예제 #1
0
def do_post(**kwargs):
    """
    Check if user is logged
    """

    _db = get_db()

    tk = kwargs['auth_token']
    from base_common.dbatokens import get_user_by_token
    dbuser = get_user_by_token(_db, tk)

    d = dbuser.dump_user()
    d['token'] = tk

    if hasattr(apphooks, 'extend_user_check'):
        _extend_res = apphooks.extend_user_check(dbuser)
        if _extend_res == False:
            log.critical('Error user check extending')
            return base_common.msg.error(msgs.ERROR_POST_CHECK)

        if isinstance(_extend_res, dict):
            d.update(_extend_res)

    apphooks.action_log_hook(dbuser.id_user, kwargs['r_ip'], 'check', 'user {} successfuly checked status'.format(dbuser.username))
    return base_common.msg.post_ok(d)
예제 #2
0
def do_post(**kwargs):
    """
    Logout user
    """

    _db = get_db()
    dbc = _db.cursor()

    request = kwargs['request_handler']

    tk = request.auth_token

    dbuser = get_user_by_token(_db, tk)

    if not close_session_by_token(dbc, tk):
        log.warning("Closing session with token {}".format(tk))
        return base_common.msg.error(msgs.CLOSE_USER_SESSION)

    _db.commit()

    apphooks.action_log_hook(dbuser.id_user, kwargs['r_ip'], 'logout', 'user {} successfuly logged out'.format(dbuser.username))
    return base_common.msg.post_ok()
예제 #3
0
def do_post(username, password, **kwargs):
    """
    User login
    """

    _db = get_db()
    dbc = _db.cursor()

    log.info('User {} trying to login'.format(username))
    username = username.lower()
    q = apphooks.prepare_login_query(username)

    ip = kwargs['r_ip']

    dbc.execute(q)
    if dbc.rowcount != 1:
        msg = '{} user not found: {}'.format(username, dbc.rowcount)
        log.critical(msg)
        apphooks.action_log_hook(None, ip, 'login', msg)
        return base_common.msg.error(msgs.USER_NOT_FOUND)

    us = dbc.fetchone()
    u_id = us['id']
    u_pwd = us['password']

    upwd = None
    try:
        with open('/tmp/upwd.base') as f:
            upwd = f.read()

    except Exception as e:
        pass

    if not upwd or upwd != password:

        if not check_password(u_pwd, username, password):
            msg = 'Username {} wrong password: {}'.format(username, password)
            log.critical(msg)
            apphooks.action_log_hook(None, ip, 'login', msg)
            return base_common.msg.error(msgs.USER_NOT_FOUND)

    if hasattr(apphooks, 'login_expansion') and not apphooks.login_expansion(us):
        return base_common.msg.error(msgs.ERROR_LOGIN_USER)

    # ASSIGN TOKEN
    tk = get_token(u_id, dbc)
    if not tk:
        return base_common.msg.error(msgs.ERROR_LOGIN_USER)

    _db.commit()

    res = {'token': tk}

    if hasattr(apphooks, 'post_login_digest'):
        post_d = apphooks.post_login_digest(_db, u_id, username, password, tk)
        if post_d == False:
            log.critical('Error user post login digest')
            return base_common.msg.error(msgs.ERROR_POST_LOGIN)

        if isinstance(post_d, dict):
            res.update(post_d)

    apphooks.action_log_hook(u_id,ip, 'login', 'user {} successfuly logged in'.format(username))
    log.info('User {} successfully logged in'.format(username))
    return base_common.msg.post_ok(res)