def signup(request):
username = request.POST.get("username")
password = request.POST.get("password")
if config.InviteOnlySignUp:
invitecode = request.POST.get("invitecode")
username, msg = util.check_string(username, 2, 20, config.UsernameChars)
if not username:
result = {"status": "error", "error": "username " + msg}
return util.json_response(result)
password, msg = util.check_string(password, config.PasswordMinLength)
if not password:
result = {"status": "error", "error": "password " + msg}
return util.json_response(result)
r = g.redis
if config.InviteOnlySignUp:
# race condition here.
if not r.sismember("invite.code", invitecode):
result = {"status": "error", "error": "invalid invitation code"}
return util.json_response(result)
# mark as used
r.smove("invite.code", "invite.code.used", invitecode)
# XXX proxied requests have the same REMOTE_ADDR
auth, msg = create_user(username, password, request.environ["REMOTE_ADDR"])
if not auth:
result = {"status": "error", "error": msg}
else:
result = {"status": "ok", "auth": auth}
return util.json_response(result)
def login(request):
username = request.GET.get('username')
password = request.GET.get('password')
username, msg = util.check_string(username, 2, 20)
if not username:
result = {'status': 'error', 'error': 'username ' + msg}
return util.json_response(result)
password, msg = util.check_string(password)
if not password:
result = {'status': 'error', 'error': 'password ' + msg}
return util.json_response(result)
auth, apisecret = check_user_credentials(username, password)
if auth:
result = {'status': 'ok', 'auth': auth, 'apisecret': apisecret}
else:
result = {
'status': 'error',
'error': 'bad username/password',
}
return util.json_response(result)
def update_profile(request):
auth_user(request.cookies.get('auth'))
if not g.user:
result = {'status': 'error',
'error': 'Not authenticated.'
}
return util.json_response(result)
if request.POST.get('apisecret') != g.user["apisecret"]:
result = {'status': 'error',
'error': 'Wrong form secret'
}
return util.json_response(result)
password = request.POST.get('password') #optinal
email = request.POST.get('email')
about = request.POST.get('about')
email, msg = util.check_string(email, maxlen=128)
if email is None:
result = {
'status': 'error',
'error': 'email ' + msg
}
return util.json_response(result)
about, msg = util.check_string(about, maxlen=256)
if about is None:
result = {
'status': 'error',
'error': 'about ' + msg
}
return util.json_response(result)
r = g.redis
if password:
password, msg = util.check_string(password, config.PasswordMinLength)
if not password:
result = {
'status': 'error',
'error': 'password ' + msg
}
return util.json_response(result)
r.hset("user:"******"password",
util.hash_password(password, g.user['salt']))
r.hmset("user:"******"about": about.rstrip(),
"email": email
})
return util.json_response({'status': "ok"})
def signup(request):
username = request.POST.get('username')
password = request.POST.get('password')
if config.InviteOnlySignUp:
invitecode = request.POST.get('invitecode')
username, msg = util.check_string(username, 2, 20, config.UsernameChars)
if not username:
result = {
'status': 'error',
'error': 'username ' + msg
}
return util.json_response(result)
password, msg = util.check_string(password, config.PasswordMinLength)
if not password:
result = {
'status': 'error',
'error': 'password ' + msg
}
return util.json_response(result)
r = g.redis
if config.InviteOnlySignUp:
#race condition here.
if not r.sismember('invite.code', invitecode):
result = {
'status': 'error',
'error': 'invalid invitation code',
}
return util.json_response(result)
#mark as used
r.smove('invite.code', 'invite.code.used', invitecode)
#XXX proxied requests have the same REMOTE_ADDR
auth, msg = create_user(username, password, request.environ['REMOTE_ADDR'])
if not auth:
result = {
'status': 'error',
'error': msg,
}
else:
result = {
'status': 'ok',
'auth': auth,
}
return util.json_response(result)
def signup(request):
username = request.POST.get('username')
password = request.POST.get('password')
if config.InviteOnlySignUp:
invitecode = request.POST.get('invitecode')
username, msg = util.check_string(username, 2, 20, config.UsernameChars)
if not username:
result = {'status': 'error', 'error': 'username ' + msg}
return util.json_response(result)
password, msg = util.check_string(password, config.PasswordMinLength)
if not password:
result = {'status': 'error', 'error': 'password ' + msg}
return util.json_response(result)
r = g.redis
if config.InviteOnlySignUp:
#race condition here.
if not r.sismember('invite.code', invitecode):
result = {
'status': 'error',
'error': 'invalid invitation code',
}
return util.json_response(result)
#mark as used
r.smove('invite.code', 'invite.code.used', invitecode)
#XXX proxied requests have the same REMOTE_ADDR
auth, msg = create_user(username, password, request.environ['REMOTE_ADDR'])
if not auth:
result = {
'status': 'error',
'error': msg,
}
else:
result = {
'status': 'ok',
'auth': auth,
}
return util.json_response(result)
def update_profile(request):
auth_user(request.cookies.get('auth'))
if not g.user:
result = {'status': 'error', 'error': 'Not authenticated.'}
return util.json_response(result)
if request.POST.get('apisecret') != g.user["apisecret"]:
result = {'status': 'error', 'error': 'Wrong form secret'}
return util.json_response(result)
password = request.POST.get('password') #optinal
email = request.POST.get('email')
about = request.POST.get('about')
email, msg = util.check_string(email, maxlen=128)
if email is None:
result = {'status': 'error', 'error': 'email ' + msg}
return util.json_response(result)
about, msg = util.check_string(about, maxlen=256)
if about is None:
result = {'status': 'error', 'error': 'about ' + msg}
return util.json_response(result)
r = g.redis
if password:
password, msg = util.check_string(password, config.PasswordMinLength)
if not password:
result = {'status': 'error', 'error': 'password ' + msg}
return util.json_response(result)
salt = g.user.get('salt', util.get_rand())
r.hmset("user:"******"password": util.hash_password(password, salt),
"salt": salt
})
r.hmset("user:"******"about": about.rstrip(), "email": email})
return util.json_response({'status': "ok"})
def login(request):
username = request.GET.get("username")
password = request.GET.get("password")
username, msg = util.check_string(username, 2, 20)
if not username:
result = {"status": "error", "error": "username " + msg}
return util.json_response(result)
password, msg = util.check_string(password)
if not password:
result = {"status": "error", "error": "password " + msg}
return util.json_response(result)
auth, apisecret = check_user_credentials(username, password)
if auth:
result = {"status": "ok", "auth": auth, "apisecret": apisecret}
else:
result = {"status": "error", "error": "bad username/password"}
return util.json_response(result)
def update_profile(request):
auth_user(request.cookies.get("auth"))
if not g.user:
result = {"status": "error", "error": "Not authenticated."}
return util.json_response(result)
if request.POST.get("apisecret") != g.user["apisecret"]:
result = {"status": "error", "error": "Wrong form secret"}
return util.json_response(result)
password = request.POST.get("password") # optinal
email = request.POST.get("email")
about = request.POST.get("about")
email, msg = util.check_string(email, maxlen=128)
if email is None:
result = {"status": "error", "error": "email " + msg}
return util.json_response(result)
about, msg = util.check_string(about, maxlen=256)
if about is None:
result = {"status": "error", "error": "about " + msg}
return util.json_response(result)
r = g.redis
if password:
password, msg = util.check_string(password, config.PasswordMinLength)
if not password:
result = {"status": "error", "error": "password " + msg}
return util.json_response(result)
salt = g.user.get("salt", util.get_rand())
r.hmset("user:"******"id"], {"password": util.hash_password(password, salt), "salt": salt})
r.hmset("user:"******"id"], {"about": about.rstrip(), "email": email})
return util.json_response({"status": "ok"})
def login(request):
username = request.GET.get('username')
password = request.GET.get('password')
username, msg = util.check_string(username, 2, 20)
if not username:
result = {
'status': 'error',
'error': 'username ' + msg
}
return util.json_response(result)
password, msg = util.check_string(password)
if not password:
result = {
'status': 'error',
'error': 'password ' + msg
}
return util.json_response(result)
auth, apisecret = check_user_credentials(username, password)
if auth:
result = {
'status': 'ok',
'auth': auth,
'apisecret': apisecret
}
else:
result = {
'status': 'error',
'error': 'bad username/password',
}
return util.json_response(result)
