def change(self, **params): engine = cherrypy.engine if cherrypy.session.get('auth', False): user = cherrypy.session['user'] oldpasswd = cherrypy.request.params.get('oldpassword') newpasswd = cherrypy.request.params.get('newpassword') try: user.change_password(oldpasswd, newpasswd) return {'ok': True} except InvalidCredentials: return {'ok': False, 'error': 'Current password invalid.'} except UserModelException: return { 'ok': False, 'error': 'Unknown system error. Contact your Systems Administrator.' } elif cherrypy.session.get('token', False): cherrypy.session['user'] = User(cherrypy.session['username']) newpassword = cherrypy.request.params.get('newpassword') try: cherrypy.session['user'].set_password(newpassword) return {'ok': True} except UserModelException: return { 'ok': False, 'error': 'Unable to change your password. Try again later.' }
def POST(self, email, password): exists = userExists(email) if exists is None: salt = create_salt() hashed_password = hash_password(salt, password) newUser = User(email=email, salt=salt, password_hash=hashed_password) add(newUser) else: raise cherrypy.HTTPError(409, 'E-Mail already exists')
def login(self, username=None, password=None): if username is None or password is None: raise cherrypy.HTTPError(400, 'Bad Request') try: cherrypy.session['user'] = User(username) cherrypy.session['auth'] = cherrypy.session['user'].authenticate( password) return {'ok': cherrypy.session['user'].auth} except (InvalidUser, InvalidCredentials): return {'ok': False, 'error': 'Invalid credentials. Try again.'} except UserModelException: return {'ok': False}
def success(self, *args, **kwargs): engine = cherrypy.engine content = engine.publish( "oauth-request", Login.access_token_url, cherrypy.session['request_token']['oauth_token'], cherrypy.session['request_token']['oauth_token_secret']).pop() access_token = dict(cgi.parse_qsl(content)) cherrypy.session['user_id'] = uid = access_token['user_id'] db = cherrypy.request.db user = User.get_by_uid(db, uid.decode('utf-8')) if not user: user = User(name=access_token['screen_name'], user_id=int(uid), oauth_token=access_token['oauth_token'], oauth_token_secret=access_token['oauth_token_secret']) db.add(user) else: user.oauth_token = access_token['oauth_token'] user.oauth_token_secret = access_token['oauth_token_secret'] raise cherrypy.HTTPRedirect("/")