def post(self):
(user_data, is_password_reset) = self.resolve_user_info()
if not user_data:
self.response.write("Oops. Something went wrong. Please try again.")
return
if not is_password_reset:
existing = self.request_string("existing")
if not user_data.validate_password(existing):
# TODO(benkomalo): throttle incorrect password attempts
self.render_form(message="Incorrect password",
user_data=user_data)
return
password1 = self.request_string("password1")
password2 = self.request_string("password2")
if (not password1 or
not password2 or
password1 != password2):
self.render_form(message="Passwords don't match",
user_data=user_data)
elif not auth.passwords.is_sufficient_password(password1,
user_data.nickname,
user_data.username):
self.render_form(message="Password too weak",
user_data=user_data)
else:
# We're good!
user_data.set_password(password1)
if is_password_reset:
# Password resets are done when the user is not even logged in,
# so redirect the host page to the login page (done via
# client side JS)
self.render_form(message="Password reset. Redirecting...",
success=True,
user_data=user_data)
else:
# Need to create a new auth token as the existing cookie will
# expire. Use /postlogin to set the cookie. This requires
# some redirects (/postlogin on http, then back to this
# pwchange form in https).
auth_token = AuthToken.for_user(user_data)
self.redirect("%s?%s" % (
util.insecure_url("/postlogin"),
util.build_params({
'auth': auth_token.value,
'continue': self.secure_url_with_token(
"/pwchange?success=1", user_data),
})))
def post(self):
(user_data, is_password_reset) = self.resolve_user_info()
if not user_data:
self.response.write(
"Oops. Something went wrong. Please try again.")
return
if not is_password_reset:
existing = self.request_string("existing")
if not user_data.validate_password(existing):
# TODO(benkomalo): throttle incorrect password attempts
self.render_form(message="Incorrect password",
user_data=user_data)
return
password1 = self.request_string("password1")
password2 = self.request_string("password2")
if (not password1 or not password2 or password1 != password2):
self.render_form(message="Passwords don't match",
user_data=user_data)
elif not auth.passwords.is_sufficient_password(
password1, user_data.nickname, user_data.username):
self.render_form(message="Password too weak", user_data=user_data)
else:
# We're good!
user_data.set_password(password1)
if is_password_reset:
# Password resets are done when the user is not even logged in,
# so redirect the host page to the login page (done via
# client side JS)
self.render_form(message="Password reset. Redirecting...",
success=True,
user_data=user_data)
else:
# Need to create a new auth token as the existing cookie will
# expire. Use /postlogin to set the cookie. This requires
# some redirects (/postlogin on http, then back to this
# pwchange form in https).
auth_token = AuthToken.for_user(user_data)
self.redirect("%s?%s" %
(util.insecure_url("/postlogin"),
util.build_params({
'auth':
auth_token.value,
'continue':
self.secure_url_with_token(
"/pwchange?success=1", user_data),
})))
def render_outer(self):
"""Render the second part of the user signup step, after the user
has verified ownership of their e-mail account.
The request URI must include a valid token from an UnverifiedUser, and
can be made via build_link(), or be made by a user without an existing
password set.
Note that the contents are actually rendered in an iframe so it
can be sent over https (generated in render_form).
"""
(valid_token, _) = self.resolve_token()
user_data = UserData.current()
if valid_token and user_data:
if not user_data.is_phantom:
logging.info("User tried to verify e-mail and complete a " +
"signup in a browser with an existing " +
"signed-in user. Forcefully signing old user " +
"out to avoid conflicts")
self.redirect(util.create_logout_url(self.request.uri))
return
# Ignore phantom users.
user_data = None
if not valid_token and not user_data:
# Just take them to the homepage for now.
self.redirect("/")
return
transfer_token = None
if user_data:
if user_data.has_password():
# The user already has a KA login - redirect them to their profile
self.redirect(user_data.profile_root)
return
elif not user_data.has_sendable_email():
# This is a case where a Facebook user logged in and tried
# to signup for a KA password. Unfortunately, since we don't
# have their e-mail, we can't let them proceed, since, without
# a valid e-mail we can't reset passwords, etc.
logging.error("User tried to signup for password with "
"no email associated with the account")
self.redirect("/")
return
else:
# Here we have a valid user, and need to transfer their identity
# to the inner iframe that will be hosted on https.
# Since their current cookies may not be transferred/valid in
# https, mint a custom, short-lived token to transfer identity.
transfer_token = TransferAuthToken.for_user(user_data).value
template_values = {
'params': util.build_params({
'token': valid_token,
'transfer_token': transfer_token,
}),
'continue': self.request_string("continue", default="/")
}
self.render_jinja2_template('completesignup.html', template_values)
def render_outer(self):
"""Render the second part of the user signup step, after the user
has verified ownership of their e-mail account.
The request URI must include a valid token from an UnverifiedUser, and
can be made via build_link(), or be made by a user without an existing
password set.
Note that the contents are actually rendered in an iframe so it
can be sent over https (generated in render_form).
"""
(valid_token, _) = self.resolve_token()
user_data = UserData.current()
if valid_token and user_data:
if not user_data.is_phantom:
logging.info("User tried to verify e-mail and complete a " +
"signup in a browser with an existing " +
"signed-in user. Forcefully signing old user " +
"out to avoid conflicts")
self.redirect(util.create_logout_url(self.request.uri))
return
# Ignore phantom users.
user_data = None
if not valid_token and not user_data:
# Just take them to the homepage for now.
self.redirect("/")
return
transfer_token = None
if user_data:
if user_data.has_password():
# The user already has a KA login - redirect them to their profile
self.redirect(user_data.profile_root)
return
elif not user_data.has_sendable_email():
# This is a case where a Facebook user logged in and tried
# to signup for a KA password. Unfortunately, since we don't
# have their e-mail, we can't let them proceed, since, without
# a valid e-mail we can't reset passwords, etc.
logging.error("User tried to signup for password with "
"no email associated with the account")
self.redirect("/")
return
else:
# Here we have a valid user, and need to transfer their identity
# to the inner iframe that will be hosted on https.
# Since their current cookies may not be transferred/valid in
# https, mint a custom, short-lived token to transfer identity.
transfer_token = TransferAuthToken.for_user(user_data).value
template_values = {
'params':
util.build_params({
'token': valid_token,
'transfer_token': transfer_token,
}),
'continue':
self.request_string("continue", default="/")
}
self.render_jinja2_template('completesignup.html', template_values)
