def get(self): """ Activate a user's account for a given `token`. """ activation_token = self.request.GET.get('token') user = users.get_current_user() temp_values = {} if activation_token and not user: user_activation = ndb.Key(users.UserActivation, activation_token).get() if user_activation: if user_activation.expires > datetime.now(): user = user_activation.activate_user() if user: _login_user_for_id(user.key.string_id()) self.response.out.write( template.render( 'ndb_users/templates/activate-success.html', users.template_values())) return None else: temp_values['token_expired'] = True continue_uri = self.request.GET.get('continue') if user and continue_uri: self.redirect(continue_uri.encode('ascii')) self.response.out.write( template.render( 'ndb_users/templates/activate-error.html', users.template_values(template_values=temp_values)))
def get(self): """ Activate a user's account for a given `token`. """ activation_token = self.request.GET.get('token') user = users.get_current_user() temp_values = {} if activation_token and not user: user_activation = ndb.Key(users.UserActivation, activation_token).get() if user_activation: if user_activation.expires > datetime.now(): user = user_activation.activate_user() if user: _login_user_for_id(user.key.string_id()) self.response.out.write(template.render( 'ndb_users/templates/activate-success.html', users.template_values() )) return None else: temp_values['token_expired'] = True continue_uri = self.request.GET.get('continue') if user and continue_uri: self.redirect(continue_uri.encode('ascii')) self.response.out.write(template.render( 'ndb_users/templates/activate-error.html', users.template_values(template_values=temp_values) ))
def get(self): """ Display the Signup/Create Account template. """ # Ensure user not logged in user = users.get_current_user() self.response.out.write( template.render('ndb_users/templates/create.html', users.template_values()))
def get(self): """ Activate a user's account for a given `token`. """ response_object = dict() activation_token = self.request.GET.get('token') user = users.get_current_user() if activation_token and not user: user_activation = ndb.Key(users.UserActivation, activation_token).get() if user_activation: if user_activation.expires > datetime.now(): user = user_activation.activate_user() if user: _login_user_for_id(user.key.string_id()) response_object['user'] = user.json_object() self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # Activation token expired response_object['token_expired'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # Activation token invalid/not found/used response_object['token_invalid'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None self.abort(400) # Logged in user, or no `token`
def get(self): user = users.get_current_user() if user: action = self.request.GET.get('action') if action == 'logout': _logout_user() if self.request.GET.get('continue'): self.redirect(self.request.GET.get('continue').encode('ascii')) self.response.out.write(template.render( 'ndb_users/templates/logout-success.html', users.template_values() )) else: if self.request.GET.get('continue'): self.redirect(self.request.GET.get('continue').encode('ascii')) self.response.out.write(template.render( 'ndb_users/templates/login-success.html', users.template_values() )) return None # Path and serve template self.response.out.write(template.render( 'ndb_users/templates/login.html', users.template_values() ))
def get(self): """ Inform the application if the `token` is valid/invalid. """ response_object = dict() token = self.request.GET.get('token') user = users.get_current_user() if token and not user: user_recovery = ndb.Key(users.UserRecovery, token).get() if user_recovery: if user_recovery.expires > datetime.now(): # Token OK response_object['user'] = dict() self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # Expired token response_object['token_expired'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # Invalid token response_object['token_invalid'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None self.abort(400) # Logged in user, or no `token`
def get(self): """ Activate a user's account for a given `token`. """ response_object = dict() activation_token = self.request.GET.get('token') user = users.get_current_user() if activation_token and not user: user_activation = ndb.Key(users.UserActivation, activation_token).get() if user_activation: if user_activation.expires > datetime.now(): user = user_activation.activate_user() if user: _login_user_for_id(user.key.string_id()) response_object['user'] = user.json_object() self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # Activation token expired response_object['token_expired'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # Activation token invalid/not found/used response_object['token_invalid'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None self.abort(400) # Logged in user, or no `token`
def post(self): """ Send a recovery email, if `email` is found. """ response_object = dict() request_object = json.loads(self.request.body) email = request_object.get('email') user = users.get_current_user() if email and not user: user = users.User.user_for_email(email) if user: if users.user_verified(user): if not user.email_bounce_limited(): _create_recovery_email_for_user_id(user.key.string_id()) response_object['user'] = dict() else: response_object['email_bounce_limit'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # User not verified response_object['user_not_verified'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # User not found response_object['email_not_found'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None self.abort(400) # Logged in user, or no `email`
def get(self): """ Inform the application if the `token` is valid/invalid. """ response_object = dict() token = self.request.GET.get('token') user = users.get_current_user() if token and not user: user_recovery = ndb.Key(users.UserRecovery, token).get() if user_recovery: if user_recovery.expires > datetime.now(): # Token OK response_object['user'] = dict() self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # Expired token response_object['token_expired'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # Invalid token response_object['token_invalid'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None self.abort(400) # Logged in user, or no `token`
def post(self): """ Send a recovery email, if `email` is found. """ response_object = dict() request_object = json.loads(self.request.body) email = request_object.get('email') user = users.get_current_user() if email and not user: user = users.User.user_for_email(email) if user: if users.user_verified(user): if not user.email_bounce_limited(): _create_recovery_email_for_user_id( user.key.string_id()) response_object['user'] = dict() else: response_object['email_bounce_limit'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # User not verified response_object['user_not_verified'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # User not found response_object['email_not_found'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None self.abort(400) # Logged in user, or no `email`
def post(self): """ Change the logged in user's password. """ response_object = dict() request_object = json.loads(self.request.body) user = users.get_current_user() current_password = request_object.get('password') new_password = request_object.get('new_password') if user and current_password and new_password: # Check password length if len(new_password) < 4: response_object['password_too_short'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None # Check `current_password` is indeed this user's password attempt = users._password_hash(current_password, user.passwordSalt) if attempt == user.passwordHash: # Correct password; update to `new_password` user.update_password(new_password) response_object['user'] = user.json_object() self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # Wrong `current_password` response_object['password_incorrect'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None self.abort(400)
def post(self): """ Change the logged in user's password. """ response_object = dict() request_object = json.loads(self.request.body) user = users.get_current_user() current_password = request_object.get('password') new_password = request_object.get('new_password') if user and current_password and new_password: # Check password length if len(new_password) < 4: response_object['password_too_short'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None # Check `current_password` is indeed this user's password attempt = users._password_hash(current_password, user.passwordSalt) if attempt == user.passwordHash: # Correct password; update to `new_password` user.update_password(new_password) response_object['user'] = user.json_object() self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # Wrong `current_password` response_object['password_incorrect'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None self.abort(400)
def get(self): """ Display a password reset form if the `token` is valid. """ token = self.request.GET.get('token') user = users.get_current_user() if token and not user: user_recovery = ndb.Key(users.UserRecovery, token).get() if user_recovery: if user_recovery.expires > datetime.now(): self.response.out.write(template.render( 'ndb_users/templates/password-reset.html', users.template_values(query_options={ 'token': token }) )) return None continue_uri = self.request.GET.get('continue') if user and continue_uri: self.redirect(continue_uri.encode('ascii')) self.response.out.write(template.render( 'ndb_users/templates/password-reset-error.html', users.template_values(template_values={ 'token_invalid': True }, query_options={ 'token': token }) ))
def get(self): """ Display the Signup/Create Account template. """ # Ensure user not logged in user = users.get_current_user() self.response.out.write(template.render( 'ndb_users/templates/create.html', users.template_values() ))
def post(self): """ Log in a user via POST'ed `email` and `password` values. """ # Make sure required POST parameters are present email = self.request.POST.get('email') password = self.request.POST.get('password') extended = bool(self.request.POST.get('extended')) user = users.get_current_user() if user: # Redirect if requested if self.request.GET.get('continue'): self.redirect(self.request.GET['continue'].encode('ascii')) self.response.out.write(template.render( 'ndb_users/templates/login-success.html', users.template_values(template_values={ 'user': user }) )) return None if email and password: # Get a User for `email` and `password` user = ndb.Key(users.User, users._user_id_for_email(email.lower())).get() if user: # User found... check Password attempt = users._password_hash(password, user.passwordSalt) if attempt == user.passwordHash: if users.user_verified(user): # Success _login_user_for_id(user.key.string_id(), extended=extended) # Redirect if requested if self.request.GET.get('continue'): self.redirect(self.request.GET['continue'].encode('ascii')) self.response.out.write(template.render( 'ndb_users/templates/login-success.html', users.template_values(template_values={ 'user': user }, user=user) )) return None else: # User email not verified (send another email, if allowed) temp_values = dict() if not user.email_bounce_limited(): _create_activation_email_for_user_id(user.key.string_id()) else: temp_values['email_bounce_limit'] = True self.response.out.write(template.render( 'ndb_users/templates/login-not-verified.html', users.template_values(template_values=temp_values) )) return None # Error self.response.out.write(template.render( 'ndb_users/templates/login-error.html', users.template_values({ 'email': email, 'extended': extended }) ))
def get(self): """ Display a change password form, if user is logged in. """ user = users.get_current_user() if user: self.response.out.write( template.render('ndb_users/templates/password-change.html', users.template_values())) return None # No logged in user self.redirect(webapp2.uri_for('login'))
def post(self): """ Change the logged in user's password. """ user = users.get_current_user() if user: current_password = self.request.POST.get('current_password') new_password = self.request.POST.get('new_password') new_password2 = self.request.POST.get('new_password2') # Make sure required POST parameters are present if not current_password or not new_password or not new_password2: self.response.out.write(template.render( 'ndb_users/templates/password-change-error.html', users.template_values(template_values={ 'missing_fields': True }) )) return None # Check password equality if new_password != new_password2: self.response.out.write(template.render( 'ndb_users/templates/password-change-error.html', users.template_values(template_values={ 'password_mismatch': True }) )) return None # Check password length if len(new_password) < 4: self.response.out.write(template.render( 'ndb_users/templates/password-change-error.html', users.template_values(template_values={ 'password_too_short': True }) )) return None # Check `current_password` is indeed this user's password attempt = users._password_hash(current_password, user.passwordSalt) if attempt == user.passwordHash: # Correct password; update to `new_password` user.update_password(new_password) self.response.out.write(template.render( 'ndb_users/templates/password-change-success.html', users.template_values() )) return None else: # Wrong `current_password` self.response.out.write(template.render( 'ndb_users/templates/password-change-error.html', users.template_values(template_values={ 'password_incorrect': True }) )) return None # Not logged in self.redirect(webapp2.uri_for('login'))
def post(self): """ Send a recovery email, if `email` is found. """ # Require an email address... user = users.get_current_user() if user: self.redirect(webapp2.uri_for('login')) return None email = self.request.POST.get('email') if email: # Get a user's key for their email address... user = users.User.user_for_email(email) if user: if users.user_verified(user): if not user.email_bounce_limited(): _create_recovery_email_for_user_id( user.key.string_id()) self.response.out.write( template.render( 'ndb_users/templates/password-forgot-success.html', users.template_values())) else: # Bounce timeout self.response.out.write( template.render( 'ndb_users/templates/password-forgot-error.html', users.template_values( template_values={ 'email_bounce_limit': True }))) else: # User not verified self.response.out.write( template.render( 'ndb_users/templates/password-forgot-error.html', users.template_values( template_values={'user_not_verified': True}))) else: # User not found self.response.out.write( template.render( 'ndb_users/templates/password-forgot-error.html', users.template_values(template_values={ 'error_email_not_found': True, 'email': email }))) else: # No `email` supplied in POST self.response.out.write( template.render( 'ndb_users/templates/password-forgot-error.html', users.template_values(template_values={ 'error_invalid_email': True, 'email': email })))
def post(self): """ Reset the user's password for a `token` and passwords. """ token = self.request.GET.get('token') user = users.get_current_user() password = self.request.POST.get('password') password2 = self.request.POST.get('password2') if token and not user: # Check passwords match if password != password2: self.response.out.write(template.render( 'ndb_users/templates/password-reset-error.html', users.template_values(template_values={ 'password_mismatch': True }, query_options={ 'token': token }) )) return None # Check password length if len(password) < 4: self.response.out.write(template.render( 'ndb_users/templates/password-reset-error.html', users.template_values(template_values={ 'password_too_short': True }, query_options={ 'token': token }) )) return None # Recover the User user_recovery = ndb.Key(users.UserRecovery, token).get() if user_recovery: if user_recovery.expires > datetime.now(): user = user_recovery.reset_password(password) if user: _login_user_for_id(user.key.string_id()) self.response.out.write(template.render( 'ndb_users/templates/password-change-success.html', users.template_values(query_options={ 'token': token }) )) return None continue_uri = self.request.GET.get('continue') if user and continue_uri: self.redirect(continue_uri.encode('ascii')) self.response.out.write(template.render( 'ndb_users/templates/password-reset-error.html', users.template_values(template_values={ 'token_invalid': True }, query_options={ 'token': token }) ))
def get(self): """ Display a change password form, if user is logged in. """ user = users.get_current_user() if user: self.response.out.write(template.render( 'ndb_users/templates/password-change.html', users.template_values() )) return None # No logged in user self.redirect(webapp2.uri_for('login'))
def post(self): """ Send a recovery email, if `email` is found. """ # Require an email address... user = users.get_current_user() if user: self.redirect(webapp2.uri_for('login')) return None email = self.request.POST.get('email') if email: # Get a user's key for their email address... user = users.User.user_for_email(email) if user: if users.user_verified(user): if not user.email_bounce_limited(): _create_recovery_email_for_user_id(user.key.string_id()) self.response.out.write(template.render( 'ndb_users/templates/password-forgot-success.html', users.template_values() )) else: # Bounce timeout self.response.out.write(template.render( 'ndb_users/templates/password-forgot-error.html', users.template_values(template_values={ 'email_bounce_limit': True }) )) else: # User not verified self.response.out.write(template.render( 'ndb_users/templates/password-forgot-error.html', users.template_values(template_values={ 'user_not_verified': True }) )) else: # User not found self.response.out.write(template.render( 'ndb_users/templates/password-forgot-error.html', users.template_values(template_values={ 'error_email_not_found': True, 'email': email }) )) else: # No `email` supplied in POST self.response.out.write(template.render( 'ndb_users/templates/password-forgot-error.html', users.template_values(template_values={ 'error_invalid_email': True, 'email': email }) ))
def get(self): """ Display the password recovery form, asking for a user's email. """ user = users.get_current_user() if not user: self.response.out.write( template.render('ndb_users/templates/password-forgot.html', users.template_values())) else: continue_uri = self.request.GET.get('continue') if continue_uri: self.redirect(continue_uri.encode('ascii')) else: self.redirect(webapp2.uri_for('login'))
def get(self): """ Return a `user` if logged in; empty object if no user; handle logging out users via JSON request. """ response_object = dict() user = users.get_current_user() if user: response_object['user'] = user.json_object() action = self.request.GET.get('action') if action == 'logout': _logout_user() response_object['user'] = dict() self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object))
def get(self): """ Return a `user` if logged in; empty object if no user; handle logging out users via JSON request. """ response_object = dict() user = users.get_current_user() if user: response_object['user'] = user.json_object() action = self.request.GET.get('action') if action == 'logout': _logout_user() response_object['user'] = dict() self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object))
def post(self): """ Change the logged in user's password. """ user = users.get_current_user() if user: current_password = self.request.POST.get('current_password') new_password = self.request.POST.get('new_password') new_password2 = self.request.POST.get('new_password2') # Make sure required POST parameters are present if not current_password or not new_password or not new_password2: self.response.out.write( template.render( 'ndb_users/templates/password-change-error.html', users.template_values( template_values={'missing_fields': True}))) return None # Check password equality if new_password != new_password2: self.response.out.write( template.render( 'ndb_users/templates/password-change-error.html', users.template_values( template_values={'password_mismatch': True}))) return None # Check password length if len(new_password) < 4: self.response.out.write( template.render( 'ndb_users/templates/password-change-error.html', users.template_values( template_values={'password_too_short': True}))) return None # Check `current_password` is indeed this user's password attempt = users._password_hash(current_password, user.passwordSalt) if attempt == user.passwordHash: # Correct password; update to `new_password` user.update_password(new_password) self.response.out.write( template.render( 'ndb_users/templates/password-change-success.html', users.template_values())) return None else: # Wrong `current_password` self.response.out.write( template.render( 'ndb_users/templates/password-change-error.html', users.template_values( template_values={'password_incorrect': True}))) return None # Not logged in self.redirect(webapp2.uri_for('login'))
def get(self): user = users.get_current_user() self.response.out.write(template.render( 'templates/json-api-post-login-password-reset.html', { 'user': user, 'login_url': users.create_login_url( webapp2.uri_for('documentation')), 'logout_url': users.create_logout_url( webapp2.uri_for('documentation')), 'password_forgot_url': users.create_password_forgot_url( webapp2.uri_for('documentation')), 'password_change_url': users.create_password_change_url( webapp2.uri_for('documentation')) }))
def get(self): """ Serve the homepage. """ user = users.get_current_user() self.response.out.write(template.render( 'templates/index.html', { 'user': user, 'login_url': users.create_login_url(webapp2.uri_for('protected')), 'logout_url': users.create_logout_url(webapp2.uri_for('home')), 'password_forgot_url': users.create_password_forgot_url( webapp2.uri_for('protected')), 'password_change_url': users.create_password_change_url( webapp2.uri_for('home')) } ))
def get(self): """ Display the password recovery form, asking for a user's email. """ user = users.get_current_user() if not user: self.response.out.write(template.render( 'ndb_users/templates/password-forgot.html', users.template_values() )) else: continue_uri = self.request.GET.get('continue') if continue_uri: self.redirect(continue_uri.encode('ascii')) else: self.redirect(webapp2.uri_for('login'))
def get(self): """ Restrict this page to logged in users only! """ user = users.get_current_user() if not user: self.abort(401) else: self.response.out.write(template.render( 'templates/protected-page.html', { 'user': user, 'logout_url': users.create_logout_url(webapp2.uri_for('home')), 'password_change_url': users.create_password_change_url( webapp2.uri_for('protected')) } ))
def get(self): """ Serves the JSON API page. """ user = users.get_current_user() self.response.out.write(template.render( 'templates/json-api.html', { 'user': user, 'login_url': users.create_login_url( webapp2.uri_for('documentation')), 'logout_url': users.create_logout_url( webapp2.uri_for('documentation')), 'password_forgot_url': users.create_password_forgot_url( webapp2.uri_for('documentation')), 'password_change_url': users.create_password_change_url( webapp2.uri_for('documentation')) }))
def post(self): """ Reset the user's password for a `token` and passwords. """ token = self.request.GET.get('token') user = users.get_current_user() password = self.request.POST.get('password') password2 = self.request.POST.get('password2') if token and not user: # Check passwords match if password != password2: self.response.out.write( template.render( 'ndb_users/templates/password-reset-error.html', users.template_values( template_values={'password_mismatch': True}, query_options={'token': token}))) return None # Check password length if len(password) < 4: self.response.out.write( template.render( 'ndb_users/templates/password-reset-error.html', users.template_values( template_values={'password_too_short': True}, query_options={'token': token}))) return None # Recover the User user_recovery = ndb.Key(users.UserRecovery, token).get() if user_recovery: if user_recovery.expires > datetime.now(): user = user_recovery.reset_password(password) if user: _login_user_for_id(user.key.string_id()) self.response.out.write( template.render( 'ndb_users/templates/password-change-success.html', users.template_values( query_options={'token': token}))) return None continue_uri = self.request.GET.get('continue') if user and continue_uri: self.redirect(continue_uri.encode('ascii')) self.response.out.write( template.render( 'ndb_users/templates/password-reset-error.html', users.template_values(template_values={'token_invalid': True}, query_options={'token': token})))
def post(self): """ Create a new user for the supplied `email` and `password`. """ response_object = dict() user = users.get_current_user() request_object = json.loads(self.request.body) if not user: email = request_object.get('email') password = request_object.get('password') if email and password: # Check password length if len(password) < 4: response['password_too_short'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None # Check `email` if not mail.is_email_valid(email): response_object['email_invalid'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None # Try finding a User with this email... user_found = users.User.query( users.User.email == email).count(1) if user_found < 1: # Create a User new_user_key = users.User.create_user(email, password) response_object['user'] = new_user_key.get().json_object() if NDB_USERS_ENFORCE_EMAIL_VERIFICATION: _create_activation_email_for_user_id( new_user_key.string_id()) response_object['email_verification'] = True else: # Log this user in! _login_user_for_id(new_user_key.string_id()) self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # Already exists response_object['email_in_use'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None self.abort(400) # Logged in user, no `email`, or no `password`
def post(self): """ Create a new user for the supplied `email` and `password`. """ response_object = dict() user = users.get_current_user() request_object = json.loads(self.request.body) if not user: email = request_object.get('email') password = request_object.get('password') if email and password: # Check password length if len(password) < 4: response['password_too_short'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None # Check `email` if not mail.is_email_valid(email): response_object['email_invalid'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None # Try finding a User with this email... user_found = users.User.query(users.User.email==email).count(1) if user_found < 1: # Create a User new_user_key = users.User.create_user(email, password) response_object['user'] = new_user_key.get().json_object() if NDB_USERS_ENFORCE_EMAIL_VERIFICATION: _create_activation_email_for_user_id(new_user_key.string_id()) response_object['email_verification'] = True else: # Log this user in! _login_user_for_id(new_user_key.string_id()) self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # Already exists response_object['email_in_use'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None self.abort(400) # Logged in user, no `email`, or no `password`
def post(self): """ Log in a user via supplied JSON `email` and `password` values. """ request_object = json.loads(self.request.body) email = request_object.get('email') password = request_object.get('password') extended = request_object.get('extended') response_object = dict() user = users.get_current_user() if email and password and not user: # Get a User for `email` and `password` user = ndb.Key(users.User, users._user_id_for_email(email.lower())).get() if user: # User found... check Password attempt = users._password_hash(password, user.passwordSalt) if attempt == user.passwordHash: if users.user_verified(user): # Success _login_user_for_id(user.key.string_id(), extended=extended) response_object['user'] = user.json_object() self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # User email not verified (send another email, if allowed) if not user.email_bounce_limited(): _create_activation_email_for_user_id( user.key.string_id()) else: response_object['email_bounce_limit'] = True response_object['user_not_verified'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None response_object['login_fail'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None self.abort(400) # Logged in user, no `email`, or no `password`
def get(self): """ Display a password reset form if the `token` is valid. """ token = self.request.GET.get('token') user = users.get_current_user() if token and not user: user_recovery = ndb.Key(users.UserRecovery, token).get() if user_recovery: if user_recovery.expires > datetime.now(): self.response.out.write( template.render( 'ndb_users/templates/password-reset.html', users.template_values( query_options={'token': token}))) return None continue_uri = self.request.GET.get('continue') if user and continue_uri: self.redirect(continue_uri.encode('ascii')) self.response.out.write( template.render( 'ndb_users/templates/password-reset-error.html', users.template_values(template_values={'token_invalid': True}, query_options={'token': token})))
def post(self): """ Reset the owner of `token`'s password. """ response_object = dict() request_object = json.loads(self.request.body) new_password = request_object.get('new_password') token = self.request.GET.get('token') user = users.get_current_user() if token and new_password and not user: # Check password length if len(new_password) < 4: response_object['password_too_short'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None # Recover the user user_recovery = ndb.Key(users.UserRecovery, token).get() if user_recovery: if user_recovery.expires > datetime.now(): user = user_recovery.reset_password(new_password) if user: _login_user_for_id(user.key.string_id()) response_object['user'] = user.json_object() self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # Expired token response_object['token_expired'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # Invalid token response_object['token_invalid'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None self.abort(400) # Logged in user, or no `token`, or no `new_password`
def post(self): """ Reset the owner of `token`'s password. """ response_object = dict() request_object = json.loads(self.request.body) new_password = request_object.get('new_password') token = self.request.GET.get('token') user = users.get_current_user() if token and new_password and not user: # Check password length if len(new_password) < 4: response_object['password_too_short'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None # Recover the user user_recovery = ndb.Key(users.UserRecovery, token).get() if user_recovery: if user_recovery.expires > datetime.now(): user = user_recovery.reset_password(new_password) if user: _login_user_for_id(user.key.string_id()) response_object['user'] = user.json_object() self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # Expired token response_object['token_expired'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # Invalid token response_object['token_invalid'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None self.abort(400) # Logged in user, or no `token`, or no `new_password`
def post(self): """ Log in a user via supplied JSON `email` and `password` values. """ request_object = json.loads(self.request.body) email = request_object.get('email') password = request_object.get('password') extended = request_object.get('extended') response_object = dict() user = users.get_current_user() if email and password and not user: # Get a User for `email` and `password` user = ndb.Key(users.User, users._user_id_for_email(email.lower())).get() if user: # User found... check Password attempt = users._password_hash(password, user.passwordSalt) if attempt == user.passwordHash: if users.user_verified(user): # Success _login_user_for_id(user.key.string_id(), extended=extended) response_object['user'] = user.json_object() self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None else: # User email not verified (send another email, if allowed) if not user.email_bounce_limited(): _create_activation_email_for_user_id(user.key.string_id()) else: response_object['email_bounce_limit'] = True response_object['user_not_verified'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None response_object['login_fail'] = True self.response.content_type = 'application/json' self.response.out.write(json.dumps(response_object)) return None self.abort(400) # Logged in user, no `email`, or no `password`
def get(self): user = users.get_current_user() if user: action = self.request.GET.get('action') if action == 'logout': _logout_user() if self.request.GET.get('continue'): self.redirect( self.request.GET.get('continue').encode('ascii')) self.response.out.write( template.render('ndb_users/templates/logout-success.html', users.template_values())) else: if self.request.GET.get('continue'): self.redirect( self.request.GET.get('continue').encode('ascii')) self.response.out.write( template.render('ndb_users/templates/login-success.html', users.template_values())) return None # Path and serve template self.response.out.write( template.render('ndb_users/templates/login.html', users.template_values()))
def user(self): return users.get_current_user()
def verify_user(self): self.user = users.get_current_user() if not self.user: raise UnauthorizedException("Invalid or no user session provided.")
def post(self): """ Log in a user via POST'ed `email` and `password` values. """ # Make sure required POST parameters are present email = self.request.POST.get('email') password = self.request.POST.get('password') extended = bool(self.request.POST.get('extended')) user = users.get_current_user() if user: # Redirect if requested if self.request.GET.get('continue'): self.redirect(self.request.GET['continue'].encode('ascii')) self.response.out.write( template.render( 'ndb_users/templates/login-success.html', users.template_values(template_values={'user': user}))) return None if email and password: # Get a User for `email` and `password` user = ndb.Key(users.User, users._user_id_for_email(email.lower())).get() if user: # User found... check Password attempt = users._password_hash(password, user.passwordSalt) if attempt == user.passwordHash: if users.user_verified(user): # Success _login_user_for_id(user.key.string_id(), extended=extended) # Redirect if requested if self.request.GET.get('continue'): self.redirect( self.request.GET['continue'].encode('ascii')) self.response.out.write( template.render( 'ndb_users/templates/login-success.html', users.template_values( template_values={'user': user}, user=user))) return None else: # User email not verified (send another email, if allowed) temp_values = dict() if not user.email_bounce_limited(): _create_activation_email_for_user_id( user.key.string_id()) else: temp_values['email_bounce_limit'] = True self.response.out.write( template.render( 'ndb_users/templates/login-not-verified.html', users.template_values( template_values=temp_values))) return None # Error self.response.out.write( template.render( 'ndb_users/templates/login-error.html', users.template_values({ 'email': email, 'extended': extended })))