def adduser(username, password, email, superuser, verified):
"""
Adds a user to the registry.
"""
if not username:
username = input('Username? ')
if models.User.objects(name=username).first():
print('User {} already exists'.format(username))
return 1
if not password:
password = input('Password? ')
if input('Confirm Password? ') != password:
print('passwords do not match')
if not email:
email = input('Email? ')
if models.User.objects(email=email).first():
print('Email {} already in use'.format(email))
return 1
user = models.User(username, models.hash_password(password), email,
superuser=superuser, validated=verified)
user.save()
print('User created.')
def post(self):
session = Session()
args = user_put_args.parse_args()
exist = User(username=args['username'],
password=hash_password(args['password']))
session.add(exist)
session.commit()
return exist, 201
def put(self):
session = Session()
args = user_update_args.parse_args()
# result = session.query(User).filter_by(id=user_id).first()
exist = auth.current_user()
if not exist:
abort(404, message="User doesn't exist, cannot update")
if args['username']:
exist.username = args['username']
if args['password']:
exist.password = hash_password(args['password'])
exist = session.merge(exist)
session.add(exist)
session.commit()
return exist
def post(self):
username = request.form.get('username')
password = request.form.get('password')
email = request.form.get('email')
if not username or len(username) < 3 or len(username) > 24:
return bad_requests('No or invalid username specified')
if not password or len(password) < 6 or len(password) > 64:
return bad_requests('No or invalid password specified')
if not email or len(email) < 4 or len(email) > 64:
return bad_requests('No or invalid email specified')
user = User.objects(name=username).first()
if user:
return bad_request('User "{}" already exists'.format(username))
if User.objects(email=email).first():
return bad_request('Email "{}" is already in use'.format(email))
# TODO: Validate that `email` is a valid email address.
if not config.accept_registrations:
return bad_request('New user registrations are currently not accepted. '
'Talk to the registry admin to manually create an account for you.')
# Create the new user object.
user = User(name=username, passhash=models.hash_password(password),
email=email, validation_token=None, validated=False)
if not config.require_email_verification:
user.validated = True
else:
try:
user.send_validation_mail()
except ConnectionRefusedError as exc:
app.logger.exception(exc)
return service_unavailable('Verification e-mail could not be sent, '
'the server\'s email settings may not be configured properly.')
user.save()
message = 'User registered successfully.'
if not user.validated:
message += ' Please check your inbox (and spam folder) for a verification e-mail.'
if app.debug and not user.validated:
message += ' DEBUG: Verify URL: {}'.format(user.get_validation_url())
return {'message': message}
async def register(request):
"""
Validate form, register and authenticate user with JWT token
"""
results = await User.all()
data = await request.form()
form = RegistrationForm(data)
username = form.username.data
email = form.email.data
password = form.password.data
if request.method == "POST" and form.validate():
for result in results:
if email == result.email or username == result.username:
user_error = "User with that email or username already exists."
return templates.TemplateResponse(
"accounts/register.html",
{
"request": request,
"form": form,
"user_error": user_error
},
)
query = User(
username=username,
email=email,
joined=datetime.datetime.now(),
last_login=datetime.datetime.now(),
login_count=1,
password=hash_password(password),
)
await query.save()
user_query = await User.get(username=username)
hashed_password = user_query.password
valid_password = check_password(password, hashed_password)
response = RedirectResponse(url="/", status_code=302)
if valid_password:
response.set_cookie("jwt",
generate_jwt(user_query.username),
httponly=True)
response.set_cookie("admin", ADMIN, httponly=True)
return response
return templates.TemplateResponse("accounts/register.html", {
"request": request,
"form": form
})
def settings():
user = User.selectBy(username=request.username).getOne(None)
if not user:
abort(403)
errors = {
'password_error': '',
'color_error': '',
'general_error': '',
}
if request.method == 'POST':
print 'settings!'
updates = {}
old_password = request.POST.get('old_password', '')
new_password = request.POST.get('new_password', '')
# password
if old_password or new_password:
if not user.check_password(old_password):
errors['password_error'] = 'Incorrect password'
else:
updates['password'] = hash_password(new_password)
# color
color = request.POST.get('color', '')
if color:
try:
if len(color) == 6 and (int(color, 16) or color == '000000'):
updates['color'] = color.lower()
else:
errors['color_error'] = 'A 6 digit hex number is required'
except ValueError:
errors['color_error'] = 'Not a valid hexidecimal number'
print updates
if updates:
user.set(**updates)
return context(user=user, **errors)
def login(self):
login_url = self.request.route_url("login")
referrer = self.request.url
if referrer == login_url:
referrer = '/' # never use the login form itself as came_from
came_from = self.request.params.get('came_from', referrer)
message = ''
username = ''
password = ''
form = LoginView.Form(self.request.POST)
if self.request.method == 'POST' and form.validate():
username = form.username.data
password = hash_password(form.password.data)
if User.exist(username) and User.by_username(username).password == password:
headers = remember(self.request, username)
return HTTPFound(location=came_from, headers=headers)
message = "Failed login"
return dict(
message=message,
url=self.request.route_url('login'),
came_from=came_from,
form=form,
logged_in=authenticated_userid(self.request),
)
def test_password_hashing(self):
u = User(username='******')
u.set_password('cat')
self.assertFalse(u.check_password(hash_password('dog')))
self.assertTrue(u.check_password(hash_password('cat')))
def hash_pw(username, password): return models.hash_password(password)
