=client.id)
response = Response()
response.headers = headers
locale_id = user.default_locale_id
if not locale_id:
locale_id = 1
response.set_cookie(key='locale_id', value=str(locale_id))
response.set_cookie(key='client_id', value=str(client.id))
headers = remember(request, principal=client.id)
# return HTTPFound(location=next, headers=response.headers)
return HTTPOk(headers=response.headers, json_body={})
# return {}
return HTTPUnauthorized(location=request.route_url('login'))
def new_client_server(request):
old_client = DBSession.query(Client).filter_by(
id=authenticated_userid(request)).first()
if old_client:
user = old_client.user
if user:
client = Client(user_id=user.id, is_browser_client=False)
user.clients.append(client)
DBSession.add(client)
DBSession.flush()
headers = remember(request, principal=client.id)
response = Response()
response.headers = headers
locale_id = user.default_locale_id
if not locale_id:
locale_id = 1
response.set_cookie(key='locale_id', value=str(locale_id))
response.set_cookie(key='client_id', value=str(client.id))
result = dict()
result['client_id'] = client.id
request.response.status = HTTPOk.code
# request.response.headers = headers
# return response
return HTTPOk(headers=response.headers, json_body=result)
# return result
return HTTPUnauthorized(location=request.route_url('login'))
def signin(request):
req = request.json_body
login = req['login']
password = req['password']
# login = request.POST.get('login', '')
# password = request.POST.get('password', '')
desktop = req.get('desktop', False)
user = DBSession.query(User).filter_by(login=login).first()
if user and user.check_password(password):
client = Client(user_id=user.id, is_browser_client=not desktop)
user.clients.append(client)
DBSession.add(client)
DBSession.flush()
headers = remember(request, principal=client.id, max_age=315360000)
response = Response()
response.headers = headers
locale_id = user.default_locale_id
if not locale_id:
locale_id = 1
response.set_cookie(key='locale_id',
value=str(locale_id),
max_age=datetime.timedelta(days=3650))
response.set_cookie(key='client_id',
value=str(client.id),
max_age=datetime.timedelta(days=3650))
result = dict()
result['client_id'] = client.id
request.response.status = HTTPOk.code
# request.response.headers = headers
# return response
return HTTPOk(headers=response.headers, json_body=result)
# return result
return HTTPUnauthorized(location=request.route_url('login'))
def login_post(request): # tested
# next = request.params.get('next') or request.route_url('home')
login = request.POST.get('login', '')
password = request.POST.get('password', '')
# print(login)
log.debug(login)
user = DBSession.query(User).filter_by(login=login).first()
if user and user.check_password(password):
client = Client(user_id=user.id)
user.clients.append(client)
DBSession.add(client)
DBSession.flush()
headers = remember(request, principal=client.id)
response = Response()
response.headers = headers
locale_id = user.default_locale_id
if not locale_id:
locale_id = 1
response.set_cookie(key='locale_id', value=str(locale_id))
response.set_cookie(key='client_id', value=str(client.id))
headers = remember(request, principal=client.id)
# return HTTPFound(location=next, headers=response.headers)
return HTTPOk(headers=response.headers, json_body={})
# return {}
return HTTPUnauthorized(location=request.route_url('login'))
def login_cheat(request): # TODO: test
next = request.params.get('next') or request.route_url('dashboard')
login = request.json_body.get('login', '')
passwordhash = request.json_body.get('passwordhash', '')
log.debug("Logging in with cheat method:" + login)
user = DBSession.query(User).filter_by(login=login).first()
if user and user.password.hash == passwordhash:
log.debug("Login successful")
client = Client(user_id=user.id)
user.clients.append(client)
DBSession.add(client)
DBSession.flush()
headers = remember(request, principal=client.id)
response = Response()
response.headers = headers
locale_id = user.default_locale_id
if not locale_id:
locale_id = 1
response.set_cookie(key='locale_id', value=str(locale_id))
response.set_cookie(key='client_id', value=str(client.id))
headers = remember(request, principal=client.id)
return response
log.debug("Login unsuccessful for " + login)
return HTTPUnauthorized(location=request.route_url('login'))
def logout_any(request): # tested
response = Response()
response.headers = forget(request)
response.set_cookie(key='client_id', value=None)
response.set_cookie(key='auth_tkt', value=None)
response.status_code = 200
response.json_body = {}
return response
def authenticate(request):
if request.method != 'POST':
return Response('Error: GET is not supported')
data = json.loads(request.body.decode('utf-8'))
openid = data.get('openid')
password = data.get('password')
(server, username) = utils.decompose_openid(openid)
# Get X.509 certificate chain from MyProxy server
log.info("Getting X.509 certificate from %s for %s" % (server, username))
myproxy_client = MyProxyClient(hostname=server)
cred_chain_pem_tuple = None
try:
cred_chain_pem_tuple = myproxy_client.logon(username, password, lifetime=7*24*3600)
except Exception as e:
request.response.status = 400
return {'status': 'Error', 'message': '%s' % e}
cred_chain_pem = ''
for e in cred_chain_pem_tuple:
cred_chain_pem += e
cert_pem = cred_chain_pem_tuple[0]
# Get 'Not After' date
cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_pem)
not_after_asn1 = cert.get_notAfter()
not_after = not_after_asn1.decode()
dt = datetime.strptime(not_after, '%Y%m%d%H%M%SZ')
# Check the publisher role in X509v3 extension 1.2.3.4.4.3.2.1.7.8
if not authentication.is_publisher(openid, cert):
request.response.status = 400
return {'status': 'Error', 'message': 'The user does not have the publisher role'}
# Store the X.509 certificate chain in a tmp file, so it can be used later by esgcet
cred_file = open('/tmp/x509in_%s_%s' % (server, username), 'w')
cred_file.write(cred_chain_pem)
cred_file.close()
# Add or update Publisher object in the database
publisher = DBSession.query(Publisher).filter(Publisher.openid==openid).first()
if publisher:
publisher.x509_pem = cred_chain_pem
publisher.expiration = dt
else:
publisher = Publisher(openid=openid, x509_pem=cred_chain_pem, expiration=dt)
DBSession.add(publisher)
# Save openid in auth_tk cookie
headers = remember(request, openid)
resp = Response()
resp.headers = headers
return resp
def set_language(request):
if request.POST:
local_name = negotiate_locale_name(request)
resp = Response()
resp.headers = {'Location': request.referrer}
resp.status = '302'
resp.set_cookie('language', local_name)
return resp
else:
return HTTPInternalServerError()
def connector(request):
# init connector and pass options
root = request.registry.settings['pyramid_elfinder_root']
options = {
'root': os.path.abspath(root),
'URL': request.registry.settings['pyramid_elfinder_url']
}
elf = elfinder.connector(options)
# fetch only needed GET/POST parameters
httpRequest = {}
form = request.params
for field in elf.httpAllowedParameters:
if field in form:
# Russian file names hack
if field == 'name':
httpRequest[field] = form.getone(field).encode('utf-8')
elif field == 'targets[]':
httpRequest[field] = form.getall(field)
# handle CGI upload
elif field == 'upload[]':
upFiles = {}
cgiUploadFiles = form.getall(field)
for up in cgiUploadFiles:
if isinstance(up, FieldStorage):
# pack dict(filename: filedescriptor)
upFiles[up.filename.encode('utf-8')] = up.file
httpRequest[field] = upFiles
else:
httpRequest[field] = form.getone(field)
# run connector with parameters
status, header, response = elf.run(httpRequest)
# get connector output and print it out
result = Response(status=status)
try:
del header['Connection']
except Exception:
pass
result.headers = header
result.charset = 'utf8'
if response is not None and status == 200:
# send file
if 'file' in response and hasattr(response['file'], 'read'):
result.body = response['file'].read()
response['file'].close()
# output json
else:
result.text = json.dumps(response)
return result
def connector(request):
# init connector and pass options
root = request.registry.settings['pyramid_elfinder_root']
options = {
'root': os.path.abspath(root),
'URL': request.registry.settings['pyramid_elfinder_url']
}
elf = elfinder.connector(options)
# fetch only needed GET/POST parameters
httpRequest = {}
form = request.params
for field in elf.httpAllowedParameters:
if field in form:
# Russian file names hack
if field == 'name':
httpRequest[field] = form.getone(field).encode('utf-8')
elif field == 'targets[]':
httpRequest[field] = form.getall(field)
# handle CGI upload
elif field == 'upload[]':
upFiles = {}
cgiUploadFiles = form.getall(field)
for up in cgiUploadFiles:
if isinstance(up, FieldStorage):
# pack dict(filename: filedescriptor)
upFiles[up.filename.encode('utf-8')] = up.file
httpRequest[field] = upFiles
else:
httpRequest[field] = form.getone(field)
# run connector with parameters
status, header, response = elf.run(httpRequest)
# get connector output and print it out
result = Response(status=status)
try:
del header['Connection']
except Exception:
pass
result.headers = header
result.charset = 'utf8'
if response is not None and status == 200:
# send file
if 'file' in response and hasattr(response['file'], 'read'):
result.body = response['file'].read()
response['file'].close()
# output json
else:
result.text = json.dumps(response)
return result
def set_language(request):
if request.POST:
local_name = negotiate_locale_name(request)
resp = Response()
resp.headers = {'Location': request.referrer}
resp.status = '302'
resp.set_cookie('language', local_name)
return resp
else:
return HTTPInternalServerError()
def desk_signin(request):
import requests
req = request.json_body
settings = request.registry.settings
try:
path = settings['desktop']['central_server'] + 'signin'
session = requests.Session()
session.headers.update({'Connection': 'Keep-Alive'})
adapter = requests.adapters.HTTPAdapter(pool_connections=1,
pool_maxsize=1,
max_retries=10)
session.mount('http://', adapter)
status = session.post(path, json=req)
client_id = status.json()['client_id']
cookies = status.cookies.get_dict()
with open('authentication_data.json', 'w') as f:
f.write(json.dumps(cookies))
if status.status_code == 200:
path = request.route_url('basic_sync')
subreq = Request.blank(path)
subreq.method = 'POST'
sub_headers = {'Cookie': request.headers['Cookie']}
subreq.headers = sub_headers
resp = request.invoke_subrequest(subreq)
if resp.status_code == 200:
headers = remember(request,
principal=client_id,
max_age=315360000)
response = Response()
response.headers = headers
locale_id = cookies['locale_id']
response.set_cookie(key='locale_id',
value=str(locale_id),
max_age=datetime.timedelta(days=3650))
response.set_cookie(key='client_id',
value=str(client_id),
max_age=datetime.timedelta(days=3650))
result = dict()
result['client_id'] = client_id
request.response.status = HTTPOk.code
# request.response.headers = headers
# return response
return HTTPOk(headers=response.headers, json_body=result)
# return result
except HTTPUnauthorized:
return HTTPUnauthorized(
json_body={'error': 'Login or password is wrong, please retry'})
except Exception:
return HTTPServiceUnavailable(
json_body={
'error':
'You have no internet connection or Lingvodoc server is unavailable; please retry later.'
})
def connector(request):
# init connector and pass options
elf = elFinder.connector(_opts)
# fetch only needed GET/POST parameters
httpRequest = {}
form=request.params
for field in elf.httpAllowedParameters:
if field in form:
# Russian file names hack
if field == 'name':
httpRequest[field] = form.getone(field).encode('utf-8')
elif field == 'targets[]':
httpRequest[field] = form.getall(field)
# handle CGI upload
elif field == 'upload[]':
upFiles = {}
cgiUploadFiles = form.getall(field)
for up in cgiUploadFiles:
if isinstance(up, FieldStorage):
upFiles[up.filename.encode('utf-8')] = up.file # pack dict(filename: filedescriptor)
httpRequest[field] = upFiles
else:
httpRequest[field] = form.getone(field)
# run connector with parameters
status, header, response = elf.run(httpRequest)
# get connector output and print it out
result=Response(status=status)
try:
del header['Connection']
except:
pass
result.headers=header
if not response is None and status == 200:
# send file
if 'file' in response and isinstance(response['file'], file):
result.body=response['file'].read()
response['file'].close()
# output json
else:
result.body=json.dumps(response)
return result
def __call__(self):
response = Response()
oauth = component.getUtility(IOAuthSettings)
result = oauth.login(WebObAdapter(self.request, response), self.__provider__)
if result:
if result.error:
return HTTPForbidden()
elif result.user:
if not (result.user.name and result.user.id):
result.user.update()
self._stamp_time(result.provider.access_token_response.data)
new_user = self.__user_class__(first_name=result.user.first_name,
last_name=result.user.last_name,
email=result.user.email,
password="",
access_token=result.provider.access_token_response.data)
self.context.insert(new_user, check_member=True)
response.headers = new_user.authenticate(self.request)
return response
def new_client(request):
import requests
settings = request.registry.settings
path = settings['desktop']['central_server'] + 'sync/client/server'
session = requests.Session()
session.headers.update({'Connection': 'Keep-Alive'})
adapter = requests.adapters.HTTPAdapter(pool_connections=1,
pool_maxsize=1,
max_retries=10)
session.mount('http://', adapter)
with open('authentication_data.json', 'r') as f:
cookies = json.loads(f.read())
status = session.post(path, cookies=cookies)
client_id = status.json()['client_id']
cookies = status.cookies.get_dict()
with open('authentication_data.json', 'w') as f:
f.write(json.dumps(cookies))
if status.status_code == 200:
# path = request.route_url('basic_sync')
# subreq = Request.blank(path)
# subreq.method = 'POST'
# sub_headers = {'Cookie': request.headers['Cookie']}
# subreq.headers = sub_headers
# resp = request.invoke_subrequest(subreq)
# if resp.status_code == 200:
headers = remember(request, principal=client_id)
response = Response()
response.headers = headers
locale_id = cookies['locale_id']
response.set_cookie(key='locale_id', value=str(locale_id))
response.set_cookie(key='client_id', value=str(client_id))
result = dict()
result['client_id'] = client_id
request.response.status = HTTPOk.code
# request.response.headers = headers
# return response
return HTTPOk(headers=response.headers, json_body=result)
# return result
return HTTPUnauthorized(location=request.route_url('login'))
def login_user(request):
try:
email = request.json_body.get('email')
firebase_token = request.json_body.get('firebaseToken')
is_anonymous = request.json_body.get('isAnonymous')
firebase_user_id = request.json_body.get('firebaseUserId')
google_token = request.json_body.get('googleToken')
branch_data = request.json_body.get('branchData')
prev_firebase_user_id = request.json_body.get('prevFirebaseUserId')
except ValueError:
raise ValidationError('ERR_INVALID_AUTH_PARAM')
if get_is_production() or email != 'oice-dev':
try:
auth.verify_id_token(firebase_token)
except ValueError:
raise ValidationError('ERR_FIREBASE_AUTH_ERROR')
except AppIdentityError:
raise ValidationError('ERR_INVALID_FIREBASE_TOKEN')
old_auth_id = authenticated_userid(request)
fetch_username = email
if is_anonymous and firebase_user_id:
fetch_username = firebase_user_id
# Init these bool here to avoid scope issue
is_first_login = False
is_trial_ended = False
log_dict = {
'topic': 'actionUser',
'isAnonymous': 'true' if is_anonymous else 'false',
'isDeeplink': 'false',
}
if branch_data:
log_dict.update({
'channel':
dict_get_value(branch_data, ['~channel'], 'direct'),
'isDeeplink':
'true',
})
log_dict = set_basic_info_referrer_log(
dict_get_value(branch_data, ['+referrer'], 'none'),
dict_get_value(branch_data, ['referrer2'], 'none'), log_dict)
oice_source = OiceQuery(DBSession).get_by_uuid(
dict_get_value(branch_data, ['uuid']))
if oice_source:
log_dict = set_basic_info_oice_source_log(
oice_source.story.users[0], oice_source, log_dict)
try:
user = UserQuery(DBSession).fetch_user_by_email(
email=fetch_username).one()
except NoResultFound:
user = User(email=fetch_username, is_anonymous=is_anonymous)
if firebase_user_id:
user.display_name = firebase_user_id
DBSession.add(user)
DBSession.flush()
is_first_login = True
is_trial_ended = False
# log
log_dict.update({'action': 'createUser'})
log_dict = set_basic_info_user_log(user, log_dict)
log_dict = set_basic_info_log(request, log_dict)
log_message(KAFKA_TOPIC_USER, log_dict)
else:
user.last_login_at = datetime.datetime.utcnow()
if not user.is_anonymous:
sample_story = StoryQuery(DBSession).get_sample_story(
user.language)
story = next((user_story for user_story in user.stories
if sample_story.id == user_story.fork_of), None)
if not story:
story = fork_story(DBSession, sample_story)
sample_oice = OiceQuery(DBSession).get_sample_oice(
language=user.language)
oice = fork_oice(DBSession, story, sample_oice)
user.stories.append(story)
if user.is_trial:
if user.is_paid(
) and user.expire_date < datetime.datetime.utcnow():
user.role = 'user'
update_user_mailchimp_stage(user=user, stage=5)
if user.is_free():
user.is_trial = False
is_trial_ended = True
else:
# if user.is_free() and not user.expire_date:
# Disabled trial due to busines request
# UserOperations.start_trial(user)
is_trial_ended = False
is_first_login = False
if not old_auth_id or request.headers.get('x-oice-app-version'):
# log
is_redeem_account = prev_firebase_user_id and firebase_user_id != prev_firebase_user_id
log_dict.update({
'action':
'redeemAccount' if is_redeem_account else 'login',
})
log_dict = set_basic_info_user_log(user, log_dict)
log_dict = set_basic_info_log(request, log_dict)
log_message(KAFKA_TOPIC_USER, log_dict)
if is_redeem_account:
handle_anonymous_user_app_story_progress(is_existing_user=True, \
prev_user_email=prev_firebase_user_id, \
new_user=user)
photo_url = request.json_body.get('photoURL', None)
if photo_url and user.avatar_storage is None:
r = requests.get(photo_url)
avatar = BytesIO(r.content)
factory = pyramid_safile.get_factory()
handle = factory.create_handle('avatar.png', avatar)
user.import_handle(handle)
language = request.json_body.get('language', None)
normalized_language = None
if language and user.language is None:
normalized_language = normalize_language(language)
if normalized_language:
user.language = normalized_language
# derive ui_language when creating user
user.ui_language = normalize_ui_language(normalized_language)
if (is_first_login or user.is_anonymous) and google_token:
display_name = request.json_body.get('displayName', None)
if email:
user.email = email
if not display_name:
display_name = email.split('@')[0]
if display_name:
user.display_name = display_name
sample_story = StoryQuery(DBSession).get_sample_story(
normalized_language)
story = fork_story(DBSession, sample_story)
sample_oice = OiceQuery(DBSession).get_sample_oice(
language=normalized_language)
oice = fork_oice(DBSession, story, sample_oice)
# open a public library for new user
library = create_user_public_library(DBSession, user.display_name)
user.stories.append(story)
user.libraries.append(library)
user.libraries_selected.append(library)
# pre-select default libraries for new user
default_libs = LibraryQuery(DBSession).fetch_default_libs()
user.libraries_purchased.extend(default_libs)
user.libraries_selected.extend(default_libs)
# Disabled trial due to busines request
# UserOperations.start_trial(user)
user.last_login_at = datetime.datetime.utcnow()
subscribe_mailchimp(google_token, user, language=language)
# update elastic search when create user
update_elastic_search_user(user.display_name, email)
if is_first_login and request.headers.get('x-oice-app-version'):
# log
log_dict.update({'action': 'bindAccount'})
log_dict = set_basic_info_user_log(user, log_dict)
log_dict = set_basic_info_log(request, log_dict)
log_message(KAFKA_TOPIC_USER, log_dict)
handle_anonymous_user_app_story_progress(is_existing_user=False, \
prev_user_email=prev_firebase_user_id, \
new_user=user)
user.is_anonymous = False
serialize_user = user.serialize()
serialize_user['isFirstLogin'] = is_first_login
serialize_user['isTrialEnded'] = is_trial_ended
serialize_user['intercomUserHash'] = hmac.new(
bytes(get_intercom_secret_key().encode('utf-8')),
bytes(str(user.id).encode('utf-8')),
digestmod=hashlib.sha256).hexdigest()
response = Response()
response.status_code = 200
response.headers = remember(request, user.email)
response.content_type = 'application/json'
response.charset = 'UTF-8'
response.text = json.dumps({'code': 200, 'user': serialize_user})
return response
