def authenticate(self, identification, password=None, check_password=True): session = orm.sessionmaker() org_key = Organization.resource_name.lower() + '_id' user = None try: # if it looks like an email, lookup against the email column django.core.validators.validate_email(identification) filters = {'email': identification} if auth_settings.BAPH_AUTH_UNIQUE_WITHIN_ORG: filters[org_key] = Organization.get_current_id() user = session.query(User).filter_by(**filters).first() except django.core.validators.ValidationError: # this wasn't an email pass if not user: # email lookup failed, try username lookup if enabled if auth_settings.BAPH_AUTH_WITHOUT_USERNAMES: # usernames are not valid login credentials return None filters = {User.USERNAME_FIELD: identification} if auth_settings.BAPH_AUTH_UNIQUE_WITHIN_ORG: filters[org_key] = Organization.get_current_id() user = session.query(User).filter_by(**filters).first() if not user: return None if check_password: if user.check_password(password): return user return None else: return user
def get_consumer(self, request, oauth_request, consumer_key): org_id = Organization.get_current_id(request) col_key = Organization.get_column_key() col = getattr(User, col_key) session = orm.sessionmaker() consumer = ( session.query(OAuthConsumer) .join(OAuthConsumer.user) .filter(OAuthConsumer.key == oauth_request["oauth_consumer_key"]) .filter(or_(col == org_id, User.is_superuser == True)) .first() ) if not consumer: raise InvalidConsumerError() return consumer
def clean_email(self): filters = {'email': self.cleaned_data['email']} if settings.BAPH_AUTH_UNIQUE_WITHIN_ORG: org_key = Organization._meta.model_name + '_id' filters[org_key] = Organization.get_current_id() session = orm.sessionmaker() user = session.query(User) \ .options(joinedload('signup')) \ .filter_by(**filters) \ .first() if user and user.signup and user.signup.activation_key != settings.BAPH_ACTIVATED: raise forms.ValidationError(_('This email is already taken but ' 'not yet confirmed. Please check your email for verification ' 'steps.')) if user: raise forms.ValidationError(_('This email is already taken')) return self.cleaned_data['email']
def get_current_permissions(self): if hasattr(self, '_perm_cache'): return self._perm_cache from baph.auth.models import Organization current_org_id = str(Organization.get_current_id()) perms = {} for org_id, org_perms in self.get_all_permissions().items(): if not org_id in (None, current_org_id): continue for rsrc, rsrc_perms in org_perms.items(): if not rsrc in perms: perms[rsrc] = {} for action, action_perms in rsrc_perms.items(): if not action in perms[rsrc]: perms[rsrc][action] = set() perms[rsrc][action].update(action_perms) setattr(self, '_perm_cache', perms) return perms
def clean_email(self): """ Validate that the email is not already in use """ if self.cleaned_data['email'].lower() == self.user.email: raise forms.ValidationError(_(u'You\'re already known under this ' 'email.')) filters = {'email': self.cleaned_data['email']} if settings.BAPH_AUTH_UNIQUE_WITHIN_ORG: org_key = Organization._meta.model_name + '_id' filters[org_key] = Organization.get_current_id() session = orm.sessionmaker() user = session.query(User) \ .filter(User.email != self.user.email) \ .filter_by(**filters) \ .first() if user: raise forms.ValidationError(_(u'This email is already in use. ' 'Please supply a different email.')) return self.cleaned_data['email']
def clean_org_unique_field(self, key, **kwargs): org_key = Organization._meta.model_name + '_id' kwargs[org_key] = Organization.get_current_id() return self.clean_unique_field(key, **kwargs)