def updateUser(self, user, params):
self.requireParams(('firstName', 'lastName', 'email'), params)
user['firstName'] = params['firstName']
user['lastName'] = params['lastName']
user['email'] = params['email']
# Only admins can change admin state
if 'admin' in params:
newAdminState = self.boolParam('admin', params)
if self.getCurrentUser()['admin']:
user['admin'] = newAdminState
else:
if newAdminState != user['admin']:
raise AccessException(
'Only admins may change admin state.')
# Only admins can change status
if 'status' in params and params['status'] != user.get(
'status', 'enabled'):
if not self.getCurrentUser()['admin']:
raise AccessException('Only admins may change status.')
if user['status'] == 'pending' and params['status'] == 'enabled':
# Send email on the 'pending' -> 'enabled' transition
self.model('user')._sendApprovedEmail(user)
user['status'] = params['status']
user = self.model('user').save(user)
return self.model('user').filter(user, user)
def verifyEmail(self, user, params):
self.requireParams('token', params)
token = self.model('token').load(params['token'],
force=True,
objectId=False,
exc=True)
delta = (token['expires'] - datetime.datetime.utcnow()).total_seconds()
hasScope = self.model('token').hasScope(token,
TokenScope.EMAIL_VERIFICATION)
if token.get('userId') != user['_id'] or delta <= 0 or not hasScope:
raise AccessException('The token is invalid or expired.')
user['emailVerified'] = True
self.model('token').remove(token)
user = self.model('user').save(user)
if self.model('user').canLogin(user):
setCurrentUser(user)
authToken = self.sendAuthTokenCookie(user)
return {
'user': self.model('user').filter(user, user),
'authToken': {
'token': authToken['_id'],
'expires': authToken['expires'],
'scope': authToken['scope']
},
'message': 'Email verification succeeded.'
}
else:
return {
'user': self.model('user').filter(user, user),
'message': 'Email verification succeeded.'
}
def checkTemporaryPassword(self, user, params):
self.requireParams('token', params)
token = self.model('token').load(params['token'],
force=True,
objectId=False,
exc=True)
delta = (token['expires'] - datetime.datetime.utcnow()).total_seconds()
hasScope = self.model('token').hasScope(token,
TokenScope.TEMPORARY_USER_AUTH)
if token.get('userId') != user['_id'] or delta <= 0 or not hasScope:
raise AccessException(
'The token does not grant temporary access to this user.')
# Temp auth is verified, send an actual auth token now. We keep the
# temp token around since it can still be used on a subsequent request
# to change the password
authToken = self.sendAuthTokenCookie(user)
return {
'user': self.model('user').filter(user, user),
'authToken': {
'token': authToken['_id'],
'expires': authToken['expires'],
'temporary': True
},
'message': 'Temporary access token is valid.'
}
def changePassword(self, params):
self.requireParams(('old', 'new'), params)
user = self.getCurrentUser()
token = None
if not params['old']:
raise RestException('Old password must not be empty.')
if (not self.model('password').hasPassword(user) or
not self.model('password').authenticate(user, params['old'])):
# If not the user's actual password, check for temp access token
token = self.model('token').load(params['old'],
force=True,
objectId=False,
exc=False)
if (not token or not token.get('userId')
or token['userId'] != user['_id']
or not self.model('token').hasScope(
token, TokenScope.TEMPORARY_USER_AUTH)):
raise AccessException('Old password is incorrect.')
self.model('user').setPassword(user, params['new'])
if token:
# Remove the temporary access token if one was used
self.model('token').remove(token)
return {'message': 'Password changed.'}
def updateUser(self, user, firstName, lastName, email, admin, status):
user['firstName'] = firstName
user['lastName'] = lastName
user['email'] = email
# Only admins can change admin state
if admin is True:
if self.getCurrentUser()['admin']:
user['admin'] = admin
elif not user['admin']:
raise AccessException('Only admins may enable admin state.')
# Only admins can change status
if status is not None and status != user.get('status', 'enabled'):
if not self.getCurrentUser()['admin']:
raise AccessException('Only admins may change status.')
if user['status'] == 'pending' and status == 'enabled':
# Send email on the 'pending' -> 'enabled' transition
self._model._sendApprovedEmail(user)
user['status'] = status
return self._model.save(user)
def updateUser(self, user, params):
self.requireParams(('firstName', 'lastName', 'email'), params)
user['firstName'] = params['firstName']
user['lastName'] = params['lastName']
user['email'] = params['email']
# Only admins can change admin state
if 'admin' in params:
newAdminState = self.boolParam('admin', params)
if self.getCurrentUser()['admin']:
user['admin'] = newAdminState
else:
if newAdminState != user['admin']:
raise AccessException(
'Only admins may change admin state.')
return self.model('user').save(user)
def changePassword(self, old, new):
user = self.getCurrentUser()
token = None
if not old:
raise RestException('Old password must not be empty.')
if not Password().hasPassword(user) or not Password().authenticate(
user, old):
# If not the user's actual password, check for temp access token
token = Token().load(old, force=True, objectId=False, exc=False)
if (not token or not token.get('userId')
or token['userId'] != user['_id'] or not Token().hasScope(
token, TokenScope.TEMPORARY_USER_AUTH)):
raise AccessException('Old password is incorrect.')
self._model.setPassword(user, new)
if token:
# Remove the temporary access token if one was used
Token().remove(token)
return {'message': 'Password changed.'}