diff --git a/Failures.py b/Failures.py index c97b29c..1f2a780 100644 --- a/Failures.py +++ b/Failures.py @@ -12,7 +12,7 @@ def unknown_user_id(id_user): def unknown_user_email(email): - logging.debug('Failures: Unknown user: %s', email) + logging.debug('Failures: Unknown user email: %s', email) return { 'success': False, 'message': 'Unknown user', @@ -41,8 +41,8 @@ def email_already_in_use(email): }, 500 -def email_not_confirmed(): - logging.debug('Failures: Email not confirmed') +def email_not_confirmed(email): + logging.debug('Failures: Email %s not confirmed', email) return { 'success': False, 'message': 'Email not confirmed', @@ -50,8 +50,8 @@ def email_not_confirmed(): }, 401 -def user_blocked(): - logging.debug('Failures: User blocked') +def user_blocked(email): + logging.debug('Failures: User %s blocked', email) return { 'success': False, 'message': 'User is blocked', @@ -113,8 +113,8 @@ def rate_exceeded(time): }, 500 -def wrong_password(): - logging.debug('Failures: Wrong password') +def wrong_password(email): + logging.debug('Failures: Wrong password for %s', email) return { 'success': False, 'message': 'Wrong password', diff --git a/app/Authenticate/controllers.py b/app/Authenticate/controllers.py index efc02a6..89586ae 100644 --- a/app/Authenticate/controllers.py +++ b/app/Authenticate/controllers.py @@ -15,7 +15,7 @@ authenticate_app = Blueprint('authenticate', __name__, url_prefix='/authenticate') api = Api(authenticate_app) - +# Authenticate a login attempt using local auth class AuthenticateLocalUser(Resource): def post(self): @@ -23,27 +23,28 @@ def post(self): server = request.headers.get('server') email = request.form.get('email') password = request.form.get('password') - #browser = request.form.get('browser') - #ip_address = request.form.get('ipAddress') # Validate required fields validation = Validation() validation.add_required_field('server', server) validation.add_required_field('email', email) validation.add_required_field('password', password) - #validation.add_required_field('browser', browser) - #validation.add_required_field('ipAddress', ip_address) + if not validation.is_valid(): return validation.get_validation_response() # Validate user exists, is validated and is not blocked user = user_services.get_user_by_email(email) + if user is None: return Failures.unknown_user_email(email) + if not user.confirmed: - return Failures.email_not_confirmed() + return Failures.email_not_confirmed(email) + if user.blocked: - return Failures.user_blocked() + return Failures.user_blocked(email) + if user.auth_source != 'local': return Failures.wrong_auth_source(user.auth_source) @@ -53,11 +54,11 @@ def post(self): if not user_services.check_password(user.id, password): rate_limiting_services.consume_tokens(user.id, 'failed-password', 1) db.session.commit() - return Failures.wrong_password() + return Failures.wrong_password(email) db.session.commit() - logging.info('Authenticate-controller: Authenticate: success: %s', user.id) + logging.info('Authenticate-controller: Authenticate: success: %s', email) return {'success': True, 'user': { 'id': user.id, diff --git a/app/Email/services.py b/app/Email/services.py index 8ec3d4b..825f009 100644 --- a/app/Email/services.py +++ b/app/Email/services.py @@ -211,7 +211,8 @@ def _convert_email_uri(email): to create a URI that contains an email address that, when submitted to a server, will not be replaced with a space character. """ - if "+" in email: - return email.replace("+", "%2B") - else: - return email + if email is not None: + if "+" in email: + return email.replace("+", "%2B") + + return email diff --git a/app/LocalUser/controllers.py b/app/LocalUser/controllers.py index 4757bbc..d01f1fd 100644 --- a/app/LocalUser/controllers.py +++ b/app/LocalUser/controllers.py @@ -63,6 +63,7 @@ def post(self): if confirm_token is None: # Unknown token return {'success': False, 'code': 510} + if confirm_token.id_user != user.id: # Token is not for this user return {'success': False, 'code': 510} @@ -214,6 +215,9 @@ def get(self, email): if user.auth_source != 'local': return Failures.wrong_auth_source(user.auth_source) + if not user.confirmed: + return Failures.email_not_confirmed(user.email) + success, code, message = user_service.send_password_reset(user.id, server) db.session.commit() diff --git a/app/__init__.py b/app/__init__.py index 693d67d..b2e1777 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -24,11 +24,22 @@ app = Flask(__name__) # Application version (major,minor,patch-level) -version = "1.1.4" +version = "1.1.8" """ Change Log +1.1.8 Fail any attempt to reset an account password is the account + email address has not yet been confirmed. + +1.1.7 Update application logging to separate application events from + those logged by the uwsgi servivce + +1.1.6 Add email address detail for various authentication failures + +1.1.5 Refactor _convert_email_uri(email) to properly handle a null + email address. + 1.1.4 Add code to convert plus signs located the the username portion of an email address to a '%2B'when the email address is embedded in a URL. @@ -78,7 +89,15 @@ 'bucket.email-confirm.freq': '1800000' } -logging.basicConfig(level=logging.DEBUG) + +# Set up Cloud Session application log details. The user account that +# this application runs under must have create and write permissions to +# the /var/log/supervisor/ folder. +# ---------------------------------------------------------------------- +logging.basicConfig(level=logging.DEBUG, + format='%(asctime)s %(levelname)s %(message)s', + filename='/var/log/supervisor/cloud-session-app.log', + filemode='w') logging.info('Log level set to %s', 'DEBUG') logging.info('Starting Cloud Session Service v%s', version)