def post(self, **post):
try:
data = Bunch(register_form.native(post)[0])
except Exception as e:
if config.get('debug', False):
raise
return 'json:', dict(success=False, message=_("Unable to parse data."), data=post, exc=str(e))
if not data.username or not data.email or not data.password or data.password != data.pass2:
return 'json:', dict(success=False, message=_("Missing data or passwords do not match."), data=data)
#Make sure that the provided email address is a valid form for an email address
v = EmailValidator()
email = data.email
email, err = v.validate(email)
if err:
return 'json:', dict(success=False, message=_("Invalid email address provided."), data=data)
#If the password isn't strong enough, reject it
if(zxcvbn.password_strength(data.password).get("score") < MINIMUM_PASSWORD_STRENGTH):
return 'json:', dict(success=False, message=_("Password provided is too weak. please add more characters, or include lowercase, uppercase, and special characters."), data=data)
#Ensures that the provided username and email are lowercase
user = User(data.username.lower(), data.email.lower(), active=True)
user.password = data.password
try:
user.save()
except ValidationError:
return 'json:', dict(success=False, message=_("Invalid email address provided."), data=data)
except NotUniqueError:
return 'json:', dict(success=False, message=_("Either the username or email address provided is already taken."), data=data)
authenticate(user.username, data.password)
return 'json:', dict(success=True, location="/")
def post(self, **post):
try:
data = Bunch(register_form.native(post)[0])
except Exception as e:
if config.get('debug', False):
raise
return 'json:', dict(success=False,
message=_("Unable to parse data."),
data=post,
exc=str(e))
if not data.username or not data.email or not data.password or data.password != data.pass2:
return 'json:', dict(
success=False,
message=_("Missing data or passwords do not match."),
data=data)
#Make sure that the provided email address is a valid form for an email address
v = EmailValidator()
email = data.email
email, err = v.validate(email)
if err:
return 'json:', dict(success=False,
message=_("Invalid email address provided."),
data=data)
#If the password isn't strong enough, reject it
if (zxcvbn.password_strength(data.password).get("score") <
MINIMUM_PASSWORD_STRENGTH):
return 'json:', dict(
success=False,
message=
_("Password provided is too weak. please add more characters, or include lowercase, uppercase, and special characters."
),
data=data)
#Ensures that the provided username and email are lowercase
user = User(data.username.lower(), data.email.lower(), active=True)
user.password = data.password
try:
user.save()
except ValidationError:
return 'json:', dict(success=False,
message=_("Invalid email address provided."),
data=data)
except NotUniqueError:
return 'json:', dict(
success=False,
message=
_("Either the username or email address provided is already taken."
),
data=data)
authenticate(user.username, data.password)
return 'json:', dict(success=True, location="/")
def test_email_validation():
mock = EmailValidator()
dataset = [
('*****@*****.**', ''),
('*****@*****.**', ''), # IDN: (poop).la
('', 'The e-mail is empty.'),
('user@[email protected]', 'An email address must contain a single @'),
('*****@*****.**',
'The e-mail has a problem to the right of the @: Invalid domain.'),
('bad,[email protected]',
'The email has a problem to the left of the @: Invalid local part.'),
]
def closure(address, expect):
eq_(mock.validate_email(address), (address, expect))
for address, expect in dataset:
yield closure, address, expect
def __init__(self, name_or_email, email=None, encoding='utf-8'):
self.encoding = encoding
if email is None:
if isinstance(name_or_email, AddressList):
if not 0 < len(name_or_email) < 2:
raise ValueError(
"AddressList to convert must only contain a single Address."
)
name_or_email = unicode(name_or_email[0])
if isinstance(name_or_email, (tuple, list)):
self.name = unicodestr(name_or_email[0], encoding)
self.address = unicodestr(name_or_email[1], encoding)
elif isinstance(name_or_email, bytes):
self.name, self.address = parseaddr(
unicodestr(name_or_email, encoding))
elif isinstance(name_or_email, unicode):
self.name, self.address = parseaddr(name_or_email)
else:
raise TypeError(
'Expected string, tuple or list, got {0} instead'.format(
repr(type(name_or_email))))
else:
self.name = unicodestr(name_or_email, encoding)
self.address = unicodestr(email, encoding)
email, err = EmailValidator().validate_email(self.address)
if err:
raise ValueError('"{0}" is not a valid e-mail address: {1}'.format(
email, err))
def post(self, **post):
try:
data = Bunch(post)
except Exception as e:
if config.get('debug', False):
raise
return 'json:', dict(success=False, message=_("Unable to parse data."), data=post, exc=str(e))
query = dict(active=True)
query[b'username'] = data.id
query_user = User.objects(**query).first()
if query_user.id != user.id:
raise HTTPForbidden
if data.form == "changepassword":
passwd_ok, error_msg = _check_password(data.passwd, data.passwd1)
if not passwd_ok:
return 'json:', dict(success=False, message=error_msg, data=data)
if isinstance(data.old, unicode):
data.old = data.old.encode('utf-8')
if not User.password.check(user.password, data.old):
return 'json:', dict(success=False, message=_("Old password incorrect."), data=data)
#If the password isn't strong enough, reject it
if(zxcvbn.password_strength(data.passwd).get("score") < MINIMUM_PASSWORD_STRENGTH):
return 'json:', dict(success=False, message=_("Password provided is too weak. please add more characters, or include lowercase, uppercase, and special characters."), data=data)
user.password = data.passwd
user.save()
elif data.form == "addotp":
if isinstance(data.password, unicode):
data.password = data.password.encode('utf-8')
identifier = data.otp
client = yubico.Yubico(
config['yubico.client'],
config['yubico.key'],
boolean(config.get('yubico.secure', False))
)
if not User.password.check(user.password, data.password):
return 'json:', dict(success=False, message=_("Password incorrect."), data=data)
try:
status = client.verify(identifier, return_response=True)
except:
return 'json:', dict(success=False, message=_("Failed to contact YubiCloud."), data=data)
if not status:
return 'json:', dict(success=False, message=_("Failed to verify key."), data=data)
if not User.addOTP(user, identifier[:12]):
return 'json:', dict(success=False, message=_("YubiKey already exists."), data=data)
elif data.form == "removeotp":
identifier = data.otp
if not User.removeOTP(user, identifier[:12]):
return 'json:', dict(success=False, message=_("YubiKey invalid."), data=data)
elif data.form == "configureotp":
if isinstance(data.password, unicode):
data.password = data.password.encode('utf-8')
rotp = True if 'rotp' in data else False
if not User.password.check(user.password, data.password):
return 'json:', dict(success=False, message=_("Password incorrect."), data=data)
user.rotp = rotp
user.save()
#Handle the user attempting to delete their account
elif data.form == "deleteaccount":
if isinstance(data.passwd, unicode):
data.passwd = data.passwd.encode('utf-8')
#Make the user enter their username so they know what they're doing.
if not user.username == data.username.lower():
return 'json:', dict(success=False, message=_("Username incorrect."), data=data)
#Check whether the user's supplied password is correct
if not User.password.check(user.password, data.passwd):
return 'json:', dict(success=False, message=_("Password incorrect."), data=data)
#Make them type "delete" exactly
if not data.confirm == "delete":
return 'json:', dict(success=False, message=_("Delete was either misspelled or not lowercase."), data=data)
#Delete the user account and then deauthenticate the browser session
log.info("User %s authorized the deletion of their account.", user)
user.delete()
deauthenticate()
#Redirect user to the root of the server instead of the settings page
return 'json:', dict(success=True, location="/")
#Handle the user attempting to change the email address associated with their account
elif data.form == "changeemail":
if isinstance(data.passwd, unicode):
data.passwd = data.passwd.encode('utf-8')
#Check whether the user's supplied password is correct
if not User.password.check(user.password, data.passwd):
return 'json:', dict(success=False, message=_("Password incorrect."), data=data)
#Check that the two provided email addresses match
if not data.newEmail.lower() == data.newEmailConfirm.lower():
return 'json:', dict(success=False, message=_("Provided email addresses do not match."), data=data)
#Make sure that the provided email address is a valid form for an email address
v = EmailValidator()
email = data.newEmail
email, err = v.validate(email)
if err:
return 'json:', dict(success=False, message=_("Invalid email address provided."), data=data)
#Make sure that the new email address is not already taken
count = User.objects.filter(**{"email": data.newEmail.lower()}).count()
if not count == 0:
return 'json:', dict(success=False, message=_("The email address provided is already taken."), data=data)
#Change the email address in the database and catch any email validation exceptions that mongo throws
user.email = data.newEmail.lower()
try:
user.save()
except ValidationError:
return 'json:', dict(success=False, message=_("Invalid email address provided."), data=data)
except NotUniqueError:
return 'json:', dict(success=False, message=_("The email address provided is already taken."), data=data)
#Handle the user attempting to merge 2 accounts together
elif data.form == "mergeaccount":
if isinstance(data.passwd, unicode):
data.passwd = data.passwd.encode('utf-8')
if isinstance(data.passwd2, unicode):
data.passwd2 = data.passwd2.encode('utf-8')
#Make the user enter their username so they know what they're doing.
if user.username != data.username.lower() and user.username != data.username:
return 'json:', dict(success=False, message=_("First username incorrect."), data=data)
#Check whether the user's supplied password is correct
if not User.password.check(user.password, data.passwd):
return 'json:', dict(success=False, message=_("First password incorrect."), data=data)
#Make sure the user isn't trying to merge their account into itself.
if data.username.lower() == data.username2.lower():
return 'json:', dict(success=False, message=_("You can't merge an account into itself."), data=data)
#Make the user enter the second username so we can get the User object they want merged in.
if not User.objects(username=data.username2.lower()) and not User.objects(username=data.username2):
return 'json:', dict(success=False, message=_("Unable to find user by second username."), data=data)
other = User.objects(username=data.username2).first()
if not other:
other = User.objects(username=data.username2.lower()).first()
#Check whether the user's supplied password is correct
if not User.password.check(other.password, data.passwd2):
return 'json:', dict(success=False, message=_("Second password incorrect."), data=data)
#Make them type "merge" exactly
if data.confirm != "merge":
return 'json:', dict(success=False, message=_("Merge was either misspelled or not lowercase."), data=data)
log.info("User %s merged account %s into %s.", user.username, other.username, user.username)
user.merge(other)
#Redirect user to the root of the server instead of the settings page
return 'json:', dict(success=True, location="/")
else:
return 'json:', dict(success=False, message=_("Form does not exist."), location="/")
return 'json:', dict(success=True, location="/account/settings")
def valid(self):
email, err = EmailValidator().validate_email(self.address)
return False if err else True
def post(self, **post):
try:
data = Bunch(post)
except Exception as e:
if config.get('debug', False):
raise
return 'json:', dict(success=False,
message=_("Unable to parse data."),
data=post,
exc=str(e))
query = dict(active=True)
query[b'username'] = data.id
user = User.objects(**query).first()
if data.form == "changepassword":
passwd_ok, error_msg = _check_password(data.passwd, data.passwd1)
if not passwd_ok:
return 'json:', dict(success=False,
message=error_msg,
data=data)
if isinstance(data.old, unicode):
data.old = data.old.encode('utf-8')
if not User.password.check(user.password, data.old):
return 'json:', dict(success=False,
message=_("Old password incorrect."),
data=data)
#If the password isn't strong enough, reject it
if (zxcvbn.password_strength(data.passwd).get("score") <
MINIMUM_PASSWORD_STRENGTH):
return 'json:', dict(
success=False,
message=
_("Password provided is too weak. please add more characters, or include lowercase, uppercase, and special characters."
),
data=data)
user.password = data.passwd
user.save()
elif data.form == "addotp":
if isinstance(data.password, unicode):
data.password = data.password.encode('utf-8')
identifier = data.otp
client = yubico.Yubico(config['yubico.client'],
config['yubico.key'],
boolean(config.get('yubico.secure', False)))
if not User.password.check(user.password, data.password):
return 'json:', dict(success=False,
message=_("Password incorrect."),
data=data)
try:
status = client.verify(identifier, return_response=True)
except:
return 'json:', dict(success=False,
message=_("Failed to contact YubiCloud."),
data=data)
if not status:
return 'json:', dict(success=False,
message=_("Failed to verify key."),
data=data)
if not User.addOTP(user, identifier[:12]):
return 'json:', dict(success=False,
message=_("YubiKey already exists."),
data=data)
elif data.form == "removeotp":
identifier = data.otp
if not User.removeOTP(user, identifier[:12]):
return 'json:', dict(success=False,
message=_("YubiKey invalid."),
data=data)
elif data.form == "configureotp":
if isinstance(data.password, unicode):
data.password = data.password.encode('utf-8')
rotp = True if 'rotp' in data else False
if not User.password.check(user.password, data.password):
return 'json:', dict(success=False,
message=_("Password incorrect."),
data=data)
user.rotp = rotp
user.save()
#Handle the user attempting to delete their account
elif data.form == "deleteaccount":
if isinstance(data.passwd, unicode):
data.passwd = data.passwd.encode('utf-8')
#Make the user enter their username so they know what they're doing.
if not user.username == data.username.lower():
return 'json:', dict(success=False,
message=_("Username incorrect."),
data=data)
#Check whether the user's supplied password is correct
if not User.password.check(user.password, data.passwd):
return 'json:', dict(success=False,
message=_("Password incorrect."),
data=data)
#Make them type "delete" exactly
if not data.confirm == "delete":
return 'json:', dict(
success=False,
message=_(
"Delete was either misspelled or not lowercase."),
data=data)
#Delete the user account and then deauthenticate the browser session
log.info("User %s authorized the deletion of their account.", user)
user.delete()
deauthenticate()
#Redirect user to the root of the server instead of the settings page
return 'json:', dict(success=True, location="/")
#Handle the user attempting to change the email address associated with their account
elif data.form == "changeemail":
if isinstance(data.passwd, unicode):
data.passwd = data.passwd.encode('utf-8')
#Check whether the user's supplied password is correct
if not User.password.check(user.password, data.passwd):
return 'json:', dict(success=False,
message=_("Password incorrect."),
data=data)
#Check that the two provided email addresses match
if not data.newEmail.lower() == data.newEmailConfirm.lower():
return 'json:', dict(
success=False,
message=_("Provided email addresses do not match."),
data=data)
#Make sure that the provided email address is a valid form for an email address
v = EmailValidator()
email = data.newEmail
email, err = v.validate(email)
if err:
return 'json:', dict(
success=False,
message=_("Invalid email address provided."),
data=data)
#Make sure that the new email address is not already taken
count = User.objects.filter(**{
"email": data.newEmail.lower()
}).count()
if not count == 0:
return 'json:', dict(
success=False,
message=_("The email address provided is already taken."),
data=data)
#Change the email address in the database and catch any email validation exceptions that mongo throws
user.email = data.newEmail.lower()
try:
user.save()
except ValidationError:
return 'json:', dict(
success=False,
message=_("Invalid email address provided."),
data=data)
except NotUniqueError:
return 'json:', dict(
success=False,
message=_("The email address provided is already taken."),
data=data)
#Handle the user attempting to merge 2 accounts together
elif data.form == "mergeaccount":
if isinstance(data.passwd, unicode):
data.passwd = data.passwd.encode('utf-8')
if isinstance(data.passwd2, unicode):
data.passwd2 = data.passwd2.encode('utf-8')
#Make the user enter their username so they know what they're doing.
if user.username != data.username.lower(
) and user.username != data.username:
return 'json:', dict(success=False,
message=_("First username incorrect."),
data=data)
#Check whether the user's supplied password is correct
if not User.password.check(user.password, data.passwd):
return 'json:', dict(success=False,
message=_("First password incorrect."),
data=data)
#Make sure the user isn't trying to merge their account into itself.
if data.username.lower() == data.username2.lower():
return 'json:', dict(
success=False,
message=_("You can't merge an account into itself."),
data=data)
#Make the user enter the second username so we can get the User object they want merged in.
if not User.objects(
username=data.username2.lower()) and not User.objects(
username=data.username2):
return 'json:', dict(
success=False,
message=_("Unable to find user by second username."),
data=data)
other = User.objects(username=data.username2).first()
if not other:
other = User.objects(username=data.username2.lower()).first()
#Check whether the user's supplied password is correct
if not User.password.check(other.password, data.passwd2):
return 'json:', dict(success=False,
message=_("Second password incorrect."),
data=data)
#Make them type "merge" exactly
if data.confirm != "merge":
return 'json:', dict(
success=False,
message=_("Merge was either misspelled or not lowercase."),
data=data)
log.info("User %s merged account %s into %s.", user.username,
other.username, user.username)
user.merge(other)
#Redirect user to the root of the server instead of the settings page
return 'json:', dict(success=True, location="/")
else:
return 'json:', dict(success=False,
message=_("Form does not exist."),
location="/")
return 'json:', dict(success=True, location="/account/settings")
