Esempio n. 1
0
 def test_required(self):
     self.assertEquals(validation.validate({"foo": "bar"},
                                           {"foo": (validation.REQUIRED, validation.STRING, r'.*')}),
                       (True, None))
     self.assertEquals(validation.validate({"foo": "bar"},
                                           {"foo2": (validation.REQUIRED, validation.STRING, r'.*')}),
                       (False, 'Missing field: foo2'))
Esempio n. 2
0
 def _set_recovered_password(self, address, token):
     """Set the password based on a recovery token."""
     _log.info("Set recovery password for %s (token %s)", address, token)
     if not _recover_throttler.is_allowed():
         _log.warn("Throttling to avoid brute-force attacks")
         raise HTTPErrorEx(
             httplib.SERVICE_UNAVAILABLE,
             "Request throttled",
             headers={"Retry-After",
                      str(_recover_throttler.interval_sec)})
     password = self.request_text_or_field("password")
     ok, msg = validate({"password": password},
                        {"password": (REQUIRED, STRING, _PASSWORD_REGEXP)})
     if not ok:  # pragma: no cover
         raise HTTPError(httplib.BAD_REQUEST, "Password not acceptable")
     db_sess = self.db_session()
     try:
         users.set_recovered_password(db_sess, address, token, password)
         db_sess.commit()
     except (ValueError, NotFound):
         # Wrong token or unknown email address - for security reasons, these
         # must behave identically.
         db_sess.rollback()
         raise HTTPError(httplib.UNPROCESSABLE_ENTITY,
                         "Invalid token or email address")
     self.send_success(httplib.OK)
Esempio n. 3
0
 def validate_request(self):
     # Look for declarative validation metadata.
     handler_fn = getattr(self, self.request.method.lower())
     valid = True
     reason = None
     if hasattr(handler_fn, "validation"):
         # Validate against the metadata.
         v_data = handler_fn.validation
         valid, reason = validation.validate(self.request_data, v_data)
     if not valid:
         raise HTTPError(400, reason)
Esempio n. 4
0
 def validate_request(self):
     # Look for declarative validation metadata.
     handler_fn = getattr(self, self.request.method.lower())
     valid = True
     reason = None
     if hasattr(handler_fn, "validation"):
         # Validate against the metadata.
         v_data = handler_fn.validation
         valid, reason = validation.validate(self.request_data, v_data)
     if not valid:
         raise HTTPError(400, reason)
Esempio n. 5
0
 def _set_recovered_password(self, address, token):
     """Set the password based on a recovery token."""
     _log.info("Set recovery password for %s (token %s)", address, token)
     if not _recover_throttler.is_allowed():
         _log.warn("Throttling to avoid brute-force attacks")
         raise HTTPErrorEx(httplib.SERVICE_UNAVAILABLE, "Request throttled", headers={"Retry-After", str(_recover_throttler.interval_sec)})
     password = self.request_text_or_field("password")
     ok, msg = validate({"password": password}, {"password": (REQUIRED, STRING, _PASSWORD_REGEXP)})
     if not ok:
         raise HTTPError(httplib.BAD_REQUEST, "Password not acceptable")
     db_sess = self.db_session()
     try:
         users.set_recovered_password(db_sess, address, token, password)
         db_sess.commit()
     except ValueError as e:
         # Wrong token.
         raise HTTPError(httplib.UNPROCESSABLE_ENTITY, "Invalid token or email address")
     except NotFound:
         # Unknown email address - for security reasons, this must
         # behave identically to the case where the email is
         # recognised.
         raise HTTPError(httplib.UNPROCESSABLE_ENTITY, "Invalid token or email address")
     self.send_success(httplib.OK)