def authenticate(cls, username, password, session=None): from sqlalchemy import func try: if int(username) == -1: acc = cls() acc._fill_trygame() return acc except: pass user = cls.find(username) if not user: return False if not cls.validate_by_password(user, password): return False # sync dz_member = user.dz_member user.id = dz_member.uid user.username = dz_member.username user.password = password_hash(password) user.email = dz_member.email user.title = dz_member.member_field.customstatus user.status = dz_member.status acc = cls() acc._fill_account(user) user.lastactivity = func.unix_timestamp() dz_member.member_status.lastactivity = func.unix_timestamp() return acc
def validate_password(self, field): if not field.data: return input_password = utils.password_hash( field.data, self.current_user.email) if input_password != self.current_user.password: raise ValidationError(u'原密码输错了。')
def register(request): signup_html_page = loader.get_template('../ui/newuser.html') context = {} if request.method == 'POST': email = request.POST["email"] confirmation = request.POST["confirmation"] password = request.POST["password"] cpassword = request.POST["cpassword"] print(confirmation) user = Teacher() user.email = email if not email: context["error_msg"] = "Invalid email." elif not password or len(str(password).strip(' ')) <= 7: context["error_msg"] = "Password must be 8 character long." elif not cpassword or cpassword != password: context["error_msg"] = "Password don't match." else: try: use_repo = UserRepo() if use_repo.register(email, confirmation, password_hash(password)): request.session["login_user"] = user context["success_msg"] = "Your account is verified" return redirect("/") else: context["error_msg"] = "Confirmation code didnt matched" except Exception: traceback.print_exc() context["error_msg"] = "Something went wrong" return HttpResponse(signup_html_page.render(context, request))
def signup(self, teacher): user = user_register.user password = user_register.password user.sender = generate_uuid() user.created_at = timestamp() try: use_repo = UserRepo() if use_repo.save(user, password_hash(password)): return user except Exception: traceback.print_exc() return None
def registration_form(): form = UserRegisteration() if form.validate_on_submit(): user = collection.User.find_one({'email':form.email.data}) if not user: user = collection.User() user['email'] = str(form.email.data) user['password']= password_hash(form.password.data) user['phonenumber']= form.phonenumber.data user['subscribed'] = form.subscription.data user.save() flash('You can sign In now') return redirect(url_for('login')) flash('Our Record show you are already registered please use forgot password option') return render_template('login_form.html', form=form)
def authentication(): if request.method == 'GET': return render_template('authentication.html') if 'logout' in request.form: session.pop('username', None) return redirect(url_for('authentication')) form = LoginForm(request.form) if form.validate(): username = form.username.data password = password_hash(form.password.data) user = db.session.query(Users).filter_by(username=username).first() if user and username == user.username and password == user.password: session['username'] = username else: flash(u'Указанной вами связки логина и пароля не существует, возможно вы ввели неправильный \ логин или пароль, мы могли бы сказать конкретнее, но вдруг вы пытаетесь подобрать логин для брута...') return redirect(url_for('authentication'))
def change_password_submit(self): user = self.model.get_user_info_from_session() if not user: return abort(403) # only postpaid users allowed if user['domain'] not in ('postpaid.wifi.pldt.com.ph'): return abort(403) # CHANGE SECURITY QUESTION/ANSWER if 'sq' in request.args: print 'form', request.form if 'sq_question' not in request.form or 'sq_answer' not in request.form: return abort(403) update_sq = request.kenan.UpdateUserSecurityQuestion(user['user_id'], request.form['sq_question'], request.form['sq_answer']) if type(update_sq) != type(u''): self.log.error('Security question update failed. Connection timed out.') flash(self.model.spiel('system_timeout', code='f1abd'), 'error') return redirect('/pldt/change_password?sq') update_sq = int(update_sq) if update_sq == 0: self.log.info('Security question update successful!') flash('security question update success spiel (changeme)') return redirect('/pldt/status') else: self.log.error('Security question update failed. Error code %s returned.', update_sq) flash(self.model.spiel('system_timeout', code='1574b'), 'error') return redirect('/pldt/change_password?sq') # CHANGE PASSWORD else: old_password = str(request.form['old_password']) new_password = str(request.form['new_password']) confirm_password = str(request.form['confirm_password']) old_password_md5 = utils.password_hash(old_password) # Check Current Password self.log.debug('Sending GetUser %s:%s', user['aaa_user_id'], old_password) getuser = request.sdb.getUser(user['aaa_user_id'], user['domain']) if getuser == False: self.log.error('SDB.getUser returned False') flash(self.model.spiel('system_timeout', code='4d134'), 'error') return redirect(url_for('chpasswd_form')) if 'error' in getuser['target']: self.log.error('SDB.getUser returned invalid contents') flash(self.model.spiel('system_timeout', code='f6e11'), 'error') return redirect(url_for('chpasswd_form')) try: aaa_user_status = getuser['target']['result']['user']['status']['value'] aaa_user_password = getuser['target']['result']['user']['password']['value'] except Exception as ex: self.log.error('ChangePassword error: %s@%s Getuser parsing: %s, %s', user['aaa_user_id'], user['domain'], getuser, ex) flash(self.model.spiel('system_timeout', code='88730'), 'error') return redirect(url_for('chpasswd_form')) # Check Old Password if aaa_user_password != old_password_md5: self.log.info('Change Password: Incorrect current password') flash(self.model.spiel('incorrect_old_password'), 'error') return redirect(url_for('chpasswd_form')) # if not self.model.validate_password(new_password): # self.log.info('Change Password: Invalid new password') # flash(self.model.spiel('invalid_password'), 'error') # return redirect(url_for('chpasswd_form')) if new_password != confirm_password: self.log.info('Change Password: Password confirmation does not match') flash(self.model.spiel('password_match_error'), 'error') return redirect(url_for('chpasswd_form')) if old_password == new_password: self.log.info('Change Password: Invalid new password (same as the old one)') flash(self.model.spiel('change_password_same_old'), 'error') return redirect(url_for('chpasswd_form')) submitted_password = utils.password_hash(new_password) # Send updateUser API call to BWS SDB change_password = request.sdb.changePassword(user['aaa_user_id'], submitted_password) try: if 'target' in change_password and 'error' in change_password['target']: self.log.info('UpdateUser Error: %s %s', change_password['target']['error']['code'], change_password['target']['error']['message']) change_password = False except Exception, err: if change_password == False: self.log.info('UpdateUser connection timed out.') else: self.log.info('UpdateUser Exception: %s', err) change_password = False if change_password == False: flash(self.model.spiel('system_timeout', code='fa35e'), 'error') return redirect(url_for('chpasswd_form') + '?phase=3') flash('successful change password spiel', 'info') # new_password_md5 = utils.password_hash(new_password) # change_pw = request.sdb.changePassword(user['aaa_user_id'], new_password_md5) # print 'change_pw', change_pw return redirect(url_for('status_page'))
def lost_password_submit(self): formtype = 'lost_password' phase = int(request.form['phase']) if 'phase' in request.form else 1 self.log.info('Lost password submit phase %s', phase) print session if len(session) == 0: self.log.debug('Session is empty. Ejecting.') return redirect(url_for('login_form')) # Phase 1: Email Address Entry if phase == 1: if 'confirmation_activation_ok' in session: del(session['confirmation_activation_ok']) # Valid Email check email_address = str(request.form['user_id']) if 'user_id' in request.form else '' if email_address == '': self.log.info('Invalid User Id (email) %s', email_address) session.destroy() flash(self.model.spiel('invalid_email_address'), 'error') return redirect(url_for('lost_password_form')) if not self.model.check_email_address(email_address): self.log.info('Invalid User Id (email) %s', email_address) session.destroy() flash(self.model.spiel('invalid_email_address'), 'error') return redirect(url_for('lost_password_form')) getuser = request.sdb.getUser(email_address.replace('@', ':'), self.config['postpaid_domain']) if getuser == False: self.log.error('SDB.getUser returned False') flash(self.model.spiel('system_timeout', code='7b520'), 'error') return redirect(url_for('login_form')) # User does not exist if 'error' in getuser['target']: self.log.info('Lost Password: account %s does not exist.', email_address) session.destroy() flash(self.model.spiel('invalid_account'), 'error') return redirect(url_for('lost_password_form')) # User Exists else: session['confirmation_email_address'] = email_address if request.entrypoint_redirected: return redirect(network_path_url_for('%s_form' % (formtype)) + '?phase=2') else: return redirect(url_for('lost_password_form') + '?phase=2') # Phase 2: Security Answer Entry elif phase == 2 and 'security_qa' in session: submitted_security_answer = request.form['security_answer'] if 'security_answer' in request.form else '' self.log.debug('Compare [%s]=[%s]', submitted_security_answer, session['security_qa']['answer']) if submitted_security_answer.lower() == session['security_qa']['answer'].lower(): self.log.debug('Answer to the security question correct.') session['confirmation_answer_ok'] = True return redirect(url_for('lost_password_form') + '?phase=3') else: self.log.debug('Answer to the security question incorrect.') flash(self.model.spiel('incorrect_security_answer'), 'error') return redirect(url_for('lost_password_form') + '?phase=2') # Phase 3: Password entry elif phase == 3 and 'confirmation_answer_ok' in session: if 'password1' not in request.form or 'password2' not in request.form: self.log.debug('Password1 and Password2 is not present on the submitted data.') return redirect(url_for('lost_password_form') + '?phase=3') if request.form['password1'] != request.form['password2']: self.log.debug('Password confirmation does not match.') flash(self.model.spiel('password_match_error'), 'error') return redirect(url_for('lost_password_form') + '?phase=3') submitted_password = request.form['password1'] # No password validation yet #if not self.model.validate_password(submitted_password): # self.log.debug('Invalid Password') # flash(self.model.spiel('invalid_password'), 'error') # return redirect(url_for('lost_password_form') + '?phase=3') if 'captcha' in request.form and 'pw_captcha' in session: self.log.info('CAPTCHA entered: %s expected: %s', request.form['captcha'], session['pw_captcha']._generate_words()) if session['pw_captcha'].verify(request.form['captcha']): self.log.info('CAPTCH MATCH') del(session['pw_captcha']) else: self.log.debug('Password confirmation does not match.') flash(self.model.spiel('incorrect_captcha'), 'error') return redirect(url_for('lost_password_form') + '?phase=3') # Hash the password submitted_password = utils.password_hash(submitted_password) # Send updateUser API call to BWS SDB change_password = request.sdb.changePassword(session['confirmation_email_address'].replace('@', ':'), submitted_password) try: if 'target' in change_password and 'error' in change_password['target']: self.log.info('UpdateUser Error: %s %s', change_password['target']['error']['code'], change_password['target']['error']['message']) change_password = False except Exception, err: if change_password == False: self.log.info('UpdateUser connection timed out.') else: self.log.info('UpdateUser Exception: %s', err) change_password = False if change_password == False: flash(self.model.spiel('system_timeout', code='fa35e'), 'error') return redirect(url_for('lost_password_form') + '?phase=3') # Send an email API to PLDT # are we going to show a spiel if this fails? send_email = request.kenan.ResetPassword(session['confirmation_email_address']) if send_email == False: pass else: send_email = int(send_email) if send_email <= -1: #error pass elif send_email >= 1: #error pass #ok print send_email, type(send_email) session.wipe(exception_keys=['_flashes']) flash('successful change password spiel', 'info') return redirect('/')
else: self.log.info('Failed Adding SR %s to %s', package, subscriber_id) session.destroy() flash(self.model.spiel('system_timeout', code='c1dfd'), 'error') return redirect(url_for('login_form')) self.model.vms_db.batch_users.update({'_id': ObjectId(user['_id'])}, {'$set': {'status': 3, 'remarks': 'None', 'stage': 3}}) self.model.vms_tag_activated(username) password = user['hash_password'] # # Post Paid else: # MD5 Hash the password (NOT SECURE) password = utils.password_hash(password) # Check username & password self.log.info('Sending GetUser %s:%s', username, password) getuser = request.sdb.getUser(username, domain) if getuser == False: self.log.error('Login.end system_error [%s]: SDB.getUser returned False', subscriber_id) flash(self.model.spiel('system_timeout', code='356a1'), 'error') return redirect(url_for('login_form')) if 'error' in getuser['target']: if getuser['target']['error']['code'] == 'USR-00001': self.log.info('Login.end user_error [%s]: User does not exist', subscriber_id) flash(self.model.spiel('invalid_account'), 'error') else:
def change_password_submit(self): subscriber_id = session['Subscriber-Id'] username = subscriber_id.split('@')[0] domain = subscriber_id.split('@')[1] old_password = str(request.form['old_password']) new_password = str(request.form['new_password']) confirm_password = str(request.form['confirm_password']) #print username, old_password, new_password, confirm_password redirect_to = url_for('status_page') if '_np' in request.form: redirect_to = url_for('chpasswd_form') if domain != self.config['domain']: return redirect(url_for('status_page')) if self.model.sps_requests.find_one({'msisdn': username, 'sms_sent': False, 'type': 'CHPWD'}, sort=([('request_datetime', pymongo.DESCENDING)])) != None: flash(self.model.spiel('change_password_pending_request')) return redirect(url_for('status_page')) last_password_change = self.model.sps_requests.find_one({'msisdn': username, 'sms_sent': True, 'type': 'CHPWD', 'subtype': 'CHANGE'}, sort=([('request_datetime', pymongo.DESCENDING)])) if last_password_change != None: if 'request_datetime' in last_password_change: td = datetime.datetime.now() - last_password_change['request_datetime'] last_password_change_delta = utils.delta_totalseconds(td) #(td.microseconds + (td.seconds + td.days * 24 * 3600) * 10**6) / 10**6 #2.6/2.7 safe allowed_interval_seconds = 259200 # default is 3 days try: allowed_interval_seconds = int(self.config['passwords']['allowed_change_interval_seconds']) except: pass self.log.debug('ChangePassword for sub %s, allowed interval is %s, delta is %s', subscriber_id, allowed_interval_seconds, last_password_change_delta) if allowed_interval_seconds > last_password_change_delta: flash(self.model.spiel('change_password_interval_denied'), 'error') return redirect(url_for('status_page')) old_password_md5 = utils.password_hash(old_password) # Check Current Password self.log.debug('Sending GetUser %s:%s', username, old_password) getuser = request.sdb.getUser(username, domain) if getuser == False: self.log.error('SDB.getUser returned False') flash(self.model.spiel('system_timeout', code='4d134'), 'error') return redirect(redirect_to) if 'error' in getuser['target']: self.log.error('SDB.getUser returned invalid contents') flash(self.model.spiel('system_timeout', code='f6e11'), 'error') return redirect(redirect_to) try: aaa_user_status = getuser['target']['result']['user']['status']['value'] aaa_user_password = getuser['target']['result']['user']['password']['value'] except Exception as ex: self.log.error('ChangePassword error: %s@%s Getuser parsing: %s', username, domain, getuser) flash(self.model.spiel('system_timeout', code='88730'), 'error') return redirect(redirect_to) # Check Old Password if aaa_user_password != old_password_md5: self.log.info('Change Password: Incorrect current password') flash(self.model.spiel('incorrect_old_password'), 'error') return redirect(redirect_to) if not self.model.validate_password(new_password): self.log.info('Change Password: Invalid new password') flash(self.model.spiel('invalid_password'), 'error') return redirect(redirect_to) if new_password != confirm_password: self.log.info('Change Password: Password confirmation does not match') flash(self.model.spiel('password_match_error'), 'error') return redirect(redirect_to) if old_password == new_password: self.log.info('Change Password: Invalid new password (same as the old one)') flash(self.model.spiel('change_password_same_old'), 'error') return redirect(redirect_to) new_password_md5 = utils.password_hash(new_password) subscriber_id = '%s@%s' % (username, domain) self.log.info('Lost Password: sending to SPS %s:%s now.', subscriber_id, new_password_md5) if request.sps.changePassword(username, new_password_md5, self.model, subtype='CHANGE'): message = self.model.spiel('change_password_sps_request_sent') else: self.log.error('SPS.changePassword returned False') message = self.model.spiel('system_timeout', code='12c6f') flash(message) return redirect(url_for('status_page'))
def confirmation_submit(self, formtype): phase = int(request.form['phase']) if 'phase' in request.form else 1 self.log.info('Confirmation submit phase %s type %s', phase, formtype) print session if len(session) == 0: self.log.debug('Session is empty. Ejecting.') return redirect(url_for('login_form')) # Phase 1: Mobile Number Entry if phase == 1: if 'confirmation_activation_ok' in session: del(session['confirmation_activation_ok']) # if 'confirmation_activation_code' in session: # del(session['confirmation_activation_code']) # if 'confirmation_mobile_number' in session: # del(session['confirmation_mobile_number']) # Valid MSISDN Check domain = self.config['domain'] msisdn_valid, mobile_number, msisdn_error_message = self.model.check_msisdn(request.form['mobile_number']) if not msisdn_valid: self.log.info('Invalid MSISDN %s: %s', request.form['mobile_number'], msisdn_error_message) session.destroy() flash(msisdn_error_message) return redirect(url_for('%s_form' % (formtype))) getuser = request.sdb.getUser(mobile_number, domain) if getuser == False: self.log.error('SDB.getUser returned False') flash(self.model.spiel('system_timeout', code='7b520'), 'error') return redirect(url_for('login_form')) previous_confirmation = self.model.get_confirmation(mobile_number, formtype) if previous_confirmation: session['confirmation_mobile_number'] = mobile_number if request.entrypoint_redirected: return redirect(network_path_url_for('%s_form' % (formtype)) + '?phase=2') else: return redirect(url_for('%s_form' % (formtype)) + '?phase=2') # User does not exist if 'error' in getuser['target']: if formtype == 'register': if getuser['target']['error']['code'] == 'USR-00001': # send confirmation pass else: self.log.error('Get user_error Code %s' % (getuser['target']['error']['code'])) return redirect(url_for('login_form')) elif formtype == 'lost_password': self.log.info('Lost Password: account %s does not exist.', mobile_number) session.destroy() flash(self.model.spiel('invalid_account'), 'error') return redirect(url_for('%s_form' % (formtype))) # User Exists else: if formtype == 'register': try: aaa_user_status = getuser['target']['result']['user']['status']['value'] except Exception as ex: self.log.error('Register error: %s@%s Getuser parsing: %s', username, domain, getuser) flash(self.model.spiel('system_timeout', code='472b0'), 'error') return redirect(url_for('%s_form' % (formtype))) if aaa_user_status == 'active': session.destroy() self.log.info('Register: account %s already exists.', mobile_number) flash(self.model.spiel('account_exists'), 'error') return redirect(url_for('login_form')) else: # send confirmation pass elif formtype == 'lost_password': # CHECK sps_requests for existing entry if self.model.sps_requests.find_one({'msisdn': mobile_number, 'sms_sent': False, 'type': 'CHPWD'}, sort=([('request_datetime', pymongo.DESCENDING)])) != None: session.destroy() flash(self.model.spiel('change_password_pending_request')) return redirect(url_for('%s_form' % (formtype))) session['confirmation_mobile_number'] = mobile_number if not self.send_activation_code(mobile_number, formtype): self.log.error('smsc.send returned False') flash(self.model.spiel('system_timeout', code='9e6a5'), 'error') return redirect(url_for('login_form')) if request.entrypoint_redirected: return redirect(network_path_url_for('%s_form' % (formtype)) + '?phase=2') else: return redirect(url_for('%s_form' % (formtype)) + '?phase=2') # !!! # send confirmation # CHECK sps_requests for existing entry if self.model.sps_requests.find_one({'msisdn': mobile_number, 'sms_sent': False, 'type': 'NWCON'}, sort=([('request_datetime', pymongo.DESCENDING)])) != None: self.log.info('registration pending for %s', mobile_number) session.destroy() flash(self.model.spiel('registration_pending_request')) return redirect(url_for('%s_form' % (formtype))) session['confirmation_mobile_number'] = mobile_number if not self.send_activation_code(mobile_number, formtype): self.log.error('smsc.send returned False') flash(self.model.spiel('system_timeout', code='9e6a5'), 'error') return redirect(url_for('login_form')) if request.entrypoint_redirected: return redirect(network_path_url_for('%s_form' % (formtype)) + '?phase=2') else: return redirect(url_for('%s_form' % (formtype)) + '?phase=2') # Phase 2: Activation Code Entry elif phase == 2 and 'confirmation_mobile_number' in session: submitted_activation_code = request.form['activation_code'] if 'activation_code' in request.form else '' current_confirmation = self.model.get_confirmation(session['confirmation_mobile_number'], formtype) if not current_confirmation: return redirect(url_for('%s_form' % (formtype)) + '?phase=1') current_activation_code = current_confirmation['code'] self.log.debug('Compare [%s]=[%s]', submitted_activation_code, current_activation_code) if submitted_activation_code == current_activation_code: self.log.debug('Confirmation code ok.') session['confirmation_activation_ok'] = True session['confirmation_id'] = current_confirmation['_id'] return redirect(url_for('%s_form' % (formtype)) + '?phase=3') else: self.log.debug('Confirmation code incorrect.') flash(self.model.spiel('incorrect_activation_code'), 'error') return redirect(url_for('%s_form' % (formtype)) + '?phase=2') # Phase 3: Password entry elif phase == 3 and 'confirmation_activation_ok' in session: if 'password1' not in request.form or 'password2' not in request.form: self.log.debug('Password1 and Password2 is not present on the submitted data.') return redirect(url_for('%s_form' % (formtype)) + '?phase=3') if request.form['password1'] != request.form['password2']: self.log.debug('Password confirmation does not match.') flash(self.model.spiel('password_match_error'), 'error') return redirect(url_for('%s_form' % (formtype)) + '?phase=3') submitted_password = request.form['password1'] if not self.model.validate_password(submitted_password): self.log.debug('Invalid Password') flash(self.model.spiel('invalid_password'), 'error') return redirect(url_for('%s_form' % (formtype)) + '?phase=3') # Hash the password submitted_password = utils.password_hash(submitted_password) ## Check if the user exists mobile_number = session['confirmation_mobile_number'] domain = self.config['domain'] getuser = request.sdb.getUser(mobile_number, domain) if getuser == False: self.log.error('SDB.getUser returned False') flash(self.model.spiel('system_timeout', code='91032'), 'error') return redirect(url_for('login_form')) # User doesnt exist if 'error' in getuser['target']: if getuser['target']['error']['code'] == 'USR-00001': if formtype == 'register': pass # Go SPS elif formtype == 'lost_password': self.log.error('Lost Password: SDB Account does not exist.') flash(self.model.spiel('invalid_account'), 'error') return redirect(url_for('login_form')) else: self.log.error('SDB Error: %s', getuser['target']['error']['code']) return redirect(url_for('login_form')) # User exists else: if formtype == 'register': try: aaa_user_status = getuser['target']['result']['user']['status']['value'] except Exception as ex: self.log.error('Register error: %s@%s Getuser parsing: %s', username, domain, getuser) flash(self.model.spiel('system_timeout', code='472b0'), 'error') return redirect(url_for('%s_form' % (formtype))) if aaa_user_status == 'active': self.log.error('Register: SDB Account exists.') flash(self.model.spiel('account_exists'), 'error') return redirect(url_for('login_form')) #else Go SPS! elif formtype == 'lost_password': subscriber_id = '%s@%s' % (mobile_number, domain) self.log.info('Lost Password: sending to SPS %s:%s now.', subscriber_id, submitted_password) if request.sps.changePassword(mobile_number, submitted_password, self.model, subtype='LOST'): message = self.model.spiel('change_password_sps_request_sent') self.model.tag_confirmation(session['confirmation_id']) else: self.log.error('SPS.changePassword returned False') message = self.model.spiel('system_timeout', code='12c6f') flash(message) return redirect(url_for('login_form')) # !!! # Registration SPS subscriber_id = '%s@%s' % (mobile_number, domain) self.log.info('Register: sending to SPS %s:%s now.', subscriber_id, submitted_password) if request.sps.createAccount(mobile_number, submitted_password, self.model): message = self.model.spiel('registration_sps_request_sent') self.model.tag_confirmation(session['confirmation_id']) else: self.log.error('SPS.createAccount returned False') message = self.model.spiel('system_timeout', code='d435a') flash(message) return redirect(url_for('login_form')) else: return redirect(url_for('%s_form' % (formtype)) + '?phase=1')
def login_submit(self): # username = str(request.form['principal']) if 'principal' in request.form else None # password = str(request.form['credential']) if 'credential' in request.form else None username = request.form.get('principal', None) password = request.form.get('credential', None) if 'domain' not in request.form: self.log.info('No domain submitted. Redirecting.') return redirect(url_for('login_form')) if 'domain' in request.form and str(request.form['domain']) not in self.wide.organizations: self.log.debug('Domain %s not allowed', str(request.form['domain'])) return redirect(url_for('login_form')) if username == None or password == None: self.log.info('Missing login information (%s|%s)', username, password) return redirect(url_for('login_form')) if username == "" or password == "": flash(self.model.spiel('login_invalid_input'), 'error') return redirect(url_for('login_form')) pusername = username domain = self.config['domain'] msisdn_valid, username, msisdn_error_message = self.model.check_msisdn(username) subscriber_id = '%s@%s' % (username, domain) self.log.info('Login.start [%s@%s]: password is ***', pusername, domain) if not msisdn_valid: self.log.info('Login.end user_error [%s]: Invalid MSISDN: %s', subscriber_id, msisdn_error_message) flash(msisdn_error_message) return redirect(url_for('login_form')) # Check CAPTCHA if 'captcha_active' in session: if 'captcha' in request.form and 'captcha' in session: self.log.info('CAPTCHA entered: %s expected: %s', request.form['captcha'], session['captcha']._generate_words()) if session['captcha'].verify(request.form['captcha']): del(session['captcha']) else: self.log.info('Login.end user_error [%s]: CAPTCHA mismatch', subscriber_id) flash(self.model.spiel('incorrect_captcha'), 'error') return redirect(url_for('login_form')) else: self.log.info('Login.end user_error [%s]: CAPTCHA mismatch', subscriber_id) flash(self.model.spiel('incorrect_captcha'), 'error') return redirect(url_for('login_form')) # MD5 Hash the password password = utils.password_hash(password) # Check username & password self.log.info('Sending GetUser %s:%s', username, password) getuser = request.sdb.getUser(username, domain) if getuser == False: self.log.error('Login.end system_error [%s]: SDB.getUser returned False', subscriber_id) flash(self.model.spiel('system_timeout', code='356a1'), 'error') return redirect(url_for('login_form')) if 'error' in getuser['target']: if getuser['target']['error']['code'] == 'USR-00001': self.log.info('Login.end user_error [%s]: User does not exist', subscriber_id) flash(self.model.spiel('invalid_account'), 'error') else: self.log.error('Login.end system_error [%s]: SDB.getUser result code unknown', subscriber_id) flash(self.model.spiel('system_timeout', code='da4b9'), 'error') return redirect(url_for('login_form')) try: aaa_user_status = getuser['target']['result']['user']['status']['value'] aaa_user_password = getuser['target']['result']['user']['password']['value'] aaa_user_profile_set = getuser['target']['result']['user']['profile-set']['name'] except Exception as ex: self.log.error('Login.end system_error [%s]: Getuser parsing: %s', subscriber_id, getuser) flash(self.model.spiel('system_timeout', code='77de6'), 'error') return redirect(url_for('login_form')) # Check Lockout here if self.model.is_locked_out(subscriber_id): self.log.info('Login.end user_error [%s]: User locked out', subscriber_id) session.destroy() flash(self.model.spiel('lockout'), 'error') return redirect(url_for('login_form')) if aaa_user_status == 'suspended': self.log.info('Login.end user_error [%s]: User suspended', subscriber_id) flash(self.model.spiel('account_suspended'), 'error') return redirect(url_for('login_form')) if aaa_user_status == 'pending': self.log.info('Login.end user_error [%s]: User suspended', subscriber_id) flash(self.model.spiel('invalid_account'), 'error') return redirect(url_for('login_form')) # Check Password if aaa_user_password != password: # FAILED ATTEMPT login_state = self.model.failed_login_attempt(subscriber_id) if login_state == False: flash(self.model.spiel('incorrect_credentials'), 'error') else: if login_state['captcha']: session['captcha_active'] = True elif not login_state['captcha'] and 'captcha_active' in session: del(session['captcha_active']) if login_state['lockout']: session.destroy() flash(self.model.spiel('lockout'), 'error') elif login_state['lockout_warning']: flash(self.model.spiel('lockout_warning'), 'error') else: flash(self.model.spiel('incorrect_credentials'), 'error') self.log.info('Login.end user_error [%s]: Incorrect password', subscriber_id) return redirect(url_for('login_form')) # Login OK #!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Portal Session is now Valid #!!!!!!!!!!!!!!!!!!!!!!!!!!!!! session['Subscriber-Id'] = subscriber_id session['Profile-Set'] = aaa_user_profile_set #!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Portal Session is now Valid #!!!!!!!!!!!!!!!!!!!!!!!!!!!!! #if organization['metered']: if aaa_user_profile_set in ('3G_UPS', 'Default Postpaid'): # Iterate over the session rights if not request.bpc.process_session_rights(session): session.destroy() self.log.error('Login.end system_error [%s]: BPC session rights processing returned False', subscriber_id) flash(self.model.spiel('system_timeout', code='1b645'), 'error') return redirect(url_for('login_form')) # TTCs #ttc_list = request.bpc.GetTTCList(subscriber_id) #self.log.debug('TTC LIST: %s', session['ttc_list'].keys()) # Check if the account is used up #if 'Quota_Depleted' in session['ttc_list']: # self.log.info('Login.end user_error [%s]: TTC Quota_Depleted present', subscriber_id) # session.destroy() # flash(self.model.spiel('quota_depleted2'), 'error') # return redirect(url_for('login_form')) if session['rights'] == {}: self.log.info('Login.end user_error [%s]: Session rights empty', subscriber_id) session.destroy() flash(self.model.spiel('quota_depleted2'), 'error') return redirect(url_for('login_form')) # Send account-logon CoA to ISG self.log.info('Sending logon %s:%s to WAG..', subscriber_id, password) logon_result, logon_message, logon_attrs = request.gateway_session.logon(subscriber_id, password, request.gateway_session_id) if not logon_result: session.destroy() if type(logon_message) == type(u''): self.log.error('Login.end system_error [%s]: WAG login CoANaK: %s', subscriber_id, logon_message) if logon_message == 'Access denied, session limit exceeded': flash(self.model.spiel('session_control'), 'error') else: flash(self.model.spiel('system_timeout', code='902ba'), 'error') else: self.log.error('Login.end system_error [%s]: WAG session login returned CoANaK', subscriber_id) flash(self.model.spiel('system_timeout', code='fe5db'), 'error') return redirect(url_for('login_form')) #!!!!!!!!!!!!!!!!!!!!!!!!!!! # GATEWAY SESSION NOW VALID #!!!!!!!!!!!!!!!!!!!!!!!!!!! session['Gateway-Session'] = True # session['IP-Address'] = logon_attrs['Cisco-Account-Info'][0] self.model.save_login_time(session['Subscriber-Id']) self.log.info('Login.end ok [%s]', subscriber_id) request.response.data = render_template_string(request.templates['welcome'], templates=request.template_objects) return request.response