def set_password(cls, user=None, password=None, provider_name=None ): """generic method to change password of any for any login provider that uses password and allows the password change function """ login_providers = util.get_login_providers() if login_providers[provider_name]['type'] != 'password': raise ImproperlyConfigured('login provider must use password') if provider_name == 'local': user.set_password(password) user.save() scrambled_password = user.password + str(user.id) else: raise NotImplementedError('external passwords not supported') try: assoc = UserAssociation.objects.get( user = user, provider_name = provider_name ) except UserAssociation.DoesNotExist: assoc = UserAssociation( user = user, provider_name = provider_name ) assoc.openid_url = scrambled_password assoc.last_used_timestamp = datetime.datetime.now() assoc.save()
def set_password(cls, user=None, password=None, provider_name=None): """generic method to change password of any for any login provider that uses password and allows the password change function """ login_providers = util.get_login_providers() if login_providers[provider_name]['type'] != 'password': raise ImproperlyConfigured('login provider must use password') if provider_name == 'local': user.set_password(password) user.save() scrambled_password = user.password + str(user.id) else: raise NotImplementedError('external passwords not supported') try: assoc = UserAssociation.objects.get(user=user, provider_name=provider_name) except UserAssociation.DoesNotExist: assoc = UserAssociation(user=user, provider_name=provider_name) assoc.openid_url = scrambled_password assoc.last_used_timestamp = datetime.datetime.now() assoc.save()
def clean(self, value): """make sure that value is name of one of the known password login providers """ value = super(PasswordLoginProviderField, self).clean(value) providers = util.get_login_providers() if providers[value]['type'] != 'password': raise forms.ValidationError('provider %s must accept password' % value) return value
def clean(self, value): """makes sure that login provider name exists is in the list of accepted providers """ providers = util.get_login_providers() if value in providers: return value else: error_message = 'unknown provider name %s' % value logging.critical(error_message) raise forms.ValidationError(error_message)
def clean(self, value): """make sure that value is name of one of the known password login providers """ value = super(PasswordLoginProviderField, self).clean(value) providers = util.get_login_providers() if providers[value]['type'] != 'password': raise forms.ValidationError( 'provider %s must accept password' % value ) return value
def clean(self): """besides input data takes data from the login provider settings and stores final digested data into the cleaned_data the idea is that cleaned data can be used directly to enact the signin action, without post-processing of the data contents of cleaned_data depends on the type of login """ providers = util.get_login_providers() if 'login_provider_name' in self.cleaned_data: provider_name = self.cleaned_data['login_provider_name'] else: raise forms.ValidationError('no login provider specified') provider_data = providers[provider_name] provider_type = provider_data['type'] if provider_type == 'password': self.do_clean_password_fields() self.cleaned_data['login_type'] = 'password' elif provider_type.startswith('openid'): self.do_clean_openid_fields(provider_data) self.cleaned_data['login_type'] = 'openid' elif provider_type == 'oauth': self.cleaned_data['login_type'] = 'oauth' pass elif provider_type == 'facebook': self.cleaned_data['login_type'] = 'facebook' #self.do_clean_oauth_fields() return self.cleaned_data
def authenticate( self, username=None, #for 'password' password=None, #for 'password' user_id=None, #for 'force' provider_name=None, #required with all except email_key openid_url=None, email_key=None, oauth_user_id=None, #used with oauth facebook_user_id=None, #user with facebook ldap_user_id=None, #for ldap method=None, #requried parameter ): """this authentication function supports many login methods just which method it is going to use it determined from the signature of the function call """ login_providers = util.get_login_providers() if method == 'password': if login_providers[provider_name]['type'] != 'password': raise ImproperlyConfigured('login provider must use password') if provider_name == 'local': try: user = User.objects.get(username=username) if not user.check_password(password): return None except User.DoesNotExist: return None else: #todo there must be a call to some sort of #an external "check_password" function raise NotImplementedError('do not support external passwords') #this is a catch - make login token a little more unique #for the cases when passwords are the same for two users #from the same provider try: assoc = UserAssociation.objects.get( user=user, provider_name=provider_name) except UserAssociation.DoesNotExist: assoc = UserAssociation(user=user, provider_name=provider_name) assoc.openid_url = user.password + str(user.id) elif method == 'openid': provider_name = util.get_provider_name(openid_url) try: assoc = UserAssociation.objects.get( openid_url=openid_url, provider_name=provider_name) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'email': #with this method we do no use user association try: #todo: add email_key_timestamp field #and check key age user = User.objects.get(email_key=email_key) user.email_key = None #one time key so delete it user.email_isvalid = True user.save() return user except User.DoesNotExist: return None elif method == 'oauth': if login_providers[provider_name]['type'] == 'oauth': try: assoc = UserAssociation.objects.get( openid_url=oauth_user_id, provider_name=provider_name) user = assoc.user except UserAssociation.DoesNotExist: return None else: return None elif method == 'facebook': try: #assert(provider_name == 'facebook') assoc = UserAssociation.objects.get( openid_url=facebook_user_id, provider_name='facebook') user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'ldap': try: assoc = UserAssociation.objects.get( openid_url=ldap_user_id, provider_name=provider_name) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'force': return self.get_user(user_id) else: raise TypeError('only openid and password supported') #update last used time assoc.last_used_timestamp = datetime.datetime.now() assoc.save() return user
def authenticate( self, username = None,#for 'password' password = None,#for 'password' user_id = None,#for 'force' provider_name = None,#required with all except email_key openid_url = None, email_key = None, oauth_user_id = None,#used with oauth facebook_user_id = None,#user with facebook ldap_user_id = None,#for ldap method = None,#requried parameter ): """this authentication function supports many login methods just which method it is going to use it determined from the signature of the function call """ login_providers = util.get_login_providers() if method == 'password': if login_providers[provider_name]['type'] != 'password': raise ImproperlyConfigured('login provider must use password') if provider_name == 'local': try: user = User.objects.get(username=username) if not user.check_password(password): return None except User.DoesNotExist: return None else: #todo there must be a call to some sort of #an external "check_password" function raise NotImplementedError('do not support external passwords') #this is a catch - make login token a little more unique #for the cases when passwords are the same for two users #from the same provider try: assoc = UserAssociation.objects.get( user = user, provider_name = provider_name ) except UserAssociation.DoesNotExist: assoc = UserAssociation( user = user, provider_name = provider_name ) assoc.openid_url = user.password + str(user.id) elif method == 'openid': provider_name = util.get_provider_name(openid_url) try: assoc = UserAssociation.objects.get( openid_url = openid_url, provider_name = provider_name ) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'email': #with this method we do no use user association try: #todo: add email_key_timestamp field #and check key age user = User.objects.get(email_key = email_key) user.email_key = None #one time key so delete it user.email_isvalid = True user.save() return user except User.DoesNotExist: return None elif method == 'oauth': if login_providers[provider_name]['type'] == 'oauth': try: assoc = UserAssociation.objects.get( openid_url = oauth_user_id, provider_name = provider_name ) user = assoc.user except UserAssociation.DoesNotExist: return None else: return None elif method == 'facebook': try: #assert(provider_name == 'facebook') assoc = UserAssociation.objects.get( openid_url = facebook_user_id, provider_name = 'facebook' ) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'ldap': try: assoc = UserAssociation.objects.get( openid_url = ldap_user_id, provider_name = provider_name ) user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'force': return self.get_user(user_id) else: raise TypeError('only openid and password supported') #update last used time assoc.last_used_timestamp = datetime.datetime.now() assoc.save() return user