def set_message_sent(id_message, svc_port): log.info('Set {} sent'.format(id_message)) import json import datetime from base_svc.comm import BaseAPIRequestHandler n = str(datetime.datetime.now())[:19] rh = BaseAPIRequestHandler() data = {'id_message': id_message, 'sent_time': n} rh.set_argument('data', json.dumps(data, ensure_ascii=False)) kwargs = {} kwargs['request_handler'] = rh from base_svc.comm import call import base_api.mail_api.sent_mail try: res, status = call( 'localhost', # base_config.settings.APP_PORT, svc_port, base_api.mail_api.sent_mail.location, data, base_api.mail_api.sent_mail.set_mail_sent.__api_method_type__) except ConnectionRefusedError as e: log.critical('Servis not working: {}'.format(e)) return False if status != 204: log.error('Error set message {} sent: {}'.format(id_message, res)) return True
def set_message_sent(id_message, svc_port): log.info('Set {} sent'.format(id_message)) import json import datetime from base_svc.comm import BaseAPIRequestHandler n = str(datetime.datetime.now())[:19] rh = BaseAPIRequestHandler() data = {'id_message': id_message, 'sent_time': n} rh.set_argument('data', json.dumps(data)) kwargs = {} kwargs['request_handler'] = rh from base_svc.comm import call import base_api.mail_api.sent_mail try: res, status = call( 'localhost', # base_config.settings.APP_PORT, svc_port, base_api.mail_api.sent_mail.location, data, base_api.mail_api.sent_mail.set_mail_sent.__api_method_type__) except ConnectionRefusedError as e: log.critical('Servis not working: {}'.format(e)) return False if status != 204: log.error('Error set message {} sent: {}'.format(id_message, res)) return True
def do_put(username, *args, **kwargs): """ Forgot password """ _db = get_db() request = kwargs['request_handler'] username = username.lower() if not check_user_exists(username, _db): log.critical('User check fail') return base_common.msg.error(msgs.USER_NOT_FOUND) # GET HASH FOR FORGOTTEN PASSWORD rh = BaseAPIRequestHandler() data = {'cmd': 'forgot_password', 'username': username} rh.set_argument('data', json.dumps(data, ensure_ascii=False)) kwargs['request_handler'] = rh res = base_api.hash2params.save_hash.do_put( json.dumps(data, ensure_ascii=False), *args, **kwargs) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error('Cannot handle forgot password') tk = res['h'] if not forgot_password_hook(request, username, tk, **kwargs): log.critical('Error finishing username change process') return base_common.msg.error(msgs.ERROR_PASSWORD_RESTORE) # # message = get_email_message(request, username, tk) # # # SAVE EMAIL FOR SENDING # rh1 = BaseAPIRequestHandler() # rh1.set_argument('sender', support_mail) # rh1.set_argument('receiver', username) # rh1.set_argument('message', message) # kwargs['request_handler'] = rh1 # res = base_api.mail_api.save_mail.do_put(support_mail, username, message, *args, **kwargs) # if 'http_status' not in res or res['http_status'] != 204: # return base_common.msg.error('Error finishing change password request') return base_common.msg.post_ok(msgs.OK)
def change_username_success_hook(receiver, **kwargs): message = 'Dear,<br/> Your username has been updated!<br/>Thank You!' # SAVE EMAILS FOR SENDING rh1 = BaseAPIRequestHandler() rh1.set_argument('sender', support_mail) rh1.set_argument('receiver', receiver) rh1.set_argument('subject', 'Username successfully changed') rh1.set_argument('message', message) kwargs['request_handler'] = rh1 res = base_api.mail_api.save_mail.do_put(support_mail, receiver, message, **kwargs) if 'http_status' not in res or res['http_status'] != 204: log.critical('Error save info message') return False return True
def forgot_password_hook(request, receiver, tk, **kwargs): message = get_email_message(request, receiver, tk) # SAVE EMAILS FOR SENDING rh1 = BaseAPIRequestHandler() rh1.set_argument('sender', support_mail) rh1.set_argument('receiver', receiver) rh1.set_argument('subject', 'Forgot password query') rh1.set_argument('message', message) kwargs['request_handler'] = rh1 res = base_api.mail_api.save_mail.do_put(support_mail, receiver, message, **kwargs) if 'http_status' not in res or res['http_status'] != 204: log.critical('Error save info message') return False return True
def do_put(request, *args, **kwargs): """ Forgot password :param username: users username, string, True :return: 200, OK :return: 404, notice """ log = request.log _db = get_md2db() try: username = request.get_argument('username') except tornado.web.MissingArgumentError: log.critical('Missing argument username') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) if not check_user_exists(username, _db, log): log.critical('User check fail') return base_common.msg.error(msgs.USER_NOT_FOUND) # GET HASH FOR FORGOTTEN PASSWORD rh = BaseAPIRequestHandler(log) data = {'cmd': 'forgot_password', 'username': username} rh.set_argument('data', json.dumps(data)) res = base_api.hash2params.save_hash.do_put(rh) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error('Cannot handle forgot password') tk = res['h'] message = get_email_message(request, username, tk) # SAVE EMAIL FOR SENDING rh1 = BaseAPIRequestHandler(log) rh1.set_argument('sender', support_mail) rh1.set_argument('receiver', username) rh1.set_argument('message', message) res = base_api.mail_api.save_mail.do_put(rh1) if 'http_status' not in res or res['http_status'] != 204: return base_common.msg.error('Error finishing change password request') return base_common.msg.post_ok(msgs.OK)
def forgot_password_hook(request, receiver, tk, **kwargs): message = get_email_message(request, receiver, tk) # SAVE EMAILS FOR SENDING rh1 = BaseAPIRequestHandler() rh1.set_argument("sender", support_mail) rh1.set_argument("receiver", receiver) rh1.set_argument("subject", "Forgot password query") rh1.set_argument("message", message) kwargs["request_handler"] = rh1 res = base_api.mail_api.save_mail.do_put(support_mail, receiver, message, **kwargs) if "http_status" not in res or res["http_status"] != 204: log.critical("Error save info message") return False return True
def change_username_success_hook(receiver, **kwargs): message = "Dear,<br/> Your username has been updated!<br/>Thank You!" # SAVE EMAILS FOR SENDING rh1 = BaseAPIRequestHandler() rh1.set_argument("sender", support_mail) rh1.set_argument("receiver", receiver) rh1.set_argument("subject", "Username successfully changed") rh1.set_argument("message", message) kwargs["request_handler"] = rh1 res = base_api.mail_api.save_mail.do_put(support_mail, receiver, message, **kwargs) if "http_status" not in res or res["http_status"] != 204: log.critical("Error save info message") return False return True
def do_post(newusername, password, redirect_url, **kwargs): """ Change username """ _db = get_db() dbc = _db.cursor() if check_user_registered(dbc, newusername): return base_common.msg.error(msgs.USERNAME_ALREADY_TAKEN) tk = kwargs['auth_token'] dbuser = get_user_by_token(_db, tk) if not check_password(dbuser.password, dbuser.username, password): log.critical('Wrong users password: {}'.format(password)) return base_common.msg.error(msgs.WRONG_PASSWORD) passwd = format_password(newusername, password) # SAVE HASH FOR USERNAME CHANGE rh = BaseAPIRequestHandler() # encryptuj pass, successfully landing page data = {'cmd': 'change_username', 'newusername': newusername, 'id_user': dbuser.id_user, 'password': passwd, 'redirect_url': redirect_url} rh.set_argument('data', json.dumps(data, ensure_ascii=False)) kwargs['request_handler'] = rh res = base_api.hash2params.save_hash.do_put(json.dumps(data, ensure_ascii=False), **kwargs) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error('Cannot handle forgot password') h = res['h'] if not change_username_hook(h, newusername, dbuser, **kwargs): log.critical('Error finishing username change process') return base_common.msg.error(msgs.ERROR_CHANGE_USERNAME) return base_common.msg.post_ok(msgs.CHANGE_USERNAME_REQUEST)
def do_get(request, *args, **kwargs): """ Change password :param username: users new username, string, True :param password: users password, string, True :return: 200, OK :return: 404 """ log = request.log _db = get_md2db() dbc = _db.cursor() h2p = get_url_token(request, log) if not h2p or len(h2p) < 64: log.critical('Wrong or expired token {}'.format(h2p)) return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN) rh = BaseAPIRequestHandler(log) rh.set_argument('hash', h2p) rh.r_ip = request.r_ip res = base_api.hash2params.retrieve_hash.do_get(rh) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED) try: user_id = res['user_id'] newusername = res['newusername'] password = res['password'] except KeyError as e: log.critical('Missing hash parameter: {}'.format(e)) return base_common.msg.error(msgs.TOKEN_MISSING_ARGUMENT) q = '''select username from users where id = '{}' '''.format(user_id) try: dbc.execute(q) except IntegrityError as e: log.critical('Error fetching user: {}'.format(e)) return base_common.msg.error(msgs.USER_NOT_FOUND) if dbc.rowcount != 1: log.critical('Users found {}'.format(dbc.rowcount)) return base_common.msg.error(msgs.USER_NOT_FOUND) dbu = dbc.fetchone() passwd = format_password(newusername, password); q1 = '''update users set username = '******', password = '******' where id = '{}' '''.format(newusername, passwd, user_id) try: dbc.execute(q1) except IntegrityError as e: log.critical('Error updating user: {}'.format(e)) return base_common.msg.error(msgs.USER_UPDATE_ERROR) _db.commit() message = _get_email_message() # SAVE EMAILS FOR SENDING rh1 = BaseAPIRequestHandler(log) rh1.set_argument('sender', support_mail) rh1.set_argument('receiver', newusername) rh1.set_argument('message', message) res = base_api.mail_api.save_mail.do_put(rh1) if 'http_status' not in res or res['http_status'] != 204: return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE) return base_common.msg.post_ok(msgs.USER_NAME_CHANGED)
def change_username_hook(hash2param, newusername, dbuser, **kwargs): # jedan hook za oba mail-a message = _get_email_message(hash2param) # SAVE EMAILS FOR SENDING rh1 = BaseAPIRequestHandler() rh1.set_argument('sender', support_mail) rh1.set_argument('receiver', newusername) rh1.set_argument('subject', 'Username change request') rh1.set_argument('message', message) kwargs['request_handler'] = rh1 res = base_api.mail_api.save_mail.do_put(support_mail, newusername, message, **kwargs) if 'http_status' not in res or res['http_status'] != 204: log.critical('Error save redirection email') return False message2 = _get_email_warning(dbuser.username, newusername) rh2 = BaseAPIRequestHandler() rh2.set_argument('sender', support_mail) rh2.set_argument('receiver', dbuser.username) rh2.set_argument('subject', 'Username change request saved') rh2.set_argument('message', message2) kwargs['request_handler'] = rh2 res = base_api.mail_api.save_mail.do_put(support_mail, dbuser.username, message2, **kwargs) if 'http_status' not in res or res['http_status'] != 204: log.critical('Error save warning email') return False return True
def do_get(hash2param, redirect, **kwargs): """ Change username """ _db = get_db() dbc = _db.cursor() request = kwargs['request_handler'] if hash2param: h2p = hash2param else: h2p = get_first_param_uri(request) if not h2p: log.critical('Wrong or expired token {}'.format(h2p)) return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN) rh = BaseAPIRequestHandler() rh.set_argument('hash', h2p) kwargs['request_handler'] = rh res = base_api.hash2params.retrieve_hash.do_get(h2p, False, **kwargs) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED) try: id_user = res['id_user'] newusername = res['newusername'] password = res['password'] except KeyError as e: log.critical('Missing hash parameter: {}'.format(e)) return base_common.msg.error(msgs.TOKEN_MISSING_ARGUMENT) q = '''select username from users where id = '{}' '''.format(id_user) try: dbc.execute(q) except IntegrityError as e: log.critical('Error fetching user: {}'.format(e)) return base_common.msg.error(msgs.USER_NOT_FOUND) if dbc.rowcount != 1: log.critical('Users found {}'.format(dbc.rowcount)) return base_common.msg.error(msgs.USER_NOT_FOUND) q1 = '''update users set username = '******', password = '******' where id = '{}' '''.format(newusername, password, id_user) try: dbc.execute(q1) except IntegrityError as e: log.critical('Error updating user: {}'.format(e)) return base_common.msg.error(msgs.USER_UPDATE_ERROR) _db.commit() if not change_username_success_hook(newusername, **kwargs): log.critical('Error sending info message') return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE) if redirect: if 'redirect_url' not in res: log.critical('Missing redirect url in saved hash') return base_common.msg.error(msgs.MISSING_REDIRECTION_URL) return base_common.msg.post_ok({'redirect': True, 'redirect_url': res['redirect_url']}) return base_common.msg.post_ok(msgs.USER_NAME_CHANGED)
def do_put(request, *args, **kwargs): """ Forgot password :param username: users username, string, True :return: 200, OK :return: 404, notice """ log = request.log _db = get_db() try: username = request.get_argument('username') except tornado.web.MissingArgumentError: log.critical('Missing argument username') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) if not check_user_exists(username, _db, log): log.critical('User check fail') return base_common.msg.error(msgs.USER_NOT_FOUND) # GET HASH FOR FORGOTTEN PASSWORD rh = BaseAPIRequestHandler(log) data = {'cmd': 'forgot_password', 'username': username} rh.set_argument('data', json.dumps(data)) res = base_api.hash2params.save_hash.do_put(rh) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error('Cannot handle forgot password') tk = res['h'] message = get_email_message(request, username, tk) # SAVE EMAIL FOR SENDING rh1 = BaseAPIRequestHandler(log) rh1.set_argument('sender', support_mail) rh1.set_argument('receiver', username) rh1.set_argument('message', message) res = base_api.mail_api.save_mail.do_put(rh1) if 'http_status' not in res or res['http_status'] != 204: return base_common.msg.error('Error finishing change password request') return base_common.msg.post_ok(msgs.OK)
def do_post(request, *args, **kwargs): """ Change password :param username: users username, string, True :param password: users password, string, True :return: 200, OK :return: 404 """ log = request.log _db = get_md2db() dbc = _db.cursor() # TODO: check users token try: newpassword = request.get_argument('newpassword') except tornado.web.MissingArgumentError: log.critical('Missing argument password') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) # CHANGE PASSWORD FROM FORGOT PASSWORD FLOW h2p = get_url_token(request, log) if h2p and len(h2p) > 60: rh = BaseAPIRequestHandler(log) rh.set_argument('hash', h2p) rh.r_ip= request.r_ip res = base_api.hash2params.retrieve_hash.do_get(rh) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED) username = res['username'] else: # TRY TO CHANGE PASSWORD FROM USER CHANGE REQUEST tk = request.auth_token if not authorized_by_token(dbc, tk, log): return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST) username, oldpwdhashed, user_id = get_user_by_token(dbc, tk, log) if not username: log.critical('User not found by token') return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST) try: oldpassword = request.get_argument('oldpassword') except tornado.web.MissingArgumentError: log.critical('Missing argument oldpassword') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) if not check_password(oldpwdhashed, username, oldpassword): log.critical("Passwords don't match, entered : {}".format(oldpassword)) return base_common.msg.error(msgs.WRONG_PASSWORD) # UPDATE USERS PASSWORD password = format_password(username, newpassword) uq = "update users set password = '******' where username = '******'".format( password, username ) try: dbc.execute(uq) except Exception as e: log.critical('Change password: {}'.format(e)) return base_common.msg.error(msgs.USER_PASSWORD_CHANGE_ERROR) _db.commit() return base_common.msg.post_ok(msgs.USER_PASSWORD_CHANGED)
def do_post(newpassword, hash, **kwargs): """ Change password """ _db = get_db() dbc = _db.cursor() request = kwargs['request_handler'] # CHANGE PASSWORD FROM FORGOT PASSWORD FLOW if hash and len(hash) > 60: rh = BaseAPIRequestHandler() rh.set_argument('hash', hash) rh.r_ip = request.r_ip kwargs['request_handler'] = rh res = base_api.hash2params.retrieve_hash.do_get(hash, False, **kwargs) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED) username = res['username'] else: # TRY TO CHANGE PASSWORD FROM USER CHANGE REQUEST tk = request.auth_token if not authorized_by_token(_db, tk): return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST) dbuser = get_user_by_token(_db, tk) if not dbuser.username: log.critical('User not found by token') return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST) try: oldpassword = request.get_argument('oldpassword') except tornado.web.MissingArgumentError: log.critical('Missing argument oldpassword') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) if not check_password(dbuser.password, dbuser.username, oldpassword): log.critical("Passwords don't match, entered : {}".format(oldpassword)) return base_common.msg.error(msgs.WRONG_PASSWORD) username = dbuser.username # UPDATE USERS PASSWORD password = format_password(username, newpassword) uq = "update users set password = '******' where username = '******'".format( password, username ) try: dbc.execute(uq) except Exception as e: log.critical('Change password: {}'.format(e)) return base_common.msg.error(msgs.USER_PASSWORD_CHANGE_ERROR) _db.commit() return base_common.msg.post_ok(msgs.USER_PASSWORD_CHANGED)
def change_username_hook(hash2param, newusername, dbuser, **kwargs): # jedan hook za oba mail-a message = _get_email_message(hash2param) # SAVE EMAILS FOR SENDING rh1 = BaseAPIRequestHandler() rh1.set_argument("sender", support_mail) rh1.set_argument("receiver", newusername) rh1.set_argument("subject", "Username change request") rh1.set_argument("message", message) kwargs["request_handler"] = rh1 res = base_api.mail_api.save_mail.do_put(support_mail, newusername, message, **kwargs) if "http_status" not in res or res["http_status"] != 204: log.critical("Error save redirection email") return False message2 = _get_email_warning(dbuser.username, newusername) rh2 = BaseAPIRequestHandler() rh2.set_argument("sender", support_mail) rh2.set_argument("receiver", dbuser.username) rh2.set_argument("subject", "Username change request saved") rh2.set_argument("message", message2) kwargs["request_handler"] = rh2 res = base_api.mail_api.save_mail.do_put(support_mail, dbuser.username, message2, **kwargs) if "http_status" not in res or res["http_status"] != 204: log.critical("Error save warning email") return False return True
def do_post(request, *args, **kwargs): """ Change password :param username: users new username, string, True :param password: users password, string, True :return: 200, OK :return: 404 """ log = request.log _db = get_md2db() dbc = _db.cursor() try: newusername = request.get_argument('username') password = request.get_argument('password') except tornado.web.MissingArgumentError: log.critical('Missing argument password') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) tk = request.auth_token u_n, u_p, u_i = get_user_by_token(dbc, tk, log) newusername = qu_esc(newusername) password = qu_esc(password) if not check_password(u_p, u_n, password): log.critical('Wrong users password: {}'.format(password)) return base_common.msg.error(msgs.WRONG_PASSWORD) # SAVE HASH FOR USERNAME CHANGE rh = BaseAPIRequestHandler(log) data = {'cmd': 'change_username', 'newusername': newusername, 'user_id': u_i, 'password': password} rh.set_argument('data', json.dumps(data)) res = base_api.hash2params.save_hash.do_put(rh) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error('Cannot handle forgot password') h = res['h'] message = _get_email_message(request, h) # SAVE EMAILS FOR SENDING rh1 = BaseAPIRequestHandler(log) rh1.set_argument('sender', support_mail) rh1.set_argument('receiver', newusername) rh1.set_argument('message', message) res = base_api.mail_api.save_mail.do_put(rh1) if 'http_status' not in res or res['http_status'] != 204: return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE) message2 = _get_email_warning(u_n, newusername) rh2 = BaseAPIRequestHandler(log) rh2.set_argument('sender', support_mail) rh2.set_argument('receiver', u_n) rh2.set_argument('message', message2) res = base_api.mail_api.save_mail.do_put(rh2) if 'http_status' not in res or res['http_status'] != 204: return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE) return base_common.msg.post_ok(msgs.CHANGE_USERNAME_REQUEST)
def do_post(newusername, password, **kwargs): """ Change password """ _db = get_db() tk = kwargs['auth_token'] dbuser = get_user_by_token(_db, tk) if not check_password(dbuser.password, dbuser.username, password): log.critical('Wrong users password: {}'.format(password)) return base_common.msg.error(msgs.WRONG_PASSWORD) # SAVE HASH FOR USERNAME CHANGE rh = BaseAPIRequestHandler() data = {'cmd': 'change_username', 'newusername': newusername, 'id_user': dbuser.id_user, 'password': password} rh.set_argument('data', json.dumps(data)) kwargs['request_handler'] = rh res = base_api.hash2params.save_hash.do_put(json.dumps(data), **kwargs) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error('Cannot handle forgot password') h = res['h'] message = _get_email_message(h) # SAVE EMAILS FOR SENDING rh1 = BaseAPIRequestHandler() rh1.set_argument('sender', support_mail) rh1.set_argument('receiver', newusername) rh1.set_argument('message', message) kwargs['request_handler'] = rh1 res = base_api.mail_api.save_mail.do_put(support_mail, newusername, message, **kwargs) if 'http_status' not in res or res['http_status'] != 204: return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE) message2 = _get_email_warning(dbuser.username, newusername) rh2 = BaseAPIRequestHandler() rh2.set_argument('sender', support_mail) rh2.set_argument('receiver', dbuser.username) rh2.set_argument('message', message2) kwargs['request_handler'] = rh2 res = base_api.mail_api.save_mail.do_put(support_mail, dbuser.username, message2, **kwargs) if 'http_status' not in res or res['http_status'] != 204: return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE) return base_common.msg.post_ok(msgs.CHANGE_USERNAME_REQUEST)
def do_post(request, *args, **kwargs): """ Change password :param newpassword: users newpassword, string, True :param oldpassword: old password if user logged, string, True :return: 200, OK :return: 404 """ log = request.log _db = get_db() dbc = _db.cursor() # TODO: check users token try: newpassword = request.get_argument('newpassword') except tornado.web.MissingArgumentError: log.critical('Missing argument password') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) # CHANGE PASSWORD FROM FORGOT PASSWORD FLOW h2p = get_url_token(request, log) if h2p and len(h2p) > 60: rh = BaseAPIRequestHandler(log) rh.set_argument('hash', h2p) rh.r_ip = request.r_ip res = base_api.hash2params.retrieve_hash.do_get(rh) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED) username = res['username'] else: # TRY TO CHANGE PASSWORD FROM USER CHANGE REQUEST tk = request.auth_token if not authorized_by_token(dbc, tk, log): return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST) # username, oldpwdhashed, user_id = get_user_by_token(dbc, tk, log) dbuser = get_user_by_token(dbc, tk, log) if not dbuser.username: log.critical('User not found by token') return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST) try: oldpassword = request.get_argument('oldpassword') except tornado.web.MissingArgumentError: log.critical('Missing argument oldpassword') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) if not check_password(dbuser.password, dbuser.username, oldpassword): log.critical( "Passwords don't match, entered : {}".format(oldpassword)) return base_common.msg.error(msgs.WRONG_PASSWORD) username = dbuser.username # UPDATE USERS PASSWORD password = format_password(username, newpassword) uq = "update users set password = '******' where username = '******'".format( password, username) try: dbc.execute(uq) except Exception as e: log.critical('Change password: {}'.format(e)) return base_common.msg.error(msgs.USER_PASSWORD_CHANGE_ERROR) _db.commit() return base_common.msg.post_ok(msgs.USER_PASSWORD_CHANGED)
def do_put(data, email, mailmsg, web, *args, **kwargs): """ Save email for sending """ print(data+' '+email+' '+mailmsg) subject, sender, receiver, emessage = get_message(data,email,mailmsg,web) # print(sender,receiver,message) # SAVE EMAIL FOR SENDING # subj = 'Email from digitalcube' # rh1 = BaseAPIRequestHandler() # rh1.set_argument('sender', sender) # rh1.set_argument('receiver', receiver) # rh1.set_argument('message', emessage) # rh1.set_argument('subject',subj) # kwargs['request_handler'] = rh1 # SAVE EMAILS FOR SENDING rh1 = BaseAPIRequestHandler() rh1.set_argument('sender', '*****@*****.**') rh1.set_argument('receiver', '*****@*****.**') rh1.set_argument('subject', subject) rh1.set_argument('message', email + ' ' +mailmsg) rh1.set_argument('data',data) kwargs['request_handler'] = rh1 res = base_api.mail_api.save_mail.do_put(email, **kwargs) if 'http_status' not in res or res['http_status'] != 204: return base_common.msg.error('Something wrong') # res = base_api.mail_api.save_mail.do_put(sender, receiver, emessage, *args, **kwargs) # if 'http_status' not in res or res['http_status'] != 204: # return base_common.msg.error('Something wrong') return base_common.msg.post_ok(msgs.OK)
def do_get(request, *args, **kwargs): """ Change password :param username: users new username, string, True :param password: users password, string, True :return: 200, OK :return: 404 """ log = request.log _db = get_db() dbc = _db.cursor() h2p = get_url_token(request, log) if not h2p or len(h2p) < 64: log.critical('Wrong or expired token {}'.format(h2p)) return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN) rh = BaseAPIRequestHandler(log) rh.set_argument('hash', h2p) rh.r_ip = request.r_ip res = base_api.hash2params.retrieve_hash.do_get(rh) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED) try: user_id = res['user_id'] newusername = res['newusername'] password = res['password'] except KeyError as e: log.critical('Missing hash parameter: {}'.format(e)) return base_common.msg.error(msgs.TOKEN_MISSING_ARGUMENT) q = '''select username from users where id = '{}' '''.format(user_id) try: dbc.execute(q) except IntegrityError as e: log.critical('Error fetching user: {}'.format(e)) return base_common.msg.error(msgs.USER_NOT_FOUND) if dbc.rowcount != 1: log.critical('Users found {}'.format(dbc.rowcount)) return base_common.msg.error(msgs.USER_NOT_FOUND) dbu = dbc.fetchone() passwd = format_password(newusername, password) q1 = '''update users set username = '******', password = '******' where id = '{}' '''.format( newusername, passwd, user_id) try: dbc.execute(q1) except IntegrityError as e: log.critical('Error updating user: {}'.format(e)) return base_common.msg.error(msgs.USER_UPDATE_ERROR) _db.commit() message = _get_email_message() # SAVE EMAILS FOR SENDING rh1 = BaseAPIRequestHandler(log) rh1.set_argument('sender', support_mail) rh1.set_argument('receiver', newusername) rh1.set_argument('message', message) res = base_api.mail_api.save_mail.do_put(rh1) if 'http_status' not in res or res['http_status'] != 204: return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE) return base_common.msg.post_ok(msgs.USER_NAME_CHANGED)
def do_post(request, *args, **kwargs): """ Change password :param username: users new username, string, True :param password: users password, string, True :return: 200, OK :return: 404 """ log = request.log _db = get_db() dbc = _db.cursor() try: newusername = request.get_argument('username') password = request.get_argument('password') except tornado.web.MissingArgumentError: log.critical('Missing argument password') return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT) tk = request.auth_token # u_n, u_p, u_i = get_user_by_token(dbc, tk, log) dbuser = get_user_by_token(dbc, tk, log) newusername = qu_esc(newusername) password = qu_esc(password) if not check_password(dbuser.password, dbuser.username, password): log.critical('Wrong users password: {}'.format(password)) return base_common.msg.error(msgs.WRONG_PASSWORD) # SAVE HASH FOR USERNAME CHANGE rh = BaseAPIRequestHandler(log) data = { 'cmd': 'change_username', 'newusername': newusername, 'user_id': dbuser.user_id, 'password': password } rh.set_argument('data', json.dumps(data)) res = base_api.hash2params.save_hash.do_put(rh) if 'http_status' not in res or res['http_status'] != 200: return base_common.msg.error('Cannot handle forgot password') h = res['h'] message = _get_email_message(request, h) # SAVE EMAILS FOR SENDING rh1 = BaseAPIRequestHandler(log) rh1.set_argument('sender', support_mail) rh1.set_argument('receiver', newusername) rh1.set_argument('message', message) res = base_api.mail_api.save_mail.do_put(rh1) if 'http_status' not in res or res['http_status'] != 204: return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE) message2 = _get_email_warning(dbuser.username, newusername) rh2 = BaseAPIRequestHandler(log) rh2.set_argument('sender', support_mail) rh2.set_argument('receiver', dbuser.username) rh2.set_argument('message', message2) res = base_api.mail_api.save_mail.do_put(rh2) if 'http_status' not in res or res['http_status'] != 204: return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE) return base_common.msg.post_ok(msgs.CHANGE_USERNAME_REQUEST)