def post(self):
have_error = False
self.username = self.request.get("username")
self.password = self.request.get("password")
self.verify = self.request.get("verify")
self.email = self.request.get("email")
params = dict(username = self.username, email = self.email)
if not valid_username(self.username):
params['error_username'] = "******"
have_error = True
u = User.by_name(self.username)
if u:
params['error_username'] = "******"
have_error = True
if not valid_password(self.password):
params['error_password'] = "******"
have_error = True
elif self.password != self.verify:
params['error_verify'] = "Your password didn't match"
have_error = True
if not valid_email(self.email):
params['error_email'] = "Invalid email"
have_error = True
if have_error:
self.render('ioffer_signup_form.html', params = params)
else:
self.done()
def get_username(self):
_username = self.get_argument('name', '')
if User.by_name(_username) is not None:
raise ValidationError("Username already exists")
elif len(_username) < 3:
raise ValidationError("Username is too short, must be 3+ chars")
return _username
def get_username(self):
_username = self.get_argument('name', '')
if User.by_name(_username) is not None:
raise ValidationError("Username already exists")
elif len(_username) < 3:
raise ValidationError("Username is too short, must be 3+ chars")
return _username
def post(self):
have_error = False
username = self.request.get("username")
password = self.request.get("password")
verify = self.request.get("verify")
email = self.request.get("email")
params = dict(username=username, email=email)
if not valid_username(username):
params['error_username'] = "******"
have_error = True
if not valid_password(password):
params['error_password'] = "******"
have_error = True
elif password != verify:
params['error_verify'] = "The passwords do not match!"
have_error = True
if have_error:
self.render("signup.html", **params)
else:
u = User.by_name(username)
if u:
msg = 'That user already exists.'
self.render('signup.html', error_username=msg)
else:
u = User.register(username, password, email)
u.put()
self.login(u)
self.redirect('/')
def start_battle(self, session):
""" Creates a battle instance and links it to an sid """
user = User.by_name(session.data["name"])
self.lock.acquire()
self.battles[session.id] = Battle(user)
self.lock.release()
return self.battles[session.id]
def wrapper(self, *args, **kwargs):
if self.session is not None:
user = User.by_name(self.session['username'])
if user is not None and user.has_permission(permission):
return method(self, *args, **kwargs)
logging.warn("Attempted unauthorized access from %s to %s" % (
self.request.remote_ip, self.request.uri,
))
self.redirect(self.application.settings['forbidden_url'])
def _create_user(self):
if User.by_name(self.get_argument('name', '')):
raise AuthError("name is registered")
if self.get_argument('password1', '') != self.get_argument('password2', ''):
raise AuthError("Password error")
user = User()
user.username = self.get_argument('name', '')
user.password = self.get_argument('password1', '')
self.db.add(user)
self.db.commit()
def wrapper(self, *args, **kwargs):
if self.session is not None:
user = User.by_name(self.session['username'])
if user is not None and user.has_permission(permission):
return method(self, *args, **kwargs)
logging.warn("Attempted unauthorized access from %s to %s" % (
self.request.remote_ip,
self.request.uri,
))
self.redirect(self.application.settings['forbidden_url'])
def done(self):
u = User.by_name(self.username)
if u:
msg = "That user already exists."
self.render('sign-up.html', error_username = msg)
else:
u = User.register(self.username, self.password, self.email)
u.put()
self.login(u)
self.redirect('/blog/welcome')
def render(self, *args, **kwargs):
session_manager = SessionManager.Instance()
session = session_manager.get_session(
self.handler.get_secure_cookie('auth'), self.request.remote_ip)
if session != None:
if session.data['menu'] == 'user':
user = User.by_name(session.data['name'])
if user != None:
return self.render_string('menu/user.html', experience=user.experience, gold=user.gold, name=user.name, level=user.level)
elif session.data['menu'] == 'admin':
return self.render_string('menu/admin.html', uri=self.handler.request.uri)
return self.render_string('menu/public.html', uri=self.handler.request.uri)
def post(self, *args, **kwargs):
user = User.by_name(self.get_argument('username', ''))
password = self.get_argument('password', '')
if user is not None:
if user.validate_password(password):
self.login_success(user)
self.redirect('/user')
else:
self.login_failure()
else:
# Prevent user enumeration via timing attack
User._hash_password(password)
self.login_failure()
def done(self):
#make sure the user doesn't already exist
u = User.by_name(self.username)
if u:
msg = 'That user already exists.'
self.render('signup.html', error_username = msg)
else:
u = User.register(self.username, self.password, self.email)
u.put()
self.login(u)
self.redirect("/wiki/")
self.render("welcome.html", username = self.username)
def post(self):
""" Login and create a new session """
user = User.by_name(self.get_argument('username', ''))
if user is not None:
session = self.login_attempt(user)
self.write(session)
else:
# To prevent a timing attack to enumerate users, since hashing
# takes non-zero time, we only we normally only hash if we got a
# user from the db, we just hash whatever we got anyways before
# telling the client the auth failed.
bcrypt.hashpw("password", bcrypt.gensalt())
self.login_failure()
def post(self):
""" Login and create a new session """
user = User.by_name(self.get_argument('username', ''))
if user is not None:
session = self.login_attempt(user)
self.write(session)
else:
# To prevent a timing attack to enumerate users, since hashing
# takes non-zero time, we only we normally only hash if we got a
# user from the db, we just hash whatever we got anyways before
# telling the client the auth failed.
bcrypt.hashpw("password", bcrypt.gensalt())
self.login_failure()
def post(self):
user = User.by_name(self.get_argument('name', ''))
password = self.get_argument("password", "")
if not user.locked:
if user and user.auth_password(password):
self.success_login(user)
if user.loginnum == 1:
self.write('newuser.html')
else:
self.redirect(self.get_argument("aaa", "/"))
else:
self.write("登录失败")
else:
self.write("此用户已经被锁定,请联系管理员")
def loged_user(logged_username, update = False):
key = 'loged_user' + str(logged_username)
user = memcache.get(key)
if user is None or update:
logging.error('DB QUERY user')
memcache.delete(key)
user = User.by_name(str(logged_username))
memcache.set(key, user)
#logging.error('memcache 1 [%s]:%s' % (key,memcache.get(key).name))
logging.error('memcache.get(key).profiles.count:%s' % memcache.get(key).profiles.count())
if memcache.get(key).profiles.count() > 0:
logging.info('memcache 2 [%s]:%s' % (key,memcache.get(key).profiles[0].name)) #no quitar esta traza si no no refresca los perfiles al modificar el perfil
return user
def post(self):
''' Login and create a new session '''
user = User.by_name(self.get_argument('username', ''))
password = str(self.get_argument('password', ''))
if user is not None:
# Each of these methods writes it own response
if user.validate_password(password):
self.login_success(user)
else:
self.login_failure()
else:
# To prevent a timing attack to enumerate users, since hashing
# takes non-zero time, we only we normally only hash if we got a
# user from the db, we just hash whatever we got anyways before
# telling the client the auth failed.
bcrypt.hashpw(password, bcrypt.gensalt())
self.login_failure()
def post(self):
''' Login and create a new session '''
user = User.by_name(self.get_argument('username', ''))
password = str(self.get_argument('password', ''))
if user is not None:
# Each of these methods writes it own response
if user.validate_password(password):
self.login_success(user)
else:
self.login_failure()
else:
# To prevent a timing attack to enumerate users, since hashing
# takes non-zero time, we only we normally only hash if we got a
# user from the db, we just hash whatever we got anyways before
# telling the client the auth failed.
bcrypt.hashpw(password, bcrypt.gensalt())
self.login_failure()
def post(self):
have_error = False
username = self.request.get('username')
password = self.request.get('password')
verify = self.request.get('verify')
email = self.request.get('email')
params = dict(username = username,
email = email)
if not valid_username(username):
params['error_username'] = "******"
have_error = True
if not valid_password(password):
params['error_password'] = "******"
have_error = True
elif password != verify:
params['error_verify'] = "Your passwords didn't match."
have_error = True
if not valid_email(email):
params['error_email'] = "That's not a valid email."
have_error = True
if have_error:
self.render('signup-form.html', **params)
else:
#make sure the user doesn't already exist
u = User.by_name(username)
if u:
msg = 'That user already exists.'
self.render('signup-form.html', error_username = msg)
else:
u = User.register(username, password, email)
u.put()
self.login(u)
self.redirect('/blog/welcome')
def post(self):
username = self.request.get("username")
password = self.request.get("password")
verify = self.request.get("verify")
email = self.request.get("email")
valid = True
error = {}
v_username = validations.valid_username(username)
v_password = validations.valid_password(password)
v_email = validations.valid_email(email)
if not v_username or v_username.string != username:
valid = False
error["user_error"] = "That's not a valid username."
if not v_password or v_password.string != password:
valid = False
error["valid_pass_error"] = "That's not a valid password."
if verify != password:
valid = False
error["pass_match_error"] = "Your passwords didn't match."
if len(email) > 0 and (not v_email or v_email.string != email):
valid = False
error["email_error"] = "That's not a valid email."
if not valid:
self.render("signup.html", email=email, username=username, error=error)
else:
user = User.by_name(username)
if user:
self.render("signup.html", error={"user_error": "User already exists."})
else:
user = User.register(username, password)
user.put()
self.login(user)
self.redirect("/welcome")
def get_current_user(self):
if self.session.get("user_name"):
return User.by_name(self.session.get("user_name"))
else:
return None
def post(self):
username = self.request.get('username')
password = self.request.get('password')
remember = self.request.get('remember')
token = self.request.get('token')
providerId = self.request.get('providerId')
uid = self.request.get('uid')
displayName = self.request.get('displayName')
email = self.request.get('email')
photoURL = self.request.get('photoURL')
logging.error("username:%s" % username)
logging.error("password:%s" % password)
logging.error("token:%s" % token)
logging.error("displayName:%s" % displayName)
rem = False
if remember and remember == 'on':
rem = True
if (token != ""):
user=displayName
userexists = User.by_name(user)
if not userexists:
logging.error("el usuario %s no existe. Se procede a darle de alta." % user)
u = None;
try:
u = User.register(str(displayName), "xxx%s" % user, email)
u.put()
except:
logging.error("Error al dar de alta al usuario %s" % user)
userexists = u
logging.error("userlogged:%s" % str(userexists.key().id()))
logging.error("userlogged:%s" % userexists.name)
self.login(userexists, rem)
#loged_user(userexists.name)
self.redirect('/ioffer/welcome')
else:
self.login(userexists, rem)
loged_user(userexists.name)
self.redirect('/ioffer/welcome')
#self.render('ioffer_welcome.html', user = displayName, categories = categories, countries = countries, last_10_offers = self.get_last_10_offers(), geo_params = self.get_geo_params())
else:
user = User.login(username, password)
logging.error("user:%s" % user)
if user:
self.login(user, rem)
loged_user(username)
self.redirect('/ioffer/welcome')
else:
logging.error("login error")
msg = 'Invalid login'
self.render('login-form.html', error = msg)