def changePassword(self): requestData = parseJsonResponse(request.data) username = requestData['username'] oldPassword = requestData['oldPassword'] newPassword = requestData['newPassword'] try: user = User.objects.get(username = username) except DoesNotExist: raise NotFoundError("User not found") permission = UserAdminPermission(user) if not permission.can(): raise APIException('You have no permission to change the user password') passwordValid = bcrypt.check_password_hash(user.password, oldPassword) if (not passwordValid): raise APIException('Invalid old password') if (len(newPassword) < 6): raise APIException('Your new password has to be at least 6 characters long') user.modify(password = unicode(bcrypt.generate_password_hash(newPassword))) return makeJsonResponse(None, 'Password changed')
def create(self): # If no users exist, init the user DB if (User.objects.count() == 0): self.initUsersDB(); userData = parseJsonResponse(request.data) if (len(userData[u'password']) < 6): raise APIException('Your password has to be at least 6 characters long') if (User.objects(username = userData['username']).count() > 0): raise APIException('User with this username already exists') if (User.objects(email = userData['email']).count() > 0): raise APIException('User with this email already exists') roleUser = Role.objects.get(name='user') user = User( username = userData['username'], email = userData['email'], firstName = userData['firstName'], lastName = userData['lastName'], country = userData['country'], organization = userData.get('organization', ''), password = unicode(bcrypt.generate_password_hash(userData[u'password'])), roles = [roleUser] ) # If no users exist, init the user DB if (User.objects.count() == 0): user.roles.append(Role.objects.get(name='admin')) try: user.save() # Send email to the user msg = Message("Welcome to STEM", recipients = [user.email]) msg.body = """\ Please click on the link to activate your profile http://stem.sysmoltd.com/stem/api/Users/confirm?username={}&activationCode={}""".format(user.username, str(user.id)) mail.send(msg) # Send email to admin msg = Message("New user registration", recipients = ["*****@*****.**"]) msg.body = "username: {}\n email: {}\n".format(user.username, user.email) mail.send(msg) except NotUniqueError: raise APIException('Registration failed. Please contact the administrator [email protected]') return makeJsonResponse({ 'msg': 'Successfully created user {}'.format(user.username) })