예제 #1
0
 def getGateways(self, session):
     '''
     @see: IAuthenticationService.getGateways
     '''
     olderThan = self.session().query(current_timestamp()).scalar()
     olderThan -= self._sessionTimeOut
     sql = self.session().query(LoginMapped)
     sql = sql.filter(LoginMapped.Session == session)
     sql = sql.filter(LoginMapped.AccessedOn > olderThan)
     try: login = sql.one()
     except NoResultFound: return ()
     assert isinstance(login, LoginMapped), 'Invalid login %s' % login
     login.AccessedOn = current_timestamp()
     self.session().flush((login,))
     self.session().expunge(login)
     commitNow()
     
     # We need to fore the commit because if there is an exception while processing the request we need to make
     # sure that the last access has been updated.
     proc = self._processing
     assert isinstance(proc, Processing), 'Invalid processing %s' % proc
     
     solicit = proc.execute(FILL_CLASSES, solicit=proc.ctx.solicit(acl=login.User)).solicit
     assert isinstance(solicit, Solicit), 'Invalid solicit %s' % solicit
     return solicit.gateways or ()
예제 #2
0
    def performLogin(self, authentication):
        '''
        @see: IAuthenticationService.performLogin
        '''
        assert isinstance(authentication, Authentication), 'Invalid authentication %s' % authentication
 
        if authentication.Token is None:
            raise InvalidError(_('The login token is required'), Authentication.Token)
        if authentication.HashedToken is None:
            raise InvalidError(_('The hashed login token is required'), Authentication.HashedToken)
        if authentication.UserName is None:
            raise InvalidError(_('A user name is required for authentication'), Authentication.UserName)
 
        olderThan = self.session().query(current_timestamp()).scalar()
        olderThan -= self._authenticationTimeOut
        sql = self.session().query(TokenMapped)
        sql = sql.filter(TokenMapped.Token == authentication.Token)
        sql = sql.filter(TokenMapped.requestedOn > olderThan)
        if sql.delete() > 0:
            commitNow()  # We make sure that the delete has been performed
 
            sql = self.session().query(UserMapped)
            sql = sql.filter(func.lower(UserMapped.UserName) == authentication.UserName.lower()).filter(UserMapped.Active == True)
            try: 
                user = sql.one()
            except NoResultFound: user = None
 
            if user is not None:
                assert isinstance(user, UserMapped), 'Invalid user %s' % user
 
                hashedToken = hmac.new(bytes(user.UserName, 'utf8'),
                                       bytes(user.password, 'utf8'), hashlib.sha512).hexdigest()
                hashedToken = hmac.new(bytes(hashedToken, 'utf8'),
                                       bytes(authentication.Token, 'utf8'), hashlib.sha512).hexdigest()
                if authentication.HashedToken == hashedToken:
                    hash = hashlib.sha512()
                    hash.update(urandom(self.authentication_token_size))
 
                    login = LoginMapped()
                    login.Session = hash.hexdigest()
                    login.User = user.Id
                    login.CreatedOn = login.AccessedOn = current_timestamp()
 
                    self.session().add(login)
                    return login
 
        raise InvalidError(_('Invalid credentials'))