def define_tables(self):
"""Defines the auth_user table"""
db = self.db
Field = db.Field
if not "auth_user" in db.tables:
ne = IS_NOT_EMPTY()
if self.password_complexity:
requires = [IS_STRONG(**self.password_complexity), CRYPT()]
else:
requires = [CRYPT()]
auth_fields = [
Field(
"email",
requires=(IS_EMAIL(), IS_NOT_IN_DB(db, "auth_user.email")),
unique=True,
),
Field(
"password",
"password",
requires=requires,
readable=False,
writable=False,
),
Field("first_name", requires=ne),
Field("last_name", requires=ne),
Field("profile_pic", default="https://merriam-webster.com/assets/mw/images/article/art-wap-landing-mp-lg/[email protected]"),
Field("sso_id", readable=False, writable=False),
Field("action_token", readable=False, writable=False),
Field(
"last_password_change",
"datetime",
default=None,
readable=False,
writable=False,
),
]
if self.use_username:
auth_fields.insert(
0,
Field(
"username",
requires=[ne, IS_NOT_IN_DB(db, "auth_user.username")],
unique=True,
),
)
if self.use_phone_number:
auth_fields.insert(
2,
Field(
"phone_number",
requires=[
ne,
IS_MATCH(r"^[+]?(\(\d+\)|\d+)(\(\d+\)|\d+|[ -])+$"),
],
),
)
if self.block_previous_password_num is not None:
auth_fields.append(
Field("past_passwords_hash", "list:string", writable=False, readable=False))
db.define_table("auth_user", *auth_fields, *self.extra_auth_user_fields)
def define_tables(self):
"""Defines the auth_user table"""
db = self.db
Field = db.Field
if not "auth_user" in db.tables:
ne = IS_NOT_EMPTY()
if self.password_complexity:
requires = [IS_STRONG(**self.password_complexity), CRYPT()]
else:
requires= [CRYPT()]
auth_fields = [
Field(
"email",
requires=(IS_EMAIL(), IS_NOT_IN_DB(db, "auth_user.email")),
unique=True,
),
Field(
"password",
"password",
requires=requires,
readable=False,
writable=False,
),
Field("first_name", requires=ne),
Field("last_name", requires=ne),
Field("sso_id", readable=False, writable=False),
Field("action_token", readable=False, writable=False),
Field(
"last_password_change",
"datetime",
default=None,
readable=False,
writable=False,
),
]
if self.use_username:
auth_fields.insert(
0,
Field(
"username",
requires=[ne, IS_NOT_IN_DB(db, "auth_user.username")],
unique=True,
),
)
if self.use_phone_number:
auth_fields.insert(
2,
Field(
"phone_number",
requires=[
ne,
IS_MATCH(r"^[+]?(\(\d+\)|\d+)(\(\d+\)|\d+|[ -])+$"),
],
),
)
if self.block_previous_password_num is not None:
auth_fields.append(
Field("past_passwords_hash", "list:string", writable=False, readable=False))
db.define_table("auth_user", *auth_fields, *self.extra_auth_user_fields)
def change_password(self, user, new_password, password=None, check=True):
db = self.db
if check:
pwd = CRYPT()(password)[0]
if not pwd == user.password:
return {"errors": {"old_password": "******"}}
new_pwd, error = db.auth_user.password.validate(new_password)
if error:
return {"errors": {"new_password": error}}
if new_pwd == user.password:
return {
"errors": {
"new_password": "******"
}
}
if self.block_previous_password_num:
past_pwds = (user.past_passwords_hash or [])[
: self.block_previous_password_num
]
if any(new_pwd == old_pwd for old_pwd in past_pwds):
return {"errors": {"new_password": "******"}}
else:
past_pwds.insert(0, pwd)
db(db.auth_user.id == user.id).update(past_passwords_hash=past_pwds)
num = db(db.auth_user.id == user.id).update(
password=new_pwd, last_password_change=datetime.datetime.utcnow()
)
return {"updated": num}
def login(self, email, password):
db = self.db
if "email_auth" in self.plugins:
email = email.lower()
if self.plugins["email_auth"].validate_credentials(email, password):
user = db(db.auth_user.email == email).select().first()
return (user, None)
else:
return None, "Invalid Credentials"
else:
value = email.lower()
if self.use_username:
query = (
(db.auth_user.email == value)
if "@" in value
else (db.auth_user.username == value)
)
else:
query = db.auth_user.email == value
user = db(query).select().first()
if not user:
return (None, "Invalid email")
if (user.action_token or "").startswith("pending-registration:"):
return (None, "Registration is pending")
if user.action_token == "account-blocked":
return (None, "Account is blocked")
if user.action_token == "pending-approval":
return (None, "Account needs to be approved")
if CRYPT()(password)[0] == user.password:
return (user, None)
return None, "Invalid Credentials"
def define_tables(self):
"""Defines the auth_user table"""
db = self.db
Field = db.Field
if not "auth_user" in db.tables:
ne = IS_NOT_EMPTY()
auth_fields = [
Field(
"email",
requires=(IS_EMAIL(), IS_NOT_IN_DB(db, "auth_user.email")),
unique=True,
),
Field(
"password",
"password",
requires=CRYPT(),
readable=False,
writable=False,
),
Field("first_name", requires=ne),
Field("last_name", requires=ne),
Field("sso_id", readable=False, writable=False),
Field("action_token", readable=False, writable=False),
]
if self.use_username:
auth_fields.insert(
0,
Field(
"username",
requires=[ne, IS_NOT_IN_DB(db, "auth_user.username")],
unique=True,
),
)
db.define_table("auth_user", *auth_fields, *self.extra_auth_user_fields)
def change_email(self, user, new_email, password=None, check=True):
db = self.db
if check and not CRYPT()(password)[0] == user.get("password"):
return {"errors": {"password": "******"}}
return (
db(db.auth_user.id == user.get("id"))
.validate_and_update(email=new_email)
.as_dict()
)
def login():
if MODE == 'demo':
valid = True
else:
password = request.json.get('password')
valid = password and CRYPT()(password)[0] == os.environ['WEB3PY_PASSWORD']
if valid:
session['user'] = dict(id=1)
return dict(user=valid, mode=MODE)
def define_table(db):
db.define_table(
"auth_user",
Field("user_name"),
Field("user_password", requires=CRYPT()),
Field("user_email"),
Field("user_phone"),
Field("reg_time", type="datetime"),
)
pass
def login():
valid = False
password = request.json.get('password')
password_file = os.environ.get('PY4WEB_PASSWORD_FILE')
if password and password_file and os.path.exists(password_file):
with open(password_file, 'r') as fp:
encrypted_password = fp.read().strip()
valid = CRYPT()(password)[0] == encrypted_password
if valid:
session['user'] = dict(id=1)
return dict(user=valid, app='v3p')
def login():
if MODE == "demo":
valid = True
else:
valid = False
password = request.json.get("password")
password_file = os.environ.get("PY4WEB_PASSWORD_FILE")
if password and password_file and os.path.exists(password_file):
with open(password_file, "r") as fp:
encrypted_password = fp.read().strip()
valid = CRYPT()(password)[0] == encrypted_password
if valid:
session["user"] = dict(id=1)
return dict(user=valid, mode=MODE)
def define_tables(self):
db = self.db
Field = db.Field
if not 'auth_user' in db.tables:
ne = IS_NOT_EMPTY()
db.define_table(
'auth_user',
Field('email', requires=(IS_EMAIL(), IS_NOT_IN_DB(db, 'auth_user.email')), unique=True),
Field('password','password', requires=CRYPT(), readable=False),
Field('first_name', requires=ne),
Field('last_name', requires=ne),
Field('sso_id', editable=False, readable=False),
Field('action_token', editable=False, readable=False),
*self.extra_auth_user_fields)
async def login(
data: OAuth2PasswordRequestForm = Depends(),
): # , response_class=RedirectResponse
# ideally we would put back the response_class parameter but its
# just a hint to the doc system and right now causing the docs
# to crash. Added to an issue for FastAPI on github.
# ):
"""
This is called as the result of a login form being submitted.
If authentication is successful an access token is created and stored
in a session cookie. This session cookie is used for all protected routes.
The ``auth_manager`` is provided by `../session.py` which also explains how
to setup a protected route.
"""
username = data.username
password = data.password
rslogger.debug(f"username = {username}")
user = await load_user(username)
rslogger.debug(user)
# um = UserManagerWeb2Py()
if not user:
# raise InvalidCredentialsException
return RedirectResponse("/auth/login")
else:
rslogger.debug(f"Got a user {user.username} check password")
# The password in the web2py database is formatted as follows:
# alg$salt$hash
# We need to grab the salt and provide that to the CRYPT function
# which we import from pydal for now. Once we are completely off of
# web2py then this will change. The ``web2py_private_key`` is an environment
# variable that comes from the ``private/auth.key`` file.
salt = user.password.split("$")[1]
crypt = CRYPT(key=settings.web2py_private_key, salt=salt)
crypted_password = str(crypt(password)[0])
if crypted_password != user.password:
raise InvalidCredentialsException
access_token = auth_manager.create_access_token(
data={"sub": user.username}, expires=timedelta(hours=12)
)
redirect_to = f"/books/published/{user.course_name}/index.html"
rslogger.debug(f"Sending user to {redirect_to}")
response = RedirectResponse(redirect_to)
# *Important* We need to set the cookie here for the redirect in order for
# the next page to validate. This will also set the cookie in the browser
# for future pages.
auth_manager.set_cookie(response, access_token)
return response
async def create_user(user: AuthUserValidator) -> Optional[AuthUserValidator]:
"""
The given user will have the password in plain text. First we will hash
the password then add this user to the database.
"""
if await fetch_user(user.username):
raise HTTPException(
status_code=422,
detail=http_422error_detail(["body", "username"],
"duplicate username",
"integrity_error"),
)
new_user = AuthUser(**user.dict())
crypt = CRYPT(key=settings.web2py_private_key, salt=True)
new_user.password = str(crypt(user.password)[0])
async with async_session.begin() as session:
session.add(new_user)
return AuthUserValidator.from_orm(new_user)
def define_tables(self):
"""Defines the auth_user table"""
db = self.db
Field = db.Field
if not 'auth_user' in db.tables:
ne = IS_NOT_EMPTY()
auth_fields = [
Field('email', requires=(IS_EMAIL(), IS_NOT_IN_DB(db, 'auth_user.email')), unique=True),
Field('password','password', requires=CRYPT(), readable=False, writable=False),
Field('first_name', requires=ne),
Field('last_name', requires=ne),
Field('sso_id', readable=False, writable=False),
Field('action_token', readable=False, writable=False),
]
if self.use_username:
auth_fields.insert(
0, Field('username', requires=[ne, IS_NOT_IN_DB(db, 'auth_user.username')], unique=True))
db.define_table(
'auth_user',
*auth_fields,
*self.extra_auth_user_fields)
def authenticate():
username, password = request.json.get("email"), request.json.get("password")
#print(username)
#print(password)
try:
# authenticate against auth_user table
query = db.auth_user.email == username
user = db(query).select().first()
if CRYPT()(password)[0] != user.password:
return json.dumps({'error': 403, 'message': 'Authentication failed for: %s' % (username)})
except:
return json.dumps({'error': 403, 'message': 'Authentication failed for %s: ' % (username)})
data = {}
data['username'] = username
data['email'] = user.email
data['first_name'] = user.first_name
data['last_name'] = user.last_name
data['exp'] = datetime.utcnow() + timedelta(seconds=1200)
token = jwt.encode(data, 'secret', algorithm='HS256')
print(token)
return json.dumps({'token': token})
