def use(self, context):
target = context.get('target')
user = context.get('user')
db_session = context.get('db_session')
if self.used:
raise exceptions.TokenAlreadyUsedException(self.token)
if target == self:
if self.is_expire():
raise exceptions.TokenExpiredException()
if self.is_belonging_to_user(user):
self.used = True
db_session.save(self, safe=True)
return True
else:
raise exceptions.TokenViolationException(
"{user} has not the right to the use the {token})".format(
user=user, token=self.token))
else:
raise exceptions.TokenInvalidException(
"{token} != {user_token}".format(token=self.token,
user_token=target))
async def api_confirm_email(request):
logger.debug('confirm_email')
try:
data = await request.json()
email_confirmation_token = data['token']
except:
raise exceptions.InvalidRequestException('Missing json data')
session = await get_session(request)
user = get_user_from_session(session, request.db_session)
context = {
'user': user,
'db_session': request.db_session,
'ws_session': session,
'method': 'update',
'queue': request.app.queue
}
token_query = request.db_session.query(Emailconfirmationtoken)\
.filter(Emailconfirmationtoken.token == email_confirmation_token)
if token_query.count():
email_confirmation_token = token_query.one()
context['target'] = email_confirmation_token
ret = email_confirmation_token.use(context)
if ret:
context['data'] = {'email_confirmed': True}
del context['target']
await user.validate_and_save(context)
context['method'] = 'read'
resp_data = {
'success': True,
'user': await user.serialize(context)
}
return web.json_response(resp_data)
# TOKEN NOT FOUND
else:
raise exceptions.TokenInvalidException('token not found')
async def api_validate_reset_password_token(request):
logger.debug('validate_reset_password_token')
session = await get_session(request)
try:
data = await request.json()
reset_password_token = data['reset_password_token']
except:
raise exceptions.InvalidRequestException('Missing json data')
session['tz'] = data.get('user_timezone')
token_query = request.db_session.query(Resetpasswordtoken)\
.filter(Resetpasswordtoken.token == reset_password_token)
if token_query.count():
reset_password_token = token_query.one()
user = request.db_session.query(User)\
.filter(User.mongo_id == reset_password_token.user_uid).one()
context = {
'user': user,
'db_session': request.db_session,
'ws_session': session,
'method': 'update',
'target': reset_password_token,
'queue': request.app.queue
}
ret = reset_password_token.use(context)
if ret:
await set_session(user, request)
context['method'] = 'read'
resp_data = {
'success': True,
'user': await user.serialize(context)
}
return web.json_response(resp_data)
# TOKEN NOT FOUND
else:
raise exceptions.TokenInvalidException('Token not found')