def post(self):
if self.user:
if not self.check_state():
logging.warning("Possible CSRF attack detected!")
self.redirect("/")
return
# Get user input
input_current_password = self.request.get('current_password')
input_password = self.request.get('password')
input_verify_password = self.request.get('verify_password')
# Check input and set error messages.
error_current_password=""
error_password=""
error_verify_password=""
have_error = False
if not valid_pw(self.user.email, input_current_password, self.user.pw_hash):
# Set the error-message: incorrect password.
error_current_password = True
have_error = True
if not valid_password(input_password):
# Set the error-message: not a valid password.
error_password = True
have_error = True
if not valid_verify(input_password, input_verify_password):
# Set the error-message: passwords do not match.
error_verify_password = True
have_error = True
if have_error:
state = self.make_state()
# Render page with error-messages.
self.render('change_password.html',
user = self.user,
error_current_password = error_current_password,
error_password = error_password,
error_verify_password = error_verify_password,
state = state)
else:
# Generate password-hash and store in DB
pw_hash = make_pw_hash(self.user.email, input_password)
self.user.pw_hash = pw_hash
self.user.put()
# Update memcache
User.update_user_cache(self.user)
state = self.make_state()
# Render page with success message.
self.render('change_password.html',
user = self.user,
success_message = True,
state = state)
else:
# Prompt user to login.
self.render('message.html',
message_user_settings_1 = True)
def post(self):
if self.user:
if not self.check_state():
logging.warning("Possible CSRF attack detected!")
self.redirect("/")
return
# Get user input
input_username = self.request.get('username')
# Check input and set error messages.
error_username=""
error_username_exists=""
have_error = False
if not valid_username(input_username):
# Set the error-message: not a valid username.
error_username = True
have_error = True
if have_error == False:
u = User.by_name(input_username)
if u:
# Set the error-message: username already taken.
error_username_exists = True
have_error = True
if have_error:
state = self.make_state()
# Render page with error-messages.
self.render('change_username.html',
user = self.user,
username = input_username,
error_username = error_username,
error_username_exists = error_username_exists,
state = state)
else:
# Store new username in DB
self.user.name = input_username
self.user.put()
# Update memcache
User.update_user_cache(self.user)
# Render page success message
state = self.make_state()
self.render('change_username.html',
user = self.user,
success_message = True,
state = state)
else:
# Prompt user to login.
self.render('message.html', message_user_settings_1 = True)
def post(self):
if self.user:
if not self.check_state():
logging.warning("Possible CSRF attack detected!")
self.redirect("/")
return
# Get user input
input_current_password = self.request.get('current_password')
input_email = self.request.get('email').lower()
input_verify_email = self.request.get('verify_email').lower()
# Check input and set error messages.
error_current_password=""
error_email=""
error_verify_email=""
error_user_exists=""
have_error = False
if not valid_pw(self.user.email, input_current_password, self.user.pw_hash):
# Set the error-message: incorrect password.
error_current_password = True
have_error = True
if not valid_email(input_email):
# Set the error-message: not a valid email.
error_email = True
have_error = True
if not valid_verify(input_email, input_verify_email):
# Set the error-message: emails do not match.
error_verify_email = True
have_error = True
if have_error == False:
u = User.by_email(input_email)
if u:
# Set the error-message: email already assigned.
error_user_exists = True
have_error = True
if have_error:
state = self.make_state()
# Render page with error-messages.
self.render('change_email.html',
user = self.user,
email = input_email,
error_current_password = error_current_password,
error_email = error_email,
error_verify_email = error_verify_email,
error_user_exists = error_user_exists,
state = state)
else:
# Generate password-hash
# Store new email and password-hash in DB
pw_hash = make_pw_hash(input_email, input_current_password)
self.user.pw_hash = pw_hash
self.user.email = input_email
self.user.put()
# Update memcache
User.update_user_cache(self.user)
# Send email notification to new address
self.send_email(self.user.email,
'email_subject.html',
'email_email_changed.html',
subject_type = 'email_changed',
username = self.user.name,
user_email = self.user.email)
# Render page with message that email was sent
state = self.make_state()
self.render('change_email.html',
user = self.user,
success_message = True,
state = state)
else:
# Prompt user to login.
self.render('message.html', message_user_settings_1 = True)
def post(self):
if self.user:
# Prompt user to log out.
self.render('message.html',
user = self.user,
message_signup_1 = True)
else:
if not self.check_state():
logging.warning("Possible CSRF attack detected!")
self.redirect("/")
return
input_username = self.request.get('username')
input_password = self.request.get('password')
input_verify_password = self.request.get('verify_password')
input_email = self.request.get('email').lower()
input_verify_email = self.request.get('verify_email').lower()
error_username=""
error_password=""
error_verify_password=""
error_email=""
error_verify_email=""
error_username_exists=""
error_user_exists=""
have_error = False
if not valid_username(input_username):
# Show the error-message: not a valid username.
error_username = True
have_error = True
if not valid_password(input_password):
# Show the error-message: not a valid password.
error_password = True
have_error = True
if not valid_verify(input_password, input_verify_password):
# Show the error-message: passwords do not match.
error_verify_password = True
have_error = True
if not valid_email(input_email):
# Show the error-message: not a valid email.
error_email = True
have_error = True
if not valid_verify(input_email, input_verify_email):
# Show the error-message: emails do not match.
error_verify_email = True
have_error = True
if have_error == False:
u = User.by_name(input_username)
if u:
# Show the error-message: username is already taken.
error_username_exists = True
have_error = True
u = User.by_email(input_email)
if u:
# Show the error-message: email already used.
error_user_exists = True
have_error = True
if have_error:
state = self.make_state()
# Render page with error-messages.
self.render('signup.html',
error_username = error_username,
error_username_exists = error_username_exists,
error_password = error_password,
error_verify_password = error_verify_password,
error_email = error_email,
error_verify_email = error_verify_email,
error_user_exists = error_user_exists,
username_form = input_username,
email_form = input_email,
verify_email_form = input_verify_email,
state = state)
else:
#Create new entry in the User-DB.
u = User.register(input_username, input_password, input_email)
u.put()
#update memcache
User.update_user_cache(u)
#Send confirmation email
self.send_email(u.email,
'email_subject.html',
'email_welcome.html',
subject_type = 'welcome',
username = u.name,
user_email = u.email)
#Set cookie and render message page with welcome
self.login(u)
self.render('message.html', user = u, message_signup_2 = True)
def post(self):
if self.user:
if not self.check_state():
logging.warning("Possible CSRF attack detected!")
self.redirect("/")
return
# Get user input: password and verify_password
input_password = self.request.get('password')
input_verify_password = self.request.get('verify_password')
# Get token from web page
input_token = self.request.get('token')
# Check if token is valid
TOKEN_RE = re.compile(r"^([0-9]{1,30})\-.{3,20}$")
if not TOKEN_RE.match(input_token):
# Set invalid reset_id so that a normal error message is sent
reset_id = 1
else:
reset_id = int(input_token.split('-')[0])
temp_pw = input_token.split('-')[1]
# Use reset_id to find entry in ResetPasswordRequest DB.
self.p = ResetPasswordRequest.by_id(reset_id)
# Check if entry exists
if not self.p:
# Show message to contact via email
self.render('message.html',
user = self.user,
message_reset_password_5 = True)
#Check if entry is not older than one hour.
elif datetime.datetime.now() - datetime.timedelta(hours = 1) > self.p.created:
# Show message that too much time has passed.
self.render('message.html',
user = self.user,
message_reset_password_3 = True)
#Check if temp_pw is valid
elif not ResetPasswordRequest.check_for_valid_request(self.p.email, temp_pw):
# Show message to contact via email
self.render('message.html',
user = self.user,
message_reset_password_5 = True)
else:
# Check if password and verify_password are valid.
# Set error-messages.
error_password=""
error_verify_password=""
have_error = False
if not valid_password(input_password):
# Show the error-message: not a valid password.
error_password = True
have_error = True
if not valid_verify(input_password, input_verify_password):
# Show the error-message: passwords do not match.
error_verify_password = True
have_error = True
if have_error:
state = self.make_state()
# Render page with error-messages.
self.render('reset_password.html',
user = self.user,
token = input_token,
error_password = error_password,
error_verify_password = error_verify_password,
state = state)
else:
# Generate password-hash and store in DB
pw_hash = make_pw_hash(self.user.email, input_password)
self.user.pw_hash = pw_hash
self.user.put()
# Update memcache
User.update_user_cache(self.user)
# Invalidate entity in ResetPasswordRequest db
self.p = ResetPasswordRequest.by_email(self.user.email)
self.p.temp_pw_hash = "deactivated"
self.p.put()
# Show message that the password has been changed.
self.render('message.html',
user = self.user,
message_reset_password_7 = True)
else:
# Show message to use the linke in the email.
self.render('message.html',
user = self.user,
message_reset_password_6 = True)
