core.modules.user
¶
Module Contents¶
Classes¶
Functions¶
Create a new Admin user, if the userDB is empty |
- class core.modules.user.userSkel¶
Bases:
viur.core.skeleton.Skeleton
- kindName = user¶
- name¶
- password¶
- uid¶
- gaeadmin¶
- access¶
- status¶
- lastlogin¶
- otpid¶
- otpkey¶
- otptimedrift¶
- class core.modules.user.UserPassword(userModule, modulePath)¶
Bases:
object
- registrationEnabled = False¶
- registrationEmailVerificationRequired = True¶
- registrationAdminVerificationRequired = True¶
- verifySuccessTemplate = user_verify_success¶
- verifyEmailAddressMail = user_verify_address¶
- verifyFailedTemplate = user_verify_failed¶
- passwordRecoveryTemplate = user_passwordrecover¶
- passwordRecoveryMail = user_password_recovery¶
- passwordRecoveryAlreadySendTemplate = user_passwordrecover_already_sent¶
- passwordRecoverySuccessTemplate = user_passwordrecover_success¶
- passwordRecoveryInvalidTokenTemplate = user_passwordrecover_invalid_token¶
- passwordRecoveryInstuctionsSendTemplate = user_passwordrecover_mail_sent¶
- passwordRecoveryStep1Template = user_passwordrecover_step1¶
- passwordRecoveryStep2Template = user_passwordrecover_step2¶
- passwordRecoveryFailedTemplate = user_passwordrecover_failed¶
- passwordRecoveryRateLimit¶
- loginRateLimit¶
- passwordRecoveryKeyExpired¶
- passwordRecoveryKeyInvalid¶
- passwordRecoveryUserNotFound¶
- passwordRecoveryAccountLocked¶
- classmethod getAuthMethodName(*args, **kwargs)¶
- login(self, name=None, password=None, skey='', *args, **kwargs)¶
- pwrecover(self, *args, **kwargs)¶
This implements the password recovery process which let them set a new password for their account after validating a code send to them by email. The process is as following:
The user enters his email adress
We’ll generate a random code, store it in his session and call sendUserPasswordRecoveryCode
sendUserPasswordRecoveryCode will run in the background, check if we have a user with that name and send the code. It runs as a deferredTask so we don’t leak the information if a user account exists.
If the user received his code, he can paste the code and set a new password for his account.
To prevent automated attacks, the fist step is guarded by a captcha and we limited calls to this function to 10 actions per 15 minutes. (One complete recovery process consists of two calls).
- sendUserPasswordRecoveryCode(self, userName: str, recoveryKey: str) None ¶
Sends the given recovery code to the user given in userName. This function runs deferred so there’s no timing sidechannel that leaks if this user exists. Per default, we’ll send the code by email (assuming we have working email delivery), but this can be overridden to send it by SMS or other means. We’ll also update the changedate for this user, so no more than one code can be send to any given user in four hours.
- verify(self, skey, *args, **kwargs)¶
- canAdd(self) bool ¶
- addSkel(self)¶
Prepare the add-Skel for rendering. Currently only calls self.userModule.addSkel() and sets skel[“status”].value depening on self.registrationEmailVerificationRequired and self.registrationAdminVerificationRequired :return: viur.core.skeleton.Skeleton
- add(self, *args, **kwargs)¶
Allows guests to register a new account if self.registrationEnabled is set to true
- Returns
The rendered, added object of the entry, eventually with error hints.
- Raises
viur.core.errors.Unauthorized
, if the current user does not have the required permissions.- Raises
viur.core.errors.PreconditionFailed
, if the skey could not be verified.
- class core.modules.user.GoogleAccount(userModule, modulePath)¶
Bases:
object
- registrationEnabled = False¶
- classmethod getAuthMethodName(*args, **kwargs)¶
- login(self, skey='', token='', *args, **kwargs)¶
- class core.modules.user.TimeBasedOTP(userModule, modulePath)¶
Bases:
object
- windowSize = 5¶
- otpTemplate = user_login_timebasedotp¶
- classmethod get2FactorMethodName(*args, **kwargs)¶
- canHandle(self, userKey) bool ¶
- startProcessing(self, userKey)¶
- generateOtps(self, secret, timeDrift)¶
Generates all valid tokens for the given secret
- otp(self, otptoken=None, skey=None, *args, **kwargs)¶
- updateTimeDrift(self, userKey, idx)¶
Updates the clock-drift value. The value is only changed in 1/10 steps, so that a late submit by an user doesn’t skew it out of bounds. Maximum change per call is 0.3 minutes. :param userKey: For which user should the update occour :param idx: How many steps before/behind was that token :return:
- class core.modules.user.User(moduleName, modulePath, *args, **kwargs)¶
Bases:
viur.core.prototypes.list.List
- kindName = user¶
- addTemplate = user_add¶
- addSuccessTemplate = user_add_success¶
- lostPasswordTemplate = user_lostpassword¶
- verifyEmailAddressMail = user_verify_address¶
- passwordRecoveryMail = user_password_recovery¶
- authenticationProviders¶
- secondFactorProviders¶
- validAuthenticationMethods = [None, None, None]¶
- secondFactorTimeWindow¶
- adminInfo¶
- addSkel(self)¶
- editSkel(self, *args, **kwargs)¶
- secondFactorProviderByClass(self, cls)¶
- getCurrentUser(self, *args, **kwargs)¶
- continueAuthenticationFlow(self, caller, userKey)¶
- secondFactorSucceeded(self, secondFactor, userKey)¶
- authenticateUser(self, userKey: viur.core.db.Key, **kwargs)¶
Performs Log-In for the current session and the given userKey.
This resets the current session: All fields not explicitly marked as persistent by conf[“viur.session.persistentFieldsOnLogin”] are gone afterwards.
- Parameters
userKey – The (DB-)Key of the user we shall authenticate
- logout(self, skey='', *args, **kwargs)¶
Implements the logout action. It also terminates the current session (all keys not listed in viur.session.persistentFieldsOnLogout will be lost).
- login(self, *args, **kwargs)¶
- onLogin(self)¶
- onLogout(self, usr)¶
- edit(self, *args, **kwargs)¶
- view(self, key, *args, **kwargs)¶
Allow a special key “self” to reference always the current user
- canView(self, skel) bool ¶
- getAuthMethods(self, *args, **kwargs)¶
Inform tools like Viur-Admin which authentication to use
- onDeleted(self, skel)¶
Invalidate all sessions of that user
- core.modules.user.createNewUserIfNotExists()¶
Create a new Admin user, if the userDB is empty