예제 #1
0
    def _changePassword(self, request):
        (appchange, script, args, myId) = yield self._getBasicArgs(request)

        currentPass = utils.getRequestArg(request, "curr_passwd", sanitize=False)
        newPass = utils.getRequestArg(request, "passwd1", sanitize=False)
        rptPass = utils.getRequestArg(request, "passwd2", sanitize=False)

        if not currentPass:
            request.write('$$.alerts.error("%s");' % _("Enter your current password"))
            defer.returnValue(None)
        if not newPass:
            request.write('$$.alerts.error("%s");' % _("Enter new password"))
            defer.returnValue(None)
        if not rptPass:
            request.write('$$.alerts.error("%s");' % _("Confirm new password"))
            defer.returnValue(None)
        if newPass != rptPass:
            request.write('$$.alerts.error("%s");' % _("Passwords do not match"))
            defer.returnValue(None)
        if currentPass == newPass:
            request.write('$$.alerts.error("%s");' % _("New password should be different from current password"))
            defer.returnValue(None)

        emailId = args["me"].basic["emailId"]
        col = yield db.get(emailId, "userAuth", "passwordHash")
        storedPass= col.column.value

        if not utils.checkpass(currentPass, storedPass):
            request.write('$$.alerts.error("%s");' % _("Incorrect Password"))
            defer.returnValue(None)

        newPasswd = utils.hashpass(newPass)
        yield db.insert(emailId, "userAuth", newPasswd, "passwordHash")
        request.write('$$.alerts.info("%s");' % _('Password changed'))
예제 #2
0
파일: root.py 프로젝트: psunkari/flocked-in
 def callback(result):
     cols = utils.columnsToDict(result)
     if not utils.checkpass(password, cols.get("passwordHash", "XXX")):
         return self._renderSigninForm(request, self.AUTHENTICATION_FAILED)
     if cols.has_key("isBlocked"):
         return self._renderSigninForm(request, self.USER_BLOCKED)
     if cols.has_key("isFlagged"):
         return self._renderSigninForm(request, self.USER_FLAGGED)
     self._saveSessionAndRedirect(request, cols, remember)
예제 #3
0
    def _tokenForClientCredentials(self, request):
        clientId = utils.getRequestArg(request, 'client_id')
        clientSecret = utils.getRequestArg(request, 'client_secret')

        client = yield db.get_slice(clientId, "apps")
        client = utils.supercolumnsToDict(client)
        if not client or not utils.checkpass(clientSecret, client['meta']['secret']):
            self._error(request, "invalid_client")
            return

        # The client is valid.  Issue auth token.
        # We don't issue a refresh token and everytime the client will have
        # to authenticate using it's credentials
        scopes = client["meta"]["scope"].split(' ')
        userId = client["meta"]["author"]
        orgId  = client["meta"]["org"]
        accessToken = utils.getRandomKey()
        accessTokenData = {"user_id": userId, "type": "access", "org_id": orgId,
                           "client_id": clientId, "scope": " ".join(scopes)}
        yield db.batch_insert(accessToken, "oAuthData",
                              accessTokenData, ttl=self._accessTokenExpiry)
        self._success(request, accessToken)
예제 #4
0
    def _tokenForAuthCode(self, request, refresh=False):
        clientId = utils.getRequestArg(request, 'client_id')
        clientSecret = utils.getRequestArg(request, 'client_secret')
        redirectUri = utils.getRequestArg(request, 'redirect_uri', sanitize=False)
        scopes = utils.getRequestArg(request, 'scope')

        if refresh:
            authCode = utils.getRequestArg(request, 'refresh_token')
        else:
            authCode = utils.getRequestArg(request, 'code')

        # XXX: We should be checking for HTTP authentication before
        #      throwing an error in case of missing clientId and clientSecret.
        if not all([redirectUri, clientId, clientSecret, authCode]):
            self._error(request, "invalid_request")
            return

        grant = yield db.get_slice(authCode, "oAuthData")
        grant = utils.columnsToDict(grant)
        if not grant or grant['client_id'] != clientId or\
           grant['redirect_uri'] != b64encode(redirectUri) or\
           not (grant['type'] == 'auth' and not refresh or\
                grant['type'] == 'refresh' and refresh):
            self._error(request, "invalid_grant")
            return

        grantedScopes = grant['scope'].split(' ')
        if scopes:
            scopes = scopes.split(' ')
            if [x for x in scopes if x not in grantedScopes]:
                self._error(request, "invalid_scope")
                return
        else:
            scopes = grantedScopes

        client = yield db.get_slice(clientId, "apps")
        client = utils.supercolumnsToDict(client)
        if not client or not utils.checkpass(clientSecret, client['meta']['secret']):
            self._error(request, "invalid_client")
            return

        userId = grant["user_id"]
        orgId  = grant["org_id"]
        accessToken = utils.getRandomKey()
        accessTokenData = {"user_id": userId, "org_id": orgId,
                           "type": "access", "client_id": clientId,
                           "auth_code": authCode, "scope": " ".join(scopes)}
        yield db.batch_insert(accessToken, "oAuthData",
                              accessTokenData, ttl=self._accessTokenExpiry)

        refreshToken = utils.getRandomKey()
        refreshTokenData = {"user_id": userId, "org_id": orgId,
                            "type": "refresh", "client_id": clientId,
                            "redirect_uri": grant["redirect_uri"],
                            "auth_code": authCode, "scope": grant["scope"]}
        yield db.batch_insert(refreshToken, "oAuthData",
                              refreshTokenData, ttl=self._refreshTokenExpiry)
        yield db.insert(userId, "entities", refreshToken, clientId,
                        "apps", ttl=self._refreshTokenExpiry)

        yield db.remove(authCode, "oAuthData")
        self._success(request, accessToken, refreshToken)