def put(self, current_user):
json_request = request.json
new_password = json_request['newPassword']
old_password = json_request['oldPassword']
hashed_old_password = hash_password(old_password)
if current_user.hashed_password == hashed_old_password:
hashed_new_password = hash_password(new_password)
current_user.hashed_password = hashed_new_password
current_user.put()
return ok_msg('Password updated.')
else:
return bad_request('Incorrect old password.')
def authenticate_user_login(nick, password):
user = api.actor_lookup_nick(api.ROOT, nick)
if not user:
return None
# user's authenticated via login have full access
user.access_level = api.DELETE_ACCESS
if settings.DEBUG and password == "password":
return user
if user.password == util.hash_password(user.nick, password):
return user
# we're changing the password hashing, this will update their password
# to their new format
# TODO(termie): The settings.MANAGE_PY stuff below is so that the tests
# will continue to work with fixtures that have the passwords
# in clear text. We should probably remove this and change
# the passwords in the fixtures to be the legacy-style
# passwords.
if (
user.password == util.hash_password_intermediate(user.nick, password)
or settings.MANAGE_PY
and user.password == password
):
logging.debug("updating password for intermediate user: %s", user.nick)
user = api.actor_update_intermediate_password(api.ROOT, user.nick, password)
# a little repeat of above since we have a new user instance now
user.access_level = api.DELETE_ACCESS
return user
return None
def authenticate_user_login(nick, password):
user = api.actor_lookup_nick(api.ROOT, nick)
if not user:
return None
# user's authenticated via login have full access
user.access_level = api.DELETE_ACCESS
if settings.DEBUG and password == "password":
return user
if user.password == util.hash_password(user.nick, password):
return user
# we're changing the password hashing, this will update their password
# to their new format
# TODO(termie): The settings.MANAGE_PY stuff below is so that the tests
# will continue to work with fixtures that have the passwords
# in clear text. We should probably remove this and change
# the passwords in the fixtures to be the legacy-style
# passwords.
if (user.password == util.hash_password_intermediate(user.nick, password)
or settings.MANAGE_PY and user.password == password):
logging.debug("updating password for intermediate user: %s", user.nick)
user = api.actor_update_intermediate_password(api.ROOT,
user.nick,
password)
# a little repeat of above since we have a new user instance now
user.access_level = api.DELETE_ACCESS
return user
return None
def post(self):
email = request.json['email']
hashed_pass = hash_password(request.json['password'])
user = User.by_email_and_password(email, hashed_pass)
if not user:
return unauthorized('User not found.')
return ok(Token(user.key.id()).json())
def post(self):
json_request = request.json
token = json_request['token']
new_password = json_request['newPassword']
change_password = ChangePasswordRequest.by_token(token)
if change_password:
hashed_new_password = hash_password(new_password)
user = change_password.user_key.get()
user.hashed_password = hashed_new_password
user.put()
change_password.key.delete()
return ok_msg('Password is reset.')
else:
return not_found('User didn\'t requested password reset.')
def post(self):
json_request = request.json
email = json_request['email']
name = json_request['name']
password = json_request['password']
cv = json_request.get('cv', '')
user = User.by_email(email)
if user:
return bad_request('User with email {0} already exists'.format(email))
user = User(name=name, email=email, cv=cv,
is_admin=False,
status=StatusType.ACTIVE,
hashed_password=hash_password(password))
user_key = user.put()
return created(Token(user_key.id()).json())
def put(self):
parser = reqparse.RequestParser()
parser.add_argument('name')
parser.add_argument('password')
parser.add_argument('email')
parser.add_argument('user_level')
parser.add_argument('phone_number')
parser.add_argument('has_telegram')
args = parser.parse_args()
try:
# Check if the user whom request for update is already exist in the database.
existing_user = User_Model.find_by_email(args['email'])
if existing_user != None:
# Update existing user details.
existing_user.name = args['name']
existing_user.user_level = args['user_level']
existing_user.user_level = args['phone_number']
existing_user.user_level = args['has_telegram']
existing_user.password_hash = hash_password(args['password'])
# !! Need to commit the changes after update
User_Model.update()
return {
'message':
'User with email {}\'s details have been updated.'.format(
existing_user.email_address)
}, 200
else:
return {'message': 'This user does not exist in database.'}
except:
print(traceback.format_exc())
return {
'message':
'An error occurred. Check console for error message.'
}, 400
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('name')
parser.add_argument('password')
parser.add_argument('email', required=True)
parser.add_argument('user_level')
parser.add_argument('phone_number', required=True)
parser.add_argument('has_telegram')
args = parser.parse_args()
try:
# Check whether user already register.
existing_user = User_Model.find_by_email(args['email'])
if existing_user:
return {
'message':
'User with the email address: {} has registered before.'.
format(existing_user.email_address)
}, 400
# Else if user not exist in database, create new user.
else:
new_user = User_Model(name=args['name'],
email_address=args['email'],
user_level=args['user_level'],
password_hash=hash_password(
args['password']),
phone_number=args['phone_number'],
has_telegram=bool(args['has_telegram']))
new_user.save()
return "A new user is registered.", 201
except:
print(traceback.format_exc())
return {
'message':
'An error occurred. Check console for error message.'
}, 400
def actor_settings(request, nick, page='index'):
""" just a static page that links to the rest"""
nick = clean.nick(nick)
view = api.actor_lookup_nick(api.ROOT, nick)
if not api.actor_owns_actor(request.user, view):
raise exception.ApiOwnerRequired(
'Operation not allowed: %s does not own %s'
% (request.user and request.user.nick or '(nobody)', view.nick))
handled = common_views.handle_view_action(
request,
{
'activation_activate_mobile': view.url('/settings/mobile'),
'activation_request_email': view.url('/settings/email'),
'activation_request_mobile': view.url('/settings/mobile'),
'settings_change_notify': view.url('/settings/notifications'),
'settings_change_privacy': request.path,
'settings_update_account': view.url('/settings/profile'),
'actor_remove': '/logout',
#'oauth_remove_consumer': request.path,
#'oauth_remove_access_token': request.path
}
)
if handled:
return handled
# TODO(tyler/termie): This conflicts with the global settings import.
# Also, this seems fishy. Do none of the settings.* items work in templates?
import settings
# TODO(tyler): Merge this into handle_view_action, if possible
if 'password' in request.POST:
try:
validate.nonce(request, 'change_password')
password = request.POST.get('password', '')
confirm = request.POST.get('confirm', '')
validate.password_and_confirm(password, confirm, field = 'password')
api.settings_change_password(request.user, view.nick, password)
response = util.RedirectFlash(view.url() + '/settings/password',
'Password updated')
request.user.password = util.hash_password(request.user.nick, password)
# TODO(mikie): change when cookie-auth is changed
user.set_user_cookie(response, request.user)
return response
except:
exception.handle_exception(request)
if page == 'feeds':
try:
if not settings.FEEDS_ENABLED:
raise exception.DisabledFeatureError('Feeds are currently disabled')
except:
exception.handle_exception(request)
if page == 'photo':
redirect_to = view.url() + '/settings/photo'
handled = common_views.common_photo_upload(request, redirect_to)
if handled:
return handled
area = 'settings'
full_page = page.capitalize()
if page == 'mobile':
full_page = 'Mobile Number'
mobile = api.mobile_get_actor(request.user, view.nick)
sms_notify = view.extra.get('sms_notify', False)
elif page == 'im':
full_page = 'IM Address'
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get('im_notify', False)
elif page == 'index':
email = api.email_get_actor(request.user, view.nick)
email_notify = view.extra.get('email_notify', False)
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get('im_notify', False)
elif page == 'feeds':
full_page = 'Web Feeds'
elif page == 'email':
full_page = 'Email Address'
email_notify = view.extra.get('email_notify', False)
# check if we already have an email
email = api.email_get_actor(request.user, view.nick)
# otherwise look for an unconfirmed one
if not email:
unconfirmeds = api.activation_get_actor_email(api.ROOT, view.nick)
if unconfirmeds:
unconfirmed_email = unconfirmeds[0].content
elif page == 'design':
handled = common_views.common_design_update(request, view.nick)
if handled:
return handled
full_page = 'Look and Feel'
elif page == 'notifications':
email = api.email_get_actor(request.user, view.nick)
email_notify = view.extra.get('email_notify', False)
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get('im_notify', False)
mobile = api.mobile_get_actor(request.user, request.user.nick)
sms_notify = view.extra.get('sms_notify', False)
sms_confirm = sms_notify and not view.extra.get('sms_confirmed', False)
# TODO(termie): remove this once we can actually receive sms
sms_confirm = False
elif page == 'profile':
# check if we already have an email
email = api.email_get_actor(request.user, view.nick)
# otherwise look for an unconfirmed one
if not email:
unconfirmeds = api.activation_get_actor_email(api.ROOT, view.nick)
if unconfirmeds:
unconfirmed_email = unconfirmeds[0].content
elif page == 'photo':
avatars = display.DEFAULT_AVATARS
small_photos = api.image_get_all_keys(request.user, view.nick, size='f')
# TODO(tyler): Fix this avatar nonsense!
own_photos = [{
'path' : small_photo.key().name(),
'name' : small_photo.key().name()[len('image/'):-len('_f.jpg')],
} for small_photo in small_photos
]
elif page == 'privacy':
PRIVACY_PUBLIC = api.PRIVACY_PUBLIC
PRIVACY_CONTACTS = api.PRIVACY_CONTACTS
elif page == 'jsbadge':
full_page = 'Javascript Badges'
elif page == 'badge':
badges = [{'id': 'badge-stream',
'width': '200',
'height': '300',
'src': '/themes/%s/badge.swf' % settings.DEFAULT_THEME,
'title': 'Stream',
},
{'id': 'badge-map',
'width': '200',
'height': '255',
'src': '/themes/%s/badge-map.swf' % settings.DEFAULT_THEME,
'title': 'Map',
},
{'id': 'badge-simple',
'width': '200',
'height': '200',
'src': '/themes/%s/badge-simple.swf' % settings.DEFAULT_THEME,
'title': 'Simple',
},
]
elif page in ['password', 'delete']:
# Catch for remaining pages before we generate a 404.
pass
else:
return common_views.common_404(request)
# rendering
c = template.RequestContext(request, locals())
t = loader.get_template('actor/templates/settings_%s.html' % page)
return http.HttpResponse(t.render(c))
def actor_settings(request, nick, page='index'):
""" just a static page that links to the rest"""
nick = clean.nick(nick)
view = api.actor_lookup_nick(api.ROOT, nick)
if not api.actor_owns_actor(request.user, view):
raise exception.ApiOwnerRequired(
'Operation not allowed: %s does not own %s' %
(request.user and request.user.nick or '(nobody)', view.nick))
handled = common_views.handle_view_action(
request,
{
'activation_activate_mobile': view.url('/settings/mobile'),
'activation_request_email': view.url('/settings/email'),
'activation_request_mobile': view.url('/settings/mobile'),
'settings_change_notify': view.url('/settings/notifications'),
'settings_change_privacy': request.path,
'settings_update_account': view.url('/settings/profile'),
'actor_remove': '/logout',
#'oauth_remove_consumer': request.path,
#'oauth_remove_access_token': request.path
})
if handled:
return handled
# TODO(tyler/termie): This conflicts with the global settings import.
# Also, this seems fishy. Do none of the settings.* items work in templates?
import settings
# TODO(tyler): Merge this into handle_view_action, if possible
if 'password' in request.POST:
try:
validate.nonce(request, 'change_password')
password = request.POST.get('password', '')
confirm = request.POST.get('confirm', '')
validate.password_and_confirm(password, confirm, field='password')
api.settings_change_password(request.user, view.nick, password)
response = util.RedirectFlash(view.url() + '/settings/password',
'Password updated')
request.user.password = util.hash_password(request.user.nick,
password)
# TODO(mikie): change when cookie-auth is changed
user.set_user_cookie(response, request.user)
return response
except:
exception.handle_exception(request)
if page == 'feeds':
try:
if not settings.FEEDS_ENABLED:
raise exception.DisabledFeatureError(
'Feeds are currently disabled')
except:
exception.handle_exception(request)
if page == 'photo':
redirect_to = view.url() + '/settings/photo'
handled = common_views.common_photo_upload(request, redirect_to)
if handled:
return handled
area = 'settings'
full_page = page.capitalize()
if page == 'mobile':
full_page = 'Mobile Number'
mobile = api.mobile_get_actor(request.user, view.nick)
sms_notify = view.extra.get('sms_notify', False)
elif page == 'im':
full_page = 'IM Address'
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get('im_notify', False)
elif page == 'index':
email = api.email_get_actor(request.user, view.nick)
email_notify = view.extra.get('email_notify', False)
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get('im_notify', False)
elif page == 'feeds':
full_page = 'Web Feeds'
elif page == 'email':
full_page = 'Email Address'
email_notify = view.extra.get('email_notify', False)
# check if we already have an email
email = api.email_get_actor(request.user, view.nick)
# otherwise look for an unconfirmed one
if not email:
unconfirmeds = api.activation_get_actor_email(api.ROOT, view.nick)
if unconfirmeds:
unconfirmed_email = unconfirmeds[0].content
elif page == 'design':
handled = common_views.common_design_update(request, view.nick)
if handled:
return handled
full_page = 'Look and Feel'
elif page == 'notifications':
email = api.email_get_actor(request.user, view.nick)
email_notify = view.extra.get('email_notify', False)
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get('im_notify', False)
mobile = api.mobile_get_actor(request.user, request.user.nick)
sms_notify = view.extra.get('sms_notify', False)
sms_confirm = sms_notify and not view.extra.get('sms_confirmed', False)
# TODO(termie): remove this once we can actually receive sms
sms_confirm = False
elif page == 'profile':
# check if we already have an email
email = api.email_get_actor(request.user, view.nick)
# otherwise look for an unconfirmed one
if not email:
unconfirmeds = api.activation_get_actor_email(api.ROOT, view.nick)
if unconfirmeds:
unconfirmed_email = unconfirmeds[0].content
elif page == 'photo':
avatars = display.DEFAULT_AVATARS
small_photos = api.image_get_all_keys(request.user,
view.nick,
size='f')
# TODO(tyler): Fix this avatar nonsense!
own_photos = [{
'path':
small_photo.key().name(),
'name':
small_photo.key().name()[len('image/'):-len('_f.jpg')],
} for small_photo in small_photos]
elif page == 'privacy':
PRIVACY_PUBLIC = api.PRIVACY_PUBLIC
PRIVACY_CONTACTS = api.PRIVACY_CONTACTS
elif page in ['password', 'delete']:
# Catch for remaining pages before we generate a 404.
pass
else:
return common_views.common_404(request)
# rendering
c = template.RequestContext(request, locals())
t = loader.get_template('actor/templates/settings_%s.html' % page)
return http.HttpResponse(t.render(c))
def actor_settings(request, nick, page="index"):
""" just a static page that links to the rest"""
nick = clean.nick(nick)
view = api.actor_lookup_nick(api.ROOT, nick)
if not api.actor_owns_actor(request.user, view):
raise exception.ApiOwnerRequired(
"Operation not allowed: %s does not own %s" % (request.user and request.user.nick or "(nobody)", view.nick)
)
handled = common_views.handle_view_action(
request,
{
"activation_activate_mobile": view.url("/settings/mobile"),
"activation_request_email": view.url("/settings/email"),
"activation_request_mobile": view.url("/settings/mobile"),
"settings_change_notify": view.url("/settings/notifications"),
"settings_change_privacy": request.path,
"settings_update_account": view.url("/settings/profile"),
"actor_remove": "/logout",
#'oauth_remove_consumer': request.path,
#'oauth_remove_access_token': request.path
},
)
if handled:
return handled
# TODO(tyler/termie): This conflicts with the global settings import.
# Also, this seems fishy. Do none of the settings.* items work in templates?
import settings
# TODO(tyler): Merge this into handle_view_action, if possible
if "password" in request.POST:
try:
validate.nonce(request, "change_password")
password = request.POST.get("password", "")
confirm = request.POST.get("confirm", "")
validate.password_and_confirm(password, confirm, field="password")
api.settings_change_password(request.user, view.nick, password)
response = util.RedirectFlash(view.url() + "/settings/password", "Password updated")
request.user.password = util.hash_password(request.user.nick, password)
# TODO(mikie): change when cookie-auth is changed
user.set_user_cookie(response, request.user)
return response
except:
exception.handle_exception(request)
if page == "feeds":
try:
if not settings.FEEDS_ENABLED:
raise exception.DisabledFeatureError("Feeds are currently disabled")
except:
exception.handle_exception(request)
if page == "photo":
redirect_to = view.url() + "/settings/photo"
handled = common_views.common_photo_upload(request, redirect_to)
if handled:
return handled
area = "settings"
full_page = page.capitalize()
if page == "mobile":
full_page = "Mobile Number"
mobile = api.mobile_get_actor(request.user, view.nick)
sms_notify = view.extra.get("sms_notify", False)
elif page == "im":
full_page = "IM Address"
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get("im_notify", False)
elif page == "index":
email = api.email_get_actor(request.user, view.nick)
email_notify = view.extra.get("email_notify", False)
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get("im_notify", False)
elif page == "feeds":
full_page = "Web Feeds"
elif page == "email":
full_page = "Email Address"
email_notify = view.extra.get("email_notify", False)
# check if we already have an email
email = api.email_get_actor(request.user, view.nick)
# otherwise look for an unconfirmed one
if not email:
unconfirmeds = api.activation_get_actor_email(api.ROOT, view.nick)
if unconfirmeds:
unconfirmed_email = unconfirmeds[0].content
elif page == "design":
redirect_to = view.url() + "/settings/design"
handled = common_views.common_design_update(request, redirect_to, view.nick)
if handled:
return handled
full_page = "Look and Feel"
elif page == "notifications":
email = api.email_get_actor(request.user, view.nick)
email_notify = view.extra.get("email_notify", False)
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get("im_notify", False)
mobile = api.mobile_get_actor(request.user, request.user.nick)
sms_notify = view.extra.get("sms_notify", False)
sms_confirm = sms_notify and not view.extra.get("sms_confirmed", False)
# TODO(termie): remove this once we can actually receive sms
sms_confirm = False
elif page == "profile":
# check if we already have an email
email = api.email_get_actor(request.user, view.nick)
# otherwise look for an unconfirmed one
if not email:
unconfirmeds = api.activation_get_actor_email(api.ROOT, view.nick)
if unconfirmeds:
unconfirmed_email = unconfirmeds[0].content
elif page == "photo":
avatars = display.DEFAULT_AVATARS
small_photos = api.image_get_all_keys(request.user, view.nick, size="f")
# TODO(tyler): Fix this avatar nonsense!
own_photos = [
{"path": small_photo.key().name(), "name": small_photo.key().name()[len("images/") : -len("_f.jpg")]}
for small_photo in small_photos
]
elif page == "privacy":
PRIVACY_PUBLIC = api.PRIVACY_PUBLIC
PRIVACY_CONTACTS = api.PRIVACY_CONTACTS
elif page == "jsbadge":
full_page = "Javascript Badges"
elif page == "badge":
badges = [
{
"id": "badge-stream",
"width": "200",
"height": "300",
"src": "/themes/%s/badge.swf" % settings.DEFAULT_THEME,
"title": "Stream",
},
{
"id": "badge-map",
"width": "200",
"height": "255",
"src": "/themes/%s/badge-map.swf" % settings.DEFAULT_THEME,
"title": "Map",
},
{
"id": "badge-simple",
"width": "200",
"height": "200",
"src": "/themes/%s/badge-simple.swf" % settings.DEFAULT_THEME,
"title": "Simple",
},
]
elif page in ["password", "delete"]:
# Catch for remaining pages before we generate a 404.
pass
else:
return common_views.common_404(request)
# rendering
c = template.RequestContext(request, locals())
t = loader.get_template("actor/templates/settings_%s.html" % page)
return http.HttpResponse(t.render(c))
