Esempio n. 1
0
    def reset(self):
        token = context.form.get('token')
        password = context.form.get('password')

        try:
            principal = ResetPasswordPrincipal.load(token)
        except itsdangerous.SignatureExpired:
            raise HttpBadRequest()

        except itsdangerous.BadData:
            raise HttpBadRequest()

        client = Client.query.filter(Client.email == principal.email).one_or_none()
        if client is None:
            raise HttpBadRequest()

        client.password = password
        context.application.__authenticator__.invalidate_member(client.id)

        return dict(success=True)
Esempio n. 2
0
    def __verify_fixed_phone_verification(self):
        client = Client.current()

        if client.evidence.fixed_phone is not None:
            raise HttpConflict('Already verified.', 'already-verified')

        phone = context.form.get('phone')
        code = context.form.get('code')

        oath = Oath(seed=settings.fixed_phone_verification.seed, derivate_seed_from=client.email)
        if oath.verify(challenge=phone[1:], code=code)[0] is True:
            client.evidence.fixed_phone = phone
            context.application.__authenticator__.invalidate_member(client.id)
            return client

        raise HttpBadRequest()
Esempio n. 3
0
 def edit(self, code: str):
     invitation = Invitation.ensure_code(code)
     invitation.update_from_request()
     if invitation.total_sits < invitation.filled_sits:
         raise HttpBadRequest('Total sits should not be grater than filled sits.', 'filled-sits-grater-than-total')
     return invitation
Esempio n. 4
0
    def __call__(self, *args, **kwargs):
        input_collections = [context.form, context.query_string]
        all_input_fields = set(chain(*input_collections))
        user_rules = [v for k, v in self._rules_per_role.items() if k in context.identity.roles] \
            if context.identity else []

        denied_fields = self.extract_rules_odd('blacklist', user_rules)
        if denied_fields:
            if all_input_fields & denied_fields:
                raise HttpBadRequest('These fields are denied: [%s]' % ', '.join(denied_fields))

        excluded_fields = self.extract_rules_odd('exclude', user_rules)
        if excluded_fields:
            for collection in input_collections:
                for field in set(collection) & excluded_fields:
                    del collection[field]

        filtered_fields = self.extract_rules_odd('filter_', user_rules)
        if filtered_fields:
            for collection in input_collections:
                for field in set(collection) - filtered_fields:
                    del collection[field]

        whitelist_fields = self.extract_rules_odd('whitelist', user_rules)
        if whitelist_fields:
            if all_input_fields - whitelist_fields:
                raise HttpBadRequest(
                    'These fields are not allowed: [%s]' % ', '.join(all_input_fields - whitelist_fields)
                )

        required_fields = self.extract_rules_odd('requires', user_rules)
        if required_fields:
            if required_fields - all_input_fields:
                raise HttpBadRequest('These fields are required: [%s]' % ', '.join(required_fields - all_input_fields))

        exact_fields = self.extract_rules_odd('exact', user_rules)
        if exact_fields:
            if exact_fields != all_input_fields:
                raise HttpBadRequest('Exactly these fields are allowed: [%s]' % ', '.join(whitelist_fields))

        type_pairs = self.extract_rules_pair('types', user_rules)
        if type_pairs:
            type_keys = set(type_pairs.keys())
            for collection in input_collections:
                for field in set(collection) & type_keys:
                    desired_type = type_pairs[field]
                    try:
                        collection[field] = desired_type(collection[field])
                    except ValueError:
                        raise HttpBadRequest('The field: %s must be %s' % (field, desired_type))

        pattern_pairs = self.extract_rules_pair('pattern', user_rules)
        if pattern_pairs:
            pattern_keys = set(pattern_pairs.keys())
            for collection in input_collections:
                for field in set(collection) & pattern_keys:
                    desired_pattern = pattern_pairs[field]
                    pattern = re.compile(desired_pattern) if isinstance(desired_pattern, str) else desired_pattern
                    if pattern.match(collection[field]) is None:
                        raise HttpBadRequest(
                            'The field %s: %s must be matched with %s pattern' %
                            (field, collection[field], pattern.pattern)
                        )
        return args, kwargs
Esempio n. 5
0
 def wrapper(*args, **kwargs):
     if context.form or context.query_string:
         raise HttpBadRequest('No input allowed.')
     return func(*args, **kwargs)
Esempio n. 6
0
    def change_password(self, current_password, new_password):
        if not self.validate_password(current_password):
            raise HttpBadRequest()

        self.password = new_password