From 3de1ecfa37b73b4cb011b634c8b4afc2362f858c Mon Sep 17 00:00:00 2001
From: Pjotr Prins
Date: Thu, 15 Feb 2018 10:30:52 +0000
Subject: Fixing authentication stuff so it uses parameters properly. Also no
 PYTHONPATH needed as it is now in the Guix build.

---
 etc/default_settings.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'etc/default_settings.py')

diff --git a/etc/default_settings.py b/etc/default_settings.py
index 699d21f1..a70d8aec 100644
--- a/etc/default_settings.py
+++ b/etc/default_settings.py
@@ -41,6 +41,24 @@ SECURITY_POST_LOGIN_VIEW = "/thank_you"
 SERVER_PORT = 5003          # running on localhost
 SECRET_HMAC_CODE = '\x08\xdf\xfa\x93N\x80\xd9\\H@\\\x9f`\x98d^\xb4a;\xc6OM\x946a\xbc\xfc\x80:*\xebc'
 
+GITHUB_CLIENT_ID = "UNKNOWN"
+GITHUB_CLIENT_SECRET = "UNKNOWN"
+GITHUB_AUTH_URL = "UNKNOWN"
+GITHUB_API_URL = "UNKNOWN"
+
+ORCID_CLIENT_ID = "UNKNOWN"
+ORCID_CLIENT_SECRET = "UNKNOWN"
+ORCID_AUTH_URL = "UNKNOWN"
+ORCID_TOKEN_URL = "UNKNOWN"
+
+ELASTICSEARCH_HOST = "localhost"
+ELASTICSEARCH_PORT = '9200'
+
+SMTP_CONNECT = "UNKNOWN"
+SMTP_USERNAME = "UNKNOWN"
+SMTP_PASSWORD = "UNKNOWN"
+
+
 # ---- Behavioural settings (defaults) note that logger and log levels can
 #      be overridden at the module level and with enviroment settings
 WEBSERVER_MODE  = 'DEV'     # Python webserver mode (DEBUG|DEV|PROD)
-- 
cgit v1.2.3


From 5bdee72c7d06ed0357433087711f0e2ff7cc50a4 Mon Sep 17 00:00:00 2001
From: Pjotr Prins
Date: Fri, 30 Mar 2018 09:22:50 +0000
Subject: Fixes related to E-mail forgotten password

---
 etc/default_settings.py         |  2 +-
 wqflask/wqflask/user_manager.py | 37 ++++++++++++++++++++++++++-----------
 2 files changed, 27 insertions(+), 12 deletions(-)

(limited to 'etc/default_settings.py')

diff --git a/etc/default_settings.py b/etc/default_settings.py
index a70d8aec..da8cbb7c 100644
--- a/etc/default_settings.py
+++ b/etc/default_settings.py
@@ -54,7 +54,7 @@ ORCID_TOKEN_URL = "UNKNOWN"
 ELASTICSEARCH_HOST = "localhost"
 ELASTICSEARCH_PORT = '9200'
 
-SMTP_CONNECT = "UNKNOWN"
+SMTP_CONNECT = "localhost"
 SMTP_USERNAME = "UNKNOWN"
 SMTP_PASSWORD = "UNKNOWN"
 
diff --git a/wqflask/wqflask/user_manager.py b/wqflask/wqflask/user_manager.py
index 755d64da..6e8f571e 100644
--- a/wqflask/wqflask/user_manager.py
+++ b/wqflask/wqflask/user_manager.py
@@ -55,7 +55,10 @@ logger = getLogger(__name__)
 from base.data_set import create_datasets_list
 
 import requests
-from utility.elasticsearch_tools import es, get_elasticsearch_connection, get_user_by_unique_column, save_user
+from utility.elasticsearch_tools import get_elasticsearch_connection, get_user_by_unique_column, save_user, es_save_data
+
+from smtplib import SMTP
+from utility.tools import SMTP_CONNECT, SMTP_USERNAME, SMTP_PASSWORD
 
 THREE_DAYS = 60 * 60 * 24 * 3
 #THREE_DAYS = 45
@@ -386,6 +389,7 @@ class ForgotPasswordEmail(VerificationEmail):
             "email_address": toaddr,
             "timestamp": timestamp()
         }
+        es = get_elasticsearch_connection()
         es_save_data(es, self.key_prefix, "local", data, verification_code)
 
         subject = self.subject
@@ -437,7 +441,6 @@ def verify_email():
 @app.route("/n/password_reset", methods=['GET'])
 def password_reset():
     logger.debug("in password_reset request.url is:", request.url)
-
     # We do this mainly just to assert that it's in proper form for displaying next page
     # Really not necessary but doesn't hurt
     # user_encode = DecodeUser(ForgotPasswordEmail.key_prefix).reencode_standalone()
@@ -747,6 +750,7 @@ def forgot_password():
 def forgot_password_submit():
     params = request.form
     email_address = params['email_address']
+    es = get_elasticsearch_connection()
     user_details = get_user_by_unique_column(es, "email_address", email_address)
     if user_details:
         ForgotPasswordEmail(user_details["email_address"])
@@ -913,15 +917,26 @@ app.jinja_env.globals.update(url_for_hmac=url_for_hmac,
 #     Redis.rpush("mail_queue", msg)
 
 def send_email(toaddr, msg, fromaddr="no-reply@genenetwork.org"):
-    from smtplib import SMTP
-    from utility.tools import SMTP_CONNECT, SMTP_USERNAME, SMTP_PASSWORD
-    server = SMTP(SMTP_CONNECT)
-    server.starttls()
-    server.login(SMTP_USERNAME, SMTP_PASSWORD)
-    server.sendmail(fromaddr, toaddr, msg)
-    server.quit()
-
-
+    """Send an E-mail through SMTP_CONNECT host. If SMTP_USERNAME is not
+    'UNKNOWN' TLS is used
+
+    """
+    if SMTP_USERNAME == 'UNKNOWN':
+        logger.debug("SMTP: connecting with host "+SMTP_CONNECT)
+        server = SMTP(SMTP_CONNECT)
+        server.sendmail(fromaddr, toaddr, msg)
+    else:
+        logger.debug("SMTP: connecting TLS with host "+SMTP_CONNECT)
+        server = SMTP(SMTP_CONNECT)
+        server.starttls()
+        logger.debug("SMTP: login with user "+SMTP_USERNAME)
+        server.login(SMTP_USERNAME, SMTP_PASSWORD)
+        logger.debug("SMTP: "+fromaddr)
+        logger.debug("SMTP: "+toaddr)
+        logger.debug("SMTP: "+msg)
+        server.sendmail(fromaddr, toaddr, msg)
+        server.quit()
+    logger.info("Successfully sent email to "+toaddr)
 
 class GroupsManager(object):
     def __init__(self, kw):
-- 
cgit v1.2.3