def _changePassword(self, request):
(appchange, script, args, myId) = yield self._getBasicArgs(request)
currentPass = utils.getRequestArg(request, "curr_passwd", sanitize=False)
newPass = utils.getRequestArg(request, "passwd1", sanitize=False)
rptPass = utils.getRequestArg(request, "passwd2", sanitize=False)
if not currentPass:
request.write('$$.alerts.error("%s");' % _("Enter your current password"))
defer.returnValue(None)
if not newPass:
request.write('$$.alerts.error("%s");' % _("Enter new password"))
defer.returnValue(None)
if not rptPass:
request.write('$$.alerts.error("%s");' % _("Confirm new password"))
defer.returnValue(None)
if newPass != rptPass:
request.write('$$.alerts.error("%s");' % _("Passwords do not match"))
defer.returnValue(None)
if currentPass == newPass:
request.write('$$.alerts.error("%s");' % _("New password should be different from current password"))
defer.returnValue(None)
emailId = args["me"].basic["emailId"]
col = yield db.get(emailId, "userAuth", "passwordHash")
storedPass= col.column.value
if not utils.checkpass(currentPass, storedPass):
request.write('$$.alerts.error("%s");' % _("Incorrect Password"))
defer.returnValue(None)
newPasswd = utils.hashpass(newPass)
yield db.insert(emailId, "userAuth", newPasswd, "passwordHash")
request.write('$$.alerts.info("%s");' % _('Password changed'))
def callback(result):
cols = utils.columnsToDict(result)
if not utils.checkpass(password, cols.get("passwordHash", "XXX")):
return self._renderSigninForm(request, self.AUTHENTICATION_FAILED)
if cols.has_key("isBlocked"):
return self._renderSigninForm(request, self.USER_BLOCKED)
if cols.has_key("isFlagged"):
return self._renderSigninForm(request, self.USER_FLAGGED)
self._saveSessionAndRedirect(request, cols, remember)
def _tokenForClientCredentials(self, request):
clientId = utils.getRequestArg(request, 'client_id')
clientSecret = utils.getRequestArg(request, 'client_secret')
client = yield db.get_slice(clientId, "apps")
client = utils.supercolumnsToDict(client)
if not client or not utils.checkpass(clientSecret, client['meta']['secret']):
self._error(request, "invalid_client")
return
# The client is valid. Issue auth token.
# We don't issue a refresh token and everytime the client will have
# to authenticate using it's credentials
scopes = client["meta"]["scope"].split(' ')
userId = client["meta"]["author"]
orgId = client["meta"]["org"]
accessToken = utils.getRandomKey()
accessTokenData = {"user_id": userId, "type": "access", "org_id": orgId,
"client_id": clientId, "scope": " ".join(scopes)}
yield db.batch_insert(accessToken, "oAuthData",
accessTokenData, ttl=self._accessTokenExpiry)
self._success(request, accessToken)
def _tokenForAuthCode(self, request, refresh=False):
clientId = utils.getRequestArg(request, 'client_id')
clientSecret = utils.getRequestArg(request, 'client_secret')
redirectUri = utils.getRequestArg(request, 'redirect_uri', sanitize=False)
scopes = utils.getRequestArg(request, 'scope')
if refresh:
authCode = utils.getRequestArg(request, 'refresh_token')
else:
authCode = utils.getRequestArg(request, 'code')
# XXX: We should be checking for HTTP authentication before
# throwing an error in case of missing clientId and clientSecret.
if not all([redirectUri, clientId, clientSecret, authCode]):
self._error(request, "invalid_request")
return
grant = yield db.get_slice(authCode, "oAuthData")
grant = utils.columnsToDict(grant)
if not grant or grant['client_id'] != clientId or\
grant['redirect_uri'] != b64encode(redirectUri) or\
not (grant['type'] == 'auth' and not refresh or\
grant['type'] == 'refresh' and refresh):
self._error(request, "invalid_grant")
return
grantedScopes = grant['scope'].split(' ')
if scopes:
scopes = scopes.split(' ')
if [x for x in scopes if x not in grantedScopes]:
self._error(request, "invalid_scope")
return
else:
scopes = grantedScopes
client = yield db.get_slice(clientId, "apps")
client = utils.supercolumnsToDict(client)
if not client or not utils.checkpass(clientSecret, client['meta']['secret']):
self._error(request, "invalid_client")
return
userId = grant["user_id"]
orgId = grant["org_id"]
accessToken = utils.getRandomKey()
accessTokenData = {"user_id": userId, "org_id": orgId,
"type": "access", "client_id": clientId,
"auth_code": authCode, "scope": " ".join(scopes)}
yield db.batch_insert(accessToken, "oAuthData",
accessTokenData, ttl=self._accessTokenExpiry)
refreshToken = utils.getRandomKey()
refreshTokenData = {"user_id": userId, "org_id": orgId,
"type": "refresh", "client_id": clientId,
"redirect_uri": grant["redirect_uri"],
"auth_code": authCode, "scope": grant["scope"]}
yield db.batch_insert(refreshToken, "oAuthData",
refreshTokenData, ttl=self._refreshTokenExpiry)
yield db.insert(userId, "entities", refreshToken, clientId,
"apps", ttl=self._refreshTokenExpiry)
yield db.remove(authCode, "oAuthData")
self._success(request, accessToken, refreshToken)
