def delete(self, user_id): self.request_parser.add_argument('password', type=str, required=True, help='No password is provided') args = self.request_parser.parse_args() password = args['password'] if not password: return make_response('Password is mandatory!', 400) user = service.get_user_by_id(user_id) if user is None: return make_response('User ' + str(user_id) + ' does not exist!', 404) else: existing_password_entry = \ service.find_user_password_by_email(user.email) if not existing_password_entry.verify_password(password): logger.warn('Cannot delete user %s (%s): ' 'wrong password provided', user_id, user.email) return make_response('Wrong password', 400) service.delete_user(user.email) logger.info('Deleted user %s (%s)', user_id, user.email) return redirect('/')
def delete(self, user_id): self.request_parser.add_argument('password', type=str, required=True, help='No password is provided') args = self.request_parser.parse_args() password = args['password'] if not password: return make_response('Password is mandatory!', 400) user = service.get_user_by_id(user_id) if user is None: return make_response('User ' + str(user_id) + ' does not exist!', 404) else: existing_password_entry = \ service.find_user_password_by_email(user.email) if not existing_password_entry.verify_password(password): logger.warn( 'Cannot delete user %s (%s): ' 'wrong password provided', user_id, user.email) return make_response('Wrong password', 400) service.delete_user(user.email) logger.info('Deleted user %s (%s)', user_id, user.email) return redirect('/')
def post(self): self.request_parser.add_argument('username', type=str, required=True, help='No username is provided') self.request_parser.add_argument('password', type=str, required=True, help='No password is provided') self.request_parser.add_argument('name', type=unicode, required=False) args = self.request_parser.parse_args() username = args['username'] password = args['password'] if not username or not password: return make_response('Username and password are mandatory!', 400) user = service.find_user_by_email(username) if user is not None: logger.warn('User %s already exists', user.email) return make_response('User already exists', 400) name = args['name'].encode('utf-8') if args['name'] else '' user = service.create_new_user(username, password, name) logger.info('New user %d with email %s has been created!', user.id, user.email) return redirect(url_for('main', confirmationSent=True))
def confirm_email(user, confirmation_hash): if confirmation_hash == user.confirmation_hash: logger.info('User email %s is confirmed', user.email) user.email_is_confirmed = True db.session.commit() return True else: logger.warn('User %s tried to use wrong confirmation hash', user.email) return False
def post(self, user_id): """ Updates user information. :param user_id :return: Flask response """ self.request_parser.add_argument('confirm', type=str, required=False) self.request_parser.add_argument('source', type=str, required=False) self.request_parser.add_argument('name', type=unicode, required=False) self.request_parser.add_argument('last_name', type=unicode, required=False) self.request_parser.add_argument('profession', type=unicode, required=False) self.request_parser.add_argument('birthday', type=str, required=False) args = self.request_parser.parse_args() user = service.get_user_by_id(user_id) if not user: return make_response('User with id ' + str(user_id) + ' does not exist.', 404) confirm_hash = args['confirm'] if confirm_hash: if service.confirm_email(user, confirm_hash): logger.info('User %s confirmed their email %s', user.id, user.email) login_user(user) if args['source']: return redirect(args['source']) else: return redirect('/') else: logger.warn('User with email %s tried to confirm their ' 'email with wrong hash (expected %s - got %s)', user.email, user.confirmation_hash, confirm_hash) return make_response('The confirmation email link is wrong! ' 'The email cannot be confirmed.', 400) user_updated = service.update_user(args, user) if user_updated: return make_response('User has been updated', 201) else: return make_response('No request parameters specified!', 400)
def post(self, user_id): """ Updates user information. :param user_id :return: Flask response """ self.request_parser.add_argument('confirm', type=str, required=False) self.request_parser.add_argument('source', type=str, required=False) self.request_parser.add_argument('name', type=unicode, required=False) self.request_parser.add_argument('last_name', type=unicode, required=False) self.request_parser.add_argument('profession', type=unicode, required=False) self.request_parser.add_argument('birthday', type=str, required=False) args = self.request_parser.parse_args() user = service.get_user_by_id(user_id) if not user: return make_response( 'User with id ' + str(user_id) + ' does not exist.', 404) confirm_hash = args['confirm'] if confirm_hash: if service.confirm_email(user, confirm_hash): logger.info('User %s confirmed their email %s', user.id, user.email) login_user(user) if args['source']: return redirect(args['source']) else: return redirect('/') else: logger.warn( 'User with email %s tried to confirm their ' 'email with wrong hash (expected %s - got %s)', user.email, user.confirmation_hash, confirm_hash) return make_response( 'The confirmation email link is wrong! ' 'The email cannot be confirmed.', 400) user_updated = service.update_user(args, user) if user_updated: return make_response('User has been updated', 201) else: return make_response('No request parameters specified!', 400)
def post(self): self.request_parser.add_argument('username', type=str, required=True, help='No username is provided') self.request_parser.add_argument('password', type=str, required=True, help='No password is provided') self.request_parser.add_argument('source', type=str, required=False) args = self.request_parser.parse_args() username = args['username'] password = args['password'] if not username or not password: return make_response('Username and password are mandatory!', 400) user = users_service.find_user_by_email(username) if user is None: return make_response('User ' + username + ' does not exist!', 404) else: logger.info('Logging in with an existing username: %s', user.email) existing_password_entry = \ users_service.find_user_password_by_email(username) if not existing_password_entry.verify_password(password): logger.warn('User %s tried to login with a wrong password', user.email) return make_response('Wrong password', 404) elif not user.email_is_confirmed: logger.warn('User %s has not verified their email yet.' ' Login attempt denied.', user.email) return make_response( 'Please confirm the email first.' 'The confirmation link is sent to your email.', 403) else: login_user(user) logger.info('User %s logged in', user.email) if args['source']: return redirect(args['source']) else: return redirect('/')
def update_user(args, user): user_updated = False for field in ['name', 'last_name', 'profession', 'birthday']: if field in args and args[field]: if field == 'birthday': new_value = None try: new_value = \ datetime.strptime(args[field], '%Y-%m-%d').date() except ValueError: logger.warn('Value %s cannot be converted to date', args[field]) else: new_value = args[field].encode('utf-8') if hasattr(user, field) and new_value is not None: # FIXME: is this ok or not so? user.__setattr__(field, new_value) db.session.commit() logger.info('User %s has been updated. %s has been changed', user.email, field) user_updated = True return user_updated