Exemple #1
0
	def changePassword(self):
		requestData = parseJsonResponse(request.data)
		username = requestData['username']
		oldPassword = requestData['oldPassword']
		newPassword = requestData['newPassword']
		
		try:
			user = User.objects.get(username = username)
		except DoesNotExist:
			raise NotFoundError("User not found")
		
		permission = UserAdminPermission(user)
		if not permission.can():
			raise APIException('You have no permission to change the user password')
		
		passwordValid = bcrypt.check_password_hash(user.password, oldPassword)
		if (not passwordValid):
			raise APIException('Invalid old password')
		
		if (len(newPassword) < 6):
			raise APIException('Your new password has to be at least 6 characters long')
		
		user.modify(password = unicode(bcrypt.generate_password_hash(newPassword)))
		
		return makeJsonResponse(None, 'Password changed')
Exemple #2
0
	def create(self):
		# If no users exist, init the user DB
		if (User.objects.count() == 0):
			self.initUsersDB();
		userData = parseJsonResponse(request.data)
		if (len(userData[u'password']) < 6):
			raise APIException('Your password has to be at least 6 characters long')
		if (User.objects(username = userData['username']).count() > 0):
			raise APIException('User with this username already exists')
		if (User.objects(email = userData['email']).count() > 0):
			raise APIException('User with this email already exists')
		roleUser = Role.objects.get(name='user')
		user = User(
			username = userData['username'],
			email = userData['email'],
			firstName = userData['firstName'],
			lastName = userData['lastName'],
			country = userData['country'],
			organization = userData.get('organization', ''),
			password = unicode(bcrypt.generate_password_hash(userData[u'password'])),
			roles = [roleUser]
		)
		# If no users exist, init the user DB
		if (User.objects.count() == 0):
			user.roles.append(Role.objects.get(name='admin'))
		try:
			user.save()
			# Send email to the user
			msg = Message("Welcome to STEM", recipients = [user.email])
			msg.body = """\
Please click on the link to activate your profile
http://stem.sysmoltd.com/stem/api/Users/confirm?username={}&activationCode={}""".format(user.username, str(user.id))
			mail.send(msg)
			# Send email to admin
			msg = Message("New user registration", recipients = ["*****@*****.**"])
			msg.body = "username: {}\n email: {}\n".format(user.username, user.email)
			mail.send(msg)
		except NotUniqueError:
			raise APIException('Registration failed. Please contact the administrator [email protected]')
		return makeJsonResponse({
			'msg': 'Successfully created user {}'.format(user.username)
		})