def create_new_user(data):
"""Create a new user.
:param dict data: the data for the user to be created.
:returns: an SQLAlchemy model object representing the user.
"""
user = User()
user.salt = h.generate_salt()
user.password = unicode(
h.encrypt_password(data['password'], str(user.salt)))
user.username = h.normalize(data['username'])
user.first_name = h.normalize(data['first_name'])
user.last_name = h.normalize(data['last_name'])
user.email = h.normalize(data['email'])
user.affiliation = h.normalize(data['affiliation'])
user.role = h.normalize(data['role'])
user.markup_language = h.normalize(data['markup_language'])
user.page_content = h.normalize(data['page_content'])
user.html = h.get_HTML_from_contents(user.page_content,
user.markup_language)
# Many-to-One Data: input and output orthographies
if data['input_orthography']:
user.input_orthography = data['input_orthography']
if data['output_orthography']:
user.output_orthography = data['output_orthography']
# OLD-generated Data
user.datetime_modified = datetime.datetime.utcnow()
# Create the user's directory
h.create_user_directory(user)
return user
def create_new_user(data):
"""Create a new user.
:param dict data: the data for the user to be created.
:returns: an SQLAlchemy model object representing the user.
"""
user = User()
user.salt = h.generate_salt()
user.password = unicode(h.encrypt_password(data['password'], str(user.salt)))
user.username = h.normalize(data['username'])
user.first_name = h.normalize(data['first_name'])
user.last_name = h.normalize(data['last_name'])
user.email = h.normalize(data['email'])
user.affiliation = h.normalize(data['affiliation'])
user.role = h.normalize(data['role'])
user.markup_language = h.normalize(data['markup_language'])
user.page_content = h.normalize(data['page_content'])
user.html = h.get_HTML_from_contents(user.page_content, user.markup_language)
# Many-to-One Data: input and output orthographies
if data['input_orthography']:
user.input_orthography= data['input_orthography']
if data['output_orthography']:
user.output_orthography = data['output_orthography']
# OLD-generated Data
user.datetime_modified = datetime.datetime.utcnow()
# Create the user's directory
h.create_user_directory(user)
return user
def update_user(user, data):
"""Update a user.
:param user: the user model to be updated.
:param dict data: representation of the updated user.
:returns: the updated user model or, if ``changed`` has not been set
to ``True``, ``False``.
"""
changed = False
# Unicode Data
changed = user.set_attr('first_name', h.normalize(data['first_name']),
changed)
changed = user.set_attr('last_name', h.normalize(data['last_name']),
changed)
changed = user.set_attr('email', h.normalize(data['email']), changed)
changed = user.set_attr('affiliation', h.normalize(data['affiliation']),
changed)
changed = user.set_attr('role', h.normalize(data['role']), changed)
changed = user.set_attr('page_content', h.normalize(data['page_content']),
changed)
changed = user.set_attr('markup_language',
h.normalize(data['markup_language']), changed)
changed = user.set_attr(
'html',
h.get_HTML_from_contents(user.page_content, user.markup_language),
changed)
# username and password need special treatment: a value of None means that
# these should not be updated.
if data['password'] is not None:
changed = user.set_attr(
'password',
unicode(h.encrypt_password(data['password'], str(user.salt))),
changed)
if data['username'] is not None:
username = h.normalize(data['username'])
if username != user.username:
h.rename_user_directory(user.username, username)
changed = user.set_attr('username', username, changed)
# Many-to-One Data
changed = user.set_attr('input_orthography', data['input_orthography'],
changed)
changed = user.set_attr('output_orthography', data['output_orthography'],
changed)
if changed:
user.datetime_modified = datetime.datetime.utcnow()
return user
return changed
def authenticate(self):
"""Session-based authentication.
:URL: ``POST /login/authenticate``
:request body: A JSON object with ``"username"`` and ``"password"``
string values
:returns: ``{"authenticated": True}`` on success, an error dictionary on
failure.
"""
try:
schema = LoginSchema()
values = json.loads(unicode(request.body, request.charset))
result = schema.to_python(values)
username = result['username']
user_from_username = Session.query(User).filter(
User.username == username).first()
if user_from_username:
salt = user_from_username.salt
password = unicode(
h.encrypt_password(result['password'], str(salt)))
user = Session.query(User).filter(
User.username == username).filter(
User.password == password).first()
if user:
session['user'] = user
session.save()
home_page = Session.query(Page).filter(
Page.name == u'home').first()
return {
'authenticated': True,
'user': user,
'homepage': home_page
}
else:
response.status_int = 401
return {
'error':
u'The username and password provided are not valid.'
}
else:
response.status_int = 401
return {
'error':
u'The username and password provided are not valid.'
}
except h.JSONDecodeError:
response.status_int = 400
return h.JSONDecodeErrorResponse
except Invalid, e:
response.status_int = 400
return {'errors': e.unpack_errors()}
def email_reset_password(self):
"""Reset the user's password and email them a new one.
:URL: ``POST /login/email_reset_password``
:request body: a JSON object with a ``"username"`` attribute.
:returns: a dictionary with ``'valid_username'`` and ``'password_reset'``
keys whose values are booleans.
"""
try:
schema = PasswordResetSchema()
values = json.loads(unicode(request.body, request.charset))
result = schema.to_python(values)
user = Session.query(User).filter(
User.username == result['username']).first()
if user:
try:
new_password = h.generate_password()
h.send_password_reset_email_to(user,
new_password,
config=config)
user.password = unicode(
h.encrypt_password(new_password, str(user.salt)))
Session.add(user)
Session.commit()
if os.path.split(config['__file__'])[-1] == 'test.ini':
return {
'valid_username': True,
'password_reset': True,
'new_password': new_password
}
else:
return {'valid_username': True, 'password_reset': True}
except: # socket.error was too specific ...
response.status_int = 500
return {'error': 'The server is unable to send email.'}
else:
response.status_int = 400
return {'error': 'The username provided is not valid.'}
except h.JSONDecodeError:
response.status_int = 400
return h.JSONDecodeErrorResponse
except Invalid, e:
response.status_int = 400
return {'errors': e.unpack_errors()}
def authenticate(self):
"""Session-based authentication.
:URL: ``POST /login/authenticate``
:request body: A JSON object with ``"username"`` and ``"password"``
string values
:returns: ``{"authenticated": True}`` on success, an error dictionary on
failure.
"""
try:
schema = LoginSchema()
values = json.loads(unicode(request.body, request.charset))
result = schema.to_python(values)
username = result['username']
user_from_username = Session.query(User).filter(User.username==username).first()
if user_from_username:
salt = user_from_username.salt
password = unicode(h.encrypt_password(result['password'], str(salt)))
user = Session.query(User).filter(User.username==username).filter(
User.password==password).first()
if user:
session['user'] = user
session.save()
home_page = Session.query(Page).filter(
Page.name==u'home').first()
return {
'authenticated': True,
'user': user,
'homepage': home_page
}
else:
response.status_int = 401
return {'error':
u'The username and password provided are not valid.'}
else:
response.status_int = 401
return {'error': u'The username and password provided are not valid.'}
except h.JSONDecodeError:
response.status_int = 400
return h.JSONDecodeErrorResponse
except Invalid, e:
response.status_int = 400
return {'errors': e.unpack_errors()}
def update_user(user, data):
"""Update a user.
:param user: the user model to be updated.
:param dict data: representation of the updated user.
:returns: the updated user model or, if ``changed`` has not been set
to ``True``, ``False``.
"""
changed = False
# Unicode Data
changed = user.set_attr('first_name', h.normalize(data['first_name']), changed)
changed = user.set_attr('last_name', h.normalize(data['last_name']), changed)
changed = user.set_attr('email', h.normalize(data['email']), changed)
changed = user.set_attr('affiliation', h.normalize(data['affiliation']), changed)
changed = user.set_attr('role', h.normalize(data['role']), changed)
changed = user.set_attr('page_content', h.normalize(data['page_content']), changed)
changed = user.set_attr('markup_language', h.normalize(data['markup_language']), changed)
changed = user.set_attr('html', h.get_HTML_from_contents(user.page_content, user.markup_language), changed)
# username and password need special treatment: a value of None means that
# these should not be updated.
if data['password'] is not None:
changed = user.set_attr('password',
unicode(h.encrypt_password(data['password'], str(user.salt))), changed)
if data['username'] is not None:
username = h.normalize(data['username'])
if username != user.username:
h.rename_user_directory(user.username, username)
changed = user.set_attr('username', username, changed)
# Many-to-One Data
changed = user.set_attr('input_orthography', data['input_orthography'], changed)
changed = user.set_attr('output_orthography', data['output_orthography'], changed)
if changed:
user.datetime_modified = datetime.datetime.utcnow()
return user
return changed
def email_reset_password(self):
"""Reset the user's password and email them a new one.
:URL: ``POST /login/email_reset_password``
:request body: a JSON object with a ``"username"`` attribute.
:returns: a dictionary with ``'valid_username'`` and ``'password_reset'``
keys whose values are booleans.
"""
try:
schema = PasswordResetSchema()
values = json.loads(unicode(request.body, request.charset))
result = schema.to_python(values)
user = Session.query(User).filter(User.username==result['username']).first()
if user:
try:
new_password = h.generate_password()
h.send_password_reset_email_to(user, new_password, config=config)
user.password = unicode(h.encrypt_password(new_password, str(user.salt)))
Session.add(user)
Session.commit()
if os.path.split(config['__file__'])[-1] == 'test.ini':
return {'valid_username': True, 'password_reset': True,
'new_password': new_password}
else:
return {'valid_username': True, 'password_reset': True}
except: # socket.error was too specific ...
response.status_int = 500
return {'error': 'The server is unable to send email.'}
else:
response.status_int = 400
return {'error': 'The username provided is not valid.'}
except h.JSONDecodeError:
response.status_int = 400
return h.JSONDecodeErrorResponse
except Invalid, e:
response.status_int = 400
return {'errors': e.unpack_errors()}
