def login(self,session):
        """

        Logs a user in if their password matches

        arguments:

        session  -- (Session) object from flask

        return the reponse object

        """
        try:
            safeDictionary = RequestDictionary(self.request)

            username = safeDictionary.getValue('username')

            password = safeDictionary.getValue('password')

            try:
                user  = self.interfaces.userDb.getUserByEmail(username)
            except Exception as e:
                raise ValueError("user name and or password invalid")

            if(not self.interfaces.userDb.checkStatus(user,"approved")):
                raise ValueError("user name and or password invalid")

            # Only check if user is active after they've logged in for the first time
            if user.last_login_date is not None and not self.isUserActive(user):
                raise ValueError("Your account has expired. Please contact an administrator.")

            try:
                if(self.interfaces.userDb.checkPassword(user,password,self.bcrypt)):
                    # We have a valid login
                    LoginSession.login(session,user.user_id)
                    permissionList = []
                    for permission in self.interfaces.userDb.getPermssionList():
                        if(self.interfaces.userDb.hasPermission(user, permission.name)):
                            permissionList.append(permission.permission_type_id)
                    self.interfaces.userDb.updateLastLogin(user)
                    return JsonResponse.create(StatusCode.OK,{"message":"Login successful","user_id": int(user.user_id),"name":user.name,"title":user.title ,"agency":user.agency, "permissions" : permissionList})
                else :
                    raise ValueError("user name and or password invalid")
            except Exception as e:
                    LoginSession.logout(session)
                    raise ValueError("user name and or password invalid")

        except (TypeError, KeyError, NotImplementedError) as e:
            # Return a 400 with appropriate message
            return JsonResponse.error(e,StatusCode.CLIENT_ERROR)
        except ValueError as e:
            # Return a 401 for login denied
            return JsonResponse.error(e,StatusCode.LOGIN_REQUIRED)
        except Exception as e:
            # Return 500
            return JsonResponse.error(e,StatusCode.INTERNAL_ERROR)
        return self.response
    def create_session_and_response(self, session, user):
        """Create a session."""
        LoginSession.login(session, user.user_id)

        sess = GlobalDB.db().session
        updateLastLogin(user)
        agency_name = sess.query(CGAC.agency_name).\
            filter(CGAC.cgac_code == user.cgac_code).\
            one_or_none()
        return JsonResponse.create(StatusCode.OK, {"message": "Login successful", "user_id": int(user.user_id),
                                                   "name": user.name, "title": user.title,
                                                   "agency_name": agency_name,
                                                   "cgac_code": user.cgac_code, "permission": user.permission_type_id})
Exemplo n.º 3
0
    def create_session_and_response(session, user):
        """ Create a session.

            Args:
                session: Session object from flask
                user: Users object

            Returns:
                JsonResponse containing the JSON for the user
        """
        LoginSession.login(session, user.user_id)
        data = json_for_user(user, session['sid'])
        data['message'] = 'Login successful'
        return JsonResponse.create(StatusCode.OK, data)
    def create_session_and_response(session, user):
        """ Create a session.

            Args:
                session: Session object from flask
                user: Users object

            Returns:
                JsonResponse containing the JSON for the user
        """
        LoginSession.login(session, user.user_id)
        data = json_for_user(user, session['sid'])
        data['message'] = 'Login successful'
        return JsonResponse.create(StatusCode.OK, data)
Exemplo n.º 5
0
 def create_session_and_response(self, session, user):
     # Create session
     LoginSession.login(session, user.user_id)
     permissionList = []
     for permission in self.interfaces.userDb.getPermissionList():
         if (self.interfaces.userDb.hasPermission(user, permission.name)):
             permissionList.append(permission.permission_type_id)
     self.interfaces.userDb.updateLastLogin(user)
     agency_name = self.interfaces.validationDb.getAgencyName(
         user.cgac_code)
     return JsonResponse.create(
         StatusCode.OK, {
             "message": "Login successful",
             "user_id": int(user.user_id),
             "name": user.name,
             "title": user.title,
             "agency_name": agency_name,
             "cgac_code": user.cgac_code,
             "permissions": permissionList
         })
Exemplo n.º 6
0
    def login(self, session):
        """

        Logs a user in if their password matches

        arguments:

        session  -- (Session) object from flask

        return the reponse object

        """
        try:
            safeDictionary = RequestDictionary(self.request)

            username = safeDictionary.getValue('username')

            password = safeDictionary.getValue('password')

            try:
                user = self.interfaces.userDb.getUserByEmail(username)
            except Exception as e:
                raise ValueError("user name and or password invalid")

            if (not self.interfaces.userDb.checkStatus(user, "approved")):
                raise ValueError("user name and or password invalid")

            # Only check if user is active after they've logged in for the first time
            if user.last_login_date is not None and not self.isUserActive(
                    user):
                raise ValueError(
                    "Your account has expired. Please contact an administrator."
                )

            try:
                if (self.interfaces.userDb.checkPassword(
                        user, password, self.bcrypt)):
                    # We have a valid login
                    LoginSession.login(session, user.user_id)
                    permissionList = []
                    for permission in self.interfaces.userDb.getPermssionList(
                    ):
                        if (self.interfaces.userDb.hasPermission(
                                user, permission.name)):
                            permissionList.append(
                                permission.permission_type_id)
                    self.interfaces.userDb.updateLastLogin(user)
                    return JsonResponse.create(
                        StatusCode.OK, {
                            "message": "Login successful",
                            "user_id": int(user.user_id),
                            "name": user.name,
                            "title": user.title,
                            "agency": user.agency,
                            "permissions": permissionList
                        })
                else:
                    raise ValueError("user name and or password invalid")
            except Exception as e:
                LoginSession.logout(session)
                raise ValueError("user name and or password invalid")

        except (TypeError, KeyError, NotImplementedError) as e:
            # Return a 400 with appropriate message
            return JsonResponse.error(e, StatusCode.CLIENT_ERROR)
        except ValueError as e:
            # Return a 401 for login denied
            return JsonResponse.error(e, StatusCode.LOGIN_REQUIRED)
        except Exception as e:
            # Return 500
            return JsonResponse.error(e, StatusCode.INTERNAL_ERROR)
        return self.response
    def login(self,session):
        """

        Logs a user in if their password matches

        arguments:

        session  -- (Session) object from flask

        return the reponse object

        """
        try:
            safeDictionary = RequestDictionary(self.request)

            username = safeDictionary.getValue('username')

            password = safeDictionary.getValue('password')

            try:
                user = self.interfaces.userDb.getUserByEmail(username)
            except Exception as e:
                raise ValueError("Invalid username and/or password")

            if(not self.interfaces.userDb.checkStatus(user,"approved")):
                raise ValueError("Invalid username and/or password")

            # Only check if user is active after they've logged in for the first time
            if user.last_login_date is not None and self.isAccountExpired(user):
                raise ValueError("Your account has expired. Please contact an administrator.")

            # for whatever reason, your account is not active, therefore it's locked
            if not self.isUserActive(user):
                raise ValueError("Your account has been locked. Please contact an administrator.")

            try:
                if(self.interfaces.userDb.checkPassword(user,password,self.bcrypt)):
                    # We have a valid login

                    # Reset incorrect password attempt count to 0
                    self.resetPasswordCount(user)

                    LoginSession.login(session,user.user_id)
                    permissionList = []
                    for permission in self.interfaces.userDb.getPermissionList():
                        if(self.interfaces.userDb.hasPermission(user, permission.name)):
                            permissionList.append(permission.permission_type_id)
                    self.interfaces.userDb.updateLastLogin(user)
                    agency_name = self.interfaces.validationDb.getAgencyName(user.cgac_code)
                    return JsonResponse.create(StatusCode.OK,{"message":"Login successful","user_id": int(user.user_id),
                                                              "name":user.name,"title":user.title,"agency_name":agency_name,
                                                              "cgac_code":user.cgac_code, "permissions" : permissionList})
                else :
                    # increase incorrect password attempt count by 1
                    # if this is the 3rd incorrect attempt, lock account
                    self.incrementPasswordCount(user)
                    if user.incorrect_password_attempts == 3:
                        raise ValueError("Your account has been locked due to too many failed login attempts. Please contact an administrator.")

                    raise ValueError("Invalid username and/or password")
            except ValueError as ve:
                LoginSession.logout(session)
                raise ve
            except Exception as e:
                LoginSession.logout(session)
                raise ValueError("Invalid username and/or password")

        except (TypeError, KeyError, NotImplementedError) as e:
            # Return a 400 with appropriate message
            return JsonResponse.error(e,StatusCode.CLIENT_ERROR)
        except ValueError as e:
            # Return a 401 for login denied
            return JsonResponse.error(e,StatusCode.LOGIN_REQUIRED)
        except Exception as e:
            # Return 500
            return JsonResponse.error(e,StatusCode.INTERNAL_ERROR)
        return self.response
 def create_session_and_response(session, user):
     """Create a session."""
     LoginSession.login(session, user.user_id)
     data = json_for_user(user)
     data['message'] = 'Login successful'
     return JsonResponse.create(StatusCode.OK, data)
    def login(self, session):
        """

        Logs a user in if their password matches

        arguments:

        session  -- (Session) object from flask

        return the reponse object

        """
        try:
            safeDictionary = RequestDictionary(self.request)

            username = safeDictionary.getValue('username')

            password = safeDictionary.getValue('password')

            try:
                user = self.interfaces.userDb.getUserByEmail(username)
            except Exception as e:
                raise ValueError("Invalid username and/or password")

            if (not self.interfaces.userDb.checkStatus(user, "approved")):
                raise ValueError("Invalid username and/or password")

            # Only check if user is active after they've logged in for the first time
            if user.last_login_date is not None and self.isAccountExpired(
                    user):
                raise ValueError(
                    "Your account has expired. Please contact an administrator."
                )

            # for whatever reason, your account is not active, therefore it's locked
            if not self.isUserActive(user):
                raise ValueError(
                    "Your account has been locked. Please contact an administrator."
                )

            try:
                if (self.interfaces.userDb.checkPassword(
                        user, password, self.bcrypt)):
                    # We have a valid login

                    # Reset incorrect password attempt count to 0
                    self.resetPasswordCount(user)

                    LoginSession.login(session, user.user_id)
                    permissionList = []
                    for permission in self.interfaces.userDb.getPermissionList(
                    ):
                        if (self.interfaces.userDb.hasPermission(
                                user, permission.name)):
                            permissionList.append(
                                permission.permission_type_id)
                    self.interfaces.userDb.updateLastLogin(user)
                    agency_name = self.interfaces.validationDb.getAgencyName(
                        user.cgac_code)
                    return JsonResponse.create(
                        StatusCode.OK, {
                            "message": "Login successful",
                            "user_id": int(user.user_id),
                            "name": user.name,
                            "title": user.title,
                            "agency_name": agency_name,
                            "cgac_code": user.cgac_code,
                            "permissions": permissionList
                        })
                else:
                    # increase incorrect password attempt count by 1
                    # if this is the 3rd incorrect attempt, lock account
                    self.incrementPasswordCount(user)
                    if user.incorrect_password_attempts == 3:
                        raise ValueError(
                            "Your account has been locked due to too many failed login attempts. Please contact an administrator."
                        )

                    raise ValueError("Invalid username and/or password")
            except ValueError as ve:
                LoginSession.logout(session)
                raise ve
            except Exception as e:
                LoginSession.logout(session)
                raise ValueError("Invalid username and/or password")

        except (TypeError, KeyError, NotImplementedError) as e:
            # Return a 400 with appropriate message
            return JsonResponse.error(e, StatusCode.CLIENT_ERROR)
        except ValueError as e:
            # Return a 401 for login denied
            return JsonResponse.error(e, StatusCode.LOGIN_REQUIRED)
        except Exception as e:
            # Return 500
            return JsonResponse.error(e, StatusCode.INTERNAL_ERROR)
        return self.response
 def create_session_and_response(session, user):
     """Create a session."""
     LoginSession.login(session, user.user_id)
     data = json_for_user(user)
     data['message'] = 'Login successful'
     return JsonResponse.create(StatusCode.OK, data)