async def post(self): slug = self.get_secure_cookie('auth_key').decode() model.Auth.delete().where(model.Auth.id == slug).execute() helpers.uncache('auth_' + slug) self.clear_all_cookies(domain=self.host) self.redirect("/")
async def post(self): app = self.get_argument('app', None) form_data, errors, valid_data = self.validate() if errors: if app: return self.renderJSONError(400, {'errors': errors}) return self.redisplay(form_data, errors) auth = model.Auth.getBySlug(valid_data['auth_key']) if not auth: if app: self.renderJSONError(404) return self.renderError(404) if auth.account_id != self.current_user.id: if app: return self.renderJSONError(403) return self.renderError(403) auth.delete_instance() helpers.uncache(valid_data['auth_key']) if app: return self.renderJSON({'ok': '1'}) self.flash('Access revoked.', level='success') self.redisplay()
async def post(self): if self.get_argument('clear_cache', None): helpers.clear_cache() self.logger.info('Cleared cache.') self.flash('Cache Cleared') elif self.get_argument('make_admin', None): form_data, errors, valid_data = self.validate() if not errors: user = model.User.getByEmail(valid_data["email"]) if user: user.is_admin = True user.save() # the user may currently be signed in so invalidate its cache to get the new permissions helpers.uncache(user.slug) self.logger.info('Made user admin: ' + valid_data['email']) self.flash('User successfully made admin.', level='success') else: errors['exists'] = True if errors: return self.redisplay(form_data, errors) elif self.get_argument('migrate', None): self.logger.info('Beginning migration.') # FUTURE: probably want to move this to a script outside the webserver # change and uncomment to do migration work # can also use a dictionary instead of kwargs here # q = model.User.update(model.User.prop='value').where() total = 0 # q.execute() self.logger.info('Migration finished. Modified ' + str(total) + ' items.') self.flash('Migrations Complete', level='success') elif self.get_argument('reset', None) and self.debug: # use model.py to reset the db, then you can run this to add fixture data model.reset() # add any fixtures needed for development here password_salt, hashed_password = model.User.changePassword('test') user = model.User(first_name='Test', last_name='Testerson', email='*****@*****.**', password_salt=password_salt, hashed_password=hashed_password) user.save() # auto signout since the IDs and keys have all changed self.clear_all_cookies(domain=self.host) helpers.clear_cache() self.flash('Data Reset') self.redisplay()
async def post(self): app = self.get_argument('app', None) form_data, errors, valid_data = self.validate() hashed_password = model.Account.hashPassword( valid_data["password"], self.current_user.password_salt.encode('utf8')) if hashed_password != self.current_user.hashed_password: errors["match"] = True # extra validation to make sure that email address isn't already in use if not errors: # note that emails are supposed to be case sensitive according to RFC 5321 # however in practice users consistenly expect them to be case insensitive email = valid_data["email"].lower() user = model.Account.getByEmail(email) if user: errors["exists"] = True if errors: if "password" in form_data: del form_data[ "password"] # never send password back for security if app: return self.renderJSONError(400, {'errors': errors}) return self.redisplay(form_data, errors) self.current_user.email = email self.current_user.save() helpers.uncache(self.current_user.slug) if app: return self.renderJSON({'ok': '1'}) self.flash("Email changed successfully.", level="success") self.redirect("/account")
async def post(self): app = self.get_argument('app', None) form_data, errors, valid_data = self.validate() if not errors: hashed_password = model.Account.hashPassword( valid_data["password"], self.current_user.password_salt.encode('utf8')) if hashed_password != self.current_user.hashed_password: errors["match"] = True if errors: if "password" in form_data: del form_data["password"] if "new_password" in form_data: del form_data["new_password"] if app: return self.renderJSONError(400, {'errors': errors}) return self.redisplay(form_data, errors) password_salt, hashed_password = model.Account.changePassword( valid_data["new_password"]) self.current_user.password_salt = password_salt self.current_user.hashed_password = hashed_password self.current_user.save() helpers.uncache(self.current_user.slug) if app: return self.renderJSON({'ok': '1'}) self.flash("Password changed successfully.", level="success") self.redirect("/account")
async def post(self): form_data, errors, valid_data = self.validate() if errors: self.redisplay( form_data, errors, "/account/resetpassword?key=" + self.key + "&token=" + self.token) else: password_salt, hashed_password = model.Account.changePassword( valid_data["password"]) del valid_data["password"] self.reset_user.password_salt = password_salt self.reset_user.hashed_password = hashed_password self.reset_user.hashed_token = None self.reset_user.token_dt = None self.reset_user.save() # need to uncache so that changes to the user object get picked up by the cache helpers.uncache(self.reset_user.slug) self.flash( "Your password has been changed. You have been logged in with your new password.", level="success") self.login(self.reset_user)