def create(params): if "g-recaptcha-response" not in params: raise WebException("Please do the captcha.") captcha_response = params["g-recaptcha-response"] del params["g-recaptcha-response"] if "type" in params: params["type"] = int(params["type"]) r = requests.post("https://www.google.com/recaptcha/api/siteverify", data={ "secret": api.config.recaptcha_secret, "response": captcha_response, "remoteip": request.remote_addr }) if not r.json()["success"] == True: raise WebException("Please do the captcha.") verify_to_schema(UserSchema, params) db = api.common.db_conn() uid = "user_" + api.common.token() if "notify" in params and params["notify"] == "on": r = requests.post("https://us11.api.mailchimp.com/2.0/lists/subscribe", data={ "apikey": api.config.mailchimp_secret, "id": api.config.mailchimp_subscriber_list, "email[email]": params["email"] }) user = { "uid": uid, "name": params["name"], "username": params["username"], "username_lower": params["username"].lower(), "email": params["email"].lower(), "password": hash_password(params["password"]), "type": int(params["type"]) } db.users.insert(user) return uid
def login(username, password): verify_to_schema(UserLoginSchema, { "username": username, "password": password }) user = api.user.get_user(username_lower=username.lower()) if user is None: raise WebException("No user with that username exists!") if user.get("disabled", False): raise WebException("This account is disabled.") if confirm_password(password, user["password"]): if user["uid"] is not None: session["uid"] = user["uid"] if user["type"] == 0: session["admin"] = True session.permanent = True else: raise WebException("Login error. Error code: 1.") else: raise WebException("Wrong password.")
def create(params): db = api.common.db_conn() teamname = params["teamname"] if len(teamname) > 32: raise WebException("Team name too long!") params["school"] = "" verify_to_schema(TeamSchema, params) user = api.user.get_user() if api.user.in_team(): raise WebException("You can't create a team if you're already in one!") tid = "team_" + api.common.token() team = { "tid": tid, "teamname": teamname, "last_updated": int(datetime.now().timestamp()), "owner": user['uid'] } db.teams.insert(team) db.users.update_one({ "uid": user['uid'] }, { "$set": { "team": tid } }) return tid