def validate(self, attrs): login_id = attrs.get('username') password = attrs.get('password') platform = attrs.get('platform', None) device_id = attrs.get('device_id', None) device_name = attrs.get('device_name', None) client_version = attrs.get('client_version', None) platform_version = attrs.get('platform_version', None) v2_fields = (platform, device_id, device_name) # Decide the version of token we need if all_none(v2_fields): v2 = False elif all_not_none(v2_fields): v2 = True else: raise serializers.ValidationError('invalid params') username = Profile.objects.get_username_by_login_id(login_id) if username is None: username = login_id if username and password: user = authenticate(username=username, password=password) if user: if not user.is_active: raise serializers.ValidationError('User account is disabled.') else: raise serializers.ValidationError('Unable to login with provided credentials.') else: raise serializers.ValidationError('Must include "username" and "password"') populate_user_permissions(user) if platform in DESKTOP_PLATFORMS: if not user.permissions.can_connect_with_desktop_clients(): raise serializers.ValidationError('Not allowed to connect to desktop client.') elif platform == 'android': if not user.permissions.can_connect_with_android_clients(): raise serializers.ValidationError('Not allowed to connect to android client.') elif platform == 'ios': if not user.permissions.can_connect_with_ios_clients(): raise serializers.ValidationError('Not allowed to connect to ios client.') else: logger.info('%s: unrecognized device' % login_id) self._two_factor_auth(self.context['request'], user) # Now user is authenticated if v2: token = get_token_v2(self.context['request'], username, platform, device_id, device_name, client_version, platform_version) else: token = get_token_v1(username) return token.key
def authenticate_v2(self, request, key): try: token = TokenV2.objects.get(key=key) except TokenV2.DoesNotExist: # Continue authentication in token v1 return None if token.wiped_at: raise DeviceRemoteWipedException('Device set to be remote wiped') try: user = User.objects.get(email=token.user) except User.DoesNotExist: raise AuthenticationFailed('User inactive or deleted') if MULTI_TENANCY: orgs = ccnet_api.get_orgs_by_user(token.user) if orgs: user.org = orgs[0] populate_user_permissions(user) if user.is_active: need_save = False # We update the device's last_login_ip, client_version, platform_version if changed ip = get_client_ip(request) if ip and ip != token.last_login_ip: token.last_login_ip = ip need_save = True client_version = request.META.get(HEADER_CLIENT_VERSION, '') if client_version and client_version != token.client_version: token.client_version = client_version need_save = True platform_version = request.META.get(HEADER_PLATFORM_VERSION, '') if platform_version and platform_version != token.platform_version: token.platform_version = platform_version need_save = True if not within_time_range(token.last_accessed, datetime.datetime.now(), 10 * 60): # We only need 10min precision for the last_accessed field need_save = True if need_save: try: token.save() except: logger.exception('error when save token v2:') return (user, token)
def authenticate_v2(self, request, key): try: token = TokenV2.objects.get(key=key) except TokenV2.DoesNotExist: # Continue authentication in token v1 return None if token.wiped_at: raise DeviceRemoteWipedException('Device set to be remote wiped') try: user = User.objects.get(email=token.user) except User.DoesNotExist: raise AuthenticationFailed('User inactive or deleted') if MULTI_TENANCY: orgs = seaserv.get_orgs_by_user(token.user) if orgs: user.org = orgs[0] populate_user_permissions(user) if user.is_active: need_save = False # We update the device's last_login_ip, client_version, platform_version if changed ip = get_client_ip(request) if ip and ip != token.last_login_ip: token.last_login_ip = ip need_save = True client_version = request.META.get(HEADER_CLIENT_VERSION, '') if client_version and client_version != token.client_version: token.client_version = client_version need_save = True platform_version = request.META.get(HEADER_PLATFORM_VERSION, '') if platform_version and platform_version != token.platform_version: token.platform_version = platform_version need_save = True if not within_time_range(token.last_accessed, datetime.datetime.now(), 10 * 60): # We only need 10min precision for the last_accessed field need_save = True if need_save: try: token.save() except: logger.exception('error when save token v2:') return (user, token)
def authenticate_v1(self, request, key): try: token = Token.objects.get(key=key) except Token.DoesNotExist: raise AuthenticationFailed('Invalid token') try: user = User.objects.get(email=token.user) except User.DoesNotExist: raise AuthenticationFailed('User inactive or deleted') if MULTI_TENANCY: orgs = seaserv.get_orgs_by_user(token.user) if orgs: user.org = orgs[0] populate_user_permissions(user) if user.is_active: return (user, token)
def authenticate_v1(self, request, key): try: token = Token.objects.get(key=key) except Token.DoesNotExist: raise AuthenticationFailed('Invalid token') try: user = User.objects.get(email=token.user) except User.DoesNotExist: raise AuthenticationFailed('User inactive or deleted') if MULTI_TENANCY: orgs = ccnet_api.get_orgs_by_user(token.user) if orgs: user.org = orgs[0] populate_user_permissions(user) if user.is_active: return (user, token)
def validate(self, attrs): login_id = attrs.get('username') password = attrs.get('password') platform = attrs.get('platform', None) device_id = attrs.get('device_id', None) device_name = attrs.get('device_name', None) client_version = attrs.get('client_version', None) platform_version = attrs.get('platform_version', None) v2_fields = (platform, device_id, device_name) # Decide the version of token we need if all_none(v2_fields): v2 = False elif all_not_none(v2_fields): v2 = True else: raise serializers.ValidationError('invalid params') username = Profile.objects.get_username_by_login_id(login_id) if username is None: username = login_id p_id = ccnet_api.get_primary_id(username) if p_id is not None: username = p_id if username and password: user = authenticate(username=username, password=password) if user: if not user.is_active: raise serializers.ValidationError( 'User account is disabled.') else: raise serializers.ValidationError( 'Unable to login with provided credentials.') else: raise serializers.ValidationError( 'Must include "username" and "password"') populate_user_permissions(user) self._two_factor_auth(self.context['request'], user) # Now user is authenticated if v2: if platform in DESKTOP_PLATFORMS: if not user.permissions.can_connect_with_desktop_clients(): raise serializers.ValidationError( 'Not allowed to connect to desktop client.') elif platform == 'android': if not user.permissions.can_connect_with_android_clients(): raise serializers.ValidationError( 'Not allowed to connect to android client.') elif platform == 'ios': if not user.permissions.can_connect_with_ios_clients(): raise serializers.ValidationError( 'Not allowed to connect to ios client.') else: logger.info('%s: unrecognized device' % login_id) token = get_token_v2(self.context['request'], username, platform, device_id, device_name, client_version, platform_version) else: token = get_token_v1(username) return token.key