def _changePassword(self, request): (appchange, script, args, myId) = yield self._getBasicArgs(request) currentPass = utils.getRequestArg(request, "curr_passwd", sanitize=False) newPass = utils.getRequestArg(request, "passwd1", sanitize=False) rptPass = utils.getRequestArg(request, "passwd2", sanitize=False) if not currentPass: request.write('$$.alerts.error("%s");' % _("Enter your current password")) defer.returnValue(None) if not newPass: request.write('$$.alerts.error("%s");' % _("Enter new password")) defer.returnValue(None) if not rptPass: request.write('$$.alerts.error("%s");' % _("Confirm new password")) defer.returnValue(None) if newPass != rptPass: request.write('$$.alerts.error("%s");' % _("Passwords do not match")) defer.returnValue(None) if currentPass == newPass: request.write('$$.alerts.error("%s");' % _("New password should be different from current password")) defer.returnValue(None) emailId = args["me"].basic["emailId"] col = yield db.get(emailId, "userAuth", "passwordHash") storedPass= col.column.value if not utils.checkpass(currentPass, storedPass): request.write('$$.alerts.error("%s");' % _("Incorrect Password")) defer.returnValue(None) newPasswd = utils.hashpass(newPass) yield db.insert(emailId, "userAuth", newPasswd, "passwordHash") request.write('$$.alerts.info("%s");' % _('Password changed'))
def _registerClient(self, request): (appchange, script, args, myId) = yield self._getBasicArgs(request) landing = not self._ajax myOrgId = args["orgId"] name = utils.getRequestArg(request, "name") desc = utils.getRequestArg(request, "desc") scope = utils.getRequestArg(request, "scope", multiValued=True) category = utils.getRequestArg(request, "category") redirect = utils.getRequestArg(request, "redirect", sanitize=False) if not name: raise errors.MissingParams(["Name"]) if not scope: raise errors.MissingParams(["Permissions"]) if category != "apikey" and not redirect: raise errors.MissingParams(["Redirect URL"]) knownScopes = globals().get("scopes") unknownScopes = [x for x in scope if x not in knownScopes.keys()] if category not in ["webapp", "native", "apikey"] or unknownScopes: raise errors.BaseError("Invalid value sent for Type/Permissions") clientId = utils.getUniqueKey() clientSecret = utils.getRandomKey() meta = { "author": myId, "name": name, "org": myOrgId, "secret": utils.hashpass(clientSecret), "scope": " ".join(scope), "category": category, } if category != "apikey": meta["redirect"] = b64encode(redirect) meta["desc"] = desc yield db.batch_insert(clientId, "apps", {"meta": meta}) yield db.insert(myId, "appsByOwner", "", clientId) yield db.insert(myOrgId, "appsByOwner", "", clientId) else: yield db.batch_insert(clientId, "apps", {"meta": meta}) yield db.insert(myId, "entities", "", clientId, "apikeys") self.setTitle(request, name) args["clientId"] = clientId args["client"] = meta args["client"]["secret"] = clientSecret t.renderScriptBlock(request, "apps.mako", "registrationResults", landing, "#apps-contents", "set", **args)
def _secret(self, request): myId = request.getSession(IAuthInfo).username clientId = utils.getRequestArg(request, "id", sanitize=False) client = yield db.get_slice(clientId, "apps") client = utils.supercolumnsToDict(client) if not client: raise errors.InvalidApp(clientId) if client["meta"]["author"] != myId: raise errors.AppAccessDenied(clientId) clientSecret = utils.getRandomKey() yield db.insert(clientId, "apps", utils.hashpass(clientSecret), "secret", "meta") args = {"clientId": clientId, "client": client["meta"], "info": "New application secret was generated"} args["client"]["secret"] = clientSecret t.renderScriptBlock(request, "apps.mako", "registrationResults", False, "#apps-contents", "set", **args)
def resetPassword(self, request): email = utils.getRequestArg(request, 'email') token = utils.getRequestArg(request, 'token') passwd = utils.getRequestArg(request, 'password', False) pwdrepeat = utils.getRequestArg(request, 'pwdrepeat', False) if not (email and token and passwd and pwdrepeat): raise MissingParams(['Email', 'Password Reset Token']) if (passwd != pwdrepeat): raise errors.PasswordsNoMatch() validEmail, tokens, deleteTokens, leastTimestamp = yield _getResetPasswordTokens(email) if validEmail: if token not in tokens: raise PermissionDenied("Invalid token. <a href='/password/resend?email=%s'>Click here</a> to reset password" % (email)) yield db.insert(email, "userAuth", utils.hashpass(passwd), 'passwordHash') yield db.batch_remove({"userAuth": [email]}, names=deleteTokens) request.redirect('/signin')