def testEmail(self):
# Valid emails
email = '*****@*****.**'
self.assertTrue(User.isEmailValid(email), 'Misqualified valid email: ' + email)
email = '*****@*****.**'
self.assertTrue(User.isEmailValid(email), 'Misqualified valid email: ' + email)
email = '*****@*****.**'
self.assertTrue(User.isEmailValid(email), 'Misqualified valid email: ' + email)
# Invalid emails
email = 'ja\'*****@*****.**'
self.assertFalse(User.isEmailValid(email), 'Misqualified invalid email: ' + email)
email = 'ja\"*****@*****.**'
self.assertFalse(User.isEmailValid(email), 'Misqualified invalid email: ' + email)
email = ''
self.assertFalse(User.isEmailValid(email), 'Misqualified invalid email: ' + email)
email = ' '
self.assertFalse(User.isEmailValid(email), 'Misqualified invalid email: ' + email)
email = 'asd'
self.assertFalse(User.isEmailValid(email), 'Misqualified invalid email: ' + email)
email = "a'*****@*****.**"
self.assertFalse(User.isEmailValid(email), 'Misqualified invalid email: ' + email)
def __register(self, api):
""" Check incoming parameters and register user """
# Validate email
email = self.request.get(constants.VAR_NAME_EMAIL)
logging.info('User registering: ' + str(email))
if not User.isEmailValid(email) or User.isAlreadyRegistered(email):
logging.error('Email mismatched or already registered')
self.set_error(constants.STATUS_BAD_REQUEST,
self.gettext('REGISTER_ERROR'),
url=self.request.url)
return
# Validate password
password = self.request.get(constants.VAR_NAME_PASSWORD)
if not User.isPasswordValid(password):
logging.error('Invalid password')
self.set_error(constants.STATUS_BAD_REQUEST,
self.gettext('REGISTER_ERROR'),
url=self.request.url)
return
# Calculate password hash
salt_and_key = CryptoUtil.get_salt_and_key(password)
salt = salt_and_key[0]
key = salt_and_key[1]
# Create and store user object
user = User(key_name=email)
user.email = email.lower()
user.salt = salt
user.password = key
user.verified = False
user.put()
# Send email for verification
self.__send_verification(email)
if api == '':
# Display message
template_values = {
'message': self.gettext('PLEASE_CHECK_YOUR_EMAIL')
}
template = self.jinja2_env.get_template('staticmessage.html')
self.response.out.write(template.render(template_values))
self.ok()
def __login(self):
""" Validate incoming parameters and log in user if all is ok """
# Validate email and get user from db
email = self.request.get(constants.VAR_NAME_EMAIL)
logging.info('User logging in: ' + str(email))
if not User.isEmailValid(email) or not User.isAlreadyRegistered(email):
logging.error('Email mismatched or not registered')
self.set_error(constants.STATUS_BAD_REQUEST,
self.gettext('LOGIN_ERROR'), url=self.request.url)
return
user = User.getUser(email.lower())
# Calculate password hash
password = self.request.get(constants.VAR_NAME_PASSWORD)
if not User.isPasswordValid(password):
logging.error('Invalid password')
self.set_error(constants.STATUS_BAD_REQUEST,
self.gettext('LOGIN_ERROR'), url=self.request.url)
return
key = CryptoUtil.getKey(password, user.salt)
# Validate password
if not user.password == key:
logging.error('Incorrect password for email')
self.set_error(constants.STATUS_BAD_REQUEST,
self.gettext('LOGIN_ERROR'), url=self.request.url)
return
# Check remember me
remember_string = self.request.get('remember').lower()
remember = remember_string != '' and remember_string != 'false'
if remember:
token_id = LoginToken.generate_id()
token = LoginToken()
token.tokenid = token_id
token.ip = self.request.remote_addr
token.user = email
token.put()
cookie_value = token.get_cookie_value()
delta = timedelta(days=constants.PERSISTENT_LOGIN_LIFETIME_DAYS)
self.response.set_cookie(constants.PERSISTENT_LOGIN_NAME,
cookie_value,
expires=datetime.utcnow() + delta,
path="/", httponly=True, secure=True)
# Log in user
if user.verified:
user.login(self.request.remote_addr)
session = get_current_session()
url = session.pop(constants.VAR_NAME_REDIRECT)
if url is None:
url = "/"
self.ok(url)
else:
logging.error('User unverified')
self.set_error(constants.STATUS_FORBIDDEN,
self.gettext('UNVERIFIED_PRE') +
' <a href=\"/User/Verify">' +
self.gettext('UNVERIFIED_HERE') +
'</a> ' +
self.gettext('UNVERIFIED_POST'),
url=self.request.url)
return