def post(self):
"""
Request a password recovery email.
"""
def redact(value):
threshold = max((len(value) / 3) - 1, 1)
v = ""
for i in range(0, len(value)):
if i < threshold or i >= len(value) - threshold:
v = v + value[i]
else:
v = v + "\u2022"
return v
recovery_data = request.get_json()
# If recaptcha is enabled, then verify the user is a human.
if features.RECAPTCHA:
recaptcha_response = recovery_data.get("recaptcha_response", "")
result = recaptcha2.verify(app.config["RECAPTCHA_SECRET_KEY"],
recaptcha_response, get_request_ip())
if not result["success"]:
return {
"message":
"Are you a bot? If not, please revalidate the captcha."
}, 400
email = recovery_data["email"]
user = model.user.find_user_by_email(email)
if not user:
return {
"status": "sent",
}
if user.organization:
send_org_recovery_email(user,
model.organization.get_admin_users(user))
return {
"status": "org",
"orgemail": email,
"orgname": redact(user.username),
}
confirmation_code = model.user.create_reset_password_email_code(email)
send_recovery_email(email, confirmation_code)
return {
"status": "sent",
}
def post(self):
"""
Create a new organization.
"""
user = get_authenticated_user()
org_data = request.get_json()
existing = None
try:
existing = model.organization.get_organization(org_data["name"])
except model.InvalidOrganizationException:
pass
if not existing:
existing = model.user.get_user(org_data["name"])
if existing:
msg = "A user or organization with this name already exists"
raise request_error(message=msg)
if features.MAILING and not org_data.get("email"):
raise request_error(message="Email address is required")
# If recaptcha is enabled, then verify the user is a human.
if features.RECAPTCHA:
recaptcha_response = org_data.get("recaptcha_response", "")
result = recaptcha2.verify(app.config["RECAPTCHA_SECRET_KEY"],
recaptcha_response, get_request_ip())
if not result["success"]:
return {
"message":
"Are you a bot? If not, please revalidate the captcha."
}, 400
is_possible_abuser = ip_resolver.is_ip_possible_threat(
get_request_ip())
try:
model.organization.create_organization(
org_data["name"],
org_data.get("email"),
user,
email_required=features.MAILING,
is_possible_abuser=is_possible_abuser,
)
return "Created", 201
except model.DataModelException as ex:
raise request_error(exception=ex)
def post(self):
""" Request a password recovery email."""
def redact(value):
threshold = max((len(value) / 3) - 1, 1)
v = ''
for i in range(0, len(value)):
if i < threshold or i >= len(value) - threshold:
v = v + value[i]
else:
v = v + u'\u2022'
return v
recovery_data = request.get_json()
# If recaptcha is enabled, then verify the user is a human.
if features.RECAPTCHA:
recaptcha_response = recovery_data.get('recaptcha_response', '')
result = recaptcha2.verify(app.config['RECAPTCHA_SECRET_KEY'],
recaptcha_response, get_request_ip())
if not result['success']:
return {
'message':
'Are you a bot? If not, please revalidate the captcha.'
}, 400
email = recovery_data['email']
user = model.user.find_user_by_email(email)
if not user:
return {
'status': 'sent',
}
if user.organization:
send_org_recovery_email(user,
model.organization.get_admin_users(user))
return {
'status': 'org',
'orgemail': email,
'orgname': redact(user.username),
}
confirmation_code = model.user.create_reset_password_email_code(email)
send_recovery_email(email, confirmation_code)
return {
'status': 'sent',
}
def captcha_func():
recaptcha_response = request.values.get("recaptcha_response", "")
result = recaptcha2.verify(app.config["RECAPTCHA_SECRET_KEY"],
recaptcha_response, get_request_ip())
if not result["success"]:
abort(400)
# Save that the captcha was verified.
session["captcha_verified"] = int(time.time())
# Redirect to the normal OAuth flow again, so that the user can now create an account.
csrf_token = generate_csrf_token(OAUTH_CSRF_TOKEN_NAME)
login_scopes = login_service.get_login_scopes()
auth_url = login_service.get_auth_url(url_scheme_and_hostname, "",
csrf_token, login_scopes)
return redirect(auth_url)
def post(self):
""" Create a new organization. """
user = get_authenticated_user()
org_data = request.get_json()
existing = None
try:
existing = model.organization.get_organization(org_data['name'])
except model.InvalidOrganizationException:
pass
if not existing:
existing = model.user.get_user(org_data['name'])
if existing:
msg = 'A user or organization with this name already exists'
raise request_error(message=msg)
if features.MAILING and not org_data.get('email'):
raise request_error(message='Email address is required')
# If recaptcha is enabled, then verify the user is a human.
if features.RECAPTCHA:
recaptcha_response = org_data.get('recaptcha_response', '')
result = recaptcha2.verify(app.config['RECAPTCHA_SECRET_KEY'],
recaptcha_response, get_request_ip())
if not result['success']:
return {
'message':
'Are you a bot? If not, please revalidate the captcha.'
}, 400
is_possible_abuser = ip_resolver.is_ip_possible_threat(
get_request_ip())
try:
model.organization.create_organization(
org_data['name'],
org_data.get('email'),
user,
email_required=features.MAILING,
is_possible_abuser=is_possible_abuser)
return 'Created', 201
except model.DataModelException as ex:
raise request_error(exception=ex)
def register_post():
if env.user.id:
raise AlreadyAuthorized
sess = Session()
info = sess["reg_info"] or {}
try:
del info["network"]
del info["uid"]
except (KeyError, TypeError):
pass
sess["reg_info"] = info
sess.save()
try:
network = info["network"] if "network" in info else None
uid = info["uid"] if "uid" in info else None
except TypeError:
network = None
uid = None
errors = []
for p in ["login", "name", "email", "birthdate", "location", "about", "homepage"]:
info[p] = env.request.args(p, "").decode("utf-8")
info["gender"] = _gender(env.request.args("gender"))
login = env.request.args("login", "").strip()
if login and validate_nickname(login):
try:
u = User("login", login)
if u.id:
errors.append("login-in-use")
except UserNotFound:
pass
elif login:
errors.append("login-invalid")
else:
errors.append("login-empty")
password = env.request.args("password")
if not (network and uid):
if not password:
errors.append("password")
info["birthdate"] = parse_date(info["birthdate"])
if not network and not errors:
try:
resp = recaptcha2.verify(
env.request.args("g-recaptcha-request", ""), settings.recaptcha_private_key, env.request.remote_host
)
if not resp.is_valid:
errors.append("captcha")
except urllib2.URLError:
errors.append("recaptcha-fail")
except AddressNotFound:
return Response(redirect="%s://%s/remember?fail=1" % (env.request.protocol, settings.domain))
if errors:
if network and uid:
tmpl = "/auth/register_ulogin.html"
else:
tmpl = "/auth/register.html"
return Response(template=tmpl, fields=ULOGIN_FIELDS, info=info, errors=errors)
users.register(login)
for p in ["name", "email", "birthdate", "gender", "location", "about", "homepage"]:
env.user.set_info(p, info[p])
if password:
env.user.set_password(password)
if network and uid:
_nickname = info["_nickname"] if "_nickname" in info else None
_name = info["_name"] if "_name" in info else None
_profile = info["_profile"] if "_profile" in info else None
try:
env.user.bind_ulogin(network, uid, _nickname, _name, _profile)
except UserExists:
raise Forbidden
if env.request.args("avatar"):
ext = env.request.args("avatar", "").split(".").pop().lower()
if ext not in ["jpg", "gif", "png"]:
errors.append("filetype")
else:
filename = ("%s.%s" % (env.user.login, ext)).lower()
make_avatar(env.request.files("avatar"), filename)
env.user.set_info("avatar", "%s?r=%d" % (filename, randint(1000, 9999)))
elif "avatar" in info and info["avatar"]:
filename = ("%s.%s" % (env.user.login, "jpg")).lower()
make_avatar(info["avatar"], filename)
env.user.set_info("avatar", "%s?r=%d" % (filename, randint(1000, 9999)))
env.user.save()
env.user.authenticate()
return Response(redirect=get_referer())
def post(self):
"""
Create a new user.
"""
if app.config["AUTHENTICATION_TYPE"] != "Database":
abort(404)
user_data = request.get_json()
invite_code = user_data.get("invite_code", "")
existing_user = model.user.get_nonrobot_user(user_data["username"])
if existing_user:
raise request_error(message="The username already exists")
# Ensure an e-mail address was specified if required.
if features.MAILING and not user_data.get("email"):
raise request_error(message="Email address is required")
# If invite-only user creation is turned on and no invite code was sent, return an error.
# Technically, this is handled by the can_create_user call below as well, but it makes
# a nicer error.
if features.INVITE_ONLY_USER_CREATION and not invite_code:
raise request_error(message="Cannot create non-invited user")
# Ensure that this user can be created.
blacklisted_domains = app.config.get("BLACKLISTED_EMAIL_DOMAINS", [])
if not can_create_user(user_data.get("email"), blacklisted_domains=blacklisted_domains):
raise request_error(
message="Creation of a user account for this e-mail is disabled; please contact an administrator"
)
# If recaptcha is enabled, then verify the user is a human.
if features.RECAPTCHA:
recaptcha_response = user_data.get("recaptcha_response", "")
result = recaptcha2.verify(
app.config["RECAPTCHA_SECRET_KEY"], recaptcha_response, get_request_ip()
)
if not result["success"]:
return {"message": "Are you a bot? If not, please revalidate the captcha."}, 400
is_possible_abuser = ip_resolver.is_ip_possible_threat(get_request_ip())
try:
prompts = model.user.get_default_user_prompts(features)
new_user = model.user.create_user(
user_data["username"],
user_data["password"],
user_data.get("email"),
auto_verify=not features.MAILING,
email_required=features.MAILING,
is_possible_abuser=is_possible_abuser,
prompts=prompts,
)
email_address_confirmed = handle_invite_code(invite_code, new_user)
if features.MAILING and not email_address_confirmed:
confirmation_code = model.user.create_confirm_email_code(new_user)
send_confirmation_email(new_user.username, new_user.email, confirmation_code)
return {"awaiting_verification": True}
else:
success, headers = common_login(new_user.uuid)
if not success:
return {"message": "Could not login. Is your account inactive?"}, 403
return user_view(new_user), 200, headers
except model.user.DataModelException as ex:
raise request_error(exception=ex)
