Exemplo n.º 1
0
 def post(self):
     self.cleanup_item()
     self.log_out()
     self.check_CSRF()
     token = self.session.get('tokenregisterauth')
     tokenEntity = EnkiModelTokenVerify.get_by_token_type(token, 'register')
     if tokenEntity:
         submit_type = self.request.get('submittype')
         # Log in with email and password
         if submit_type == 'login':
             email = tokenEntity.email
             tokenEntity.key.delete()
             password = self.request.get('password')
             if self.log_in_with_email(email, password):
                 self.add_infomessage('success', MSG.SUCCESS(),
                                      MSG.LOGGED_IN())
                 self.redirect_to_relevant_page()
             else:
                 error_message = MSG.WRONG_EMAIL_OR_PW()
                 backoff_timer = self.get_backoff_timer(email)
                 if backoff_timer != 0:
                     error_message = MSG.TIMEOUT(
                         enki.libutil.format_timedelta(backoff_timer))
                 self.render_tmpl('login.html',
                                  active_menu='login',
                                  authhandlers=settings.HANDLERS,
                                  email=email,
                                  error=error_message)
         elif submit_type == 'recoverpass':
             email = tokenEntity.email
             tokenEntity.key.delete()
             self.redirect(
                 enki.libutil.get_local_url('passwordrecover',
                                            {'email': email}))
         # Create a new account using the OAuth provider but without the email
         elif submit_type == 'register':
             email = tokenEntity.email
             tokenEntity.email = ''
             tokenEntity.put()
             self.add_infomessage(
                 'info', MSG.INFORMATION(),
                 MSG.REGISTRATION_INFO_EMAIL_CANNOT_USE(email))
             self.redirect(
                 enki.libutil.get_local_url('registeroauthconfirm'))
         else:
             tokenEntity.key.delete()
             self.add_infomessage('info', MSG.INFORMATION(),
                                  MSG.LOGIN_FAILED())
             self.redirect(enki.libutil.get_local_url('home'))
     else:
         self.abort(404)
Exemplo n.º 2
0
 def post(self):
     self.cleanup_item()
     self.log_out()
     self.check_CSRF()
     submit_type = self.request.get('submittype')
     email = self.request.get('email')
     if submit_type == 'login':
         password = self.request.get('password')
         if self.log_in_with_email(email, password):
             self.add_infomessage('success', MSG.SUCCESS(), MSG.LOGGED_IN())
             self.redirect_to_relevant_page()
         else:
             error_message = MSG.WRONG_EMAIL_OR_PW()
             if enki.libuser.exist_EnkiUser(email):
                 # if the email exist as part of an Auth account (doesn't have a password), silently email them to set a password.
                 user = enki.libuser.get_EnkiUser(email)
                 if not user.password:
                     self.add_debugmessage(
                         '''Comment - whether the email is available or not, the feedback through the UI is identical to prevent email checking.'''
                     )
                     link = enki.libutil.get_local_url(
                         'passwordrecover', {'email': email})
                     self.send_email(
                         email,
                         MSG.
                         SEND_EMAIL_LOGIN_ATTEMPT_WITH_YOUR_EMAIL_NO_PW_SUBJECT(
                         ),
                         MSG.
                         SEND_EMAIL_LOGIN_ATTEMPT_WITH_YOUR_EMAIL_NO_PW_BODY(
                             link, email))
             backoff_timer = self.get_backoff_timer(email)
             if backoff_timer != 0:
                 error_message = MSG.TIMEOUT(
                     enki.libutil.format_timedelta(backoff_timer))
             self.render_tmpl('login.html',
                              active_menu='login',
                              authhandlers=settings.HANDLERS,
                              email=email,
                              error=error_message)
     elif submit_type == 'register':
         self.redirect(
             enki.libutil.get_local_url('register', {'email': email}))
     else:
         self.redirect(
             enki.libutil.get_local_url('passwordrecover',
                                        {'email': email}))
Exemplo n.º 3
0
    def provider_authenticated_callback(self, loginInfo):
        # We expect the fields of the dictionary to be:
        # - 'provider_name' unique 'pretty' provider name (e.g. google, facebook,...)
        # - 'provider_uid' provider specific (a.k.a "locally unique") user Id, i.e unique to the provider (e.g. the google user id number)
        # - 'email'
        # - 'email_verified'
        # We IGNORE: username, gender (facebook), avatar link, etc.

        # get the verified email from the auth provider
        email = None
        if loginInfo['email'] and loginInfo['email_verified'] == True:
            email = loginInfo['email']
        # get the authId from the auth provider
        auth_id = loginInfo['provider_name'] + ':' + loginInfo['provider_uid']

        if auth_id:
            # Modify existing or create user
            # check if it's an add login method request
            LoginAddToken = EnkiModelTokenVerify.get_by_user_id_state_type(
                self.user_id, loginInfo['provider_name'], 'loginaddconfirm_1')
            if LoginAddToken:
                # Add a login method
                if not EnkiModelUser.exist_by_auth_id(auth_id):
                    # store the new auth prov + id in the session
                    LoginAddToken.state = auth_id
                    LoginAddToken.type = 'loginaddconfirm_2'
                    LoginAddToken.put()
                    self.redirect(
                        enki.libutil.get_local_url('loginaddconfirm'))
                else:
                    self.add_infomessage(
                        MSG.INFORMATION(),
                        MSG.AUTH_PROVIDER_CANNOT_BE_ADDED(str(auth_id)))
                    self.redirect(enki.libutil.get_local_url('accountconnect'))
                return
            else:
                user = self.get_user_from_authid(auth_id, email)
                if user:
                    # Existing authentication method / user
                    if self.is_logged_in() and self.user_id == user.key.id():
                        # Refresh the reauthenticated status
                        self.session['reauth_time'] = datetime.datetime.now()
                        self.add_infomessage(MSG.SUCCESS(),
                                             MSG.REAUTHENTICATED())
                        self.redirect_to_relevant_page()
                        return
                    # Login
                    self.log_in_session_token_create(user)
                    self.add_infomessage(MSG.SUCCESS(), MSG.LOGGED_IN())
                    self.redirect_to_relevant_page()
                else:
                    # New authentication method
                    register_token = EnkiModelTokenVerify.get_by_state_type(
                        auth_id, 'register')
                    if register_token:
                        # If a token already exists, get the token value and update the email
                        token = register_token.token
                        register_token.email = email  # update in case the user changed their email or modified their email access permission
                    else:
                        # Create a new token
                        token = security.generate_random_string(entropy=256)
                        register_token = EnkiModelTokenVerify(token=token,
                                                              email=email,
                                                              state=auth_id,
                                                              type='register')
                    register_token.put()
                    self.session['tokenregisterauth'] = token
                    if EnkiModelUser.exist_by_email(email):
                        self.redirect(
                            enki.libutil.get_local_url(
                                'registeroauthwithexistingemail'))
                    else:
                        self.redirect(
                            enki.libutil.get_local_url('registeroauthconfirm'))
        else:
            self.redirect_to_relevant_page()
Exemplo n.º 4
0
 def post(self):
     choice = self.request.get('choice')
     # Step 1
     if choice == 'create' or choice == 'cancel':
         token = self.session.get('tokenregisterauth')
         tokenEntity = EnkiModelTokenVerify.get_by_token_type(
             token, 'register')
         authId = tokenEntity.auth_ids_provider
         provider_name, provider_uid = authId.partition(':')[::2]
         auth_email = tokenEntity.email if tokenEntity.email else None
         if choice == 'create':
             if auth_email:
                 # If the email is given by the provider, it is verified. Get or ceate the account and log the user in.
                 user = self.get_or_create_user_from_authid(
                     authId, auth_email)
                 if user:  # login the user through auth
                     self.log_in_session_token_create(user)
                     self.add_infomessage('success', MSG.SUCCESS(),
                                          MSG.LOGGED_IN())
                 else:  # user creation failed (timeout etc.)
                     self.add_infomessage(
                         'warning', MSG.WARNING(),
                         MSG.AUTH_LOGIN_FAILED(provider_name))
                 self.redirect_to_relevant_page()
                 tokenEntity.key.delete()
                 self.session.pop('tokenregisterauth')
             else:
                 # If the email isn't given by the provider, use the manually entered email.
                 self.check_CSRF()
                 email = self.request.get('email')
                 user = self.get_or_create_user_from_authid(authId)
                 self.log_in_session_token_create(user)
                 error_message = ''
                 success = False
                 result = enki.libuser.validate_email(email)
                 if result == enki.libutil.ENKILIB_OK:
                     result = self.email_change_request(
                         email
                     )  # send an email for verification. Since it's not verified at this point, create the account without the email.
                     self.add_infomessage(
                         'info', MSG.INFORMATION(),
                         MSG.REGISTER_AUTH_ADD_EMAIL_INFO_EMAIL_SENT(email))
                     if result == enki.handlerbase.ERROR_EMAIL_IN_USE:
                         self.add_debugmessage(
                             'Comment - whether the email is available or not, the feedback through the UI is identical to prevent email checking.'
                         )
                     success = True
                     tokenEntity.key.delete()
                     self.session.pop('tokenregisterauth')
                 elif result == enki.libuser.ERROR_EMAIL_FORMAT_INVALID:
                     error_message = MSG.WRONG_EMAIL_FORMAT()
                 elif result == enki.libuser.ERROR_EMAIL_MISSING:
                     error_message = MSG.MISSING_EMAIL()
                 self.render_tmpl('registeroauthconfirm.html',
                                  active_menu='register',
                                  token=tokenEntity,
                                  provider_name=provider_name,
                                  provider_uid=str(provider_uid),
                                  error=error_message,
                                  success=success)
         elif choice == 'cancel':
             self.add_infomessage('info', MSG.INFORMATION(),
                                  MSG.REGISTRATION_ABORT())
             self.redirect_to_relevant_page()
             tokenEntity.key.delete()
             self.session.pop('tokenregisterauth')
     # Step 2 (those choices will only be presented to the user if they successfully added an email manually).
     elif choice == 'continue':
         self.redirect_to_relevant_page()
     elif choice == 'profile':
         url = enki.libutil.get_local_url('profile')
         self.session['sessionrefpath'] = url
         self.redirect(url)