anoopmb
/
frappe
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
919 Commits
1 Branch
314 MiB
 
 
 
 
 
 
Tree: 5a4fd43b31
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5a4fd43b31'
${ noResults }
frappe/py/webnotes/auth.py

427 lines
12 KiB
Raw Blame History 

  1. # Copyright (c) 2012 Web Notes Technologies Pvt Ltd (http://erpnext.com)

  2. # 

  3. # MIT License (MIT)

  4. # 

  5. # Permission is hereby granted, free of charge, to any person obtaining a 

  6. # copy of this software and associated documentation files (the "Software"), 

  7. # to deal in the Software without restriction, including without limitation 

  8. # the rights to use, copy, modify, merge, publish, distribute, sublicense, 

  9. # and/or sell copies of the Software, and to permit persons to whom the 

  10. # Software is furnished to do so, subject to the following conditions:

  11. # 

  12. # The above copyright notice and this permission notice shall be included in 

  13. # all copies or substantial portions of the Software.

  14. # 

  15. # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 

  16. # INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 

  17. # PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 

  18. # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF 

  19. # CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE 

  20. # OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

  21. # 

  22. 

  23. import webnotes

  24. import webnotes.db

  25. import webnotes.utils

  26. import webnotes.profile

  27. import conf

  28. 

  29. # =================================================================================

  30. # HTTPRequest

  31. # =================================================================================

  32. 

  33. class HTTPRequest:

  34. 	def __init__(self):

  35. 

  36. 		# Get Environment variables

  37. 		self.domain = webnotes.get_env_vars('HTTP_HOST')

  38. 		if self.domain and self.domain.startswith('www.'):

  39. 			self.domain = self.domain[4:]

  40. 

  41. 		webnotes.remote_ip = webnotes.get_env_vars('REMOTE_ADDR')					

  42. 

  43. 		# load cookies

  44. 		webnotes.cookie_manager = CookieManager()

  45. 

  46. 		# set db

  47. 		self.set_db()

  48. 

  49. 		# -----------------------------

  50. 		# start transaction

  51. 		webnotes.conn.begin()

  52. 

  53. 		# login

  54. 		webnotes.login_manager = LoginManager()

  55. 

  56. 		# start session

  57. 		webnotes.session_obj = Session()

  58. 		webnotes.session = webnotes.session_obj.data

  59. 

  60. 		# check status

  61. 		if webnotes.conn.get_global("__session_status")=='stop':

  62. 			webnotes.msgprint(webnotes.conn.get_global("__session_status_message"))

  63. 			raise webnotes.SessionStopped('Session Stopped')

  64. 

  65. 		# run login triggers

  66. 		if webnotes.form_dict.get('cmd')=='login':

  67. 			webnotes.login_manager.run_trigger('on_login_post_session')

  68. 			

  69. 		# load profile

  70. 		self.setup_profile()

  71. 

  72. 		# write out cookies

  73. 		webnotes.cookie_manager.set_cookies()

  74. 

  75. 		webnotes.conn.commit()

  76. 		# end transaction

  77. 		# -----------------------------

  78. 

  79. 	# setup profile

  80. 	# -------------

  81. 

  82. 	def setup_profile(self):

  83. 		webnotes.user = webnotes.profile.Profile()

  84. 		# load the profile data

  85. 		if webnotes.session['data'].get('profile'):

  86. 			webnotes.user.load_from_session(webnotes.session['data']['profile'])

  87. 		else:

  88. 			webnotes.user.load_profile()

  89. 

  90. 	# set database login

  91. 	# ------------------

  92. 

  93. 	def get_db_name(self):

  94. 		"""get database name from conf"""

  95. 		return conf.db_name

  96. 

  97. 	def set_db(self, ac_name = None):

  98. 		"""connect to db, from ac_name or db_name"""

  99. 			

  100. 		webnotes.conn = webnotes.db.Database(user = self.get_db_name(), \

  101. 			password = getattr(conf,'db_password', ''))

  102. 

  103. # =================================================================================

  104. # Login Manager

  105. # =================================================================================

  106. 

  107. class LoginManager:

  108. 	def __init__(self):

  109. 		self.cp = None

  110. 		if webnotes.form_dict.get('cmd')=='login':

  111. 			# clear cache

  112. 			from webnotes.session_cache import clear_cache

  113. 			clear_cache(webnotes.form_dict.get('usr'))				

  114. 

  115. 			self.authenticate()

  116. 			self.post_login()

  117. 			webnotes.response['message'] = 'Logged In'

  118. 

  119. 	# run triggers, write cookies

  120. 	# ---------------------------

  121. 	

  122. 	def post_login(self):

  123. 		self.run_trigger()

  124. 		self.validate_ip_address()

  125. 		self.validate_hour()

  126. 	

  127. 	# check password

  128. 	# --------------

  129. 	

  130. 	def authenticate(self, user=None, pwd=None):

  131. 		if not (user and pwd):	

  132. 			user, pwd = webnotes.form_dict.get('usr'), webnotes.form_dict.get('pwd')

  133. 		if not (user and pwd):

  134. 			webnotes.response['message'] = 'Incomplete Login Details'  

  135. 			raise webnotes.AuthenticationError

  136. 		# custom authentication (for single-sign on)

  137. 		self.load_control_panel()

  138. 		if hasattr(self.cp, 'authenticate'):

  139. 			self.user = self.cp.authenticate()

  140. 		

  141. 		# check the password

  142. 		if user=='Administrator':

  143. 			p = webnotes.conn.sql("""select name, first_name, last_name 

  144. 				from tabProfile where name=%s 

  145. 				and (`password`=%s OR `password`=PASSWORD(%s))""", (user, pwd, pwd), as_dict=1)

  146. 		else:

  147. 			p = webnotes.conn.sql("""select name, first_name, last_name 

  148. 				from tabProfile where name=%s 

  149. 				and (`password`=%s  OR `password`=PASSWORD(%s)) 

  150. 				and IFNULL(enabled,0)=1""", (user, pwd, pwd), as_dict=1)

  151. 		if not p:

  152. 			webnotes.response['message'] = 'Authentication Failed'

  153. 			raise webnotes.AuthenticationError

  154. 			#webnotes.msgprint('Authentication Failed',raise_exception=1)

  155. 			

  156. 		p = p[0]

  157. 		self.user = p['name']

  158. 		self.user_fullname = (p.get('first_name') and (p.get('first_name') + ' ') or '') \

  159. 			+ (p.get('last_name') or '')

  160. 	

  161. 	# triggers

  162. 	# --------

  163. 	

  164. 	def load_control_panel(self):

  165. 		import webnotes.model.code

  166. 		try:

  167. 			if not self.cp:

  168. 				self.cp = webnotes.model.code.get_obj('Control Panel')

  169. 		except Exception, e:

  170. 			webnotes.response['Control Panel Exception'] = webnotes.utils.getTraceback()

  171. 	

  172. 	# --------

  173. 	def run_trigger(self, method='on_login'):

  174. 		try:

  175. 			from startup import event_handlers

  176. 			if hasattr(event_handlers, method):

  177. 				getattr(event_handlers, method)(self)

  178. 			return

  179. 		except ImportError, e:

  180. 			pass

  181. 	

  182. 		# deprecated

  183. 		self.load_control_panel()

  184. 		if self.cp and hasattr(self.cp, method):

  185. 			getattr(self.cp, method)(self)

  186. 

  187. 	# ip validation

  188. 	# -------------

  189. 	

  190. 	def validate_ip_address(self):

  191. 		ip_list = webnotes.conn.get_value('Profile', self.user, 'restrict_ip', ignore=True)

  192. 		

  193. 		if not ip_list:

  194. 			return

  195. 

  196. 		ip_list = ip_list.replace(",", "\n").split('\n')

  197. 		ip_list = [i.strip() for i in ip_list]

  198. 

  199. 		for ip in ip_list:

  200. 			if webnotes.remote_ip.startswith(ip):

  201. 				return

  202. 			

  203. 		webnotes.msgprint('Not allowed from this IP Address')

  204. 		raise webnotes.AuthenticationError

  205. 

  206. 	def validate_hour(self):

  207. 		"""

  208. 			check if user is logging in during restricted hours

  209. 		"""

  210. 		login_before = int(webnotes.conn.get_value('Profile', self.user, 'login_before', ignore=True) or 0)

  211. 		login_after = int(webnotes.conn.get_value('Profile', self.user, 'login_after', ignore=True) or 0)

  212. 		

  213. 		if not (login_before or login_after):

  214. 			return

  215. 			

  216. 		from webnotes.utils import now_datetime

  217. 		current_hour = int(now_datetime().strftime('%H'))

  218. 				

  219. 		if login_before and current_hour > login_before:

  220. 			webnotes.msgprint('Not allowed to login after restricted hour', raise_exception=1)

  221. 

  222. 		if login_after and current_hour < login_after:

  223. 			webnotes.msgprint('Not allowed to login before restricted hour', raise_exception=1)

  224. 

  225. 	# login as guest

  226. 	# --------------

  227. 	

  228. 	def login_as_guest(self):

  229. 		self.user = 'Guest'

  230. 		self.post_login()

  231. 

  232. 	# Logout

  233. 	# ------

  234. 	

  235. 	def call_on_logout_event(self):

  236. 		import webnotes.model.code

  237. 		cp = webnotes.model.code.get_obj('Control Panel', 'Control Panel')

  238. 		if hasattr(cp, 'on_logout'):

  239. 			cp.on_logout(self)

  240. 

  241. 	def logout(self, arg='', user=None):

  242. 		if not user: user = webnotes.session.get('user')

  243. 		self.user = user

  244. 		self.run_trigger('on_logout')

  245. 		webnotes.conn.sql('delete from tabSessions where user=%s', user)

  246. 		

  247. # =================================================================================

  248. # Cookie Manager

  249. # =================================================================================

  250. 

  251. class CookieManager:

  252. 	def __init__(self):

  253. 		import Cookie

  254. 		webnotes.cookies = Cookie.SimpleCookie()

  255. 		self.get_incoming_cookies()

  256. 

  257. 	# get incoming cookies

  258. 	# --------------------

  259. 	def get_incoming_cookies(self):

  260. 		import os

  261. 		cookies = {}

  262. 		if 'HTTP_COOKIE' in os.environ:

  263. 			c = os.environ['HTTP_COOKIE']

  264. 			webnotes.cookies.load(c)

  265. 			for c in webnotes.cookies.values():

  266. 				cookies[c.key] = c.value

  267. 					

  268. 		webnotes.incoming_cookies = cookies

  269. 		

  270. 	# Set cookies

  271. 	# -----------

  272. 	

  273. 	def set_cookies(self):

  274. 		if webnotes.form_dict.get('cmd')=='logout':

  275. 			webnotes.cookies['account_id'] = ''

  276. 		else:

  277. 			webnotes.cookies['account_id'] = webnotes.conn.cur_db_name

  278. 		

  279. 		if webnotes.session.get('sid'):

  280. 			webnotes.cookies['sid'] = webnotes.session['sid']

  281. 

  282. 			# sid expires in 3 days

  283. 			import datetime

  284. 			expires = datetime.datetime.now() + datetime.timedelta(days=3)

  285. 			webnotes.cookies['sid']['expires'] = expires.strftime('%a, %d %b %Y %H:%M:%S')		

  286. 

  287. 	# Set Remember Me

  288. 	# ---------------

  289. 

  290. 	def set_remember_me(self):

  291. 		if webnotes.utils.cint(webnotes.form_dict.get('remember_me')):

  292. 			remember_days = webnotes.conn.get_value('Control Panel',None,'remember_for_days') or 7

  293. 			webnotes.cookies['remember_me'] = 1

  294. 

  295. 			import datetime

  296. 			expires = datetime.datetime.now() + datetime.timedelta(days=remember_days)

  297. 

  298. 			for k in webnotes.cookies.keys():

  299. 				webnotes.cookies[k]['expires'] = expires.strftime('%a, %d %b %Y %H:%M:%S')	

  300. 

  301. # =================================================================================

  302. # Session 

  303. # =================================================================================

  304. 

  305. class Session:

  306. 	def __init__(self, user=None):

  307. 		self.user = user

  308. 		self.sid = webnotes.form_dict.get('sid') or webnotes.incoming_cookies.get('sid')

  309. 		self.data = {'user':user,'data':{}}

  310. 

  311. 		if webnotes.form_dict.get('cmd')=='login':

  312. 			self.start()

  313. 			return

  314. 			

  315. 		self.load()

  316. 	

  317. 	# start a session

  318. 	# ---------------

  319. 	def get_session_record(self):

  320. 		"""get session record, or return the standard Guest Record"""

  321. 		r = webnotes.conn.sql("""select user, sessiondata, status from 

  322. 			tabSessions where sid='%s'""" % self.sid)

  323. 		if not r:

  324. 			self.sid = 'Guest'

  325. 			r = webnotes.conn.sql("""select user, sessiondata, status from 

  326. 				tabSessions where sid='%s'""" % self.sid)

  327. 			

  328. 		return r and r[0] or None

  329. 	

  330. 	def load(self):

  331. 		"""non-login request: load a session"""

  332. 		import webnotes

  333. 		

  334. 		r = self.get_session_record()

  335. 		if r:

  336. 			self.data = {'data': (r[1] and eval(r[1]) or {}), 

  337. 					'user':r[0], 'sid': self.sid}

  338. 		else:				

  339. 			self.start_as_guest()

  340. 

  341. 	def start_as_guest(self):

  342. 		"""all guests share the same 'Guest' session"""

  343. 		webnotes.login_manager.login_as_guest()

  344. 		self.start()

  345. 

  346. 	def start(self):

  347. 		"""start a new session"""

  348. 		import os

  349. 		import webnotes

  350. 		import webnotes.utils

  351. 		

  352. 		# generate sid

  353. 		if webnotes.login_manager.user=='Guest':

  354. 			sid = 'Guest'

  355. 		else:

  356. 			sid = webnotes.utils.generate_hash()

  357. 		

  358. 		self.data['user'] = webnotes.login_manager.user

  359. 		self.data['sid'] = sid

  360. 		self.data['data']['session_ip'] = os.environ.get('REMOTE_ADDR');

  361. 		self.data['data']['tenant_id'] = webnotes.form_dict.get('tenant_id', 0)

  362. 

  363. 		# get ipinfo

  364. 		if webnotes.conn.get_global('get_ip_info'):

  365. 			self.get_ipinfo()

  366. 		

  367. 		# insert session

  368. 		try:

  369. 			self.insert_session_record()

  370. 		except Exception, e:

  371. 			if e.args[0]==1054:

  372. 				self.add_status_column()

  373. 				self.insert_session_record()

  374. 			else:

  375. 				raise e

  376. 

  377. 		# update profile

  378. 		webnotes.conn.sql("""UPDATE tabProfile SET last_login = '%s', last_ip = '%s' 

  379. 			where name='%s'""" % (webnotes.utils.now(), webnotes.remote_ip, self.data['user']))

  380. 

  381. 		# set cookies to write

  382. 		webnotes.session = self.data

  383. 		webnotes.cookie_manager.set_cookies()

  384. 

  385. 	def update(self):

  386. 		"""extend session expiry"""

  387. 		if webnotes.session['user'] != 'Guest':

  388. 			self.check_expired()

  389. 			webnotes.conn.sql("""update tabSessions set sessiondata=%s, user=%s, lastupdate=NOW() 

  390. 				where sid=%s""" , (str(self.data['data']), self.data['user'], self.data['sid']))	

  391. 

  392. 	# check expired

  393. 	# -------------

  394. 	def check_expired(self):

  395. 		"""expire non-guest sessions"""

  396. 		exp_sec = webnotes.conn.get_value('Control Panel', None, 'session_expiry') or '6:00:00'

  397. 		

  398. 		# set sessions as expired

  399. 		try:

  400. 			webnotes.conn.sql("""delete from tabSessions

  401. 				where TIMEDIFF(NOW(), lastupdate) > TIME(%s) and sid!='Guest'""", exp_sec)

  402. 		except Exception, e:

  403. 			if e.args[0]==1054:

  404. 				self.add_status_column()

  405. 

  406. 		# clear out old sessions

  407. 		webnotes.conn.sql("""delete from tabSessions where TIMEDIFF(NOW(), lastupdate) 

  408. 			> TIME('72:00:00') and sid!='Guest'""")

  409. 

  410. 	def get_ipinfo(self):

  411. 		import os

  412. 		

  413. 		try:

  414. 			import pygeoip

  415. 		except:

  416. 			return

  417. 		

  418. 		gi = pygeoip.GeoIP('data/GeoIP.dat')

  419. 		self.data['data']['ipinfo'] = {'countryName': gi.country_name_by_addr(os.environ.get('REMOTE_ADDR'))}

  420. 			

  421. 	def insert_session_record(self):

  422. 		webnotes.conn.sql("""insert into tabSessions 

  423. 			(sessiondata, user, lastupdate, sid, status) 

  424. 			values (%s , %s, NOW(), %s, 'Active')""", 

  425. 				(str(self.data['data']), self.data['user'], self.data['sid']))

  426.