def manage_user(access_token, user_data, next_url): """Manage the user after signin""" user = user_repo.get_by(facebook_user_id=user_data['id']) if user is None: facebook_token = dict(oauth_token=access_token) info = dict(facebook_token=facebook_token) user = user_repo.get_by_name(user_data['username']) # NOTE: Sometimes users at Facebook validate their accounts without # registering an e-mail (see this http://stackoverflow.com/a/17809808) email = None if user_data.get('email'): email = user_repo.get_by(email_addr=user_data['email']) if user is None and email is None: if not user_data.get('email'): user_data['email'] = "None" user = User(fullname=user_data['name'], name=user_data['username'], email_addr=user_data['email'], facebook_user_id=user_data['id'], info=info) user_repo.save(user) return user else: return None else: return user
def manage_user(access_token, user_data): """Manage the user after signin""" # We have to store the oauth_token in the session to get the USER fields user = user_repo.get_by(google_user_id=user_data['id']) google_token = dict(oauth_token=access_token) # user never signed on if user is None: info = dict(google_token=google_token) name = username_from_full_name(user_data['name']) user = user_repo.get_by_name(name) email = user_repo.get_by(email_addr=user_data['email']) if ((user is None) and (email is None)): user = User(fullname=user_data['name'], name=name, email_addr=user_data['email'], google_user_id=user_data['id'], info=info) user_repo.save(user) if newsletter.is_initialized(): newsletter.subscribe_user(user) return user else: return None else: user.info['google_token'] = google_token # Update the name to fit with new paradigm to avoid UTF8 problems if type(user.name) == unicode or ' ' in user.name: user.name = username_from_full_name(user.name) user_repo.save(user) return user
def manage_user(access_token, user_data, next_url): """Manage the user after signin""" # We have to store the oauth_token in the session to get the USER fields user = user_repo.get_by(google_user_id=user_data['id']) # user never signed on if user is None: google_token = dict(oauth_token=access_token) info = dict(google_token=google_token) name = user_data['name'].encode('ascii', 'ignore').lower().replace(" ", "") user = user_repo.get_by_name(name) email = user_repo.get_by(email_addr=user_data['email']) if ((user is None) and (email is None)): user = User(fullname=user_data['name'], name=user_data['name'].encode('ascii', 'ignore') .lower().replace(" ", ""), email_addr=user_data['email'], google_user_id=user_data['id'], info=info) user_repo.save(user) return user else: return None else: # Update the name to fit with new paradigm to avoid UTF8 problems if type(user.name) == unicode or ' ' in user.name: user.name = user.name.encode('ascii', 'ignore').lower().replace(" ", "") user_repo.update(user) return user
def manage_user(access_token, user_data): """Manage the user after signin""" user = user_repo.get_by(facebook_user_id=user_data['id']) facebook_token = dict(oauth_token=access_token) if user is None: info = dict(facebook_token=facebook_token) name = username_from_full_name(user_data['name']) user_exists = user_repo.get_by_name(name) is not None # NOTE: Sometimes users at Facebook validate their accounts without # registering an e-mail (see this http://stackoverflow.com/a/17809808) email_exists = (user_data.get('email') is not None and user_repo.get_by(email_addr=user_data['email']) is not None) if not user_exists and not email_exists: if not user_data.get('email'): user_data['email'] = name user = User(fullname=user_data['name'], name=name, email_addr=user_data['email'], facebook_user_id=user_data['id'], info=info) user_repo.save(user) if newsletter.is_initialized() and user.email_addr != name: newsletter.subscribe_user(user) return user else: return None else: user.info['facebook_token'] = facebook_token user_repo.save(user) return user
def manage_user(access_token, user_data, next_url): """Manage the user after signin""" user = user_repo.get_by(facebook_user_id=user_data['id']) if user is None: facebook_token = dict(oauth_token=access_token) info = dict(facebook_token=facebook_token) user = user_repo.get_by_name(user_data['username']) # NOTE: Sometimes users at Facebook validate their accounts without # registering an e-mail (see this http://stackoverflow.com/a/17809808) email = None if user_data.get('email'): email = user_repo.get_by(email_addr=user_data['email']) if user is None and email is None: if not user_data.get('email'): user_data['email'] = "None" user = User(fullname=user_data['name'], name=user_data['username'], email_addr=user_data['email'], facebook_user_id=user_data['id'], info=info) user_repo.save(user) if newsletter.app and user.email_addr != "None": newsletter.subscribe_user(user) return user else: return None else: return user
def manage_user(user_data): """Manage the user after signin""" # We have to store the oauth_token in the session to get the USER fields user = user_repo.get_by(mykaarma_user_id=user_data['id']) # user never signed on if user is None: user_by_email = user_repo.get_by(email_addr=user_data['email']) if (user_by_email is None): """Generate 4 digit alphanumeric string with digits and lowercase characters""" name = get_mykaarma_username_from_full_name(user_data['name']) """check if already a user present with the same name, if yes, generate another random string""" user = user_repo.get_by_name(name) while (user is not None): name = get_mykaarma_username_from_full_name(user_data['name']) user = user_repo.get_by_name(name) """add user""" user = User(fullname=user_data['name'], name=name, email_addr=user_data['email'], mykaarma_user_id=user_data['id']) user_repo.save(user) if newsletter.is_initialized(): newsletter.subscribe_user(user) return user else: return add_through_email(user_by_email, user_data) else: return user
def manage_user(access_token, user_data): """Manage the user after signin""" # We have to store the oauth_token in the session to get the USER fields user = user_repo.get_by(google_user_id=user_data['id']) # user never signed on if user is None: google_token = dict(oauth_token=access_token) info = dict(google_token=google_token) name = username_from_full_name(user_data['name']) user = user_repo.get_by_name(name) email = user_repo.get_by(email_addr=user_data['email']) if ((user is None) and (email is None)): user = User(fullname=user_data['name'], name=name, email_addr=user_data['email'], google_user_id=user_data['id'], info=info) user_repo.save(user) if newsletter.is_initialized(): newsletter.subscribe_user(user) return user else: return None else: # Update the name to fit with new paradigm to avoid UTF8 problems if type(user.name) == unicode or ' ' in user.name: user.name = username_from_full_name(user.name) user_repo.update(user) return user
def manage_user(access_token, user_data): """Manage the user after signin""" user = user_repo.get_by(facebook_user_id=user_data['id']) if user is None: facebook_token = dict(oauth_token=access_token) info = dict(facebook_token=facebook_token) name = username_from_full_name(user_data['name']) user_exists = user_repo.get_by_name(name) is not None # NOTE: Sometimes users at Facebook validate their accounts without # registering an e-mail (see this http://stackoverflow.com/a/17809808) email_exists = (user_data.get('email') is not None and user_repo.get_by(email_addr=user_data['email']) is not None) if not user_exists and not email_exists: if not user_data.get('email'): user_data['email'] = name user = User(fullname=user_data['name'], name=name, email_addr=user_data['email'], facebook_user_id=user_data['id'], info=info) user_repo.save(user) if newsletter.is_initialized() and user.email_addr != name: newsletter.subscribe_user(user) return user else: return None else: return user
def handle_bloomberg_response(): sso_settings = current_app.config.get('BSSO_SETTINGS') auth = OneLogin_Saml2_Auth(prepare_onelogin_request(), sso_settings) auth.process_response() errors = auth.get_errors() if errors: # BSSO was unable to authenticate the user error_reason = auth.get_last_error_reason() current_app.logger.error('BSSO auth error(s): %s %s', errors, error_reason) flash(gettext('There was a problem during the sign in process.'), 'error') return redirect(url_for('home.home')) elif auth.is_authenticated: # User is authenticated on BSSO, load user from GIGwork API. attributes = auth.get_attributes() user = user_repo.get_by( email_addr=unicode(attributes['emailAddress'][0]).lower()) if user is not None: # User is authenticated on BSSO and already has a GIGwork account. return _sign_in_user(user, next_url=request.form.get('RelayState')) else: # User is authenticated on BSSO, but does not yet have a GIGwork account, auto create one. user_data = {} try: user_data['fullname'] = attributes['firstName'][ 0] + " " + attributes['lastName'][0] user_data['email_addr'] = attributes['emailAddress'][0] user_data['name'] = attributes['username'][0] user_data['data_access'] = ["L4"] user_data['password'] = generate_password() create_account(user_data, auto_create=True) flash('A new account has been created for you using BSSO.') user = user_repo.get_by( email_addr=unicode(user_data['email_addr'].lower())) return _sign_in_user(user, next_url=request.form.get('RelayState')) except Exception as error: brand = current_app.config['BRAND'] current_app.logger.exception( 'Auto-account creation error: %s, for user attributes: %s', error, attributes) flash( gettext( 'There was a problem signing you in. Please contact your {} administrator.' .format(brand)), 'error') return redirect(url_for('home.home')) else: # Failed to authenticate user on BSSO. current_app.logger.exception('BSSO login error') flash( gettext( 'We were unable authenticate and log you into an account. Please contact a Gigwork administrator.' ), 'error') return redirect(url_for('home.home'))
def test_signin_create(self, ldap_mock): """Test signin creates a PYBOSSA user.""" with patch.dict(self.flask_app.config, {'LDAP_HOST': '127.0.0.1'}): url = '/account/signin' payload = {'email': 'cn', 'password': '******'} ldap_mock.bind_user.return_value = True ldap_mock.get_object_details.return_value = self.ldap_user res = self.app.post(url, data=json.dumps(payload), content_type='application/json') user = user_repo.get_by(ldap='cn') data = json.loads(res.data) assert data['status'] == SUCCESS, data assert data['next'] == '/', data assert user.name == self.ldap_user['uid'][0], user assert user.email_addr == self.ldap_user['cn'][0], user ldap_mock.bind_user.return_value = False res = self.app.post(url, data=json.dumps(payload), content_type='application/json') data = json.loads(res.data) msg = 'User LDAP credentials are wrong.' assert data['flash'] == msg, data assert data['status'] == 'info', data
def manage_user_login(user, user_data, next_url): """Manage user login.""" if user is None: # Give a hint for the user user = user_repo.get_by(email_addr=user_data.get('email')) if user is not None: msg, method = get_user_signup_method(user) flash(msg, 'info') if method == 'local': return redirect(url_for_app_type('account.forgot_password')) else: return redirect(url_for_app_type('account.signin')) else: return redirect(url_for_app_type('account.signin')) else: login_user(user, remember=True) flash("Welcome back %s" % user.fullname, 'success') request_email = (user.email_addr == user.name) if request_email: flash("Please update your e-mail address in your profile page") return redirect(url_for_app_type('account.update_profile', name=user.name)) if (not request_email and user.newsletter_prompted is False and newsletter.is_initialized()): return redirect(url_for_app_type('account.newsletter_subscribe', next=next_url)) return redirect(next_url)
def otpvalidation(email): print '********** inside otpvalidation. request: %r' % request form = OTPForm(request.form) otp = int(form.otp.data) print '************ user email: %r' % email user = user_repo.get_by(email_addr=email) if request.method == 'POST' and form.validate(): if otpauths.get(email) is not None: otpsecret = otpauths[email] if (otpsecret.valid_totp(otp, period=600)): # user provided valid otp, signin user msg = gettext("OTP verified. You are logged in to the system") flash(msg, 'note') _sign_in_user(user) return redirect(url_for("home.home")) else: # invalid otp msg = gettext("Invalid one time password") flash(msg, 'error') _email_two_factor_auth(user) otpform = OTPForm(request.form) return render_template('/account/otpvalidation.html', title="Verify OTP", form=form, user=user)
def manage_user_login(user, user_data, next_url): """Manage user login.""" if user is None: # Give a hint for the user user = user_repo.get_by(email_addr=user_data['email']) if user is not None: msg, method = get_user_signup_method(user) flash(msg, 'info') if method == 'local': return redirect(url_for('account.forgot_password')) else: return redirect(url_for('account.signin')) else: return redirect(url_for('account.signin')) else: first_login = False login_user(user, remember=True) flash("Welcome back %s" % user.fullname, 'success') request_email = False if (user.email_addr == "None"): request_email = True if request_email: if first_login: # pragma: no cover flash("This is your first login, please add a valid e-mail") else: flash("Please update your e-mail address in your profile page") return redirect(url_for('account.update_profile', name=user.name)) if (user.email_addr != "None" and user.newsletter_prompted is False and newsletter.app): return redirect( url_for('account.newsletter_subscribe', next=next_url)) return redirect(next_url)
def manage_user(access_token, user_data): """Manage the user after signin""" # Twitter API does not provide a way # to get the e-mail so we will ask for it # only the first time twitter_token = dict(oauth_token=access_token["oauth_token"], oauth_token_secret=access_token["oauth_token_secret"]) info = dict(twitter_token=twitter_token) user = user_repo.get_by(twitter_user_id=user_data["user_id"]) if user is not None: user.info["twitter_token"] = twitter_token user_repo.save(user) return user user = user_repo.get_by_name(user_data["screen_name"]) if user is not None: return None user = User( fullname=user_data["screen_name"], name=user_data["screen_name"], email_addr=user_data["screen_name"], twitter_user_id=user_data["user_id"], info=info, ) user_repo.save(user) return user
def manage_user_login(user, user_data, next_url): """Manage user login.""" if user is None: # Give a hint for the user user = user_repo.get_by(email_addr=user_data['email']) if user is not None: msg, method = get_user_signup_method(user) flash(msg, 'info') if method == 'local': return redirect(url_for('account.forgot_password')) else: return redirect(url_for('account.signin')) else: return redirect(url_for('account.signin')) else: first_login = False login_user(user, remember=True) flash("Welcome back %s" % user.fullname, 'success') request_email = False if (user.email_addr == "None"): request_email = True if request_email: if first_login: # pragma: no cover flash("This is your first login, please add a valid e-mail") else: flash("Please update your e-mail address in your profile page") return redirect(url_for('account.update_profile', name=user.name)) if (user.email_addr != "None" and user.newsletter_prompted is False and newsletter.app): return redirect(url_for('account.newsletter_subscribe', next=next_url)) return redirect(next_url)
def manage_user_login(user, user_data, next_url): """Manage user login.""" if user is None: # Give a hint for the user user = user_repo.get_by(email_addr=user_data.get('email')) if user is not None: msg, method = get_user_signup_method(user) flash(msg, 'info') if method == 'local': return redirect(url_for_app_type('account.forgot_password', _hash_last_flash=True)) else: return redirect(url_for_app_type('account.signin', _hash_last_flash=True)) else: return redirect(url_for_app_type('account.signin', _hash_last_flash=True)) else: login_user(user, remember=True) flash("Welcome back %s" % user.fullname, 'success') if ((user.email_addr != user.name) and user.newsletter_prompted is False and newsletter.is_initialized()): return redirect(url_for_app_type('account.newsletter_subscribe', next=next_url, _hash_last_flash=True)) return redirect(next_url)
def manage_user_login(user, user_data, next_url): """Manage user login.""" if user is None: # Give a hint for the user user = user_repo.get_by(email_addr=user_data.get('email')) if user is not None: msg, method = get_user_signup_method(user) flash(msg, 'info') if method == 'local': return redirect(url_for('account.forgot_password')) else: return redirect(url_for('account.signin')) else: return redirect(url_for('account.signin')) else: login_user(user, remember=True) flash("Welcome back %s" % user.fullname, 'success') request_email = (user.email_addr == user.name) if request_email: flash("Please update your e-mail address in your profile page") return redirect(url_for('account.update_profile', name=user.name)) if (not request_email and user.newsletter_prompted is False and newsletter.is_initialized()): return redirect(url_for('account.newsletter_subscribe', next=next_url)) return redirect(next_url)
def test_webhook_handler_owner_pro(self): """Test WEBHOOK view works for pro owner.""" # Admin/owner self.register() self.signin() self.signout() # User self.register(name="Iser") self.signin(email="*****@*****.**", password="******") owner = user_repo.get_by(name="Iser") owner.pro = True user_repo.save(owner) project = ProjectFactory.create(owner=owner) url = "/project/%s/webhook" % project.short_name res = self.app.get(url) assert res.status_code == 200, res.status_code assert "Created" in res.data assert "Payload" in res.data url = "/project/%s/webhook?failed=true" % project.short_name res = self.app.get(url) assert res.status_code == 200, res.status_code assert "Created" in res.data assert "Payload" in res.data url = "/project/%s/webhook?all=true" % project.short_name res = self.app.get(url) assert res.status_code == 200, res.status_code assert "Created" in res.data assert "Payload" in res.data
def _create_account_Auth(user_data): new_user = model.user.User(fullname=user_data['fullname'], name=user_data['name'], email_addr=user_data['email_addr'], valid_email=True, auth_user_id=user_data['auth_user_id'], admin=False) password = GenPasswd2(8, string.digits) + GenPasswd2( 15, string.ascii_letters) new_user.set_password(password) userxemail = user_repo.get_by(email_addr=user_data['email_addr']) if userxemail: if userxemail.auth_user_id is None: new_user = userxemail new_user.auth_user_id = user_data['auth_user_id'] user_repo.update(new_user) flash(gettext(u'Bienvenido') + " " + new_user.fullname, 'success') return _sign_in_user(new_user) else: flash( gettext( u'El email ya está registrado en nuestro sistema bajo otra cuenta con otras credenciales. No ha sido posible iniciar sesión. Inicie sesión utilizando la cuenta original que uso para registrarse por primera vez con esta dirección de correo.' ), 'error') return redirect_content_type(url_for("home.home")) else: userduplicatename = user_repo.get_by_name(name=new_user.name) if userduplicatename: new_user.name = new_user.name + GenRandomString( 6, string.ascii_lowercase) user_repo.save(new_user) flash(gettext(u'Gracias por registrarte.'), 'success') return _sign_in_user(new_user)
def forgot_password(): """ Request a forgotten password for a user. Returns a Jinja2 template. """ form = ForgotPasswordForm(request.body) if form.validate_on_submit(): user = user_repo.get_by(email_addr=form.email_addr.data) if user and user.email_addr: msg = dict(subject='Account Recovery', recipients=[user.email_addr]) if user.twitter_user_id: msg['body'] = render_template( '/account/email/forgot_password_openid.md', user=user, account_name='Twitter') msg['html'] = render_template( '/account/email/forgot_password_openid.html', user=user, account_name='Twitter') elif user.facebook_user_id: msg['body'] = render_template( '/account/email/forgot_password_openid.md', user=user, account_name='Facebook') msg['html'] = render_template( '/account/email/forgot_password_openid.html', user=user, account_name='Facebook') elif user.google_user_id: msg['body'] = render_template( '/account/email/forgot_password_openid.md', user=user, account_name='Google') msg['html'] = render_template( '/account/email/forgot_password_openid.html', user=user, account_name='Google') else: userdict = {'user': user.name, 'password': user.passwd_hash} key = signer.dumps(userdict, salt='password-reset') recovery_url = url_for_app_type('.reset_password', key=key, _external=True) msg['body'] = render_template( '/account/email/forgot_password.md', user=user, recovery_url=recovery_url) msg['html'] = render_template( '/account/email/forgot_password.html', user=user, recovery_url=recovery_url) mail_queue.enqueue(send_mail, msg) flash(gettext("We've sent you an email with account " "recovery instructions!"), 'success') else: flash(gettext("We don't have this email in our records. " "You may have signed up with a different " "email or used Twitter, Facebook, or " "Google to sign-in"), 'error') if request.method == 'POST' and not form.validate(): flash(gettext('Something went wrong, please correct the errors on the ' 'form'), 'error') data = dict(template='/account/password_forgot.html', form=form) return handle_content_type(data)
def callback(): global auth0 try: auth0.authorize_access_token() except Exception: pass msg_1 = gettext( u"Se ha producido un error al iniciar sesión con su cuenta. Los datos introducidos son incorrectos. Por favor, vuelva a intentarlo, pulsando de nuevo sobre “Iniciar sesión”." ) flash(msg_1, 'error') return redirect_content_type(url_for("home.home")) resp = auth0.get('userinfo') userinfo = resp.json() auth_user_id = userinfo['sub'] user = user_repo.get_by(auth_user_id=auth_user_id) if user: msg_1 = gettext(u"Bienvenido") + " " + user.fullname flash(msg_1, 'success') return _sign_in_user(user) else: account = dict(fullname=userinfo['nickname'], name=userinfo['nickname'], email_addr=userinfo['email'], auth_user_id=auth_user_id) return _create_account_Auth(account)
def manage_user(access_token, user_data): """Manage the user after signin""" # Twitter API does not provide a way # to get the e-mail so we will ask for it # only the first time info = dict(twitter_token=access_token) user = user_repo.get_by(twitter_user_id=user_data['user_id']) if user is not None: user.info['twitter_token'] = access_token user_repo.save(user) return user user = user_repo.get_by_name(user_data['screen_name']) if user is not None: return None user = User(fullname=user_data['screen_name'], name=user_data['screen_name'], email_addr=user_data['screen_name'], twitter_user_id=user_data['user_id'], info=info) user_repo.save(user) return user
def test_webhook_handler_owner_pro(self): """Test WEBHOOK view works for pro owner.""" # Admin/owner self.register() self.signout() # User self.register(name="Iser") owner = user_repo.get_by(name="Iser") owner.pro = True user_repo.save(owner) project = ProjectFactory.create(owner=owner) url = "/project/%s/webhook" % project.short_name res = self.app.get(url) assert res.status_code == 200, res.status_code assert "Created" in res.data assert "Payload" in res.data url = "/project/%s/webhook?failed=true" % project.short_name res = self.app.get(url) assert res.status_code == 200, res.status_code assert "Created" in res.data assert "Payload" in res.data url = "/project/%s/webhook?all=true" % project.short_name res = self.app.get(url) assert res.status_code == 200, res.status_code assert "Created" in res.data assert "Payload" in res.data
def get_enabled_users(user_emails): from pybossa.core import user_repo enabled_users = [] for ue in user_emails: user = user_repo.get_by(email_addr=ue) if user and user.enabled: enabled_users.append(ue) return enabled_users
def signin(): """ Signin method for PyBossa users. Returns a Jinja2 template with the result of signing process. """ form = LoginForm(request.form) if request.method == 'POST' and form.validate(): password = form.password.data email = form.email.data user = user_repo.get_by(email_addr=email) if user and user.check_password(password): if twofactor_auth == False: msg_1 = gettext("Welcome back") + " " + user.fullname flash(msg_1, 'success') return _sign_in_user(user) else: _email_two_factor_auth(user) otpform = OTPForm(request.form) return render_template('/account/otpvalidation.html', title="Verify OTP", form=otpform, user=user) elif user: msg, method = get_user_signup_method(user) if method == 'local': msg = gettext("Ooops, Incorrect email/password") flash(msg, 'error') else: flash(msg, 'info') else: msg = gettext("Ooops, we didn't find you in the system, \ did you sign up?") flash(msg, 'info') if request.method == 'POST' and not form.validate(): flash(gettext('Please correct the errors'), 'error') auth = {'twitter': False, 'facebook': False, 'google': False} if current_user.is_anonymous(): # If Twitter is enabled in config, show the Twitter Sign in button if ('twitter' in current_app.blueprints): # pragma: no cover auth['twitter'] = True if ('facebook' in current_app.blueprints): # pragma: no cover auth['facebook'] = True if ('google' in current_app.blueprints): # pragma: no cover auth['google'] = True return render_template('account/signin.html', title="Sign in", form=form, auth=auth, next=request.args.get('next')) else: # User already signed in, so redirect to home page return redirect(url_for("home.home"))
def test_webhook_handler_owner_non_pro(self): """Test WEBHOOK view works for non pro owner.""" # Admin self.register() self.signout() # User self.register(name="Iser") owner = user_repo.get_by(name="Iser") project = ProjectFactory.create(owner=owner) url = "/project/%s/webhook" % project.short_name res = self.app.get(url) assert res.status_code == 403, res.status_code
def signin(): """ Signin method for PYBOSSA users. Returns a Jinja2 template with the result of signing process. """ return abort(404) #identificador = request.args.get('i') #if identificador != "admin": # return redirect_content_type(url_for("home.home")) form = LoginForm(request.body) if request.method == 'POST' and form.validate(): password = form.password.data email = form.email.data user = user_repo.get_by(email_addr=email) if user and user.check_password(password): msg_1 = gettext(u"Bienvenido") + " " + user.fullname flash(msg_1, 'success') return _sign_in_user(user) elif user: msg, method = get_user_signup_method(user) if method == 'local': msg = gettext(u"Usuario y contraseña incorrecto.") flash(msg, 'error') else: flash(msg, 'error') else: msg = gettext("El usuario no existe en el sistema.") flash(msg, 'error') if request.method == 'POST' and not form.validate(): flash(gettext(u'Por favor corrige los errores'), 'error') auth = {'twitter': False, 'facebook': False, 'google': False} if current_user.is_anonymous(): # If Twitter is enabled in config, show the Twitter Sign in button if ('twitter' in current_app.blueprints): # pragma: no cover auth['twitter'] = True if ('facebook' in current_app.blueprints): # pragma: no cover auth['facebook'] = True if ('google' in current_app.blueprints): # pragma: no cover auth['google'] = True response = dict(template='account/signin.html', title="Sign in", form=form, auth=auth, next=request.args.get('next')) return handle_content_type(response) else: # User already signed in, so redirect to home page return redirect_content_type(url_for("home.home"))
def set_gravatar(name): """Set gravatar for a user.""" user = user_repo.get_by(name=name) if not user: abort(404) ensure_authorized_to('update', user) gravatar.set(user) flash(gettext('Your avatar has been updated! It may \ take some minutes to refresh...'), 'success') return redirect(url_for('account.update_profile', name=user.name))
def signin(): """ Signin method for PyBossa users. Returns a Jinja2 template with the result of signing process. """ form = LoginForm(request.form) if request.method == 'POST' and form.validate(): password = form.password.data email = form.email.data user = user_repo.get_by(email_addr=email) if user and user.check_password(password): login_user(user, remember=True) msg_1 = gettext("Welcome back") + " " + user.fullname flash(msg_1, 'success') if user.newsletter_prompted is False and newsletter.app: return redirect(url_for('account.newsletter_subscribe', next=request.args.get('next'))) return redirect(request.args.get("next") or url_for("home.home")) elif user: msg, method = get_user_signup_method(user) if method == 'local': msg = gettext("Ooops, Incorrect email/password") flash(msg, 'error') else: flash(msg, 'info') else: msg = gettext("Ooops, we didn't find you in the system, \ did you sign in?") flash(msg, 'info') if request.method == 'POST' and not form.validate(): flash(gettext('Please correct the errors'), 'error') auth = {'twitter': False, 'facebook': False, 'google': False} if current_user.is_anonymous(): # If Twitter is enabled in config, show the Twitter Sign in button if ('twitter' in current_app.blueprints): # pragma: no cover auth['twitter'] = True if ('facebook' in current_app.blueprints): # pragma: no cover auth['facebook'] = True if ('google' in current_app.blueprints): # pragma: no cover auth['google'] = True return render_template('account/signin.html', title="Sign in", form=form, auth=auth, next=request.args.get('next')) else: # User already signed in, so redirect to home page return redirect(url_for("home.home"))
def test_signin_existing(self, ldap_mock, create_mock): """Test signin logs in an LDAP existing PYBOSSA user.""" user = UserFactory.create(name='cn', email_addr='cn', ldap='cn') with patch.dict(self.flask_app.config, {'LDAP_HOST': '127.0.0.1'}): url = '/account/signin' payload = {'email': 'cn', 'password': '******'} ldap_mock.bind_user.return_value = True ldap_mock.get_object_details.return_value = self.ldap_user res = self.app.post(url, data=json.dumps(payload), content_type='application/json') user = user_repo.get_by(ldap='cn') data = json.loads(res.data) assert data['next'] == '/', data assert create_mock.called is False
def manage_user(access_token, user_data, next_url): """Manage the user after signin""" # We have to store the oauth_token in the session to get the USER fields user = user_repo.get_by(google_user_id=user_data['id']) # user never signed on if user is None: google_token = dict(oauth_token=access_token) info = dict(google_token=google_token) name = user_data['name'].encode('ascii', 'ignore').lower().replace(" ", "") user = user_repo.get_by_name(name) email = user_repo.get_by(email_addr=user_data['email']) if ((user is None) and (email is None)): user = User(fullname=user_data['name'], name=user_data['name'].encode( 'ascii', 'ignore').lower().replace(" ", ""), email_addr=user_data['email'], google_user_id=user_data['id'], info=info) user_repo.save(user) if newsletter.app: newsletter.subscribe_user(user) return user else: return None else: # Update the name to fit with new paradigm to avoid UTF8 problems if type(user.name) == unicode or ' ' in user.name: user.name = user.name.encode('ascii', 'ignore').lower().replace(" ", "") user_repo.update(user) return user
def grant_access_with_api_key(secure_app): from pybossa.core import user_repo import pybossa.model as model from flask import _request_ctx_stack apikey = None if not secure_app: apikey = request.args.get('api_key', None) if 'Authorization' in request.headers: apikey = request.headers.get('Authorization') if apikey: user = user_repo.get_by(api_key=apikey) if user and user.enabled: user.last_login = model.make_timestamp() user_repo.update(user) _request_ctx_stack.top.user = user
def oauth_authorized(resp): # pragma: no cover #print "OAUTH authorized method called" next_url = url_for('home.home') if resp is None or request.args.get('error'): flash(u'You denied the request to sign in.', 'error') flash(u'Reason: ' + request.args['error'], 'error') if request.args.get('error'): return redirect(url_for('account.signin')) return redirect(next_url) headers = {'Authorization': ' '.join(['OAuth', resp['access_token']])} url = 'https://www.googleapis.com/oauth2/v1/userinfo' try: r = requests.get(url, headers=headers) except requests.exceptions.http_error: # Unauthorized - bad token if r.status_code == 401: return redirect(url_for('account.signin')) return r.content access_token = resp['access_token'] session['oauth_token'] = access_token import json user_data = json.loads(r.content) user = manage_user(access_token, user_data, next_url) if user is None: # Give a hint for the user user = user_repo.get_by(email_addr=user_data['email']) if user is None: name = user_data['name'].encode('ascii', 'ignore').lower().replace(' ', '') user = user_repo.get_by_name(name) msg, method = get_user_signup_method(user) flash(msg, 'info') if method == 'local': return redirect(url_for('account.forgot_password')) else: return redirect(url_for('account.signin')) else: login_user(user, remember=True) flash("Welcome back %s" % user.fullname, 'success') return redirect(next_url)
def otpvalidation(token): email = otp.retrieve_email_for_token(token) if not email: flash(gettext('Please sign in.'), 'error') return redirect_content_type(url_for('account.signin')) form = OTPForm(request.body) user_otp = form.otp.data if type(email) == bytes: email = email.decode('utf-8') user = user_repo.get_by(email_addr=email) current_app.logger.info('validating otp for user email: {}'.format(email)) if request.method == 'POST' and form.validate(): otp_code = otp.retrieve_user_otp_secret(email) if type(otp_code) == bytes: otp_code = otp_code.decode('utf-8') if otp_code is not None: print(otp_code, user_otp) if otp_code == user_otp: msg = gettext('OTP verified. You are logged in to the system') flash(msg, 'success') otp.expire_token(token) return _sign_in_user(user) else: msg = gettext('Invalid one time password, a newly generated ' 'one time password was sent to your email.') flash(msg, 'error') else: msg = gettext('Expired one time password, a newly generated one ' 'time password was sent to your email.') flash(msg, 'error') current_app.logger.info(('Invalid OTP. retrieved: {}, submitted: {}, ' 'email: {}').format(otp_code, user_otp, email)) _email_two_factor_auth(user, True) form.otp.data = '' response = dict(template='/account/otpvalidation.html', title='Verify OTP', form=form, user=user.to_public_json(), next=request.args.get('next'), token=token) return handle_content_type(response)
def test_webhook_handler_owner_non_pro(self): """Test WEBHOOK view works for non pro owner.""" # Admin self.register() self.signin() self.signout() # User self.register(name="Iser") self.signin(email="*****@*****.**", password="******") owner = user_repo.get_by(name="Iser") project = ProjectFactory.create(owner=owner) url = "/project/%s/webhook" % project.short_name res = self.app.get(url) assert res.status_code == 403, res.status_code url = "/project/%s/webhook?all=true" % project.short_name res = self.app.get(url) assert res.status_code == 403, res.status_code url = "/project/%s/webhook?failed=true" % project.short_name res = self.app.get(url) assert res.status_code == 403, res.status_code
def handle_bloomberg_response(): sso_settings = current_app.config.get('BSSO_SETTINGS') auth = OneLogin_Saml2_Auth(prepare_onelogin_request(), sso_settings) auth.process_response() errors = auth.get_errors() if errors: error_reason = auth.get_last_error_reason() current_app.logger.error('BSSO auth error(s): %s %s', errors, error_reason) flash(gettext('There was a problem during the sign in process.'), 'error') return redirect(url_for('home.home')) if auth.is_authenticated(): attributes = auth.get_attributes() user = user_repo.get_by( email_addr=unicode(attributes['emailAddress'][0])) return _sign_in_user(user, next_url=request.form.get('RelayState')) else: current_app.logger.error('BSSO authentication failed') flash(gettext('Authentication failed.'), 'error') return redirect(url_for('home.home'))
def manage_user_login(user, user_data, next_url): """Manage user login.""" if user is None: # Give a hint for the user user = user_repo.get_by(email_addr=user_data["email"]) if user is None: name = username_from_full_name(user_data["name"]) user = user_repo.get_by_name(name) msg, method = get_user_signup_method(user) flash(msg, "info") if method == "local": return redirect(url_for("account.forgot_password")) else: return redirect(url_for("account.signin")) else: login_user(user, remember=True) flash("Welcome back %s" % user.fullname, "success") if user.newsletter_prompted is False and newsletter.is_initialized(): return redirect(url_for("account.newsletter_subscribe", next=next_url)) return redirect(next_url)
def oauth_authorized(resp): # pragma: no cover next_url = request.args.get('next') or url_for('home.home') if resp is None: flash(u'You denied the request to sign in.', 'error') flash(u'Reason: ' + request.args['error_reason'] + ' ' + request.args['error_description'], 'error') return redirect(next_url) # We have to store the oauth_token in the session to get the USER fields access_token = resp['access_token'] session['oauth_token'] = (resp['access_token'], '') user_data = facebook.oauth.get('/me').data user = manage_user(access_token, user_data, next_url) if user is None: # Give a hint for the user user = user_repo.get_by(email_addr=user_data['email']) if user is not None: msg, method = get_user_signup_method(user) flash(msg, 'info') if method == 'local': return redirect(url_for('account.forgot_password')) else: return redirect(url_for('account.signin')) else: return redirect(url_for('account.signin')) else: first_login = False login_user(user, remember=True) flash("Welcome back %s" % user.fullname, 'success') request_email = False if (user.email_addr == "None"): request_email = True if request_email: if first_login: flash("This is your first login, please add a valid e-mail") else: flash("Please update your e-mail address in your profile page") return redirect(url_for('account.update_profile', name=user.name)) return redirect(next_url)
def manage_user_login(user, user_data, next_url): """Manage user login.""" if user is None: # Give a hint for the user user = user_repo.get_by(email_addr=user_data['email']) if user is None: name = user_data['name'].encode('ascii', 'ignore').lower().replace(' ', '') user = user_repo.get_by_name(name) msg, method = get_user_signup_method(user) flash(msg, 'info') if method == 'local': return redirect(url_for('account.forgot_password')) else: return redirect(url_for('account.signin')) else: login_user(user, remember=True) flash("Welcome back %s" % user.fullname, 'success') if user.newsletter_prompted is False and newsletter.app: return redirect(url_for('account.newsletter_subscribe', next=next_url)) return redirect(next_url)
def manage_user_login(user, user_data, next_url): """Manage user login.""" if user is None: # Give a hint for the user user = user_repo.get_by(email_addr=user_data['email']) if user is None: name = username_from_full_name(user_data['name']) user = user_repo.get_by_name(name) msg, method = get_user_signup_method(user) flash(msg, 'info') if method == 'local': return redirect(url_for('account.forgot_password')) else: return redirect(url_for('account.signin')) else: login_user(user, remember=True) flash("Welcome back %s" % user.fullname, 'success') if user.newsletter_prompted is False and newsletter.is_initialized(): return redirect( url_for('account.newsletter_subscribe', next=next_url)) return redirect(next_url)
def get(self, oid): """Get all completed tasks. Need admin access""" try: ensure_authorized_to('read', self.__class__) # check admin access if 'api_key' in request.args.keys(): apikey = request.args['api_key'] user = user_repo.get_by(api_key=apikey) if not user or user.admin is False: raise BadRequest("Insufficient privilege to the request") else: raise BadRequest("Insufficient privilege to the request") # set filter from args # add 'state'='completed' if missing filters = {} filters['state'] = 'completed' for k in request.args.keys(): if k not in ['limit', 'offset', 'api_key']: # 'exported' column belongs to Task class # ignore it for attr check in TaskRun class # but add it to filter so that its checked # against Task class in filter_completed_task_runs_by if k not in ['exported']: # Raise an error if the k arg is not a column getattr(self.__class__, k) filters[k] = request.args[k] # set limit, offset limit, offset = self._set_limit_and_offset() # query database to obtain the requested data query = task_repo.filter_tasks_by(limit=limit, offset=offset, **filters) json_response = self._create_json_response(query, oid) return Response(json_response, mimetype='application/json') except Exception as e: return error.format_exception( e, target=self.__class__.__name__.lower(), action='GET')
def manage_user(access_token, user_data): """Manage the user after signin""" # Weibo API does not provide a way # to get the e-mail so we will ask for it # only the first time weibo_token=dict(oauth_token=access_token) info = dict(weibo_token=access_token, avatar_url=user_data['profile_image_url']) # alreay exist user = user_repo.get_by(weibo_user_id=user_data['id']) if user is not None: user.info['weibo_token'] = info user_repo.save(user) return user user = User(fullname=user_data['screen_name'], name=user_data['screen_name'], email_addr=user_data['screen_name'], weibo_user_id=user_data['id'], info=info) user_repo.save(user) return user
def otpvalidation(token): email = otp.retrieve_email_for_token(token) if not email: flash(gettext('Please sign in.'), 'error') return redirect_content_type(url_for('account.signin')) form = OTPForm(request.body) user_otp = form.otp.data user = user_repo.get_by(email_addr=email) current_app.logger.info('validating otp for user email: {}'.format(email)) if request.method == 'POST' and form.validate(): otp_code = otp.retrieve_user_otp_secret(email) if otp_code is not None: if otp_code == user_otp: msg = gettext('OTP verified. You are logged in to the system') flash(msg, 'success') otp.expire_token(token) return _sign_in_user(user) else: msg = gettext('Invalid one time password, a newly generated ' 'one time password was sent to your email.') flash(msg, 'error') else: msg = gettext('Expired one time password, a newly generated one ' 'time password was sent to your email.') flash(msg, 'error') current_app.logger.info(('Invalid OTP. retrieved: {}, submitted: {}, ' 'email: {}').format(otp_code, user_otp, email)) _email_two_factor_auth(user, True) form.otp.data = '' response = dict(template='/account/otpvalidation.html', title='Verify OTP', form=form, user=user.to_public_json(), next=request.args.get('next'), token=token) return handle_content_type(response)
def forgot_password(): """ Request a forgotten password for a user. Returns a Jinja2 template. """ form = ForgotPasswordForm(request.body) if form.validate_on_submit(): user = user_repo.get_by(email_addr=form.email_addr.data) if user and user.email_addr: msg = dict(subject=u'Recuperación de Cuenta', recipients=[user.email_addr]) if user.twitter_user_id: msg['body'] = render_template( '/account/email/forgot_password_openid.md', user=user, account_name='Twitter') msg['html'] = render_template( '/account/email/forgot_password_openid.html', user=user, account_name='Twitter') elif user.facebook_user_id: msg['body'] = render_template( '/account/email/forgot_password_openid.md', user=user, account_name='Facebook') msg['html'] = render_template( '/account/email/forgot_password_openid.html', user=user, account_name='Facebook') elif user.google_user_id: msg['body'] = render_template( '/account/email/forgot_password_openid.md', user=user, account_name='Google') msg['html'] = render_template( '/account/email/forgot_password_openid.html', user=user, account_name='Google') else: userdict = {'user': user.name, 'password': user.passwd_hash} key = signer.dumps(userdict, salt='password-reset') recovery_url = url_for('.reset_password', key=key, _external=True) msg['body'] = render_template( '/account/email/forgot_password.md', user=user, recovery_url=recovery_url) msg['html'] = render_template( '/account/email/forgot_password.html', user=user, recovery_url=recovery_url) mail_queue.enqueue(send_mail, msg) flash( gettext( u"Te enviamos un correo electrónico con las instrucciones de recuperación!" ), 'success') else: flash( gettext( u"No tenemos este correo electrónico en nuestros registros. Es posible que se haya registrado con un correo electrónico diferente o haya utilizado Twitter, Facebook o Google para iniciar sesión." ), 'error') if request.method == 'POST' and not form.validate(): flash( gettext('Something went wrong, please correct the errors on the ' 'form'), 'error') data = dict(template='/account/password_forgot.html', form=form) return handle_content_type(data)
def signin(): """ Signin method for PYBOSSA users. Returns a Jinja2 template with the result of signing process. """ form = LoginForm(request.body) isLdap = current_app.config.get('LDAP_HOST', False) if (request.method == 'POST' and form.validate() and isLdap is False): password = form.password.data email = form.email.data user = user_repo.get_by(email_addr=email) if user and user.check_password(password): if not current_app.config.get('ENABLE_TWO_FACTOR_AUTH'): msg_1 = gettext("Welcome back") + " " + user.fullname flash(msg_1, 'success') return _sign_in_user(user) else: _email_two_factor_auth(user) url_token = otp.generate_url_token(user.email_addr) return redirect_content_type(url_for('account.otpvalidation', token=url_token, next=request.args.get('next'))) elif user: msg, method = get_user_signup_method(user) if method == 'local': msg = gettext("Ooops, Incorrect email/password") flash(msg, 'error') else: flash(msg, 'info') else: msg = gettext("Ooops, we didn't find you in the system, \ did you sign up?") flash(msg, 'info') if (request.method == 'POST' and form.validate() and isLdap): password = form.password.data cn = form.email.data ldap_user = None if ldap.bind_user(cn, password): ldap_user = ldap.get_object_details(cn) key = current_app.config.get('LDAP_USER_FILTER_FIELD') value = ldap_user[key][0] user_db = user_repo.get_by(ldap=value) if (user_db is None): keyfields = current_app.config.get('LDAP_PYBOSSA_FIELDS') user_data = dict(fullname=ldap_user[keyfields['fullname']][0], name=ldap_user[keyfields['name']][0], email_addr=ldap_user[keyfields['email_addr']][0], valid_email=True, ldap=value, consent=False) _create_account(user_data, ldap_disabled=False) else: login_user(user_db, remember=True) else: msg = gettext("User LDAP credentials are wrong.") flash(msg, 'info') if request.method == 'POST' and not form.validate(): flash(gettext('Please correct the errors'), 'error') auth = {'twitter': False, 'facebook': False, 'google': False, 'wechat': False, 'weibo' : False} if current_user.is_anonymous(): # If Twitter is enabled in config, show the Twitter Sign in button if (isLdap is False): for isp in OAuthProviders: if (isp in current_app.blueprints): # pragma: no cover auth[isp] = True response = dict(template='account/signin.html', title="Sign in", form=form, auth=auth, next=request.args.get('next')) return handle_content_type(response) else: # User already signed in, so redirect to home page return redirect_content_type(url_for("home.home"))
def signin(): """ Signin method for PYBOSSA users. Returns a Jinja2 template with the result of signing process. """ form = LoginForm(request.body) isLdap = current_app.config.get('LDAP_HOST', False) if (request.method == 'POST' and form.validate() and isLdap is False): password = form.password.data email_addr = form.email.data.lower() user = user_repo.search_by_email(email_addr=email_addr) if user and not user.enabled: brand = current_app.config['BRAND'] flash( gettext('Your account is disabled. ' 'Please contact your {} administrator.'.format(brand)), 'error') return redirect(url_for('home.home')) if user and user.check_password(password): if not current_app.config.get('ENABLE_TWO_FACTOR_AUTH'): msg_1 = gettext('Welcome back') + ' ' + user.fullname flash(msg_1, 'success') return _sign_in_user(user) else: _email_two_factor_auth(user) url_token = otp.generate_url_token(user.email_addr) next_url = is_own_url_or_else(request.args.get('next'), url_for('home.home')) return redirect_content_type( url_for('account.otpvalidation', token=url_token, next=next_url)) elif user: msg, method = get_user_signup_method(user) if method == 'local': msg = gettext('Ooops, Incorrect email/password') flash(msg, 'error') else: flash(msg, 'info') else: msg = gettext("Ooops, we didn't find you in the system, \ did you sign up?") flash(msg, 'info') if (request.method == 'POST' and form.validate() and isLdap): password = form.password.data cn = form.email.data ldap_user = None if ldap.bind_user(cn, password): ldap_user = ldap.get_object_details(cn) key = current_app.config.get('LDAP_USER_FILTER_FIELD') value = ldap_user[key][0] user_db = user_repo.get_by(ldap=value) if (user_db is None): keyfields = current_app.config.get('LDAP_PYBOSSA_FIELDS') user_data = dict( fullname=ldap_user[keyfields['fullname']][0], name=ldap_user[keyfields['name']][0], email_addr=ldap_user[keyfields['email_addr']][0], valid_email=True, ldap=value, consent=True) create_account(user_data, ldap_disabled=False) else: login_user(user_db, remember=True) else: msg = gettext("User LDAP credentials are wrong.") flash(msg, 'info') if request.method == 'POST' and not form.validate(): flash(gettext('Please correct the errors'), 'error') auth = {'twitter': False, 'facebook': False, 'google': False} if current_user.is_anonymous(): # If Twitter is enabled in config, show the Twitter Sign in button if (isLdap is False): if ('twitter' in current_app.blueprints): # pragma: no cover auth['twitter'] = True if ('facebook' in current_app.blueprints): # pragma: no cover auth['facebook'] = True if ('google' in current_app.blueprints): # pragma: no cover auth['google'] = True next_url = is_own_url_or_else(request.args.get('next'), url_for('home.home')) response = dict(template='account/signin.html', title="Sign in", form=form, auth=auth, next=next_url) return handle_content_type(response) else: # User already signed in, so redirect to home page return redirect_content_type(url_for("home.home"))