def _reset_user_password(self, email): ''' Reset the password of the user with the given email address to a random password that they will be sure to change immediately. Returns a tuple (success, password), where success is a boolean indicating whether or not the operation completed and password is the new password of the user if success is True. ''' user = User.get_by_auth_id(email) # First we have 5 letters (upper/lowercase) or digits random_password = ''.join(random.choice(string.ascii_letters + string.digits) for x in range(5)) # Then 2 punctuation chars random_password += ''.join(random.choice(string.punctuation) for x in range(2)) # Then 5 more letters or digits random_password += ''.join(random.choice(string.ascii_letters + string.digits) for x in range(5)) user.set_password(random_password) user.put() return (True, random_password)
def _delete_user(self, email): """ Delete existing user """ user = User.get_by_auth_id(email) if user: if user.is_admin_user(): return False # Delete from db user.key.delete() pending_users_list = PendingUsersList.shared_list() if(pending_users_list.is_user_approved(email)): pending_users_list.remove_user_from_approved_list(email) # Need to delete the auth_id from the 'unique' model store # see https://code.google.com/p/webapp-improved/source/browse/webapp2_extras/appengine/auth/models.py unique_auth_id = "User.auth_id:{0}".format(email) User.unique_model.delete_multi([unique_auth_id]) return True
def user_exists(self, user_email): return bool(User.get_by_auth_id(user_email))
def post(self): ''' This is where user registration takes place, both for regular users as well as admins. An admin registers by presenting a secret token in the query string, which will be sent with the POST data. A user can register only if they have been approved by the admin, i.e. they are in the approved_users list (see admin.py). ''' try: secret_key = self.request.POST['secret_key'] except KeyError: secret_key = None if secret_key is None: # Normal user registration logging.info('Registering a normal user...') user_email = self.request.POST['email'] # Just an email address here, we should first make sure they have not been approved pending_users_list = PendingUsersList.shared_list() # If the user does not exist, we create it. if not bool(User.get_by_auth_id(user_email)): _attrs = { 'email_address': user_email, 'name': self.request.POST['name'], 'password_raw': self.request.POST['password'], 'verified': False } success, user = self.auth.store.user_model.create_user(user_email, **_attrs) if success: # check if user is preapproved if pending_users_list.is_user_approved(user_email): success = True approved = True # Has the user been preapproved? If so, we just verify it. user.verified = True user.put() else: success = pending_users_list.add_user_to_approval_waitlist(user_email) approved = False if success: if approved or (not pending_users_list.email_verification_required and not pending_users_list.admin_approval_required): context = { 'success_alert': True, 'alert_message': 'Account creation successful! Your account is approved and you can log in immediately.' } elif pending_users_list.email_verification_required: # Create a signup token for the user and send a verification email token = str(uuid.uuid4()) user.signup_token = token user.signup_token_time_created=None user.put() EmailConfig.send_verification_email(user_email, token) context = { 'success_alert': True, 'alert_message': 'Account creation successful! You will recieve a verification email, please follow the instructions to activate your account.' } elif pending_users_list.admin_approval_required: context = { 'success_alert': True, 'alert_message': 'Account creation successful! Once an admin has approved your account, you can login.' } return self.render_response('login.html', **context) logging.info("Account registration failed for: {0}".format(user)) context = { 'email_address': self.request.POST['email'], 'name': self.request.POST['name'], 'user_registration_failed': True } return self.render_response('user_registration.html', **context) else: context = { 'error_alert': True, 'alert_message': 'You have already requested an account.' } return self.render_response('login.html', **context) else: # Attempt to create an admin user logging.info('Registering an admin user...') # Check the secret key again secret_key_attempt = SecretKey(key_string=secret_key) if secret_key_attempt.isEqualToAdminKey(): # Then we can attempt to create an admin if User.admin_exists(): logging.info("Admin already exists...") # Redirect to login, only one admin allowed return self.redirect('/login?secret_key={0}'.format(secret_key)) else: # CREATE THE ADMIN ALREADY _attrs = { 'email_address': self.request.POST['email'], 'name': self.request.POST['name'], 'password_raw': self.request.POST['password'], 'is_admin': 'YES', 'verified': True } success, user = self.auth.store.user_model.create_user(_attrs['email_address'], **_attrs) if success: # Invalidate the token SecretKey.clear_stored_key() if 'user_mode' in self.request.POST: if self.request.POST['user_mode'] == 'single': logging.info("UserRegistrationPage: user_mode set to single") SingleMultiUserMode.set_single_user_mode() elif self.request.POST['user_mode'] == 'multi': logging.info("UserRegistrationPage: user_mode set to multi") SingleMultiUserMode.set_multi_user_mode() else: logging.info("UserRegistrationPage: unknown user_mode {0}".format(self.request.POST['user_mode'])) else: logging.info("UserRegistrationPage: user_mode not set") return self.redirect('/login?secret_key={0}'.format(secret_key)) else: context = { 'email_address': self.request.POST['email'], 'name': self.request.POST['name'], 'user_registration_failed': True } return self.render_response('user_registration.html', **context) else: # Unauthorized secret key context = { 'error_alert': True, 'alert_message': 'Invalid secret token.' } return self.render_response('login.html', **context)
def post(self): ''' This is where user registration takes place, both for regular users as well as admins. An admin registers by presenting a secret token in the query string, which will be sent with the POST data. A user can register only if they have been approved by the admin, i.e. they are in the approved_users list (see admin.py). ''' try: secret_key = self.request.POST['secret_key'] except KeyError: secret_key = None if secret_key is None: # Normal user registration logging.info('Registering a normal user...') user_email = self.request.POST['email'] # Just an email address here, we should first make sure they have not been approved pending_users_list = PendingUsersList.shared_list() # If the user does not exist, we create it. if not bool(User.get_by_auth_id(user_email)): _attrs = { 'email_address': user_email, 'name': self.request.POST['name'], 'password_raw': self.request.POST['password'], 'verified': False } success, user = self.auth.store.user_model.create_user( user_email, **_attrs) if success: # check if user is preapproved if pending_users_list.is_user_approved(user_email): success = True approved = True # Has the user been preapproved? If so, we just verify it. user.verified = True user.put() else: success = pending_users_list.add_user_to_approval_waitlist( user_email) approved = False if success: if approved or ( not pending_users_list.email_verification_required and not pending_users_list.admin_approval_required): context = { 'success_alert': True, 'alert_message': 'Account creation successful! Your account is approved and you can log in immediately.' } elif pending_users_list.email_verification_required: # Create a signup token for the user and send a verification email token = str(uuid.uuid4()) user.signup_token = token user.signup_token_time_created = None user.put() EmailConfig.send_verification_email(user_email, token) context = { 'success_alert': True, 'alert_message': 'Account creation successful! You will recieve a verification email, please follow the instructions to activate your account.' } elif pending_users_list.admin_approval_required: context = { 'success_alert': True, 'alert_message': 'Account creation successful! Once an admin has approved your account, you can login.' } return self.render_response('login.html', **context) logging.info( "Account registration failed for: {0}".format(user)) context = { 'email_address': self.request.POST['email'], 'name': self.request.POST['name'], 'user_registration_failed': True } return self.render_response('user_registration.html', **context) else: context = { 'error_alert': True, 'alert_message': 'You have already requested an account.' } return self.render_response('login.html', **context) else: # Attempt to create an admin user logging.info('Registering an admin user...') # Check the secret key again secret_key_attempt = SecretKey(key_string=secret_key) if secret_key_attempt.isEqualToAdminKey(): # Then we can attempt to create an admin if User.admin_exists(): logging.info("Admin already exists...") # Redirect to login, only one admin allowed return self.redirect( '/login?secret_key={0}'.format(secret_key)) else: # CREATE THE ADMIN ALREADY _attrs = { 'email_address': self.request.POST['email'], 'name': self.request.POST['name'], 'password_raw': self.request.POST['password'], 'is_admin': 'YES', 'verified': True } success, user = self.auth.store.user_model.create_user( _attrs['email_address'], **_attrs) if success: # Invalidate the token SecretKey.clear_stored_key() if 'user_mode' in self.request.POST: if self.request.POST['user_mode'] == 'single': logging.info( "UserRegistrationPage: user_mode set to single" ) SingleMultiUserMode.set_single_user_mode() elif self.request.POST['user_mode'] == 'multi': logging.info( "UserRegistrationPage: user_mode set to multi" ) SingleMultiUserMode.set_multi_user_mode() else: logging.info( "UserRegistrationPage: unknown user_mode {0}" .format(self.request.POST['user_mode'])) else: logging.info( "UserRegistrationPage: user_mode not set") return self.redirect( '/login?secret_key={0}'.format(secret_key)) else: context = { 'email_address': self.request.POST['email'], 'name': self.request.POST['name'], 'user_registration_failed': True } return self.render_response('user_registration.html', **context) else: # Unauthorized secret key context = { 'error_alert': True, 'alert_message': 'Invalid secret token.' } return self.render_response('login.html', **context)