def signup(request):
if request.method != "POST":
return {}
errors = []
signup_username = request.POST.get("username", "")
signup_password = request.POST.get("password", "")
signup_password_verify = request.POST.get("password2", "")
signup_email = request.POST.get("email", "")
strong_password, password_err = password_strength(signup_password,
signup_username,
signup_email)
if not strong_password:
errors.append("Error! Weak password: "******"Error! Matching verify password required")
if "@" not in signup_email:
errors.append("Error! Email required")
if len(signup_username) == 0:
errors.append("Error! Username required")
if not signup_username.isalnum():
errors.append("Error! Alphanumeric username required")
if errors:
for error in errors:
request.session.flash(error, "error")
return {}
path = os.path.expanduser("~/fishtest.captcha.secret")
if os.path.exists(path):
with open(path, "r") as f:
secret = f.read()
payload = {
"secret": secret,
"response": request.POST.get("g-recaptcha-response", ""),
"remoteip": request.remote_addr,
}
response = requests.post(
"https://www.google.com/recaptcha/api/siteverify",
data=payload).json()
if "success" not in response or not response["success"]:
if "error-codes" in response:
print(response["error-codes"])
request.session.flash("Captcha failed", "error")
return {}
result = request.userdb.create_user(
username=signup_username,
password=signup_password,
email=signup_email,
)
if not result:
request.session.flash("Error! Invalid username or password", "error")
else:
request.session.flash(
"Your account has been created, but will be activated by a human. This might take a few hours. Thank you for contributing!"
)
return HTTPFound(location=request.route_url("login"))
return {}
def user(request):
userid = request.authenticated_userid
if not userid:
request.session.flash("Please login")
return HTTPFound(location=request.route_url("login"))
user_name = request.matchdict.get("username", userid)
profile = user_name == userid
if not profile and not request.has_permission("approve_run"):
request.session.flash("You cannot inspect users", "error")
return HTTPFound(location=request.route_url("tests"))
user_data = request.userdb.get_user(user_name)
if "user" in request.POST:
if profile:
new_password = request.params.get("password")
new_password_verify = request.params.get("password2", "")
new_email = request.params.get("email")
if len(new_password) > 0:
if new_password == new_password_verify:
strong_password, password_err = password_strength(
new_password,
user_name,
user_data["email"],
(new_email if len(new_email) > 0 else None),
)
if strong_password:
user_data["password"] = new_password
request.session.flash("Success! Password updated")
else:
request.session.flash(
"Error! Weak password: "******"error")
return HTTPFound(location=request.route_url("tests"))
else:
request.session.flash(
"Error! Matching verify password required", "error")
return HTTPFound(location=request.route_url("tests"))
if len(new_email) > 0 and user_data["email"] != new_email:
email_is_valid, validated_email = email_valid(new_email)
if not email_is_valid:
request.session.flash(
"Error! Invalid email: " + validated_email, "error")
return HTTPFound(location=request.route_url("tests"))
else:
user_data["email"] = validated_email
request.session.flash("Success! Email updated")
else:
user_data["blocked"] = "blocked" in request.POST
request.userdb.last_pending_time = 0
request.actiondb.block_user(
request.authenticated_userid,
{
"user": user_name,
"blocked": user_data["blocked"]
},
)
request.session.flash(
("Blocked" if user_data["blocked"] else "Unblocked") +
" user " + user_name)
request.userdb.save_user(user_data)
return HTTPFound(location=request.route_url("tests"))
userc = request.userdb.user_cache.find_one({"username": user_name})
hours = int(userc["cpu_hours"]) if userc is not None else 0
return {
"user": user_data,
"limit": request.userdb.get_machine_limit(user_name),
"hours": hours,
"profile": profile,
}
def signup(request):
if request.method != "POST":
return {}
errors = []
signup_username = request.POST.get("username", "")
signup_password = request.POST.get("password", "")
signup_password_verify = request.POST.get("password2", "")
signup_email = request.POST.get("email", "")
strong_password, password_err = password_strength(signup_password,
signup_username,
signup_email)
if not strong_password:
errors.append("Error! Weak password: "******"Error! Matching verify password required")
email_is_valid, validated_email = email_valid(signup_email)
if not email_is_valid:
errors.append("Error! Invalid email: " + validated_email)
if len(signup_username) == 0:
errors.append("Error! Username required")
if not signup_username.isalnum():
errors.append("Error! Alphanumeric username required")
if errors:
for error in errors:
request.session.flash(error, "error")
return {}
path = os.path.expanduser("~/fishtest.captcha.secret")
if os.path.exists(path):
with open(path, "r") as f:
secret = f.read()
payload = {
"secret": secret,
"response": request.POST.get("g-recaptcha-response", ""),
"remoteip": request.remote_addr,
}
response = requests.post(
"https://www.google.com/recaptcha/api/siteverify",
data=payload,
timeout=HTTP_TIMEOUT,
).json()
if "success" not in response or not response["success"]:
if "error-codes" in response:
print(response["error-codes"])
request.session.flash("Captcha failed", "error")
return {}
result = request.userdb.create_user(username=signup_username,
password=signup_password,
email=validated_email)
if not result:
request.session.flash("Error! Invalid username or password", "error")
else:
request.session.flash(
"Account created! "
"To avoid spam, a person will now manually approve your new account. "
"This is usually quick but sometimes takes a few hours. "
"Thank you for contributing!")
return HTTPFound(location=request.route_url("login"))
return {}