def password_recovery_finish(recovery_hash):
"""
This will be called after user clicked link in email.
"""
try:
id, email, hash_code, complete = \
row_mysql_queries.get_recovery_request_by_hash(recovery_hash)
except TypeError:
# db returns None
flask.abort(404)
if complete == 1:
flask.flash('Password recovery token is expired', 'error')
return flask.redirect(flask.url_for('dashboard'))
odb_user = utils.neo4j_api_call('/users', {"email": email}, 'GET')[0]
new_hash = str(uuid.uuid4())
# set trash password in keystone
keystone_user = utils.get_keystone_user_by_username(odb_user['username'])
clients.admin_clients().keystone.users.update_password(keystone_user,
new_hash)
# set trash password in odb
utils.neo4j_api_call('/users', {
'id': odb_user['id'],
'login': odb_user['login'],
'username': odb_user['username'],
'email': odb_user['email'],
'passwordHash': utils.create_hashed_password(new_hash)},
'PUT')
# send trash password back to user
msg = mail.Message('Password recovery', recipients=[odb_user['email']])
msg.body = flask.render_template('RecoveryPasswordFinishEmail/body.txt',
new_pass=new_hash)
utils.send_msg(msg)
flask.flash('New password was sent to you', 'success')
return flask.redirect(flask.url_for('dashboard'))
def _login(username, password):
try:
odb_user = utils.neo4j_api_call('/users', {
"email": username,
}, 'GET')[0]
except NotFound:
# NOTE(apugachev) ODB returns 404 for non-existing email, lol.
return False
if not (odb_user['passwordHash'] ==
utils.create_hashed_password(password)):
return False
username = odb_user['username']
# NOTE(apugachev)
# odb username is Keystone user name
# password is the same as Keystone password
try:
clients.create_unscoped(username, password)
except Unauthorized:
return False
flask.session['user'] = (
flask.session['keystone_unscoped']['access']['user'])
flask.g.is_authenticated = True
flask.flash('You were logged in successfully.', 'success')
user_tenants = utils.user_tenants_list(
utils.get_keystone_user_by_username(username))
flask.session['tenants'] = user_tenants
# NOTE(apugachev)
# Principal identity name is Keystone user id
principal.identity_changed.send(
focus.app,
identity=principal.Identity(
flask.session['keystone_unscoped'][
'access']['user']['id']))
return True
def _login(username, password):
try:
odb_user = utils.neo4j_api_call('/users', {
"email": username,
}, 'GET')[0]
except NotFound:
# NOTE(apugachev) ODB returns 404 for non-existing email, lol.
return False
if not (odb_user['passwordHash']
== utils.create_hashed_password(password)):
return False
username = odb_user['username']
# NOTE(apugachev)
# odb username is Keystone user name
# password is the same as Keystone password
try:
clients.create_unscoped(username, password)
except Unauthorized:
return False
flask.session['user'] = (
flask.session['keystone_unscoped']['access']['user'])
flask.g.is_authenticated = True
flask.flash('You were logged in successfully.', 'success')
user_tenants = utils.user_tenants_list(
utils.get_keystone_user_by_username(username))
flask.session['tenants'] = user_tenants
# NOTE(apugachev)
# Principal identity name is Keystone user id
principal.identity_changed.send(
focus.app,
identity=principal.Identity(
flask.session['keystone_unscoped']['access']['user']['id']))
return True
def test_russian_password(self):
"""
Verifies if user can enter a russian, japan (unicode) password after
registration
"""
for p in [u'фыва', u'asdf', u'君が代は 千代に 八千代に 細石の 巖と態']:
self.assertEquals(type(''), type(create_hashed_password(p)))
def test_login(self):
with \
mock.patch('focus.utils.neo4j_api_call')\
as neo4j_api_call, \
mock.patch('flask.current_app') as current_app,\
mock.patch('flask.g'),\
mock.patch('focus.clients.admin_clients'), \
mock.patch('flask.flash'), \
mock.patch('flaskext.principal.identity_changed'), \
mock.patch('flask.session'):
current_app.config = {'KEYSTONE_CONF': {'admin_tenant_id': '1'}}
neo4j_api_call.return_value = self.ODB_GET_USER_RESPONSE
self.ODB_GET_USER_RESPONSE[0]['passwordHash'] = \
create_hashed_password(u'correctpassword')
self.assertEqual(False, _login('testaccount', u'wrongpassword'))
self.assertEqual(True, _login('testaccount', u'correctpassword'))
self.ODB_GET_USER_RESPONSE[0]['passwordHash'] = \
create_hashed_password(u'хорошийпароль')
self.assertEqual(True, _login('testaccount1', u'хорошийпароль'))
def test_login(self):
with \
mock.patch('focus.utils.neo4j_api_call')\
as neo4j_api_call, \
mock.patch('flask.current_app') as current_app,\
mock.patch('flask.g'),\
mock.patch('focus.clients.admin_clients'), \
mock.patch('flask.flash'), \
mock.patch('flaskext.principal.identity_changed'), \
mock.patch('flask.session'):
current_app.config = {
'KEYSTONE_CONF': {
'admin_tenant_id': '1'}}
neo4j_api_call.return_value = self.ODB_GET_USER_RESPONSE
self.ODB_GET_USER_RESPONSE[0]['passwordHash'] = \
create_hashed_password(u'correctpassword')
self.assertEqual(False, _login('testaccount', u'wrongpassword'))
self.assertEqual(True, _login('testaccount', u'correctpassword'))
self.ODB_GET_USER_RESPONSE[0]['passwordHash'] = \
create_hashed_password(u'хорошийпароль')
self.assertEqual(True, _login('testaccount1', u'хорошийпароль'))
def _register_in_ODB(username, email, password):
"""Register user in ODB.
API 'create_user' call to ODB, then read new user from ODB and \
returns it.
"""
# new user
utils.neo4j_api_call(
'/users', {
"login": "",
"username": username,
"email": email,
"passwordHash": utils.create_hashed_password(password),
}, 'POST')
# return fresh user
user = utils.neo4j_api_call('/users', {"email": email}, 'GET')[0]
return user
def _register_in_ODB(username, email, password):
"""Register user in ODB.
API 'create_user' call to ODB, then read new user from ODB and \
returns it.
"""
# new user
utils.neo4j_api_call('/users', {
"login": "",
"username": username,
"email": email,
"passwordHash": utils.create_hashed_password(password),
}, 'POST')
# return fresh user
user = utils.neo4j_api_call('/users', {
"email": email
}, 'GET')[0]
return user
def password_recovery_finish(recovery_hash):
"""
This will be called after user clicked link in email.
"""
try:
id, email, hash_code, complete = \
row_mysql_queries.get_recovery_request_by_hash(recovery_hash)
except TypeError:
# db returns None
flask.abort(404)
if complete == 1:
flask.flash('Password recovery token is expired', 'error')
return flask.redirect(flask.url_for('dashboard'))
odb_user = utils.neo4j_api_call('/users', {"email": email}, 'GET')[0]
new_hash = str(uuid.uuid4())
# set trash password in keystone
keystone_user = utils.get_keystone_user_by_username(odb_user['username'])
clients.admin_clients().keystone.users.update_password(
keystone_user, new_hash)
# set trash password in odb
utils.neo4j_api_call(
'/users', {
'id': odb_user['id'],
'login': odb_user['login'],
'username': odb_user['username'],
'email': odb_user['email'],
'passwordHash': utils.create_hashed_password(new_hash)
}, 'PUT')
# send trash password back to user
msg = mail.Message('Password recovery', recipients=[odb_user['email']])
msg.body = flask.render_template('RecoveryPasswordFinishEmail/body.txt',
new_pass=new_hash)
utils.send_msg(msg)
flask.flash('New password was sent to you', 'success')
return flask.redirect(flask.url_for('dashboard'))
