def get(self, client_id: MemberId = None, inner_resource: str = None): if context.identity.is_in_roles('client'): if client_id == 'me': client = Client.current() if inner_resource == 'evidences': return client.evidence return client elif context.identity.is_in_roles('admin'): query = Client.query if client_id is not None: client = query.filter(Client.id == client_id).one_or_none() if client is None: raise HttpNotFound() if inner_resource == 'evidences': return client.evidence return client return query raise HttpNotFound()
def submit(self): evidence = Client.current().evidence if evidence.mobile_phone is None or evidence.fixed_phone is None: raise HttpForbidden('Please verify your mobile and fixed phone first.') evidence.update_from_request() id_card = context.form.get('idCard') id_card_secondary = context.form.get('idCardSecondary') try: evidence.id_card = id_card evidence.id_card_secondary = id_card_secondary except AspectRatioValidationError as ex: raise HttpBadRequest(str(ex), reason='invalid-aspectratio') except DimensionValidationError as ex: raise HttpBadRequest(str(ex), reason='invalid-dimensions') except (AnalyzeError, ContentTypeValidationError) as ex: raise HttpBadRequest(str(ex), reason='invalid-type') return evidence
def provision(self): client = Client.current() if client.has_second_factor is False: raise HttpBadRequest('Client haven\'t enabled 2-factor authentication') # TODO: Use another salt too (password or ...) oath = Oath(seed=settings.membership.second_factor_seed, derivate_seed_from=client.email) with io.BytesIO() as virtual_file: qrcode.make(oath.get_google_auth_uri(client.email)).save(stream=virtual_file) return base64.b64encode(virtual_file.getvalue()).decode()
def change(self): current_password = context.form.get('currentPassword') new_password = context.form.get('newPassword') client = Client.current() client.change_password(current_password=current_password, new_password=new_password) context.application.__authenticator__.invalidate_member(context.identity.id) return client
def __verify_fixed_phone_verification(self): client = Client.current() if client.evidence.fixed_phone is not None: raise HttpConflict('Already verified.', 'already-verified') phone = context.form.get('phone') code = context.form.get('code') oath = Oath(seed=settings.fixed_phone_verification.seed, derivate_seed_from=client.email) if oath.verify(challenge=phone[1:], code=code)[0] is True: client.evidence.fixed_phone = phone context.application.__authenticator__.invalidate_member(client.id) return client raise HttpBadRequest()
def __schedule_email_verification(self): client = Client.current() if client.is_email_verified is True or client.is_evidence_verified is True: raise HttpConflict('Already verified.', 'already-verified') principal = VerificationEmailPrincipal({'id': client.id}) # noinspection PyArgumentList task = VerificationEmail( to=client.email, subject='Email verification', body={'token': principal.dump().decode()}, ) DBSession.add(task) return
def __verify_email_verification(self): token = context.form.get('token') try: principal = VerificationEmailPrincipal.load(token) except itsdangerous.SignatureExpired: raise HttpBadRequest() except itsdangerous.BadData: raise HttpBadRequest() if principal.id != context.identity.id: raise HttpBadRequest() client = Client.current() client.is_email_verified = True context.application.__authenticator__.invalidate_member(client.id) return client
def __schedule_fixed_phone_verification(self): client = Client.current() if client.evidence.fixed_phone is not None: raise HttpConflict('Already verified.', 'already-verified') phone = context.form.get('phone') # TODO: The following error can cause security issues! if ClientEvidence.query.filter(ClientEvidence.fixed_phone == phone).count() > 0: raise HttpConflict('Already used.', 'already-used') oath = Oath(seed=settings.fixed_phone_verification.seed, derivate_seed_from=client.email) code = oath.generate(challenge=phone[1:]) sms = VerificationSms() sms.to = phone sms.body = {'code': code, 'template': settings.fixed_phone_verification.template} DBSession.add(sms)
def disable(self): Client.current().has_second_factor = False return {'message': 'done'}
def enable(self): Client.current().has_second_factor = True return {'message': 'done'}