def get(self, client_id: MemberId = None, inner_resource: str = None):
if context.identity.is_in_roles('client'):
if client_id == 'me':
client = Client.current()
if inner_resource == 'evidences':
return client.evidence
return client
elif context.identity.is_in_roles('admin'):
query = Client.query
if client_id is not None:
client = query.filter(Client.id == client_id).one_or_none()
if client is None:
raise HttpNotFound()
if inner_resource == 'evidences':
return client.evidence
return client
return query
raise HttpNotFound()
def submit(self):
evidence = Client.current().evidence
if evidence.mobile_phone is None or evidence.fixed_phone is None:
raise HttpForbidden('Please verify your mobile and fixed phone first.')
evidence.update_from_request()
id_card = context.form.get('idCard')
id_card_secondary = context.form.get('idCardSecondary')
try:
evidence.id_card = id_card
evidence.id_card_secondary = id_card_secondary
except AspectRatioValidationError as ex:
raise HttpBadRequest(str(ex), reason='invalid-aspectratio')
except DimensionValidationError as ex:
raise HttpBadRequest(str(ex), reason='invalid-dimensions')
except (AnalyzeError, ContentTypeValidationError) as ex:
raise HttpBadRequest(str(ex), reason='invalid-type')
return evidence
def provision(self):
client = Client.current()
if client.has_second_factor is False:
raise HttpBadRequest('Client haven\'t enabled 2-factor authentication')
# TODO: Use another salt too (password or ...)
oath = Oath(seed=settings.membership.second_factor_seed, derivate_seed_from=client.email)
with io.BytesIO() as virtual_file:
qrcode.make(oath.get_google_auth_uri(client.email)).save(stream=virtual_file)
return base64.b64encode(virtual_file.getvalue()).decode()
def change(self):
current_password = context.form.get('currentPassword')
new_password = context.form.get('newPassword')
client = Client.current()
client.change_password(current_password=current_password, new_password=new_password)
context.application.__authenticator__.invalidate_member(context.identity.id)
return client
def __verify_fixed_phone_verification(self):
client = Client.current()
if client.evidence.fixed_phone is not None:
raise HttpConflict('Already verified.', 'already-verified')
phone = context.form.get('phone')
code = context.form.get('code')
oath = Oath(seed=settings.fixed_phone_verification.seed, derivate_seed_from=client.email)
if oath.verify(challenge=phone[1:], code=code)[0] is True:
client.evidence.fixed_phone = phone
context.application.__authenticator__.invalidate_member(client.id)
return client
raise HttpBadRequest()
def __schedule_email_verification(self):
client = Client.current()
if client.is_email_verified is True or client.is_evidence_verified is True:
raise HttpConflict('Already verified.', 'already-verified')
principal = VerificationEmailPrincipal({'id': client.id})
# noinspection PyArgumentList
task = VerificationEmail(
to=client.email,
subject='Email verification',
body={'token': principal.dump().decode()},
)
DBSession.add(task)
return
def __verify_email_verification(self):
token = context.form.get('token')
try:
principal = VerificationEmailPrincipal.load(token)
except itsdangerous.SignatureExpired:
raise HttpBadRequest()
except itsdangerous.BadData:
raise HttpBadRequest()
if principal.id != context.identity.id:
raise HttpBadRequest()
client = Client.current()
client.is_email_verified = True
context.application.__authenticator__.invalidate_member(client.id)
return client
def __schedule_fixed_phone_verification(self):
client = Client.current()
if client.evidence.fixed_phone is not None:
raise HttpConflict('Already verified.', 'already-verified')
phone = context.form.get('phone')
# TODO: The following error can cause security issues!
if ClientEvidence.query.filter(ClientEvidence.fixed_phone == phone).count() > 0:
raise HttpConflict('Already used.', 'already-used')
oath = Oath(seed=settings.fixed_phone_verification.seed, derivate_seed_from=client.email)
code = oath.generate(challenge=phone[1:])
sms = VerificationSms()
sms.to = phone
sms.body = {'code': code, 'template': settings.fixed_phone_verification.template}
DBSession.add(sms)
def disable(self):
Client.current().has_second_factor = False
return {'message': 'done'}
def enable(self):
Client.current().has_second_factor = True
return {'message': 'done'}
