def assert_creates_code(self, username_str, email_str):
code = helpers.create_verify_code(username_str, email_str)
assert username_str not in code, "Username should not be in code"
assert email_str not in code, "email address should not appear in the code"
username_bytes = username_str.encode('utf-8')
email_bytes = email_str.encode('utf-8')
code = helpers.create_verify_code(username_bytes, email_bytes)
assert username_str not in code, "Username should not be in code"
assert email_str not in code, "email address should not appear in the code"
def send_password_reset(requesting_user, userid):
user_to_update = User.create_user(userid)
if not requesting_user.can_administrate(user_to_update):
return AUTHORIZATION_DENIED
verify_code = helpers.create_verify_code(user_to_update.username,
requesting_user.username)
ppr = PendingPasswordReset(user_to_update.username)
ppr.requestor_username = requesting_user.username
ppr.verify_code = verify_code
ppr.save()
log_action('sending password reset', ppr)
url = url_for('reset_password',
username=user_to_update.username,
code=verify_code,
_external=True)
ppr.send_reset_email(
user_to_update.email,
user_to_update.first_name,
url,
"{0} {1}".format(requesting_user.first_name,
requesting_user.last_name),
)
return "{}", 202
def register_user(requesting_user):
if not requesting_user.can_register_users:
return json.dumps({"error":"YOU_CANT_REGISTER_USERS"}), 403
teacher_username = requesting_user.username
college_group = request.form["college"].strip()
first_name = request.form["first_name"].strip()
last_name = request.form["last_name"].strip()
email = request.form["email"].strip()
team = request.form["team"].strip()
if College(college_group) not in requesting_user.colleges:
return json.dumps({"error":"BAD_COLLEGE"}), 403
if team not in [t.name for t in College(college_group).teams]:
return json.dumps({"error":"BAD_TEAM"}), 403
if not helpers.is_email_valid(email):
return json.dumps({"error":"BAD_EMAIL"}), 403
if not helpers.is_name_valid(first_name):
return json.dumps({"error":"BAD_FIRST_NAME"}), 403
if not helpers.is_name_valid(last_name):
return json.dumps({"error":"BAD_LAST_NAME"}), 403
if User.name_used(first_name, last_name) or helpers.email_used(email):
return json.dumps({"error":"DETAILS_ALREADY_USED"}), 403
u = User.create_new_user(requesting_user, college_group, first_name, last_name)
verify_code = helpers.create_verify_code(u.username, email)
pu = PendingUser(u.username)
pu.teacher_username = teacher_username
pu.college = college_group
pu.email = email
pu.team = team
pu.verify_code = verify_code
pu.save()
log_action('registering user', pu)
url = url_for('activate_account', username=u.username, code=verify_code, _external=True)
pu.send_welcome_email(first_name, url)
rqu_email_vars = { 'name': requesting_user.first_name,
'activation_days': ACTIVATION_DAYS,
'pu_first_name': first_name,
'pu_last_name': last_name,
'pu_username': pu.username,
'pu_college': College(pu.college).name,
'pu_email': pu.email,
'pu_team': pu.team
}
mailer.email_template(requesting_user.email, 'user_requested', rqu_email_vars)
return "{}", 202
def test_creates_code_latin1(self):
username = b"usernam\xe9" # e acute
email = "*****@*****.**"
username_str = username.decode('latin-1')
code = helpers.create_verify_code(username, email)
assert username_str not in code, "Username should not be in code"
assert email not in code, "email address should not appear in the code"
def register_user():
ah = AuthHelper(request)
if ah.auth_will_succeed:
requesting_user = ah.user
if requesting_user.can_register_users:
teacher_username = requesting_user.username
college_group = request.form["college"].strip()
first_name = request.form["first_name"].strip()
last_name = request.form["last_name"].strip()
email = request.form["email"].strip()
team = request.form["team"].strip()
if College(college_group) not in requesting_user.colleges:
return json.dumps({"error":"BAD_COLLEGE"}), 403
if team not in [t.name for t in College(college_group).teams]:
return json.dumps({"error":"BAD_TEAM"}), 403
if User.name_used(first_name, last_name) or helpers.email_used(email):
return json.dumps({"error":"DETAILS_ALREADY_USED"}), 403
u = User.create_new_user(requesting_user, college_group, first_name, last_name)
verify_code = helpers.create_verify_code(u.username, email)
pu = PendingUser(u.username)
pu.teacher_username = teacher_username
pu.college = college_group
pu.email = email
pu.team = team
pu.verify_code = verify_code
pu.save()
url = url_for('activate_account', username=u.username, code=verify_code, _external=True)
pu.send_welcome_email(first_name, url)
rqu_email_vars = { 'name': requesting_user.first_name,
'pu_first_name': first_name,
'pu_last_name': last_name,
'pu_username': pu.username,
'pu_college': College(pu.college).name,
'pu_email': pu.email,
'pu_team': pu.team
}
mailer.email_template(requesting_user.email, 'user_requested', rqu_email_vars)
return "{}", 202
else:
return json.dumps({"error":"YOU_CANT_REGISTER_USERS"}),403
else:
return ah.auth_error_json, 403
def request_new_email(user, new_email):
userid = user.username
pe = PendingEmail(userid)
if user.email == new_email:
if pe.in_db:
pe.delete()
return
verify_code = helpers.create_verify_code(userid, new_email)
pe.new_email = new_email
pe.verify_code = verify_code
pe.save()
url = url_for('verify_email', username=userid, code=verify_code, _external=True)
pe.send_verification_email(user.first_name, url)
def request_new_email(user, new_email):
userid = user.username
pe = PendingEmail(userid)
if user.email == new_email:
if pe.in_db:
pe.delete()
return
verify_code = helpers.create_verify_code(userid, new_email)
pe.new_email = new_email
pe.verify_code = verify_code
pe.save()
url = url_for('verify_email',
username=userid,
code=verify_code,
_external=True)
pe.send_verification_email(user.first_name, url)
def send_password_reset(requesting_user, userid):
user_to_update = User.create_user(userid)
if not requesting_user.can_administrate(user_to_update):
return AUTHORIZATION_DENIED
verify_code = helpers.create_verify_code(user_to_update.username, requesting_user.username)
ppr = PendingPasswordReset(user_to_update.username)
ppr.requestor_username = requesting_user.username
ppr.verify_code = verify_code
ppr.save()
log_action('sending password reset', ppr)
url = url_for('reset_password', username=user_to_update.username, code=verify_code, _external=True)
ppr.send_reset_email(
user_to_update.email,
user_to_update.first_name,
url,
"{0} {1}".format(requesting_user.first_name, requesting_user.last_name),
)
return "{}", 202
def register_user():
ah = AuthHelper(request)
if not ah.auth_will_succeed:
return ah.auth_error_json, 403
requesting_user = ah.user
if not requesting_user.can_register_users:
return json.dumps({"error": "YOU_CANT_REGISTER_USERS"}), 403
teacher_username = requesting_user.username
college_group = request.form["college"].strip()
first_name = request.form["first_name"].strip()
last_name = request.form["last_name"].strip()
email = request.form["email"].strip()
team = request.form["team"].strip()
if College(college_group) not in requesting_user.colleges:
return json.dumps({"error": "BAD_COLLEGE"}), 403
if team not in [t.name for t in College(college_group).teams]:
return json.dumps({"error": "BAD_TEAM"}), 403
if not helpers.is_email_valid(email):
return json.dumps({"error": "BAD_EMAIL"}), 403
if not helpers.is_name_valid(first_name):
return json.dumps({"error": "BAD_FIRST_NAME"}), 403
if not helpers.is_name_valid(last_name):
return json.dumps({"error": "BAD_LAST_NAME"}), 403
if User.name_used(first_name, last_name) or helpers.email_used(email):
return json.dumps({"error": "DETAILS_ALREADY_USED"}), 403
u = User.create_new_user(requesting_user, college_group, first_name,
last_name)
verify_code = helpers.create_verify_code(u.username, email)
pu = PendingUser(u.username)
pu.teacher_username = teacher_username
pu.college = college_group
pu.email = email
pu.team = team
pu.verify_code = verify_code
pu.save()
log_action('registering user', pu)
url = url_for('activate_account',
username=u.username,
code=verify_code,
_external=True)
pu.send_welcome_email(first_name, url)
rqu_email_vars = {
'name': requesting_user.first_name,
'pu_first_name': first_name,
'pu_last_name': last_name,
'pu_username': pu.username,
'pu_college': College(pu.college).name,
'pu_email': pu.email,
'pu_team': pu.team
}
mailer.email_template(requesting_user.email, 'user_requested',
rqu_email_vars)
return "{}", 202
def assert_creates_code_inner(self, username, email):
code = helpers.create_verify_code(username, email)
assert username not in code, "Username should not be in code"
assert email not in code, "email address should not appear in the code"
def assert_creates_code_inner(self, username, email):
code = helpers.create_verify_code(username, email)
assert username not in code, "Username should not be in code"
assert email not in code, "email address should not appear in the code"
