Merge pull request #52 from zfi/1.1

1.1

Author: zfi

Failures.py

@@ -12,7 +12,7 @@ def unknown_user_id(id_user):
 
 
 def unknown_user_email(email):
-    logging.debug('Failures: Unknown user: %s', email)
+    logging.debug('Failures: Unknown user email: %s', email)
     return {
                'success': False,
                'message': 'Unknown user',
@@ -41,17 +41,17 @@ def email_already_in_use(email):
            }, 500
 
 
-def email_not_confirmed():
-    logging.debug('Failures: Email not confirmed')
+def email_not_confirmed(email):
+    logging.debug('Failures: Email %s not confirmed', email)
     return {
                'success': False,
                'message': 'Email not confirmed',
                'code': 430
            }, 401
 
 
-def user_blocked():
-    logging.debug('Failures: User blocked')
+def user_blocked(email):
+    logging.debug('Failures: User %s blocked', email)
     return {
                'success': False,
                'message': 'User is blocked',
@@ -113,8 +113,8 @@ def rate_exceeded(time):
            }, 500
 
 
-def wrong_password():
-    logging.debug('Failures: Wrong password')
+def wrong_password(email):
+    logging.debug('Failures: Wrong password for %s', email)
     return {
                'success': False,
                'message': 'Wrong password',

app/Authenticate/controllers.py

@@ -15,35 +15,36 @@
 authenticate_app = Blueprint('authenticate', __name__, url_prefix='/authenticate')
 api = Api(authenticate_app)
 
-
+# Authenticate a login attempt using local auth
 class AuthenticateLocalUser(Resource):
 
     def post(self):
         # Get values
         server = request.headers.get('server')
         email = request.form.get('email')
         password = request.form.get('password')
-        #browser = request.form.get('browser')
-        #ip_address = request.form.get('ipAddress')
 
         # Validate required fields
         validation = Validation()
         validation.add_required_field('server', server)
         validation.add_required_field('email', email)
         validation.add_required_field('password', password)
-        #validation.add_required_field('browser', browser)
-        #validation.add_required_field('ipAddress', ip_address)
+
         if not validation.is_valid():
             return validation.get_validation_response()
 
         # Validate user exists, is validated and is not blocked
         user = user_services.get_user_by_email(email)
+
         if user is None:
             return Failures.unknown_user_email(email)
+
         if not user.confirmed:
-            return Failures.email_not_confirmed()
+            return Failures.email_not_confirmed(email)
+
         if user.blocked:
-            return Failures.user_blocked()
+            return Failures.user_blocked(email)
+
         if user.auth_source != 'local':
             return Failures.wrong_auth_source(user.auth_source)
 
@@ -53,11 +54,11 @@ def post(self):
         if not user_services.check_password(user.id, password):
             rate_limiting_services.consume_tokens(user.id, 'failed-password', 1)
             db.session.commit()
-            return Failures.wrong_password()
+            return Failures.wrong_password(email)
 
         db.session.commit()
 
-        logging.info('Authenticate-controller: Authenticate: success: %s', user.id)
+        logging.info('Authenticate-controller: Authenticate: success: %s', email)
 
         return {'success': True, 'user': {
             'id': user.id,

app/Email/services.py

@@ -211,7 +211,8 @@ def _convert_email_uri(email):
     to create a URI that contains an email address that, when submitted to a
     server, will not be replaced with a space character.
     """
-    if "+" in email:
-        return email.replace("+", "%2B")
-    else:
-        return email
+    if email is not None:
+        if "+" in email:
+            return email.replace("+", "%2B")
+
+    return email

app/LocalUser/controllers.py

@@ -63,6 +63,7 @@ def post(self):
         if confirm_token is None:
             # Unknown token
             return {'success': False, 'code': 510}
+
         if confirm_token.id_user != user.id:
             # Token is not for this user
             return {'success': False, 'code': 510}
@@ -214,6 +215,9 @@ def get(self, email):
         if user.auth_source != 'local':
             return Failures.wrong_auth_source(user.auth_source)
 
+        if not user.confirmed:
+            return Failures.email_not_confirmed(user.email)
+
         success, code, message = user_service.send_password_reset(user.id, server)
 
         db.session.commit()

app/__init__.py

@@ -24,11 +24,22 @@
 app = Flask(__name__)
 
 # Application version (major,minor,patch-level)
-version = "1.1.4"
+version = "1.1.8"
 
 """
 Change Log
 
+1.1.8       Fail any attempt to reset an account password is the account
+            email address has not yet been confirmed.
+
+1.1.7       Update application logging to separate application events from
+            those logged by the uwsgi servivce
+
+1.1.6       Add email address detail for various authentication failures
+
+1.1.5       Refactor _convert_email_uri(email) to properly handle a null
+            email address.
+
 1.1.4       Add code to convert plus signs located the the username portion
             of an email address to a '%2B'when the email address is embedded
             in a URL.
@@ -78,7 +89,15 @@
             'bucket.email-confirm.freq': '1800000'
 }
 
-logging.basicConfig(level=logging.DEBUG)
+
+# Set up Cloud Session application log details. The user account that
+# this application runs under must have create and write permissions to
+# the /var/log/supervisor/ folder.
+# ----------------------------------------------------------------------
+logging.basicConfig(level=logging.DEBUG,
+                    format='%(asctime)s %(levelname)s %(message)s',
+                    filename='/var/log/supervisor/cloud-session-app.log',
+                    filemode='w')
 logging.info('Log level set to %s', 'DEBUG')
 logging.info('Starting Cloud Session Service v%s', version)