def _check_session_cookie():
""" Set the user into flask.g if the user is logged in.
"""
cookie_name = APP.config.get('MM_COOKIE_NAME', 'MirrorManager')
session_id = None
user = None
if cookie_name and cookie_name in flask.request.cookies:
sessionid = flask.request.cookies[cookie_name]
session = ukhra.lib.get_session_by_visitkey(SESSION, sessionid)
if session and session.user:
now = datetime.datetime.now()
new_expiry = now + APP.config.get('PERMANENT_SESSION_LIFETIME')
if now > session.expiry:
flask.flash('Session timed-out', 'error')
elif APP.config.get('CHECK_SESSION_IP', True) \
and session.user_ip != flask.request.remote_addr:
flask.flash('Session expired', 'error')
else:
session_id = session.visit_key
user = session.user
session.expiry = new_expiry
SESSION.add(session)
try:
SESSION.commit()
except SQLAlchemyError, err: # pragma: no cover
flask.flash(
'Could not prolong the session in the db, '
'please report this error to an admin', 'error')
APP.logger.exception(err)
def _check_session_cookie():
""" Set the user into flask.g if the user is logged in.
"""
cookie_name = APP.config.get('MM_COOKIE_NAME', 'MirrorManager')
session_id = None
user = None
if cookie_name and cookie_name in flask.request.cookies:
sessionid = flask.request.cookies[cookie_name]
session = ukhra.lib.get_session_by_visitkey(
SESSION, sessionid)
if session and session.user:
now = datetime.datetime.now()
new_expiry = now + APP.config.get('PERMANENT_SESSION_LIFETIME')
if now > session.expiry:
flask.flash('Session timed-out', 'error')
elif APP.config.get('CHECK_SESSION_IP', True) \
and session.user_ip != flask.request.remote_addr:
flask.flash('Session expired', 'error')
else:
session_id = session.visit_key
user = session.user
session.expiry = new_expiry
SESSION.add(session)
try:
SESSION.commit()
except SQLAlchemyError, err: # pragma: no cover
flask.flash(
'Could not prolong the session in the db, '
'please report this error to an admin', 'error')
APP.logger.exception(err)
def do_login():
""" Lo the user in user.
"""
form = ukhra.forms.LoginForm()
next_url = flask.request.args.get('next_url')
if not next_url or next_url == 'None':
next_url = flask.url_for('index')
if form.validate_on_submit():
username = form.username.data
password = '******' % (form.password.data,
APP.config.get('PASSWORD_SEED', None))
password = hashlib.sha512(password).hexdigest()
user_obj = ukhra.lib.get_user_by_username(SESSION, username)
if not user_obj or user_obj.password != password:
flask.flash('Username or password invalid.', 'error')
return flask.redirect(flask.url_for('auth_login'))
elif user_obj.token:
flask.flash(
'Invalid user, did you confirm the creation with the url '
'provided by email?', 'error')
return flask.redirect(flask.url_for('auth_login'))
else:
visit_key = ukhra.lib.id_generator(40)
expiry = datetime.datetime.now() + APP.config.get(
'PERMANENT_SESSION_LIFETIME')
session = model.UserVisit(
user_id=user_obj.id,
user_ip=flask.request.remote_addr,
visit_key=visit_key,
expiry=expiry,
)
SESSION.add(session)
try:
SESSION.commit()
flask.g.fas_user = user_obj
flask.g.fas_session_id = visit_key
flask.flash('Welcome %s' % user_obj.username, "success")
except SQLAlchemyError, err: # pragma: no cover
flask.flash(
'Could not set the session in the db, '
'please report this error to an admin', 'error')
APP.logger.exception(err)
return flask.redirect(next_url)
def do_login():
""" Lo the user in user.
"""
form = ukhra.forms.LoginForm()
next_url = flask.request.args.get('next_url')
if not next_url or next_url == 'None':
next_url = flask.url_for('index')
if form.validate_on_submit():
username = form.username.data
password = '******' % (
form.password.data, APP.config.get('PASSWORD_SEED', None))
password = hashlib.sha512(password).hexdigest()
user_obj = ukhra.lib.get_user_by_username(SESSION, username)
if not user_obj or user_obj.password != password:
flask.flash('Username or password invalid.', 'error')
return flask.redirect(flask.url_for('auth_login'))
elif user_obj.token:
flask.flash(
'Invalid user, did you confirm the creation with the url '
'provided by email?', 'error')
return flask.redirect(flask.url_for('auth_login'))
else:
visit_key = ukhra.lib.id_generator(40)
expiry = datetime.datetime.now() + APP.config.get(
'PERMANENT_SESSION_LIFETIME')
session = model.UserVisit(
user_id=user_obj.id,
user_ip=flask.request.remote_addr,
visit_key=visit_key,
expiry=expiry,
)
SESSION.add(session)
try:
SESSION.commit()
flask.g.fas_user = user_obj
flask.g.fas_session_id = visit_key
flask.flash('Welcome %s' % user_obj.username, "success")
except SQLAlchemyError, err: # pragma: no cover
flask.flash(
'Could not set the session in the db, '
'please report this error to an admin', 'error')
APP.logger.exception(err)
return flask.redirect(next_url)
def confirm_user(token):
""" Confirm a user account.
"""
user_obj = ukhra.lib.get_user_by_token(SESSION, token)
if not user_obj:
flask.flash('No user associated with this token.', 'error')
else:
user_obj.token = None
SESSION.add(user_obj)
try:
SESSION.commit()
flask.flash('Email confirmed, account activated')
return flask.redirect(flask.url_for('auth_login'))
except SQLAlchemyError, err: # pragma: no cover
flask.flash(
'Could not set the account as active in the db, '
'please report this error to an admin', 'error')
APP.logger.exception(err)
def confirm_user(token):
""" Confirm a user account.
"""
user_obj = ukhra.lib.get_user_by_token(SESSION, token)
if not user_obj:
flask.flash('No user associated with this token.', 'error')
else:
user_obj.token = None
SESSION.add(user_obj)
try:
SESSION.commit()
flask.flash('Email confirmed, account activated')
return flask.redirect(flask.url_for('auth_login'))
except SQLAlchemyError, err: # pragma: no cover
flask.flash(
'Could not set the account as active in the db, '
'please report this error to an admin', 'error')
APP.logger.exception(err)
def new_user():
""" Create a new user.
"""
return "Contact #dgplug on IRC for a new account."
form = ukhra.forms.NewUserForm()
if form.validate_on_submit():
username = form.user_name.data
if ukhra.lib.get_user_by_username(
SESSION, username):
flask.flash('Username already taken.', 'error')
return flask.redirect(flask.request.url)
email = form.email_address.data
if ukhra.lib.get_user_by_email(SESSION, email):
flask.flash('Email address already taken.', 'error')
return flask.redirect(flask.request.url)
password = '******' % (
form.password.data, APP.config.get('PASSWORD_SEED', None))
form.password.data = hashlib.sha512(password).hexdigest()
token = ukhra.lib.id_generator(40)
user = model.User()
user.token = token
form.populate_obj(obj=user)
SESSION.add(user)
try:
SESSION.flush()
send_confirmation_email(user)
flask.flash(
'User created, please check your email to activate the '
'account')
except SQLAlchemyError as err:
SESSION.rollback()
flask.flash('Could not create user.')
APP.logger.debug('Could not create user.')
APP.logger.exception(err)
SESSION.commit()
# Now let us update the redis.
redis.hset('userids', user.id, user.user_name)
return flask.redirect(flask.url_for('auth_login'))
return flask.render_template(
'user_new.html',
form=form,
)
def new_user():
""" Create a new user.
"""
return "Contact #dgplug on IRC for a new account."
form = ukhra.forms.NewUserForm()
if form.validate_on_submit():
username = form.user_name.data
if ukhra.lib.get_user_by_username(SESSION, username):
flask.flash('Username already taken.', 'error')
return flask.redirect(flask.request.url)
email = form.email_address.data
if ukhra.lib.get_user_by_email(SESSION, email):
flask.flash('Email address already taken.', 'error')
return flask.redirect(flask.request.url)
password = '******' % (form.password.data,
APP.config.get('PASSWORD_SEED', None))
form.password.data = hashlib.sha512(password).hexdigest()
token = ukhra.lib.id_generator(40)
user = model.User()
user.token = token
form.populate_obj(obj=user)
SESSION.add(user)
try:
SESSION.flush()
send_confirmation_email(user)
flask.flash(
'User created, please check your email to activate the '
'account')
except SQLAlchemyError as err:
SESSION.rollback()
flask.flash('Could not create user.')
APP.logger.debug('Could not create user.')
APP.logger.exception(err)
SESSION.commit()
# Now let us update the redis.
redis.hset('userids', user.id, user.user_name)
return flask.redirect(flask.url_for('auth_login'))
return flask.render_template(
'user_new.html',
form=form,
)
def lost_password():
""" Method to allow a user to change his/her password assuming the email
is not compromised.
"""
form = ukhra.forms.LostPasswordForm()
if form.validate_on_submit():
username = form.username.data
user_obj = ukhra.lib.get_user_by_username(SESSION, username)
if not user_obj:
flask.flash('Username invalid.', 'error')
return flask.redirect(flask.url_for('auth_login'))
elif user_obj.losttoken:
flask.flash(
'Invalid user, did you confirm the creation with the url '
'provided by email? Or did you already ask for a password '
'change?', 'error')
return flask.redirect(flask.url_for('auth_login'))
token = ukhra.lib.id_generator(40)
user_obj.losttoken = token
SESSION.add(user_obj)
try:
SESSION.commit()
send_lostpassword_email(user_obj)
flask.flash(
'Check your email to finish changing your password')
except SQLAlchemyError as err:
SESSION.rollback()
flask.flash(
'Could not set the token allowing changing a password.',
'error')
APP.logger.debug('Password lost change - Error setting token.')
APP.logger.exception(err)
return flask.redirect(flask.url_for('auth_login'))
return flask.render_template(
'password_change.html',
form=form,
)
def lost_password():
""" Method to allow a user to change his/her password assuming the email
is not compromised.
"""
form = ukhra.forms.LostPasswordForm()
if form.validate_on_submit():
username = form.username.data
user_obj = ukhra.lib.get_user_by_username(SESSION, username)
if not user_obj:
flask.flash('Username invalid.', 'error')
return flask.redirect(flask.url_for('auth_login'))
elif user_obj.losttoken:
flask.flash(
'Invalid user, did you confirm the creation with the url '
'provided by email? Or did you already ask for a password '
'change?', 'error')
return flask.redirect(flask.url_for('auth_login'))
token = ukhra.lib.id_generator(40)
user_obj.losttoken = token
SESSION.add(user_obj)
try:
SESSION.commit()
send_lostpassword_email(user_obj)
flask.flash('Check your email to finish changing your password')
except SQLAlchemyError as err:
SESSION.rollback()
flask.flash(
'Could not set the token allowing changing a password.',
'error')
APP.logger.debug('Password lost change - Error setting token.')
APP.logger.exception(err)
return flask.redirect(flask.url_for('auth_login'))
return flask.render_template(
'password_change.html',
form=form,
)
def reset_password(token):
""" Method to allow a user to reset his/her password.
"""
form = ukhra.forms.ResetPasswordForm()
user_obj = ukhra.lib.get_user_by_losttoken(SESSION, token)
if not user_obj:
flask.flash('No user associated with this token.', 'error')
return flask.redirect(flask.url_for('auth_login'))
elif not user_obj.losttoken:
flask.flash(
'Invalid user, this user never asked for a password change',
'error')
return flask.redirect(flask.url_for('auth_login'))
if form.validate_on_submit():
password = '******' % (
form.password.data, APP.config.get('PASSWORD_SEED', None))
user_obj.password = hashlib.sha512(password).hexdigest()
user_obj.losttoken = None
SESSION.add(user_obj)
try:
SESSION.commit()
flask.flash(
'Password changed')
except SQLAlchemyError as err:
SESSION.rollback()
flask.flash('Could not set the new password.', 'error')
APP.logger.debug(
'Password lost change - Error setting password.')
APP.logger.exception(err)
return flask.redirect(flask.url_for('auth_login'))
return flask.render_template(
'password_reset.html',
form=form,
token=token,
)
def reset_password(token):
""" Method to allow a user to reset his/her password.
"""
form = ukhra.forms.ResetPasswordForm()
user_obj = ukhra.lib.get_user_by_losttoken(SESSION, token)
if not user_obj:
flask.flash('No user associated with this token.', 'error')
return flask.redirect(flask.url_for('auth_login'))
elif not user_obj.losttoken:
flask.flash(
'Invalid user, this user never asked for a password change',
'error')
return flask.redirect(flask.url_for('auth_login'))
if form.validate_on_submit():
password = '******' % (form.password.data,
APP.config.get('PASSWORD_SEED', None))
user_obj.password = hashlib.sha512(password).hexdigest()
user_obj.losttoken = None
SESSION.add(user_obj)
try:
SESSION.commit()
flask.flash('Password changed')
except SQLAlchemyError as err:
SESSION.rollback()
flask.flash('Could not set the new password.', 'error')
APP.logger.debug('Password lost change - Error setting password.')
APP.logger.exception(err)
return flask.redirect(flask.url_for('auth_login'))
return flask.render_template(
'password_reset.html',
form=form,
token=token,
)