anoopmb
/
frappe
1
0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7620 Commit
1 分支
314 MiB
 
 
 
 
 
 
目錄樹: f7a8f94e1f
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from 'f7a8f94e1f'
${ noResults }
frappe/frappe/auth.py

272 line
8.0 KiB
原始文件 Blame 文件歷史 

  1. # Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors

  2. # MIT License. See license.txt

  3. 

  4. from __future__ import unicode_literals

  5. import datetime

  6. 

  7. from frappe import _

  8. import frappe

  9. import frappe.database

  10. import frappe.utils

  11. import frappe.utils.user

  12. from frappe import conf

  13. from frappe.sessions import Session, clear_sessions, delete_session

  14. from frappe.modules.patch_handler import check_session_stopped

  15. 

  16. from urllib import quote

  17. 

  18. class HTTPRequest:

  19. 	def __init__(self):

  20. 		# Get Environment variables

  21. 		self.domain = frappe.request.host

  22. 		if self.domain and self.domain.startswith('www.'):

  23. 			self.domain = self.domain[4:]

  24. 

  25. 		if frappe.get_request_header('X-Forwarded-For'):

  26. 			frappe.local.request_ip = frappe.get_request_header('X-Forwarded-For')

  27. 

  28. 		elif frappe.get_request_header('REMOTE_ADDR'):

  29. 			frappe.local.request_ip = frappe.get_request_header('REMOTE_ADDR')

  30. 

  31. 		else:

  32. 			frappe.local.request_ip = '127.0.0.1'

  33. 

  34. 		# language

  35. 		self.set_lang(frappe.request.accept_languages.values())

  36. 

  37. 		# load cookies

  38. 		frappe.local.cookie_manager = CookieManager()

  39. 

  40. 		# override request method. All request to be of type POST, but if _type == "POST" then commit

  41. 		if frappe.form_dict.get("_type"):

  42. 			frappe.local.request_method = frappe.form_dict.get("_type")

  43. 			del frappe.form_dict["_type"]

  44. 

  45. 		# set db

  46. 		self.connect()

  47. 

  48. 		# login

  49. 		frappe.local.login_manager = LoginManager()

  50. 

  51. 		# write out latest cookies

  52. 		frappe.local.cookie_manager.init_cookies()

  53. 

  54. 		# check status

  55. 		check_session_stopped()

  56. 

  57. 		# run login triggers

  58. 		if frappe.form_dict.get('cmd')=='login':

  59. 			frappe.local.login_manager.run_trigger('on_session_creation')

  60. 

  61. 

  62. 	def set_lang(self, lang_codes):

  63. 		from frappe.translate import guess_language

  64. 		frappe.local.lang = guess_language(lang_codes)

  65. 

  66. 	def get_db_name(self):

  67. 		"""get database name from conf"""

  68. 		return conf.db_name

  69. 

  70. 	def connect(self, ac_name = None):

  71. 		"""connect to db, from ac_name or db_name"""

  72. 		frappe.local.db = frappe.database.Database(user = self.get_db_name(), \

  73. 			password = getattr(conf,'db_password', ''))

  74. 

  75. class LoginManager:

  76. 	def __init__(self):

  77. 		self.user = None

  78. 		self.info = None

  79. 		self.full_name = None

  80. 		self.user_type = None

  81. 

  82. 		if frappe.local.form_dict.get('cmd')=='login' or frappe.local.request.path=="/api/method/login":

  83. 			self.login()

  84. 		else:

  85. 			self.make_session(resume=True)

  86. 

  87. 	def login(self):

  88. 		# clear cache

  89. 		frappe.clear_cache(user = frappe.form_dict.get('usr'))

  90. 		self.authenticate()

  91. 		self.post_login()

  92. 

  93. 	def post_login(self):

  94. 		self.info = frappe.db.get_value("User", self.user,

  95. 			["user_type", "first_name", "last_name", "user_image"], as_dict=1)

  96. 		self.full_name = " ".join(filter(None, [self.info.first_name, self.info.last_name]))

  97. 		self.user_type = self.info.user_type

  98. 

  99. 		self.run_trigger('on_login')

  100. 		self.validate_ip_address()

  101. 		self.validate_hour()

  102. 		self.make_session()

  103. 		self.set_user_info()

  104. 

  105. 	def set_user_info(self):

  106. 		# set sid again

  107. 		frappe.local.cookie_manager.init_cookies()

  108. 

  109. 		if self.info.user_type=="Website User":

  110. 			frappe.local.cookie_manager.set_cookie("system_user", "no")

  111. 			frappe.local.response["message"] = "No App"

  112. 		else:

  113. 			frappe.local.cookie_manager.set_cookie("system_user", "yes")

  114. 			frappe.local.response['message'] = 'Logged In'

  115. 

  116. 		frappe.response["full_name"] = self.full_name

  117. 		frappe.local.cookie_manager.set_cookie("full_name", self.full_name)

  118. 		frappe.local.cookie_manager.set_cookie("user_id", self.user)

  119. 		frappe.local.cookie_manager.set_cookie("user_image", self.info.user_image or "")

  120. 

  121. 	def make_session(self, resume=False):

  122. 		# start session

  123. 		frappe.local.session_obj = Session(user=self.user, resume=resume,

  124. 			full_name=self.full_name, user_type=self.user_type)

  125. 

  126. 		# reset user if changed to Guest

  127. 		self.user = frappe.local.session_obj.user

  128. 		frappe.local.session = frappe.local.session_obj.data

  129. 		self.clear_active_sessions()

  130. 

  131. 	def clear_active_sessions(self):

  132. 		if not frappe.conf.get("deny_multiple_sessions"):

  133. 			return

  134. 

  135. 		if frappe.session.user != "Guest":

  136. 			clear_sessions(frappe.session.user, keep_current=True)

  137. 

  138. 	def authenticate(self, user=None, pwd=None):

  139. 		if not (user and pwd):

  140. 			user, pwd = frappe.form_dict.get('usr'), frappe.form_dict.get('pwd')

  141. 		if not (user and pwd):

  142. 			self.fail('Incomplete login details')

  143. 

  144. 		self.check_if_enabled(user)

  145. 		self.user = self.check_password(user, pwd)

  146. 

  147. 	def check_if_enabled(self, user):

  148. 		"""raise exception if user not enabled"""

  149. 		from frappe.utils import cint

  150. 		if user=='Administrator': return

  151. 		if not cint(frappe.db.get_value('User', user, 'enabled')):

  152. 			self.fail('User disabled or missing')

  153. 

  154. 	def check_password(self, user, pwd):

  155. 		"""check password"""

  156. 		user = frappe.db.sql("""select `user` from __Auth where `user`=%s

  157. 			and `password`=password(%s)""", (user, pwd))

  158. 		if not user:

  159. 			self.fail('Incorrect password')

  160. 		else:

  161. 			return user[0][0] # in correct case

  162. 

  163. 	def fail(self, message):

  164. 		frappe.local.response['message'] = message

  165. 		raise frappe.AuthenticationError

  166. 

  167. 	def run_trigger(self, event='on_login'):

  168. 		for method in frappe.get_hooks().get(event, []):

  169. 			frappe.call(frappe.get_attr(method), login_manager=self)

  170. 

  171. 	def validate_ip_address(self):

  172. 		"""check if IP Address is valid"""

  173. 		ip_list = frappe.db.get_value('User', self.user, 'restrict_ip', ignore=True)

  174. 		if not ip_list:

  175. 			return

  176. 

  177. 		ip_list = ip_list.replace(",", "\n").split('\n')

  178. 		ip_list = [i.strip() for i in ip_list]

  179. 

  180. 		for ip in ip_list:

  181. 			if frappe.local.request_ip.startswith(ip):

  182. 				return

  183. 

  184. 		frappe.throw(_("Not allowed from this IP Address"), frappe.AuthenticationError)

  185. 

  186. 	def validate_hour(self):

  187. 		"""check if user is logging in during restricted hours"""

  188. 		login_before = int(frappe.db.get_value('User', self.user, 'login_before', ignore=True) or 0)

  189. 		login_after = int(frappe.db.get_value('User', self.user, 'login_after', ignore=True) or 0)

  190. 

  191. 		if not (login_before or login_after):

  192. 			return

  193. 

  194. 		from frappe.utils import now_datetime

  195. 		current_hour = int(now_datetime().strftime('%H'))

  196. 

  197. 		if login_before and current_hour > login_before:

  198. 			frappe.throw(_("Login not allowed at this time"), frappe.AuthenticationError)

  199. 

  200. 		if login_after and current_hour < login_after:

  201. 			frappe.throw(_("Login not allowed at this time"), frappe.AuthenticationError)

  202. 

  203. 	def login_as_guest(self):

  204. 		"""login as guest"""

  205. 		self.login_as("Guest")

  206. 

  207. 	def login_as(self, user):

  208. 		self.user = user

  209. 		self.post_login()

  210. 

  211. 	def logout(self, arg='', user=None):

  212. 		if not user: user = frappe.session.user

  213. 		self.run_trigger('on_logout')

  214. 

  215. 		if user == frappe.session.user:

  216. 			delete_session(frappe.session.sid)

  217. 			self.clear_cookies()

  218. 		else:

  219. 			clear_sessions(user)

  220. 

  221. 	def clear_cookies(self):

  222. 		clear_cookies()

  223. 

  224. class CookieManager:

  225. 	def __init__(self):

  226. 		self.cookies = {}

  227. 		self.to_delete = []

  228. 

  229. 	def init_cookies(self):

  230. 		if not frappe.local.session.get('sid'): return

  231. 

  232. 		# sid expires in 3 days

  233. 		expires = datetime.datetime.now() + datetime.timedelta(days=3)

  234. 		if frappe.session.sid:

  235. 			self.cookies["sid"] = {"value": frappe.session.sid, "expires": expires}

  236. 		if frappe.session.session_country:

  237. 			self.cookies["country"] = {"value": frappe.session.get("session_country")}

  238. 

  239. 	def set_cookie(self, key, value, expires=None):

  240. 		self.cookies[key] = {"value": value, "expires": expires}

  241. 

  242. 	def delete_cookie(self, to_delete):

  243. 		if not isinstance(to_delete, (list, tuple)):

  244. 			to_delete = [to_delete]

  245. 

  246. 		self.to_delete.extend(to_delete)

  247. 

  248. 	def flush_cookies(self, response):

  249. 		for key, opts in self.cookies.items():

  250. 			response.set_cookie(key, quote((opts.get("value") or "").encode('utf-8')),

  251. 				expires=opts.get("expires"))

  252. 

  253. 		# expires yesterday!

  254. 		expires = datetime.datetime.now() + datetime.timedelta(days=-1)

  255. 		for key in set(self.to_delete):

  256. 			response.set_cookie(key, "", expires=expires)

  257. 

  258. def _update_password(user, password):

  259. 	frappe.db.sql("""insert into __Auth (user, `password`)

  260. 		values (%s, password(%s))

  261. 		on duplicate key update `password`=password(%s)""", (user,

  262. 		password, password))

  263. 

  264. @frappe.whitelist()

  265. def get_logged_user():

  266. 	return frappe.session.user

  267. 

  268. def clear_cookies():

  269. 	if hasattr(frappe.local, "session"):

  270. 		frappe.session.sid = ""

  271. 	frappe.local.cookie_manager.delete_cookie(["full_name", "user_id", "sid", "user_image", "system_user"])