def initialize_sql(engine): 'Create tables and insert data' # Create tables db.configure(bind=engine) Base.metadata.bind = engine Base.metadata.create_all(engine) # If the tables are empty, if not db.query(User).count(): # Prepare data userPacks = [ (u'admin', make_random_string(PASSWORD_LEN_MAX), u'Admin', u'*****@*****.**', True), (u'user', make_random_string(PASSWORD_LEN_MAX), u'User', u'*****@*****.**', False), ] # Insert data userTemplate = '\nUsername\t%s\nPassword\t%s\nNickname\t%s\nEmail\t\t%s' for username, password, nickname, email, is_super in userPacks: print userTemplate % (username, password, nickname, email) db.add( User(username=username, password=password, nickname=nickname, email=email, is_super=is_super)) print transaction.commit()
class User(Base): 'A user' __tablename__ = 'users' id = Column(Integer, primary_key=True) username = column_property(Column(Unicode(USERNAME_LEN_MAX), unique=True), comparator_factory=CaseInsensitiveComparator) password_ = Column('password', LargeBinary(60)) # Hash from bcrypt @property def password(self): return self.password_ @password.setter def password(self, password): self.password_ = crypt.encode(password) password = synonym('password_', descriptor=password) nickname = column_property(Column(Unicode(NICKNAME_LEN_MAX), unique=True), comparator_factory=CaseInsensitiveComparator) email = Column(LowercaseEncrypted(EMAIL_LEN_MAX * 2), unique=True) is_active = Column(Boolean, default=True) is_super = Column(Boolean, default=False) rejection_count = Column(Integer, default=0) minutes_offset = Column(Integer, default=0) when_login = Column(DateTime) code = Column(String(CODE_LEN), default=lambda: make_random_string(CODE_LEN)) sms_addresses = relationship('SMSAddress') def __str__(self): return "<User(id=%s)>" % self.id def check(self, password): 'Return True if we have a matching password' return crypt.check(self.password, password)
def initialize_sql(engine): 'Create tables and insert data' # Create tables db.configure(bind=engine) Base.metadata.bind = engine Base.metadata.create_all(engine) # If the tables are empty, if not db.query(User).count(): # Prepare data userPacks = [ (u'admin', make_random_string(PASSWORD_LEN_MAX), u'Admin', u'*****@*****.**', True), (u'user', make_random_string(PASSWORD_LEN_MAX), u'User', u'*****@*****.**', False), ] # Insert data userTemplate = '\nUsername\t%s\nPassword\t%s\nNickname\t%s\nEmail\t\t%s' for username, password, nickname, email, is_super in userPacks: print userTemplate % (username, password, nickname, email) db.add(User(username=username, password=password, nickname=nickname, email=email, is_super=is_super)) print transaction.commit()
def reset(request): 'Reset password' # Get email email = request.params.get('email') # Try to load the user user = db.query(User).filter(User.email==email).first() # If the email is not in our database, if not user: return dict(isOk=0) # Reset account return save_user_(request, dict( username=user.username, password=make_random_string(PASSWORD_LEN_MAX), nickname=user.nickname, email=user.email), 'reset', user)
def reset(request): 'Reset password' # Get email email = request.params.get('email') # Try to load the user user = db.query(User).filter(User.email == email).first() # If the email is not in our database, if not user: return dict(isOk=0) # Reset account return save_user_( request, dict(username=user.username, password=make_random_string(PASSWORD_LEN_MAX), nickname=user.nickname, email=user.email), 'reset', user)
def mutate(request): 'Mutate user token' params = request.params if params.get('token') != request.session.get_csrf_token(): return dict(isOk=0, message='Invalid session token') userID = authenticated_userid(request) # Mutate user code user = db.query(User).get(userID) user.code = make_random_string(CODE_LEN) # Refresh cookie if not hasattr(request, 'response_headerlist'): request.response_headerlist = [] request.response_headerlist.extend(remember(request, user.id, tokens=format_tokens(user))) # Return region_invalidate(get_properties, None, userID) return dict(isOk=1, code=user.code)
def mutate(request): 'Mutate user token' params = request.params if params.get('token') != request.session.get_csrf_token(): return dict(isOk=0, message='Invalid session token') userID = authenticated_userid(request) # Mutate user code user = db.query(User).get(userID) user.code = make_random_string(CODE_LEN) # Refresh cookie if not hasattr(request, 'response_headerlist'): request.response_headerlist = [] request.response_headerlist.extend( remember(request, user.id, tokens=format_tokens(user))) # Return region_invalidate(get_properties, None, userID) return dict(isOk=1, code=user.code)
def apply_user_(ticket): 'Finalize a change to a user account' user_ = db.query(User_).filter((User_.ticket == ticket) & ( User_.when_expired >= datetime.datetime.utcnow())).first() if not user_: raise UserException('') # If the ticket is valid, if user_: # Apply the change and reset rejection_count userID = user_.user_id db.merge( User(id=userID, username=user_.username, password_=user_.password_, nickname=user_.nickname, email=user_.email, rejection_count=0, code=make_random_string(CODE_LEN))) region_invalidate(get_properties, None, userID) # Return return user_
def apply_user_(ticket): 'Finalize a change to a user account' user_ = db.query(User_).filter( (User_.ticket == ticket) & (User_.when_expired >= datetime.datetime.utcnow())).first() if not user_: raise UserException('') # If the ticket is valid, if user_: # Apply the change and reset rejection_count userID = user_.user_id db.merge(User( id=userID, username=user_.username, password_=user_.password_, nickname=user_.nickname, email=user_.email, rejection_count=0, code=make_random_string(CODE_LEN))) region_invalidate(get_properties, None, userID) # Return return user_