From 6178a48d29cd83fd3beb70854721070826e230e3 Mon Sep 17 00:00:00 2001 From: zsloan Date: Wed, 22 Apr 2020 16:03:07 -0500 Subject: Fixed a variety of issues related to users registering and logging in GN2 should now work when Redis is empty --- wqflask/utility/startup_config.py | 4 +- wqflask/utility/tools.py | 8 +-- wqflask/wqflask/collect.py | 2 +- wqflask/wqflask/show_trait/SampleList.py | 84 ++++++++++++++++---------------- wqflask/wqflask/show_trait/show_trait.py | 4 +- wqflask/wqflask/user_login.py | 44 ++++++++--------- wqflask/wqflask/user_session.py | 13 +++-- 7 files changed, 80 insertions(+), 79 deletions(-) (limited to 'wqflask') diff --git a/wqflask/utility/startup_config.py b/wqflask/utility/startup_config.py index 5a62cc50..817284dd 100644 --- a/wqflask/utility/startup_config.py +++ b/wqflask/utility/startup_config.py @@ -33,7 +33,7 @@ def app_config(): if page.status_code != 200: raise Exception("API server not found!") - import utility.elasticsearch_tools as es - es.test_elasticsearch_connection() + # import utility.elasticsearch_tools as es + # es.test_elasticsearch_connection() print("GN2 is running. Visit %s[http://localhost:%s/%s](%s)" % (BLUE,str(port),ENDC,get_setting("WEBSERVER_URL"))) diff --git a/wqflask/utility/tools.py b/wqflask/utility/tools.py index 75bddb24..0fbedccb 100644 --- a/wqflask/utility/tools.py +++ b/wqflask/utility/tools.py @@ -267,10 +267,10 @@ if ORCID_CLIENT_ID != 'UNKNOWN' and ORCID_CLIENT_SECRET: ORCID_CLIENT_ID+"&client_secret="+ORCID_CLIENT_SECRET ORCID_TOKEN_URL = get_setting('ORCID_TOKEN_URL') -ELASTICSEARCH_HOST = get_setting('ELASTICSEARCH_HOST') -ELASTICSEARCH_PORT = get_setting('ELASTICSEARCH_PORT') -import utility.elasticsearch_tools as es -es.test_elasticsearch_connection() +# ELASTICSEARCH_HOST = get_setting('ELASTICSEARCH_HOST') +# ELASTICSEARCH_PORT = get_setting('ELASTICSEARCH_PORT') +# import utility.elasticsearch_tools as es +# es.test_elasticsearch_connection() SMTP_CONNECT = get_setting('SMTP_CONNECT') SMTP_USERNAME = get_setting('SMTP_USERNAME') diff --git a/wqflask/wqflask/collect.py b/wqflask/wqflask/collect.py index fa6e03b4..1d74b699 100644 --- a/wqflask/wqflask/collect.py +++ b/wqflask/wqflask/collect.py @@ -108,7 +108,7 @@ def collections_new(): if 'existing_collection' not in params: collections = g.user_session.user_collections for collection in collections: - if collection["name"] == "Default Collection": + if collection["name"] == "Your Default Collection": collection_id = collection["id"] collection_name = collection["name"] default_collection_exists = True diff --git a/wqflask/wqflask/show_trait/SampleList.py b/wqflask/wqflask/show_trait/SampleList.py index 7e126a36..ad78ebcc 100644 --- a/wqflask/wqflask/show_trait/SampleList.py +++ b/wqflask/wqflask/show_trait/SampleList.py @@ -14,8 +14,6 @@ import simplejson as json import itertools -from utility.elasticsearch_tools import get_elasticsearch_connection - import utility.logger logger = utility.logger.getLogger(__name__ ) @@ -158,47 +156,47 @@ class SampleList(object): return any(sample.variance for sample in self.sample_list) -def get_transform_vals(dataset, trait): - es = get_elasticsearch_connection(for_user=False) - - logger.info("DATASET NAME:", dataset.name) - - query = '{"bool": {"must": [{"match": {"name": "%s"}}, {"match": {"dataset": "%s"}}]}}' % (trait.name, dataset.name) - - es_body = { - "query": { - "bool": { - "must": [ - { - "match": { - "name": "%s" % (trait.name) - } - }, - { - "match": { - "dataset": "%s" % (dataset.name) - } - } - ] - } - } - } - - response = es.search( index = "traits", doc_type = "trait", body = es_body ) - logger.info("THE RESPONSE:", response) - results = response['hits']['hits'] - - if len(results) > 0: - samples = results[0]['_source']['samples'] - - sample_dict = {} - for sample in samples: - sample_dict[sample['name']] = sample['qnorm'] - - #logger.info("SAMPLE DICT:", sample_dict) - return sample_dict - else: - return None +# def get_transform_vals(dataset, trait): +# es = get_elasticsearch_connection(for_user=False) + +# logger.info("DATASET NAME:", dataset.name) + +# query = '{"bool": {"must": [{"match": {"name": "%s"}}, {"match": {"dataset": "%s"}}]}}' % (trait.name, dataset.name) + +# es_body = { +# "query": { +# "bool": { +# "must": [ +# { +# "match": { +# "name": "%s" % (trait.name) +# } +# }, +# { +# "match": { +# "dataset": "%s" % (dataset.name) +# } +# } +# ] +# } +# } +# } + +# response = es.search( index = "traits", doc_type = "trait", body = es_body ) +# logger.info("THE RESPONSE:", response) +# results = response['hits']['hits'] + +# if len(results) > 0: +# samples = results[0]['_source']['samples'] + +# sample_dict = {} +# for sample in samples: +# sample_dict[sample['name']] = sample['qnorm'] + +# #logger.info("SAMPLE DICT:", sample_dict) +# return sample_dict +# else: +# return None def natural_sort_key(x): """Get expected results when using as a key for sort - ints or strings are sorted properly""" diff --git a/wqflask/wqflask/show_trait/show_trait.py b/wqflask/wqflask/show_trait/show_trait.py index d35ba749..8883e627 100644 --- a/wqflask/wqflask/show_trait/show_trait.py +++ b/wqflask/wqflask/show_trait/show_trait.py @@ -364,8 +364,8 @@ class ShowTrait(object): if self.dataset: dataset_menu_selected = self.dataset.name - return_results_menu = (100, 200, 500, 1000, 2000, 5000, 10000, 15000, 20000) - return_results_menu_selected = 500 + return_results_menu = (100, 200, 500, 1000, 2000, 5000, 10000, 15000, 20000) + return_results_menu_selected = 500 self.corr_tools = dict(dataset_menu = dataset_menu, dataset_menu_selected = dataset_menu_selected, diff --git a/wqflask/wqflask/user_login.py b/wqflask/wqflask/user_login.py index da3cc504..40d9925c 100644 --- a/wqflask/wqflask/user_login.py +++ b/wqflask/wqflask/user_login.py @@ -6,7 +6,6 @@ import datetime import time import logging import uuid -import hashlib import hmac import base64 import requests @@ -42,17 +41,23 @@ def basic_info(): ip_address = request.remote_addr, user_agent = request.headers.get('User-Agent')) -def encode_password(pass_gen_fields): +def encode_password(pass_gen_fields, unencrypted_password): + logger.debug("THE TYPE:", type(pass_gen_fields)) + logger.debug("pass_gen_fields:", pass_gen_fields) + logger.debug("hashfunc:", pass_gen_fields['hashfunc']) hashfunc = getattr(hashlib, pass_gen_fields['hashfunc']) salt = base64.b64decode(pass_gen_fields['salt']) - password = pbkdf2.pbkdf2_hex(str(pass_gen_fields['unencrypted_password']), + encrypted_password = pbkdf2.pbkdf2_hex(str(unencrypted_password), pass_gen_fields['salt'], pass_gen_fields['iterations'], pass_gen_fields['keylength'], hashfunc) - return password + pass_gen_fields.pop("unencrypted_password", None) + pass_gen_fields["password"] = encrypted_password + + return pass_gen_fields def set_password(password): pass_gen_fields = { @@ -67,19 +72,10 @@ def set_password(password): assert len(password) >= 6, "Password shouldn't be shorter than 6 characters" - encoded_password = encode_password(pass_gen_fields) + encoded_password = encode_password(pass_gen_fields, pass_gen_fields['unencrypted_password']) return encoded_password -def encrypt_password(unencrypted_password, pwfields): - hashfunc = getattr(hashlib, pwfields['hashfunc']) - salt = base64.b64decode(pwfields['salt']) - iterations = pwfields['iterations'] - keylength = pwfields['keylength'] - encrypted_password = pbkdf2.pbkdf2_hex(str(unencrypted_password), - salt, iterations, keylength, hashfunc) - return encrypted_password - def get_signed_session_id(user): session_id = str(uuid.uuid4()) @@ -186,9 +182,12 @@ def login(): password_match = False if user_details: submitted_password = params['password'] - pwfields = json.loads(user_details['password']) - encrypted_pass = encrypt_password(submitted_password, pwfields) - password_match = pbkdf2.safe_str_cmp(encrypted_pass, pwfields['password']) + pwfields = user_details['password'] + if type(pwfields) is str: + pwfields = json.loads(pwfields) + encrypted_pass_fields = encode_password(pwfields, submitted_password) + password_match = pbkdf2.safe_str_cmp(encrypted_pass_fields['password'], pwfields['password']) + else: # Invalid e-mail flash("Invalid e-mail address. Please try again.", "alert-danger") response = make_response(redirect(url_for('login'))) @@ -226,7 +225,7 @@ def github_oauth2(): "client_secret": GITHUB_CLIENT_SECRET, "code": code } - logger.debug("LOGIN DATA:", data) + result = requests.post("https://github.com/login/oauth/access_token", json=data) result_dict = {arr[0]:arr[1] for arr in [tok.split("=") for tok in [token.encode("utf-8") for token in result.text.split("&")]]} @@ -437,19 +436,18 @@ def register_user(params): if params.get('password_confirm') != password: errors.append("Passwords don't match.") - if errors: - return errors - user_details['password'] = set_password(password) user_details['user_id'] = str(uuid.uuid4()) user_details['confirmed'] = 1 - user_details['registration_info'] = json.dumps(basic_info(), sort_keys=True) + user_details['registration_info'] = basic_info() save_user(user_details, user_details['user_id']) + return errors + @app.route("/n/register", methods=('GET', 'POST')) def register(): - errors = None + errors = [] params = request.form if request.form else request.args params = params.to_dict(flat=True) diff --git a/wqflask/wqflask/user_session.py b/wqflask/wqflask/user_session.py index d75a03df..fd1779fb 100644 --- a/wqflask/wqflask/user_session.py +++ b/wqflask/wqflask/user_session.py @@ -9,6 +9,7 @@ import simplejson as json import redis # used for collections Redis = redis.StrictRedis() + from flask import (Flask, g, render_template, url_for, request, make_response, redirect, flash, abort) @@ -69,19 +70,23 @@ class UserSession(object): if not self.record or self.record == []: if user_cookie: self.logged_in = False + self.record = dict(login_time = time.time(), + user_type = "anon", + user_id = str(uuid.uuid4())) + Redis.hmset(self.redis_key, self.record) + Redis.expire(self.redis_key, THIRTY_DAYS) + response = make_response(redirect(url_for('login'))) + response.set_cookie(self.user_cookie_name, '', expires=0) ########### Grrr...this won't work because of the way flask handles cookies # Delete the cookie - response = make_response(redirect(url_for('login'))) - #response.set_cookie(self.cookie_name, '', expires=0) flash("Due to inactivity your session has expired. If you'd like please login again.") - #return response + return response #return else: self.record = dict(login_time = time.time(), user_type = "anon", user_id = str(uuid.uuid4())) - Redis.hmset(self.redis_key, self.record) Redis.expire(self.redis_key, THIRTY_DAYS) else: -- cgit v1.2.3