def POST(self, a, arg1=0):
"""
Creates password recovery request, taking argument as user_id (default) or username
"""
try:
uid_type = json.loads(web.data()).get('uid_type','')
except ValueError:
uid_type = ''
token = hash_utils.random_hex()
web.header('Content-Type', 'application/json')
if uid_type == 'username':
user_email = users_model().request_password(token, users_model.get_user_id(arg1))
elif uid_type == 'user_id' or 'uid_type' == '':
user_email = users_model().request_password(token, int(arg1))
else:
return json.dumps(
{
'success': False,
'messages': ['Unknown uid type']
}
)
if user_email == '':
return json.dumps(
{
'success': False,
'messages': ['User not found']
}
)
try:
web.config.smtp_server = 'smtp.gmail.com'
web.config.smtp_port = 587
web.config.smtp_username = '******'
web.config.smtp_password = '******'
web.config.smtp_starttls = True
web.sendmail('*****@*****.**', user_email, 'Password recovery',
'http://' + web.ctx.host + web.ctx.homepath + '/password?token=' + token)
return json.dumps(
{
'success': True,
'messages': ['Password recovery email sent']
}
)
except Exception:
return json.dumps(
{
'success': False,
'messages': ['Server error']
}
)
def PUT(self):
"""
Changes password for specified user_id
"""
payload = json.loads(web.data())
user_model = users_model()
web.header('Content-Type', 'application/json')
if context.user_id() > 0:
user_id = context.user_id()
else:
token_user_id = user_model.password_recovery_user(
payload.get('token', ''))
if token_user_id > 0:
user_id = token_user_id
else:
return json.dumps({
'success': False,
'messages': ['Unauthorized request']
})
if user_model.update_password(user_id, payload['password']):
# TODO if token used, invalidate token
if payload.get('autologin',
False) and context.user_id() != user_id:
# Auto-login user whose password's changed.
users_model.session_login(user_id)
return json.dumps({
'success': True,
'messages': ['Password changed']
})
return json.dumps({'success': False, 'messages': ['Database error']})
def POST(self, arg1=0):
"""
Creates password recovery request, taking argument as user_id (default) or username
"""
try:
uid_type = json.loads(web.data()).get('uid_type', '')
except ValueError:
uid_type = ''
token = hash_utils.random_hex()
web.header('Content-Type', 'application/json')
if uid_type == 'username':
user_email = users_model().request_password(
token, users_model.get_user_id(arg1))
elif uid_type == 'user_id' or 'uid_type' == '':
user_email = users_model().request_password(token, int(arg1))
else:
return json.dumps({
'success': False,
'messages': ['Unknown uid type']
})
if user_email == '':
return json.dumps({
'success': False,
'messages': ['User not found']
})
web.config.smtp_server = 'smtp.gmail.com'
web.config.smtp_port = 587
web.config.smtp_username = '******'
web.config.smtp_password = '******'
web.config.smtp_starttls = True
web.sendmail(
'*****@*****.**', user_email, 'Password recovery',
'http://' + web.ctx.host + web.ctx.homepath +
'/#password_change_page?token=' + token)
return json.dumps({
'success': True,
'messages': ['Password recovery email sent']
})
def GET(self):
user_id = context.user_id()
if user_id > 0:
return render.password_change(user_id, '')
token = web.input().get('token','')
user_id = users_model().password_recovery_user(token)
if user_id == 0:
return render.password_recover()
else:
return render.password_change(user_id, token)
def PUT(self, username=''):
"""
Stores user details into database.
And, if needed, populates tables for first-time user
"""
payload = json.loads(web.data())
password = payload.get('password')
email = payload.get('email')
web.header('Content-Type', 'application/json')
if password is None or email is None or username == '' or email == '':
return json.dumps(
{
'success': False,
'messages': ['Username/email/password cannot be empty']
}
)
user_id = users_model().register(username, password, email)
if user_id == 0:
return json.dumps(
{
'success': False,
'messages': ['User already exists']
}
)
elif user_id > 0:
if payload.get('autologin', False):
users_model.session_login(user_id)
web.ctx.status = '201 Created'
policies_model.populate_policies(user_id, start_date)
score_model.insert_score(user_id, 1, 1, start_date)
score_model.insert_score(user_id, 2, 1, start_date)
return json.dumps(
{
'success': True,
'messages': ['Successfully registered.']
}
)
else:
return json.dumps(
{
'success': False,
'messages': ['Database error']
}
)
def PUT(self, a, arg1=0):
"""
Changes password for specified user_id
"""
user_id = int(arg1)
payload = json.loads(web.data())
user_model = users_model()
web.header('Content-Type', 'application/json')
if not (user_id > 0):
return json.dumps(
{
'success': False,
'messages': ['Invalid user_id specified']
}
)
if user_id == context.user_id() or user_id == user_model.password_recovery_user(payload.get('token', '')):
if user_model.update_password(user_id, payload['password']):
if payload.get('autologin', False) and context.user_id() != user_id:
# Auto-login user whose password's changed.
users_model.session_login(user_id)
return json.dumps(
{
'success': True,
'messages': ['Password changed']
}
)
return json.dumps(
{
'success': False,
'messages': ['Database error']
}
)
return json.dumps(
{
'success': False,
'messages': ['Unauthorized request']
}
)
def PUT(self):
"""
Changes password for specified user_id
"""
payload = json.loads(web.data())
user_model = users_model()
web.header('Content-Type', 'application/json')
if context.user_id() > 0:
user_id = context.user_id()
else:
token_user_id = user_model.password_recovery_user(payload.get('token', ''))
if token_user_id > 0:
user_id = token_user_id
else:
return json.dumps(
{
'success': False,
'messages': ['Unauthorized request']
}
)
if user_model.update_password(user_id, payload['password']):
# TODO if token used, invalidate token
if payload.get('autologin', False) and context.user_id() != user_id:
# Auto-login user whose password's changed.
users_model.session_login(user_id)
return json.dumps(
{
'success': True,
'messages': ['Password changed']
}
)
return json.dumps(
{
'success': False,
'messages': ['Database error']
}
)
def PUT(self, username=''):
"""
Stores user details into database.
And, if needed, populates tables for first-time user
"""
payload = json.loads(web.data())
password = payload.get('password')
email = payload.get('email')
web.header('Content-Type', 'application/json')
if password is None or email is None or username == '' or email == '':
return json.dumps({
'success':
False,
'messages': ['Username/email/password cannot be empty']
})
user_id = users_model().register(username, password, email)
if user_id == 0:
return json.dumps({
'success': False,
'messages': ['User already exists']
})
elif user_id > 0:
if payload.get('autologin', False):
users_model.session_login(user_id)
web.ctx.status = '201 Created'
policies_model.populate_policies(user_id, start_date)
score_model.insert_score(user_id, 1, 1, start_date)
score_model.insert_score(user_id, 2, 1, start_date)
return json.dumps({
'success': True,
'messages': ['Successfully registered.']
})
else:
return json.dumps({
'success': False,
'messages': ['Database error']
})
