U ch2@sddlZddlZddlZddlZddlZddlZddlmZddl m Z ddl Tddl m Z ddlmZGdddejjeZdS) N)abort)rollback_all_ds)*)normalize_email_address) ResponseMixinc@seZdZdZdZddZddZejj ddZ d d Z ejj d d Z ejj d dZ ejj ddZejj ddZejj ddZdS) SigninViewz/signincCs4tjd}|s0tjr0ttj}|r0|d}|S)N access_token)requestcookiesgetdataujsonloads)selfr Zjson_resr./modules/auth/views/signin.py_get_access_tokens     zSigninView._get_access_tokencCs|}|rtj|SdS)N)rmodelsCmfAuthZrsa_verify_unpack_jwt)rr rrr_jwt_from_requestszSigninView._jwt_from_requestc Cs8ddl}ddlm}|}|rnz0|dd}|dd}t|dd}d}Wn6ttttfk rt dd}d}d}d }YnXd}|sd }|rt j j |dgd }|sd }|r|j|krd }|rhtjtj|j} | dkrd tjkrhtd |d |dtjd nLd| kr6tjkrhnn.ttd tjkrTtjd nd} || |Std}tj d} d} | rt j| \}} |dgd}|r|sttd tjkrtjd nd} || |Stj }g}t j!j"ddd gddgdD] }|#t$|j%|&| dqt'|}|(dS)Nr)get_flashed_messagesZpayloadloginscopeexpTzjwt value errorFrfieldsnext_urlz !!! Maybe Cycle Redirect: login=z, scope=z next_url=/ session_tokenZ auth_error)Zcategory_filterZdisabledz==rzplugin.*)filterr)nameZ login_urlz signin.html))htmlflaskrrint ValueError TypeErrorAttributeErrorKeyErrorlogging exceptionrrr rdatetimenowZ fromtimestampdaysr valuesprintr prolong_days make_responseredirect_okrr Z CmfSessionZ from_tokenconfigIS_BOX_VERSIONZCmfAuthOpenIdPluginlistappenddictr!Zget_redirect_urllenZrender)rr"rZjwtrrrZjwt_okauthZ expired_daysresponserrZ_sessionmessagesZshow_register_buttonZ sso_buttonsZpluginZsso_buttons_countrrrr "sn             zSigninView.getc Cstjjs dStjdd}d|}tj|}dt j t j dd}tj |||stjjddd|dd d d d ||d td|}|r||krtjjddd|dd d d d ||d tddS)Ncaptchaauth:user_login_captcha:)kZ auth_failedrzRequire captcha)rreasonZfailT ZoperateZcmf_model_nameparentZ audit_dataZ result_statusZcurrent_transactionZsecurity_level parent_nameZ parent_codeiz Bad captcha)gglobal_settingsauth_check_captchar r.r APPREDIS_DBjoinrandomchoicesstringdigitssetrCmfAudit audit_eventrdecode)rrr=Zdb_keyZ db_captchaZ new_captcharrr_auth_check_captchais<     zSigninView._auth_check_captchacCsztjjs dSttjd}tjd|s0dSddl m }ddl m }tj d|}|}||}||ddS)Nrr>r)Response) ImageCaptchaz image/png)Zmimetype)rGrHrIrr r.rJrKexistsr#rVZ captcha.imagerWr rTZgenerate)rrrVrWr=Zimager rrr captcha_imgs   zSigninView.captcha_imgc Csddl}|jtjd}d|kr*t|}tjd}||tpt j ||}t j j |si}tjrtjd|d<td|d}|jrt|jkrd }tjjr|jr|jtjtjjjd }||jkrd }|rztjd d}tjd d} |r | s6t jjd ddd|idd d||d td||| |jrPd|_t jjdddd|idd d||d |tjdd} tt d|j| i} |!| |W5QRSQRXdS)Nrr@challenge_respmessageFT)r-Znew_password_hashZnew_password_saltZpassword_expiredrpassword_expires_must_changerCrDiZpassword_changedrrZ redirect_url)"urllibparseunquoter r.rrUcmfutil disable_aclrrget_by_challenge_respdpcommitrGalertrr_timerHZpassword_max_daysZpassword_changed_dater+Z timedeltavaluer,r rRrSZ set_pass_hashZsaver1Zjsonifyr3) rrarr[r: abort_kwargsZneed_change_passwordZ expire_datehashZsaltrr;rrrpostsf         zSigninView.postcCsdS)Nr?r)rrrrget_server_challengeszSigninView.get_server_challengecCsZtjstdtdStjjj}tjj |ddgd}|sBtdS|j j rftd|j td|d St d d |j jD}|std |j td|d St|d krtdt |D]}td|r||qt|dkr>td|}td|tj}tjr0tj|r0tdtj}|j ||d Std|j td|d S)uu Определить по куке куда отправить пользователя автоматически. u71. Нет куки - форма авторизации.z /auth/signinrrrz"/auth/signout?next_url=auth/signinuO2.1. У пользователя нет scope - форма создания VM.z /auth/assign)r:cSsg|]}|ddqS):r)split).0rrrr sz&SigninView.proceed..uO2.2. У пользователя нет scope - форма создания VM.r`ur3.2. У пользователя два scope, проверим, не системный ли один из нихz^acrm[0-9]{5,6}$rCuo3. У пользователя один единственный scope - на эту CRM и отправить.zhttps://uc4. У пользователя несколько scope - отправить на список CRM.r)rGr:r)infor2Zemailrkrrr rZis_nullr3rQrqr9rematchdiscardpopr4ZAUTH_SESSION_COOKIE_DOMAINr5 startswith)rrr:Zscopesrr;rrrproceeds8           zSigninView.proceedc Cstttjd}tjd}tFtj||}tjj |sbi}t j rXt j d|d<t d|W5QRX| S)u> Ручка для авторизации rpasswordr\r]r^)rr r.rdrerrrfrgrhrGrirZrsa_sign_pack_jwt)rrr{r:rlrrrsignin_with_login_passwords   z%SigninView.signin_with_login_passwordN)__name__ __module__ __qualname__Z__url__r0rrcmfviewsactionr rUrYrnrorzr|rrrrrs" F  7  %r)r+ urllib.parserarrMrOrjr#rZcmf.data_providers.baserZ cmf.includeZmodules.auth.models.emailrZmodules.auth.views.responserrrZBaseViewrrrrrs