def account():
"""Return account details and/or update given keys.
-- http://developer.getcloudapp.com/view-account-details
-- http://developer.getcloudapp.com/change-default-security
-- http://developer.getcloudapp.com/change-email
-- http://developer.getcloudapp.com/change-password
PUT: accepts every new password (stored in plaintext) and similar to /register
no digit-only "email" address is allowed."""
conf, db = current_app.config, current_app.db
account = db.accounts.find_one({'email': request.authorization.username})
if request.method == 'GET':
return jsonify(clear(account))
try:
_id = account['_id']
data = json.loads(request.data)['user']
except ValueError:
return ('Unprocessable Entity', 422)
if len(data.keys()) == 1 and 'private_items' in data:
db.accounts.update({'_id': _id}, {'$set': {'private_items': data['private_items']}})
account['private_items'] = data['private_items']
elif len(data.keys()) == 2 and 'current_password' in data:
if not account['passwd'] == A1(account['email'], data['current_password']):
return abort(403)
if 'email' in data:
if filter(lambda c: not c in conf['ALLOWED_CHARS'], data['email']) \
or data['email'].isdigit(): # no numbers allowed
abort(400)
if db.accounts.find_one({'email': data['email']}) and \
account['email'] != data['email']:
return ('User already exists', 406)
new = {'email': data['email'],
'passwd': A1(data['email'], data['current_password'])}
db.accounts.update({'_id': _id}, {'$set': new})
account['email'] = new['email']
account['passwd'] = new['passwd']
elif 'password' in data:
passwd = A1(account['email'], data['password'])
db.accounts.update({'_id': _id}, {'$set': {'passwd': passwd}})
account['passwd'] = passwd
else:
abort(400)
db.accounts.update({'_id': account['_id']}, {'$set':
{'updated_at': strftime('%Y-%m-%dT%H:%M:%SZ', gmtime())}})
return jsonify(clear(account))
def register():
"""Registration of new users (no digits-only usernames are allowed), if
PUBLIC_REGISTRATION is set to True new accounts are instantly activated. Otherwise
you have to do it manually via `manage.py activate $USER`.
-- http://developer.getcloudapp.com/register"""
conf, db = current_app.config, current_app.db
if len(request.data) > 200:
return ('Request Entity Too Large', 413)
try:
d = json.loads(request.data)
email = d['user']['email']
if email.isdigit(): raise ValueError # no numbers as username allowed
passwd = d['user']['password']
except (ValueError, KeyError):
return ('Bad Request', 422)
# TODO: allow more characters, unicode -> ascii, before filter
if filter(lambda c: not c in conf['ALLOWED_CHARS'], email):
return ('Bad Request', 422)
if db.accounts.find_one({'email': email}) != None:
return ('User already exists', 406)
if not db.accounts.find_one({"_id": "autoinc"}):
db.accounts.insert({"_id": "_inc", "seq": 1})
account = Account(
{
'email': email,
'passwd': passwd,
'id': db.accounts.find_one({'_id': '_inc'})['seq']
}, conf)
db.accounts.update({'_id': '_inc'}, {'$inc': {'seq': 1}})
if conf['PUBLIC_REGISTRATION']:
account['activated_at'] = strftime('%Y-%m-%dT%H:%M:%SZ', gmtime())
account['_id'] = account['id']
db.accounts.insert(account)
return (jsonify(clear(account)), 201)
def register():
"""Registration of new users (no digits-only usernames are allowed), if
PUBLIC_REGISTRATION is set to True new accounts are instantly activated. Otherwise
you have to do it manually via `manage.py activate $USER`.
-- http://developer.getcloudapp.com/register"""
conf, db = current_app.config, current_app.db
if len(request.data) > 200:
return ('Request Entity Too Large', 413)
try:
d = json.loads(request.data)
email = d['user']['email']
if email.isdigit(): raise ValueError # no numbers as username allowed
passwd = d['user']['password']
except (ValueError, KeyError):
return ('Bad Request', 422)
# TODO: allow more characters, unicode -> ascii, before filter
if filter(lambda c: not c in conf['ALLOWED_CHARS'], email):
return ('Bad Request', 422)
if db.accounts.find_one({'email': email}) != None:
return ('User already exists', 406)
if not db.accounts.find_one({"_id":"autoinc"}):
db.accounts.insert({"_id":"_inc", "seq": 1})
account = Account({'email': email, 'passwd': passwd,
'id': db.accounts.find_one({'_id': '_inc'})['seq']}, conf)
db.accounts.update({'_id': '_inc'}, {'$inc': {'seq': 1}})
if conf['PUBLIC_REGISTRATION']:
account['activated_at'] = strftime('%Y-%m-%dT%H:%M:%SZ', gmtime())
account['_id'] = account['id']
db.accounts.insert(account)
return (jsonify(clear(account)), 201)
def account():
"""Return account details and/or update given keys.
-- http://developer.getcloudapp.com/view-account-details
-- http://developer.getcloudapp.com/change-default-security
-- http://developer.getcloudapp.com/change-email
-- http://developer.getcloudapp.com/change-password
PUT: accepts every new password (stored in plaintext) and similar to /register
no digit-only "email" address is allowed."""
conf, db = current_app.config, current_app.db
account = db.accounts.find_one({'email': request.authorization.username})
if request.method == 'GET':
return jsonify(clear(account))
try:
_id = account['_id']
data = json.loads(request.data)['user']
except ValueError:
return ('Unprocessable Entity', 422)
if len(data.keys()) == 1 and 'private_items' in data:
db.accounts.update({'_id': _id},
{'$set': {
'private_items': data['private_items']
}})
account['private_items'] = data['private_items']
elif len(data.keys()) == 2 and 'current_password' in data:
if not account['passwd'] == A1(account['email'],
data['current_password']):
return abort(403)
if 'email' in data:
if filter(lambda c: not c in conf['ALLOWED_CHARS'], data['email']) \
or data['email'].isdigit(): # no numbers allowed
abort(400)
if db.accounts.find_one({'email': data['email']}) and \
account['email'] != data['email']:
return ('User already exists', 406)
new = {
'email': data['email'],
'passwd': A1(data['email'], data['current_password'])
}
db.accounts.update({'_id': _id}, {'$set': new})
account['email'] = new['email']
account['passwd'] = new['passwd']
elif 'password' in data:
passwd = A1(account['email'], data['password'])
db.accounts.update({'_id': _id}, {'$set': {'passwd': passwd}})
account['passwd'] = passwd
else:
abort(400)
db.accounts.update(
{'_id': account['_id']},
{'$set': {
'updated_at': strftime('%Y-%m-%dT%H:%M:%SZ', gmtime())
}})
return jsonify(clear(account))
