def post(self):
(
old_password,
password,
password_2,
) = self.get_arguments()
try:
auth_service.check_auth(app, get_jwt_identity(), old_password)
auth.validate_password(password, password_2)
password = auth.encrypt_password(password)
persons_service.update_password(get_jwt_identity(), password)
return {"change_password_success": True}
except auth.PasswordsNoMatchException:
return {
"error": True,
"message": "Confirmation password doesn't match."
}, 400
except auth.PasswordTooShortException:
return {
"error": True,
"message": "Password is too short."
}, 400
except UnactiveUserException:
return {
"error": True,
"message": "Old password is wrong."
}, 400
except WrongPasswordException:
return {
"error": True,
"message": "User is unactive."
}, 400
def post(self):
"""
Allow the user to change his password.
---
description: Prior to modifying the password, it requires to give the current password
(to make sure the user changing the password is not someone who stealed the session).
The new password requires a confirmation to ensure that the user didn't
make a mistake by typing his new password.
tags:
- Authentification
parameters:
- in: body
name: Credentials
description: The old password, new password and confirmation password of the user
schema:
type: object
required:
- old_password
- password
- password_2
properties:
old_password:
type: string
password:
type: string
password_2:
type: string
responses:
200:
description: Password changed
400:
description: Invalid password or inactive user
"""
(old_password, password, password_2) = self.get_arguments()
try:
auth_service.check_auth(app, get_jwt_identity(), old_password)
auth.validate_password(password, password_2)
password = auth.encrypt_password(password)
persons_service.update_password(get_jwt_identity(), password)
return {"success": True}
except auth.PasswordsNoMatchException:
return (
{
"error": True,
"message": "Confirmation password doesn't match.",
},
400,
)
except auth.PasswordTooShortException:
return {"error": True, "message": "Password is too short."}, 400
except UnactiveUserException:
return {"error": True, "message": "User is unactive."}, 400
except WrongPasswordException:
return {"error": True, "message": "Old password is wrong."}, 400
def post(self):
(email, password) = self.get_arguments()
try:
user = auth_service.check_auth(app, email, password)
access_token = create_access_token(identity=user["email"])
refresh_token = create_refresh_token(identity=user["email"])
auth_service.register_tokens(app, access_token, refresh_token)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user["id"]))
if is_from_browser(request.user_agent):
response = jsonify({"user": user, "login": True})
set_access_cookies(response, access_token)
set_refresh_cookies(response, refresh_token)
else:
response = {
"login": True,
"user": user,
"access_token": access_token,
"refresh_token": refresh_token
}
return response
except PersonNotFoundException:
current_app.logger.info("User is not registered.")
return {"login": False}, 400
except WrongUserException:
current_app.logger.info("User is not registered.")
return {"login": False}, 400
except WrongPasswordException:
current_app.logger.info("User gave a wrong password.")
return {"login": False}, 400
except NoAuthStrategyConfigured:
current_app.logger.info(
"Authentication strategy is not properly configured.")
return {"login": False}, 400
except TimeoutError:
current_app.logger.info("Timeout occurs while logging in.")
return {"login": False}, 400
except UnactiveUserException:
return {
"error": True,
"login": False,
"message": "User is unactive, he cannot log in."
}, 400
except OperationalError as exception:
current_app.logger.error(exception)
return {
"error": True,
"login": False,
"message": "Database doesn't seem reachable."
}, 500
except Exception as exception:
if hasattr(exception, "message"):
message = exception.message
else:
message = str(exception)
return {"error": True, "login": False, "message": message}, 500
def post(self):
(email, password) = self.get_arguments()
try:
user = auth_service.check_auth(app, email, password)
del user["password"]
if auth_service.is_default_password(app, password):
token = uuid.uuid4()
auth_tokens_store.add("reset-%s" % token, email, ttl=3600 * 2)
current_app.logger.info("User must change his password.")
return (
{
"login": False,
"default_password": True,
"token": str(token),
},
400,
)
access_token = create_access_token(identity=user["email"])
refresh_token = create_refresh_token(identity=user["email"])
auth_service.register_tokens(app, access_token, refresh_token)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user["id"]))
ip_address = request.environ.get("HTTP_X_REAL_IP",
request.remote_addr)
if is_from_browser(request.user_agent):
organisation = persons_service.get_organisation()
response = jsonify({
"user": user,
"organisation": organisation,
"ldap": app.config["AUTH_STRATEGY"] == "auth_remote_ldap",
"login": True,
})
set_access_cookies(response, access_token)
set_refresh_cookies(response, refresh_token)
events_service.create_login_log(user["id"], ip_address, "web")
else:
events_service.create_login_log(user["id"], ip_address,
"script")
response = {
"login": True,
"user": user,
"ldap": app.config["AUTH_STRATEGY"] == "auth_remote_ldap",
"access_token": access_token,
"refresh_token": refresh_token,
}
return response
except PersonNotFoundException:
current_app.logger.info("User is not registered.")
return {"login": False}, 400
except WrongUserException:
current_app.logger.info("User is not registered.")
return {"login": False}, 400
except WrongPasswordException:
current_app.logger.info("User gave a wrong password.")
return {"login": False}, 400
except NoAuthStrategyConfigured:
current_app.logger.info(
"Authentication strategy is not properly configured.")
return {"login": False}, 400
except TimeoutError:
current_app.logger.info("Timeout occurs while logging in.")
return {"login": False}, 400
except UnactiveUserException:
return (
{
"error": True,
"login": False,
"message": "User is unactive, he cannot log in.",
},
400,
)
except OperationalError as exception:
current_app.logger.error(exception, exc_info=1)
return (
{
"error": True,
"login": False,
"message": "Database doesn't seem reachable.",
},
500,
)
except Exception as exception:
current_app.logger.error(exception, exc_info=1)
if hasattr(exception, "message"):
message = exception.message
else:
message = str(exception)
return {"error": True, "login": False, "message": message}, 500
def post(self):
"""
Log in user by creating and registering auth tokens.
---
description: Login is based on email and password.
If no user match given email and a destkop ID, it looks in matching the desktop ID with the one stored in database.
It is useful for clients that run on desktop tools and that don't know user email.
tags:
- Authentification
parameters:
- in: body
name: Credentials
description: The email and password of the user
schema:
type: object
required:
- email
- password
properties:
email:
type: string
password:
type: string
responses:
200:
description: Login successful
400:
description: Login failed
500:
description: Database not reachable
"""
(email, password) = self.get_arguments()
try:
user = auth_service.check_auth(app, email, password)
if "password" in user:
del user["password"]
if auth_service.is_default_password(app, password):
token = uuid.uuid4()
auth_tokens_store.add("reset-%s" % token, email, ttl=3600 * 2)
current_app.logger.info("User must change his password.")
return (
{
"login": False,
"default_password": True,
"token": str(token),
},
400,
)
access_token = create_access_token(identity=user["email"])
refresh_token = create_refresh_token(identity=user["email"])
auth_service.register_tokens(app, access_token, refresh_token)
identity_changed.send(
current_app._get_current_object(),
identity=Identity(user["id"]),
)
ip_address = request.environ.get("HTTP_X_REAL_IP",
request.remote_addr)
if is_from_browser(request.user_agent):
organisation = persons_service.get_organisation()
response = jsonify({
"user": user,
"organisation": organisation,
"ldap": app.config["AUTH_STRATEGY"] == "auth_remote_ldap",
"login": True,
})
set_access_cookies(response, access_token)
set_refresh_cookies(response, refresh_token)
events_service.create_login_log(user["id"], ip_address, "web")
else:
events_service.create_login_log(user["id"], ip_address,
"script")
response = {
"login": True,
"user": user,
"ldap": app.config["AUTH_STRATEGY"] == "auth_remote_ldap",
"access_token": access_token,
"refresh_token": refresh_token,
}
return response
except PersonNotFoundException:
current_app.logger.info("User is not registered.")
return {"login": False}, 400
except WrongUserException:
current_app.logger.info("User is not registered.")
return {"login": False}, 400
except WrongPasswordException:
current_app.logger.info("User gave a wrong password.")
return {"login": False}, 400
except NoAuthStrategyConfigured:
current_app.logger.info(
"Authentication strategy is not properly configured.")
return {"login": False}, 400
except TimeoutError:
current_app.logger.info("Timeout occurs while logging in.")
return {"login": False}, 400
except UnactiveUserException:
return (
{
"error": True,
"login": False,
"message": "User is inactive, he cannot log in.",
},
400,
)
except OperationalError as exception:
current_app.logger.error(exception, exc_info=1)
return (
{
"error": True,
"login": False,
"message": "Database doesn't seem reachable.",
},
500,
)
except Exception as exception:
current_app.logger.error(exception, exc_info=1)
if hasattr(exception, "message"):
message = exception.message
else:
message = str(exception)
return {"error": True, "login": False, "message": message}, 500
