def account_deletion_request(self, delete_posts=False):
token_type = 'accountdelete'
if delete_posts:
token_type = 'accountandpostsdelete'
# if the user has an email, create an email verify token, send it to the email address
tokenEntity = EnkiModelTokenVerify.get_by_user_id_email_type(
self.enki_user.key.id(), self.enki_user.email, token_type)
if tokenEntity:
# if a verify token for the same new email address and user already exists, use its token
token = tokenEntity.token
else:
# otherwise create a new token
token = security.generate_random_string(entropy=256)
delete_account_token = EnkiModelTokenVerify(
token=token,
user_id=self.enki_user.key.id(),
email=self.enki_user.email,
type=token_type)
delete_account_token.put()
link = enki.libutil.get_local_url(
'accountdeleteconfirm',
{'verifytoken': delete_account_token.token})
delete_posts_message = ''
if delete_posts:
self.send_email(self.enki_user.email,
MSG.SEND_EMAIL_ACCOUT_POSTS_DELETE_SUBJECT(),
MSG.SEND_EMAIL_ACCOUT_POSTS_DELETE_BODY(link))
else:
self.send_email(self.enki_user.email,
MSG.SEND_EMAIL_ACCOUT_DELETE_SUBJECT(),
MSG.SEND_EMAIL_ACCOUT_DELETE_BODY(link))
def post(self):
url = settings.URL_PURCHASE_FASTSPRING
# ------
# Requires enkiDL
if self.request.get('download'):
ref_url = enki.libutil.get_local_url('store')
self.session['sessionrefpath'] = ref_url
url_fetcher = ''
if settings.URLS_ENKIDL:
# shuffle then try to download from locations in sequence
random.shuffle(settings.URLS_ENKIDL)
for i in range(len(settings.URLS_ENKIDL)):
url_enkiDL = settings.URLS_ENKIDL[i]
item_to_download = 'product_a'
url_fetcher = enki.libenkiDL.URLFetcher()
url_fetcher.get_download_URL(url_enkiDL,
settings.SECRET_ENKIDL,
item_to_download,
self.request.remote_addr)
if not url_fetcher.error:
enki.modelcounter.increment('downloads_product_a')
break
if url_fetcher and url_fetcher.error:
self.response.status_int = 500
self.add_infomessage(MSG.WARNING(), MSG.DOWNLOAD_ERROR())
self.redirect('info')
return
url = url_fetcher.download_url
else:
self.add_infomessage(MSG.WARNING(), MSG.DOWNLOAD_ERROR())
self.redirect('info')
return
# -------
else:
if not settings.SECRET_FASTSPRING or enki.libutil.is_debug(
) or settings.ENKI_EMULATE_STORE:
url = enki.libutil.get_local_url('storeemulatefastspring')
else:
enki.modelcounter.increment('purchases_product_a')
if self.is_logged_in():
purchaser_user_id = self.enki_user.key.id()
token = security.generate_random_string(entropy=256)
token_purchase = EnkiModelTokenVerify(
token=token,
user_id=purchaser_user_id,
type='purchasebyuser')
token_purchase.put()
url += '?referrer=' + token_purchase.token.encode('utf-8')
self.redirect(url)
def post(self):
url = settings.URL_PURCHASE_FASTSPRING
if not settings.SECRET_FASTSPRING or enki.libutil.is_debug(
) or settings.ENKI_EMULATE_STORE:
url = enki.libutil.get_local_url('storeemulatefastspring')
if self.is_logged_in():
purchaser_user_id = self.enki_user.key.id()
token = security.generate_random_string(entropy=256)
token_purchase = EnkiModelTokenVerify(token=token,
user_id=purchaser_user_id,
type='purchasebyuser')
token_purchase.put()
url = enki.libutil.get_local_url(
'storeemulatefastspring', {'referrer': token_purchase.token})
self.redirect(url)
def password_change_request(self, email):
if EnkiModelUser.exist_by_email(email):
# create an email verify token, send it to the email address
token = security.generate_random_string(entropy=256)
emailToken = EnkiModelTokenVerify(token=token,
email=email,
type='passwordchange')
emailToken.put()
link = enki.libutil.get_local_url(
'passwordrecoverconfirm', {'verifytoken': emailToken.token})
self.send_email(email, MSG.SEND_EMAIL_PASSWORD_RESET_SUBJECT(),
MSG.SEND_EMAIL_PASSWORD_RESET_BODY(link))
result = enki.libutil.ENKILIB_OK
else:
result = self.ERROR_EMAIL_NOT_EXIST
return result
def email_set_request(self, email):
# request the creation of a new account based on an email address
result = enki.libutil.ENKILIB_OK
if EnkiModelUser.exist_by_email(email):
result = self.ERROR_EMAIL_IN_USE
else:
# create an email verify token, send it to the email address
token = security.generate_random_string(entropy=256)
emailToken = EnkiModelTokenVerify(token=token,
email=email,
type='register')
emailToken.put()
link = enki.libutil.get_local_url(
'registerconfirm', {'verifytoken': emailToken.token})
self.send_email(email, MSG.SEND_EMAIL_REGISTER_CONFIRM_SUBJECT(),
MSG.SEND_EMAIL_REGISTER_CONFIRM_BODY(link))
return result
def post_reauthenticated(self, params):
register = params.get('register')
deregister = params.get('deregister')
if register: # initiate adding a new authentication method to the account
for authhandler in settings.HANDLERS:
if register == authhandler.get_provider_name():
token = security.generate_random_string(entropy=256)
LoginAddToken = EnkiModelTokenVerify(
token=token,
user_id=self.user_id,
auth_ids_provider=register,
type='loginaddconfirm_1')
LoginAddToken.put()
self.redirect(authhandler.get_button().href)
break
elif deregister:
self.remove_auth_id(deregister)
self.add_infomessage('success', MSG.SUCCESS(),
MSG.AUTH_PROVIDER_REMOVED(deregister))
self.redirect(enki.libutil.get_local_url('accountconnect'))
def provider_authenticated_callback(self, loginInfo):
# We expect the fields of the dictionary to be:
# - 'provider_name' unique 'pretty' provider name (e.g. google, facebook,...)
# - 'provider_uid' provider specific (a.k.a "locally unique") user Id, i.e unique to the provider (e.g. the google user id number)
# - 'email'
# - 'email_verified'
# We IGNORE: username, gender (facebook), avatar link, etc.
# get the verified email from the auth provider
email = None
if loginInfo['email'] and loginInfo['email_verified'] == True:
email = loginInfo['email']
# get the authId from the auth provider
auth_id = loginInfo['provider_name'] + ':' + loginInfo['provider_uid']
if auth_id:
# Modify existing or create user
# check if it's an add login method request
LoginAddToken = EnkiModelTokenVerify.get_by_user_id_state_type(
self.user_id, loginInfo['provider_name'], 'loginaddconfirm_1')
if LoginAddToken:
# Add a login method
if not EnkiModelUser.exist_by_auth_id(auth_id):
# store the new auth prov + id in the session
LoginAddToken.state = auth_id
LoginAddToken.type = 'loginaddconfirm_2'
LoginAddToken.put()
self.redirect(
enki.libutil.get_local_url('loginaddconfirm'))
else:
self.add_infomessage(
MSG.INFORMATION(),
MSG.AUTH_PROVIDER_CANNOT_BE_ADDED(str(auth_id)))
self.redirect(enki.libutil.get_local_url('accountconnect'))
return
else:
user = self.get_user_from_authid(auth_id, email)
if user:
# Existing authentication method / user
if self.is_logged_in() and self.user_id == user.key.id():
# Refresh the reauthenticated status
self.session['reauth_time'] = datetime.datetime.now()
self.add_infomessage(MSG.SUCCESS(),
MSG.REAUTHENTICATED())
self.redirect_to_relevant_page()
return
# Login
self.log_in_session_token_create(user)
self.add_infomessage(MSG.SUCCESS(), MSG.LOGGED_IN())
self.redirect_to_relevant_page()
else:
# New authentication method
register_token = EnkiModelTokenVerify.get_by_state_type(
auth_id, 'register')
if register_token:
# If a token already exists, get the token value and update the email
token = register_token.token
register_token.email = email # update in case the user changed their email or modified their email access permission
else:
# Create a new token
token = security.generate_random_string(entropy=256)
register_token = EnkiModelTokenVerify(token=token,
email=email,
state=auth_id,
type='register')
register_token.put()
self.session['tokenregisterauth'] = token
if EnkiModelUser.exist_by_email(email):
self.redirect(
enki.libutil.get_local_url(
'registeroauthwithexistingemail'))
else:
self.redirect(
enki.libutil.get_local_url('registeroauthconfirm'))
else:
self.redirect_to_relevant_page()
def email_change_request(self, email):
# request an email address to be modified. Create a rollback option.
result = 'cannot_remove'
emailCurrent = self.enki_user.email
userId = self.enki_user.key.id()
if email != '' and EnkiModelUser.exist_by_email(email):
# if the new email matches an existing verified user email, reject it
if emailCurrent == email:
result = 'same'
else:
result = self.ERROR_EMAIL_IN_USE
# Note: send an email to emailcurrent regardless to prevent email checking (see below)
else:
if email == '':
# if the user erased the email, and they can log in through auth, store "removed" in the email field, so it isn't overwritten by an auth login with a verified email
if self.enki_user.auth_ids_provider:
self.enki_user.email = 'removed'
self.enki_user.put()
result = 'removed'
else:
return result
else:
# email the new, unverified address with a link to allow the user to verify the email
tokenEntity = EnkiModelTokenVerify.get_by_user_id_email_type(
userId, email, 'emailchange')
if tokenEntity:
# if a verify token for the same new email address and user already exists, use its token
token = tokenEntity.token
else:
# otherwise create a new token
token = security.generate_random_string(entropy=256)
emailToken = EnkiModelTokenVerify(token=token,
email=email,
user_id=userId,
type='emailchange')
emailToken.put()
link = enki.libutil.get_local_url('emailchangeconfirm',
{'verifytoken': token})
self.send_email(
email, MSG.SEND_EMAIL_EMAIL_CHANGE_CONFIRM_SUBJECT(),
MSG.SEND_EMAIL_EMAIL_CHANGE_CONFIRM_BODY(link, email))
result = 'change'
if emailCurrent and emailCurrent != 'removed' and result != 'same':
# email the current, verified address in case they want to undo the change (useful if account has been hacked)
# skip this step if the current email is empty (case if user logged in with auth id without email with e.g. Steam) or "removed".
# If the email is already in use, mask the fact to prevent email checking.
tokenEntity = EnkiModelTokenEmailRollback.get_by_user_id_email(
userId, emailCurrent)
if tokenEntity:
# if the old email is already in the archive, use its token
token = tokenEntity.token
else:
# otherwise create a new token
token = security.generate_random_string(entropy=256)
emailOldToken = EnkiModelTokenEmailRollback(token=token,
email=emailCurrent,
user_id=userId)
emailOldToken.put()
if result == self.ERROR_EMAIL_IN_USE:
self.add_debugmessage(
'''Comment - whether the email is available or not, the feedback through both the UI AND EMAIL is identical to prevent email checking.'''
)
link = enki.libutil.get_local_url('emailrollback',
{'rollbacktoken': token})
self.send_email(
emailCurrent, MSG.SEND_EMAIL_EMAIL_CHANGE_UNDO_SUBJECT(),
MSG.SEND_EMAIL_EMAIL_CHANGE_UNDO_BODY(link, emailCurrent))
return result
def add_preventmultipost_token():
# prevent accidental multiple posting
token = security.generate_random_string(entropy=256)
pmtoken = EnkiModelTokenVerify(token=token, type='preventmultipost')
pmtoken.put()
return token
def post(self):
self.check_CSRF()
submit_type = self.request.get('submittype')
data = self.get_email_subscriptions_data()
email = ''
error_message = ''
if data[0]: # is_logged_in
if submit_type == 'subscribe':
# delete eventual verification tokens for this email and newsletter
tokenEntity = EnkiModelTokenVerify.get_by_email_state_type(
self.enki_user.email, settings.email_newsletter_name[0],
'emailsubscriptionconfirm')
if tokenEntity:
tokenEntity.key.delete()
EnkiModelEmailSubscriptions.add_newsletter(
self.enki_user.email, settings.email_newsletter_name[0])
self.add_infomessage(
MSG.SUCCESS(),
MSG.EMAIL_SUBSCRIBED(settings.email_newsletter_name[0]))
data[1] = True # has_email_subscriptions
elif submit_type == 'unsubscribe':
EnkiModelEmailSubscriptions.remove_newsletter_by_email(
self.enki_user.email, settings.email_newsletter_name[0])
self.add_infomessage(
MSG.SUCCESS(),
MSG.EMAIL_UNSUBSCRIBED(settings.email_newsletter_name[0]))
data[
1] = False # has_email_subscriptions - ASSUMPTION: ONLY ONE NEWSLETTER AVAILABLE
if submit_type == 'subscribeemail':
email_unsafe = self.request.get('email')
email, result = self.validate_email(email_unsafe)
if result == self.ERROR_EMAIL_FORMAT_INVALID:
error_message = MSG.WRONG_EMAIL_FORMAT()
elif result == self.ERROR_EMAIL_MISSING:
error_message = MSG.MISSING_EMAIL()
elif result == enki.libutil.ENKILIB_OK:
if EnkiModelBackoffTimer.get(self.request.remote_addr,
increment=True,
expires=True) == 0:
if not EnkiModelEmailSubscriptions.exist_by_email_newsletter(
email, settings.email_newsletter_name[0]):
# if not already subscribed, create a token and send email with a link to allow the user to confirm their subscription
if not EnkiModelTokenVerify.get_by_email_state_type(
email, settings.email_newsletter_name[0],
'emailsubscriptionconfirm'):
# if a verify token already exists, skip as an email was already sent.
token = security.generate_random_string(
entropy=256)
emailToken = EnkiModelTokenVerify(
token=token,
email=email,
state=settings.email_newsletter_name[0],
type='emailsubscriptionconfirm')
emailToken.put()
link = enki.libutil.get_local_url(
'emailsubscriptionconfirm',
{'verifytoken': token})
self.send_email(
email,
MSG.SEND_EMAIL_EMAIL_SUBSCRIBE_CONFIRM_SUBJECT(
),
MSG.SEND_EMAIL_EMAIL_SUBSCRIBE_CONFIRM_BODY(
link, settings.email_newsletter_name[0]))
self.add_infomessage(
MSG.INFORMATION(),
MSG.EMAIL_SUBSCRIBE_CONFIRM_EMAIL_SENT(
email, settings.email_newsletter_name[0]))
self.add_debugmessage(
'Comment - whether the email is sent or not, the feedback through the UI is identical to prevent email checking.'
)
email = ''
else:
backoff_timer = EnkiModelBackoffTimer.get(
self.request.remote_addr, expires=True)
if backoff_timer != 0:
error_message = MSG.TIMEOUT(
enki.libutil.format_timedelta(backoff_timer))
if data[0]: # is_logged_in
self.redirect(enki.libutil.get_local_url('profile'))
else:
self.render_tmpl('emailsubscriptions.html',
active_menu='profile',
data=data,
email=email,
error=error_message)
