def set_message_sent(id_message, svc_port):
log.info('Set {} sent'.format(id_message))
import json
import datetime
from base_svc.comm import BaseAPIRequestHandler
n = str(datetime.datetime.now())[:19]
rh = BaseAPIRequestHandler()
data = {'id_message': id_message, 'sent_time': n}
rh.set_argument('data', json.dumps(data, ensure_ascii=False))
kwargs = {}
kwargs['request_handler'] = rh
from base_svc.comm import call
import base_api.mail_api.sent_mail
try:
res, status = call(
'localhost',
# base_config.settings.APP_PORT,
svc_port,
base_api.mail_api.sent_mail.location,
data,
base_api.mail_api.sent_mail.set_mail_sent.__api_method_type__)
except ConnectionRefusedError as e:
log.critical('Servis not working: {}'.format(e))
return False
if status != 204:
log.error('Error set message {} sent: {}'.format(id_message, res))
return True
def set_message_sent(id_message, svc_port):
log.info('Set {} sent'.format(id_message))
import json
import datetime
from base_svc.comm import BaseAPIRequestHandler
n = str(datetime.datetime.now())[:19]
rh = BaseAPIRequestHandler()
data = {'id_message': id_message, 'sent_time': n}
rh.set_argument('data', json.dumps(data))
kwargs = {}
kwargs['request_handler'] = rh
from base_svc.comm import call
import base_api.mail_api.sent_mail
try:
res, status = call(
'localhost',
# base_config.settings.APP_PORT,
svc_port,
base_api.mail_api.sent_mail.location,
data,
base_api.mail_api.sent_mail.set_mail_sent.__api_method_type__)
except ConnectionRefusedError as e:
log.critical('Servis not working: {}'.format(e))
return False
if status != 204:
log.error('Error set message {} sent: {}'.format(id_message, res))
return True
def do_put(username, *args, **kwargs):
"""
Forgot password
"""
_db = get_db()
request = kwargs['request_handler']
username = username.lower()
if not check_user_exists(username, _db):
log.critical('User check fail')
return base_common.msg.error(msgs.USER_NOT_FOUND)
# GET HASH FOR FORGOTTEN PASSWORD
rh = BaseAPIRequestHandler()
data = {'cmd': 'forgot_password', 'username': username}
rh.set_argument('data', json.dumps(data, ensure_ascii=False))
kwargs['request_handler'] = rh
res = base_api.hash2params.save_hash.do_put(
json.dumps(data, ensure_ascii=False), *args, **kwargs)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error('Cannot handle forgot password')
tk = res['h']
if not forgot_password_hook(request, username, tk, **kwargs):
log.critical('Error finishing username change process')
return base_common.msg.error(msgs.ERROR_PASSWORD_RESTORE)
#
# message = get_email_message(request, username, tk)
#
# # SAVE EMAIL FOR SENDING
# rh1 = BaseAPIRequestHandler()
# rh1.set_argument('sender', support_mail)
# rh1.set_argument('receiver', username)
# rh1.set_argument('message', message)
# kwargs['request_handler'] = rh1
# res = base_api.mail_api.save_mail.do_put(support_mail, username, message, *args, **kwargs)
# if 'http_status' not in res or res['http_status'] != 204:
# return base_common.msg.error('Error finishing change password request')
return base_common.msg.post_ok(msgs.OK)
def change_username_success_hook(receiver, **kwargs):
message = 'Dear,<br/> Your username has been updated!<br/>Thank You!'
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler()
rh1.set_argument('sender', support_mail)
rh1.set_argument('receiver', receiver)
rh1.set_argument('subject', 'Username successfully changed')
rh1.set_argument('message', message)
kwargs['request_handler'] = rh1
res = base_api.mail_api.save_mail.do_put(support_mail, receiver, message,
**kwargs)
if 'http_status' not in res or res['http_status'] != 204:
log.critical('Error save info message')
return False
return True
def forgot_password_hook(request, receiver, tk, **kwargs):
message = get_email_message(request, receiver, tk)
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler()
rh1.set_argument('sender', support_mail)
rh1.set_argument('receiver', receiver)
rh1.set_argument('subject', 'Forgot password query')
rh1.set_argument('message', message)
kwargs['request_handler'] = rh1
res = base_api.mail_api.save_mail.do_put(support_mail, receiver, message,
**kwargs)
if 'http_status' not in res or res['http_status'] != 204:
log.critical('Error save info message')
return False
return True
def do_put(request, *args, **kwargs):
"""
Forgot password
:param username: users username, string, True
:return: 200, OK
:return: 404, notice
"""
log = request.log
_db = get_md2db()
try:
username = request.get_argument('username')
except tornado.web.MissingArgumentError:
log.critical('Missing argument username')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
if not check_user_exists(username, _db, log):
log.critical('User check fail')
return base_common.msg.error(msgs.USER_NOT_FOUND)
# GET HASH FOR FORGOTTEN PASSWORD
rh = BaseAPIRequestHandler(log)
data = {'cmd': 'forgot_password', 'username': username}
rh.set_argument('data', json.dumps(data))
res = base_api.hash2params.save_hash.do_put(rh)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error('Cannot handle forgot password')
tk = res['h']
message = get_email_message(request, username, tk)
# SAVE EMAIL FOR SENDING
rh1 = BaseAPIRequestHandler(log)
rh1.set_argument('sender', support_mail)
rh1.set_argument('receiver', username)
rh1.set_argument('message', message)
res = base_api.mail_api.save_mail.do_put(rh1)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error('Error finishing change password request')
return base_common.msg.post_ok(msgs.OK)
def forgot_password_hook(request, receiver, tk, **kwargs):
message = get_email_message(request, receiver, tk)
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler()
rh1.set_argument("sender", support_mail)
rh1.set_argument("receiver", receiver)
rh1.set_argument("subject", "Forgot password query")
rh1.set_argument("message", message)
kwargs["request_handler"] = rh1
res = base_api.mail_api.save_mail.do_put(support_mail, receiver, message, **kwargs)
if "http_status" not in res or res["http_status"] != 204:
log.critical("Error save info message")
return False
return True
def change_username_success_hook(receiver, **kwargs):
message = "Dear,<br/> Your username has been updated!<br/>Thank You!"
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler()
rh1.set_argument("sender", support_mail)
rh1.set_argument("receiver", receiver)
rh1.set_argument("subject", "Username successfully changed")
rh1.set_argument("message", message)
kwargs["request_handler"] = rh1
res = base_api.mail_api.save_mail.do_put(support_mail, receiver, message, **kwargs)
if "http_status" not in res or res["http_status"] != 204:
log.critical("Error save info message")
return False
return True
def do_post(newusername, password, redirect_url, **kwargs):
"""
Change username
"""
_db = get_db()
dbc = _db.cursor()
if check_user_registered(dbc, newusername):
return base_common.msg.error(msgs.USERNAME_ALREADY_TAKEN)
tk = kwargs['auth_token']
dbuser = get_user_by_token(_db, tk)
if not check_password(dbuser.password, dbuser.username, password):
log.critical('Wrong users password: {}'.format(password))
return base_common.msg.error(msgs.WRONG_PASSWORD)
passwd = format_password(newusername, password)
# SAVE HASH FOR USERNAME CHANGE
rh = BaseAPIRequestHandler()
# encryptuj pass, successfully landing page
data = {'cmd': 'change_username', 'newusername': newusername, 'id_user': dbuser.id_user,
'password': passwd, 'redirect_url': redirect_url}
rh.set_argument('data', json.dumps(data, ensure_ascii=False))
kwargs['request_handler'] = rh
res = base_api.hash2params.save_hash.do_put(json.dumps(data, ensure_ascii=False), **kwargs)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error('Cannot handle forgot password')
h = res['h']
if not change_username_hook(h, newusername, dbuser, **kwargs):
log.critical('Error finishing username change process')
return base_common.msg.error(msgs.ERROR_CHANGE_USERNAME)
return base_common.msg.post_ok(msgs.CHANGE_USERNAME_REQUEST)
def do_get(request, *args, **kwargs):
"""
Change password
:param username: users new username, string, True
:param password: users password, string, True
:return: 200, OK
:return: 404
"""
log = request.log
_db = get_md2db()
dbc = _db.cursor()
h2p = get_url_token(request, log)
if not h2p or len(h2p) < 64:
log.critical('Wrong or expired token {}'.format(h2p))
return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN)
rh = BaseAPIRequestHandler(log)
rh.set_argument('hash', h2p)
rh.r_ip = request.r_ip
res = base_api.hash2params.retrieve_hash.do_get(rh)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED)
try:
user_id = res['user_id']
newusername = res['newusername']
password = res['password']
except KeyError as e:
log.critical('Missing hash parameter: {}'.format(e))
return base_common.msg.error(msgs.TOKEN_MISSING_ARGUMENT)
q = '''select username from users where id = '{}' '''.format(user_id)
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Error fetching user: {}'.format(e))
return base_common.msg.error(msgs.USER_NOT_FOUND)
if dbc.rowcount != 1:
log.critical('Users found {}'.format(dbc.rowcount))
return base_common.msg.error(msgs.USER_NOT_FOUND)
dbu = dbc.fetchone()
passwd = format_password(newusername, password);
q1 = '''update users set username = '******', password = '******' where id = '{}' '''.format(newusername, passwd, user_id)
try:
dbc.execute(q1)
except IntegrityError as e:
log.critical('Error updating user: {}'.format(e))
return base_common.msg.error(msgs.USER_UPDATE_ERROR)
_db.commit()
message = _get_email_message()
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler(log)
rh1.set_argument('sender', support_mail)
rh1.set_argument('receiver', newusername)
rh1.set_argument('message', message)
res = base_api.mail_api.save_mail.do_put(rh1)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
return base_common.msg.post_ok(msgs.USER_NAME_CHANGED)
def change_username_hook(hash2param, newusername, dbuser, **kwargs):
# jedan hook za oba mail-a
message = _get_email_message(hash2param)
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler()
rh1.set_argument('sender', support_mail)
rh1.set_argument('receiver', newusername)
rh1.set_argument('subject', 'Username change request')
rh1.set_argument('message', message)
kwargs['request_handler'] = rh1
res = base_api.mail_api.save_mail.do_put(support_mail, newusername,
message, **kwargs)
if 'http_status' not in res or res['http_status'] != 204:
log.critical('Error save redirection email')
return False
message2 = _get_email_warning(dbuser.username, newusername)
rh2 = BaseAPIRequestHandler()
rh2.set_argument('sender', support_mail)
rh2.set_argument('receiver', dbuser.username)
rh2.set_argument('subject', 'Username change request saved')
rh2.set_argument('message', message2)
kwargs['request_handler'] = rh2
res = base_api.mail_api.save_mail.do_put(support_mail, dbuser.username,
message2, **kwargs)
if 'http_status' not in res or res['http_status'] != 204:
log.critical('Error save warning email')
return False
return True
def do_get(hash2param, redirect, **kwargs):
"""
Change username
"""
_db = get_db()
dbc = _db.cursor()
request = kwargs['request_handler']
if hash2param:
h2p = hash2param
else:
h2p = get_first_param_uri(request)
if not h2p:
log.critical('Wrong or expired token {}'.format(h2p))
return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN)
rh = BaseAPIRequestHandler()
rh.set_argument('hash', h2p)
kwargs['request_handler'] = rh
res = base_api.hash2params.retrieve_hash.do_get(h2p, False, **kwargs)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED)
try:
id_user = res['id_user']
newusername = res['newusername']
password = res['password']
except KeyError as e:
log.critical('Missing hash parameter: {}'.format(e))
return base_common.msg.error(msgs.TOKEN_MISSING_ARGUMENT)
q = '''select username from users where id = '{}' '''.format(id_user)
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Error fetching user: {}'.format(e))
return base_common.msg.error(msgs.USER_NOT_FOUND)
if dbc.rowcount != 1:
log.critical('Users found {}'.format(dbc.rowcount))
return base_common.msg.error(msgs.USER_NOT_FOUND)
q1 = '''update users set username = '******', password = '******' where id = '{}' '''.format(newusername, password, id_user)
try:
dbc.execute(q1)
except IntegrityError as e:
log.critical('Error updating user: {}'.format(e))
return base_common.msg.error(msgs.USER_UPDATE_ERROR)
_db.commit()
if not change_username_success_hook(newusername, **kwargs):
log.critical('Error sending info message')
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
if redirect:
if 'redirect_url' not in res:
log.critical('Missing redirect url in saved hash')
return base_common.msg.error(msgs.MISSING_REDIRECTION_URL)
return base_common.msg.post_ok({'redirect': True, 'redirect_url': res['redirect_url']})
return base_common.msg.post_ok(msgs.USER_NAME_CHANGED)
def do_put(request, *args, **kwargs):
"""
Forgot password
:param username: users username, string, True
:return: 200, OK
:return: 404, notice
"""
log = request.log
_db = get_db()
try:
username = request.get_argument('username')
except tornado.web.MissingArgumentError:
log.critical('Missing argument username')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
if not check_user_exists(username, _db, log):
log.critical('User check fail')
return base_common.msg.error(msgs.USER_NOT_FOUND)
# GET HASH FOR FORGOTTEN PASSWORD
rh = BaseAPIRequestHandler(log)
data = {'cmd': 'forgot_password', 'username': username}
rh.set_argument('data', json.dumps(data))
res = base_api.hash2params.save_hash.do_put(rh)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error('Cannot handle forgot password')
tk = res['h']
message = get_email_message(request, username, tk)
# SAVE EMAIL FOR SENDING
rh1 = BaseAPIRequestHandler(log)
rh1.set_argument('sender', support_mail)
rh1.set_argument('receiver', username)
rh1.set_argument('message', message)
res = base_api.mail_api.save_mail.do_put(rh1)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error('Error finishing change password request')
return base_common.msg.post_ok(msgs.OK)
def do_post(request, *args, **kwargs):
"""
Change password
:param username: users username, string, True
:param password: users password, string, True
:return: 200, OK
:return: 404
"""
log = request.log
_db = get_md2db()
dbc = _db.cursor()
# TODO: check users token
try:
newpassword = request.get_argument('newpassword')
except tornado.web.MissingArgumentError:
log.critical('Missing argument password')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
# CHANGE PASSWORD FROM FORGOT PASSWORD FLOW
h2p = get_url_token(request, log)
if h2p and len(h2p) > 60:
rh = BaseAPIRequestHandler(log)
rh.set_argument('hash', h2p)
rh.r_ip= request.r_ip
res = base_api.hash2params.retrieve_hash.do_get(rh)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED)
username = res['username']
else:
# TRY TO CHANGE PASSWORD FROM USER CHANGE REQUEST
tk = request.auth_token
if not authorized_by_token(dbc, tk, log):
return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST)
username, oldpwdhashed, user_id = get_user_by_token(dbc, tk, log)
if not username:
log.critical('User not found by token')
return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST)
try:
oldpassword = request.get_argument('oldpassword')
except tornado.web.MissingArgumentError:
log.critical('Missing argument oldpassword')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
if not check_password(oldpwdhashed, username, oldpassword):
log.critical("Passwords don't match, entered : {}".format(oldpassword))
return base_common.msg.error(msgs.WRONG_PASSWORD)
# UPDATE USERS PASSWORD
password = format_password(username, newpassword)
uq = "update users set password = '******' where username = '******'".format(
password,
username
)
try:
dbc.execute(uq)
except Exception as e:
log.critical('Change password: {}'.format(e))
return base_common.msg.error(msgs.USER_PASSWORD_CHANGE_ERROR)
_db.commit()
return base_common.msg.post_ok(msgs.USER_PASSWORD_CHANGED)
def do_post(newpassword, hash, **kwargs):
"""
Change password
"""
_db = get_db()
dbc = _db.cursor()
request = kwargs['request_handler']
# CHANGE PASSWORD FROM FORGOT PASSWORD FLOW
if hash and len(hash) > 60:
rh = BaseAPIRequestHandler()
rh.set_argument('hash', hash)
rh.r_ip = request.r_ip
kwargs['request_handler'] = rh
res = base_api.hash2params.retrieve_hash.do_get(hash, False, **kwargs)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED)
username = res['username']
else:
# TRY TO CHANGE PASSWORD FROM USER CHANGE REQUEST
tk = request.auth_token
if not authorized_by_token(_db, tk):
return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST)
dbuser = get_user_by_token(_db, tk)
if not dbuser.username:
log.critical('User not found by token')
return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST)
try:
oldpassword = request.get_argument('oldpassword')
except tornado.web.MissingArgumentError:
log.critical('Missing argument oldpassword')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
if not check_password(dbuser.password, dbuser.username, oldpassword):
log.critical("Passwords don't match, entered : {}".format(oldpassword))
return base_common.msg.error(msgs.WRONG_PASSWORD)
username = dbuser.username
# UPDATE USERS PASSWORD
password = format_password(username, newpassword)
uq = "update users set password = '******' where username = '******'".format(
password,
username
)
try:
dbc.execute(uq)
except Exception as e:
log.critical('Change password: {}'.format(e))
return base_common.msg.error(msgs.USER_PASSWORD_CHANGE_ERROR)
_db.commit()
return base_common.msg.post_ok(msgs.USER_PASSWORD_CHANGED)
def change_username_hook(hash2param, newusername, dbuser, **kwargs):
# jedan hook za oba mail-a
message = _get_email_message(hash2param)
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler()
rh1.set_argument("sender", support_mail)
rh1.set_argument("receiver", newusername)
rh1.set_argument("subject", "Username change request")
rh1.set_argument("message", message)
kwargs["request_handler"] = rh1
res = base_api.mail_api.save_mail.do_put(support_mail, newusername, message, **kwargs)
if "http_status" not in res or res["http_status"] != 204:
log.critical("Error save redirection email")
return False
message2 = _get_email_warning(dbuser.username, newusername)
rh2 = BaseAPIRequestHandler()
rh2.set_argument("sender", support_mail)
rh2.set_argument("receiver", dbuser.username)
rh2.set_argument("subject", "Username change request saved")
rh2.set_argument("message", message2)
kwargs["request_handler"] = rh2
res = base_api.mail_api.save_mail.do_put(support_mail, dbuser.username, message2, **kwargs)
if "http_status" not in res or res["http_status"] != 204:
log.critical("Error save warning email")
return False
return True
def do_post(request, *args, **kwargs):
"""
Change password
:param username: users new username, string, True
:param password: users password, string, True
:return: 200, OK
:return: 404
"""
log = request.log
_db = get_md2db()
dbc = _db.cursor()
try:
newusername = request.get_argument('username')
password = request.get_argument('password')
except tornado.web.MissingArgumentError:
log.critical('Missing argument password')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
tk = request.auth_token
u_n, u_p, u_i = get_user_by_token(dbc, tk, log)
newusername = qu_esc(newusername)
password = qu_esc(password)
if not check_password(u_p, u_n, password):
log.critical('Wrong users password: {}'.format(password))
return base_common.msg.error(msgs.WRONG_PASSWORD)
# SAVE HASH FOR USERNAME CHANGE
rh = BaseAPIRequestHandler(log)
data = {'cmd': 'change_username', 'newusername': newusername, 'user_id': u_i, 'password': password}
rh.set_argument('data', json.dumps(data))
res = base_api.hash2params.save_hash.do_put(rh)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error('Cannot handle forgot password')
h = res['h']
message = _get_email_message(request, h)
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler(log)
rh1.set_argument('sender', support_mail)
rh1.set_argument('receiver', newusername)
rh1.set_argument('message', message)
res = base_api.mail_api.save_mail.do_put(rh1)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
message2 = _get_email_warning(u_n, newusername)
rh2 = BaseAPIRequestHandler(log)
rh2.set_argument('sender', support_mail)
rh2.set_argument('receiver', u_n)
rh2.set_argument('message', message2)
res = base_api.mail_api.save_mail.do_put(rh2)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
return base_common.msg.post_ok(msgs.CHANGE_USERNAME_REQUEST)
def do_post(newusername, password, **kwargs):
"""
Change password
"""
_db = get_db()
tk = kwargs['auth_token']
dbuser = get_user_by_token(_db, tk)
if not check_password(dbuser.password, dbuser.username, password):
log.critical('Wrong users password: {}'.format(password))
return base_common.msg.error(msgs.WRONG_PASSWORD)
# SAVE HASH FOR USERNAME CHANGE
rh = BaseAPIRequestHandler()
data = {'cmd': 'change_username', 'newusername': newusername, 'id_user': dbuser.id_user, 'password': password}
rh.set_argument('data', json.dumps(data))
kwargs['request_handler'] = rh
res = base_api.hash2params.save_hash.do_put(json.dumps(data), **kwargs)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error('Cannot handle forgot password')
h = res['h']
message = _get_email_message(h)
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler()
rh1.set_argument('sender', support_mail)
rh1.set_argument('receiver', newusername)
rh1.set_argument('message', message)
kwargs['request_handler'] = rh1
res = base_api.mail_api.save_mail.do_put(support_mail, newusername, message, **kwargs)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
message2 = _get_email_warning(dbuser.username, newusername)
rh2 = BaseAPIRequestHandler()
rh2.set_argument('sender', support_mail)
rh2.set_argument('receiver', dbuser.username)
rh2.set_argument('message', message2)
kwargs['request_handler'] = rh2
res = base_api.mail_api.save_mail.do_put(support_mail, dbuser.username, message2, **kwargs)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
return base_common.msg.post_ok(msgs.CHANGE_USERNAME_REQUEST)
def do_post(request, *args, **kwargs):
"""
Change password
:param newpassword: users newpassword, string, True
:param oldpassword: old password if user logged, string, True
:return: 200, OK
:return: 404
"""
log = request.log
_db = get_db()
dbc = _db.cursor()
# TODO: check users token
try:
newpassword = request.get_argument('newpassword')
except tornado.web.MissingArgumentError:
log.critical('Missing argument password')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
# CHANGE PASSWORD FROM FORGOT PASSWORD FLOW
h2p = get_url_token(request, log)
if h2p and len(h2p) > 60:
rh = BaseAPIRequestHandler(log)
rh.set_argument('hash', h2p)
rh.r_ip = request.r_ip
res = base_api.hash2params.retrieve_hash.do_get(rh)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED)
username = res['username']
else:
# TRY TO CHANGE PASSWORD FROM USER CHANGE REQUEST
tk = request.auth_token
if not authorized_by_token(dbc, tk, log):
return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST)
# username, oldpwdhashed, user_id = get_user_by_token(dbc, tk, log)
dbuser = get_user_by_token(dbc, tk, log)
if not dbuser.username:
log.critical('User not found by token')
return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST)
try:
oldpassword = request.get_argument('oldpassword')
except tornado.web.MissingArgumentError:
log.critical('Missing argument oldpassword')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
if not check_password(dbuser.password, dbuser.username, oldpassword):
log.critical(
"Passwords don't match, entered : {}".format(oldpassword))
return base_common.msg.error(msgs.WRONG_PASSWORD)
username = dbuser.username
# UPDATE USERS PASSWORD
password = format_password(username, newpassword)
uq = "update users set password = '******' where username = '******'".format(
password, username)
try:
dbc.execute(uq)
except Exception as e:
log.critical('Change password: {}'.format(e))
return base_common.msg.error(msgs.USER_PASSWORD_CHANGE_ERROR)
_db.commit()
return base_common.msg.post_ok(msgs.USER_PASSWORD_CHANGED)
def do_put(data, email, mailmsg, web, *args, **kwargs):
"""
Save email for sending
"""
print(data+' '+email+' '+mailmsg)
subject, sender, receiver, emessage = get_message(data,email,mailmsg,web)
# print(sender,receiver,message)
# SAVE EMAIL FOR SENDING
# subj = 'Email from digitalcube'
# rh1 = BaseAPIRequestHandler()
# rh1.set_argument('sender', sender)
# rh1.set_argument('receiver', receiver)
# rh1.set_argument('message', emessage)
# rh1.set_argument('subject',subj)
# kwargs['request_handler'] = rh1
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler()
rh1.set_argument('sender', '*****@*****.**')
rh1.set_argument('receiver', '*****@*****.**')
rh1.set_argument('subject', subject)
rh1.set_argument('message', email + ' ' +mailmsg)
rh1.set_argument('data',data)
kwargs['request_handler'] = rh1
res = base_api.mail_api.save_mail.do_put(email, **kwargs)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error('Something wrong')
# res = base_api.mail_api.save_mail.do_put(sender, receiver, emessage, *args, **kwargs)
# if 'http_status' not in res or res['http_status'] != 204:
# return base_common.msg.error('Something wrong')
return base_common.msg.post_ok(msgs.OK)
def do_get(request, *args, **kwargs):
"""
Change password
:param username: users new username, string, True
:param password: users password, string, True
:return: 200, OK
:return: 404
"""
log = request.log
_db = get_db()
dbc = _db.cursor()
h2p = get_url_token(request, log)
if not h2p or len(h2p) < 64:
log.critical('Wrong or expired token {}'.format(h2p))
return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN)
rh = BaseAPIRequestHandler(log)
rh.set_argument('hash', h2p)
rh.r_ip = request.r_ip
res = base_api.hash2params.retrieve_hash.do_get(rh)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED)
try:
user_id = res['user_id']
newusername = res['newusername']
password = res['password']
except KeyError as e:
log.critical('Missing hash parameter: {}'.format(e))
return base_common.msg.error(msgs.TOKEN_MISSING_ARGUMENT)
q = '''select username from users where id = '{}' '''.format(user_id)
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Error fetching user: {}'.format(e))
return base_common.msg.error(msgs.USER_NOT_FOUND)
if dbc.rowcount != 1:
log.critical('Users found {}'.format(dbc.rowcount))
return base_common.msg.error(msgs.USER_NOT_FOUND)
dbu = dbc.fetchone()
passwd = format_password(newusername, password)
q1 = '''update users set username = '******', password = '******' where id = '{}' '''.format(
newusername, passwd, user_id)
try:
dbc.execute(q1)
except IntegrityError as e:
log.critical('Error updating user: {}'.format(e))
return base_common.msg.error(msgs.USER_UPDATE_ERROR)
_db.commit()
message = _get_email_message()
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler(log)
rh1.set_argument('sender', support_mail)
rh1.set_argument('receiver', newusername)
rh1.set_argument('message', message)
res = base_api.mail_api.save_mail.do_put(rh1)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
return base_common.msg.post_ok(msgs.USER_NAME_CHANGED)
def do_post(request, *args, **kwargs):
"""
Change password
:param username: users new username, string, True
:param password: users password, string, True
:return: 200, OK
:return: 404
"""
log = request.log
_db = get_db()
dbc = _db.cursor()
try:
newusername = request.get_argument('username')
password = request.get_argument('password')
except tornado.web.MissingArgumentError:
log.critical('Missing argument password')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
tk = request.auth_token
# u_n, u_p, u_i = get_user_by_token(dbc, tk, log)
dbuser = get_user_by_token(dbc, tk, log)
newusername = qu_esc(newusername)
password = qu_esc(password)
if not check_password(dbuser.password, dbuser.username, password):
log.critical('Wrong users password: {}'.format(password))
return base_common.msg.error(msgs.WRONG_PASSWORD)
# SAVE HASH FOR USERNAME CHANGE
rh = BaseAPIRequestHandler(log)
data = {
'cmd': 'change_username',
'newusername': newusername,
'user_id': dbuser.user_id,
'password': password
}
rh.set_argument('data', json.dumps(data))
res = base_api.hash2params.save_hash.do_put(rh)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error('Cannot handle forgot password')
h = res['h']
message = _get_email_message(request, h)
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler(log)
rh1.set_argument('sender', support_mail)
rh1.set_argument('receiver', newusername)
rh1.set_argument('message', message)
res = base_api.mail_api.save_mail.do_put(rh1)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
message2 = _get_email_warning(dbuser.username, newusername)
rh2 = BaseAPIRequestHandler(log)
rh2.set_argument('sender', support_mail)
rh2.set_argument('receiver', dbuser.username)
rh2.set_argument('message', message2)
res = base_api.mail_api.save_mail.do_put(rh2)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
return base_common.msg.post_ok(msgs.CHANGE_USERNAME_REQUEST)
