def reset_continue(self): ''' Method that serves password reset page ''' user = self.request.matchdict.get('user') if self.check_csrf: token = self.request.session.get_csrf_token() else: token = '' if self.request.method == 'POST': # if turned on, check for csrf token if self.check_csrf and token != self.request.POST.get('token'): return {'status': False, 'msg': self.request._('csrf-mismatch', default='CSRF token did not match.', domain='pyramid_fullauth'), 'token': token} password = self.request.POST.get('password', None) password_confirm = self.request.POST.get('confirm_password', None) if password == password_confirm: try: self.request.registry.notify(BeforeReset(self.request, user)) validate_passsword(self.request, password, user) user.reset_key = None try: Session.query(AuthenticationProvider).filter( AuthenticationProvider.user_id == user.id, AuthenticationProvider.provider == u'email').one() except NoResultFound: user.providers.append( AuthenticationProvider(provider=u'email', provider_id=user.id)) Session.flush() except (ValidateError, AttributeError) as e: return {'status': False, 'msg': str(e), 'token': token} try: self.request.registry.notify(AfterReset(self.request, user)) except HTTPFound as redirect: return redirect else: return {'status': False, 'msg': self.request._('password-mismatch', default='Password doesn\'t match', domain='pyramid_fullauth'), 'token': token} return {'status': True, 'token': token}
def _fillin_user(self, response, user): """ Fill new user object in, with sent data. :param dict response: response to return from register view :param pyramid_fullauth.models.User user: new user object :returns: response :rtype: dict """ email = self.request.POST.get('email', text_type('')) # here if e-mail is already in database if pyramid_basemodel.Session.query(User).filter( User.email == email).count() != 0: response['errors']['email'] = self.request._( 'User with given e-mail already exists!', domain='pyramid_fullauth') try: try: user.email = email except ValidateError as e: # do not overwrite existing error if 'email' not in response['errors']: response['errors']['email'] = text_type(e) if self.config.register.password.require: try: tools.validate_passsword( self.request, self.request.POST.get('password', text_type('')), user) except ValidateError as e: response['errors']['password'] = text_type(e) else: user.password = tools.password_generator( self.config.register.password.length_min) self.request.registry.notify( BeforeRegister(self.request, user, response['errors'])) if not response['errors']: pyramid_basemodel.Session.add(user) pyramid_basemodel.Session.flush() # lets add AuthenticationProvider as email! user.providers.append( AuthenticationProvider(provider=text_type('email'), provider_id=user.id)) else: return response except AttributeError as e: response['errors']['msg'] = text_type(e) return response
def post(self): """Validate and possibly accept new email.""" user = self.request.matchdict.get("user") password = self.request.POST.get("password", None) password_confirm = self.request.POST.get("confirm_password", None) if password == password_confirm: try: self.request.registry.notify(BeforeReset(self.request, user)) validate_passsword(self.request, password, user) user.reset_key = None try: pyramid_basemodel.Session.query( AuthenticationProvider).filter( AuthenticationProvider.user_id == user.id, AuthenticationProvider.provider == "email", ).one() except NoResultFound: user.providers.append( AuthenticationProvider(provider="email", provider_id=user.id)) pyramid_basemodel.Session.flush() except (ValidateError, AttributeError) as ex: return { "status": False, "msg": str(ex), "csrf_token": self.request.session.get_csrf_token(), } try: self.request.registry.notify(AfterReset(self.request, user)) except HTTPRedirection as redirect: return redirect else: return { "status": False, "msg": self.request._( "password-mismatch", default="Password doesn't match", domain="pyramid_fullauth", ), "csrf_token": self.request.session.get_csrf_token(), } return self.get()
def _fillin_user(self, response, user): """ Fill new user object in, with sent data. :param dict response: response to return from register view :param pyramid_fullauth.models.User user: new user object :returns: response :rtype: dict """ email = self.request.POST.get('email', text_type('')) # here if e-mail is already in database if pyramid_basemodel.Session.query(User).filter(User.email == email).count() != 0: response['errors']['email'] = self.request._( 'User with given e-mail already exists!', domain='pyramid_fullauth') try: try: user.email = email except ValidateError as e: # do not overwrite existing error if 'email' not in response['errors']: response['errors']['email'] = text_type(e) if self.config.register.password.require: try: tools.validate_passsword(self.request, self.request.POST.get('password', text_type('')), user) except ValidateError as e: response['errors']['password'] = text_type(e) else: user.password = tools.password_generator( self.config.register.password.length_min) self.request.registry.notify(BeforeRegister(self.request, user, response['errors'])) if not response['errors']: pyramid_basemodel.Session.add(user) pyramid_basemodel.Session.flush() # lets add AuthenticationProvider as email! user.providers.append( AuthenticationProvider(provider=text_type('email'), provider_id=user.id)) else: return response except AttributeError as e: response['errors']['msg'] = text_type(e) return response
def post(self): """Validate and possibly accept new email.""" user = self.request.matchdict.get('user') password = self.request.POST.get('password', None) password_confirm = self.request.POST.get('confirm_password', None) if password == password_confirm: try: self.request.registry.notify(BeforeReset(self.request, user)) validate_passsword(self.request, password, user) user.reset_key = None try: pyramid_basemodel.Session.query( AuthenticationProvider).filter( AuthenticationProvider.user_id == user.id, AuthenticationProvider.provider == text_type( 'email')).one() except NoResultFound: user.providers.append( AuthenticationProvider(provider=text_type('email'), provider_id=user.id)) pyramid_basemodel.Session.flush() except (ValidateError, AttributeError) as e: return { 'status': False, 'msg': text_type(e), 'csrf_token': self.request.session.get_csrf_token() } try: self.request.registry.notify(AfterReset(self.request, user)) except HTTPRedirection as redirect: return redirect else: return { 'status': False, 'msg': self.request._('password-mismatch', default='Password doesn\'t match', domain='pyramid_fullauth'), 'csrf_token': self.request.session.get_csrf_token() } return self.get()
def post(self): """Validate and possibly accept new email.""" user = self.request.matchdict.get('user') password = self.request.POST.get('password', None) password_confirm = self.request.POST.get('confirm_password', None) if password == password_confirm: try: self.request.registry.notify(BeforeReset(self.request, user)) validate_passsword(self.request, password, user) user.reset_key = None try: pyramid_basemodel.Session.query(AuthenticationProvider).filter( AuthenticationProvider.user_id == user.id, AuthenticationProvider.provider == text_type('email') ).one() except NoResultFound: user.providers.append( AuthenticationProvider( provider=text_type('email'), provider_id=user.id ) ) pyramid_basemodel.Session.flush() except (ValidateError, AttributeError) as ex: return { 'status': False, 'msg': text_type(ex), 'csrf_token': self.request.session.get_csrf_token() } try: self.request.registry.notify(AfterReset(self.request, user)) except HTTPRedirection as redirect: return redirect else: return { 'status': False, 'msg': self.request._('password-mismatch', default='Password doesn\'t match', domain='pyramid_fullauth'), 'csrf_token': self.request.session.get_csrf_token() } return self.get()
def _set_password(self, password, user): """ Set password on a User object. :param str password: email address :param pyramid_fullauth.models.User user: user object :returns: error or None if no error occured. :rtype: str """ if self.config.register.password.require: try: tools.validate_passsword(self.request, password, user) except ValidateError as e: return text_type(e) else: user.password = tools.password_generator( self.config.register.password.length_min)
def _set_password(self, password, user): """ Set password on a User object. :param str password: email address :param pyramid_fullauth.models.User user: user object :returns: error or None if no error occured. :rtype: str """ if self.config.register.password.require: try: tools.validate_passsword(self.request, password, user) except ValidateError as ex: return text_type(ex) else: user.password = tools.password_generator( self.config.register.password.length_min ) return None
def test_raises_errors(self, web_request, password, exception): with pytest.raises(exception): validate_passsword(web_request, password)
def register_POST(self): ''' Process POST register request ''' invalid_fields = {} response_values = { 'status': False, 'msg': self.request._('You have an error in your registration form', domain='pyramid_fullauth'), 'csrf_token': self.request.session.get_csrf_token()} response_values['errors'] = invalid_fields email = self.request.POST.get('email', u'') # here if e-mail is already in database try: Session.query(User).filter(User.email == email).one() invalid_fields['email'] = self.request._('User with given e-mail already exists!', domain='pyramid_fullauth') except NoResultFound: pass try: user = User() try: user.email = email except ValidateError as e: # do not overwrite existing error if not 'email' in invalid_fields: invalid_fields['email'] = str(e) user.address_ip = self.request.remote_addr if self.request.config.fullauth.register.password.require: try: tools.validate_passsword(self.request, self.request.POST.get('password', u''), user) except ValidateError as e: invalid_fields['password'] = e.message else: user.password = tools.password_generator( self.request.config.fullauth.register.password.length_min) self.request.registry.notify(BeforeRegister(self.request, user, invalid_fields)) if not invalid_fields: Session.add(user) Session.flush() # lets add AuthenticationProvider as email! user.providers.append( AuthenticationProvider(provider=u'email', provider_id=user.id)) else: return response_values except AttributeError as e: invalid_fields['msg'] = str(e) return response_values response_values['status'] = True response_values['msg'] = self.request._('You have successfully registered', domain='pyramid_fullauth') try: self.request.registry.notify(AfterRegister(self.request, user, response_values)) except HTTPFound as redirect: return redirect return response_values
def test_raises_errors(web_request, password, exception): """Test validate_passsword possible exceptions.""" with pytest.raises(exception): validate_passsword(web_request, password)