def new_user():
#print('at new user')
if request.method == 'GET':
state = ''.join(random.choice(string.ascii_uppercase + string.digits) \
for x in range(32))
login_session['state'] = state
return render_template('newUser.html', STATE=state)
#print(request.form)
if request.method == 'POST':
#Test for valid state token (unique session anti-forgery)
#print('testing for valid state token')
if request.form.get('state') != login_session.get('state'):
response = make_response(json.dumps('Invalid state parameter'), 401)
response.headers['Content-Type'] = 'application/json'
return response
name = request.form.get('name')
username = request.form.get('username')
password = request.form.get('password')
conf_password = request.form.get('conf_password')
security_question = request.form.get('security_question')
security_question_answer = request.form.get('security_question_answer')
conf_security_question_answer = request.form.get('conf_security_question_answer')
pin = str(request.form.get('pin'))
if pin != PIN:
#print("incorrect PIN")
# render intermediate screen
msg = ["User registration is not possible.",
"You are not authorized (incorrect PIN)."]
return render_template('message.html', msg=msg, dest="/", my_time=8000)
if (not username) or (not password):
#print("missing arguments")
# render intermediate screen
msg = ["User registration is not possible.",
"Missing arguments. It is necessary username and password."]
return render_template('message.html', msg=msg, dest="/new_user", my_time=8000)
#Check to see if password matches
if password != conf_password:
#print("password does not match")
# render intermediate screen
msg = ["User registration is not possible.",
"Password confirmation does not match."]
return render_template('message.html', msg=msg, dest="/new_user", my_time=8000)
#Check to see if security question answer matches
if (security_question_answer) and (security_question_answer != conf_security_question_answer):
#print("security question answer does not match")
# render intermediate screen
msg = ["User registration is not possible.",
"Security question answer confirmation does not match."]
return render_template('message.html', msg=msg, dest="/new_user", my_time=8000)
#Check if user with that username already exist
id = -1
users = session.query(User).all()
for user in users:
decrypted_username = f.decrypt(user.username).decode()
#print("username:"******"existing username")
# render intermediate screen
msg = ["User with username " + f.decrypt(user.username).decode() + " already exists.",
"Registration is not possible."]
return render_template('message.html', msg=msg, dest="/", my_time=8000)
#Create new user
#print("Requisites verified. Registering new user...")
user = User(name=f.encrypt(name.encode()),
username=f.encrypt(username.encode()),
security_question=f.encrypt(security_question.encode()))
user.hash_password(password)
user.hash_passw_phrase_answer(security_question_answer)
#print('username', f.decrypt(user.username).decode(), ' created')
session.add(user)
session.commit()
# render intermediate screen
msg = ["User " + f.decrypt(user.username).decode() + " successfully registered!",
"Please, wait. Returning to the login page..."]
return render_template('message.html', msg=msg, dest="/", my_time=8000)
