def deactivate_account():
user_data = request.get_json()
user_instance = UserModel.get(user_data.get("email"))
user_instance.update(
attributes={"active": {
"value": False,
"action": "PUT"
}})
return jsonify(user_instance.serialize())
def login():
user_data = request.get_json()
# CURTIS: does the below work in terms of timing attacks?
validLogin = False
# switch this to true iff they exist, their password checks out,
# and their account is active.
if UserModel.count(user_data["email"]):
user_instance = UserModel.get(user_data["email"])
if user_instance.checkPassword(user_data['password']):
if user_instance.active:
validLogin = True
if validLogin:
user_instance = UserModel.get(user_data["email"])
return user_instance.encodeAuthToken()
else:
return "Error logging in", 400
def activate(activation_token):
email = decode_activation_token(activation_token)
if email:
user_instance = UserModel.get(email)
if user_instance.active:
return "account already activated", 400
user_instance.update(actions=[
UserModel.active.set(True)
])
# publish to SNS topic
## ???
## ???
## CURTIS: i went ahead and set this up, i think i get it now, should be fine,
### just haven't done it yet. and hard to test it without starting work on the
### other services
return jsonify(user_instance.serialize())
else:
return "invalid activation token", 400
def update_account():
user_data = request.get_json()
user_instance = UserModel.get(user_data.get("email"))
new_email = user_data.get("new_email")
if new_email:
# create new user
# delete old user
# PUBLISH to SNS feed
## haven't done any of this yet. partly because i'm curious about some
## language in the requirements about user id/email
pass
else:
user_instance.update(
attributes={
"first_name": {
"value":
user_data.get("first_name")
or user_instance.get("first_name"),
"action":
"PUT"
},
"last_name": {
"value":
user_data.get("last_name")
or user_instance.get("last_name"),
"action":
"PUT"
},
"password_hash": {
"value":
user_instance.setPasswordHash(user_data.get("password")) if
user_data.get("password") else user_instance.password_hash,
"action":
"PUT"
}
})
# PUBLISH TO SNS FEED
# ??
return jsonify(user_instance.serialize())
def _handle_social_user(self, data):
# generate random password for social users
if not self._validate_social_auth(data):
raise SocialError("Invalid social auth")
user = None
data["password"] = str(uuid.uuid4()) + str(time.time())
session_id = g.get("session_id", None)
model = UserModel(session_id)
registered = model.ident_exists(data["ident"])
session_model = Session()
if registered: # social auth already checked
user = model.get(data["ident"])
else:
if model.username_exists(data["username"]):
data["username"] += "-%s" % (time.strftime("%H%M%S"))
user = model.create(data)
if user:
session_model.update(
session_id,
user_id=user.id,
social_access_token=data.get("social_access_token"))
return user
