def _get_user(): '''Read user/pass data from request using all known auth methods (token or basic). Load user data from DB and match passwords. Returns user object or None if failed. ''' user = None for read_auth_data in [ _get_auth_token, _get_auth_basic ]: username, auth_token = read_auth_data(bottle.request.params, bottle.request.headers) if username: user = database.user(email=username) if user is None or user['authentication_token'] != auth_token: return None elif auth_token: user = database.user(authentication_token=auth_token) if user: return user return None
def authorize(): client_id = int(request.form['client_id']) login = request.form['login'] password = request.form['password'] state = request.form.get('state', None) if not database.user(login=login): return redirect(database.client[client_id]['redirect_uri'] + '?error=access_denied' + ('' if state is None else '&state=' + state), code=302) if database.user(login=login)[0]['password'] != sha256(password.encode('UTF-8')).hexdigest(): return redirect(database.client[client_id]['redirect_uri'] + '?error=access_denied' + ('' if state is None else '&state=' + state), code=302) code = sha256(str(uuid4()).encode('UTF-8')).hexdigest() database.auth_code.insert(user_id=database.user(login=login)[0]['__id__'], code=code, expired=datetime.now() + timedelta(minutes=10)) database.auth_code.commit() return redirect(database.client(client_id=client_id)[0]['redirect_uri'] + '?code=' + code + ('' if state is None else '&state=' + state), code=302)
def check_auth_publickey(self, username, key): pub_key_filename = database.user(username).public_key_filename try: LOG.info("checking %s" % pub_key_filename) assert os.path.exists(pub_key_filename) with open(pub_key_filename, 'rb') as pubkey: pubkey_data = pubkey.read().split(' ')[1] except paramiko.SSHException as e: LOG.error(e) return paramiko.AUTH_FAILED else: if key.get_base64() == pubkey_data: LOG.info("user successfully authed publickey") return paramiko.AUTH_SUCCESSFUL return paramiko.AUTH_FAILED
def login(): error = None if request.method == "POST": user = database.user(request.form["username"]) if not user: error = "Invalid username" elif not check_password_hash(user["password_hash"], request.form["password"]): error = "Invalid password" else: session["logged_in"] = True session["username"] = user["username"] if database.permissions_role(user["permissions"]) == ROLE_ADMINISTRATOR: return flask.redirect(url_for("admin")) elif database.permissions_role(user["permissions"]) == ROLE_AUTHOR: return flask.redirect(url_for("author")) return flask.redirect(url_for("index")) return render_template("login.html", error=error)
def register(): login = request.form['login'] password = request.form['password'] if not login: return render_template('register_form.html', error='Не введен логин') if not password: return render_template('register_form.html', error='Не введен пароль') name = request.form['name'] or None email = request.form['email'] or None phone = request.form['phone'] or None if database.user(login=login): return render_template('register_form.html', error='Пользователь с таким логином уже существует') database.user.insert(login=login, password=sha256(password.encode('UTF-8')).hexdigest(), name=name, email=email, phone=phone) database.user.commit() return render_template('register_success.html')
def user_register(): if request.method == "POST": DBsession = sessionmaker(bind=db.engine) data = request.get_data() json_data = json.loads(data.decode('utf-8')) firstname = json_data.get('firstname') lastname = json_data.get('lastname') account = json_data.get('accountname') password = json_data.get('password') photoName = json_data.get('photoName') #confirm_password = json_data.get('confirm_password') email = json_data.get('email') #birthday = json_data.get('birthday') dbsession = DBsession() new_user = user(account, password, email, photoName) try: dbsession.add(new_user) except Exception as e: return jsonify({"register": 'failed'}) dbsession.commit() dbsession.close() return jsonify({'register': "success"})
def step_impl(context): context.result = database.user(context.username)
def session_permissions(): if not "username" in session: abort(500) return database.permissions_role(database.user(session["username"])["permissions"])