1
|
|
|
""" |
2
|
|
|
byceps.services.authentication.service |
3
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
4
|
|
|
|
5
|
|
|
:Copyright: 2006-2020 Jochen Kupperschmidt |
6
|
|
|
:License: Modified BSD, see LICENSE for details. |
7
|
|
|
""" |
8
|
|
|
|
9
|
|
|
from typing import Optional |
10
|
|
|
|
11
|
|
|
from ..user import service as user_service |
12
|
|
|
from ..user.transfer.models import User |
13
|
|
|
|
14
|
|
|
from .exceptions import AuthenticationFailed |
15
|
|
|
from .password import service as password_service |
16
|
|
|
|
17
|
|
|
|
18
|
|
|
def authenticate(screen_name_or_email_address: str, password: str) -> User: |
19
|
|
|
"""Try to authenticate the user. |
20
|
|
|
|
21
|
|
|
Return the user object on success, or raise an exception on failure. |
22
|
|
|
""" |
23
|
|
|
# Look up user. |
24
|
|
|
user = _find_user_by_screen_name_or_email_address( |
25
|
|
|
screen_name_or_email_address |
26
|
|
|
) |
27
|
|
|
if user is None: |
28
|
|
|
# Screen name/email address is unknown. |
29
|
|
|
raise AuthenticationFailed() |
30
|
|
|
|
31
|
|
|
# Account must be initialized. |
32
|
|
|
if not user.initialized: |
33
|
|
|
# User account is not initialized. |
34
|
|
|
raise AuthenticationFailed() |
35
|
|
|
|
36
|
|
|
# Account must not be suspended. |
37
|
|
|
if user.suspended: |
38
|
|
|
# User account is suspended. |
39
|
|
|
raise AuthenticationFailed() |
40
|
|
|
|
41
|
|
|
# Account must not be deleted. |
42
|
|
|
if user.deleted: |
43
|
|
|
# User account has been deleted. |
44
|
|
|
raise AuthenticationFailed() |
45
|
|
|
|
46
|
|
|
# Verify credentials. |
47
|
|
|
if not password_service.is_password_valid_for_user(user.id, password): |
48
|
|
|
# Password does not match. |
49
|
|
|
raise AuthenticationFailed() |
50
|
|
|
|
51
|
|
|
return user.to_dto() |
52
|
|
|
|
53
|
|
|
|
54
|
|
|
def _find_user_by_screen_name_or_email_address( |
55
|
|
|
screen_name_or_email_address: str |
56
|
|
|
) -> Optional[User]: |
57
|
|
|
if '@' in screen_name_or_email_address: |
58
|
|
|
return user_service.find_user_by_email_address( |
59
|
|
|
screen_name_or_email_address |
60
|
|
|
) |
61
|
|
|
else: |
62
|
|
|
return user_service.find_user_by_screen_name( |
63
|
|
|
screen_name_or_email_address, case_insensitive=True |
64
|
|
|
) |
65
|
|
|
|