def authenticateUser(self, authGuid):
# kill existing session
# self.session.kill()
userId, redirectLink = mUser.createUserFromAuthGuid(self.db, authGuid)
isSuccess = False
if (userId):
isSuccess = True
user = mUser.User(self.db, userId)
# log in user
self.session.user_id = userId
self.session.invalidate()
# set cbu_key for blog access
web.setcookie('cbu_key', util.obfuscate(userId), domain = ".changeby.us")
mIdea.attachIdeasByEmail(self.db, user.email)
if (user.phone and len(user.phone) > 0):
mIdea.attachIdeasByPhone(self.db, user.phone)
return self.render('join', { 'is_email_auth_attempt':True,
'is_email_auth_attempt_successful': isSuccess,
'post_auth_redirect_link': redirectLink })
def authenticateUser(self, authGuid):
# kill existing session
# self.session.kill()
userId = mUser.createUserFromAuthGuid(self.db, authGuid)
isSuccess = False
if (userId):
isSuccess = True
user = mUser.User(self.db, userId)
# log in user
self.session.user_id = userId
self.session.invalidate()
# set cbu_key for blog access
web.setcookie('cbu_key',
util.obfuscate(userId),
domain=".changeby.us")
mIdea.attachIdeasByEmail(self.db, user.email)
if (user.phone and len(user.phone) > 0):
mIdea.attachIdeasByPhone(self.db, user.phone)
return self.render(
'join', {
'is_email_auth_attempt': True,
'is_email_auth_attempt_successful': isSuccess
})
def _session_start(user, secret): ''' Sets up a session for the given user model object, where secret is the seed for generating the login token (this can be any string that an attacker shouldn't be able to guess, such as the password for password-based authentication or the Persona assertion if using Persona-based login). ''' token = user.create_session_token(secret) web.setcookie(UserController._COOKIE_NAME, token, 3600)
def _session_start(user, secret):
'''
Sets up a session for the given user model object, where secret is
the seed for generating the login token (this can be any string
that an attacker shouldn't be able to guess, such as the password
for password-based authentication or the Persona assertion if using
Persona-based login).
'''
token = user.create_session_token(secret)
web.setcookie(UserController._COOKIE_NAME, token, 3600)
def newUser(self):
firstName = self.request('f_name')
lastName = self.request('l_name')
email = self.request('email')
password = self.request('password')
phone = util.cleanUSPhone(self.request('sms_phone'))
code = self.request('beta_code')
if (self.appMode == 'beta' and not self.verifyBetaCode(code)):
log.error("*** beta user attempted register w/ invalid code")
return False
elif (len(firstName) == 0):
log.error("*** error on user create: no first name")
return False
elif (len(lastName) == 0):
log.error("*** error on user create: no last name")
return False
elif (len(email) == 0 or not util.validate_email(email)):
log.error("*** error on user create: invalid email")
return False
elif (len(password) == 0):
log.error("*** error on user create: no password")
return False
else:
userId = mUser.createUser(self.db, email, password, firstName,
lastName, phone)
if (userId):
# log in user
self.session.user_id = userId
self.session.invalidate()
# set cbu_key for blog access
web.setcookie('cbu_key',
util.obfuscate(userId),
domain=".changeby.us")
if (self.appMode == 'beta'):
self.expireBetaCode(code, userId)
mIdea.attachIdeasByEmail(self.db, email)
if (phone and len(phone) > 0):
mIdea.attachIdeasByPhone(self.db, phone)
return userId
else:
return False
def newUser(self):
firstName = self.request('f_name')
lastName = self.request('l_name')
email = self.request('email')
password = self.request('password')
phone = util.cleanUSPhone(self.request('sms_phone'))
code = self.request('beta_code')
if (self.appMode == 'beta' and not self.verifyBetaCode(code)):
log.error("*** beta user attempted register w/ invalid code")
return False
elif (len(firstName) == 0):
log.error("*** error on user create: no first name")
return False
elif (len(lastName) == 0):
log.error("*** error on user create: no last name")
return False
elif (len(email) == 0 or not util.validate_email(email)):
log.error("*** error on user create: invalid email")
return False
elif (len(password) == 0):
log.error("*** error on user create: no password")
return False
else:
userId = mUser.createUser(self.db, email, password, firstName, lastName, phone)
if (userId):
# log in user
self.session.user_id = userId
self.session.invalidate()
# set cbu_key for blog access
web.setcookie('cbu_key', util.obfuscate(userId), domain = ".changeby.us")
if (self.appMode == 'beta'):
self.expireBetaCode(code, userId)
mIdea.attachIdeasByEmail(self.db, email)
if (phone and len(phone) > 0):
mIdea.attachIdeasByPhone(self.db, phone)
return userId
else:
return False
def POST(self):
name = web.input().name
ip = web.ctx.ip
cookieName_identity = 'identity'
cookieName_name = 'name'
identity = web.cookies().get(cookieName_identity)
browserId = ''
user = None
if identity:
user = Identity.Update(identity, name, ip, browserId)
if not user:
user = Identity.Put(name, ip, browserId)
web.setcookie(cookieName_identity, user.Id, _cookie_expire_time)
web.setcookie(cookieName_name, user.DisplayName, _cookie_expire_time)
return user.Id
def login(self):
email = self.request("email")
password = self.request("password")
if (email and password):
#userId = mUser.authenticateUser(self.db, email, password)
user = mUser.authGetUser(self.db, email, password)
if (user):
self.session.user_id = user['u_id']
self.session.invalidate()
# set cbu_key for blog access
web.setcookie('cbu_key', util.obfuscate(user['u_id']), domain = ".changeby.us")
return self.json(user)
else:
return False
else:
log.error("*** Login attempt missing email or password")
return False
def login(self):
email = self.request("email")
password = self.request("password")
if (email and password):
#userId = mUser.authenticateUser(self.db, email, password)
user = mUser.authGetUser(self.db, email, password)
if (user):
self.session.user_id = user['u_id']
self.session.invalidate()
# set cbu_key for blog access
web.setcookie('cbu_key',
util.obfuscate(user['u_id']),
domain=".changeby.us")
return self.json(user)
else:
return False
else:
log.error("*** Login attempt missing email or password")
return False
def logout(self):
self.session.kill()
web.setcookie('cbu_key', None, expires = -1, domain = ".changeby.us")
return True
def logout(self):
self.session.kill()
web.setcookie('cbu_key', None, expires=-1, domain=".changeby.us")
return True