def send_confirmation_email(self): data = request_json() # recaptcha errorMsg = validate_recaptcha(data['recaptcha']) if errorMsg: return failed(errorMsg) # errorMsg = None try: self.do_send_confirmation_email(data['email'], current_user.id) except Exception as e: print(e) errorMsg = str(e) return failed(errorMsg) if errorMsg else success()
def login(self): data = request_json() # recaptcha errorMsg = validate_recaptcha(data['recaptcha']) if errorMsg: return failed(errorMsg) user = self.model.objects.filter(email=data['email']).first() if user.user_type != data['user_type']: user = None if not user: return failed('User not found') if not pwd_hashed_compare(data['password'], user.password): return failed('Incorrect password') login_user(user, remember=data.get('remember')) return success()
def register(self): data = request_json() # recaptcha errorMsg = validate_recaptcha(data['recaptcha']) if errorMsg: return failed(errorMsg) # schema = { 'email': rules['email'], 'first_name': { 'required': True, 'type': 'string', 'maxlength': 255 }, 'last_name': { 'required': True, 'type': 'string', 'maxlength': 255 }, 'password': rules['password'], 'user_type': { 'required': True, 'type': 'string', 'allowed': ['school', 'student'] }, } v = make_validator(schema) if not v.validate(data): return failed('Invalid input', {'error': v.errors}) if data.get('user_type') != 'student': return failed('Invalid user_type') user = self.model.objects.filter(email=data['email']).first() if user: return failed('An account with this email already exists') data['password'] = hash_pwd(data['password']) try: user = store(self.model, data) profileData = dict_pluck(data, ['first_name', 'last_name']) profileData['user_id'] = user.id profile = store(models.student_profile, profileData) self.do_send_confirmation_email(user.email, user.id) except Exception as e: print(e) errorMsg = str(e) if errorMsg: return failed(errorMsg) login_user(user) return success()
def send_reset_password_email(self): data = request_json() # recaptcha errorMsg = validate_recaptcha(data['recaptcha']) if errorMsg: return failed(errorMsg) # validate schema = { 'email': rules['email'], } v = make_validator(schema) if not v.validate(data): return failed('Invalid input', {'error': v.errors}) # whether exist email = data['email'] user = self.model.objects.filter(email=email).first() if not user: return failed('The account for the given email does not exist') if user.user_type == 'school' and get_user_profile( user).status != 'normal': return failed('This account is currently not enabled') # data = { 'token': md5(str_rand(16)), 'email': email, } record = models.reset_password_email.objects.filter( email=email).first() if record: item = update(models.reset_password_email, data, record.id) else: item = store(models.reset_password_email, data) link = url_for('index', _external=True) + 'reset-password?token=' + data[ 'token'] # generate absolute link print('reset password link:', link) try: msg = Message('[%s] Reset your account password' % (app.config['site_name']), recipients=[email]) msg.html = render_template('email/reset-password.html', email=email, link=link, app=app) mail.send(msg) except Exception as e: return failed(str(e)) return success()
def check_reset_password_token(self): data = request_json() # recaptcha errorMsg = validate_recaptcha(data['recaptcha']) if errorMsg: return failed(errorMsg) token = data.get('token', None) if not token: return failed('Illegal request') item = models.reset_password_email.objects.filter(token=token).first() if not item: return failed('No record found with given token') expired = (datetime.now() - item.updated_at).seconds > 3600 * 1 if expired: return failed('Link expired') user = self.model.objects.filter(email=item.email).first() return success(user_to_dict(user))
def reset_password(self): data = request_json() # recaptcha errorMsg = validate_recaptcha(data['recaptcha']) if errorMsg: return failed(errorMsg) # validate schema = { 'user_id': { 'required': True, 'type': 'string' }, 'token': { 'required': True, 'type': 'string' }, 'password': rules['password'], } v = make_validator(schema) if not v.validate(data): return failed('Invalid input', {'error': v.errors}) # record = models.reset_password_email.objects.filter( token=data['token']).first() user = self.model.objects.filter(id=data['user_id']).first() if not record or not user or record.email != user.email: return failed('Illegal request') # expired = (datetime.now() - record.updated_at).seconds > 3600 * 1 if expired: return failed('Link expired') user.password = hash_pwd(data['password']) user.email_confirmed = True user.save() record.delete() return success()
async def claim(request): # handle faucet claim data = await request.post() if config.debug: print(request.headers) request_ip = '' if config.x_real_ip: request_ip = request.headers.get('X-Real-IP', '') if request_ip == '': request_ip = request.remote # not secure! cookie = request.cookies.get(config.cookie_name, '') if config.debug: print(request_ip, data, cookie) claim_address = data['_address'] recaptcha = data.get('_recaptcha', '') # anti-DoS / sanity check if len(claim_address) > config.maxAddressLen: print( f"Invalid request from IP {request_ip}: Address field too long (DoS?)", flush=True) return web.json_response({ 'status': 'Error', 'msg': 'Address is invalid' }) if claim_address == config.faucet_address: print( f"Invalid request from IP {request_ip}: Address == faucet_address (DoS?)", flush=True) return web.json_response({ 'status': 'Error', 'msg': 'Address is invalid' }) if len(recaptcha) > 1024: # should be enough?! print( f"Invalid request from IP {request_ip}: Recaptcha field too long (DoS?)", flush=True) return web.json_response({'status': 'Error', 'msg': 'Recaptcha error'}) # check address is correct format if not validate_address(claim_address): print(f"Invalid request from IP {request_ip}: Address invalid", flush=True) return web.json_response({ 'status': 'Error', 'msg': f'Address {claim_address} is invalid' }) # limit claims by address if not check_claims("address", claim_address): print( f"Too many claims for address {claim_address} from IP {request_ip}", flush=True) return web.json_response({ 'status': 'Error', 'msg': 'Maximum claims exceeded. Please try again later' }) # validate cookie if not validate_cookie(cookie): print(f"Invalid cookie from IP {request_ip}", flush=True) return web.json_response({ 'status': 'Error', 'msg': 'Cookie validation error. Javascript and cookies must be enabled for this faucet to work' }) # limit claims by cookie if not check_claims("cookie", cookie): print(f"Too many claims for cookie from IP {request_ip}", flush=True) return web.json_response({ 'status': 'Error', 'msg': 'Maximum claims exceeded. Please try again later' }) # limit claims by ip if not check_ip(request_ip): print(f"Too many claims from IP {request_ip}", flush=True) return web.json_response({ 'status': 'Error', 'msg': 'Maximum claims exceeded. Please try again later' }) # validate reCAPTCHA if not validate_recaptcha(recaptcha): print(f"Recaptcha validation failed for IP {request_ip}", flush=True) return web.json_response({ 'status': 'Error', 'msg': 'reCAPTCHA validation failed' }) try: rvn = RavenProxy(service_url=config.coin_daemon_url, datadir=config.args.datadir) txid = b2lx(rvn.sendtoaddress(claim_address, config.claim_amount)) update_claimtime(request_ip, claim_address, cookie) print( f"Sent {config.claim_amount/COIN} {config.denom} to address {claim_address} for IP {request_ip}", flush=True) return web.json_response({ 'status': 'Success', 'msg': f'Sent {config.claim_amount/COIN} {config.denom} to {claim_address},<br> \ txid <a href="https://testnet.ravencoin.network/tx/{txid}">{txid}</s>' }) except Exception as e: if config.debug: print(e) print( f"Error sending {config.claim_amount/COIN} {config.denom} to address {claim_address} for IP {request_ip}", flush=True) return web.json_response({ 'status': 'Error', 'msg': 'Error sending coins. Please try again later' })
def register(self): data = request_json() # recaptcha errorMsg = validate_recaptcha(data['recaptcha']) if errorMsg: return failed(errorMsg) # schema = { 'name': { 'required': True, 'type': 'string', 'maxlength': 255 }, 'address': { 'required': True, 'type': 'string', 'maxlength': 255 }, 'city': { 'required': True, 'type': 'string', 'maxlength': 255 }, 'country': { 'required': True, 'type': 'string', 'maxlength': 255 }, 'email': rules['email'], 'introduction': { 'required': True, 'type': 'string', 'maxlength': 1000 }, 'website': { 'required': True, 'type': 'string', 'maxlength': 1000 }, 'contact_persons': { 'required': True, 'maxlength': 1000 }, 'registration_document': { 'required': True, 'maxlength': 1000 }, } v = make_validator(schema) if not v.validate(data): return failed('Invalid input', {'error': v.errors}) try: t = data['contact_persons'] keys = ['last_name', 'first_name', 'title', 'email', 'tel'] if not keys_match(t[0], keys) or not keys_match(t[1], keys): return failed('Invalid input') for k, v in t[0].items(): if not v: return failed('The %s is required.' % (k.replace('_', ' '))) except Exception as e: app.logger.debug(e) return failed('Invalid input') # user = self.model.objects.filter(email=data['email']).first() if user: return failed('An account with this email already exists') userData = { 'email': data['email'], 'password': hash_pwd(str_rand(16)), 'user_type': 'school', } try: user = store(self.model, userData) data['user_id'] = user.id data['status'] = 'pending' profile = store(models.school_profile, data) except Exception as e: app.logger.debug(e) return failed(str(e)) return success()