def test_required(self):
self.assertEquals(validation.validate({"foo": "bar"},
{"foo": (validation.REQUIRED, validation.STRING, r'.*')}),
(True, None))
self.assertEquals(validation.validate({"foo": "bar"},
{"foo2": (validation.REQUIRED, validation.STRING, r'.*')}),
(False, 'Missing field: foo2'))
def _set_recovered_password(self, address, token):
"""Set the password based on a recovery token."""
_log.info("Set recovery password for %s (token %s)", address, token)
if not _recover_throttler.is_allowed():
_log.warn("Throttling to avoid brute-force attacks")
raise HTTPErrorEx(
httplib.SERVICE_UNAVAILABLE,
"Request throttled",
headers={"Retry-After",
str(_recover_throttler.interval_sec)})
password = self.request_text_or_field("password")
ok, msg = validate({"password": password},
{"password": (REQUIRED, STRING, _PASSWORD_REGEXP)})
if not ok: # pragma: no cover
raise HTTPError(httplib.BAD_REQUEST, "Password not acceptable")
db_sess = self.db_session()
try:
users.set_recovered_password(db_sess, address, token, password)
db_sess.commit()
except (ValueError, NotFound):
# Wrong token or unknown email address - for security reasons, these
# must behave identically.
db_sess.rollback()
raise HTTPError(httplib.UNPROCESSABLE_ENTITY,
"Invalid token or email address")
self.send_success(httplib.OK)
def validate_request(self):
# Look for declarative validation metadata.
handler_fn = getattr(self, self.request.method.lower())
valid = True
reason = None
if hasattr(handler_fn, "validation"):
# Validate against the metadata.
v_data = handler_fn.validation
valid, reason = validation.validate(self.request_data, v_data)
if not valid:
raise HTTPError(400, reason)
def validate_request(self):
# Look for declarative validation metadata.
handler_fn = getattr(self, self.request.method.lower())
valid = True
reason = None
if hasattr(handler_fn, "validation"):
# Validate against the metadata.
v_data = handler_fn.validation
valid, reason = validation.validate(self.request_data, v_data)
if not valid:
raise HTTPError(400, reason)
def _set_recovered_password(self, address, token):
"""Set the password based on a recovery token."""
_log.info("Set recovery password for %s (token %s)", address, token)
if not _recover_throttler.is_allowed():
_log.warn("Throttling to avoid brute-force attacks")
raise HTTPErrorEx(httplib.SERVICE_UNAVAILABLE, "Request throttled", headers={"Retry-After", str(_recover_throttler.interval_sec)})
password = self.request_text_or_field("password")
ok, msg = validate({"password": password}, {"password": (REQUIRED, STRING, _PASSWORD_REGEXP)})
if not ok:
raise HTTPError(httplib.BAD_REQUEST, "Password not acceptable")
db_sess = self.db_session()
try:
users.set_recovered_password(db_sess, address, token, password)
db_sess.commit()
except ValueError as e:
# Wrong token.
raise HTTPError(httplib.UNPROCESSABLE_ENTITY, "Invalid token or email address")
except NotFound:
# Unknown email address - for security reasons, this must
# behave identically to the case where the email is
# recognised.
raise HTTPError(httplib.UNPROCESSABLE_ENTITY, "Invalid token or email address")
self.send_success(httplib.OK)