def reset_continue(self):
'''
Method that serves password reset page
'''
user = self.request.matchdict.get('user')
if self.check_csrf:
token = self.request.session.get_csrf_token()
else:
token = ''
if self.request.method == 'POST':
# if turned on, check for csrf token
if self.check_csrf and token != self.request.POST.get('token'):
return {'status': False,
'msg': self.request._('csrf-mismatch',
default='CSRF token did not match.',
domain='pyramid_fullauth'),
'token': token}
password = self.request.POST.get('password', None)
password_confirm = self.request.POST.get('confirm_password', None)
if password == password_confirm:
try:
self.request.registry.notify(BeforeReset(self.request, user))
validate_passsword(self.request, password, user)
user.reset_key = None
try:
Session.query(AuthenticationProvider).filter(
AuthenticationProvider.user_id == user.id,
AuthenticationProvider.provider == u'email').one()
except NoResultFound:
user.providers.append(
AuthenticationProvider(provider=u'email',
provider_id=user.id))
Session.flush()
except (ValidateError, AttributeError) as e:
return {'status': False, 'msg': str(e), 'token': token}
try:
self.request.registry.notify(AfterReset(self.request, user))
except HTTPFound as redirect:
return redirect
else:
return {'status': False,
'msg': self.request._('password-mismatch',
default='Password doesn\'t match',
domain='pyramid_fullauth'),
'token': token}
return {'status': True, 'token': token}
def _fillin_user(self, response, user):
"""
Fill new user object in, with sent data.
:param dict response: response to return from register view
:param pyramid_fullauth.models.User user: new user object
:returns: response
:rtype: dict
"""
email = self.request.POST.get('email', text_type(''))
# here if e-mail is already in database
if pyramid_basemodel.Session.query(User).filter(
User.email == email).count() != 0:
response['errors']['email'] = self.request._(
'User with given e-mail already exists!',
domain='pyramid_fullauth')
try:
try:
user.email = email
except ValidateError as e:
# do not overwrite existing error
if 'email' not in response['errors']:
response['errors']['email'] = text_type(e)
if self.config.register.password.require:
try:
tools.validate_passsword(
self.request,
self.request.POST.get('password', text_type('')), user)
except ValidateError as e:
response['errors']['password'] = text_type(e)
else:
user.password = tools.password_generator(
self.config.register.password.length_min)
self.request.registry.notify(
BeforeRegister(self.request, user, response['errors']))
if not response['errors']:
pyramid_basemodel.Session.add(user)
pyramid_basemodel.Session.flush()
# lets add AuthenticationProvider as email!
user.providers.append(
AuthenticationProvider(provider=text_type('email'),
provider_id=user.id))
else:
return response
except AttributeError as e:
response['errors']['msg'] = text_type(e)
return response
def post(self):
"""Validate and possibly accept new email."""
user = self.request.matchdict.get("user")
password = self.request.POST.get("password", None)
password_confirm = self.request.POST.get("confirm_password", None)
if password == password_confirm:
try:
self.request.registry.notify(BeforeReset(self.request, user))
validate_passsword(self.request, password, user)
user.reset_key = None
try:
pyramid_basemodel.Session.query(
AuthenticationProvider).filter(
AuthenticationProvider.user_id == user.id,
AuthenticationProvider.provider == "email",
).one()
except NoResultFound:
user.providers.append(
AuthenticationProvider(provider="email",
provider_id=user.id))
pyramid_basemodel.Session.flush()
except (ValidateError, AttributeError) as ex:
return {
"status": False,
"msg": str(ex),
"csrf_token": self.request.session.get_csrf_token(),
}
try:
self.request.registry.notify(AfterReset(self.request, user))
except HTTPRedirection as redirect:
return redirect
else:
return {
"status":
False,
"msg":
self.request._(
"password-mismatch",
default="Password doesn't match",
domain="pyramid_fullauth",
),
"csrf_token":
self.request.session.get_csrf_token(),
}
return self.get()
def _fillin_user(self, response, user):
"""
Fill new user object in, with sent data.
:param dict response: response to return from register view
:param pyramid_fullauth.models.User user: new user object
:returns: response
:rtype: dict
"""
email = self.request.POST.get('email', text_type(''))
# here if e-mail is already in database
if pyramid_basemodel.Session.query(User).filter(User.email == email).count() != 0:
response['errors']['email'] = self.request._(
'User with given e-mail already exists!',
domain='pyramid_fullauth')
try:
try:
user.email = email
except ValidateError as e:
# do not overwrite existing error
if 'email' not in response['errors']:
response['errors']['email'] = text_type(e)
if self.config.register.password.require:
try:
tools.validate_passsword(self.request,
self.request.POST.get('password', text_type('')),
user)
except ValidateError as e:
response['errors']['password'] = text_type(e)
else:
user.password = tools.password_generator(
self.config.register.password.length_min)
self.request.registry.notify(BeforeRegister(self.request, user, response['errors']))
if not response['errors']:
pyramid_basemodel.Session.add(user)
pyramid_basemodel.Session.flush()
# lets add AuthenticationProvider as email!
user.providers.append(
AuthenticationProvider(provider=text_type('email'), provider_id=user.id))
else:
return response
except AttributeError as e:
response['errors']['msg'] = text_type(e)
return response
def post(self):
"""Validate and possibly accept new email."""
user = self.request.matchdict.get('user')
password = self.request.POST.get('password', None)
password_confirm = self.request.POST.get('confirm_password', None)
if password == password_confirm:
try:
self.request.registry.notify(BeforeReset(self.request, user))
validate_passsword(self.request, password, user)
user.reset_key = None
try:
pyramid_basemodel.Session.query(
AuthenticationProvider).filter(
AuthenticationProvider.user_id == user.id,
AuthenticationProvider.provider == text_type(
'email')).one()
except NoResultFound:
user.providers.append(
AuthenticationProvider(provider=text_type('email'),
provider_id=user.id))
pyramid_basemodel.Session.flush()
except (ValidateError, AttributeError) as e:
return {
'status': False,
'msg': text_type(e),
'csrf_token': self.request.session.get_csrf_token()
}
try:
self.request.registry.notify(AfterReset(self.request, user))
except HTTPRedirection as redirect:
return redirect
else:
return {
'status':
False,
'msg':
self.request._('password-mismatch',
default='Password doesn\'t match',
domain='pyramid_fullauth'),
'csrf_token':
self.request.session.get_csrf_token()
}
return self.get()
def post(self):
"""Validate and possibly accept new email."""
user = self.request.matchdict.get('user')
password = self.request.POST.get('password', None)
password_confirm = self.request.POST.get('confirm_password', None)
if password == password_confirm:
try:
self.request.registry.notify(BeforeReset(self.request, user))
validate_passsword(self.request, password, user)
user.reset_key = None
try:
pyramid_basemodel.Session.query(AuthenticationProvider).filter(
AuthenticationProvider.user_id == user.id,
AuthenticationProvider.provider == text_type('email')
).one()
except NoResultFound:
user.providers.append(
AuthenticationProvider(
provider=text_type('email'),
provider_id=user.id
)
)
pyramid_basemodel.Session.flush()
except (ValidateError, AttributeError) as ex:
return {
'status': False,
'msg': text_type(ex),
'csrf_token': self.request.session.get_csrf_token()
}
try:
self.request.registry.notify(AfterReset(self.request, user))
except HTTPRedirection as redirect:
return redirect
else:
return {
'status': False,
'msg': self.request._('password-mismatch',
default='Password doesn\'t match',
domain='pyramid_fullauth'),
'csrf_token': self.request.session.get_csrf_token()
}
return self.get()
def _set_password(self, password, user):
"""
Set password on a User object.
:param str password: email address
:param pyramid_fullauth.models.User user: user object
:returns: error or None if no error occured.
:rtype: str
"""
if self.config.register.password.require:
try:
tools.validate_passsword(self.request, password, user)
except ValidateError as e:
return text_type(e)
else:
user.password = tools.password_generator(
self.config.register.password.length_min)
def _set_password(self, password, user):
"""
Set password on a User object.
:param str password: email address
:param pyramid_fullauth.models.User user: user object
:returns: error or None if no error occured.
:rtype: str
"""
if self.config.register.password.require:
try:
tools.validate_passsword(self.request, password, user)
except ValidateError as ex:
return text_type(ex)
else:
user.password = tools.password_generator(
self.config.register.password.length_min
)
return None
def test_raises_errors(self, web_request, password, exception):
with pytest.raises(exception):
validate_passsword(web_request, password)
def register_POST(self):
'''
Process POST register request
'''
invalid_fields = {}
response_values = {
'status': False,
'msg': self.request._('You have an error in your registration form',
domain='pyramid_fullauth'),
'csrf_token': self.request.session.get_csrf_token()}
response_values['errors'] = invalid_fields
email = self.request.POST.get('email', u'')
# here if e-mail is already in database
try:
Session.query(User).filter(User.email == email).one()
invalid_fields['email'] = self.request._('User with given e-mail already exists!',
domain='pyramid_fullauth')
except NoResultFound:
pass
try:
user = User()
try:
user.email = email
except ValidateError as e:
# do not overwrite existing error
if not 'email' in invalid_fields:
invalid_fields['email'] = str(e)
user.address_ip = self.request.remote_addr
if self.request.config.fullauth.register.password.require:
try:
tools.validate_passsword(self.request,
self.request.POST.get('password', u''),
user)
except ValidateError as e:
invalid_fields['password'] = e.message
else:
user.password = tools.password_generator(
self.request.config.fullauth.register.password.length_min)
self.request.registry.notify(BeforeRegister(self.request, user, invalid_fields))
if not invalid_fields:
Session.add(user)
Session.flush()
# lets add AuthenticationProvider as email!
user.providers.append(
AuthenticationProvider(provider=u'email', provider_id=user.id))
else:
return response_values
except AttributeError as e:
invalid_fields['msg'] = str(e)
return response_values
response_values['status'] = True
response_values['msg'] = self.request._('You have successfully registered',
domain='pyramid_fullauth')
try:
self.request.registry.notify(AfterRegister(self.request, user, response_values))
except HTTPFound as redirect:
return redirect
return response_values
def test_raises_errors(web_request, password, exception):
"""Test validate_passsword possible exceptions."""
with pytest.raises(exception):
validate_passsword(web_request, password)
def test_raises_errors(web_request, password, exception):
"""Test validate_passsword possible exceptions."""
with pytest.raises(exception):
validate_passsword(web_request, password)
