Пример #1
0
    def create_password_reset_token(self, email):
        """Sets password reset token for user.

        :param email: Email to be used.
        :return: [User, password reset token, token expiration in seconds]. ``None`` if user is disabled or is not email login based.
        """
        user = self.get_by_email(email)
        assert user, "Got password reset request for non-existing email".format(
            email)

        if not self.can_login(user):
            return None

        activation_token_expiry_seconds = int(
            self.registry.settings.get(
                "tm.registry.activation_token_expiry_seconds", 24 * 3600))

        activation = self.Activation()
        activation.expires_at = now() + timedelta(
            seconds=activation_token_expiry_seconds)
        self.dbsession.add(activation)
        self.dbsession.flush()
        user.activation = activation

        assert user.activation.code, "Could not generate the password reset code"

        return user, activation.code, activation_token_expiry_seconds
Пример #2
0
def user_auth_details_changes(event: UserAuthSensitiveOperation):
    """Default logic how to invalidate sessions on user auth detail changes.

    If you are using different session management model you can install a custom handle.

    :param event: Incoming event instance
    """
    user = event.user
    # Update the timestamp which session validation checks on every request
    user.last_auth_sensitive_operation_at = now()
Пример #3
0
    def activate_user(request, dbsession: Session, user: User):
        """Checks to perform when the user becomes a valid user for the first time.

        If this user has already started sign up process through email we need to cancel that.
        """
        user.activated_at = now()

        # Cancel any pending email activations if the user chooses the option to use social media login
        if user.activation:
            dbsession.delete(user.activation)
Пример #4
0
    def reset_password(self, user, password):
        """Reset user password and clear all pending activation issues.

        :param user: User object,
        :param password: New password.
        """
        self.set_password(user, password)

        if not user.activated_at:
            user.activated_at = now()
        self.dbsession.delete(user.activation)
Пример #5
0
    def update_login_data(self, user: User):
        """Update last_login_at and last_login_ip on User object.

        If this is the User first login, trigger FirstLogin event.

        :param user: User object.
        """
        request = self.request
        if not user.last_login_at:
            e = events.FirstLogin(request, user)
            request.registry.notify(e)

        # Update user security details
        user.last_login_at = now()
        user.last_login_ip = request.client_addr
Пример #6
0
    def create_blank_user(self, user_model: t.Callable[..., User],
                          dbsession: Session, email: str) -> User:
        """Create a new blank user instance as we could not find matching user with the existing details.

        :param user_model: Class to be used for user creation.
        :param dbsession: SQLAlchemy Session object.
        :param email: User email.
        :return: Newly created user.
        """
        user = user_model(email=email)
        dbsession.add(user)
        dbsession.flush()
        user.username = user.generate_username()
        user.registration_source = self.provider_id
        user.activated_at = now()
        return user
Пример #7
0
    def create_email_activation_token(self, user):
        """Create activation token for the user to be used in the email

        :param user: User object.
        :return: Tuple (email activation code, expiration in seconds)
        """
        activation = self.Activation()
        activation_token_expiry_seconds = int(
            self.registry.settings.get(
                "tm.registry.activation_token_expiry_seconds", 24 * 3600))
        activation.expires_at = now() + timedelta(
            seconds=activation_token_expiry_seconds)

        self.dbsession.add(activation)
        self.dbsession.flush()
        user.activation = activation
        return activation.code, activation_token_expiry_seconds
Пример #8
0
def create(dbsession,
           username: str,
           email: str,
           password: t.Optional[str] = None,
           source: str = 'initialize_db_script',
           admin: bool = False) -> User:
    """Create a new site user from command line.

    :param dbsession:
    :param username: Username, usually an email.
    :param email: User's email.
    :param password: Password.
    :param source: Source of this user, in here, initialize_db_script.
    :param admin: Set this user to admin. The first user is always implicitly admin.
    :return: Newly created user.
    """
    u = dbsession.query(User).filter_by(email=email).first()
    if u is not None:
        return u

    u = User(email=email, username=username)
    dbsession.add(u)
    dbsession.flush()  # Make sure u.user_data is set

    if password:
        # from tm.system.user.userregistry import UserRegistry
        # user_registry = UserRegistry()
        # user_registry.set_password(u, password)
        from tm.system.user.password import Argon2Hasher
        hasher = Argon2Hasher()
        hashed = hasher.hash_password(password)
        u.hashed_password = hashed

    u.registration_source = source
    u.activated_at = now()

    # request.registry.notify(UserCreated(request, u))
    if admin:
        group = dbsession.query(Group).filter_by(name='admin').one_or_none()
        group.users.append(u)

    return u
Пример #9
0
    def activate_user_by_email_token(self, token):
        """Get user by a password token issued earlier.

        Consume any activation token.

        :param token: Password token to be used to return the user.
        :return: User instance of none if token is not found.
        """
        activation = self.dbsession.query(
            self.Activation).filter(self.Activation.code == token).first()

        if activation:
            if activation.is_expired():
                return None

            user = self.get_by_activation(activation)
            user.activated_at = now()
            self.dbsession.delete(activation)
            return user

        return None
Пример #10
0
    def create_authorization_code(self, user: User, login_source: str = None):
        """Sets authorization code for user.

        :param user: User
        :return: [User, authorization_code, authorization_code_expiry_seconds]. ``None`` if user is not allowed to login
        """

        if not user.can_login():
            return None

        authorization_code_expiry_seconds = int(
            self.registry.settings.get(
                "tm.oauth.authorization_code_expiry_seconds", 30))

        auth_code = self.AuthorizationCode()
        auth_code.expires_at = now() + timedelta(
            seconds=authorization_code_expiry_seconds)
        self.dbsession.add(auth_code)
        self.dbsession.flush()
        user.authorization_code = auth_code

        assert user.authorization_code.code, "Could not generate the authorization code"

        return user, auth_code.code, authorization_code_expiry_seconds