def do(data, resource):
body = {}
params = data['params']
email = params['email']
password = params['password']
extra = params.get('extra', {})
salt = Salt.get_salt(32)
password_hash = hash_password(password, salt)
password_meta = {
'count': len(password),
'count_lowercase': len([c for c in password if c.islower()]),
'count_uppercase': len([c for c in password if c.isupper()]),
'count_special': len([c for c in password if c in string.punctuation]),
}
partition = 'user'
data['params']['login_method'] = 'email_login'
login_conf = get_login_method(data, resource)['item']
register_policy_code = login_conf.get('register_policy_code', None)
if not data.get('admin', False):
if not match_policy(register_policy_code, extra, password_meta):
body['error'] = error.REGISTER_POLICY_VIOLATION
return body
default_group_name = login_conf['default_group_name']
enabled = login_conf['enabled']
if enabled == 'true':
enabled = True
elif enabled == 'false':
enabled = False
if not enabled:
body['error'] = error.EMAIL_LOGIN_INVALID
return body
instructions = [(None, ('email', 'eq', email))]
items, end_key = resource.db_query(partition, instructions)
users = list(items)
if len(users) > 0:
body['error'] = error.EXISTING_ACCOUNT
return body
else:
item = {
'email': email,
'password_hash': password_hash,
'salt': salt,
'groups': [default_group_name],
'login_method': 'email_login',
}
# Put extra value in the item
for key in extra:
if key not in item:
item[key] = extra[key]
resource.db_put_item(partition, item)
body['item'] = item
return body
def do(data, resource):
body = {}
params = data['params']
user = data['user']
access_token = params.get('access_token')
data['params']['login_method'] = 'facebook_login'
login_conf = get_login_method.do(data, resource)['body']['item']
default_group_name = login_conf['default_group_name']
register_policy_code = login_conf.get('register_policy_code', None)
enabled = login_conf['enabled']
if enabled == 'true':
enabled = True
elif enabled == 'false':
enabled = False
if not enabled:
body['error'] = error.EMAIL_LOGIN_INVALID
return Response(body)
extra_fb_response = get_facebook_response(access_token, ['id', 'email'])
fb_user_id = extra_fb_response['id']
fb_user_email = extra_fb_response['email']
if not data.get('admin', False):
if not match_policy(register_policy_code, extra_fb_response, None):
body['error'] = error.REGISTER_POLICY_VIOLATION
return Response(body)
instructions = [
(None, ('fb_user_id', 'eq', fb_user_id)),
('and', ('login_method', 'eq', 'facebook_login')),
]
items, end_key = resource.db_query('user', instructions)
if items:
session_id = create_session(resource, items[0])
body['session_id'] = session_id
return Response(body)
else: # Create new user and create session also.
item = {
'email': fb_user_email,
'groups': [default_group_name],
'login_method': 'facebook_login',
'fb_user_id': fb_user_id,
}
# Put extra value in the item
for key in extra_fb_response:
if key not in item:
item[key] = extra_fb_response[key]
resource.db_put_item('user', item)
session_id = create_session(resource, item)
body['session_id'] = session_id
return Response(body)
def do(data, resource):
body = {}
user = data['user']
params = data['params']
current_password = params.get('current_password')
new_password = params.get('new_password')
password_hash = user['password_hash']
salt = user['salt']
data['params']['login_method'] = 'email_login'
login_conf = get_login_method(data, resource)['item']
register_policy_code = login_conf.get('register_policy_code', None)
password_meta = {
'count': len(new_password),
'count_lowercase': len([c for c in new_password if c.islower()]),
'count_uppercase': len([c for c in new_password if c.isupper()]),
'count_special':
len([c for c in new_password if c in string.punctuation]),
}
if not data.get('admin', False):
if not match_policy(register_policy_code, user, password_meta):
body['error'] = error.REGISTER_POLICY_VIOLATION
return body
if hash_password(current_password, salt) == password_hash:
new_password_hash = hash_password(new_password, salt)
# user['password_hash'] = new_password_hash
user_id = user.get('id')
success = resource.db_update_item_v2(
user_id, {
'partition': 'user',
'password_hash': password_hash,
'updated_date': float(time.time())
})
body['user_id'] = user.get('id')
body['success'] = success
else:
body['error'] = error.PERMISSION_DENIED
return body
def do(data, resource):
body = {}
params = data['params']
user = data['user']
id_token = params.get('id_token')
data['params']['login_method'] = 'google_login'
login_conf = get_login_method.do(data, resource)['item']
default_group_name = login_conf['default_group_name']
register_policy_code = login_conf.get('register_policy_code', None)
enabled = login_conf['enabled']
if enabled == 'true':
enabled = True
elif enabled == 'false':
enabled = False
if not enabled:
body['error'] = error.GOOGLE_LOGIN_INVALID
return body
extra_response = get_google_profile_response(id_token)
google_user_id = extra_response['sub']
google_user_email = extra_response['email']
if not data.get('admin', False):
if not match_policy(register_policy_code, extra_response, None):
body['error'] = error.REGISTER_POLICY_VIOLATION
return body
instructions = [
(None, ('google_user_id', 'eq', google_user_id)),
('and', ('login_method', 'eq', 'google_login')),
]
items, end_key = resource.db_query('user', instructions)
if items:
session_id = create_session(resource, items[0], data)
body['session_id'] = session_id
body['user_id'] = items[0]['id']
body['is_first_login'] = False
return body
elif not already_has_account_email(
google_user_email,
resource): # Create new user and create session also.
item = {
'id': uuid(),
'email': google_user_email,
'groups': [default_group_name],
'login_method': 'google_login',
'google_user_id': google_user_id,
}
# Put extra value in the item
key_map = {'name': 'name', 'picture': 'profile_image'}
for key in extra_response:
if key not in item:
if key in key_map:
item[key_map[key]] = extra_response[key]
else:
item[key] = extra_response[key]
resource.db_put_item('user', item, item.get('id'))
session_id = create_session(resource, item, data)
body['session_id'] = session_id
body['is_first_login'] = True
body['user_id'] = item['id']
return body
else:
body['error'] = error.EXISTING_ACCOUNT_VIA_OTHER_LOGIN_METHOD
return body
def do(data, resource):
body = {}
params = data['params']
email = params['email']
password = params['password']
# 추가적으로 삽입할 데이터들을 가져옵니다.
extra = params.get('extra', {})
# 빈 값들은 세팅에서 제외합니다.
extra = {
key: value
for key, value in extra.items()
if value != '' and value != {} and value != []
}
# 높은 암호화 수준을 위해 Salt 를 랜덤 생성합니다.
salt = Salt.get_salt(32)
# 사용자가 입력한 password 를 salt 와 함께 sha3_512 으로 해싱합니다.
password_hash = hash_password(password, salt)
# 비밀번호 정책 기준을 충족하는지 체크하기 위해 delegate 함수로 비밀번호의 메타 정보를 체크합니다.
password_meta = {
'count': len(password),
'count_lowercase': len([c for c in password if c.islower()]),
'count_uppercase': len([c for c in password if c.isupper()]),
'count_special': len([c for c in password if c in string.punctuation]),
}
partition = 'user'
data['params']['login_method'] = 'email_login'
login_conf = get_login_method(data, resource)['item']
# 사용자의 가입 정책기준을 가져옵니다.
register_policy_code = login_conf.get('register_policy_code', None)
if not data.get('admin', False):
# 사용자 가입 정책에 부합하는지 확인합니다. 부합하지 않으면 정책 위반 에러를 리턴합니다.
if not match_policy(register_policy_code, extra, password_meta):
body['error'] = error.REGISTER_POLICY_VIOLATION
return body
# 시스템의 Login config 에 저장된대 기본 가입 그룹 이름을 가져옵니다.
default_group_name = login_conf['default_group_name']
# 시스템에서 로그인이 허용되는지 체크합니다.
enabled = login_conf['enabled']
if enabled == 'true':
enabled = True
elif enabled == 'false':
enabled = False
# 로그인 허용이 되지 않는 경우입니다.
if not enabled:
body['error'] = error.EMAIL_LOGIN_INVALID
return body
# email 로 사용자가 있는지 확인합니다.
instructions = [[None, 'email', 'eq', email]]
items, end_key = resource.db_query(partition, instructions)
users = list(items)
# 이미 해당 이메일로 가입된 멤버가 있는 경우
if len(users) > 0:
body['error'] = error.EXISTING_ACCOUNT
return body
else:
# 해싱된 비밀번호로 회원 가입을 진행합니다.
item = {
'id': str(uuid()),
'email': email,
'password_hash': password_hash,
'salt': salt,
'groups': [default_group_name],
'login_method': 'email_login',
}
# Put extra value in the item
for key in extra:
if key not in item:
item[key] = extra[key]
resource.db_put_item(partition, item, item_id=item['id'])
body['item'] = item
return body