def change(self, **params):
engine = cherrypy.engine
if cherrypy.session.get('auth', False):
user = cherrypy.session['user']
oldpasswd = cherrypy.request.params.get('oldpassword')
newpasswd = cherrypy.request.params.get('newpassword')
try:
user.change_password(oldpasswd, newpasswd)
return {'ok': True}
except InvalidCredentials:
return {'ok': False, 'error': 'Current password invalid.'}
except UserModelException:
return {
'ok':
False,
'error':
'Unknown system error. Contact your Systems Administrator.'
}
elif cherrypy.session.get('token', False):
cherrypy.session['user'] = User(cherrypy.session['username'])
newpassword = cherrypy.request.params.get('newpassword')
try:
cherrypy.session['user'].set_password(newpassword)
return {'ok': True}
except UserModelException:
return {
'ok': False,
'error': 'Unable to change your password. Try again later.'
}
def POST(self, email, password):
exists = userExists(email)
if exists is None:
salt = create_salt()
hashed_password = hash_password(salt, password)
newUser = User(email=email,
salt=salt,
password_hash=hashed_password)
add(newUser)
else:
raise cherrypy.HTTPError(409, 'E-Mail already exists')
def login(self, username=None, password=None):
if username is None or password is None:
raise cherrypy.HTTPError(400, 'Bad Request')
try:
cherrypy.session['user'] = User(username)
cherrypy.session['auth'] = cherrypy.session['user'].authenticate(
password)
return {'ok': cherrypy.session['user'].auth}
except (InvalidUser, InvalidCredentials):
return {'ok': False, 'error': 'Invalid credentials. Try again.'}
except UserModelException:
return {'ok': False}
def success(self, *args, **kwargs):
engine = cherrypy.engine
content = engine.publish(
"oauth-request", Login.access_token_url,
cherrypy.session['request_token']['oauth_token'],
cherrypy.session['request_token']['oauth_token_secret']).pop()
access_token = dict(cgi.parse_qsl(content))
cherrypy.session['user_id'] = uid = access_token['user_id']
db = cherrypy.request.db
user = User.get_by_uid(db, uid.decode('utf-8'))
if not user:
user = User(name=access_token['screen_name'],
user_id=int(uid),
oauth_token=access_token['oauth_token'],
oauth_token_secret=access_token['oauth_token_secret'])
db.add(user)
else:
user.oauth_token = access_token['oauth_token']
user.oauth_token_secret = access_token['oauth_token_secret']
raise cherrypy.HTTPRedirect("/")
