diff --git a/flask_security/confirmable.py b/flask_security/confirmable.py index cf738f0..e8e9bec 100644 --- a/flask_security/confirmable.py +++ b/flask_security/confirmable.py @@ -12,7 +12,7 @@ from datetime import datetime from itsdangerous import BadSignature, SignatureExpired -from flask import current_app as app, request, url_for +from flask import current_app as app, request from werkzeug.local import LocalProxy from .exceptions import ConfirmationError @@ -34,16 +34,13 @@ def send_confirmation_instructions(user): """ token = generate_confirmation_token(user) url = url_for_security('confirm_email', token=token) - confirmation_link = request.url_root[:-1] + url - ctx = dict(user=user, confirmation_link=confirmation_link) send_mail('Please confirm your email', user.email, 'confirmation_instructions', ctx) confirm_instructions_sent.send(user, app=app._get_current_object()) - return token @@ -80,9 +77,7 @@ def confirm_by_token(token): user.confirmed_at = datetime.utcnow() _datastore._save_model(user) - user_confirmed.send(user, app=app._get_current_object()) - return user except SignatureExpired: diff --git a/flask_security/core.py b/flask_security/core.py index ec67e62..2927d8a 100644 --- a/flask_security/core.py +++ b/flask_security/core.py @@ -227,8 +227,7 @@ class _SecurityState(object): c[endpoint].append(fn) def _run_ctx_processor(self, endpoint): - fns = [] - rv = {} + rv, fns = {}, [] for g in ['all', endpoint]: if g in self.context_processors: @@ -324,20 +323,16 @@ class Security(object): ('principal', _get_principal(app)), ('pwd_context', _get_pwd_context(app)), ('remember_token_serializer', _get_remember_token_serializer(app)), - ('token_auth_serializer', _get_token_auth_serializer(app))]: + ('token_auth_serializer', _get_token_auth_serializer(app)), + ('context_processors', {})]: kwargs[key] = value - kwargs['context_processors'] = {} - kwargs['login_serializer'] = ( _get_login_serializer(app) if kwargs['passwordless'] else None) - kwargs['reset_serializer'] = ( _get_reset_serializer(app) if kwargs['recoverable'] else None) - kwargs['confirm_serializer'] = ( _get_confirm_serializer(app) if kwargs['confirmable'] else None) - return _SecurityState(**kwargs) def __getattr__(self, name): diff --git a/flask_security/datastore.py b/flask_security/datastore.py index 7379eeb..0ba376b 100644 --- a/flask_security/datastore.py +++ b/flask_security/datastore.py @@ -83,7 +83,6 @@ class UserDatastore(object): def _prepare_create_user_args(self, **kwargs): kwargs.setdefault('active', True) kwargs.setdefault('roles', _security.default_roles) - roles = kwargs.get('roles', []) for i, role in enumerate(roles): @@ -92,7 +91,6 @@ class UserDatastore(object): roles[i] = self.find_role(rn) kwargs['roles'] = roles - pwd_context = _security.pwd_context pw = kwargs['password'] diff --git a/flask_security/decorators.py b/flask_security/decorators.py index 9b3d7e3..f6aedda 100644 --- a/flask_security/decorators.py +++ b/flask_security/decorators.py @@ -12,9 +12,8 @@ from functools import wraps from flask import current_app, Response, request, redirect -from flask.ext.login import login_required, login_url, current_user +from flask.ext.login import current_user from flask.ext.principal import RoleNeed, Permission, Identity, identity_changed -from itsdangerous import BadSignature from werkzeug.local import LocalProxy from . import utils @@ -50,19 +49,19 @@ def _get_unauthorized_view(): def _check_token(): header_key = _security.token_authentication_header args_key = _security.token_authentication_key - header_token = request.headers.get(header_key, None) token = request.args.get(args_key, header_token) - serializer = _security.remember_token_serializer + rv = False try: data = serializer.loads(token) user = _security.datastore.find_user(id=data[0]) + rv = utils.md5(user.password) == data[1] except: - return False + pass - return True if utils.md5(user.password) == data[1] else False + return rv def _check_http_auth(): @@ -70,19 +69,15 @@ def _check_http_auth(): try: user = _security.datastore.find_user(email=auth.username) + if utils.verify_password(auth.password, user.password, + salt=_security.password_salt, + use_hmac=_security.password_hmac): + identity_changed.send(current_app._get_current_object(), + identity=Identity(user.id)) + return True except UserNotFoundError: return False - rv = utils.verify_password(auth.password, user.password, - salt=_security.password_salt, - use_hmac=_security.password_hmac) - - if rv: - identity_changed.send(current_app._get_current_object(), - identity=Identity(user.id)) - - return rv - def http_auth_required(realm): """Decorator that protects endpoints using Basic HTTP authentication. @@ -95,17 +90,13 @@ def http_auth_required(realm): def wrapper(*args, **kwargs): if _check_http_auth(): return fn(*args, **kwargs) - r = _security.default_http_auth_realm if callable(realm) else realm h = {'WWW-Authenticate': 'Basic realm="%s"' % r} - return _get_unauthorized_response(headers=h) - return wrapper if callable(realm): return decorator(realm) - return decorator @@ -121,9 +112,7 @@ def auth_token_required(fn): def decorated(*args, **kwargs): if _check_token(): return fn(*args, **kwargs) - return _get_unauthorized_response() - return decorated @@ -142,22 +131,16 @@ def roles_required(*roles): :param args: The required roles. """ def wrapper(fn): - @wraps(fn) def decorated_view(*args, **kwargs): perms = [Permission(RoleNeed(role)) for role in roles] - for perm in perms: if not perm.can(): _logger.debug('Identity does not provide the ' 'roles: %s' % [r for r in roles]) - return _get_unauthorized_view() - return fn(*args, **kwargs) - return decorated_view - return wrapper @@ -176,22 +159,15 @@ def roles_accepted(*roles): :param args: The possible roles. """ def wrapper(fn): - @wraps(fn) def decorated_view(*args, **kwargs): perm = Permission(*[RoleNeed(role) for role in roles]) - if perm.can(): return fn(*args, **kwargs) - r1 = [r for r in roles] r2 = [r.name for r in current_user.roles] - _logger.debug('Current user does not provide a required role. ' 'Accepted: %s Provided: %s' % (r1, r2)) - return _get_unauthorized_view() - return decorated_view - return wrapper diff --git a/flask_security/recoverable.py b/flask_security/recoverable.py index d323894..d472fc2 100644 --- a/flask_security/recoverable.py +++ b/flask_security/recoverable.py @@ -32,7 +32,6 @@ def send_reset_password_instructions(user): """ token = generate_reset_password_token(user) url = url_for_security('reset_password', token=token) - reset_link = request.url_root[:-1] + url send_mail('Password reset instructions', @@ -85,11 +84,8 @@ def reset_by_token(token, password): use_hmac=_security.password_hmac) _datastore._save_model(user) - send_password_reset_notice(user) - password_reset.send(user, app=app._get_current_object()) - return user except SignatureExpired: