def successful_login(self, user, assumed_by=None): login_rec = model.Login(user) login_rec.successful = True login_rec.session_id = str(uuid.uuid4()) login_rec.assumed_by = assumed_by #session_id = "session_id:{}".format(login_rec.session_id) session_id_signature = actual_hmac_creation(login_rec.session_id) session_id_signed = login_rec.session_id + ":" + session_id_signature logger.debug("session_id_signed:", session_id_signed) session = dict(login_time = time.time(), user_id = user.id, user_email_address = user.email_address) key = UserSession.cookie_name + ":" + login_rec.session_id logger.debug("Key when signing:", key) Redis.hmset(key, session) if self.remember_me: expire_time = self.remember_time else: expire_time = THREE_DAYS Redis.expire(key, expire_time) db_session.add(login_rec) db_session.commit() return session_id_signed
def add_traits(self, params, collection_name): print("---> params are:", params.keys()) print(" type(params):", type(params)) if collection_name=="Default": uc = g.user_session.user_ob.get_collection_by_name("Default") # Doesn't exist so we'll create it if not uc: return create_new("Default") else: uc = model.UserCollection.query.get(params['existing_collection']) members = uc.members_as_set() #set(json.loads(uc.members)) len_before = len(members) traits = process_traits(params['traits']) members_now = list(members | traits) len_now = len(members_now) uc.members = json.dumps(members_now) uc.changed_timestamp = datetime.datetime.utcnow() db_session.commit() print("added to existing, now set is:" + str(uc.members)) report_change(len_before, len_now) # Probably have to change that return redirect(url_for('view_collection', uc_id=uc.id))
def remove_traits(): params = request.form print("params are:", params) if "uc_id" in params: uc_id = params['uc_id'] uc = model.UserCollection.query.get(uc_id) traits_to_remove = params.getlist('traits[]') print("traits_to_remove are:", traits_to_remove) traits_to_remove = process_traits(traits_to_remove) print("\n\n after processing, traits_to_remove:", traits_to_remove) all_traits = uc.members_as_set() print(" all_traits:", all_traits) members_now = all_traits - traits_to_remove print(" members_now:", members_now) print("Went from {} to {} members in set.".format(len(all_traits), len(members_now))) uc.members = json.dumps(list(members_now)) uc.changed_timestamp = datetime.datetime.utcnow() db_session.commit() else: members_now = AnonCollection().remove_traits(params) # We need to return something so we'll return this...maybe in the future # we can use it to check the results return str(len(members_now))
def add_traits(self, params, collection_name): print("---> params are:", params.keys()) print(" type(params):", type(params)) if collection_name == "Default": uc = g.user_session.user_ob.get_collection_by_name("Default") # Doesn't exist so we'll create it if not uc: return create_new("Default") else: uc = model.UserCollection.query.get(params['existing_collection']) members = uc.members_as_set() #set(json.loads(uc.members)) len_before = len(members) traits = process_traits(params['traits']) members_now = list(members | traits) len_now = len(members_now) uc.members = json.dumps(members_now) uc.changed_timestamp = datetime.datetime.utcnow() db_session.commit() print("added to existing, now set is:" + str(uc.members)) report_change(len_before, len_now) # Probably have to change that return redirect(url_for('view_collection', uc_id=uc.id))
def password_reset_step2(): logger.debug("in password_reset request.url is:", request.url) errors = [] user_encode = request.form['user_encode'] verification_code, separator, hmac = user_encode.partition(':') hmac_verified = actual_hmac_creation(verification_code) logger.debug("locals are:", locals()) assert hmac == hmac_verified, "Someone has been naughty" user = DecodeUser.actual_get_user(ForgotPasswordEmail.key_prefix, verification_code) logger.debug("user is:", user) password = request.form['password'] set_password(password, user) db_session.commit() flash("Password changed successfully. You can now sign in.", "alert-info") response = make_response(redirect(url_for('login'))) return response
def successful_login(self, user, assumed_by=None): login_rec = model.Login(user) login_rec.successful = True login_rec.session_id = str(uuid.uuid4()) login_rec.assumed_by = assumed_by #session_id = "session_id:{}".format(login_rec.session_id) session_id_signature = actual_hmac_creation(login_rec.session_id) session_id_signed = login_rec.session_id + ":" + session_id_signature logger.debug("session_id_signed:", session_id_signed) session = dict(login_time=time.time(), user_id=user.id, user_email_address=user.email_address) key = UserSession.cookie_name + ":" + login_rec.session_id logger.debug("Key when signing:", key) Redis.hmset(key, session) if self.remember_me: expire_time = self.remember_time else: expire_time = THREE_DAYS Redis.expire(key, expire_time) db_session.add(login_rec) db_session.commit() return session_id_signed
def remove_traits(): params = request.form print("params are:", params) if "uc_id" in params: uc_id = params['uc_id'] uc = model.UserCollection.query.get(uc_id) traits_to_remove = params.getlist('traits[]') print("traits_to_remove are:", traits_to_remove) traits_to_remove = process_traits(traits_to_remove) print("\n\n after processing, traits_to_remove:", traits_to_remove) all_traits = uc.members_as_set() print(" all_traits:", all_traits) members_now = all_traits - traits_to_remove print(" members_now:", members_now) print("Went from {} to {} members in set.".format( len(all_traits), len(members_now))) uc.members = json.dumps(list(members_now)) uc.changed_timestamp = datetime.datetime.utcnow() db_session.commit() else: members_now = AnonCollection().remove_traits(params) # We need to return something so we'll return this...maybe in the future # we can use it to check the results return str(len(members_now))
def add_to_existing(): params = request.args print("---> params are:", params.keys()) print(" type(params):", type(params)) uc = model.UserCollection.query.get(params['existing_collection']) members = set(json.loads(uc.members)) len_before = len(members) traits = process_traits(params['traits']) members_now = list(members | traits) len_now = len(members_now) uc.members = json.dumps(members_now) uc.changed_timestamp = datetime.datetime.utcnow() db_session.commit() print("added to existing, now set is:" + str(uc.members)) new_length = len_now - len_before if new_length: flash("We've added {} to your collection.".format( numify(new_length, 'new trait', 'new traits'))) else: flash("No new traits were added.") return redirect(url_for('view_collection', uc_id=uc.id))
def delete_collection(): params = request.form print("params:", params) if g.user_session.logged_in: uc_id = params['uc_id'] if len(uc_id.split(":")) > 1: for this_uc_id in uc_id.split(":"): uc = model.UserCollection.query.get(this_uc_id) collection_name = uc.name db_session.delete(uc) db_session.commit() else: uc = model.UserCollection.query.get(uc_id) # Todo: For now having the id is good enough since it's so unique # But might want to check ownership in the future collection_name = uc.name db_session.delete(uc) db_session.commit() else: collection_name = params['collection_name'] user_manager.AnonUser().delete_collection(collection_name) flash("We've deleted the collection: {}.".format(collection_name), "alert-info") return redirect(url_for('list_collections'))
def __init__(self, kw): self.thank_you_mode = False self.errors = [] self.user = Bunch() self.user.email_address = kw.get('email_address', '').strip() if not (5 <= len(self.user.email_address) <= 50): self.errors.append( 'Email Address needs to be between 5 and 50 characters.') self.user.full_name = kw.get('full_name', '').strip() if not (5 <= len(self.user.full_name) <= 50): self.errors.append( 'Full Name needs to be between 5 and 50 characters.') self.user.organization = kw.get('organization', '').strip() if self.user.organization and not (5 <= len(self.user.organization) <= 50): self.errors.append( 'Organization needs to be empty or between 5 and 50 characters.' ) password = str(kw.get('password', '')) if not (6 <= len(password)): self.errors.append('Password needs to be at least 6 characters.') if kw.get('password_confirm') != password: self.errors.append("Passwords don't match.") if self.errors: return logger.debug("No errors!") set_password(password, self.user) self.user.registration_info = json.dumps(basic_info(), sort_keys=True) self.new_user = model.User(**self.user.__dict__) db_session.add(self.new_user) try: db_session.commit() except sqlalchemy.exc.IntegrityError: # This exception is thrown if the email address is already in the database # To do: Perhaps put a link to sign in using an existing account here self.errors.append( "An account with this email address already exists. " "Click the button above to sign in using an existing account.") return logger.debug("Adding verification email to queue") #self.send_email_verification() VerificationEmail(self.new_user) logger.debug("Added verification email to queue") self.thank_you_mode = True
def make_superuser(): super_only() params = request.args user_id = params['user_id'] user = model.User.query.get(user_id) superuser_info = basic_info() superuser_info['crowned_by'] = g.user_session.user_id user.superuser = json.dumps(superuser_info, sort_keys=True) db_session.commit() flash("We've made {} a superuser!".format(user.name_and_org)) return redirect(url_for("manage_users"))
def verify_email(): user = DecodeUser(VerificationEmail.key_prefix).user user.confirmed = json.dumps(basic_info(), sort_keys=True) db_session.commit() # As long as they have access to the email account # We might as well log them in session_id_signed = LoginUser().successful_login(user) response = make_response(render_template("new_security/thank_you.html")) response.set_cookie(UserSession.cookie_name, session_id_signed) return response
def import_traits_to_user(self): collections_list = json.loads(Redis.get(self.key)) for collection in collections_list: uc = model.UserCollection() uc.name = collection['name'] collection_exists = g.user_session.user_ob.get_collection_by_name(uc.name) if collection_exists: continue else: uc.user = g.user_session.user_id uc.members = json.dumps(collection['members']) db_session.add(uc) db_session.commit()
def delete_collection(): params = request.form print("params:", params) uc_id = params['uc_id'] uc = model.UserCollection.query.get(uc_id) # Todo: For now having the id is good enough since it's so unique # But might want to check ownership in the future collection_name = uc.name db_session.delete(uc) db_session.commit() flash("We've deletet the collection: {}.".format(collection_name), "alert-info") return redirect(url_for('list_collections'))
def __init__(self, kw): self.thank_you_mode = False self.errors = [] self.user = Bunch() self.user.email_address = kw.get('email_address', '').strip() if not (5 <= len(self.user.email_address) <= 50): self.errors.append('Email Address needs to be between 5 and 50 characters.') self.user.full_name = kw.get('full_name', '').strip() if not (5 <= len(self.user.full_name) <= 50): self.errors.append('Full Name needs to be between 5 and 50 characters.') self.user.organization = kw.get('organization', '').strip() if self.user.organization and not (5 <= len(self.user.organization) <= 50): self.errors.append('Organization needs to be empty or between 5 and 50 characters.') password = str(kw.get('password', '')) if not (6 <= len(password)): self.errors.append('Password needs to be at least 6 characters.') if kw.get('password_confirm') != password: self.errors.append("Passwords don't match.") if self.errors: return logger.debug("No errors!") set_password(password, self.user) self.user.registration_info = json.dumps(basic_info(), sort_keys=True) self.new_user = model.User(**self.user.__dict__) db_session.add(self.new_user) try: db_session.commit() except sqlalchemy.exc.IntegrityError: # This exception is thrown if the email address is already in the database # To do: Perhaps put a link to sign in using an existing account here self.errors.append("An account with this email address already exists. " "Click the button above to sign in using an existing account.") return logger.debug("Adding verification email to queue") #self.send_email_verification() VerificationEmail(self.new_user) logger.debug("Added verification email to queue") self.thank_you_mode = True
def create_new(collection_name): params = request.args uc = model.UserCollection() uc.name = collection_name print("user_session:", g.user_session.__dict__) uc.user = g.user_session.user_id unprocessed_traits = params['traits'] traits = process_traits(unprocessed_traits) uc.members = json.dumps(list(traits)) print("traits are:", traits) db_session.add(uc) db_session.commit() print("Created: " + uc.name) return redirect(url_for('view_collection', uc_id=uc.id))
def __init__(self, kw): self.thank_you_mode = False self.errors = [] self.user = Bunch() self.user.email_address = kw.get('email_address', '').strip() if not (5 <= len(self.user.email_address) <= 50): self.errors.append('Email Address needs to be between 5 and 50 characters.') self.user.full_name = kw.get('full_name', '').strip() if not (5 <= len(self.user.full_name) <= 50): self.errors.append('Full Name needs to be between 5 and 50 characters.') self.user.organization = kw.get('organization', '').strip() if self.user.organization and not (5 <= len(self.user.organization) <= 50): self.errors.append('Organization needs to be empty or between 5 and 50 characters.') password = str(kw.get('password', '')) if not (6 <= len(password)): self.errors.append('Password needs to be at least 6 characters.') if kw.get('password_confirm') != password: self.errors.append("Passwords don't match.") if self.errors: return print("No errors!") set_password(password, self.user) self.user.registration_info = json.dumps(basic_info(), sort_keys=True) self.new_user = model.User(**self.user.__dict__) db_session.add(self.new_user) db_session.commit() print("Adding verification email to queue") #self.send_email_verification() VerificationEmail(self.new_user) print("Added verification email to queue") self.thank_you_mode = True
def create_new(collection_name): params = request.args unprocessed_traits = params['traits'] traits = process_traits(unprocessed_traits) if g.user_session.logged_in: uc = model.UserCollection() uc.name = collection_name print("user_session:", g.user_session.__dict__) uc.user = g.user_session.user_id uc.members = json.dumps(list(traits)) db_session.add(uc) db_session.commit() return redirect(url_for('view_collection', uc_id=uc.id)) else: current_collections = user_manager.AnonUser().get_collections() ac = AnonCollection(collection_name) ac.changed_timestamp = datetime.datetime.utcnow().strftime('%b %d %Y %I:%M%p') ac.add_traits(params) return redirect(url_for('view_collection', collection_id=ac.id))
def unsuccessful_login(self, user): login_rec = model.Login(user) login_rec.successful = False db_session.add(login_rec) db_session.commit()