def register_user(username, passwd, email): # Returns an error message or None if passwd == "": return "The password can't be empty!" if email: # validate the email only if it is provided result = validate_email_address(email) if result: return result username = username.strip() if not re.match(nick_regex, username): return "Invalid username!" crypted_pw = encrypt_pw(passwd) try: conn = sqlite3.connect(password_db) c = conn.cursor() c.execute("select username from dglusers where username=? collate nocase", (username,)) result = c.fetchone() if result: return "User already exists!" c.execute("insert into dglusers(username, email, password, flags, env) values (?,?,?,0,'')", (username, email, crypted_pw)) conn.commit() return None finally: if c: c.close() if conn: conn.close()
def send_forgot_password(email): # type: (str) -> Tuple[bool, Optional[str]] """ Returns: (email_sent: bool, error: string) """ if not email: return False, "Email address can't be empty" email_error = validate_email_address(email) if email_error: return False, email_error with crawl_db(password_db) as db: db.c.execute("select id from dglusers where email=? collate nocase", (email, )) result = db.c.fetchone() if not result: return False, None userid = result[0] token = create_password_token(userid) msg_body_plaintext, msg_body_html = generate_token_email(token) send_email(email, 'Request to reset your password', msg_body_plaintext, msg_body_html) return True, None
def register_user(username, passwd, email): # type: (str, str, str) -> Optional[str] """Returns an error message or None on success.""" if passwd == "": return "The password can't be empty!" if email: # validate the email only if it is provided result = validate_email_address(email) if result: return result username = username.strip() if not re.match(nick_regex, username): return "Invalid username!" crypted_pw = encrypt_pw(passwd) with crawl_db(password_db) as db: db.c.execute( "select username from dglusers where username=? collate nocase", (username, )) result = db.c.fetchone() if result: return "User already exists!" with crawl_db(password_db) as db: query = """ INSERT INTO dglusers (username, email, password, flags, env) VALUES (?, ?, ?, 0, '') """ db.c.execute(query, (username, email, crypted_pw)) db.conn.commit() return None
def admin_edit_user(utable, js): field = js.get("field", "").strip() new_value = js.get("new_value", "").strip() prev_value = getattr(utable, field, sentinel) if prev_value == sentinel: return {"error": "??????"} if prev_value == new_value: return {"user_data": utable.as_json} if field == "current_level": set_level(utable, new_value) return {"user_data": utable.as_json} elif field == "last_question_answered_at": set_last_question_answered_at(utable, new_value) return {"user_data": utable.as_json} elif field == "email": if not validate_email_address(new_value): return {"error": "Invalid email"} utable.has_verified_email = False try: setattr(utable, field, new_value) save_to_db() return {"user_data": utable.as_json} except Exception: return { "error": "Could not update" if field != "email" else "Could not update email, maybe another account is using that address" }
def __init__( self, user: str = None, name: str = None, email: str = None, school: str = None, password_hash: str = None, ig_user_id: str = None, is_admin: bool = False, is_disqualified: bool = False, last_question_answered_at: int = 0, has_verified_email: bool = False, ): if any( self.is_invalid_data(x) for x in (user, name, email, password_hash)): raise Exception("Invalid Data") self.user = user.lower() self.password_hash = password_hash self.name = name self.email = validate_email_address(email) self.school = school self.ig_user_id = ig_user_id self.current_level = 0 self.is_admin = is_admin self.is_disqualified = is_disqualified self.has_verified_email = has_verified_email self.last_question_answered_at = (last_question_answered_at or js_time() ) # javascript times in ms
def send_forgot_password(email): # Returns a tuple where item 1 is a truthy value when an email was sent, and item 2 is an error message or None if not email: return False, "Email address can't be empty" email_error = validate_email_address(email) if email_error: return False, email_error try: # lookup user-provided email conn = sqlite3.connect(password_db) c = conn.cursor() c.execute("select id from dglusers where email=? collate nocase", (email,)) result = c.fetchone() # user was found if result: userid = result[0] # generate random token token_bytes = os.urandom(32) token = urlsafe_b64encode(token_bytes) # hash token token_hash_obj = hashlib.sha256(token) token_hash = token_hash_obj.hexdigest() # store hash in db c.execute("insert into recovery_tokens(token, token_time, user_id) " "values (?,datetime('now'),?)", (token_hash, userid)) conn.commit() # send email url_text = config.lobby_url + "?ResetToken=" + token msg_body_plaintext = """Someone (hopefully you) has requested to reset the password for your account at """ + config.lobby_url + """. If you initiated this request, please use this link to reset your password: """ + url_text + """ If you did not ask to reset your password, feel free to ignore this email. """ msg_body_html = """<html> <head></head> <body> <p>Someone (hopefully you) has requested to reset the password for your account at """ + config.lobby_url + """.<br /><br /> If you initiated this request, please use this link to reset your password:<br /><br />  <a href='""" + url_text + """'>""" + url_text + """</a><br /><br /> If you did not ask to reset your password, feel free to ignore this email. </p> </body> </html>""" send_email(email, 'Request to reset your password', msg_body_plaintext, msg_body_html) return True, None # email was not found, do nothing return False, None finally: if c: c.close() if conn: conn.close()
def change_email(user_id, email): # type: (str, str) -> Optional[str] """Returns an error message or None on success.""" result = validate_email_address(email) if result: return result with crawl_db(password_db) as db: db.c.execute("update dglusers set email=? where id=?", (email, user_id)) db.conn.commit() return None
def change_email(user_id, email): # Returns an error message or None result = validate_email_address(email) if result: return result try: conn = sqlite3.connect(password_db) c = conn.cursor() c.execute("update dglusers set email=? where id=?", (email, user_id)) conn.commit() return None finally: if c: c.close() if conn: conn.close()
def edit(js: dict) -> dict: if not is_logged_in(): return {"error": "Not Authenticated"} user = js.get("user", "").strip() field = js.get("field", "").strip() if field not in ["email", "school", "ig_user_id"]: return {"error": "cannot edit specified field"} new_value = js.get("new_value", "").strip() if user != get_current_user(): return {"error": "Invalid credentials"} invalid_data_arr = [] if not user: invalid_data_arr.append("user") if not field: invalid_data_arr.append("column") if not new_value: invalid_data_arr.append("value") if invalid_data_arr: return {"error": f"Missing data: {', '.join(invalid_data_arr)}"} user_table = get_user_by_id(user) attr = getattr(user_table, field, sentinel) if attr == sentinel: return {"error": "Invalid field"} if attr == new_value: # prevent a useless write return {"user_data": user_table.as_json} try: setattr(user_table, field, new_value) if field == "email": if not validate_email_address(new_value): return {"error": "Invalid email"} user_table.has_verified_email = False save_to_db() return {"user_data": user_table.as_json} except: return { "error": "Could not update" if field != "email" else "Could not update email, maybe another account is using that address" }
def test_validate_email_address(self, email, valid): result = util.validate_email_address(email) if valid: assert result is None else: assert result is not None
def _validate_email(self, mail: str): validate_email_address(mail)