def update_info(): pulse_username = request.form['pulse-user'] new_password = request.form['new-password'] password_verification = request.form['new-password-verification'] try: pulse_user = PulseUser.query.filter( PulseUser.username == pulse_username).one() except sqlalchemy.orm.exc.NoResultFound: return profile(messages=["Invalid user."]) if pulse_user.owner != g.user: return profile(messages=["Invalid user."]) if not new_password: return profile(messages=["You didn't enter a new password."]) if new_password != password_verification: return profile(error="Password verification doesn't match the " "password.") if not PulseUser.strong_password(new_password): return profile(error="Your password must contain a mix of " "letters and numerical characters and be at " "least 6 characters long.") pulse_user.change_password(new_password) return profile(messages=["Password updated for user {0}.".format( pulse_username)])
def update_info(): pulse_username = request.form['pulse-user'] new_password = request.form['new-password'] password_verification = request.form['new-password-verification'] try: pulse_user = PulseUser.query.filter( PulseUser.username == pulse_username).one() except sqlalchemy.orm.exc.NoResultFound: return profile(messages=["Invalid user."]) if pulse_user.owner != g.user: return profile(messages=["Invalid user."]) if not new_password: return profile(messages=["You didn't enter a new password."]) if new_password != password_verification: return profile(error="Password verification doesn't match the " "password.") if not PulseUser.strong_password(new_password): return profile(error="Your password must contain a mix of " "letters and numerical characters and be at " "least 6 characters long.") pulse_user.change_password(new_password) return profile( messages=["Password updated for user {0}.".format(pulse_username)])
def update_info(): pulse_username = request.form['pulse-user'] new_password = request.form['new-password'] password_verification = request.form['new-password-verification'] new_owners = _clean_owners_str(request.form['owners-list']) try: pulse_user = PulseUser.query.filter( PulseUser.username == pulse_username).one() except sqlalchemy.orm.exc.NoResultFound: return profile( messages=["Pulse user {} not found.".format(pulse_username)]) if g.user not in pulse_user.owners: return profile( messages=["Invalid user: {} is not an owner.".format(g.user.email)]) messages = [] error = None if new_password: if new_password != password_verification: return profile(error="Password verification doesn't match the " "password.") if not PulseUser.strong_password(new_password): return profile(error="Your password must contain a mix of " "letters and numerical characters and be at " "least 6 characters long.") pulse_user.change_password(new_password) messages.append("Password updated for user {0}.".format( pulse_username)) # Update the owners list, if needed. old_owners = {user.email for user in pulse_user.owners} if new_owners and new_owners != old_owners: # The list was changed. Do an update. new_owner_users = list(User.query.filter(User.email.in_(new_owners))) if new_owner_users: # At least some of the new owners are real users in the db. pulse_user.owners = new_owner_users db_session.commit() updated_owners = {user.email for user in new_owner_users} invalid_owners = sorted(new_owners - updated_owners) if invalid_owners: error = "Some user emails not found: {}".format( ', '.join(invalid_owners)) else: messages = ["Email list updated."] else: error = ("Invalid owners: " "Must be a comma-delimited list of existing user emails.") if not error and not messages: messages = ["No info updated."] return profile(messages=messages, error=error)
def register_handler(): username = request.form['username'] password = request.form['password'] password_verification = request.form['password-verification'] owners = _clean_owners_str(request.form['owners-list']) email = session['userinfo']['email'] errors = [] if password != password_verification: errors.append("Password verification doesn't match the password.") elif not PulseUser.strong_password(password): errors.append("Your password must contain a mix of letters and " "numerical characters and be at least 6 characters " "long.") if not re.match('^[a-zA-Z][a-zA-Z0-9._-]*$', username): errors.append("The submitted username must start with an " "alphabetical character and contain only alphanumeric " "characters, periods, underscores, and hyphens.") if config.reserved_users_regex and re.match(config.reserved_users_regex, username): errors.append("The submitted username is reserved. " + config.reserved_users_message) # Checking if a user exists in RabbitMQ OR in our db try: user_response = pulse_management.user(username=username) in_rabbitmq = True except pulse_management.PulseManagementException: in_rabbitmq = False else: if 'error' in user_response: in_rabbitmq = False if (in_rabbitmq or PulseUser.query.filter(PulseUser.username == username).first()): errors.append("A user with the same username already exists.") if errors: return render_template('register.html', email=email, signup_errors=errors) owner_users = list(User.query.filter(User.email.in_(owners))) # Reject with error message if the owner list is unparse-able or contains # no users that actualy exist. if not owner_users: return register(error="Invalid owners list: {}".format( request.form['owners-list'] or "None")) PulseUser.new_user(username, password, owner_users) return redirect('/profile')
def register_handler(): username = request.form['username'] password = request.form['password'] password_verification = request.form['password-verification'] email = session['email'] errors = [] if password != password_verification: errors.append("Password verification doesn't match the password.") elif not PulseUser.strong_password(password): errors.append( "Your password must contain a mix of letters and " "numerical characters and be at least 6 characters long.") if not re.match('^[a-zA-Z][a-zA-Z0-9._-]*$', username): errors.append("The submitted username must start with an " "alphabetical character and contain only alphanumeric " "characters, periods, underscores, and hyphens.") # Checking if a user exists in RabbitMQ OR in our db try: user_response = pulse_management.user(username=username) in_rabbitmq = True except pulse_management.PulseManagementException: in_rabbitmq = False else: if 'error' in user_response: in_rabbitmq = False if (in_rabbitmq or PulseUser.query.filter(PulseUser.username == username).first()): errors.append("A user with the same username already exists.") if errors: return render_template('register.html', email=email, signup_errors=errors) PulseUser.new_user(username, password, g.user) return redirect('/profile')
def register_handler(): username = request.form['username'] password = request.form['password'] password_verification = request.form['password-verification'] email = session['email'] errors = [] if password != password_verification: errors.append("Password verification doesn't match the password.") elif not PulseUser.strong_password(password): errors.append("Your password must contain a mix of letters and " "numerical characters and be at least 6 characters long.") if not re.match('^[a-zA-Z][a-zA-Z0-9._-]*$', username): errors.append("The submitted username must start with an " "alphabetical character and contain only alphanumeric " "characters, periods, underscores, and hyphens.") # Checking if a user exists in RabbitMQ OR in our db try: user_response = pulse_management.user(username=username) in_rabbitmq = True except pulse_management.PulseManagementException: in_rabbitmq = False else: if 'error' in user_response: in_rabbitmq = False if (in_rabbitmq or PulseUser.query.filter(PulseUser.username == username).first()): errors.append("A user with the same username already exists.") if errors: return render_template('register.html', email=email, signup_errors=errors) PulseUser.new_user(username, password, g.user) return redirect('/profile')