def update_(request):
'Update account'
params = request.params
if params.get('token') != request.session.get_csrf_token():
return dict(isOk=0, message='Invalid token')
userID = authenticated_userid(request)
# If the user is trying to update account information, send confirmation email
if 'username' in params:
return save_user_(request, dict(params), 'update', db.query(User).get(userID))
# Load
smsAddressAction = params.get('smsAddressAction')
# If the user is adding an SMS address,
if 'add' == smsAddressAction:
# Make sure it is a valid email address
validateEmail = validators.Email().to_python
try:
smsAddressEmail = validateEmail(params.get('smsAddressEmail', ''))
except Invalid, error:
return dict(isOk=0, message=str(error))
# Check for duplicates
smsAddress = db.query(SMSAddress).filter(
(SMSAddress.email == smsAddressEmail) &
(SMSAddress.user_id == userID)).first()
if smsAddress:
return dict(isOk=0, message='You already added this SMS address')
# Add it to the database
smsAddress = SMSAddress(email=smsAddressEmail, user_id=userID, code=make_random_string(CODE_LEN))
db.add(smsAddress)
# Send confirmation code
get_mailer(request).send_to_queue(Message(
recipients=[smsAddress.email],
body=smsAddress.code))
# Return smsAddresses
return dict(isOk=1, content=render('users/smsAddresses.mak', update(request), request))
# Prepare ticket
try:
ticket = make_random_unique_string(TICKET_LEN,
lambda x: db.query(User_).filter_by(ticket=x).first() == None)
except RuntimeError:
return dict(isOk=0, errorByID={'status': 'Could not generate ticket; please try again later'})
# Prepare user_
user_ = User_(
username=form['username'],
password_=hash(form['password']),
nickname=form['nickname'],
email=form['email'],
user_id=user.id if user else None,
ticket=ticket,
when_expired=datetime.datetime.utcnow() + datetime.timedelta(hours=TICKET_HOURS))
db.add(user_)
# Send message
get_mailer(request).send_to_queue(Message(
recipients=[formataddr((user_.nickname, user_.email))],
subject='Confirm {}'.format(action),
body=render('users/confirm.mak', {
'form': form,
'ticket': ticket,
'action': action,
'TICKET_HOURS': TICKET_HOURS,
}, request)))
# Return
return dict(isOk=1)
def apply_user_(ticket):
accountUsername = params.get('accountUsername', '')
accountPassword = params.get('accountPassword', '')
# Check user
if not db.query(User).get(accountUserID):
return dict(isOk=0, message='Could not find accountUserID=%s' % accountUserID)
# Check account credentials using validators
try:
form = IMAPAccountForm().to_python(params)
except Invalid, error:
return dict(isOk=0, errorByID=error.unpack_errors())
# Check account credentials by login
imapAccount = IMAPAccount(user_id=accountUserID, host=accountHost, username=accountUsername, password=accountPassword)
if not checkIMAPAccount(imapAccount):
return dict(isOk=0, message='Could not log into account')
# Add
db.add(imapAccount)
# Return
return dict(isOk=1, content=render('accounts/accounts.mak', index(request), request))
class IMAPAccountForm(Schema):
'IMAP account validator'
allow_extra_fields = True
filter_extra_fields = True
accountUserID = All(
)
accountHost = All(
)
accountUsername = All(