Beispiel #1
0
    def post(self):
        e_username = self.request.get("username")
        e_password = self.request.get("password")
        e_username = e_username.encode('ascii', 'replace')

        matching_people = list(db.GqlQuery("SELECT * FROM BlogUser WHERE user_name = :user_name", user_name=e_username))
        if log_db:
            logging.warning("DATABASE READ: Single user!")

        username_matches = False
        password_mathces = False
        if len(matching_people) > 0:
            username_matches = True
            person = matching_people[0]  # check the password
            if security_core.valid_pw(e_username, e_password, person.password_hash):
                password_mathces = True

        if username_matches and password_mathces:
            e_username = e_username.encode('ascii', 'replace')
            uname_hashed = security_core.make_secure_val(e_username)
            self.response.headers.add_header('Set-Cookie', 'username=%s; Path=/' % uname_hashed)

            newpost_redirect_cookie = self.request.cookies.get('blogapp_redirect_to_new_post')
            if newpost_redirect_cookie == "True":
                self.response.headers.add_header('Set-Cookie', 'blogapp_redirect_to_new_post=False')
                self.redirect("/newpost")
            else:
                self.redirect("/")  # HW CHANGE
                #self.redirect("/welcome")  # HW CHANGE
        else:
            self.render_form(user_name=e_username, credentials_error="User name or password is invalid.")
Beispiel #2
0
    def post(self):
        e_username = self.request.get("username")
        e_password = self.request.get("password")
        e_username = e_username.encode('ascii', 'replace')

        matching_people = list(
            db.GqlQuery("SELECT * FROM BlogUser WHERE user_name = :user_name",
                        user_name=e_username))
        if log_db:
            logging.warning("DATABASE READ: Single user!")

        username_matches = False
        password_mathces = False
        if len(matching_people) > 0:
            username_matches = True
            person = matching_people[0]  # check the password
            if security_core.valid_pw(e_username, e_password,
                                      person.password_hash):
                password_mathces = True

        if username_matches and password_mathces:
            e_username = e_username.encode('ascii', 'replace')
            uname_hashed = security_core.make_secure_val(e_username)
            self.response.headers.add_header(
                'Set-Cookie', 'username=%s; Path=/' % uname_hashed)

            newpost_redirect_cookie = self.request.cookies.get(
                'blogapp_redirect_to_new_post')
            if newpost_redirect_cookie == "True":
                self.response.headers.add_header(
                    'Set-Cookie', 'blogapp_redirect_to_new_post=False')
                self.redirect("/newpost")
            else:
                self.redirect("/")  # HW CHANGE
                #self.redirect("/welcome")  # HW CHANGE
        else:
            self.render_form(
                user_name=e_username,
                credentials_error="User name or password is invalid.")
Beispiel #3
0
    def post(self):
        def validate_username(
                raw_uname):  # returns True if valid, False if not
            return self.USER_RE.match(raw_uname)

        def validate_password(raw_password):  # this is NOT re-type validation.
            return self.PASSWORD_RE.match(raw_password)

        def validate_email(raw_email):
            return not raw_email or self.EMAIL_RE.match(raw_email)

        def duplicate_username(raw_uname):
            matching_people = list(
                db.GqlQuery(
                    "SELECT * FROM BlogUser WHERE user_name = :user_name",
                    user_name=raw_uname))
            if log_db:
                logging.warning("DATABASE READ: Users!")

            return len(matching_people) > 0

        e_username = self.request.get("username")
        e_password = self.request.get("password")
        e_verify = self.request.get("verify")
        e_email = self.request.get("email")

        inputs_valid = (validate_username(e_username)
                        and validate_password(e_password)
                        and validate_email(e_email)
                        and (not duplicate_username(e_username))
                        and e_verify == e_password)

        if inputs_valid:
            e_username = e_username.encode('ascii', 'replace')

            this_user = BlogUser(user_name=e_username,
                                 password_hash=security_core.make_pw_hash(
                                     e_username, e_password))
            this_user.put()
            if log_db:
                logging.warning("DATABASE Write: Single user!")

            uname_hashed = security_core.make_secure_val(e_username)
            self.response.headers.add_header(
                'Set-Cookie', 'username=%s; Path=/' % uname_hashed)
            self.redirect("/")  # HW CHANGE
            #self.redirect("/welcome")  # HW CHANGE
        else:
            username_error = ''
            password_error = ''
            verify_error = ''
            email_error = ''

            if not validate_username(e_username):
                username_error = "That's not a valid user name."

            if duplicate_username(e_username):
                username_error = "That user name already exists."

            if not validate_password(e_password):
                password_error = "That wasn't a valid password."

            if not validate_email(e_email):
                email_error = "That's not a valid e-mail."

            if not e_verify == e_password:
                verify_error = "Your passwords didn't match."

            self.render_form(user_name=e_username,
                             email=e_email,
                             user_name_error=username_error,
                             password_error=password_error,
                             verify_error=verify_error,
                             email_error=email_error)
Beispiel #4
0
    def post(self):
        def validate_username(raw_uname):  # returns True if valid, False if not
            return self.USER_RE.match(raw_uname)

        def validate_password(raw_password):  # this is NOT re-type validation.
            return self.PASSWORD_RE.match(raw_password)

        def validate_email(raw_email):
            return not raw_email or self.EMAIL_RE.match(raw_email)

        def duplicate_username(raw_uname):
            matching_people = list(db.GqlQuery("SELECT * FROM BlogUser WHERE user_name = :user_name", user_name=raw_uname))
            if log_db:
                logging.warning("DATABASE READ: Users!")

            return len(matching_people) > 0

        e_username = self.request.get("username")
        e_password = self.request.get("password")
        e_verify = self.request.get("verify")
        e_email = self.request.get("email")

        inputs_valid = (validate_username(e_username) and
                        validate_password(e_password) and
                        validate_email(e_email) and
                        (not duplicate_username(e_username)) and
                        e_verify == e_password)

        if inputs_valid:
            e_username = e_username.encode('ascii', 'replace')

            this_user = BlogUser(user_name=e_username, password_hash=security_core.make_pw_hash(e_username, e_password))
            this_user.put()
            if log_db:
                logging.warning("DATABASE Write: Single user!")

            uname_hashed = security_core.make_secure_val(e_username)
            self.response.headers.add_header('Set-Cookie', 'username=%s; Path=/' % uname_hashed)
            self.redirect("/")  # HW CHANGE
            #self.redirect("/welcome")  # HW CHANGE
        else:
            username_error = ''
            password_error = ''
            verify_error = ''
            email_error = ''

            if not validate_username(e_username):
                username_error = "That's not a valid user name."

            if duplicate_username(e_username):
                username_error = "That user name already exists."

            if not validate_password(e_password):
                password_error = "That wasn't a valid password."

            if not validate_email(e_email):
                email_error = "That's not a valid e-mail."

            if not e_verify == e_password:
                verify_error = "Your passwords didn't match."

            self.render_form(user_name=e_username, email=e_email, user_name_error=username_error,
                             password_error=password_error, verify_error=verify_error, email_error=email_error)