def __init__(
self,
clientId,
clientSecret,
scopeLs,
localServerName,
localServerPort,
localServerPage,
):
self.clientId = clientId
self.clientSecret = clientSecret
self.scopeLs = scopeLs
self.localServerName = localServerName
self.localServerPort = localServerPort
self.localServerPage = localServerPage
self.redirectUri = "http://" + localServerName + \
":" + str(localServerPort) + "/" + localServerPage
self.stateStr = utils.generateRandomString(length=20)
self.token = ""
self.refreshToken = ""
self.tokenExpire = None
self.userid = None
def createNewUserIfNotExists():
"""
Create a new Admin user, if the userDB is empty
"""
userMod = getattr(conf["viur.mainApp"], "user", None)
if (userMod # We have a user module
and isinstance(userMod, User)
and "addSkel" in dir(userMod)
and "validAuthenticationMethods" in dir(userMod) #Its our user module :)
and any([x[0] is UserPassword for x in userMod.validAuthenticationMethods])): #It uses UserPassword login
if not db.Query(userMod.addSkel().kindName).get(): #There's currently no user in the database
addSkel = skeletonByKind(userMod.addSkel().kindName)() # Ensure we have the full skeleton
uname = "admin@%s.appspot.com" % app_identity.get_application_id()
pw = utils.generateRandomString(13)
addSkel["name"] = uname
addSkel["status"] = 10 # Ensure its enabled right away
addSkel["access"] = ["root"]
addSkel["password"] = pw
try:
addSkel.toDB()
except Exception as e:
logging.error("Something went wrong when trying to add admin user %s with Password %s", (uname, pw))
logging.exception(e)
return
logging.warning("ViUR created a new admin-user for you! Username: %s, Password: %s" % (uname, pw))
utils.sendEMailToAdmins("Your new ViUR password",
"ViUR created a new admin-user for you! Username: %s, Password: %s" % (uname, pw))
def login(self, name=None, password=None, skey="", *args, **kwargs):
if self.userModule.getCurrentUser(): #Were already logged in
return self.userModule.render.loginSucceeded()
if not name or not password or not securitykey.validate(skey):
return self.userModule.render.login(self.loginSkel())
query = db.Query(self.userModule.viewSkel().kindName)
res = query.filter("name.idx >=", name.lower()).get()
if res is None:
res = {"password": "", "status": 0, "name": "", "name.idx": ""}
if "password_salt" in res.keys(): # Its the new, more secure passwd
passwd = pbkdf2(password[:conf["viur.maxPasswordLength"]],
res["password_salt"])
else:
passwd = sha512(password.encode("UTF-8") +
conf["viur.salt"]).hexdigest()
isOkay = True
# We do this exactly that way to avoid timing attacks
# Check if the username matches
storedUserName = res.get("name.idx", "")
if len(storedUserName) != len(name.lower()):
isOkay = False
else:
for x, y in izip(storedUserName, name.lower()):
if x != y:
isOkay = False
# Check if the password matches
storedPasswordHash = res.get("password", "")
if len(storedPasswordHash) != len(passwd):
isOkay = False
else:
for x, y in izip(storedPasswordHash, passwd):
if x != y:
isOkay = False
# Verify that this account isn't blocked
if res["status"] < 10:
isOkay = False
if not isOkay:
skel = self.loginSkel()
skel.fromClient({"name": name, "nomissing": "1"})
return self.userModule.render.login(skel, loginFailed=True)
else:
if not "password_salt" in res.keys(
): #Update the password to the new, more secure format
res["password_salt"] = utils.generateRandomString(13)
res["password"] = pbkdf2(
password[:conf["viur.maxPasswordLength"]],
res["password_salt"])
db.Put(res)
return self.userModule.continueAuthenticationFlow(self, res.key())
def create(duration=None, **kwargs):
"""
Creates a new onetime Securitykey for the current session
If duration is not set, this key is valid only for the current session.
Otherwise, the key and its data is serialized and saved inside the datastore
for up to duration-seconds
:param duration: Make this key valid for a fixed timeframe (and independend of the current session)
:type duration: int or None
:returns: The new onetime key
"""
key = generateRandomString()
if duration is None:
sessionDependend = True
duration = 30 * 60 # 30 Mins from now
else:
sessionDependend = False
duration = int(duration)
dbObj = db.Entity(securityKeyKindName, name=key)
for k, v in kwargs.items():
dbObj[k] = v
dbObj["until"] = datetime.now() + timedelta(seconds=duration)
if sessionDependend:
dbObj["session"] = currentSession.getSessionKey()
else:
dbObj["session"] = None
dbObj.set_unindexed_properties(
[x for x in dbObj.keys() if not x == "until"])
db.Put(dbObj)
return (key)
def serialize(self, valuesCache, name, entity):
if valuesCache.get(name, None) and valuesCache[name] != "":
salt = utils.generateRandomString(self.saltLength)
passwd = pbkdf2(valuesCache[name][:conf["viur.maxPasswordLength"]],
salt)
entity.set(name, passwd, self.indexed)
entity.set("%s_salt" % name, salt, self.indexed)
return entity
def resetPassword(self, key, *args, **kwargs):
cuser = utils.getCurrentUser()
if not (cuser and "root" in cuser["access"]):
raise errors.Unauthorized("Only 'root' can do this!")
skel = self.editSkel()
if not skel.fromDB(key):
raise errors.NotFound()
skel["password"] = utils.generateRandomString(10)
skel["changepassword"] = True
assert skel.toDB()
self.sendWelcomeMail(str(skel["key"]), skel["password"])
return json.dumps("OK")
def addSkel(self):
skel = super(user, self).addSkel()
skel["password"] = utils.generateRandomString(10)
skel["changepassword"] = True
'''
if True:
skel = skel.ensureIsCloned()
skel["role"] = "member"
skel["status"] = 10
for name, bone in skel.items():
if name in ["name", "firstname", "lastname"]:
bone.readOnly = False
bone.visible = True
else:
bone.visible = False
bone.readOnly = True
return skel
'''
if isinstance(self.render, htmlRender):
skel = skel.ensureIsCloned()
skel["role"] = "member"
skel["status"] = 10
for name, bone in skel.items():
if name in [
"name", "firstname", "nickname", "lastname",
"airbatch_daec", "interests", "duties"
]:
bone.readOnly = False
bone.visible = True
else:
bone.visible = False
bone.readOnly = True
return skel
import flask
import server.views as views
from server import utils
import param
app = flask.Flask(__name__)
app.config.from_object("config")
app.secret_key = utils.generateRandomString(10)
app.add_url_rule("/favicon.ico", "favicon", views.favicon)
app.add_url_rule("/", "init", views.init)
app.add_url_rule("/" + param.localServerPage, "index", views.index)
app.add_url_rule("/deleteChoices", "deleteChoices", views.deleteChoices, methods=["POST"])
app.add_url_rule("/playlistInput", "playlistInput", views.playlistInput)
app.add_url_rule("/playlistValidate", "playlistValidate", views.playlistValidate, methods=["POST"])
