realms-wiki/realms/modules/auth/models.py

from flask import current_app
from flask.ext.login import UserMixin, logout_user, login_user, AnonymousUserMixin
from realms import login_manager, db
from realms.lib.model import Model
from realms.lib.util import gravatar_url
from itsdangerous import URLSafeSerializer, BadSignature
from hashlib import sha256
import bcrypt


@login_manager.user_loader
def load_user(user_id):
    return User.get_by_id(user_id)


@login_manager.token_loader
def load_token(token):
    # Load unsafe because payload is needed for sig
    sig_okay, payload = URLSafeSerializer(current_app.config['SECRET_KEY']).loads_unsafe(token)

    if not payload:
        return None

    # User key *could* be stored in payload to avoid user lookup in db
    user = User.get_by_id(payload.get('id'))

    if not user:
        return None

    try:
        if User.signer(sha256(user.password).hexdigest()).loads(token):
            return user
        else:
            return None
    except BadSignature:
        return None


class AnonUser(AnonymousUserMixin):
    username = 'Anon'
    email = ''
    admin = False


class User(Model, UserMixin):
    __tablename__ = 'users'
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(128), unique=True)
    email = db.Column(db.String(128), unique=True)
    password = db.Column(db.String(60))
    admin = False

    hidden_fields = ['password']
    readonly_fields = ['email', 'password']

    def get_auth_token(self):
        key = sha256(self.password).hexdigest()
        return User.signer(key).dumps(dict(id=self.id))

    @property
    def avatar(self):
        return gravatar_url(self.email)

    @staticmethod
    def create(username, email, password):
        u = User()
        u.username = username
        u.email = email
        u.password = User.hash_password(password)
        u.save()

    @staticmethod
    def get_by_username(username):
        return User.query().filter_by(username=username).first()

    @staticmethod
    def get_by_email(email):
        return User.query().filter_by(email=email).first()

    @staticmethod
    def signer(salt):
        return URLSafeSerializer(current_app.config['SECRET_KEY'] + salt)

    @staticmethod
    def auth(email, password):
        user = User.get_by_email(email)

        if not user:
            # User doesn't exist
            return False

        if User.check_password(password, user.password):
            # Password is good, log in user
            login_user(user, remember=True)
            return user
        else:
            # Password check failed
            return False

    @staticmethod
    def hash_password(password):
        return bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt(12))

    @staticmethod
    def check_password(password, hashed):
        return bcrypt.hashpw(password.encode('utf-8'), hashed.encode('utf-8')) == hashed

    @classmethod
    def logout(cls):
        logout_user()

login_manager.anonymous_user = AnonUser
use application factory, WIP 2014-10-22 00:06:27 +03:00			`from flask import current_app`
WIP 2014-08-30 18:06:12 +03:00			`from flask.ext.login import UserMixin, logout_user, login_user, AnonymousUserMixin`
use application factory, WIP 2014-10-22 00:06:27 +03:00			`from realms import login_manager, db`
WIP 2014-08-30 18:06:12 +03:00			`from realms.lib.model import Model`
			`from realms.lib.util import gravatar_url`
WIP 2014-08-20 18:28:25 +03:00			`from itsdangerous import URLSafeSerializer, BadSignature`
			`from hashlib import sha256`
			`import bcrypt`


			`@login_manager.user_loader`
			`def load_user(user_id):`
WIP 2014-08-30 18:06:12 +03:00			`return User.get_by_id(user_id)`
WIP 2014-08-20 18:28:25 +03:00

			`@login_manager.token_loader`
			`def load_token(token):`
			`# Load unsafe because payload is needed for sig`
use application factory, WIP 2014-10-22 00:06:27 +03:00			`sig_okay, payload = URLSafeSerializer(current_app.config['SECRET_KEY']).loads_unsafe(token)`
WIP 2014-08-20 18:28:25 +03:00
			`if not payload:`
Fix load token bug 2014-09-18 18:42:32 +03:00			`return None`
WIP 2014-08-20 18:28:25 +03:00
			`# User key could be stored in payload to avoid user lookup in db`
WIP 2014-08-30 18:06:12 +03:00			`user = User.get_by_id(payload.get('id'))`
WIP 2014-08-20 18:28:25 +03:00
			`if not user:`
Fix load token bug 2014-09-18 18:42:32 +03:00			`return None`
WIP 2014-08-20 18:28:25 +03:00
			`try:`
			`if User.signer(sha256(user.password).hexdigest()).loads(token):`
			`return user`
			`else:`
Fix load token bug 2014-09-18 18:42:32 +03:00			`return None`
WIP 2014-08-20 18:28:25 +03:00			`except BadSignature:`
Fix load token bug 2014-09-18 18:42:32 +03:00			`return None`
WIP 2014-08-20 18:28:25 +03:00

WIP 2014-08-30 18:06:12 +03:00			`class AnonUser(AnonymousUserMixin):`
			`username = 'Anon'`
			`email = ''`
worked on assets bundling, added admin field 2014-09-04 05:29:47 +03:00			`admin = False`
WIP 2014-08-30 18:06:12 +03:00
WIP 2014-08-20 18:28:25 +03:00
WIP 2014-08-30 18:06:12 +03:00			`class User(Model, UserMixin):`
			`__tablename__ = 'users'`
			`id = db.Column(db.Integer, primary_key=True)`
Added RDBMS info Canonical names to forced to lowercase Made user model compatible to other DBs CSS adjustments Basic Firepad support (no presence info) Cleaned up JS a bit Added ability to remove draft from localstorage Added support for drafts on multiple pages Alert user if page changes, issue #1 2014-10-03 21:49:18 +03:00			`username = db.Column(db.String(128), unique=True)`
			`email = db.Column(db.String(128), unique=True)`
			`password = db.Column(db.String(60))`
worked on assets bundling, added admin field 2014-09-04 05:29:47 +03:00			`admin = False`
WIP 2014-08-20 18:28:25 +03:00
WIP 2014-08-30 18:06:12 +03:00			`hidden_fields = ['password']`
			`readonly_fields = ['email', 'password']`
WIP 2014-08-20 18:28:25 +03:00
			`def get_auth_token(self):`
			`key = sha256(self.password).hexdigest()`
WIP 2014-08-30 18:06:12 +03:00			`return User.signer(key).dumps(dict(id=self.id))`

			`@property`
			`def avatar(self):`
			`return gravatar_url(self.email)`
WIP 2014-08-20 18:28:25 +03:00
			`@staticmethod`
			`def create(username, email, password):`
WIP 2014-08-30 18:06:12 +03:00			`u = User()`
			`u.username = username`
			`u.email = email`
			`u.password = User.hash_password(password)`
			`u.save()`
WIP 2014-08-20 18:28:25 +03:00
			`@staticmethod`
WIP 2014-08-30 18:06:12 +03:00			`def get_by_username(username):`
fix #32 2014-10-31 00:59:19 +02:00			`return User.query().filter_by(username=username).first()`
WIP 2014-08-20 18:28:25 +03:00
			`@staticmethod`
WIP 2014-08-30 18:06:12 +03:00			`def get_by_email(email):`
fix #32 2014-10-31 00:59:19 +02:00			`return User.query().filter_by(email=email).first()`
WIP 2014-08-20 18:28:25 +03:00
			`@staticmethod`
WIP 2014-08-30 18:06:12 +03:00			`def signer(salt):`
use application factory, WIP 2014-10-22 00:06:27 +03:00			`return URLSafeSerializer(current_app.config['SECRET_KEY'] + salt)`
WIP 2014-08-20 18:28:25 +03:00
			`@staticmethod`
			`def auth(email, password):`
fix #32 2014-10-31 00:59:19 +02:00			`user = User.get_by_email(email)`
WIP 2014-08-20 18:28:25 +03:00
			`if not user:`
WIP 2014-08-30 18:06:12 +03:00			`# User doesn't exist`
WIP 2014-08-20 18:28:25 +03:00			`return False`

WIP 2014-08-30 18:06:12 +03:00			`if User.check_password(password, user.password):`
			`# Password is good, log in user`
WIP 2014-08-20 18:28:25 +03:00			`login_user(user, remember=True)`
			`return user`
			`else:`
WIP 2014-08-30 18:06:12 +03:00			`# Password check failed`
WIP 2014-08-20 18:28:25 +03:00			`return False`

			`@staticmethod`
WIP 2014-08-30 18:06:12 +03:00			`def hash_password(password):`
			`return bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt(12))`

			`@staticmethod`
			`def check_password(password, hashed):`
			`return bcrypt.hashpw(password.encode('utf-8'), hashed.encode('utf-8')) == hashed`
WIP 2014-08-20 18:28:25 +03:00
			`@classmethod`
			`def logout(cls):`
			`logout_user()`

WIP 2014-08-30 18:06:12 +03:00			`login_manager.anonymous_user = AnonUser`