def post(self): """ Request a password recovery email. """ def redact(value): threshold = max((len(value) / 3) - 1, 1) v = "" for i in range(0, len(value)): if i < threshold or i >= len(value) - threshold: v = v + value[i] else: v = v + "\u2022" return v recovery_data = request.get_json() # If recaptcha is enabled, then verify the user is a human. if features.RECAPTCHA: recaptcha_response = recovery_data.get("recaptcha_response", "") result = recaptcha2.verify(app.config["RECAPTCHA_SECRET_KEY"], recaptcha_response, get_request_ip()) if not result["success"]: return { "message": "Are you a bot? If not, please revalidate the captcha." }, 400 email = recovery_data["email"] user = model.user.find_user_by_email(email) if not user: return { "status": "sent", } if user.organization: send_org_recovery_email(user, model.organization.get_admin_users(user)) return { "status": "org", "orgemail": email, "orgname": redact(user.username), } confirmation_code = model.user.create_reset_password_email_code(email) send_recovery_email(email, confirmation_code) return { "status": "sent", }
def post(self): """ Create a new organization. """ user = get_authenticated_user() org_data = request.get_json() existing = None try: existing = model.organization.get_organization(org_data["name"]) except model.InvalidOrganizationException: pass if not existing: existing = model.user.get_user(org_data["name"]) if existing: msg = "A user or organization with this name already exists" raise request_error(message=msg) if features.MAILING and not org_data.get("email"): raise request_error(message="Email address is required") # If recaptcha is enabled, then verify the user is a human. if features.RECAPTCHA: recaptcha_response = org_data.get("recaptcha_response", "") result = recaptcha2.verify(app.config["RECAPTCHA_SECRET_KEY"], recaptcha_response, get_request_ip()) if not result["success"]: return { "message": "Are you a bot? If not, please revalidate the captcha." }, 400 is_possible_abuser = ip_resolver.is_ip_possible_threat( get_request_ip()) try: model.organization.create_organization( org_data["name"], org_data.get("email"), user, email_required=features.MAILING, is_possible_abuser=is_possible_abuser, ) return "Created", 201 except model.DataModelException as ex: raise request_error(exception=ex)
def post(self): """ Request a password recovery email.""" def redact(value): threshold = max((len(value) / 3) - 1, 1) v = '' for i in range(0, len(value)): if i < threshold or i >= len(value) - threshold: v = v + value[i] else: v = v + u'\u2022' return v recovery_data = request.get_json() # If recaptcha is enabled, then verify the user is a human. if features.RECAPTCHA: recaptcha_response = recovery_data.get('recaptcha_response', '') result = recaptcha2.verify(app.config['RECAPTCHA_SECRET_KEY'], recaptcha_response, get_request_ip()) if not result['success']: return { 'message': 'Are you a bot? If not, please revalidate the captcha.' }, 400 email = recovery_data['email'] user = model.user.find_user_by_email(email) if not user: return { 'status': 'sent', } if user.organization: send_org_recovery_email(user, model.organization.get_admin_users(user)) return { 'status': 'org', 'orgemail': email, 'orgname': redact(user.username), } confirmation_code = model.user.create_reset_password_email_code(email) send_recovery_email(email, confirmation_code) return { 'status': 'sent', }
def captcha_func(): recaptcha_response = request.values.get("recaptcha_response", "") result = recaptcha2.verify(app.config["RECAPTCHA_SECRET_KEY"], recaptcha_response, get_request_ip()) if not result["success"]: abort(400) # Save that the captcha was verified. session["captcha_verified"] = int(time.time()) # Redirect to the normal OAuth flow again, so that the user can now create an account. csrf_token = generate_csrf_token(OAUTH_CSRF_TOKEN_NAME) login_scopes = login_service.get_login_scopes() auth_url = login_service.get_auth_url(url_scheme_and_hostname, "", csrf_token, login_scopes) return redirect(auth_url)
def post(self): """ Create a new organization. """ user = get_authenticated_user() org_data = request.get_json() existing = None try: existing = model.organization.get_organization(org_data['name']) except model.InvalidOrganizationException: pass if not existing: existing = model.user.get_user(org_data['name']) if existing: msg = 'A user or organization with this name already exists' raise request_error(message=msg) if features.MAILING and not org_data.get('email'): raise request_error(message='Email address is required') # If recaptcha is enabled, then verify the user is a human. if features.RECAPTCHA: recaptcha_response = org_data.get('recaptcha_response', '') result = recaptcha2.verify(app.config['RECAPTCHA_SECRET_KEY'], recaptcha_response, get_request_ip()) if not result['success']: return { 'message': 'Are you a bot? If not, please revalidate the captcha.' }, 400 is_possible_abuser = ip_resolver.is_ip_possible_threat( get_request_ip()) try: model.organization.create_organization( org_data['name'], org_data.get('email'), user, email_required=features.MAILING, is_possible_abuser=is_possible_abuser) return 'Created', 201 except model.DataModelException as ex: raise request_error(exception=ex)
def register_post(): if env.user.id: raise AlreadyAuthorized sess = Session() info = sess["reg_info"] or {} try: del info["network"] del info["uid"] except (KeyError, TypeError): pass sess["reg_info"] = info sess.save() try: network = info["network"] if "network" in info else None uid = info["uid"] if "uid" in info else None except TypeError: network = None uid = None errors = [] for p in ["login", "name", "email", "birthdate", "location", "about", "homepage"]: info[p] = env.request.args(p, "").decode("utf-8") info["gender"] = _gender(env.request.args("gender")) login = env.request.args("login", "").strip() if login and validate_nickname(login): try: u = User("login", login) if u.id: errors.append("login-in-use") except UserNotFound: pass elif login: errors.append("login-invalid") else: errors.append("login-empty") password = env.request.args("password") if not (network and uid): if not password: errors.append("password") info["birthdate"] = parse_date(info["birthdate"]) if not network and not errors: try: resp = recaptcha2.verify( env.request.args("g-recaptcha-request", ""), settings.recaptcha_private_key, env.request.remote_host ) if not resp.is_valid: errors.append("captcha") except urllib2.URLError: errors.append("recaptcha-fail") except AddressNotFound: return Response(redirect="%s://%s/remember?fail=1" % (env.request.protocol, settings.domain)) if errors: if network and uid: tmpl = "/auth/register_ulogin.html" else: tmpl = "/auth/register.html" return Response(template=tmpl, fields=ULOGIN_FIELDS, info=info, errors=errors) users.register(login) for p in ["name", "email", "birthdate", "gender", "location", "about", "homepage"]: env.user.set_info(p, info[p]) if password: env.user.set_password(password) if network and uid: _nickname = info["_nickname"] if "_nickname" in info else None _name = info["_name"] if "_name" in info else None _profile = info["_profile"] if "_profile" in info else None try: env.user.bind_ulogin(network, uid, _nickname, _name, _profile) except UserExists: raise Forbidden if env.request.args("avatar"): ext = env.request.args("avatar", "").split(".").pop().lower() if ext not in ["jpg", "gif", "png"]: errors.append("filetype") else: filename = ("%s.%s" % (env.user.login, ext)).lower() make_avatar(env.request.files("avatar"), filename) env.user.set_info("avatar", "%s?r=%d" % (filename, randint(1000, 9999))) elif "avatar" in info and info["avatar"]: filename = ("%s.%s" % (env.user.login, "jpg")).lower() make_avatar(info["avatar"], filename) env.user.set_info("avatar", "%s?r=%d" % (filename, randint(1000, 9999))) env.user.save() env.user.authenticate() return Response(redirect=get_referer())
def post(self): """ Create a new user. """ if app.config["AUTHENTICATION_TYPE"] != "Database": abort(404) user_data = request.get_json() invite_code = user_data.get("invite_code", "") existing_user = model.user.get_nonrobot_user(user_data["username"]) if existing_user: raise request_error(message="The username already exists") # Ensure an e-mail address was specified if required. if features.MAILING and not user_data.get("email"): raise request_error(message="Email address is required") # If invite-only user creation is turned on and no invite code was sent, return an error. # Technically, this is handled by the can_create_user call below as well, but it makes # a nicer error. if features.INVITE_ONLY_USER_CREATION and not invite_code: raise request_error(message="Cannot create non-invited user") # Ensure that this user can be created. blacklisted_domains = app.config.get("BLACKLISTED_EMAIL_DOMAINS", []) if not can_create_user(user_data.get("email"), blacklisted_domains=blacklisted_domains): raise request_error( message="Creation of a user account for this e-mail is disabled; please contact an administrator" ) # If recaptcha is enabled, then verify the user is a human. if features.RECAPTCHA: recaptcha_response = user_data.get("recaptcha_response", "") result = recaptcha2.verify( app.config["RECAPTCHA_SECRET_KEY"], recaptcha_response, get_request_ip() ) if not result["success"]: return {"message": "Are you a bot? If not, please revalidate the captcha."}, 400 is_possible_abuser = ip_resolver.is_ip_possible_threat(get_request_ip()) try: prompts = model.user.get_default_user_prompts(features) new_user = model.user.create_user( user_data["username"], user_data["password"], user_data.get("email"), auto_verify=not features.MAILING, email_required=features.MAILING, is_possible_abuser=is_possible_abuser, prompts=prompts, ) email_address_confirmed = handle_invite_code(invite_code, new_user) if features.MAILING and not email_address_confirmed: confirmation_code = model.user.create_confirm_email_code(new_user) send_confirmation_email(new_user.username, new_user.email, confirmation_code) return {"awaiting_verification": True} else: success, headers = common_login(new_user.uuid) if not success: return {"message": "Could not login. Is your account inactive?"}, 403 return user_view(new_user), 200, headers except model.user.DataModelException as ex: raise request_error(exception=ex)