Ejemplo n.º 1
0
    def POST(self, a, arg1=0):
        """
        Creates password recovery request, taking argument as user_id (default) or username
        """
        try:
            uid_type = json.loads(web.data()).get('uid_type','')
        except ValueError:
            uid_type = ''

        token = hash_utils.random_hex()

        web.header('Content-Type', 'application/json')

        if uid_type == 'username':
            user_email = users_model().request_password(token, users_model.get_user_id(arg1))
        elif uid_type == 'user_id' or 'uid_type' == '':
            user_email = users_model().request_password(token, int(arg1))
        else:
            return json.dumps(
                {
                    'success': False,
                    'messages': ['Unknown uid type']
                }
            )

        if user_email == '':
            return json.dumps(
                {
                    'success': False,
                    'messages': ['User not found']
                }
            )

        try:
            web.config.smtp_server = 'smtp.gmail.com'
            web.config.smtp_port = 587
            web.config.smtp_username = '******'
            web.config.smtp_password = '******'
            web.config.smtp_starttls = True
            web.sendmail('*****@*****.**', user_email, 'Password recovery',
                         'http://' + web.ctx.host + web.ctx.homepath + '/password?token=' + token)
            return json.dumps(
                {
                    'success': True,
                    'messages': ['Password recovery email sent']
                }
            )
        except Exception:
            return json.dumps(
                {
                    'success': False,
                    'messages': ['Server error']
                }
            )
Ejemplo n.º 2
0
    def PUT(self):
        """
        Changes password for specified user_id
        """

        payload = json.loads(web.data())
        user_model = users_model()

        web.header('Content-Type', 'application/json')

        if context.user_id() > 0:
            user_id = context.user_id()
        else:
            token_user_id = user_model.password_recovery_user(
                payload.get('token', ''))
            if token_user_id > 0:
                user_id = token_user_id
            else:
                return json.dumps({
                    'success': False,
                    'messages': ['Unauthorized request']
                })

        if user_model.update_password(user_id, payload['password']):
            # TODO if token used, invalidate token
            if payload.get('autologin',
                           False) and context.user_id() != user_id:
                # Auto-login user whose password's changed.
                users_model.session_login(user_id)
            return json.dumps({
                'success': True,
                'messages': ['Password changed']
            })
        return json.dumps({'success': False, 'messages': ['Database error']})
Ejemplo n.º 3
0
    def POST(self, arg1=0):
        """
        Creates password recovery request, taking argument as user_id (default) or username
        """
        try:
            uid_type = json.loads(web.data()).get('uid_type', '')
        except ValueError:
            uid_type = ''

        token = hash_utils.random_hex()

        web.header('Content-Type', 'application/json')

        if uid_type == 'username':
            user_email = users_model().request_password(
                token, users_model.get_user_id(arg1))
        elif uid_type == 'user_id' or 'uid_type' == '':
            user_email = users_model().request_password(token, int(arg1))
        else:
            return json.dumps({
                'success': False,
                'messages': ['Unknown uid type']
            })

        if user_email == '':
            return json.dumps({
                'success': False,
                'messages': ['User not found']
            })

        web.config.smtp_server = 'smtp.gmail.com'
        web.config.smtp_port = 587
        web.config.smtp_username = '******'
        web.config.smtp_password = '******'
        web.config.smtp_starttls = True
        web.sendmail(
            '*****@*****.**', user_email, 'Password recovery',
            'http://' + web.ctx.host + web.ctx.homepath +
            '/#password_change_page?token=' + token)
        return json.dumps({
            'success': True,
            'messages': ['Password recovery email sent']
        })
Ejemplo n.º 4
0
    def GET(self):

        user_id = context.user_id()
        if user_id > 0:
            return render.password_change(user_id, '')

        token = web.input().get('token','')
        user_id = users_model().password_recovery_user(token)
        if user_id == 0:
            return render.password_recover()
        else:
            return render.password_change(user_id, token)
Ejemplo n.º 5
0
    def PUT(self, username=''):
        """
        Stores user details into database.
        And, if needed, populates tables for first-time user
        """
        payload = json.loads(web.data())
        password = payload.get('password')
        email = payload.get('email')

        web.header('Content-Type', 'application/json')

        if password is None or email is None or username == '' or email == '':
            return json.dumps(
                {
                    'success': False,
                    'messages': ['Username/email/password cannot be empty']
                }
            )

        user_id = users_model().register(username, password, email)

        if user_id == 0:
            return json.dumps(
                {
                    'success': False,
                    'messages': ['User already exists']
                }
            )
        elif user_id > 0:
            if payload.get('autologin', False):
                users_model.session_login(user_id)
            web.ctx.status = '201 Created'
            policies_model.populate_policies(user_id, start_date)
            score_model.insert_score(user_id, 1, 1, start_date)
            score_model.insert_score(user_id, 2, 1, start_date)
            return json.dumps(
                {
                    'success': True,
                    'messages': ['Successfully registered.']
                }
            )
        else:
            return json.dumps(
                {
                    'success': False,
                    'messages': ['Database error']
                }
            )
Ejemplo n.º 6
0
    def PUT(self, a, arg1=0):
        """
        Changes password for specified user_id
        """

        user_id = int(arg1)
        payload = json.loads(web.data())
        user_model = users_model()

        web.header('Content-Type', 'application/json')

        if not (user_id > 0):
            return json.dumps(
                {
                    'success': False,
                    'messages': ['Invalid user_id specified']
                }
            )

        if user_id == context.user_id() or user_id == user_model.password_recovery_user(payload.get('token', '')):
            if user_model.update_password(user_id, payload['password']):
                if payload.get('autologin', False) and context.user_id() != user_id:
                    # Auto-login user whose password's changed.
                    users_model.session_login(user_id)
                return json.dumps(
                    {
                        'success': True,
                        'messages': ['Password changed']
                    }
                )
            return json.dumps(
                {
                    'success': False,
                    'messages': ['Database error']
                }
            )

        return json.dumps(
            {
                'success': False,
                'messages': ['Unauthorized request']
            }
        )
Ejemplo n.º 7
0
    def PUT(self):
        """
        Changes password for specified user_id
        """

        payload = json.loads(web.data())
        user_model = users_model()

        web.header('Content-Type', 'application/json')

        if context.user_id() > 0:
            user_id = context.user_id()
        else:
            token_user_id = user_model.password_recovery_user(payload.get('token', ''))
            if token_user_id > 0:
                user_id = token_user_id
            else:
                return json.dumps(
                    {
                        'success': False,
                        'messages': ['Unauthorized request']
                    }
                )

        if user_model.update_password(user_id, payload['password']):
            # TODO if token used, invalidate token
            if payload.get('autologin', False) and context.user_id() != user_id:
                # Auto-login user whose password's changed.
                users_model.session_login(user_id)
            return json.dumps(
                {
                    'success': True,
                    'messages': ['Password changed']
                }
            )
        return json.dumps(
            {
                'success': False,
                'messages': ['Database error']
            }
        )
Ejemplo n.º 8
0
    def PUT(self, username=''):
        """
        Stores user details into database.
        And, if needed, populates tables for first-time user
        """
        payload = json.loads(web.data())
        password = payload.get('password')
        email = payload.get('email')

        web.header('Content-Type', 'application/json')

        if password is None or email is None or username == '' or email == '':
            return json.dumps({
                'success':
                False,
                'messages': ['Username/email/password cannot be empty']
            })

        user_id = users_model().register(username, password, email)

        if user_id == 0:
            return json.dumps({
                'success': False,
                'messages': ['User already exists']
            })
        elif user_id > 0:
            if payload.get('autologin', False):
                users_model.session_login(user_id)
            web.ctx.status = '201 Created'
            policies_model.populate_policies(user_id, start_date)
            score_model.insert_score(user_id, 1, 1, start_date)
            score_model.insert_score(user_id, 2, 1, start_date)
            return json.dumps({
                'success': True,
                'messages': ['Successfully registered.']
            })
        else:
            return json.dumps({
                'success': False,
                'messages': ['Database error']
            })