Ejemplo n.º 1
0
Archivo: auth.py Proyecto: betagouv/zam
    def post(self) -> Any:
        if self.ip_limiter.exceeded(self.request.remote_addr):
            return HTTPTooManyRequests()

        email = User.normalize_email(self.request.params.get("email"))

        if self.email_limiter.exceeded(email):
            return HTTPTooManyRequests()

        # Will usually be prevented by the browser (required)
        if not email:
            return self.invalid_email(email=email, reason="missing_email")

        # Will usually be prevented by the browser (type=email)
        if not User.email_is_well_formed(email):
            return self.invalid_email(email=email, reason="incorrect_email")

        # Will NOT be prevented by the browser (pattern=... is clumsy)
        if not User.email_is_allowed(email):
            return self.invalid_email(email=email, reason="incorrect_domain")

        token = self.create_auth_token(email)
        self.send_auth_token_email(token=token, email=email)
        self.log_successful_token_request(email)

        return HTTPFound(
            location=self.request.route_url("email_sent", _query={"email": email})
        )
Ejemplo n.º 2
0
    def post(self) -> Response:
        email_pattern = self.request.POST["email_pattern"] or ""

        if not email_pattern:
            self.request.session.flash(
                Message(cls="error",
                        text="Veuillez saisir un courriel ou modèle."))
            return HTTPFound(location=self.request.resource_url(self.context))

        allowed_email_pattern = (
            DBSession.query(AllowedEmailPattern).filter_by(
                pattern=email_pattern).first())

        if allowed_email_pattern:
            self.request.session.flash(
                Message(cls="warning",
                        text="Cette adresse de courriel existe déjà."))
            return HTTPFound(location=self.request.resource_url(self.context))

        if User.email_is_allowed(email_pattern):
            self.request.session.flash(
                Message(cls="warning",
                        text="Cette adresse de courriel est déjà acceptée."))
            return HTTPFound(location=self.request.resource_url(self.context))

        WhitelistAdd.create(email_pattern=email_pattern,
                            comment=None,
                            request=self.request)

        self.request.session.flash(
            Message(
                cls="success",
                text=("Adresse de courriel ou modèle créé(e) avec succès."),
            ))
        return HTTPFound(location=self.request.resource_url(self.context))
Ejemplo n.º 3
0
 def _is_email_valid(email: str) -> bool:
     return User.email_is_well_formed(email) and User.email_is_allowed(email)