def validate(self):
if not super(ExtendedLoginForm, self).validate():
return False
if self.login_name.data.strip() == '':
self.login_name.errors.append(get_message('EMAIL_NOT_PROVIDED')[0])
return False
if self.password.data.strip() == '':
self.password.errors.append(get_message('PASSWORD_NOT_PROVIDED')[0])
return False
self.user = _datastore.get_user(self.login_name.data)
if self.user is None:
self.login_name.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
if not self.user.password:
self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
return False
if not verify_and_update_password(self.password.data, self.user):
self.password.errors.append(get_message('INVALID_PASSWORD')[0])
return False
if not self.user.is_active:
self.login_name.errors.append(get_message('DISABLED_ACCOUNT')[0])
return False
return True
def validate(self):
if self.name.data.strip() == '':
self.name.errors.append(get_message('NAME_NOT_PROVIDED')[0])
return False
if self.password.data.strip() == '':
self.password.errors.append(
get_message('PASSWORD_NOT_PROVIDED')[0])
return False
self.user = User.first(name=self.name.data)
if self.user is None:
self.user = User.create(name=self.name.data,
active=True,
password=encrypt_password(
self.password.data))
return True
if self.user is None:
self.name.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
if not self.user.password:
self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
return False
if not verify_and_update_password(self.password.data, self.user):
self.password.errors.append(get_message('INVALID_PASSWORD')[0])
return False
return True
def verify_pw(username, password):
user = services.users.get(email=username)
if not user:
return False
return verify_and_update_password(password, user)
def validate(self):
if not super(DeploymentLoginForm, self).validate():
return False
if self.email.data.strip() == '':
self.email.errors.append(get_message('EMAIL_NOT_PROVIDED')[0])
return False
if self.password.data.strip() == '':
self.password.errors.append(
get_message('PASSWORD_NOT_PROVIDED')[0])
return False
self.user = _datastore.find_user(email=self.email.data,
deployment=g.deployment)
if self.user is None:
self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
if not self.user.password:
self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
return False
if not verify_and_update_password(self.password.data, self.user):
self.password.errors.append(get_message('INVALID_PASSWORD')[0])
return False
if requires_confirmation(self.user):
self.email.errors.append(get_message('CONFIRMATION_REQUIRED')[0])
return False
if not self.user.is_active():
self.email.errors.append(get_message('DISABLED_ACCOUNT')[0])
return False
return True
def validate_password(form, field):
user = db.session.query(User).filter_by(email=form.email.data).first()
if not user:
raise ValidationError('Inccorect Email or Password combination')
if not verify_and_update_password(field.data, user):
raise ValidationError('Inccorect Email or Password combination')
login_user(user)
def authenticate(username, password):
user = _datastore.get_user(username)
if user and verify_and_update_password(password, user):
_log.info("%s authenticated successfully", username)
return user
if not user:
_log.warn("Authentication failed; unknown username %s", username)
else:
_log.warn("Authentication failed; invalid password for %s", username)
def _check_json_auth():
security = current_app.extensions['security']
auth = request.get_json()
user = security.datastore.find_user(email=auth['email'])
if user and utils.verify_and_update_password(auth['password'], user):
utils.login_user(user)
return True
return False
def validate(self):
if not super(ExtendedChangePasswordForm, self).validate():
return False
if not verify_and_update_password(self.password.data, current_user):
self.password.errors.append(get_message('INVALID_PASSWORD')[0])
return False
if self.password.data.strip() == self.new_password.data.strip():
self.password.errors.append(get_message('PASSWORD_IS_THE_SAME')[0])
return False
return True
def index(self):
login_user_form = LoginForm()
if login_user_form.validate_on_submit():
user = user_datastore.get_user(login_user_form.email.data)
if verify_and_update_password(login_user_form.password.data, user):
login_user(user, login_user_form.remember.data)
return self.render(
'admin/master.html') #redirect(url_for('indexview.index'))
#self._template_args['login_user_form'] = login_user_form
return render_template('members.html', login_user_form=login_user_form)
#class NewsPostView(sqla.ModelView):
# column_list = ['title', 'content', 'date', 'live']
# column_editable_list = ('live',)
# form_columns = ['title', 'content']
# form_widget_args = {
# 'content': {
# 'rows': 15
# }
# }
# def is_accessible(self):
# return current_user.is_authenticated
#def get_save_return_url(self, model, is_created):
# return url_for('newspost.index_view')
#def _handle_view(self, name, **kwargs):
# if not self.is_accessible():
# return redirect(url_for('loginview.index', next=request.url))
# def __init__(self, session, **kwargs):
# super(NewsPostView, self).__init__(NewsPost, session, **kwargs)
#class CategoryView(sqla.ModelView):
# form_columns = ['name']
# column_labels = dict(name='Category')
# def is_accessible(self):
# return current_user.is_authenticated
#def _handle_view(self, name, **kwargs):
# if not self.is_accessible():
# return redirect(url_for('loginview.index', next=request.url))
# def __init__(self, session, **kwargs):
# super(CategoryView, self).__init__(Category, session, **kwargs)
def index(self):
login_user_form = LoginForm()
if login_user_form.validate_on_submit():
user = user_datastore.get_user(login_user_form.email.data)
if verify_and_update_password(login_user_form.password.data, user):
login_user(user, login_user_form.remember.data)
return self.render('admin/master.html')#redirect(url_for('indexview.index'))
#self._template_args['login_user_form'] = login_user_form
return render_template('members.html', login_user_form=login_user_form)
#class NewsPostView(sqla.ModelView):
# column_list = ['title', 'content', 'date', 'live']
# column_editable_list = ('live',)
# form_columns = ['title', 'content']
# form_widget_args = {
# 'content': {
# 'rows': 15
# }
# }
# def is_accessible(self):
# return current_user.is_authenticated
#def get_save_return_url(self, model, is_created):
# return url_for('newspost.index_view')
#def _handle_view(self, name, **kwargs):
# if not self.is_accessible():
# return redirect(url_for('loginview.index', next=request.url))
# def __init__(self, session, **kwargs):
# super(NewsPostView, self).__init__(NewsPost, session, **kwargs)
#class CategoryView(sqla.ModelView):
# form_columns = ['name']
# column_labels = dict(name='Category')
# def is_accessible(self):
# return current_user.is_authenticated
#def _handle_view(self, name, **kwargs):
# if not self.is_accessible():
# return redirect(url_for('loginview.index', next=request.url))
# def __init__(self, session, **kwargs):
# super(CategoryView, self).__init__(Category, session, **kwargs)
def authenticate(username, password):
user = _datastore.get_user(username)
if user and verify_and_update_password(password, user) and user.roles:
_log.info("%s authenticated successfully, logging in", username)
login_user(user)
user.save() #Saving just in case to make sure the login stats are tracked.
_request_ctx_stack.top.current_user = user
return user
if not user:
_log.warn("Authentication failed; unknown username %s", username)
else:
_log.warn("Authentication failed; invalid password for %s", username)
if not user.roles:
_log.warn("Authentication failed; No user roles found.")
def load_user_from_request(request):
apikey = request.headers.environ.get('HTTP_X_API_KEY', None)
if apikey:
user = user_datastore.find_user(apikey=apikey)
if not user:
return None
else:
auth = request.headers.get('Authorization')
if not auth or auth.count(':') != 1:
return None
login, password = auth.split(':')
user = user_datastore.find_user(email=login.strip())
if user is None:
return None
if not verify_and_update_password(password.strip(), user):
return None
return user if login_user(user) else None
def validate(self):
rv = Form.validate(self)
if not rv:
return False
user = db.session.query(User)\
.filter(func.lower(User.email) == func.lower(self.email.data))\
.first()
if user is None:
self.email.errors.append('Email address is not registered')
return False
if not verify_and_update_password(self.password.data, user):
self.password.errors.append('Password is not valid')
return False
self.user = user
return True
def validate(self):
# this is a temporary fix to allow login to accounts with empty
# passwords; this should not be permitted generally.
if self.password.data.strip() == '':
self.password.data = '_empty_'
# skip calling parent's validate, but do call parent's parent
if not super(SecurityLoginForm, self).validate():
return False
if self.email.data.strip() == '':
self.email.errors.append(get_message('EMAIL_NOT_PROVIDED')[0])
return False
# TODO: this will become functional once empty passwords are disallowed
if self.password.data.strip() == '':
self.password.errors.append(get_message('PASSWORD_NOT_PROVIDED')[0])
return False
self.user = _datastore.get_user(self.email.data)
if self.user is None:
self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
# this is changed from upstream, to make non-PasswordUsers fail early
# and reliably
if not isinstance(self.user, models.PasswordUser):
self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
return False
# this is changed from upstream, to fail due to unconfirmed before
# checking for wrong password, to ensure a better error message
if self.user.confirmed_at is None:
self.email.errors.append(get_message('CONFIRMATION_REQUIRED')[0])
return False
if not verify_and_update_password(self.password.data, self.user):
self.password.errors.append(get_message('INVALID_PASSWORD')[0])
return False
if not self.user.is_active():
self.email.errors.append(get_message('DISABLED_ACCOUNT')[0])
return False
return True
def validate(self):
if not super(LoginForm, self).validate():
return False
self.user = m.User.query.filter_by(username=self.username.data).first()
if self.user is None:
self.user.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
if not self.user.password:
self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
return False
if not verify_and_update_password(self.password.data, self.user):
self.password.errors.append(get_message('INVALID_PASSWORD')[0])
return False
if requires_confirmation(self.user):
self.user.errors.append(get_message('CONFIRMATION_REQUIRED')[0])
return False
if not self.user.is_active():
self.user.errors.append(get_message('DISABLED_ACCOUNT')[0])
return False
return True
def validate(self):
name = self.name.data
self.name.errors = [] #not sure why errors are being passed in a tuples
self.password.errors = []
if name.strip() == '':
self.name.errors.append('Please enter a name')
return False
self.user = User.find_user_by_name(name).first()
if self.user is None:
self.user = User.find_user_by_email(email=name).first()
if self.user is None:
self.name.errors.append('User does not exist, please register')
return False
if not verify_and_update_password(self.password.data, self.user):
self.password.errors.append('Password is not valid')
return False
if not self.user.is_active():
self.name.errors.append('Account has been disabled')
return False
return True
def validate(self):
print "in validate"
# if not super(LoginForm, self).validate():
# print "False1"
# return False
if self.name.data.strip() == '':
print "False2"
self.name.errors.append(get_message('NAME_NOT_PROVIDED')[0])
return False
if self.password.data.strip() == '':
self.password.errors.append(
get_message('PASSWORD_NOT_PROVIDED')[0])
return False
self.user = User.first(name=self.name.data)
if self.user is None:
self.user = User.create(name=self.name.data,
active=True,
password=encrypt_password(
self.password.data))
return True
print "got user as %s" % self.user
if self.user is None:
self.name.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
if not self.user.password:
print self.password.errors
self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
return False
if not verify_and_update_password(self.password.data, self.user):
print self.password.errors
self.password.errors.append(get_message('INVALID_PASSWORD')[0])
return False
return True
def validate(self):
print "in validate"
# if not super(LoginForm, self).validate():
# print "False1"
# return False
if self.name.data.strip() == '':
print "False2"
self.name.errors.append(get_message('NAME_NOT_PROVIDED')[0])
return False
if self.password.data.strip() == '':
self.password.errors.append(
get_message('PASSWORD_NOT_PROVIDED')[0])
return False
self.user = User.first(name=self.name.data)
if self.user is None:
self.user = User.create(
name=self.name.data, active=True,
password=encrypt_password(self.password.data))
return True
print "got user as %s" % self.user
if self.user is None:
self.name.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
if not self.user.password:
print self.password.errors
self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
return False
if not verify_and_update_password(self.password.data, self.user):
print self.password.errors
self.password.errors.append(get_message('INVALID_PASSWORD')[0])
return False
return True
def check_password(self, password):
if self.password is None:
return False
return verify_and_update_password(password, self)
def check_password(self, password):
return verify_and_update_password(password, self)
