def signin(request): req = request.json_body login = req['login'] password = req['password'] # login = request.POST.get('login', '') # password = request.POST.get('password', '') user = DBSession.query(User).filter_by(login=login).first() if user and user.check_password(password): client = Client(user_id=user.id) user.clients.append(client) DBSession.add(client) DBSession.flush() headers = remember(request, principal=client.id) response = Response() response.headers = headers locale_id = user.default_locale_id if not locale_id: locale_id = 1 response.set_cookie(key='locale_id', value=str(locale_id)) response.set_cookie(key='client_id', value=str(client.id)) result = dict() result['client_id'] = client.id request.response.status = HTTPOk.code # request.response.headers = headers # return response return HTTPOk(headers=response.headers, json_body=result) # return result return HTTPUnauthorized(location=request.route_url('login'))
def login_cheat(request): # TODO: test next = request.params.get('next') or request.route_url('dashboard') login = request.json_body.get('login', '') passwordhash = request.json_body.get('passwordhash', '') log.debug("Logging in with cheat method:" + login) user = DBSession.query(User).filter_by(login=login).first() if user and user.password.hash == passwordhash: log.debug("Login successful") client = Client(user_id=user.id) user.clients.append(client) DBSession.add(client) DBSession.flush() headers = remember(request, principal=client.id) response = Response() response.headers = headers locale_id = user.default_locale_id if not locale_id: locale_id = 1 response.set_cookie(key='locale_id', value=str(locale_id)) response.set_cookie(key='client_id', value=str(client.id)) headers = remember(request, principal=client.id) return response log.debug("Login unsuccessful for " + login) return HTTPUnauthorized(location=request.route_url('login'))
def login_post(request): # tested next = request.params.get('next') or request.route_url('home') login = request.POST.get('login', '') password = request.POST.get('password', '') # print(login) log.debug(login) user = DBSession.query(User).filter_by(login=login).first() if user and user.check_password(password): client = Client(user_id=user.id) user.clients.append(client) DBSession.add(client) DBSession.flush() headers = remember(request, principal=client.id) response = Response() response.headers = headers locale_id = user.default_locale_id if not locale_id: locale_id = 1 response.set_cookie(key='locale_id', value=str(locale_id)) response.set_cookie(key='client_id', value=str(client.id)) headers = remember(request, principal=client.id) # return HTTPFound(location=next, headers=response.headers) return HTTPOk(headers=response.headers, json_body={}) # return {} return HTTPUnauthorized(location=request.route_url('login'))
def new_client_server(request): old_client = DBSession.query(Client).filter_by( id=authenticated_userid(request)).first() if old_client: user = old_client.user if user: client = Client(user_id=user.id, is_browser_client=False) user.clients.append(client) DBSession.add(client) DBSession.flush() headers = remember(request, principal=client.id) response = Response() response.headers = headers locale_id = user.default_locale_id if not locale_id: locale_id = 1 response.set_cookie(key='locale_id', value=str(locale_id)) response.set_cookie(key='client_id', value=str(client.id)) result = dict() result['client_id'] = client.id request.response.status = HTTPOk.code # request.response.headers = headers # return response return HTTPOk(headers=response.headers, json_body=result) # return result return HTTPUnauthorized(location=request.route_url('login'))
def signin(request): req = request.json_body login = req['login'] password = req['password'] # login = request.POST.get('login', '') # password = request.POST.get('password', '') desktop = req.get('desktop', False) user = DBSession.query(User).filter_by(login=login).first() if user and user.check_password(password): client = Client(user_id=user.id, is_browser_client=not desktop) user.clients.append(client) DBSession.add(client) DBSession.flush() headers = remember(request, principal=client.id, max_age=315360000) response = Response() response.headers = headers locale_id = user.default_locale_id if not locale_id: locale_id = 1 response.set_cookie(key='locale_id', value=str(locale_id), max_age=datetime.timedelta(days=3650)) response.set_cookie(key='client_id', value=str(client.id), max_age=datetime.timedelta(days=3650)) result = dict() result['client_id'] = client.id request.response.status = HTTPOk.code # request.response.headers = headers # return response return HTTPOk(headers=response.headers, json_body=result) # return result return HTTPUnauthorized(location=request.route_url('login'))
def login_post(request): # tested # next = request.params.get('next') or request.route_url('home') login = request.POST.get('login', '') password = request.POST.get('password', '') # print(login) log.debug(login) user = DBSession.query(User).filter_by(login=login).first() if user and user.check_password(password): client = Client(user_id=user.id) user.clients.append(client) DBSession.add(client) DBSession.flush() headers = remember(request, principal=client.id) response = Response() response.headers = headers locale_id = user.default_locale_id if not locale_id: locale_id = 1 response.set_cookie(key='locale_id', value=str(locale_id)) response.set_cookie(key='client_id', value=str(client.id)) headers = remember(request, principal=client.id) # return HTTPFound(location=next, headers=response.headers) return HTTPOk(headers=response.headers, json_body={}) # return {} return HTTPUnauthorized(location=request.route_url('login'))
def login_cheat(request): # TODO: test next = request.params.get('next') or request.route_url('dashboard') login = request.json_body.get('login', '') passwordhash = request.json_body.get('passwordhash', '') log.debug("Logging in with cheat method:" + login) user = DBSession.query(User).filter_by(login=login).first() if user and user.password.hash == passwordhash: log.debug("Login successful") client = Client(user_id=user.id) user.clients.append(client) DBSession.add(client) DBSession.flush() headers = remember(request, principal=client.id) response = Response() response.headers = headers locale_id = user.default_locale_id if not locale_id: locale_id = 1 response.set_cookie(key='locale_id', value=str(locale_id)) response.set_cookie(key='client_id', value=str(client.id)) headers = remember(request, principal=client.id) return response log.debug("Login unsuccessful for " + login) return HTTPUnauthorized(location=request.route_url('login'))
def logout_any(request): # tested response = Response() response.headers = forget(request) response.set_cookie(key='client_id', value=None) response.set_cookie(key='auth_tkt', value=None) response.status_code = 200 response.json_body = {} return response
def authenticate(request): if request.method != 'POST': return Response('Error: GET is not supported') data = json.loads(request.body.decode('utf-8')) openid = data.get('openid') password = data.get('password') (server, username) = utils.decompose_openid(openid) # Get X.509 certificate chain from MyProxy server log.info("Getting X.509 certificate from %s for %s" % (server, username)) myproxy_client = MyProxyClient(hostname=server) cred_chain_pem_tuple = None try: cred_chain_pem_tuple = myproxy_client.logon(username, password, lifetime=7*24*3600) except Exception as e: request.response.status = 400 return {'status': 'Error', 'message': '%s' % e} cred_chain_pem = '' for e in cred_chain_pem_tuple: cred_chain_pem += e cert_pem = cred_chain_pem_tuple[0] # Get 'Not After' date cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_pem) not_after_asn1 = cert.get_notAfter() not_after = not_after_asn1.decode() dt = datetime.strptime(not_after, '%Y%m%d%H%M%SZ') # Check the publisher role in X509v3 extension 1.2.3.4.4.3.2.1.7.8 if not authentication.is_publisher(openid, cert): request.response.status = 400 return {'status': 'Error', 'message': 'The user does not have the publisher role'} # Store the X.509 certificate chain in a tmp file, so it can be used later by esgcet cred_file = open('/tmp/x509in_%s_%s' % (server, username), 'w') cred_file.write(cred_chain_pem) cred_file.close() # Add or update Publisher object in the database publisher = DBSession.query(Publisher).filter(Publisher.openid==openid).first() if publisher: publisher.x509_pem = cred_chain_pem publisher.expiration = dt else: publisher = Publisher(openid=openid, x509_pem=cred_chain_pem, expiration=dt) DBSession.add(publisher) # Save openid in auth_tk cookie headers = remember(request, openid) resp = Response() resp.headers = headers return resp
def set_language(request): if request.POST: local_name = negotiate_locale_name(request) resp = Response() resp.headers = {'Location': request.referrer} resp.status = '302' resp.set_cookie('language', local_name) return resp else: return HTTPInternalServerError()
def connector(request): # init connector and pass options root = request.registry.settings['pyramid_elfinder_root'] options = { 'root': os.path.abspath(root), 'URL': request.registry.settings['pyramid_elfinder_url'] } elf = elfinder.connector(options) # fetch only needed GET/POST parameters httpRequest = {} form = request.params for field in elf.httpAllowedParameters: if field in form: # Russian file names hack if field == 'name': httpRequest[field] = form.getone(field).encode('utf-8') elif field == 'targets[]': httpRequest[field] = form.getall(field) # handle CGI upload elif field == 'upload[]': upFiles = {} cgiUploadFiles = form.getall(field) for up in cgiUploadFiles: if isinstance(up, FieldStorage): # pack dict(filename: filedescriptor) upFiles[up.filename.encode('utf-8')] = up.file httpRequest[field] = upFiles else: httpRequest[field] = form.getone(field) # run connector with parameters status, header, response = elf.run(httpRequest) # get connector output and print it out result = Response(status=status) try: del header['Connection'] except Exception: pass result.headers = header result.charset = 'utf8' if response is not None and status == 200: # send file if 'file' in response and hasattr(response['file'], 'read'): result.body = response['file'].read() response['file'].close() # output json else: result.text = json.dumps(response) return result
def connector(request): # init connector and pass options root = request.registry.settings['pyramid_elfinder_root'] options = { 'root': os.path.abspath(root), 'URL': request.registry.settings['pyramid_elfinder_url'] } elf = elfinder.connector(options) # fetch only needed GET/POST parameters httpRequest = {} form = request.params for field in elf.httpAllowedParameters: if field in form: # Russian file names hack if field == 'name': httpRequest[field] = form.getone(field).encode('utf-8') elif field == 'targets[]': httpRequest[field] = form.getall(field) # handle CGI upload elif field == 'upload[]': upFiles = {} cgiUploadFiles = form.getall(field) for up in cgiUploadFiles: if isinstance(up, FieldStorage): # pack dict(filename: filedescriptor) upFiles[up.filename.encode('utf-8')] = up.file httpRequest[field] = upFiles else: httpRequest[field] = form.getone(field) # run connector with parameters status, header, response = elf.run(httpRequest) # get connector output and print it out result = Response(status=status) try: del header['Connection'] except Exception: pass result.headers = header result.charset = 'utf8' if response is not None and status == 200: # send file if 'file' in response and hasattr(response['file'], 'read'): result.body = response['file'].read() response['file'].close() # output json else: result.text = json.dumps(response) return result
def set_language(request): if request.POST: local_name = negotiate_locale_name(request) resp = Response() resp.headers = {'Location': request.referrer} resp.status = '302' resp.set_cookie('language', local_name) return resp else: return HTTPInternalServerError()
def desk_signin(request): import requests req = request.json_body settings = request.registry.settings try: path = settings['desktop']['central_server'] + 'signin' session = requests.Session() session.headers.update({'Connection': 'Keep-Alive'}) adapter = requests.adapters.HTTPAdapter(pool_connections=1, pool_maxsize=1, max_retries=10) session.mount('http://', adapter) status = session.post(path, json=req) client_id = status.json()['client_id'] cookies = status.cookies.get_dict() with open('authentication_data.json', 'w') as f: f.write(json.dumps(cookies)) if status.status_code == 200: path = request.route_url('basic_sync') subreq = Request.blank(path) subreq.method = 'POST' sub_headers = {'Cookie': request.headers['Cookie']} subreq.headers = sub_headers resp = request.invoke_subrequest(subreq) if resp.status_code == 200: headers = remember(request, principal=client_id, max_age=315360000) response = Response() response.headers = headers locale_id = cookies['locale_id'] response.set_cookie(key='locale_id', value=str(locale_id), max_age=datetime.timedelta(days=3650)) response.set_cookie(key='client_id', value=str(client_id), max_age=datetime.timedelta(days=3650)) result = dict() result['client_id'] = client_id request.response.status = HTTPOk.code # request.response.headers = headers # return response return HTTPOk(headers=response.headers, json_body=result) # return result except HTTPUnauthorized: return HTTPUnauthorized( json_body={'error': 'Login or password is wrong, please retry'}) except Exception: return HTTPServiceUnavailable( json_body={ 'error': 'You have no internet connection or Lingvodoc server is unavailable; please retry later.' })
def connector(request): # init connector and pass options elf = elFinder.connector(_opts) # fetch only needed GET/POST parameters httpRequest = {} form=request.params for field in elf.httpAllowedParameters: if field in form: # Russian file names hack if field == 'name': httpRequest[field] = form.getone(field).encode('utf-8') elif field == 'targets[]': httpRequest[field] = form.getall(field) # handle CGI upload elif field == 'upload[]': upFiles = {} cgiUploadFiles = form.getall(field) for up in cgiUploadFiles: if isinstance(up, FieldStorage): upFiles[up.filename.encode('utf-8')] = up.file # pack dict(filename: filedescriptor) httpRequest[field] = upFiles else: httpRequest[field] = form.getone(field) # run connector with parameters status, header, response = elf.run(httpRequest) # get connector output and print it out result=Response(status=status) try: del header['Connection'] except: pass result.headers=header if not response is None and status == 200: # send file if 'file' in response and isinstance(response['file'], file): result.body=response['file'].read() response['file'].close() # output json else: result.body=json.dumps(response) return result
def __call__(self): response = Response() oauth = component.getUtility(IOAuthSettings) result = oauth.login(WebObAdapter(self.request, response), self.__provider__) if result: if result.error: return HTTPForbidden() elif result.user: if not (result.user.name and result.user.id): result.user.update() self._stamp_time(result.provider.access_token_response.data) new_user = self.__user_class__(first_name=result.user.first_name, last_name=result.user.last_name, email=result.user.email, password="", access_token=result.provider.access_token_response.data) self.context.insert(new_user, check_member=True) response.headers = new_user.authenticate(self.request) return response
def new_client(request): import requests settings = request.registry.settings path = settings['desktop']['central_server'] + 'sync/client/server' session = requests.Session() session.headers.update({'Connection': 'Keep-Alive'}) adapter = requests.adapters.HTTPAdapter(pool_connections=1, pool_maxsize=1, max_retries=10) session.mount('http://', adapter) with open('authentication_data.json', 'r') as f: cookies = json.loads(f.read()) status = session.post(path, cookies=cookies) client_id = status.json()['client_id'] cookies = status.cookies.get_dict() with open('authentication_data.json', 'w') as f: f.write(json.dumps(cookies)) if status.status_code == 200: # path = request.route_url('basic_sync') # subreq = Request.blank(path) # subreq.method = 'POST' # sub_headers = {'Cookie': request.headers['Cookie']} # subreq.headers = sub_headers # resp = request.invoke_subrequest(subreq) # if resp.status_code == 200: headers = remember(request, principal=client_id) response = Response() response.headers = headers locale_id = cookies['locale_id'] response.set_cookie(key='locale_id', value=str(locale_id)) response.set_cookie(key='client_id', value=str(client_id)) result = dict() result['client_id'] = client_id request.response.status = HTTPOk.code # request.response.headers = headers # return response return HTTPOk(headers=response.headers, json_body=result) # return result return HTTPUnauthorized(location=request.route_url('login'))
def login_user(request): try: email = request.json_body.get('email') firebase_token = request.json_body.get('firebaseToken') is_anonymous = request.json_body.get('isAnonymous') firebase_user_id = request.json_body.get('firebaseUserId') google_token = request.json_body.get('googleToken') branch_data = request.json_body.get('branchData') prev_firebase_user_id = request.json_body.get('prevFirebaseUserId') except ValueError: raise ValidationError('ERR_INVALID_AUTH_PARAM') if get_is_production() or email != 'oice-dev': try: auth.verify_id_token(firebase_token) except ValueError: raise ValidationError('ERR_FIREBASE_AUTH_ERROR') except AppIdentityError: raise ValidationError('ERR_INVALID_FIREBASE_TOKEN') old_auth_id = authenticated_userid(request) fetch_username = email if is_anonymous and firebase_user_id: fetch_username = firebase_user_id # Init these bool here to avoid scope issue is_first_login = False is_trial_ended = False log_dict = { 'topic': 'actionUser', 'isAnonymous': 'true' if is_anonymous else 'false', 'isDeeplink': 'false', } if branch_data: log_dict.update({ 'channel': dict_get_value(branch_data, ['~channel'], 'direct'), 'isDeeplink': 'true', }) log_dict = set_basic_info_referrer_log( dict_get_value(branch_data, ['+referrer'], 'none'), dict_get_value(branch_data, ['referrer2'], 'none'), log_dict) oice_source = OiceQuery(DBSession).get_by_uuid( dict_get_value(branch_data, ['uuid'])) if oice_source: log_dict = set_basic_info_oice_source_log( oice_source.story.users[0], oice_source, log_dict) try: user = UserQuery(DBSession).fetch_user_by_email( email=fetch_username).one() except NoResultFound: user = User(email=fetch_username, is_anonymous=is_anonymous) if firebase_user_id: user.display_name = firebase_user_id DBSession.add(user) DBSession.flush() is_first_login = True is_trial_ended = False # log log_dict.update({'action': 'createUser'}) log_dict = set_basic_info_user_log(user, log_dict) log_dict = set_basic_info_log(request, log_dict) log_message(KAFKA_TOPIC_USER, log_dict) else: user.last_login_at = datetime.datetime.utcnow() if not user.is_anonymous: sample_story = StoryQuery(DBSession).get_sample_story( user.language) story = next((user_story for user_story in user.stories if sample_story.id == user_story.fork_of), None) if not story: story = fork_story(DBSession, sample_story) sample_oice = OiceQuery(DBSession).get_sample_oice( language=user.language) oice = fork_oice(DBSession, story, sample_oice) user.stories.append(story) if user.is_trial: if user.is_paid( ) and user.expire_date < datetime.datetime.utcnow(): user.role = 'user' update_user_mailchimp_stage(user=user, stage=5) if user.is_free(): user.is_trial = False is_trial_ended = True else: # if user.is_free() and not user.expire_date: # Disabled trial due to busines request # UserOperations.start_trial(user) is_trial_ended = False is_first_login = False if not old_auth_id or request.headers.get('x-oice-app-version'): # log is_redeem_account = prev_firebase_user_id and firebase_user_id != prev_firebase_user_id log_dict.update({ 'action': 'redeemAccount' if is_redeem_account else 'login', }) log_dict = set_basic_info_user_log(user, log_dict) log_dict = set_basic_info_log(request, log_dict) log_message(KAFKA_TOPIC_USER, log_dict) if is_redeem_account: handle_anonymous_user_app_story_progress(is_existing_user=True, \ prev_user_email=prev_firebase_user_id, \ new_user=user) photo_url = request.json_body.get('photoURL', None) if photo_url and user.avatar_storage is None: r = requests.get(photo_url) avatar = BytesIO(r.content) factory = pyramid_safile.get_factory() handle = factory.create_handle('avatar.png', avatar) user.import_handle(handle) language = request.json_body.get('language', None) normalized_language = None if language and user.language is None: normalized_language = normalize_language(language) if normalized_language: user.language = normalized_language # derive ui_language when creating user user.ui_language = normalize_ui_language(normalized_language) if (is_first_login or user.is_anonymous) and google_token: display_name = request.json_body.get('displayName', None) if email: user.email = email if not display_name: display_name = email.split('@')[0] if display_name: user.display_name = display_name sample_story = StoryQuery(DBSession).get_sample_story( normalized_language) story = fork_story(DBSession, sample_story) sample_oice = OiceQuery(DBSession).get_sample_oice( language=normalized_language) oice = fork_oice(DBSession, story, sample_oice) # open a public library for new user library = create_user_public_library(DBSession, user.display_name) user.stories.append(story) user.libraries.append(library) user.libraries_selected.append(library) # pre-select default libraries for new user default_libs = LibraryQuery(DBSession).fetch_default_libs() user.libraries_purchased.extend(default_libs) user.libraries_selected.extend(default_libs) # Disabled trial due to busines request # UserOperations.start_trial(user) user.last_login_at = datetime.datetime.utcnow() subscribe_mailchimp(google_token, user, language=language) # update elastic search when create user update_elastic_search_user(user.display_name, email) if is_first_login and request.headers.get('x-oice-app-version'): # log log_dict.update({'action': 'bindAccount'}) log_dict = set_basic_info_user_log(user, log_dict) log_dict = set_basic_info_log(request, log_dict) log_message(KAFKA_TOPIC_USER, log_dict) handle_anonymous_user_app_story_progress(is_existing_user=False, \ prev_user_email=prev_firebase_user_id, \ new_user=user) user.is_anonymous = False serialize_user = user.serialize() serialize_user['isFirstLogin'] = is_first_login serialize_user['isTrialEnded'] = is_trial_ended serialize_user['intercomUserHash'] = hmac.new( bytes(get_intercom_secret_key().encode('utf-8')), bytes(str(user.id).encode('utf-8')), digestmod=hashlib.sha256).hexdigest() response = Response() response.status_code = 200 response.headers = remember(request, user.email) response.content_type = 'application/json' response.charset = 'UTF-8' response.text = json.dumps({'code': 200, 'user': serialize_user}) return response