MikroWizard.mikroman/py/libs/account.py

#!/usr/bin/python
# -*- coding: utf-8 -*-

# account.py: user account related operations, passwords
# MikroWizard.com , Mikrotik router management solution
# Author: Tomi.Mickelsson@iki.fi modified by sepehr.ha@gmail.com

import re
from shutil import ExecError
from flask import session
from passlib.context import CryptContext
import json
import logging
log = logging.getLogger("account")


pwd_context = CryptContext(
    schemes=["pbkdf2_sha256", "bcrypt"] # list of supported algos
)


def build_session(user_obj, is_permanent=True):
    """On login+signup, builds the server-side session dict with the data we
    need. userid being the most important."""

    assert user_obj
    assert user_obj.id
    log.error(session)
    # make sure session is empty
    session.clear()
    session['userid'] = user_obj.id
    session['role'] = user_obj.role # if you update user.role, update this too
    try:
        session['perms'] = json.loads(user_obj.adminperms)
    except Exception as e:
        log.error(e)
        session['perms']=[]
    # remember session even over browser restarts?
    session.permanent = is_permanent

    # could also store ip + browser-agent to verify freshness
    # of the session: only allow most critical operations with a fresh
    # session


def hash_password(password):
    """Generate a secure hash out of the password. Salts automatically."""

    return pwd_context.hash(password)


def check_password(hash, password):
    """Check if given plaintext password matches with the hash."""

    return pwd_context.verify(password, hash)


def check_password_validity(passwd):
    """Validates the given plaintext password. Returns None for success,
       error text on error."""

    err = None

    if not passwd or len(passwd) < 6:
        err = "Password must be atleast 6 characters"

    elif not re.search(r"[a-z]", passwd) \
            or not re.search(r"[A-Z]", passwd) \
            or not re.search(r"[0-9]", passwd):
        err = "Password must contain a lowercase, an uppercase, a digit"

    if err:
        log.error("password validity: %s", err)

    return err


def new_signup_steps(user_obj):
    """Perform steps for a new signup."""
    #nothing for now
    return True