def post(self) -> Any: if self.ip_limiter.exceeded(self.request.remote_addr): return HTTPTooManyRequests() email = User.normalize_email(self.request.params.get("email")) if self.email_limiter.exceeded(email): return HTTPTooManyRequests() # Will usually be prevented by the browser (required) if not email: return self.invalid_email(email=email, reason="missing_email") # Will usually be prevented by the browser (type=email) if not User.email_is_well_formed(email): return self.invalid_email(email=email, reason="incorrect_email") # Will NOT be prevented by the browser (pattern=... is clumsy) if not User.email_is_allowed(email): return self.invalid_email(email=email, reason="incorrect_domain") token = self.create_auth_token(email) self.send_auth_token_email(token=token, email=email) self.log_successful_token_request(email) return HTTPFound( location=self.request.route_url("email_sent", _query={"email": email}) )
def post(self) -> Response: email_pattern = self.request.POST["email_pattern"] or "" if not email_pattern: self.request.session.flash( Message(cls="error", text="Veuillez saisir un courriel ou modèle.")) return HTTPFound(location=self.request.resource_url(self.context)) allowed_email_pattern = ( DBSession.query(AllowedEmailPattern).filter_by( pattern=email_pattern).first()) if allowed_email_pattern: self.request.session.flash( Message(cls="warning", text="Cette adresse de courriel existe déjà.")) return HTTPFound(location=self.request.resource_url(self.context)) if User.email_is_allowed(email_pattern): self.request.session.flash( Message(cls="warning", text="Cette adresse de courriel est déjà acceptée.")) return HTTPFound(location=self.request.resource_url(self.context)) WhitelistAdd.create(email_pattern=email_pattern, comment=None, request=self.request) self.request.session.flash( Message( cls="success", text=("Adresse de courriel ou modèle créé(e) avec succès."), )) return HTTPFound(location=self.request.resource_url(self.context))
def _is_email_valid(email: str) -> bool: return User.email_is_well_formed(email) and User.email_is_allowed(email)