def post(self):
# Get values
server = request.headers.get('server')
email = request.form.get('email')
password = request.form.get('password')
# Validate required fields
validation = Validation()
validation.add_required_field('server', server)
validation.add_required_field('email', email)
validation.add_required_field('password', password)
if not validation.is_valid():
return validation.get_validation_response()
# Validate user exists, is validated and is not blocked
user = user_services.get_user_by_email(email)
if user is None:
return Failures.unknown_user_email(email)
if not user.confirmed:
return Failures.email_not_confirmed(email)
if user.blocked:
return Failures.user_blocked(email)
if user.auth_source != 'local':
return Failures.wrong_auth_source(user.auth_source)
if not rate_limiting_services.has_sufficient_tokens(user.id, 'failed-password', 1):
return Failures.rate_exceeded()
# The password might not be encoded correctly when submitted. This
# could cause the check_password method to fault. We trap that
# possibility and address it here.
try:
if not user_services.check_password(user.id, password):
rate_limiting_services.consume_tokens(user.id, 'failed-password', 1)
return Failures.wrong_password(email)
except TypeError:
return Failures.password_unknown_format("Unicode-objects must be encoded before hashing")
db.session.commit()
logging.info('Authenticate-controller: Authenticate: success: %s', email)
return {
'success': True,
'user': {
'id': user.id,
'email': user.email,
'locale': user.locale,
'screenname': user.screen_name,
'authentication-source': user.auth_source,
'bdmonth': user.birth_month,
'bdyear': user.birth_year,
'parent-email': user.parent_email,
'parent-email-source': user.parent_email_source
}}
def post(self):
# Get values
server = request.headers.get('server')
email = request.form.get('email')
password = request.form.get('password')
#browser = request.form.get('browser')
#ip_address = request.form.get('ipAddress')
# Validate required fields
validation = Validation()
validation.add_required_field('server', server)
validation.add_required_field('email', email)
validation.add_required_field('password', password)
#validation.add_required_field('browser', browser)
#validation.add_required_field('ipAddress', ip_address)
if not validation.is_valid():
return validation.get_validation_response()
# Validate user exists, is validated and is not blocked
user = user_services.get_user_by_email(email)
if user is None:
return Failures.unknown_user_email(email)
if not user.confirmed:
return Failures.email_not_confirmed()
if user.blocked:
return Failures.user_blocked()
if user.auth_source != 'local':
return Failures.wrong_auth_source(user.auth_source)
if not rate_limiting_services.has_sufficient_tokens(
user.id, 'failed-password', 1):
return Failures.rate_exceeded()
if not user_services.check_password(user.id, password):
rate_limiting_services.consume_tokens(user.id, 'failed-password',
1)
db.session.commit()
return Failures.wrong_password()
db.session.commit()
logging.info('Authenticate-controller: Authenticate: success: %s',
user.id)
return {
'success': True,
'user': {
'id': user.id,
'email': user.email,
'locale': user.locale,
'screenname': user.screen_name,
'authentication-source': user.auth_source
}
}
def post(self):
# Get values
server = request.headers.get('server')
email = request.form.get('email')
password = request.form.get('password')
# Validate required fields
validation = Validation()
validation.add_required_field('server', server)
validation.add_required_field('email', email)
validation.add_required_field('password', password)
if not validation.is_valid():
return validation.get_validation_response()
# Validate user exists, is validated and is not blocked
user = user_services.get_user_by_email(email)
if user is None:
return Failures.unknown_user_email(email)
if not user.confirmed:
return Failures.email_not_confirmed(email)
if user.blocked:
return Failures.user_blocked(email)
if user.auth_source != 'local':
return Failures.wrong_auth_source(user.auth_source)
if not rate_limiting_services.has_sufficient_tokens(user.id, 'failed-password', 1):
return Failures.rate_exceeded()
if not user_services.check_password(user.id, password):
rate_limiting_services.consume_tokens(user.id, 'failed-password', 1)
db.session.commit()
return Failures.wrong_password(email)
db.session.commit()
logging.info('Authenticate-controller: Authenticate: success: %s', email)
return {'success': True, 'user': {
'id': user.id,
'email': user.email,
'locale': user.locale,
'screenname': user.screen_name,
'authentication-source': user.auth_source,
'bdmonth': user.birth_month,
'bdyear': user.birth_year,
'parent-email': user.parent_email,
'parent-email-source': user.parent_email_source
}}
def send_password_reset(id_user, server):
user = get_user(id_user)
if user is None:
return False, 1, 'User id not known'
if user.blocked:
return False, 3, 'Account Blocked'
# check rate limiting
if not rate_limiting_services.consume_tokens(id_user, 'password-reset', 1):
return False, 10, 'Rate limiter exceeded'
# Delete token if any exists
existing_token = ResetToken.query.filter_by(id_user=id_user).first()
if existing_token is not None:
db.session.delete(existing_token)
db.session.flush()
token = str(uuid.uuid1()).translate(None, '-')
token_validity_time = int(app.config['CLOUD_SESSION_PROPERTIES']['reset-token-validity-hours'])
reset_token = ResetToken()
reset_token.id_user = id_user
reset_token.token = token
reset_token.validity = datetime.datetime.now() + datetime.timedelta(hours=token_validity_time)
db.session.add(reset_token)
email_services.send_email_template_for_user(id_user, 'reset', server, token=token)
return True, 0, 'Success'
def send_password_reset(id_user, server):
user = get_user(id_user)
if user is None:
return False, 1, 'User id not known'
if user.blocked:
return False, 3, 'Account Blocked'
# check rate limiting
if not rate_limiting_services.consume_tokens(id_user, 'password-reset', 1):
return False, 10, 'Rate limiter exceeded'
# Delete token if any exists
existing_token = ResetToken.query.filter_by(id_user=id_user).first()
if existing_token is not None:
db.session.delete(existing_token)
db.session.flush()
token = str(uuid.uuid1()).translate(None, '-')
token_validity_time = int(
app.config['CLOUD_SESSION_PROPERTIES']['reset-token-validity-hours'])
reset_token = ResetToken()
reset_token.id_user = id_user
reset_token.token = token
reset_token.validity = datetime.datetime.now() + datetime.timedelta(
hours=token_validity_time)
db.session.add(reset_token)
email_services.send_email_template_for_user(id_user,
'reset',
server,
token=token)
return True, 0, 'Success'
def send_email_confirm(id_user, server):
logging.info("Preparing new account confirmation email for user %s",
id_user)
logging.info("Account request received from server: %s", server)
user = get_user(id_user)
if user is None:
logging.debug("Unknown user id: %s", id_user)
return False, 1, 'User id not known'
if user.confirmed:
logging.debug("User account %s has already been verified", id_user)
return False, 2, 'Account already verified'
if user.blocked:
logging.debug("User account %s has been blocked", id_user)
return False, 3, 'Account Blocked'
# check rate limiting
if not rate_limiting_services.consume_tokens(id_user, 'email-confirm', 1):
logging.debug("Too many attempts to confirm account for user %s",
id_user)
return False, 10, 'Rate limiter exceeded'
# Delete token if any exists
existing_token = ConfirmToken.query.filter_by(id_user=id_user).first()
if existing_token is not None:
db.session.delete(existing_token)
db.session.flush()
token = str(uuid.uuid1()).translate(None, '-')
token_validity_time = int(
app.config['CLOUD_SESSION_PROPERTIES']['confirm-token-validity-hours'])
confirm_token = ConfirmToken()
confirm_token.id_user = id_user
confirm_token.token = token
confirm_token.validity = datetime.datetime.now() + datetime.timedelta(
hours=token_validity_time)
db.session.add(confirm_token)
try:
logging.info("Sending account confirmation email to user: %s ",
id_user)
# Send an email to the user or user's responsible party to confirm the account request
email_services.send_email_template_for_user(id_user,
'confirm',
server,
token=token)
logging.info("Completed email send process.")
except Exception as ex:
logging.error("Error while sending email: %s", ex.message)
return False, 99, 'Unable to contact SMTP server'
return True, 0, 'Success'
def get(self, bucket_type, id_user, count):
# Validate required fields
validation = Validation()
validation.add_required_field('bucket_type', bucket_type)
validation.add_required_field('id_user', id_user)
validation.add_required_field('count', count)
if not validation.is_valid():
return validation.get_validation_response()
# Parse numbers
try:
id_user = int(id_user)
except ValueError:
return Failures.not_a_number('idUser', id_user)
try:
count = int(count)
except ValueError:
return Failures.not_a_number('count', count)
# Validate user exists, is validated and is not blocked
user = user_services.get_user(id_user)
if user is None:
return Failures.unknown_user_id(id_user)
if user.blocked:
return Failures.user_blocked()
if not user.confirmed:
return Failures.email_not_confirmed()
bucket_types = app.config['CLOUD_SESSION_PROPERTIES'][
'bucket.types'].split(',')
if bucket_type not in bucket_types:
return Failures.unknown_bucket_type(bucket_type)
result, next_time = rate_limiting_services.consume_tokens(
user.id, bucket_type, 1)
if not result:
db.session.commit()
return Failures.rate_exceeded(
next_time.strftime("%Y-%m-%d %H:%M:%S"))
db.session.commit()
logging.info(
'RateLimiting-controller: ConsumeMultiple: success: %s (%s - %s)',
id_user, bucket_type, count)
return {'success': True}
def get(self, bucket_type, id_user, count):
# Validate required fields
validation = Validation()
validation.add_required_field('bucket_type', bucket_type)
validation.add_required_field('id_user', id_user)
validation.add_required_field('count', count)
if not validation.is_valid():
return validation.get_validation_response()
# Parse numbers
try:
id_user = int(id_user)
except ValueError:
return Failures.not_a_number('idUser', id_user)
try:
count = int(count)
except ValueError:
return Failures.not_a_number('count', count)
# Validate user exists, is validated and is not blocked
user = user_services.get_user(id_user)
if user is None:
return Failures.unknown_user_id(id_user)
if user.blocked:
return Failures.user_blocked()
if not user.confirmed:
return Failures.email_not_confirmed()
bucket_types = app.config['CLOUD_SESSION_PROPERTIES']['bucket.types'].split(',')
if bucket_type not in bucket_types:
return Failures.unknown_bucket_type(bucket_type)
result, next_time = rate_limiting_services.consume_tokens(user.id, bucket_type, 1)
if not result:
db.session.commit()
return Failures.rate_exceeded(next_time.strftime("%Y-%m-%d %H:%M:%S"))
db.session.commit()
logging.info('RateLimiting-controller: ConsumeMultiple: success: %s (%s - %s)', id_user, bucket_type, count)
return {'success': True}
def send_email_confirm(id_user, server):
logging.info("Preparing new account confirmation email for user %s", id_user)
logging.info("Account request received from server: %s", server)
user = get_user(id_user)
if user is None:
logging.debug("Unknown user id: %s", id_user)
return False, 1, 'User id not known'
if user.confirmed:
logging.debug("User account %s has already been verified", id_user)
return False, 2, 'Account already verified'
if user.blocked:
logging.debug("User account %s has been blocked", id_user)
return False, 3, 'Account Blocked'
# check rate limiting
if not rate_limiting_services.consume_tokens(id_user, 'email-confirm', 1):
logging.debug("Too many attempts to confirm account for user %s", id_user)
return False, 10, 'Rate limiter exceeded'
# Delete token if any exists
existing_token = ConfirmToken.query.filter_by(id_user=id_user).first()
if existing_token is not None:
db.session.delete(existing_token)
db.session.flush()
token = str(uuid.uuid1()).translate(None, '-')
token_validity_time = int(app.config['CLOUD_SESSION_PROPERTIES']['confirm-token-validity-hours'])
confirm_token = ConfirmToken()
confirm_token.id_user = id_user
confirm_token.token = token
confirm_token.validity = datetime.datetime.now() + datetime.timedelta(hours=token_validity_time)
db.session.add(confirm_token)
try:
logging.info("Sending account confirmation email to user: %s ", id_user)
# Send an email to the user or user's responsible party to confirm the account request
email_services.send_email_template_for_user(id_user, 'confirm', server, token=token)
logging.info("Completed email send process.")
except Exception as ex:
logging.error("Error while sending email: %s", ex.message)
return False, 99, 'Unable to contact SMTP server'
return True, 0, 'Success'