def create(cls, user, subject, token=None):
if subject == cls.SUBJECT_BEARER:
user = str(user)
token = token or security.generate_random_string(entropy=128)
# Bearer tokens must be unique on their own, without a user scope.
key = cls.get_key('', subject, token)
entity = cls(
key=key,
user=user,
subject=subject,
token=token,
refresh_token=security.generate_random_string(entropy=128))
# Refresh tokens must be unique
ok = cls.unique_model.create('%s.refresh_token:%s' %
(cls.__name__, entity.refresh_token))
if ok:
entity.put()
else:
logging.warning(
'Unable to create a unique user token for user %s', user)
entity = None
else:
entity = super(UserToken, cls).create(user, subject, token)
return entity
def send_venue_email(venue, order, host_url, jinja2, move=False, format_type=DEFAULT_TYPE):
if venue.emails:
if move:
text = u'Заказ №%s перенесен на эту точку приготовления' % order.key.id()
else:
text = u'Новый заказ №%s поступил в систему из мобильного приложения' % order.key.id()
item_values = order_items_values(order)
item_values['venue'] = venue
item_values['delivery_type_str'] = DELIVERY_MAP[order.delivery_type]
order.payment_type_str = PAYMENT_TYPE_MAP[order.payment_type_id]
if config.EMAIL_REQUESTS:
order.email_key_done = security.generate_random_string(entropy=256)
order.email_key_cancel = security.generate_random_string(entropy=256)
order.email_key_postpone = security.generate_random_string(entropy=256)
if order.delivery_type == DELIVERY:
order.email_key_confirm = security.generate_random_string(entropy=256)
order.put()
item_values['done_url'] = '%s/email/order/close?key=%s' % (host_url, order.email_key_done)
item_values['cancel_url'] = '%s/email/order/cancel?key=%s' % (host_url, order.email_key_cancel)
item_values['postpone_url'] = '%s/email/order/postpone?key=%s' % (host_url, order.email_key_postpone)
item_values['minutes'] = POSTPONE_MINUTES
if order.delivery_type == DELIVERY:
item_values['confirm_url'] = '%s/email/order/confirm?key=%s' % (host_url, order.email_key_confirm)
for email in venue.emails:
if email:
template = ''
if format_type == DEFAULT_TYPE:
template = '/company/delivery/items.html'
elif format_type == MINIMIZED:
template = '/company/delivery/items_tashir.html'
deferred.defer(send_email, EMAIL_FROM, email, text,
jinja2.render_template(template, **item_values))
def create(cls, user, subject, token=None):
"""Creates a new token for the given user, if any.
:param user:
User unique ID, or None if no user is to be associated with the
created token.
:param subject:
The subject of the key. Currently have:
- 'auth'
- 'verify_email'
- 'password_reset'
- 'access'
:param token:
Optionally an existing token may be provided.
If None, a random token will be generated.
:returns:
The newly created :class:`UserToken`.
"""
if user is not None:
user = str( user )
if token is None:
if subject == 'access':
# We use 16 uppercase alphanumeric characters for access
# keys
pool = map( chr, range( 65, 91 ) )
pool.extend( [ str( x ) for x in range( 0, 10 ) ] )
token = security.generate_random_string( length=16, pool=pool )
else:
token = security.generate_random_string(entropy=128)
key = cls.get_key( user, subject, token )
entity = cls( key=key, user=user, subject=subject, token=token )
entity.put( )
return entity
def create(cls, user, subject, token=None):
if subject == cls.SUBJECT_BEARER:
user = str(user)
token = token or security.generate_random_string(entropy=128)
# Bearer tokens must be unique on their own, without a user scope.
key = cls.get_key("", subject, token)
entity = cls(
key=key,
user=user,
subject=subject,
token=token,
refresh_token=security.generate_random_string(entropy=128),
)
# Refresh tokens must be unique
ok = cls.unique_model.create("%s.refresh_token:%s" % (cls.__name__, entity.refresh_token))
if ok:
entity.put()
else:
logging.warning("Unable to create a unique user token for user %s", user)
entity = None
else:
entity = super(UserToken, cls).create(user, subject, token)
return entity
def create(cls, user, subject, token=None):
"""Creates a new token for the given user, if any.
:param user:
User unique ID, or None if no user is to be associated with the
created token.
:param subject:
The subject of the key. Currently have:
- 'auth'
- 'verify_email'
- 'password_reset'
- 'access'
:param token:
Optionally an existing token may be provided.
If None, a random token will be generated.
:returns:
The newly created :class:`UserToken`.
"""
if user is not None:
user = str( user )
if token is None:
if subject == 'access':
# We use 16 uppercase alphanumeric characters for access
# keys
pool = map( chr, range( 65, 91 ) )
pool.extend( [ str( x ) for x in range( 0, 10 ) ] )
token = security.generate_random_string( length=16, pool=pool )
else:
token = security.generate_random_string(entropy=128)
key = cls.get_key( user, subject, token )
entity = cls( key=key, user=user, subject=subject, token=token )
entity.put( )
return entity
def email_change_request( self, email ):
# request an email address to be modified. Create a rollback option.
result = 'cannot_remove'
emailCurrent = self.enki_user.email
userId = self.enki_user.key.id()
if email != '' and enki.libuser.exist_EnkiUser( email ):
# if the new email matches an existing verified user email, reject it
if emailCurrent == email:
result = 'same'
else:
result = ERROR_EMAIL_IN_USE # Note: send an email to emailcurrent regardless to prevent email checking (see below)
else:
if email == '':
# if the user erased the email, and they can log in through auth, store "removed" in the email field, so it isn't overwritten by an auth login with a verified email
if self.enki_user.auth_ids_provider:
self.enki_user.email = 'removed'
self.enki_user.put()
result = 'removed'
else:
return result
else:
# email the new, unverified address with a link to allow the user to verify the email
tokenEntity = EnkiModelTokenVerify.get_by_user_id_email_type( userId, email, 'emailchange' )
if tokenEntity:
# if a verify token for the same new email address and user already exists, use its token
token = tokenEntity.token
else:
# otherwise create a new token
token = security.generate_random_string( entropy = 256 )
emailToken = EnkiModelTokenVerify( token = token, email = email, user_id = userId, type = 'emailchange' )
emailToken.put()
link = enki.libutil.get_local_url( 'emailchangeconfirm', { 'verifytoken': token })
self.send_email( email, MSG.SEND_EMAIL_EMAIL_CHANGE_CONFIRM_SUBJECT(), MSG.SEND_EMAIL_EMAIL_CHANGE_CONFIRM_BODY( link, email ))
result = 'change'
if emailCurrent and emailCurrent != 'removed' and result != 'same':
# email the current, verified address in case they want to undo the change (useful if account has been hacked)
# skip this step if the current email is empty (case if user logged in with auth id without email with e.g. Steam) or "removed".
# If the email is already in use, mask the fact to prevent email checking.
tokenEntity = enki.libuser.get_EmailRollbackToken_by_user_id_email( userId, emailCurrent )
if tokenEntity:
# if the old email is already in the archive, use its token
token = tokenEntity.token
else:
# otherwise create a new token
token = security.generate_random_string( entropy = 256 )
emailOldToken = EnkiModelTokenEmailRollback( token = token, email = emailCurrent, user_id = userId )
emailOldToken.put()
if result == ERROR_EMAIL_IN_USE:
self.add_debugmessage( '''Comment - whether the email is available or not, the feedback through both the UI AND EMAIL is identical to prevent email checking.''' )
link = enki.libutil.get_local_url( 'emailrollback', { 'rollbacktoken': token } )
self.send_email( emailCurrent, MSG.SEND_EMAIL_EMAIL_CHANGE_UNDO_SUBJECT(), MSG.SEND_EMAIL_EMAIL_CHANGE_UNDO_BODY( link, emailCurrent ))
return result
def create(cls, user, subject, token=None):
"""Fetches a user token."""
token = token or security.generate_random_string(entropy=64)
key = cls.get_key(user, subject, token)
entity = cls(key=key, user=user, subject=subject, token=token)
entity.put()
return entity
def account_deletion_request(self, delete_posts=False):
token_type = 'accountdelete'
if delete_posts:
token_type = 'accountandpostsdelete'
# if the user has an email, create an email verify token, send it to the email address
tokenEntity = EnkiModelTokenVerify.get_by_user_id_email_type(
self.enki_user.key.id(), self.enki_user.email, token_type)
if tokenEntity:
# if a verify token for the same new email address and user already exists, use its token
token = tokenEntity.token
else:
# otherwise create a new token
token = security.generate_random_string(entropy=256)
delete_account_token = EnkiModelTokenVerify(
token=token,
user_id=self.enki_user.key.id(),
email=self.enki_user.email,
type=token_type)
delete_account_token.put()
link = enki.libutil.get_local_url(
'accountdeleteconfirm',
{'verifytoken': delete_account_token.token})
delete_posts_message = ''
if delete_posts:
self.send_email(self.enki_user.email,
MSG.SEND_EMAIL_ACCOUT_POSTS_DELETE_SUBJECT(),
MSG.SEND_EMAIL_ACCOUT_POSTS_DELETE_BODY(link))
else:
self.send_email(self.enki_user.email,
MSG.SEND_EMAIL_ACCOUT_DELETE_SUBJECT(),
MSG.SEND_EMAIL_ACCOUT_DELETE_BODY(link))
def create(cls, user, subject, token=None): user = str(user) token = token or security.generate_random_string(entropy=128) key_name = "%s.%s.%s" %(user,subject,token) new_entity = cls(key_name=key_name, user=user, subject=subject, token=token) new_entity.put() return new_entity
def create(cls, user, subject, token=None, expiration=None, delete_past_tokens=False):
"""Creates a new token for the given user.
:param user:
User unique ID.
:param subject:
The subject of the key. Examples:
- 'auth'
- 'signup'
:param token:
Optionally an existing token may be provided.
If None, a random token will be generated.
:returns:
The newly created :class:`UserToken`.
"""
user = str(user)
token = token or security.generate_random_string(entropy=128)
key = cls.get_key(user, subject, token)
if delete_past_tokens:
ndb.delete_multi(cls.query(cls.user == user, cls.subject == subject).iter(keys_only=True))
entity = cls(key=key, user=user, subject=subject, token=token, expiration=expiration)
entity.put()
return entity
def create(cls, user, subject, token=None):
"""Fetches a user token."""
token = token or security.generate_random_string(entropy=64)
key = cls.get_key(user, subject, token)
entity = cls(key=key, user=user, subject=subject, token=token)
entity.put()
return entity
def get(self):
# Get the parameters that Meraki sends to us.
base_grant_url = self.request.get("base_grant_url")
user_continue_url = self.request.get("user_continue_url")
if (not base_grant_url or not user_continue_url):
token = self.request.cookies.get("grant_token")
if not token:
# We should really only be getting here through the Meraki AP, so if
# we're not, just send us back to the main website.
logging.debug("Redirecting to main website.")
self.redirect("http://www.hackerdojo.com")
return
# Otherwise, we're good to go.
logging.info("Got existing session: %s" % (token))
response = self.render("templates/splash.html", login_url="/grant")
self.response.out.write(response)
return
# Save them to memcache.
token = security.generate_random_string(12)
memcache.set(token, [base_grant_url, user_continue_url])
self.response.set_cookie("grant_token", token)
logging.debug("Saving access token: %s" % (token))
# Hide the parameters.
redirect_url = self._remove_params(["base_grant_url", "user_continue_url"])
self.redirect(redirect_url)
def dispatch(self):
"""Wraps the dispatch method to add session handling."""
self.session_store = sessions.get_store(request=self.request)
self.decorator = decorator
# Add the user's credentials to the decorator if we have them.
if self.me:
self.decorator.credentials = self.decorator._storage_class(
model=self.decorator._credentials_class,
key_name='user:{}'.format(self.me.user_id()),
property_name=self.decorator._credentials_property_name).get()
else:
# Create a session ID for the session if it does not have one already.
# This is used to create an opaque string that can be passed to the OAuth2
# authentication server via the 'state' parameter.
if not self.session.get('sid'):
self.session['sid'] = security.generate_random_string(entropy=128)
# Store the state for the session user in a parameter on the flow.
# We only need to do this if we're not logged in.
self.decorator._create_flow(self)
session_user = SessionUser(self.session['sid'])
logging.info(self.decorator.flow.params)
self.decorator.flow.params['state'] = appengine._build_state_value(
self, session_user)
try:
webapp2.RequestHandler.dispatch(self)
finally:
self.session_store.save_sessions(self.response)
def job_quote(url, to_address, from_address, object_id):
"""
Get a quote for job by creating it in test mode. Objects do not have the
original file information contained on them, so we require the url.
I am told that they will not have a way to query the price for a job before
creating it for some time, so this is the most reasonable way.
The next most reasonable way might be to encode their pricing structure in
code and just calculate it locally.
"""
logging.info("original object ID: %s", object_id)
logging.info("passed in url: %s", url)
original_obj = get_object(object_id)
# re-create the object in test mode
name = "mirror:{}:{}".format(object_id, generate_random_string(8))
logging.info("original object: %s", original_obj)
test_obj = create_object(
name, url, original_obj["setting"]["id"],
test=True) # this might need a file argument? , 'file': ''}
# create a job for the object
test_job = create_job(name,
to_address,
from_address,
test_obj["id"],
test=True)
# get the price of the job
return float(test_job["price"])
def __init__(self, *args, **kwargs):
super(BaseApp, self).__init__(*args, **kwargs)
# If we're unit testing, use the same one every time for consistent results.
if Config().is_testing:
secret = "notasecret"
else:
# Check that we have a secret key for generating tokens.
try:
secret = keymaster.get("token_secret")
except keymaster.KeymasterError:
logging.warning("Found no token secret, generating one.")
secret = security.generate_random_string(entropy=128)
keymaster.Keymaster.encrypt("token_secret", secret)
# Configure webapp2.
my_config = {
"webapp2_extras.auth": {
"user_model": "membership.Membership",
"user_attributes": ["first_name", "last_name", "email"]
},
"webapp2_extras.sessions": {
"secret_key": secret
}
}
self.config = webapp2.Config(my_config)
def create_user(cls, username=None, raw_password=None, email=None):
"""
Create a Login instance, but method NOT PUT Login TO DB
You must run _.put() manually after creating the instance.
:param username:
username string
:param raw_password:
raw_password string
:param email:
emal (optional)
:return:
Login instance or None
"""
logging.info('LoginClass:create_user() => Start creating user')
if not(username and raw_password):
logging.error('LoginClass:create_user() => username or raw_password is empty, return None')
return None
salt = security.generate_random_string(length=30)
logging.info('LoginClass:create_user() => Making salt for password hash ... < %s >' % salt)
pw_hash = security.generate_password_hash(raw_password, pepper=PEPPER)
logging.info('LoginClass:create_user() => Generatin password hash ... < %s >' % pw_hash)
u = Login()
u.populate(username=username,
pw_hash=pw_hash,
email=email)
logging.info('LoginClass:create_user() => Make and return Login instance')
return u
def job_quote(url, to_address, from_address, object_id):
"""
Get a quote for job by creating it in test mode. Objects do not have the
original file information contained on them, so we require the url.
I am told that they will not have a way to query the price for a job before
creating it for some time, so this is the most reasonable way.
The next most reasonable way might be to encode their pricing structure in
code and just calculate it locally.
"""
logging.info("original object ID: %s", object_id);
logging.info("passed in url: %s", url);
original_obj = get_object(object_id)
# re-create the object in test mode
name = "mirror:{}:{}".format(object_id, generate_random_string(8))
logging.info("original object: %s", original_obj);
test_obj = create_object(name, url, original_obj["setting"]["id"], test=True) # this might need a file argument? , 'file': ''}
# create a job for the object
test_job = create_job(name, to_address, from_address, test_obj["id"], test=True)
# get the price of the job
return float(test_job["price"])
def get(self):
# Get the parameters that Meraki sends to us.
base_grant_url = self.request.get("base_grant_url")
user_continue_url = self.request.get("user_continue_url")
if (not base_grant_url or not user_continue_url):
token = self.request.cookies.get("grant_token")
if not token:
# We should really only be getting here through the Meraki AP, so if
# we're not, just send us back to the main website.
logging.debug("Redirecting to main website.")
self.redirect("http://www.hackerdojo.com")
return
# Otherwise, we're good to go.
logging.info("Got existing session: %s" % (token))
response = self.render("templates/splash.html", login_url="/grant")
self.response.out.write(response)
return
# Save them to memcache.
token = security.generate_random_string(12)
memcache.set(token, [base_grant_url, user_continue_url])
self.response.set_cookie("grant_token", token)
logging.debug("Saving access token: %s" % (token))
# Hide the parameters.
redirect_url = self._remove_params(
["base_grant_url", "user_continue_url"])
self.redirect(redirect_url)
def __init__(self, *args, **kwargs):
super(BaseApp, self).__init__(*args, **kwargs)
# If we're unit testing, use the same one every time for consistent results.
if Config().is_testing:
secret = "notasecret"
else:
# Check that we have a secret key for generating tokens.
try:
secret = keymaster.get("token_secret")
except keymaster.KeymasterError:
logging.warning("Found no token secret, generating one.")
secret = security.generate_random_string(entropy=128)
keymaster.Keymaster.encrypt("token_secret", secret)
# Configure webapp2.
my_config = {
"webapp2_extras.auth": {
"user_model": "membership.Membership",
"user_attributes": ["first_name", "last_name", "email"]
},
"webapp2_extras.sessions": {
"secret_key": secret
}
}
self.config = webapp2.Config(my_config)
def __init__(self, user, subject, token=None, expires=60 * 60 * 24):
self.user = str(user)
self.subject = subject
if token:
self.token = token
else:
self.token = security.generate_random_string(entropy=128)
self.key = "%s.%s.%s" % (self.user, self.subject, self.token)
def log_in_session_token_create(self, user):
# generate authentication token and add it to the db and the session
token = security.generate_random_string(entropy=128)
authtoken = EnkiModelTokenAuth(token=token, user_id=user.key.id())
authtoken.put()
self.session['auth_token'] = token
self.session['user_id'] = user.key.id()
self.just_logged_in = True
def _create(cls,**kwargs):
assert 'email' in kwargs, 'No email supplied'
new_hash = cls(token_hash=security.generate_random_string(length=cls._default_hash_length,pool=security.ALPHANUMERIC))
new_hash.populate(**kwargs)
new_hash.put()
return new_hash
def log_in_session_token_create( self, user ): # generate authentication token and add it to the db and the session token = security.generate_random_string( entropy = 128 ) authtoken = EnkiModelTokenAuth( token = token, user_id = user.key.id() ) authtoken.put() self.session[ 'auth_token' ] = token self.session[ 'user_id' ] = user.key.id() self.just_logged_in = True
def test_generate_random_string(self):
self.assertRaises(ValueError, security.generate_random_string, None)
self.assertRaises(ValueError, security.generate_random_string, 0)
self.assertRaises(ValueError, security.generate_random_string, -1)
self.assertRaises(ValueError, security.generate_random_string, 1, 1)
token = security.generate_random_string(16)
self.assertTrue(re.match(r'^\w{16}$', token) is not None)
token = security.generate_random_string(32)
self.assertTrue(re.match(r'^\w{32}$', token) is not None)
token = security.generate_random_string(64)
self.assertTrue(re.match(r'^\w{64}$', token) is not None)
token = security.generate_random_string(128)
self.assertTrue(re.match(r'^\w{128}$', token) is not None)
def save(cls, user, name):
app = App(
user_id=user.key.id(),
name=name,
lower=name.lower(),
token=security.generate_random_string(length=30)
).put()
return app
def test_generate_random_string(self):
self.assertRaises(ValueError, security.generate_random_string, None)
self.assertRaises(ValueError, security.generate_random_string, 0)
self.assertRaises(ValueError, security.generate_random_string, -1)
self.assertRaises(ValueError, security.generate_random_string, 1, 1)
token = security.generate_random_string(16)
self.assertTrue(re.match(r'^\w{16}$', token) is not None)
token = security.generate_random_string(32)
self.assertTrue(re.match(r'^\w{32}$', token) is not None)
token = security.generate_random_string(64)
self.assertTrue(re.match(r'^\w{64}$', token) is not None)
token = security.generate_random_string(128)
self.assertTrue(re.match(r'^\w{128}$', token) is not None)
def generate_customer_id(cls):
while True:
key = security.generate_random_string(entropy=256)
customer = cls.query(cls.customer_id == key).get()
if not customer:
customer = cls.get_by_id(key)
if not customer:
return key
def post(self):
email = self.request.get('email')
logging.info('Reset password for email: %s', email)
errors = []
messages = []
data = {
'page_title': 'Reset Password',
'errors': errors,
'messages': messages
}
if not email:
errors.append(
'You forgot to enter an email address.'
)
else:
user = User.user_from_email(email)
if not user:
errors.append(
'There is no account for this email address. Please check '
'that you typed in the correct email address.'
)
data['email'] = email
else:
expire = datetime.datetime.now()
expire += datetime.timedelta(hours=1)
code = generate_random_string(length=30)
user.pass_reset_code = code
user.pass_reset_expire = expire
user.put()
subject = 'HMPC: request to change password'
logging.info('generated verify code: %s' % code)
body = (
'This is an automated email form HMPC.\n\n'
'Please click the following link (or paste it into the '
'browser address bar) to change your password. This code '
'is valid for only one hour.\n\n'
'When you reset your password, you will be redirected to '
'the login page to login.\n\n'
'http://prelude-hmpc.appspot.com/password/%s\n'
)
mail.send_mail(
'*****@*****.**',
email,
subject,
body % code
)
msg = (
'An email has been sent to the following email address: %s.'
' Follow the instructions in the email to change your '
'password.'
)
messages.append(msg % email)
self.render('reset.html', **data)
def get_session_secret():
try:
return str(secrets.get('session'))
except KeyError:
# Make a new session key -- only happens once per hostname!
logging.warning('creating new session key!')
session_key = security.generate_random_string(entropy=256)
secrets.put('session', session_key)
return session_key
def get_session_secret():
try:
return str(secrets.get('session'))
except KeyError:
# Make a new session key -- only happens once per hostname!
logging.warning('creating new session key!')
session_key = security.generate_random_string(entropy=256)
secrets.put('session', session_key)
return session_key
def _generate_csrf_token(self, _time=None):
"""Creates a new random token that can be safely used as a URL param.
Token would normally be stored in a user session and passed as 'state'
parameter during OAuth 2.0 authorization step.
"""
now = str(_time or long(time.time()))
secret = security.generate_random_string(30, pool=security.ASCII_PRINTABLE)
token = self.OAUTH2_CSRF_DELIMITER.join([secret, now])
return base64.urlsafe_b64encode(token)
def create(cls, email, password): conflicts = User.fetchUser(email) if conflicts: return False newUser = User() newUser.email = email newUser.passwordSalt = security.generate_random_string(entropy=64) newUser.hashedPassword = security.hash_password(password, 'sha1', newUser.passwordSalt, passwordPepper) newUser.creationDate = datetime.datetime.now() return newUser.put()
def get_session_secret():
try:
return str(get_secret('session'))
except (IOError, KeyError):
if hostname: # no scary error messages when testing
logging.error(
'unable to load secret key! sessions WILL NOT persist!')
# This fallback is enough for testing, but in production
# will end up invalidating sessions whenever a different instance
return security.generate_random_string(entropy=256)
def get_session_secret():
try:
return str(get_secret('session'))
except (IOError, KeyError):
if hostname: # no scary error messages when testing
logging.error(
'unable to load secret key! sessions WILL NOT persist!')
# This fallback is enough for testing, but in production
# will end up invalidating sessions whenever a different instance
return security.generate_random_string(entropy=256)
def create(cls, user, subject, token=None):
user = str(user)
token = token or security.generate_random_string(entropy=128)
key_name = "%s.%s.%s" % (user, subject, token)
new_entity = cls(key_name=key_name,
user=user,
subject=subject,
token=token)
new_entity.put()
return new_entity
def create_user(cls, **user_values):
"""Creates a new user.
:param auth_id:
A string that is unique to the user. Users may have multiple
auth ids. Example auth ids:
- own:username
- own:[email protected]
- google:username
- yahoo:username
The value of `auth_id` must be unique.
:param unique_properties:
Sequence of extra property names that must be unique.
:param user_values:
Keyword arguments to create a new user entity. Since the model is
an ``Expando``, any provided custom properties will be saved.
To hash a plain password, pass a keyword ``password_raw``.
:returns:
A tuple (boolean, info). The boolean indicates if the user
was created. If creation succeeds, ``info`` is the verification code;
otherwise it is a list of duplicated unique properties that
caused creation to fail.
"""
if 'password_raw' in user_values:
user_values['password'] = security.generate_password_hash(
user_values.pop('password_raw'), length=12)
myclient = pymongo.MongoClient(server_config.mongodbURL)
mydb = myclient[server_config.mongodbDB]
mycol = mydb["users"]
user_result = mycol.find_one({"email": user_values['email_address']})
if user_result is None:
verify = security.generate_random_string(
length=12,
pool=
'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
)
user_dict = {
"user_id": None,
"password": user_values['password'],
"email": user_values['email_address'],
"activation_key": verify,
"friendly_name": user_values['friendly'],
"level": 5
}
mycol.insert_one(user_dict)
return True, verify
else:
return False, "Email"
def create(cls, email, name='', password=''):
"""Creates a new maze with a unique string ID."""
admin_key = security.generate_random_string(entropy=128)
# Make sure to avoid ID collisions.
maze = True
while maze:
maze_id = security.generate_random_string(entropy=128)
maze = cls.get_by_id(maze_id)
# Create the maze with the non-colliding Maze ID.
maze = cls(id=maze_id,
name=name,
admin_email=email,
admin_key=admin_key)
maze.set_password(password, save=False)
maze.flickr = FlickrSettings()
maze.instagram = InstagramSettings()
maze.facebook = FacebookSettings()
return maze.put()
def generate_csrf(self,context):
"""generate a CSRF token as a hidden form field and a secure cookie"""
csrf = security.generate_random_string(length=32)
sig = hmac.new(csrf_secret,csrf,hashlib.sha1)
sig.update(self.request.headers['X-AppEngine-country'])
sig.update(self.request.headers['User-Agent'])
sig = sig.digest()
context['csrf_token'] ='<input type="hidden" name="csrf_token" value="%s" />'%urllib.quote(binascii.b2a_base64(sig))
sc = securecookie.SecureCookieSerializer(cookie_secret)
cookie = sc.serialize(self.CSRF_COOKIE_NAME, csrf)
self.response.set_cookie(self.CSRF_COOKIE_NAME, cookie, httponly=True, max_age=3600)
def post( self ):
url = settings.URL_PURCHASE_FASTSPRING
if not settings.SECRET_FASTSPRING or enki.libutil.is_debug( ) or settings.ENKI_EMULATE_STORE:
url = enki.libutil.get_local_url( 'storeemulatefastspring' )
if self.is_logged_in():
purchaser_user_id = self.enki_user.key.id()
token = security.generate_random_string( entropy = 256 )
token_purchase = EnkiModelTokenVerify( token = token, user_id = purchaser_user_id, type = 'purchasebyuser' )
token_purchase.put()
url = enki.libutil.get_local_url( 'storeemulatefastspring', { 'referrer': token_purchase.token })
self.redirect( url )
def post(self):
try:
# Detect empty request and valid JSON
stripped_json = json.dumps(json.loads(self.request.get('json')))
except ValueError:
self.response.write('ERROR: You must provide a valid json.')
else:
random_string = generate_random_string(length=16)
if memcache.add(random_string, stripped_json, MEMCACHE_EXPIRE):
self.response.write('%s/%s' % (self.request.host, random_string))
else:
self.response.write('ERROR: Could not set cache.')
def password_change_request( self, email ):
if enki.libuser.exist_EnkiUser( email ):
# create an email verify token, send it to the email address
token = security.generate_random_string( entropy = 256 )
emailToken = EnkiModelTokenVerify( token = token, email = email, type = 'passwordchange' )
emailToken.put()
link = enki.libutil.get_local_url( 'passwordrecoverconfirm', { 'verifytoken': emailToken.token } )
self.send_email( email, MSG.SEND_EMAIL_PASSWORD_RESET_SUBJECT(), MSG.SEND_EMAIL_PASSWORD_RESET_BODY( link ))
result = enki.libutil.ENKILIB_OK
else:
result = ERROR_EMAIL_NOT_EXIST
return result
def post(self):
try:
# Detect empty request and valid JSON
stripped_json = json.dumps(json.loads(self.request.get('json')))
except ValueError:
self.response.write('ERROR: You must provide a valid json.')
else:
random_string = generate_random_string(length=16)
if memcache.add(random_string, stripped_json, MEMCACHE_EXPIRE):
self.response.write('%s/%s' %
(self.request.host, random_string))
else:
self.response.write('ERROR: Could not set cache.')
def post(self):
url = settings.URL_PURCHASE_FASTSPRING
# ------
# Requires enkiDL
if self.request.get('download'):
ref_url = enki.libutil.get_local_url('store')
self.session['sessionrefpath'] = ref_url
url_fetcher = ''
if settings.URLS_ENKIDL:
# shuffle then try to download from locations in sequence
random.shuffle(settings.URLS_ENKIDL)
for i in range(len(settings.URLS_ENKIDL)):
url_enkiDL = settings.URLS_ENKIDL[i]
item_to_download = 'product_a'
url_fetcher = enki.libenkiDL.URLFetcher()
url_fetcher.get_download_URL(url_enkiDL,
settings.SECRET_ENKIDL,
item_to_download,
self.request.remote_addr)
if not url_fetcher.error:
enki.modelcounter.increment('downloads_product_a')
break
if url_fetcher and url_fetcher.error:
self.response.status_int = 500
self.add_infomessage(MSG.WARNING(), MSG.DOWNLOAD_ERROR())
self.redirect('info')
return
url = url_fetcher.download_url
else:
self.add_infomessage(MSG.WARNING(), MSG.DOWNLOAD_ERROR())
self.redirect('info')
return
# -------
else:
if not settings.SECRET_FASTSPRING or enki.libutil.is_debug(
) or settings.ENKI_EMULATE_STORE:
url = enki.libutil.get_local_url('storeemulatefastspring')
else:
enki.modelcounter.increment('purchases_product_a')
if self.is_logged_in():
purchaser_user_id = self.enki_user.key.id()
token = security.generate_random_string(entropy=256)
token_purchase = EnkiModelTokenVerify(
token=token,
user_id=purchaser_user_id,
type='purchasebyuser')
token_purchase.put()
url += '?referrer=' + token_purchase.token.encode('utf-8')
self.redirect(url)
def create_CSRF( self, form_name ): # protect against forging login requests http://en.wikipedia.org/wiki/Cross-site_request_forgery http://www.ethicalhack3r.co.uk/login-cross-site-request-forgery-csrf/
# check if the CSRF token for this form already exists, if so reuse it. Otherwise create a new one and add it to the dictionary
sessionCSRFs = self.session.get( 'CSRF' )
if not sessionCSRFs:
sessionCSRFs = {}
sessionCSRF = sessionCSRFs.get( form_name )
if sessionCSRF:
CSRFToken = sessionCSRF
else:
random = security.generate_random_string( entropy=256 ).encode( 'utf-8' )
CSRFToken = ( random )
sessionCSRFs.update({ form_name : CSRFToken })
self.session[ 'CSRF' ] = sessionCSRFs
return form_name + '-' + CSRFToken
def post(self):
url = settings.URL_PURCHASE_FASTSPRING
if not settings.SECRET_FASTSPRING or enki.libutil.is_debug(
) or settings.ENKI_EMULATE_STORE:
url = enki.libutil.get_local_url('storeemulatefastspring')
if self.is_logged_in():
purchaser_user_id = self.enki_user.key.id()
token = security.generate_random_string(entropy=256)
token_purchase = EnkiModelTokenVerify(token=token,
user_id=purchaser_user_id,
type='purchasebyuser')
token_purchase.put()
url = enki.libutil.get_local_url(
'storeemulatefastspring', {'referrer': token_purchase.token})
self.redirect(url)
def GetOrMakeSession(request):
session_store = sessions.get_store(request=request)
session = session_store.get_session()
if not session:
session['xsrf'] = security.generate_random_string(entropy=128)
user = users.get_current_user()
if user:
if _ANON_USER_KEY in session:
AdoptAnonymousProjects(user.email(), session[_ANON_USER_KEY])
else:
if _ANON_USER_KEY not in session:
session[_ANON_USER_KEY] = MakeAnonUserKey()
return session
def post_reauthenticated( self, params ): register = params.get( 'register' ) deregister = params.get( 'deregister' ) if register: # initiate adding a new authentication method to the account for authhandler in settings.HANDLERS: if register == authhandler.get_provider_name(): token = security.generate_random_string( entropy = 256 ) LoginAddToken = EnkiModelTokenVerify( token = token, user_id = self.user_id, auth_ids_provider = register, type = 'loginaddconfirm_1' ) LoginAddToken.put() self.redirect( authhandler.get_button().href ) break elif deregister: self.remove_auth_id( deregister) self.add_infomessage( 'success', MSG.SUCCESS(), MSG.AUTH_PROVIDER_REMOVED( deregister )) self.redirect( enki.libutil.get_local_url( 'accountconnect' ))
def GetOrMakeSession(request):
session_store = sessions.get_store(request=request)
session = session_store.get_session()
if not session:
session['xsrf'] = security.generate_random_string(entropy=128)
user = users.get_current_user()
if user:
if _ANON_USER_KEY in session:
AdoptAnonymousProjects(user.email(), session[_ANON_USER_KEY])
else:
if _ANON_USER_KEY not in session:
session[_ANON_USER_KEY] = MakeAnonUserKey()
return session
def email_set_request( self, email ):
# request the creation of a new account based on an email address
result = enki.libuser.validate_email( email )
if result == enki.libutil.ENKILIB_OK :
if enki.libuser.exist_EnkiUser( email ):
result = ERROR_EMAIL_IN_USE
else:
# create an email verify token, send it to the email address
token = security.generate_random_string( entropy = 256 )
emailToken = EnkiModelTokenVerify( token = token, email = email, type = 'register' )
emailToken.put()
link = enki.libutil.get_local_url( 'registerconfirm', { 'verifytoken': emailToken.token })
self.send_email( email, MSG.SEND_EMAIL_REGISTER_CONFIRM_SUBJECT(), MSG.SEND_EMAIL_REGISTER_CONFIRM_BODY( link ))
result = enki.libutil.ENKILIB_OK
return result
def password_change_request(self, email):
if EnkiModelUser.exist_by_email(email):
# create an email verify token, send it to the email address
token = security.generate_random_string(entropy=256)
emailToken = EnkiModelTokenVerify(token=token,
email=email,
type='passwordchange')
emailToken.put()
link = enki.libutil.get_local_url(
'passwordrecoverconfirm', {'verifytoken': emailToken.token})
self.send_email(email, MSG.SEND_EMAIL_PASSWORD_RESET_SUBJECT(),
MSG.SEND_EMAIL_PASSWORD_RESET_BODY(link))
result = enki.libutil.ENKILIB_OK
else:
result = self.ERROR_EMAIL_NOT_EXIST
return result
def email_set_request(self, email):
# request the creation of a new account based on an email address
result = enki.libutil.ENKILIB_OK
if EnkiModelUser.exist_by_email(email):
result = self.ERROR_EMAIL_IN_USE
else:
# create an email verify token, send it to the email address
token = security.generate_random_string(entropy=256)
emailToken = EnkiModelTokenVerify(token=token,
email=email,
type='register')
emailToken.put()
link = enki.libutil.get_local_url(
'registerconfirm', {'verifytoken': emailToken.token})
self.send_email(email, MSG.SEND_EMAIL_REGISTER_CONFIRM_SUBJECT(),
MSG.SEND_EMAIL_REGISTER_CONFIRM_BODY(link))
return result
def create_CSRF(
self, form_name
): # protect against forging login requests http://en.wikipedia.org/wiki/Cross-site_request_forgery http://www.ethicalhack3r.co.uk/login-cross-site-request-forgery-csrf/
# check if the CSRF token for this form already exists, if so reuse it. Otherwise create a new one and add it to the dictionary
sessionCSRFs = self.session.get('CSRF')
if not sessionCSRFs:
sessionCSRFs = {}
sessionCSRF = sessionCSRFs.get(form_name)
if sessionCSRF:
CSRFToken = sessionCSRF
else:
random = security.generate_random_string(
entropy=256).encode('utf-8')
CSRFToken = (random)
sessionCSRFs.update({form_name: CSRFToken})
self.session['CSRF'] = sessionCSRFs
return form_name + '-' + CSRFToken
def forgot_password(self):
email = self.request.get("email")
user = UserProfile.get_by_auth_id(email)
if not user:
return self.render_json({'success': False, 'title': 'Sorry.', 'message': 'Nenhum usuário com o email "%s" foi encontrado.' %email})
new_password = security.generate_random_string(length=8)
user.set_password(new_password)
print 'New Password ======================> ', new_password
user.put()
deferred.defer(send_forgot_password_email, user=user, new_passwd=new_password, _queue='sendEmail') #TODO improve this queue params/conf
return self.render_json({'success': True, 'title': 'Senha reiniciada.', 'message': 'Enviamos um email para %s com sua nova senha' %email})
def create( cls, user, email ):
""" Creates a new verify email token for the given user for validating
the given email.
:param user:
User unique ID
:param email:
Email that the token validates
:returns:
The newly created :class:`VerifyEmailUserToken`.
"""
user = str( user )
token = security.generate_random_string( entropy=128 )
key = cls.get_key( user, cls.SUBJECT, token )
entity = cls( key=key, user=user, subject=cls.SUBJECT, token=token,
email=email.lower( ) )
entity.put( )
return entity
def post(self):
uemail = self.request.get('email')
upwd = self.request.get('pwd')
if uemail == '' or upwd == '':
self.redirect('/error')
else:
user = ndb.Key('User', uemail).get()
if user and user.pwd == upwd:
token = security.generate_random_string(length=20)
session = Session(id=token)
session.userKey = user.put()
session.put()
self.response.set_cookie(key='token', value=token, path='/')
self.redirect("/home")
else:
self.redirect("/login")
def add_newsletter(cls, email, newsletter):
entity = cls.get_by_email_newsletter(email, newsletter)
if entity:
return entity.token
else:
existing_entity = cls.get_by_email(email)
if existing_entity:
# add the newsletter to the list
existing_entity.newsletters.append(newsletter)
existing_entity.put()
return existing_entity.token
else:
# create a new entity
token = security.generate_random_string(entropy=256)
new_entity = cls(email=email,
newsletters=[newsletter],
token=token)
new_entity.put()
return token
def post_reauthenticated(self, params):
register = params.get('register')
deregister = params.get('deregister')
if register: # initiate adding a new authentication method to the account
for authhandler in settings.HANDLERS:
if register == authhandler.get_provider_name():
token = security.generate_random_string(entropy=256)
LoginAddToken = EnkiModelTokenVerify(
token=token,
user_id=self.user_id,
auth_ids_provider=register,
type='loginaddconfirm_1')
LoginAddToken.put()
self.redirect(authhandler.get_button().href)
break
elif deregister:
self.remove_auth_id(deregister)
self.add_infomessage('success', MSG.SUCCESS(),
MSG.AUTH_PROVIDER_REMOVED(deregister))
self.redirect(enki.libutil.get_local_url('accountconnect'))
def _apply_session_properties(self):
# Create a session ID for the session if it does not have one already.
# This is used to create an opaque string that can be passed to the OAuth2
# authentication server via the 'state' parameter.
if self.session.get('sid', None) is None:
self.session['sid'] = security.generate_random_string(entropy=128)
# Add the user's credentials to the decorator if we have them.
if self.me.registered:
self.decorator.credentials = self.decorator._storage_class(
self.decorator._credentials_class,
None,
self.decorator._credentials_property_name,
user=self.me).get()
else:
# Store the state for the session user in a parameter on the flow.
# We only need to do this if we're not logged in.
self.decorator._create_flow(self)
session_user = users.UserStub(self.session['sid'])
self.decorator.flow.params['state'] = appengine._build_state_value(
self, session_user)
