This commit is contained in:
Matt Wright
2012-08-17 15:05:22 -04:00
parent 9c189f9083
commit c36fee7fda
5 changed files with 15 additions and 55 deletions
+1 -6
View File
@@ -12,7 +12,7 @@
from datetime import datetime
from itsdangerous import BadSignature, SignatureExpired
from flask import current_app as app, request, url_for
from flask import current_app as app, request
from werkzeug.local import LocalProxy
from .exceptions import ConfirmationError
@@ -34,16 +34,13 @@ def send_confirmation_instructions(user):
"""
token = generate_confirmation_token(user)
url = url_for_security('confirm_email', token=token)
confirmation_link = request.url_root[:-1] + url
ctx = dict(user=user, confirmation_link=confirmation_link)
send_mail('Please confirm your email', user.email,
'confirmation_instructions', ctx)
confirm_instructions_sent.send(user, app=app._get_current_object())
return token
@@ -80,9 +77,7 @@ def confirm_by_token(token):
user.confirmed_at = datetime.utcnow()
_datastore._save_model(user)
user_confirmed.send(user, app=app._get_current_object())
return user
except SignatureExpired:
+3 -8
View File
@@ -227,8 +227,7 @@ class _SecurityState(object):
c[endpoint].append(fn)
def _run_ctx_processor(self, endpoint):
fns = []
rv = {}
rv, fns = {}, []
for g in ['all', endpoint]:
if g in self.context_processors:
@@ -324,20 +323,16 @@ class Security(object):
('principal', _get_principal(app)),
('pwd_context', _get_pwd_context(app)),
('remember_token_serializer', _get_remember_token_serializer(app)),
('token_auth_serializer', _get_token_auth_serializer(app))]:
('token_auth_serializer', _get_token_auth_serializer(app)),
('context_processors', {})]:
kwargs[key] = value
kwargs['context_processors'] = {}
kwargs['login_serializer'] = (
_get_login_serializer(app) if kwargs['passwordless'] else None)
kwargs['reset_serializer'] = (
_get_reset_serializer(app) if kwargs['recoverable'] else None)
kwargs['confirm_serializer'] = (
_get_confirm_serializer(app) if kwargs['confirmable'] else None)
return _SecurityState(**kwargs)
def __getattr__(self, name):
-2
View File
@@ -83,7 +83,6 @@ class UserDatastore(object):
def _prepare_create_user_args(self, **kwargs):
kwargs.setdefault('active', True)
kwargs.setdefault('roles', _security.default_roles)
roles = kwargs.get('roles', [])
for i, role in enumerate(roles):
@@ -92,7 +91,6 @@ class UserDatastore(object):
roles[i] = self.find_role(rn)
kwargs['roles'] = roles
pwd_context = _security.pwd_context
pw = kwargs['password']
+11 -35
View File
@@ -12,9 +12,8 @@
from functools import wraps
from flask import current_app, Response, request, redirect
from flask.ext.login import login_required, login_url, current_user
from flask.ext.login import current_user
from flask.ext.principal import RoleNeed, Permission, Identity, identity_changed
from itsdangerous import BadSignature
from werkzeug.local import LocalProxy
from . import utils
@@ -50,19 +49,19 @@ def _get_unauthorized_view():
def _check_token():
header_key = _security.token_authentication_header
args_key = _security.token_authentication_key
header_token = request.headers.get(header_key, None)
token = request.args.get(args_key, header_token)
serializer = _security.remember_token_serializer
rv = False
try:
data = serializer.loads(token)
user = _security.datastore.find_user(id=data[0])
rv = utils.md5(user.password) == data[1]
except:
return False
pass
return True if utils.md5(user.password) == data[1] else False
return rv
def _check_http_auth():
@@ -70,19 +69,15 @@ def _check_http_auth():
try:
user = _security.datastore.find_user(email=auth.username)
if utils.verify_password(auth.password, user.password,
salt=_security.password_salt,
use_hmac=_security.password_hmac):
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
return True
except UserNotFoundError:
return False
rv = utils.verify_password(auth.password, user.password,
salt=_security.password_salt,
use_hmac=_security.password_hmac)
if rv:
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
return rv
def http_auth_required(realm):
"""Decorator that protects endpoints using Basic HTTP authentication.
@@ -95,17 +90,13 @@ def http_auth_required(realm):
def wrapper(*args, **kwargs):
if _check_http_auth():
return fn(*args, **kwargs)
r = _security.default_http_auth_realm if callable(realm) else realm
h = {'WWW-Authenticate': 'Basic realm="%s"' % r}
return _get_unauthorized_response(headers=h)
return wrapper
if callable(realm):
return decorator(realm)
return decorator
@@ -121,9 +112,7 @@ def auth_token_required(fn):
def decorated(*args, **kwargs):
if _check_token():
return fn(*args, **kwargs)
return _get_unauthorized_response()
return decorated
@@ -142,22 +131,16 @@ def roles_required(*roles):
:param args: The required roles.
"""
def wrapper(fn):
@wraps(fn)
def decorated_view(*args, **kwargs):
perms = [Permission(RoleNeed(role)) for role in roles]
for perm in perms:
if not perm.can():
_logger.debug('Identity does not provide the '
'roles: %s' % [r for r in roles])
return _get_unauthorized_view()
return fn(*args, **kwargs)
return decorated_view
return wrapper
@@ -176,22 +159,15 @@ def roles_accepted(*roles):
:param args: The possible roles.
"""
def wrapper(fn):
@wraps(fn)
def decorated_view(*args, **kwargs):
perm = Permission(*[RoleNeed(role) for role in roles])
if perm.can():
return fn(*args, **kwargs)
r1 = [r for r in roles]
r2 = [r.name for r in current_user.roles]
_logger.debug('Current user does not provide a required role. '
'Accepted: %s Provided: %s' % (r1, r2))
return _get_unauthorized_view()
return decorated_view
return wrapper
-4
View File
@@ -32,7 +32,6 @@ def send_reset_password_instructions(user):
"""
token = generate_reset_password_token(user)
url = url_for_security('reset_password', token=token)
reset_link = request.url_root[:-1] + url
send_mail('Password reset instructions',
@@ -85,11 +84,8 @@ def reset_by_token(token, password):
use_hmac=_security.password_hmac)
_datastore._save_model(user)
send_password_reset_notice(user)
password_reset.send(user, app=app._get_current_object())
return user
except SignatureExpired: