From 6b1681b97cc66c7875232b62efc5152dd9431d7e Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Thu, 14 Nov 2013 11:43:05 +0100 Subject: [PATCH 01/21] new table for storing login information --- src/adhocracy/controllers/user.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/adhocracy/controllers/user.py b/src/adhocracy/controllers/user.py index e117f64d2..112315aa1 100644 --- a/src/adhocracy/controllers/user.py +++ b/src/adhocracy/controllers/user.py @@ -45,9 +45,9 @@ from adhocracy.lib.templating import ret_success from adhocracy.lib.queue import update_entity from adhocracy.lib.util import get_entity_or_abort, random_token - from adhocracy.lib.event.types import (S_VOTE, S_DELEGATION, S_PROPOSAL, S_COMMENT, S_PAGE, S_CONTRIBUTION) +from adhocracy.model.login import Login log = logging.getLogger(__name__) @@ -1043,6 +1043,8 @@ def perform_login(self): pass # managed by repoze.who def post_login(self): + #call log login entry function + Login.store_login_attempt() if c.user: session['logged_in'] = True session.save() @@ -1056,8 +1058,7 @@ def post_login(self): redirect(h.user.post_login_url(c.user)) else: login_configuration = h.allowed_login_types() - error_message = _("Invalid login") - + error_message = _("Invalid login") if 'username+password' in login_configuration: if 'email+password' in login_configuration: error_message = _("Invalid email / user name or password") From ebb15b6a115edc22af4142ea292a76722d67d26c Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Fri, 15 Nov 2013 16:21:59 +0100 Subject: [PATCH 02/21] table for login information --- .../migration/versions/076_login_store.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 src/adhocracy/migration/versions/076_login_store.py diff --git a/src/adhocracy/migration/versions/076_login_store.py b/src/adhocracy/migration/versions/076_login_store.py new file mode 100644 index 000000000..f2a173383 --- /dev/null +++ b/src/adhocracy/migration/versions/076_login_store.py @@ -0,0 +1,19 @@ +from datetime import datetime +from sqlalchemy import MetaData, Table, Boolean, Column +from sqlalchemy import Integer, DateTime, Unicode, UnicodeText + +meta = MetaData() + +login_table = Table('loginlog', meta, + Column('id', Integer, primary_key=True), + Column('access_time', DateTime, default=datetime.utcnow), + Column('ip_address', Unicode(255), nullable=True), + Column('user', UnicodeText()), + Column('cookies', UnicodeText(), nullable=True), + Column('user_agent', UnicodeText(), nullable=True), +) + +def upgrade(migrate_engine): + meta.bind = migrate_engine + login_table.create() + From 4d4c2eff5201b4d110d65f84e5b9f15bc1c287f3 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Wed, 20 Nov 2013 23:04:38 +0100 Subject: [PATCH 03/21] change in table --- src/adhocracy/migration/versions/076_login_store.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/adhocracy/migration/versions/076_login_store.py b/src/adhocracy/migration/versions/076_login_store.py index f2a173383..983d2961b 100644 --- a/src/adhocracy/migration/versions/076_login_store.py +++ b/src/adhocracy/migration/versions/076_login_store.py @@ -5,12 +5,9 @@ meta = MetaData() login_table = Table('loginlog', meta, - Column('id', Integer, primary_key=True), Column('access_time', DateTime, default=datetime.utcnow), Column('ip_address', Unicode(255), nullable=True), Column('user', UnicodeText()), - Column('cookies', UnicodeText(), nullable=True), - Column('user_agent', UnicodeText(), nullable=True), ) def upgrade(migrate_engine): From 65e238752cf001ae0328ac7175c2d592cfa2b5c0 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Wed, 20 Nov 2013 23:05:51 +0100 Subject: [PATCH 04/21] class for storing login information in table --- src/adhocracy/model/login.py | 50 ++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 src/adhocracy/model/login.py diff --git a/src/adhocracy/model/login.py b/src/adhocracy/model/login.py new file mode 100644 index 000000000..d3a1d6fd7 --- /dev/null +++ b/src/adhocracy/model/login.py @@ -0,0 +1,50 @@ +import hashlib +import os +import logging +from datetime import datetime + +from babel import Locale +from pylons import config +from pylons.i18n import _ + +from sqlalchemy import Table, Column, func, ForeignKey, or_ +from sqlalchemy import Boolean, DateTime, Integer, Unicode, UnicodeText +from sqlalchemy.orm import eagerload_all + +from adhocracy.model import meta +from adhocracy.model import instance_filter as ifilter +from adhocracy.model.core import JSONEncodedDict +from adhocracy.model.core import MutationDict +from adhocracy.model.instance import Instance +import logging +import meta +from sqlalchemy import MetaData + + + + +login_table = Table( + 'loginlog', meta.data, + Column('access_time', DateTime, default=datetime.utcnow), + Column('ip_address', Unicode(255), nullable=True), + Column('user', UnicodeText()), +) + +class Login(meta.Indexable): + + def __init__(self, access_time, ip_adress, user): + self.access_time = datetime.utcnow + self.ip_address = ip_adress + self.user = user + + @classmethod + def store_login_attempt(cls, ): + l = Login(access_time, ip_adress, user) + meta.Session.add(l) + meta.Session.flush() + meta.Session.commit() + return l + + + + From a9966bbce92a03cfcf499f05a579aa84020c9c00 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Wed, 20 Nov 2013 23:36:21 +0100 Subject: [PATCH 05/21] store_login_attempt call added --- src/adhocracy/controllers/user.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/adhocracy/controllers/user.py b/src/adhocracy/controllers/user.py index 112315aa1..9c3f1179a 100644 --- a/src/adhocracy/controllers/user.py +++ b/src/adhocracy/controllers/user.py @@ -49,7 +49,6 @@ S_COMMENT, S_PAGE, S_CONTRIBUTION) from adhocracy.model.login import Login - log = logging.getLogger(__name__) @@ -1043,8 +1042,8 @@ def perform_login(self): pass # managed by repoze.who def post_login(self): - #call log login entry function - Login.store_login_attempt() + user_log = model.Login.store_login_attempt( + datetime.utcnow, 123, self.form_result.get("user_name")) #ip just placeholder if c.user: session['logged_in'] = True session.save() From 4268fd4bca236365d35674101481c4637f793209 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Sun, 24 Nov 2013 23:32:18 +0100 Subject: [PATCH 06/21] still not mapped error --- src/adhocracy/controllers/user.py | 4 +++- src/adhocracy/model/__init__.py | 1 + src/adhocracy/model/login.py | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/adhocracy/controllers/user.py b/src/adhocracy/controllers/user.py index 9c3f1179a..24451b883 100644 --- a/src/adhocracy/controllers/user.py +++ b/src/adhocracy/controllers/user.py @@ -19,6 +19,8 @@ from repoze.who.api import get_api +from datetime import datetime + from adhocracy import config from adhocracy import forms, model from adhocracy import i18n @@ -1043,7 +1045,7 @@ def perform_login(self): def post_login(self): user_log = model.Login.store_login_attempt( - datetime.utcnow, 123, self.form_result.get("user_name")) #ip just placeholder + datetime.utcnow, 123, "test") #ip just placeholder if c.user: session['logged_in'] = True session.save() diff --git a/src/adhocracy/model/__init__.py b/src/adhocracy/model/__init__.py index 791439765..601b07f75 100644 --- a/src/adhocracy/model/__init__.py +++ b/src/adhocracy/model/__init__.py @@ -54,6 +54,7 @@ from adhocracy.model.message import Message, message_table from adhocracy.model.message import MessageRecipient, message_recipient_table from adhocracy.model.votedetail import votedetail_table +from adhocracy.model.login import Login mapper(User, user_table, properties={ diff --git a/src/adhocracy/model/login.py b/src/adhocracy/model/login.py index d3a1d6fd7..95b11ed59 100644 --- a/src/adhocracy/model/login.py +++ b/src/adhocracy/model/login.py @@ -38,7 +38,7 @@ def __init__(self, access_time, ip_adress, user): self.user = user @classmethod - def store_login_attempt(cls, ): + def store_login_attempt(cls, access_time, ip_adress, user ): l = Login(access_time, ip_adress, user) meta.Session.add(l) meta.Session.flush() From c1f6ddffc1c2e5daf285e7c03faf94551be23ac0 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Thu, 28 Nov 2013 23:54:10 +0100 Subject: [PATCH 07/21] mapper created --- src/adhocracy/model/__init__.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/adhocracy/model/__init__.py b/src/adhocracy/model/__init__.py index 601b07f75..c56009cb1 100644 --- a/src/adhocracy/model/__init__.py +++ b/src/adhocracy/model/__init__.py @@ -506,6 +506,15 @@ ), }) +mapper(Log, login_table, properties={ + 'access_time': synonym('_access', map_column=True), + 'user': synonym('_user', map_column=True), + 'ip_adress'synonym('_ip', map_column=True) +}) + + + + DELETE = "delete" INSERT = "insert" From d32d8615be22ce525145fa74e93accfb463f3186 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Fri, 29 Nov 2013 14:37:50 +0100 Subject: [PATCH 08/21] successful entry in Login table --- src/adhocracy/controllers/user.py | 2 +- src/adhocracy/model/__init__.py | 9 +++++---- src/adhocracy/model/login.py | 3 ++- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/adhocracy/controllers/user.py b/src/adhocracy/controllers/user.py index 24451b883..bcf55193a 100644 --- a/src/adhocracy/controllers/user.py +++ b/src/adhocracy/controllers/user.py @@ -1045,7 +1045,7 @@ def perform_login(self): def post_login(self): user_log = model.Login.store_login_attempt( - datetime.utcnow, 123, "test") #ip just placeholder + datetime.utcnow(), 123, "test") #ip just placeholder if c.user: session['logged_in'] = True session.save() diff --git a/src/adhocracy/model/__init__.py b/src/adhocracy/model/__init__.py index c56009cb1..d3c6a7161 100644 --- a/src/adhocracy/model/__init__.py +++ b/src/adhocracy/model/__init__.py @@ -54,7 +54,7 @@ from adhocracy.model.message import Message, message_table from adhocracy.model.message import MessageRecipient, message_recipient_table from adhocracy.model.votedetail import votedetail_table -from adhocracy.model.login import Login +from adhocracy.model.login import Login, login_table mapper(User, user_table, properties={ @@ -506,12 +506,13 @@ ), }) -mapper(Log, login_table, properties={ +mapper(Login, login_table, properties={ 'access_time': synonym('_access', map_column=True), 'user': synonym('_user', map_column=True), - 'ip_adress'synonym('_ip', map_column=True) + 'ip_address': synonym('_ip', map_column=True) }) - + + diff --git a/src/adhocracy/model/login.py b/src/adhocracy/model/login.py index 95b11ed59..03ba1121d 100644 --- a/src/adhocracy/model/login.py +++ b/src/adhocracy/model/login.py @@ -25,6 +25,7 @@ login_table = Table( 'loginlog', meta.data, + Column('id', Integer, primary_key=True), Column('access_time', DateTime, default=datetime.utcnow), Column('ip_address', Unicode(255), nullable=True), Column('user', UnicodeText()), @@ -33,7 +34,7 @@ class Login(meta.Indexable): def __init__(self, access_time, ip_adress, user): - self.access_time = datetime.utcnow + self.access_time = datetime.utcnow() self.ip_address = ip_adress self.user = user From 87b85f2d51f4cf51d5a35fc2ca702e0a864d77f0 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Fri, 6 Dec 2013 12:30:29 +0100 Subject: [PATCH 09/21] ./src/adhocracy/controllers/user.py --- src/adhocracy/controllers/user.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/adhocracy/controllers/user.py b/src/adhocracy/controllers/user.py index bcf55193a..ff9ad5647 100644 --- a/src/adhocracy/controllers/user.py +++ b/src/adhocracy/controllers/user.py @@ -1045,7 +1045,7 @@ def perform_login(self): def post_login(self): user_log = model.Login.store_login_attempt( - datetime.utcnow(), 123, "test") #ip just placeholder + datetime.utcnow(), 123, c.user.user_name) #ip just placeholder if c.user: session['logged_in'] = True session.save() From 433f7f683bd4c9bae4e0e843c84bfd3f3c29733d Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Fri, 6 Dec 2013 15:51:03 +0100 Subject: [PATCH 10/21] reworked table --- src/adhocracy/controllers/user.py | 7 ++++--- src/adhocracy/migration/versions/076_login_store.py | 1 + src/adhocracy/model/__init__.py | 3 ++- src/adhocracy/model/login.py | 8 +++++--- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/src/adhocracy/controllers/user.py b/src/adhocracy/controllers/user.py index ff9ad5647..7201050ae 100644 --- a/src/adhocracy/controllers/user.py +++ b/src/adhocracy/controllers/user.py @@ -1045,7 +1045,7 @@ def perform_login(self): def post_login(self): user_log = model.Login.store_login_attempt( - datetime.utcnow(), 123, c.user.user_name) #ip just placeholder + datetime.utcnow(), 123, c.user_name, 'yes') #ip just placeholder if c.user: session['logged_in'] = True session.save() @@ -1059,8 +1059,9 @@ def post_login(self): redirect(h.user.post_login_url(c.user)) else: login_configuration = h.allowed_login_types() - error_message = _("Invalid login") - if 'username+password' in login_configuration: + error_message = _("Invalid login") + + if 'username+password' in login_configuration: if 'email+password' in login_configuration: error_message = _("Invalid email / user name or password") else: diff --git a/src/adhocracy/migration/versions/076_login_store.py b/src/adhocracy/migration/versions/076_login_store.py index 983d2961b..610643088 100644 --- a/src/adhocracy/migration/versions/076_login_store.py +++ b/src/adhocracy/migration/versions/076_login_store.py @@ -8,6 +8,7 @@ Column('access_time', DateTime, default=datetime.utcnow), Column('ip_address', Unicode(255), nullable=True), Column('user', UnicodeText()), + Column('success, UnicodeText()) ) def upgrade(migrate_engine): diff --git a/src/adhocracy/model/__init__.py b/src/adhocracy/model/__init__.py index d3c6a7161..4a9cafde5 100644 --- a/src/adhocracy/model/__init__.py +++ b/src/adhocracy/model/__init__.py @@ -509,7 +509,8 @@ mapper(Login, login_table, properties={ 'access_time': synonym('_access', map_column=True), 'user': synonym('_user', map_column=True), - 'ip_address': synonym('_ip', map_column=True) + 'ip_address': synonym('_ip', map_column=True), + 'success': synonym('_success', map_column=True) }) diff --git a/src/adhocracy/model/login.py b/src/adhocracy/model/login.py index 03ba1121d..3aaab45d5 100644 --- a/src/adhocracy/model/login.py +++ b/src/adhocracy/model/login.py @@ -29,18 +29,20 @@ Column('access_time', DateTime, default=datetime.utcnow), Column('ip_address', Unicode(255), nullable=True), Column('user', UnicodeText()), + Column('success', UnicodeText(), default = 'yes') ) class Login(meta.Indexable): - def __init__(self, access_time, ip_adress, user): + def __init__(self, access_time, ip_adress, user, success): self.access_time = datetime.utcnow() self.ip_address = ip_adress self.user = user + self.succes = success @classmethod - def store_login_attempt(cls, access_time, ip_adress, user ): - l = Login(access_time, ip_adress, user) + def store_login_attempt(cls, access_time, ip_adress, user, success): + l = Login(access_time, ip_adress, user, success) meta.Session.add(l) meta.Session.flush() meta.Session.commit() From a22fadada51a2442c806f07aeb80d5f53861b4d8 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Mon, 9 Dec 2013 15:54:40 +0100 Subject: [PATCH 11/21] ip added --- src/adhocracy/controllers/user.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/adhocracy/controllers/user.py b/src/adhocracy/controllers/user.py index 7201050ae..0dfe023fa 100644 --- a/src/adhocracy/controllers/user.py +++ b/src/adhocracy/controllers/user.py @@ -50,6 +50,7 @@ from adhocracy.lib.event.types import (S_VOTE, S_DELEGATION, S_PROPOSAL, S_COMMENT, S_PAGE, S_CONTRIBUTION) from adhocracy.model.login import Login +import adhocracy.lib.util log = logging.getLogger(__name__) @@ -1044,8 +1045,9 @@ def perform_login(self): pass # managed by repoze.who def post_login(self): + full_ip = adhocracy.lib.util.get_client_ip(request.environ) user_log = model.Login.store_login_attempt( - datetime.utcnow(), 123, c.user_name, 'yes') #ip just placeholder + datetime.utcnow(), full_ip, c.user_name, 'yes') #ip just placeholder if c.user: session['logged_in'] = True session.save() From b4f339ddf2ff94dd394245f7a8d9d8b03927c626 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Wed, 11 Dec 2013 01:42:47 +0100 Subject: [PATCH 12/21] get method created --- src/adhocracy/controllers/user.py | 12 +++++------ .../migration/versions/076_login_store.py | 4 ++-- src/adhocracy/model/login.py | 21 ++++++++++--------- 3 files changed, 18 insertions(+), 19 deletions(-) diff --git a/src/adhocracy/controllers/user.py b/src/adhocracy/controllers/user.py index 0dfe023fa..b66a9c9f6 100644 --- a/src/adhocracy/controllers/user.py +++ b/src/adhocracy/controllers/user.py @@ -1045,10 +1045,10 @@ def perform_login(self): pass # managed by repoze.who def post_login(self): - full_ip = adhocracy.lib.util.get_client_ip(request.environ) - user_log = model.Login.store_login_attempt( - datetime.utcnow(), full_ip, c.user_name, 'yes') #ip just placeholder if c.user: + full_ip = adhocracy.lib.util.get_client_ip(request.environ) + user_log = model.Login.create(datetime.utcnow(), + full_ip, c.user_name, 'yes') session['logged_in'] = True session.save() came_from = request.params.get('came_from', None) @@ -1061,9 +1061,8 @@ def post_login(self): redirect(h.user.post_login_url(c.user)) else: login_configuration = h.allowed_login_types() - error_message = _("Invalid login") - - if 'username+password' in login_configuration: + error_message = _("Invalid login") + if 'username+password' in login_configuration: if 'email+password' in login_configuration: error_message = _("Invalid email / user name or password") else: @@ -1071,7 +1070,6 @@ def post_login(self): else: if 'email+password' in login_configuration: error_message = _("Invalid email or password") - return self._render_loginform(errors={"login": error_message}) def logout(self): diff --git a/src/adhocracy/migration/versions/076_login_store.py b/src/adhocracy/migration/versions/076_login_store.py index 610643088..a36584784 100644 --- a/src/adhocracy/migration/versions/076_login_store.py +++ b/src/adhocracy/migration/versions/076_login_store.py @@ -8,8 +8,8 @@ Column('access_time', DateTime, default=datetime.utcnow), Column('ip_address', Unicode(255), nullable=True), Column('user', UnicodeText()), - Column('success, UnicodeText()) -) + Column('success', UnicodeText()) + ) def upgrade(migrate_engine): meta.bind = migrate_engine diff --git a/src/adhocracy/model/login.py b/src/adhocracy/model/login.py index 3aaab45d5..c6c205f81 100644 --- a/src/adhocracy/model/login.py +++ b/src/adhocracy/model/login.py @@ -21,33 +21,34 @@ from sqlalchemy import MetaData - - login_table = Table( 'loginlog', meta.data, Column('id', Integer, primary_key=True), Column('access_time', DateTime, default=datetime.utcnow), Column('ip_address', Unicode(255), nullable=True), Column('user', UnicodeText()), - Column('success', UnicodeText(), default = 'yes') + Column('success', UnicodeText(), default='yes') ) + class Login(meta.Indexable): - + def __init__(self, access_time, ip_adress, user, success): self.access_time = datetime.utcnow() self.ip_address = ip_adress self.user = user self.succes = success - + + @classmethod + def get(cls, user): + l = meta.Session.query(cls) + l = l.filter(cls.user == user) + return l.last + @classmethod - def store_login_attempt(cls, access_time, ip_adress, user, success): + def create(cls, access_time, ip_adress, user, success): l = Login(access_time, ip_adress, user, success) meta.Session.add(l) meta.Session.flush() meta.Session.commit() return l - - - - From ac831315d7bd2a28ffc6cba8d994f7be9d8f2063 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Wed, 11 Dec 2013 03:17:16 +0100 Subject: [PATCH 13/21] cleaned up --- src/adhocracy/controllers/user.py | 2 +- src/adhocracy/model/login.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/adhocracy/controllers/user.py b/src/adhocracy/controllers/user.py index b66a9c9f6..be1cfb6b9 100644 --- a/src/adhocracy/controllers/user.py +++ b/src/adhocracy/controllers/user.py @@ -1048,7 +1048,7 @@ def post_login(self): if c.user: full_ip = adhocracy.lib.util.get_client_ip(request.environ) user_log = model.Login.create(datetime.utcnow(), - full_ip, c.user_name, 'yes') + full_ip, c.user_name, u'yes') session['logged_in'] = True session.save() came_from = request.params.get('came_from', None) diff --git a/src/adhocracy/model/login.py b/src/adhocracy/model/login.py index c6c205f81..8a659ca22 100644 --- a/src/adhocracy/model/login.py +++ b/src/adhocracy/model/login.py @@ -27,7 +27,7 @@ Column('access_time', DateTime, default=datetime.utcnow), Column('ip_address', Unicode(255), nullable=True), Column('user', UnicodeText()), - Column('success', UnicodeText(), default='yes') + Column('success', UnicodeText(), default=u'yes') ) From 07f3ea7f89474824c88e9df7a2f87bf30479b41c Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Wed, 11 Dec 2013 03:18:19 +0100 Subject: [PATCH 14/21] cleaned up --- src/adhocracy/migration/versions/076_login_store.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/adhocracy/migration/versions/076_login_store.py b/src/adhocracy/migration/versions/076_login_store.py index a36584784..2206ba716 100644 --- a/src/adhocracy/migration/versions/076_login_store.py +++ b/src/adhocracy/migration/versions/076_login_store.py @@ -11,7 +11,7 @@ Column('success', UnicodeText()) ) + def upgrade(migrate_engine): meta.bind = migrate_engine login_table.create() - From 7f7c4ae11340ce6e8080ebb1510836f2e945666f Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Thu, 12 Dec 2013 12:55:19 +0100 Subject: [PATCH 15/21] cleaned up --- src/adhocracy/model/__init__.py | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/src/adhocracy/model/__init__.py b/src/adhocracy/model/__init__.py index 4a9cafde5..54944f25a 100644 --- a/src/adhocracy/model/__init__.py +++ b/src/adhocracy/model/__init__.py @@ -510,14 +510,9 @@ 'access_time': synonym('_access', map_column=True), 'user': synonym('_user', map_column=True), 'ip_address': synonym('_ip', map_column=True), - 'success': synonym('_success', map_column=True) + 'success': synonym('_success', map_column=True) }) - - - - - DELETE = "delete" INSERT = "insert" UPDATE = "update" From e403569cc5bcf648946c5bb65dd9cbe56b0e69b2 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Thu, 2 Jan 2014 18:29:22 +0100 Subject: [PATCH 16/21] merge --- src/adhocracy/controllers/user.py | 6 +++--- src/adhocracy/model/__init__.py | 2 +- src/adhocracy/model/login.py | 6 ++---- src/adhocracy/model/user.py | 5 ++++- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/src/adhocracy/controllers/user.py b/src/adhocracy/controllers/user.py index be1cfb6b9..664a1115e 100644 --- a/src/adhocracy/controllers/user.py +++ b/src/adhocracy/controllers/user.py @@ -1046,9 +1046,9 @@ def perform_login(self): def post_login(self): if c.user: - full_ip = adhocracy.lib.util.get_client_ip(request.environ) - user_log = model.Login.create(datetime.utcnow(), - full_ip, c.user_name, u'yes') +# full_ip = adhocracy.lib.util.get_client_ip(request.environ) +# user_log = model.Login.create(datetime.utcnow(), +# full_ip, c.user_name, u'yes') session['logged_in'] = True session.save() came_from = request.params.get('came_from', None) diff --git a/src/adhocracy/model/__init__.py b/src/adhocracy/model/__init__.py index 54944f25a..e0d4e8382 100644 --- a/src/adhocracy/model/__init__.py +++ b/src/adhocracy/model/__init__.py @@ -508,8 +508,8 @@ mapper(Login, login_table, properties={ 'access_time': synonym('_access', map_column=True), - 'user': synonym('_user', map_column=True), 'ip_address': synonym('_ip', map_column=True), + 'user': synonym('_user', map_column=True), 'success': synonym('_success', map_column=True) }) diff --git a/src/adhocracy/model/login.py b/src/adhocracy/model/login.py index 8a659ca22..73a0067a9 100644 --- a/src/adhocracy/model/login.py +++ b/src/adhocracy/model/login.py @@ -12,10 +12,8 @@ from sqlalchemy.orm import eagerload_all from adhocracy.model import meta -from adhocracy.model import instance_filter as ifilter from adhocracy.model.core import JSONEncodedDict from adhocracy.model.core import MutationDict -from adhocracy.model.instance import Instance import logging import meta from sqlalchemy import MetaData @@ -27,7 +25,7 @@ Column('access_time', DateTime, default=datetime.utcnow), Column('ip_address', Unicode(255), nullable=True), Column('user', UnicodeText()), - Column('success', UnicodeText(), default=u'yes') + Column('success', UnicodeText()) ) @@ -37,7 +35,7 @@ def __init__(self, access_time, ip_adress, user, success): self.access_time = datetime.utcnow() self.ip_address = ip_adress self.user = user - self.succes = success + self.success = success @classmethod def get(cls, user): diff --git a/src/adhocracy/model/user.py b/src/adhocracy/model/user.py index 306726e13..baf276fd1 100644 --- a/src/adhocracy/model/user.py +++ b/src/adhocracy/model/user.py @@ -12,7 +12,7 @@ from sqlalchemy import Boolean, DateTime, Integer, Unicode, UnicodeText from sqlalchemy.orm import eagerload_all -from adhocracy.model import meta +from adhocracy.model import meta, login from adhocracy.model import instance_filter as ifilter from adhocracy.model.core import JSONEncodedDict from adhocracy.model.core import MutationDict @@ -236,6 +236,9 @@ def validate_password(self, password): :return: Whether the password is valid. :rtype: bool """ + # user_log = login.Login.create(datetime.utcnow(), + # 123, u'einUser', u'yes') + 0 if self.password is None: return False if isinstance(password, unicode): From 4f1784d422b780db7a3ed726f9003ed03a453db3 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Thu, 2 Jan 2014 18:46:01 +0100 Subject: [PATCH 17/21] table No changes --- .../migration/versions/080_login_store.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 src/adhocracy/migration/versions/080_login_store.py diff --git a/src/adhocracy/migration/versions/080_login_store.py b/src/adhocracy/migration/versions/080_login_store.py new file mode 100644 index 000000000..2206ba716 --- /dev/null +++ b/src/adhocracy/migration/versions/080_login_store.py @@ -0,0 +1,17 @@ +from datetime import datetime +from sqlalchemy import MetaData, Table, Boolean, Column +from sqlalchemy import Integer, DateTime, Unicode, UnicodeText + +meta = MetaData() + +login_table = Table('loginlog', meta, + Column('access_time', DateTime, default=datetime.utcnow), + Column('ip_address', Unicode(255), nullable=True), + Column('user', UnicodeText()), + Column('success', UnicodeText()) + ) + + +def upgrade(migrate_engine): + meta.bind = migrate_engine + login_table.create() From 5144e51e3018b5edb34c923125d98aae03ca2420 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Sun, 5 Jan 2014 00:57:47 +0100 Subject: [PATCH 18/21] logging of successfull and not successfull logins --- src/adhocracy/lib/auth/authentication.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/adhocracy/lib/auth/authentication.py b/src/adhocracy/lib/auth/authentication.py index 3ccf24fea..5116b8cdc 100644 --- a/src/adhocracy/lib/auth/authentication.py +++ b/src/adhocracy/lib/auth/authentication.py @@ -16,6 +16,9 @@ from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound from pylons import config from webob import Request +from adhocracy.model.login import Login, login_table +from datetime import datetime +import adhocracy.lib.util log = logging.getLogger(__name__) @@ -74,7 +77,11 @@ def authenticate(self, environ, identity): if user: validator = getattr(user, self.translations['validate_password']) if validator(identity['password']): + user_log = model.login.Login.create(datetime.utcnow(), + 123, user.user_name , u'yes') return user.user_name + user_log = model.login.Login.create(datetime.utcnow(), + 123, user.user_name, u'no') class EmailSQLAlchemyUserMDPlugin(_EmailBaseSQLAlchemyPlugin, From 34a90d0753f3415385b26613fa6d67934ce91640 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Mon, 6 Jan 2014 01:35:04 +0100 Subject: [PATCH 19/21] filter unsuccessful logins past 10 hours --- src/adhocracy/lib/auth/authentication.py | 13 +++++++++++-- src/adhocracy/model/login.py | 15 ++++++++------- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/src/adhocracy/lib/auth/authentication.py b/src/adhocracy/lib/auth/authentication.py index 5116b8cdc..8bc44b86d 100644 --- a/src/adhocracy/lib/auth/authentication.py +++ b/src/adhocracy/lib/auth/authentication.py @@ -75,13 +75,22 @@ def authenticate(self, environ, identity): user = self.get_user(identity['login']) if user: + amount = model.login.Login.count_logs(user.user_name) + print "******************************" + print amount + print "******************************" + #check if unsuccessful logins validator = getattr(user, self.translations['validate_password']) if validator(identity['password']): + #user_log creates entry to loginlog user_log = model.login.Login.create(datetime.utcnow(), - 123, user.user_name , u'yes') + 123, user.user_name, + u'yes') return user.user_name + #user_log creates entry to loginlog user_log = model.login.Login.create(datetime.utcnow(), - 123, user.user_name, u'no') + 123, user.user_name, + u'no') class EmailSQLAlchemyUserMDPlugin(_EmailBaseSQLAlchemyPlugin, diff --git a/src/adhocracy/model/login.py b/src/adhocracy/model/login.py index 73a0067a9..32572a1e6 100644 --- a/src/adhocracy/model/login.py +++ b/src/adhocracy/model/login.py @@ -1,7 +1,7 @@ import hashlib import os import logging -from datetime import datetime +import datetime from babel import Locale from pylons import config @@ -22,7 +22,7 @@ login_table = Table( 'loginlog', meta.data, Column('id', Integer, primary_key=True), - Column('access_time', DateTime, default=datetime.utcnow), + Column('access_time', DateTime ), Column('ip_address', Unicode(255), nullable=True), Column('user', UnicodeText()), Column('success', UnicodeText()) @@ -32,16 +32,17 @@ class Login(meta.Indexable): def __init__(self, access_time, ip_adress, user, success): - self.access_time = datetime.utcnow() + self.access_time = datetime.datetime.utcnow() self.ip_address = ip_adress self.user = user self.success = success @classmethod - def get(cls, user): - l = meta.Session.query(cls) - l = l.filter(cls.user == user) - return l.last + def count_logs(cls, user): + q = meta.Session.query(cls) + q = q.filter(cls.user == user, cls.success == 'no', + ((datetime.datetime.utcnow() - datetime.timedelta(hours=10))< cls.access_time) ) + return q.count() @classmethod def create(cls, access_time, ip_adress, user, success): From 88fc018938bc9da68dcdd2f6165a231bff091a44 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Mon, 6 Jan 2014 11:28:57 +0100 Subject: [PATCH 20/21] sleep feature included --- src/adhocracy/controllers/user.py | 4 ---- src/adhocracy/lib/auth/authentication.py | 14 ++++++++------ .../migration/versions/080_login_store.py | 5 +++-- src/adhocracy/model/login.py | 6 ++++-- 4 files changed, 15 insertions(+), 14 deletions(-) diff --git a/src/adhocracy/controllers/user.py b/src/adhocracy/controllers/user.py index 664a1115e..144a05cbd 100644 --- a/src/adhocracy/controllers/user.py +++ b/src/adhocracy/controllers/user.py @@ -49,7 +49,6 @@ from adhocracy.lib.util import get_entity_or_abort, random_token from adhocracy.lib.event.types import (S_VOTE, S_DELEGATION, S_PROPOSAL, S_COMMENT, S_PAGE, S_CONTRIBUTION) -from adhocracy.model.login import Login import adhocracy.lib.util log = logging.getLogger(__name__) @@ -1046,9 +1045,6 @@ def perform_login(self): def post_login(self): if c.user: -# full_ip = adhocracy.lib.util.get_client_ip(request.environ) -# user_log = model.Login.create(datetime.utcnow(), -# full_ip, c.user_name, u'yes') session['logged_in'] = True session.save() came_from = request.params.get('came_from', None) diff --git a/src/adhocracy/lib/auth/authentication.py b/src/adhocracy/lib/auth/authentication.py index 8bc44b86d..2d4f4e5cf 100644 --- a/src/adhocracy/lib/auth/authentication.py +++ b/src/adhocracy/lib/auth/authentication.py @@ -19,6 +19,8 @@ from adhocracy.model.login import Login, login_table from datetime import datetime import adhocracy.lib.util +import time +import math log = logging.getLogger(__name__) @@ -75,21 +77,21 @@ def authenticate(self, environ, identity): user = self.get_user(identity['login']) if user: + #count_logs return amount of unsuccessful logins for the past hour amount = model.login.Login.count_logs(user.user_name) - print "******************************" - print amount - print "******************************" - #check if unsuccessful logins + ip = adhocracy.lib.util.get_client_ip(environ) + if (amount > 5): + time.sleep(pow(2, (amount-5))) validator = getattr(user, self.translations['validate_password']) if validator(identity['password']): #user_log creates entry to loginlog user_log = model.login.Login.create(datetime.utcnow(), - 123, user.user_name, + ip, user.user_name, u'yes') return user.user_name #user_log creates entry to loginlog user_log = model.login.Login.create(datetime.utcnow(), - 123, user.user_name, + ip, user.user_name, u'no') diff --git a/src/adhocracy/migration/versions/080_login_store.py b/src/adhocracy/migration/versions/080_login_store.py index 2206ba716..2f8a18b33 100644 --- a/src/adhocracy/migration/versions/080_login_store.py +++ b/src/adhocracy/migration/versions/080_login_store.py @@ -4,12 +4,13 @@ meta = MetaData() -login_table = Table('loginlog', meta, +login_table = Table( + 'loginlog', meta, Column('access_time', DateTime, default=datetime.utcnow), Column('ip_address', Unicode(255), nullable=True), Column('user', UnicodeText()), Column('success', UnicodeText()) - ) +) def upgrade(migrate_engine): diff --git a/src/adhocracy/model/login.py b/src/adhocracy/model/login.py index 32572a1e6..eb47a4453 100644 --- a/src/adhocracy/model/login.py +++ b/src/adhocracy/model/login.py @@ -22,7 +22,7 @@ login_table = Table( 'loginlog', meta.data, Column('id', Integer, primary_key=True), - Column('access_time', DateTime ), + Column('access_time', DateTime), Column('ip_address', Unicode(255), nullable=True), Column('user', UnicodeText()), Column('success', UnicodeText()) @@ -37,11 +37,13 @@ def __init__(self, access_time, ip_adress, user, success): self.user = user self.success = success + # def count returns amount of unsuccessful logins of past hour @classmethod def count_logs(cls, user): q = meta.Session.query(cls) q = q.filter(cls.user == user, cls.success == 'no', - ((datetime.datetime.utcnow() - datetime.timedelta(hours=10))< cls.access_time) ) + ((datetime.datetime.utcnow() + - datetime.timedelta(hours=1)) < cls.access_time)) return q.count() @classmethod From 995ac8a90926d6c446fa5c1c856f068fb1a15b12 Mon Sep 17 00:00:00 2001 From: JessicaBachmann Date: Mon, 6 Jan 2014 20:56:36 +0100 Subject: [PATCH 21/21] login.py cleaned --- src/adhocracy/model/login.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/adhocracy/model/login.py b/src/adhocracy/model/login.py index eb47a4453..a88ae495e 100644 --- a/src/adhocracy/model/login.py +++ b/src/adhocracy/model/login.py @@ -7,13 +7,10 @@ from pylons import config from pylons.i18n import _ -from sqlalchemy import Table, Column, func, ForeignKey, or_ -from sqlalchemy import Boolean, DateTime, Integer, Unicode, UnicodeText -from sqlalchemy.orm import eagerload_all +from sqlalchemy import Table, Column +from sqlalchemy import DateTime, Integer, Unicode, UnicodeText from adhocracy.model import meta -from adhocracy.model.core import JSONEncodedDict -from adhocracy.model.core import MutationDict import logging import meta from sqlalchemy import MetaData