def reset_password():
"""
Final password reset form POST endpoint.
"""
code = request.forms.get('code')
password = request.forms.get('password')
confirm_password = request.forms.get('confirm_password')
# Validate password
if confirm_password != password:
return redirect_with_query(
'/account/reset/verified',
{'code_valid': True, 'code': code, 'error': "Passwords do not match."},
)
try:
User.validate_password(password)
except UsageError as e:
return redirect_with_query(
'/account/reset/verified', {'code_valid': True, 'code': code, 'error': e.message}
)
# Verify reset code again and get user_id
user_id = local.model.get_reset_code_user_id(code, delete=True)
if user_id is None:
return redirect_with_query('/account/reset/verified', {'code_valid': False})
# Update user password
user_info = local.model.get_user_info(user_id)
user_info['password'] = (User.encode_password(password, crypt_util.get_random_string()),)
local.model.update_user_info(user_info)
return redirect('/account/reset/complete')
def request_reset():
"""
Email change form POST endpoint.
"""
email = request.forms.get('email').strip()
if email == request.user.email:
return redirect_with_query('/account/changeemail', {
'error': "Your email address is already %s." % email
})
if not spec_util.BASIC_EMAIL_REGEX.match(email):
return redirect_with_query('/account/changeemail', {
'error': "Invalid email address."
})
if local.model.user_exists(None, email):
return redirect_with_query('/account/changeemail', {
'error': "User with this email already exists."
})
local.model.update_user_info({
'user_id': request.user.user_id,
'email': email,
'is_verified': False,
})
key = local.model.get_verification_key(request.user.user_id)
send_verification_key(request.user.user_name, request.user.email, key)
return redirect('/account/changeemail/sent')
def request_change_email():
"""
Email change form POST endpoint.
"""
email = request.forms.get('email').strip()
if email == request.user.email:
return redirect_with_query(
'/account/changeemail',
{'error': "Your email address is already %s." % email})
if not spec_util.BASIC_EMAIL_REGEX.match(email):
return redirect_with_query('/account/changeemail',
{'error': "Invalid email address."})
if local.model.user_exists(None, email):
return redirect_with_query(
'/account/changeemail',
{'error': "User with this email already exists."})
local.model.update_user_info({
'user_id': request.user.user_id,
'email': email,
'is_verified': False
})
key = local.model.get_verification_key(request.user.user_id)
send_verification_key(request.user.user_name, request.user.email, key)
return redirect('/account/changeemail/sent')
def check_user_authenticated(self):
if not self.user_is_authenticated():
if request.is_ajax:
abort(httplib.UNAUTHORIZED,
AuthPlugin._NOT_AUTHENTICATED_ERROR)
else:
redirect_with_query('/account/login', {'next': request.url})
def reset_password():
"""
Final password reset form POST endpoint.
"""
code = request.forms.get('code')
password = request.forms.get('password')
confirm_password = request.forms.get('confirm_password')
# Validate password
if confirm_password != password:
return redirect_with_query(
'/account/reset/verified',
{'code_valid': True, 'code': code, 'error': "Passwords do not match."},
)
try:
User.validate_password(password)
except UsageError as e:
return redirect_with_query(
'/account/reset/verified', {'code_valid': True, 'code': code, 'error': str(e)}
)
# Verify reset code again and get user_id
user_id = local.model.get_reset_code_user_id(code, delete=True)
if user_id is None:
return redirect_with_query('/account/reset/verified', {'code_valid': False})
# Update user password
user_info = local.model.get_user_info(user_id)
user_info['password'] = (User.encode_password(password, crypt_util.get_random_string()),)
local.model.update_user_info(user_info)
return redirect('/account/reset/complete')
def wrapper(*args, **kwargs):
if not user_is_authenticated():
if request.is_ajax:
abort(httplib.UNAUTHORIZED, 'Not authorized')
else:
redirect_with_query('/account/login', {'next': request.url})
return callback(*args, **kwargs)
def wrapper(*args, **kwargs):
if not hasattr(request, 'user') or request.user is None:
if request.is_ajax:
abort(httplib.UNAUTHORIZED, 'Not authorized')
else:
redirect_with_query('/account/login', {'next': request.url})
return callback(*args, **kwargs)
def wrapper(*args, **kwargs):
if not hasattr(request, 'user') or request.user is None:
if request.is_ajax:
abort(httplib.UNAUTHORIZED, 'Not authorized')
else:
redirect_with_query('/account/login',
{'next': request.url})
return callback(*args, **kwargs)
def verify_reset_code(code):
"""
Target endpoint for password reset code links.
Does an initial verification of the reset code and redirects to the
frontend page with the appropriate parameters.
"""
if local.model.get_reset_code_user_id(code, delete=False) is not None:
redirect_with_query('/account/reset/verified', {'code_valid': True, 'code': code})
else:
redirect_with_query('/account/reset/verified', {'code_valid': False})
def verify_reset_code(code):
"""
Target endpoint for password reset code links.
Does an initial verification of the reset code and redirects to the
frontend page with the appropriate parameters.
"""
if local.model.get_reset_code_user_id(code, delete=False) is not None:
redirect_with_query('/account/reset/verified', {'code_valid': True, 'code': code})
else:
redirect_with_query('/account/reset/verified', {'code_valid': False})
def do_signup():
if request.user:
return redirect(default_app().get_url(
'success', message="You are already logged into your account."))
success_uri = request.forms.get('success_uri')
error_uri = request.forms.get('error_uri')
username = request.forms.get('username')
password = request.forms.get('password')
email = request.forms.get('email')
errors = []
if request.forms.get('confirm_password') != password:
errors.append("Passwords do not match.")
if not spec_util.NAME_REGEX.match(username):
errors.append(
"Username must only contain letter, digits, hyphens, underscores, and periods."
)
try:
User.validate_password(password)
except UsageError as e:
errors.append(e.message)
# Only do a basic validation of email -- the only guaranteed way to check
# whether an email address is valid is by sending an actual email.
if not spec_util.BASIC_EMAIL_REGEX.match(email):
errors.append("Email address is invalid.")
if local.model.user_exists(username, email):
errors.append("User with this username or email already exists.")
if not NAME_REGEX.match(username):
errors.append(
"Username characters must be alphanumeric, underscores, periods, or dashes."
)
if errors:
return redirect_with_query(
error_uri, {
'error': ' '.join(errors),
'next': success_uri,
'email': email,
'username': username,
})
# Create unverified user
_, verification_key = local.model.add_user(username, email, password)
# Send key
send_verification_key(username, email, verification_key)
# Redirect to success page
return redirect_with_query(success_uri, {'email': email})
def do_signup():
if request.user:
return redirect(default_app().get_url('success', message="You are already logged into your account."))
success_uri = request.forms.get('success_uri')
error_uri = request.forms.get('error_uri')
username = request.forms.get('username')
password = request.forms.get('password')
email = request.forms.get('email')
errors = []
if request.forms.get('confirm_password') != password:
errors.append("Passwords do not match.")
if not spec_util.NAME_REGEX.match(username):
errors.append("Username must only contain letter, digits, hyphens, underscores, and periods.")
try:
User.validate_password(password)
except UsageError as e:
errors.append(e.message)
# Only do a basic validation of email -- the only guaranteed way to check
# whether an email address is valid is by sending an actual email.
if not spec_util.BASIC_EMAIL_REGEX.match(email):
errors.append("Email address is invalid.")
if local.model.user_exists(username, email):
errors.append("User with this username or email already exists.")
if not NAME_REGEX.match(username):
errors.append("Username characters must be alphanumeric, underscores, periods, or dashes.")
if errors:
return redirect_with_query(error_uri, {
'error': ' '.join(errors),
'next': success_uri,
'email': email,
'username': username,
})
# Create unverified user
_, verification_key = local.model.add_user(username, email, password)
# Send key
send_verification_key(username, email, verification_key)
# Redirect to success page
return redirect_with_query(success_uri, {
'email': email
})
def request_reset_post():
"""
Password reset form POST endpoint.
"""
email = request.forms.get('email')
user = local.model.get_user(username=email)
if user is None:
# Redirect back to form page
return redirect_with_query(
'/account/reset',
{'error': "User with email %s not found." % email})
# Generate reset code
reset_code = local.model.new_user_reset_code(user.user_id)
# Send code
hostname = request.get_header('X-Forwarded-Host') or request.get_header(
'Host')
scheme = request.get_header('X-Forwarded-Proto')
user_name = user.first_name or user.user_name
local.emailer.send_email(
subject="CodaLab password reset link",
body=template('password_reset_body',
user=user_name,
scheme=scheme,
hostname=hostname,
code=reset_code),
recipient=email,
)
# Redirect to success page
return redirect('/account/reset/sent')
def do_login():
success_uri = request.forms.get('success_uri')
error_uri = request.forms.get('error_uri')
username = request.forms.get('username')
password = request.forms.get('password')
user = local.model.get_user(username=username)
if not (user and user.check_password(password)):
return redirect_with_query(error_uri, {
"error": "Login/password did not match.",
"next": success_uri
})
# Update last login
local.model.update_user_last_login(user.user_id)
# Save cookie in client
cookie = LoginCookie(user.user_id, max_age=30 * 24 * 60 * 60)
cookie.save()
# Redirect client to next page
if success_uri:
return redirect(success_uri)
else:
return redirect('/')
def request_reset():
"""
Password reset form POST endpoint.
"""
email = request.forms.get('email')
user = local.model.get_user(username=email)
if user is None:
# Redirect back to form page
return redirect_with_query('/account/reset', {
'error': "User with email %s not found." % email
})
# Generate reset code
reset_code = local.model.new_user_reset_code(user.user_id)
# Send code
hostname = request.get_header('X-Forwarded-Host') or request.get_header('Host')
user_name = user.first_name or user.user_name
local.emailer.send_email(
subject="CodaLab password reset link",
body=template('password_reset_body', user=user_name, current_site=hostname, code=reset_code),
recipient=email,
)
# Redirect to success page
return redirect('/account/reset/sent')
def do_login():
success_uri = request.forms.get('success_uri')
error_uri = request.forms.get('error_uri')
username = request.forms.get('username')
password = request.forms.get('password')
user = local.model.get_user(username=username)
if not (user and user.check_password(password)):
return redirect_with_query(error_uri, {
"error": "Login/password did not match.",
"next": success_uri,
})
# Update last login
local.model.update_user_last_login(user.user_id)
# Save cookie in client
cookie = LoginCookie(user.user_id, max_age=30 * 24 * 60 * 60)
cookie.save()
# Redirect client to next page
if success_uri:
return redirect(success_uri)
else:
return redirect('/')
def resend_key():
if request.user.is_verified:
return redirect('/account/verify/success')
key = local.model.get_verification_key(request.user.user_id)
send_verification_key(request.user.user_name, request.user.email, key)
return redirect_with_query('/account/signup/success',
{'email': request.user.email})
def resend_key():
if request.user.is_verified:
return redirect('/account/verify/success')
key = local.model.get_verification_key(request.user.user_id)
send_verification_key(request.user.user_name, request.user.email, key)
return redirect_with_query('/account/signup/success', {
"email": request.user.email,
})
def do_signup():
if request.user.is_authenticated:
return redirect(default_app().get_url(
'success', message="You are already logged into your account."))
success_uri = request.forms.get('success_uri')
error_uri = request.forms.get('error_uri')
username = request.forms.get('username')
email = request.forms.get('email')
first_name = request.forms.get('first_name')
last_name = request.forms.get('last_name')
password = request.forms.get('password')
affiliation = request.forms.get('affiliation')
errors = []
if request.user.is_authenticated:
errors.append("You are already logged in as %s, please log out before "
"creating a new account." % request.user.user_name)
if request.forms.get('confirm_password') != password:
errors.append("Passwords do not match.")
if not spec_util.NAME_REGEX.match(username):
errors.append(
"Username must only contain letter, digits, hyphens, underscores, and periods."
)
try:
User.validate_password(password)
except UsageError as e:
errors.append(str(e))
# Only do a basic validation of email -- the only guaranteed way to check
# whether an email address is valid is by sending an actual email.
if not spec_util.BASIC_EMAIL_REGEX.match(email):
errors.append("Email address is invalid.")
if local.model.user_exists(username, email):
errors.append("User with this username or email already exists.")
if not NAME_REGEX.match(username):
errors.append(
"Username characters must be alphanumeric, underscores, periods, or dashes."
)
if errors:
return redirect_with_query(
error_uri,
{
'error': ' '.join(errors),
'next': success_uri,
'email': email,
'username': username,
'first_name': first_name,
'last_name': last_name,
'affiliation': affiliation,
},
)
# If user leaves it blank, empty string is obtained - make it of NoneType.
if not affiliation:
affiliation = None
# Create unverified user
_, verification_key = local.model.add_user(username, email, first_name,
last_name, password,
affiliation)
# Send key
send_verification_key(username, email, verification_key)
# Redirect to success page
return redirect_with_query(success_uri, {'email': email})
def do_signup():
success_uri = request.forms.get('success_uri')
error_uri = request.forms.get('error_uri')
username = request.forms.get('username')
email = request.forms.get('email')
first_name = request.forms.get('first_name')
last_name = request.forms.get('last_name')
password = request.forms.get('password')
affiliation = request.forms.get('affiliation')
token = request.forms.get('token')
errors = []
if not token:
errors.append('Google reCAPTCHA token is missing.')
else:
url = 'https://www.google.com/recaptcha/api/siteverify'
data = {
'secret': os.environ['CODALAB_RECAPTCHA_SECRET_KEY'],
'response': token,
}
res = requests.post(url, data)
try:
data = res.json()
if not data.get('success'):
errors.append('Google reCAPTCHA failed.')
except UsageError as e:
errors.append(str(e))
if request.user.is_authenticated:
errors.append("You are already logged in as %s, please log out before "
"creating a new account." % request.user.user_name)
if request.forms.get('confirm_password') != password:
errors.append("Passwords do not match.")
if not spec_util.NAME_REGEX.match(username):
errors.append(
"Username must only contain letter, digits, hyphens, underscores, and periods."
)
try:
User.validate_password(password)
except UsageError as e:
errors.append(str(e))
# Only do a basic validation of email -- the only guaranteed way to check
# whether an email address is valid is by sending an actual email.
if not spec_util.BASIC_EMAIL_REGEX.match(email):
errors.append("Email address is invalid.")
if local.model.user_exists(username, email):
errors.append("User with this username or email already exists.")
if not NAME_REGEX.match(username):
errors.append(
"Username characters must be alphanumeric, underscores, periods, or dashes."
)
if errors:
return redirect_with_query(
error_uri,
{
'error': ' '.join(errors),
'next': success_uri,
'email': email,
'username': username,
'first_name': first_name,
'last_name': last_name,
'affiliation': affiliation,
},
)
# If user leaves it blank, empty string is obtained - make it of NoneType.
if not affiliation:
affiliation = None
# Create unverified user
_, verification_key = local.model.add_user(username, email, first_name,
last_name, password,
affiliation)
# Send key
send_verification_key(username, email, verification_key)
# Redirect to success page
return redirect_with_query(success_uri, {'email': email})
def do_signup():
if request.user.is_authenticated:
return redirect(
default_app().get_url('success', message="You are already logged into your account.")
)
success_uri = request.forms.get('success_uri')
error_uri = request.forms.get('error_uri')
username = request.forms.get('username')
email = request.forms.get('email')
first_name = request.forms.get('first_name')
last_name = request.forms.get('last_name')
password = request.forms.get('password')
affiliation = request.forms.get('affiliation')
errors = []
if request.user.is_authenticated:
errors.append(
"You are already logged in as %s, please log out before "
"creating a new account." % request.user.user_name
)
if request.forms.get('confirm_password') != password:
errors.append("Passwords do not match.")
if not spec_util.NAME_REGEX.match(username):
errors.append(
"Username must only contain letter, digits, hyphens, underscores, and periods."
)
try:
User.validate_password(password)
except UsageError as e:
errors.append(e.message)
# Only do a basic validation of email -- the only guaranteed way to check
# whether an email address is valid is by sending an actual email.
if not spec_util.BASIC_EMAIL_REGEX.match(email):
errors.append("Email address is invalid.")
if local.model.user_exists(username, email):
errors.append("User with this username or email already exists.")
if not NAME_REGEX.match(username):
errors.append("Username characters must be alphanumeric, underscores, periods, or dashes.")
if errors:
return redirect_with_query(
error_uri,
{
'error': ' '.join(errors),
'next': success_uri,
'email': email,
'username': username,
'first_name': first_name,
'last_name': last_name,
'affiliation': affiliation,
},
)
# If user leaves it blank, empty string is obtained - make it of NoneType.
if not affiliation:
affiliation = None
# Create unverified user
_, verification_key = local.model.add_user(
username, email, first_name, last_name, password, affiliation
)
# Send key
send_verification_key(username, email, verification_key)
# Redirect to success page
return redirect_with_query(success_uri, {'email': email})
def check_has_access(self):
if not request.user.has_access:
if request.is_ajax:
abort(httplib.UNAUTHORIZED, AuthPlugin._ACCESS_DENIED_ERROR)
else:
redirect_with_query('/account/login', {'next': request.url})
