Beispiel #1
0
    def post(self):
        new_password = self.request.get("new_password")
        new_verify_password = self.request.get("verify_new_password")
        a_password = self.request.get("old_password")

        the_RU = check_user_id_cookie(self.request)

        if the_RU:
            is_valid_new_password = passwordValid.valid_password(new_password)
            does_new_passwords_match = passwordValid.password_match(new_password, new_verify_password)

            is_password_correct = passwordValid.valid_pw(the_RU.name, a_password, the_RU.password_hashed)

            final_new_password_error = ""
            final_new_verify_password_error = ""
            final_old_password_error = ""

            if not (is_valid_new_password):
                final_new_password_error = "Invalid password"
            if not (does_new_passwords_match):
                final_new_verify_password_error = "Password doesn't match"
            if not (is_password_correct):
                final_old_password_error = "Invalid password"

            if is_valid_new_password and does_new_passwords_match and is_password_correct:
                the_RU.password_hashed = passwordValid.make_pw_hash(
                    the_RU.name, new_password
                )  # the function returns hash|salt
                the_RU.put()
                time.sleep(0.1)  # to delay so db table gets displayed correct
                self.render(
                    "profile.html",
                    a_name=the_RU.name,
                    an_email=the_RU.email,
                    changed_message="Your password has been changed",
                )

            else:
                self.render(
                    "editPassword.html",
                    a_name=the_RU.name,
                    new_password_error=final_new_password_error,
                    verify_error=final_new_verify_password_error,
                    password_error=final_old_password_error,
                )
        else:  # either user_id_cookie_value, username, or the_RU is None (see check_user_id_cookie())
            self.redirect("/logout")
Beispiel #2
0
    def post(self):
        new_password = self.request.get("new_password")
        new_verify_password = self.request.get("verify_new_password")
        a_password = self.request.get("old_password")

        the_RU = check_user_id_cookie(self.request)

        if the_RU:
            is_valid_new_password = passwordValid.valid_password(new_password)
            does_new_passwords_match = passwordValid.password_match(
                new_password, new_verify_password)

            is_password_correct = passwordValid.valid_pw(
                the_RU.name, a_password, the_RU.password_hashed)

            final_new_password_error = ""
            final_new_verify_password_error = ""
            final_old_password_error = ""

            if not (is_valid_new_password):
                final_new_password_error = "Invalid password"
            if not (does_new_passwords_match):
                final_new_verify_password_error = "Password doesn't match"
            if not (is_password_correct):
                final_old_password_error = "Invalid password"

            if is_valid_new_password and does_new_passwords_match and is_password_correct:
                the_RU.password_hashed = passwordValid.make_pw_hash(
                    the_RU.name,
                    new_password)  # the function returns hash|salt
                the_RU.put()
                time.sleep(0.1)  # to delay so db table gets displayed correct
                self.render("profile.html",
                            a_name=the_RU.name,
                            an_email=the_RU.email,
                            changed_message="Your password has been changed")

            else:
                self.render("editPassword.html",
                            a_name=the_RU.name,
                            new_password_error=final_new_password_error,
                            verify_error=final_new_verify_password_error,
                            password_error=final_old_password_error)
        else:  # either user_id_cookie_value, username, or the_RU is None (see check_user_id_cookie())
            self.redirect("/logout")
Beispiel #3
0
    def post(self):
        #secure_value # this is the (name + pw + salt) hexdigested and then pipe salt with format "hexdigestedValue|salt"

        username_input = self.request.get('username')
        password_input = self.request.get('password')
        verify_input = self.request.get('verify')
        email_input = self.request.get('email')
        verify_email_input = self.request.get('verify_email')

        is_valid_username = passwordValid.valid_username(username_input)
        is_valid_password = passwordValid.valid_password(password_input)

        if len(email_input) > 0:
            is_valid_email = passwordValid.valid_email(email_input)
        else:
            is_valid_email = False

        does_password_match = passwordValid.password_match(
            password_input, verify_input)
        does_email_match = passwordValid.email_match(email_input,
                                                     verify_email_input)

        final_username_error = ""
        final_password_error = ""
        final_verify_error = ""
        final_email_error = ""
        final_verify_email_error = ""

        if not (is_valid_username):
            final_username_error = "Invalid username"
        if not (is_valid_password):
            final_password_error = "Invalid password"
        if not (does_password_match):
            final_verify_error = "Password doesn't match"
        if not (is_valid_email):
            final_email_error = "Invalid e-mail"
        if not (does_email_match):
            final_verify_email_error = "E-mail doesn't match"

        if is_valid_username and is_valid_password and does_password_match and is_valid_email and does_email_match:

            # check if user already exist
            user_already_exists = False

            existing_user = dataFunctions.retrieveUser(username_input)

            if existing_user:
                user_already_exists = True

            if user_already_exists:
                #write error message out
                final_username_error = "User already exist"
                self.write_form(username_input, final_username_error,
                                final_password_error, final_verify_error,
                                email_input, final_email_error,
                                verify_email_input, final_verify_email_error)

            else:  # ok to register new user

                # username_and_password = username_input + password_input
                secure_password = passwordValid.make_pw_hash(
                    username_input,
                    password_input)  # the function returns hash|salt
                secure_username = passwordValid.make_secure_val(
                    username_input)  # the function returns username_input|hash

                ru = RegisteredUsers(
                    name=username_input,
                    password_hashed=secure_password,
                    email=email_input)  # save the hashed password in database
                ru.put()
                time.sleep(0.1)  # to delay so db table gets displayed correct
                self.response.headers.add_header(
                    'Set-Cookie', 'user_id=%s; Path=/' % str(secure_username)
                )  #sending secure_username back to browser
                self.redirect("/frontpage")
        else:
            # check if user already exist
            user_already_exists = False

            all_reg_users = db.GqlQuery(
                "SELECT * FROM RegisteredUsers ORDER BY created DESC")

            if all_reg_users:
                for users in all_reg_users:
                    if users.name == username_input:
                        user_already_exists = True
                        break

            if user_already_exists:
                #write error message out
                final_username_error = "User already exist"
                final_password_error = ""
                final_email_error = ""

            self.write_form(username_input, final_username_error,
                            final_password_error, final_verify_error,
                            email_input, final_email_error, verify_email_input,
                            final_verify_email_error)
Beispiel #4
0
    def post(self):
        # secure_value # this is the (name + pw + salt) hexdigested and then pipe salt with format "hexdigestedValue|salt"

        username_input = self.request.get("username")
        password_input = self.request.get("password")
        verify_input = self.request.get("verify")
        email_input = self.request.get("email")
        verify_email_input = self.request.get("verify_email")

        is_valid_username = passwordValid.valid_username(username_input)
        is_valid_password = passwordValid.valid_password(password_input)

        if len(email_input) > 0:
            is_valid_email = passwordValid.valid_email(email_input)
        else:
            is_valid_email = False

        does_password_match = passwordValid.password_match(password_input, verify_input)
        does_email_match = passwordValid.email_match(email_input, verify_email_input)

        final_username_error = ""
        final_password_error = ""
        final_verify_error = ""
        final_email_error = ""
        final_verify_email_error = ""

        if not (is_valid_username):
            final_username_error = "Invalid username"
        if not (is_valid_password):
            final_password_error = "Invalid password"
        if not (does_password_match):
            final_verify_error = "Password doesn't match"
        if not (is_valid_email):
            final_email_error = "Invalid e-mail"
        if not (does_email_match):
            final_verify_email_error = "E-mail doesn't match"

        if is_valid_username and is_valid_password and does_password_match and is_valid_email and does_email_match:

            # check if user already exist
            user_already_exists = False

            existing_user = dataFunctions.retrieveUser(username_input)

            if existing_user:
                user_already_exists = True

            if user_already_exists:
                # write error message out
                final_username_error = "User already exist"
                self.write_form(
                    username_input,
                    final_username_error,
                    final_password_error,
                    final_verify_error,
                    email_input,
                    final_email_error,
                    verify_email_input,
                    final_verify_email_error,
                )

            else:  # ok to register new user

                # username_and_password = username_input + password_input
                secure_password = passwordValid.make_pw_hash(
                    username_input, password_input
                )  # the function returns hash|salt
                secure_username = passwordValid.make_secure_val(
                    username_input
                )  # the function returns username_input|hash

                ru = RegisteredUsers(
                    name=username_input, password_hashed=secure_password, email=email_input
                )  # save the hashed password in database
                ru.put()
                time.sleep(0.1)  # to delay so db table gets displayed correct
                self.response.headers.add_header(
                    "Set-Cookie", "user_id=%s; Path=/" % str(secure_username)
                )  # sending secure_username back to browser
                self.redirect("/frontpage")
        else:
            # check if user already exist
            user_already_exists = False

            all_reg_users = db.GqlQuery("SELECT * FROM RegisteredUsers ORDER BY created DESC")

            if all_reg_users:
                for users in all_reg_users:
                    if users.name == username_input:
                        user_already_exists = True
                        break

            if user_already_exists:
                # write error message out
                final_username_error = "User already exist"
                final_password_error = ""
                final_email_error = ""

            self.write_form(
                username_input,
                final_username_error,
                final_password_error,
                final_verify_error,
                email_input,
                final_email_error,
                verify_email_input,
                final_verify_email_error,
            )