realms-wiki/realms/modules/auth/models.py

from flask.ext.login import UserMixin, logout_user, login_user
from realms import config, login_manager
from realms.lib.services import db
from itsdangerous import URLSafeSerializer, BadSignature
from hashlib import sha256
import json
import bcrypt

FIELD_MAP = dict(
    u='username',
    e='email',
    p='password',
    nv='not_verified',
    a='admin',
    b='banned')


@login_manager.user_loader
def load_user(user_id):
    return User.get(user_id)


@login_manager.token_loader
def load_token(token):
    # Load unsafe because payload is needed for sig
    sig_okay, payload = URLSafeSerializer(None).load_unsafe(token)

    if not payload:
        return False

    # User key *could* be stored in payload to avoid user lookup in db
    user = User.get(payload.get('id'))

    if not user:
        return False

    try:
        if User.signer(sha256(user.password).hexdigest()).loads(token):
            return user
        else:
            return False
    except BadSignature:
        return False


class User(UserMixin):

    username = None
    email = None
    password = None

    def __init__(self, email, data=None):
        self.id = email
        for k, v in data.items():
            setattr(self, FIELD_MAP.get(k, k), v)

    def get_auth_token(self):
        key = sha256(self.password).hexdigest()
        return User.signer(key).dumps(dict(id=self.username))

    @staticmethod
    def create(username, email, password):
        User.set(email, dict(u=username, e=email, p=User.hash(password), nv=1))

    @staticmethod
    def signer(salt):
        """
        Signed with app secret salted with sha256 of password hash of user (client secret)
        """
        return URLSafeSerializer(config.SECRET + salt)

    @staticmethod
    def set(email, data):
        db.set('u:%s' % email, json.dumps(data, separators=(',', ':')))

    @staticmethod
    def get(email):
        data = db.get('u:%s', email)

        try:
            data = json.loads(data)
        except ValueError:
            return None

        if data:
            return User(email, data)
        else:
            return None

    @staticmethod
    def auth(email, password):
        user = User.get(email)

        if not user:
            return False

        if bcrypt.checkpw(password, user.password):
            login_user(user, remember=True)
            return user
        else:
            return False

    @staticmethod
    def hash(password):
        return bcrypt.hashpw(password, bcrypt.gensalt(log_rounds=12))

    @classmethod
    def logout(cls):
        logout_user()
WIP 2014-08-20 18:28:25 +03:00			`from flask.ext.login import UserMixin, logout_user, login_user`
			`from realms import config, login_manager`
			`from realms.lib.services import db`
			`from itsdangerous import URLSafeSerializer, BadSignature`
			`from hashlib import sha256`
			`import json`
			`import bcrypt`

			`FIELD_MAP = dict(`
			`u='username',`
			`e='email',`
			`p='password',`
			`nv='not_verified',`
			`a='admin',`
			`b='banned')`


			`@login_manager.user_loader`
			`def load_user(user_id):`
			`return User.get(user_id)`


			`@login_manager.token_loader`
			`def load_token(token):`
			`# Load unsafe because payload is needed for sig`
			`sig_okay, payload = URLSafeSerializer(None).load_unsafe(token)`

			`if not payload:`
			`return False`

			`# User key could be stored in payload to avoid user lookup in db`
			`user = User.get(payload.get('id'))`

			`if not user:`
			`return False`

			`try:`
			`if User.signer(sha256(user.password).hexdigest()).loads(token):`
			`return user`
			`else:`
			`return False`
			`except BadSignature:`
			`return False`


			`class User(UserMixin):`

			`username = None`
			`email = None`
			`password = None`

			`def __init__(self, email, data=None):`
			`self.id = email`
			`for k, v in data.items():`
			`setattr(self, FIELD_MAP.get(k, k), v)`

			`def get_auth_token(self):`
			`key = sha256(self.password).hexdigest()`
			`return User.signer(key).dumps(dict(id=self.username))`

			`@staticmethod`
			`def create(username, email, password):`
			`User.set(email, dict(u=username, e=email, p=User.hash(password), nv=1))`

			`@staticmethod`
			`def signer(salt):`
			`"""`
			`Signed with app secret salted with sha256 of password hash of user (client secret)`
			`"""`
			`return URLSafeSerializer(config.SECRET + salt)`

			`@staticmethod`
			`def set(email, data):`
			`db.set('u:%s' % email, json.dumps(data, separators=(',', ':')))`

			`@staticmethod`
			`def get(email):`
			`data = db.get('u:%s', email)`

			`try:`
			`data = json.loads(data)`
			`except ValueError:`
			`return None`

			`if data:`
			`return User(email, data)`
			`else:`
			`return None`

			`@staticmethod`
			`def auth(email, password):`
			`user = User.get(email)`

			`if not user:`
			`return False`

			`if bcrypt.checkpw(password, user.password):`
			`login_user(user, remember=True)`
			`return user`
			`else:`
			`return False`

			`@staticmethod`
			`def hash(password):`
			`return bcrypt.hashpw(password, bcrypt.gensalt(log_rounds=12))`

			`@classmethod`
			`def logout(cls):`
			`logout_user()`