def deactivate_account(): user_data = request.get_json() user_instance = UserModel.get(user_data.get("email")) user_instance.update( attributes={"active": { "value": False, "action": "PUT" }}) return jsonify(user_instance.serialize())
def login(): user_data = request.get_json() # CURTIS: does the below work in terms of timing attacks? validLogin = False # switch this to true iff they exist, their password checks out, # and their account is active. if UserModel.count(user_data["email"]): user_instance = UserModel.get(user_data["email"]) if user_instance.checkPassword(user_data['password']): if user_instance.active: validLogin = True if validLogin: user_instance = UserModel.get(user_data["email"]) return user_instance.encodeAuthToken() else: return "Error logging in", 400
def activate(activation_token): email = decode_activation_token(activation_token) if email: user_instance = UserModel.get(email) if user_instance.active: return "account already activated", 400 user_instance.update(actions=[ UserModel.active.set(True) ]) # publish to SNS topic ## ??? ## ??? ## CURTIS: i went ahead and set this up, i think i get it now, should be fine, ### just haven't done it yet. and hard to test it without starting work on the ### other services return jsonify(user_instance.serialize()) else: return "invalid activation token", 400
def update_account(): user_data = request.get_json() user_instance = UserModel.get(user_data.get("email")) new_email = user_data.get("new_email") if new_email: # create new user # delete old user # PUBLISH to SNS feed ## haven't done any of this yet. partly because i'm curious about some ## language in the requirements about user id/email pass else: user_instance.update( attributes={ "first_name": { "value": user_data.get("first_name") or user_instance.get("first_name"), "action": "PUT" }, "last_name": { "value": user_data.get("last_name") or user_instance.get("last_name"), "action": "PUT" }, "password_hash": { "value": user_instance.setPasswordHash(user_data.get("password")) if user_data.get("password") else user_instance.password_hash, "action": "PUT" } }) # PUBLISH TO SNS FEED # ?? return jsonify(user_instance.serialize())
def _handle_social_user(self, data): # generate random password for social users if not self._validate_social_auth(data): raise SocialError("Invalid social auth") user = None data["password"] = str(uuid.uuid4()) + str(time.time()) session_id = g.get("session_id", None) model = UserModel(session_id) registered = model.ident_exists(data["ident"]) session_model = Session() if registered: # social auth already checked user = model.get(data["ident"]) else: if model.username_exists(data["username"]): data["username"] += "-%s" % (time.strftime("%H%M%S")) user = model.create(data) if user: session_model.update( session_id, user_id=user.id, social_access_token=data.get("social_access_token")) return user