def post(self): if self.user: if not self.check_state(): logging.warning("Possible CSRF attack detected!") self.redirect("/") return # Get user input input_current_password = self.request.get('current_password') input_password = self.request.get('password') input_verify_password = self.request.get('verify_password') # Check input and set error messages. error_current_password="" error_password="" error_verify_password="" have_error = False if not valid_pw(self.user.email, input_current_password, self.user.pw_hash): # Set the error-message: incorrect password. error_current_password = True have_error = True if not valid_password(input_password): # Set the error-message: not a valid password. error_password = True have_error = True if not valid_verify(input_password, input_verify_password): # Set the error-message: passwords do not match. error_verify_password = True have_error = True if have_error: state = self.make_state() # Render page with error-messages. self.render('change_password.html', user = self.user, error_current_password = error_current_password, error_password = error_password, error_verify_password = error_verify_password, state = state) else: # Generate password-hash and store in DB pw_hash = make_pw_hash(self.user.email, input_password) self.user.pw_hash = pw_hash self.user.put() # Update memcache User.update_user_cache(self.user) state = self.make_state() # Render page with success message. self.render('change_password.html', user = self.user, success_message = True, state = state) else: # Prompt user to login. self.render('message.html', message_user_settings_1 = True)
def post(self): if self.user: if not self.check_state(): logging.warning("Possible CSRF attack detected!") self.redirect("/") return # Get user input input_username = self.request.get('username') # Check input and set error messages. error_username="" error_username_exists="" have_error = False if not valid_username(input_username): # Set the error-message: not a valid username. error_username = True have_error = True if have_error == False: u = User.by_name(input_username) if u: # Set the error-message: username already taken. error_username_exists = True have_error = True if have_error: state = self.make_state() # Render page with error-messages. self.render('change_username.html', user = self.user, username = input_username, error_username = error_username, error_username_exists = error_username_exists, state = state) else: # Store new username in DB self.user.name = input_username self.user.put() # Update memcache User.update_user_cache(self.user) # Render page success message state = self.make_state() self.render('change_username.html', user = self.user, success_message = True, state = state) else: # Prompt user to login. self.render('message.html', message_user_settings_1 = True)
def post(self): if self.user: if not self.check_state(): logging.warning("Possible CSRF attack detected!") self.redirect("/") return # Get user input input_current_password = self.request.get('current_password') input_email = self.request.get('email').lower() input_verify_email = self.request.get('verify_email').lower() # Check input and set error messages. error_current_password="" error_email="" error_verify_email="" error_user_exists="" have_error = False if not valid_pw(self.user.email, input_current_password, self.user.pw_hash): # Set the error-message: incorrect password. error_current_password = True have_error = True if not valid_email(input_email): # Set the error-message: not a valid email. error_email = True have_error = True if not valid_verify(input_email, input_verify_email): # Set the error-message: emails do not match. error_verify_email = True have_error = True if have_error == False: u = User.by_email(input_email) if u: # Set the error-message: email already assigned. error_user_exists = True have_error = True if have_error: state = self.make_state() # Render page with error-messages. self.render('change_email.html', user = self.user, email = input_email, error_current_password = error_current_password, error_email = error_email, error_verify_email = error_verify_email, error_user_exists = error_user_exists, state = state) else: # Generate password-hash # Store new email and password-hash in DB pw_hash = make_pw_hash(input_email, input_current_password) self.user.pw_hash = pw_hash self.user.email = input_email self.user.put() # Update memcache User.update_user_cache(self.user) # Send email notification to new address self.send_email(self.user.email, 'email_subject.html', 'email_email_changed.html', subject_type = 'email_changed', username = self.user.name, user_email = self.user.email) # Render page with message that email was sent state = self.make_state() self.render('change_email.html', user = self.user, success_message = True, state = state) else: # Prompt user to login. self.render('message.html', message_user_settings_1 = True)
def post(self): if self.user: # Prompt user to log out. self.render('message.html', user = self.user, message_signup_1 = True) else: if not self.check_state(): logging.warning("Possible CSRF attack detected!") self.redirect("/") return input_username = self.request.get('username') input_password = self.request.get('password') input_verify_password = self.request.get('verify_password') input_email = self.request.get('email').lower() input_verify_email = self.request.get('verify_email').lower() error_username="" error_password="" error_verify_password="" error_email="" error_verify_email="" error_username_exists="" error_user_exists="" have_error = False if not valid_username(input_username): # Show the error-message: not a valid username. error_username = True have_error = True if not valid_password(input_password): # Show the error-message: not a valid password. error_password = True have_error = True if not valid_verify(input_password, input_verify_password): # Show the error-message: passwords do not match. error_verify_password = True have_error = True if not valid_email(input_email): # Show the error-message: not a valid email. error_email = True have_error = True if not valid_verify(input_email, input_verify_email): # Show the error-message: emails do not match. error_verify_email = True have_error = True if have_error == False: u = User.by_name(input_username) if u: # Show the error-message: username is already taken. error_username_exists = True have_error = True u = User.by_email(input_email) if u: # Show the error-message: email already used. error_user_exists = True have_error = True if have_error: state = self.make_state() # Render page with error-messages. self.render('signup.html', error_username = error_username, error_username_exists = error_username_exists, error_password = error_password, error_verify_password = error_verify_password, error_email = error_email, error_verify_email = error_verify_email, error_user_exists = error_user_exists, username_form = input_username, email_form = input_email, verify_email_form = input_verify_email, state = state) else: #Create new entry in the User-DB. u = User.register(input_username, input_password, input_email) u.put() #update memcache User.update_user_cache(u) #Send confirmation email self.send_email(u.email, 'email_subject.html', 'email_welcome.html', subject_type = 'welcome', username = u.name, user_email = u.email) #Set cookie and render message page with welcome self.login(u) self.render('message.html', user = u, message_signup_2 = True)
def post(self): if self.user: if not self.check_state(): logging.warning("Possible CSRF attack detected!") self.redirect("/") return # Get user input: password and verify_password input_password = self.request.get('password') input_verify_password = self.request.get('verify_password') # Get token from web page input_token = self.request.get('token') # Check if token is valid TOKEN_RE = re.compile(r"^([0-9]{1,30})\-.{3,20}$") if not TOKEN_RE.match(input_token): # Set invalid reset_id so that a normal error message is sent reset_id = 1 else: reset_id = int(input_token.split('-')[0]) temp_pw = input_token.split('-')[1] # Use reset_id to find entry in ResetPasswordRequest DB. self.p = ResetPasswordRequest.by_id(reset_id) # Check if entry exists if not self.p: # Show message to contact via email self.render('message.html', user = self.user, message_reset_password_5 = True) #Check if entry is not older than one hour. elif datetime.datetime.now() - datetime.timedelta(hours = 1) > self.p.created: # Show message that too much time has passed. self.render('message.html', user = self.user, message_reset_password_3 = True) #Check if temp_pw is valid elif not ResetPasswordRequest.check_for_valid_request(self.p.email, temp_pw): # Show message to contact via email self.render('message.html', user = self.user, message_reset_password_5 = True) else: # Check if password and verify_password are valid. # Set error-messages. error_password="" error_verify_password="" have_error = False if not valid_password(input_password): # Show the error-message: not a valid password. error_password = True have_error = True if not valid_verify(input_password, input_verify_password): # Show the error-message: passwords do not match. error_verify_password = True have_error = True if have_error: state = self.make_state() # Render page with error-messages. self.render('reset_password.html', user = self.user, token = input_token, error_password = error_password, error_verify_password = error_verify_password, state = state) else: # Generate password-hash and store in DB pw_hash = make_pw_hash(self.user.email, input_password) self.user.pw_hash = pw_hash self.user.put() # Update memcache User.update_user_cache(self.user) # Invalidate entity in ResetPasswordRequest db self.p = ResetPasswordRequest.by_email(self.user.email) self.p.temp_pw_hash = "deactivated" self.p.put() # Show message that the password has been changed. self.render('message.html', user = self.user, message_reset_password_7 = True) else: # Show message to use the linke in the email. self.render('message.html', user = self.user, message_reset_password_6 = True)