def users_put_view(request):
"""
Used for forgotten password requests
"""
# TODO Make tests for this
# TODO Make this a temporary reset link thing instead of actually resetting passwords to random
if request.user is not None:
request.response.status = 400
return {
'd': error_dict('api_errors',
'you are already logged in, ignoring')
}
username = request.json_body.get('username')
email = request.json_body.get('email')
if not isinstance(username, basestring) or not isinstance(
email, basestring):
request.response.status = 400
return {
'd':
error_dict('api_errors',
'username and email are required string fields')
}
user = request.dbsession.query(User).filter(
User.username == username.lower()).one_or_none()
if user is None or user.email != email.lower():
request.response.status = 400
return {'d': error_dict('api_errors', 'invalid state found')}
uid = uuid4()
newpass = uid.hex
user.salt = os.urandom(256)
user.password = hash_password(newpass, user.salt)
# This needs to be written to whatever queues/sends an email out.
# send_email.apply_async((user.email, "pyrapostbin password recovery", recovery_template %(username, newpass)))
return {'d': 'recovery email sent'}
def do_login(self):
"""handle tasserver login"""
if self.tasclient.flags.register:
Log.notice("Not logging in because a registration is in progress")
return
if self.verbose:
Log.notice("Logging in...")
phash = utilities.hash_password(self.config.get('tasbot', "password"))
self.tasclient.login(self.config.get('tasbot', "nick"), phash,
"Newbot", 2400, self.config.get('tasbot', "lanip", "*"))
def user_id_put_view(request):
if request.user is None:
request.response.status = 400
return {
'd': error_dict('api_errors', 'not authenticated for this request')
}
if not request.matchdict.get('user_id') or int(
request.matchdict.get('user_id')) != request.user.id:
request.response.status = 400
return {
'd': error_dict('api_errors', 'not authenticated for this request')
}
valid_types = {
'email': basestring,
'pin': basestring,
'timezone': datetime,
'infoemails': bool,
}
email = request.json_body.get('email')
authpin = request.json_body.get('authpin')
timezone = request.json_body.get('timezone')
infoemails = request.json_body.get('infoemails')
if not isinstance(email, basestring):
request.response.status = 400
return {
'd': error_dict('api_errors', 'email invalid: must be a string')
}
try:
v = validate_email(email) # validate and get info
email = v["email"] # replace with normalized form
except EmailNotValidError as e:
# email is not valid, exception message is human-readable
request.response.status = 400
return {'d': error_dict('api_errors', 'email invalid: %s' % e)}
password = request.json_body.get('password')
# Password must be optional, since they don't know the old value
if password is not None:
if not isinstance(password, basestring):
request.response.status = 400
return {'d': error_dict('api_errors', 'password must be a string')}
if len(password) < 8:
request.response.status = 400
return {
'd':
error_dict('api_errors',
'password must be at least 8 characters')
}
request.user.password = hash_password(password, request.user.salt)
request.user.email = email
request.dbsession.flush()
request.dbsession.refresh(request.user)
return {'d': dict_from_row(request.user, remove_fields=removals)}
def users_post_view(request):
username = request.json_body.get('username')
if not isinstance(username, basestring):
request.response.status = 400
return {
'd':
error_dict(
'api_errors',
'username, email, and password are all required string fields')
}
if username_in_use(request.json_body['username'], request.dbsession):
request.response.status = 400
return {
'd':
error_dict(
'verification_error',
'username already in use: %s' % request.json_body['username'])
}
requires = ['email', 'password']
if not all(field in request.json_body for field in requires) \
or not all(isinstance(request.json_body.get(field), basestring) for field in request.json_body):
request.response.status = 400
return {
'd':
error_dict(
'api_errors',
'username, email, and password are all required string fields')
}
user = User()
user.salt = os.urandom(256)
user.password = hash_password(request.json_body['password'], user.salt)
user.username = request.json_body['username'].lower()
user.email = request.json_body['email'].lower()
user.origin = request.json_body.get('origin', None)
user.authpin = '123456'
request.dbsession.add(user)
request.dbsession.flush()
request.dbsession.refresh(user)
s = Session()
s.owner = user.id
s.token = str(uuid4())
request.dbsession.add(s)
request.dbsession.flush()
request.dbsession.refresh(s)
result = dict_from_row(user, remove_fields=removals)
result['session'] = dict_from_row(s, remove_fields=removals)
return {'d': result}
def register(username,password):
host = 'lobby.springrts.com'
port = 8200
phash = hash_password(password)
reg = 'REGISTER %s %s\n'%(username, phash)
sock = socket.socket()
sock.connect((host, port))
sock.send(reg)
resp = receive(sock)
login='******'%(username,phash)
sock.send(login)
while 'AGREEMENTEND' not in resp[0]:
resp = receive(sock)
sock.send('CONFIRMAGREEMENT\n')
sock.send(login)
sock.send('EXIT\n')
sock.close()
def login_helper():
# function login_helper allows the user to try to enter
# their password a maximum of three times before exiting
number_of_password_login_attempts = 0
bool = False
global USER_EMAIL
email = check_email()
utilities.USER_EMAIL = email
# if email is None then the user mis-entered their email three times,
# so exit
json_data = open(USER_LIST)
jdata = json.load(json_data)
user_data = jdata["Users"]
# case where email exists in JSON file
if email in user_data[0]:
print("Email exists, you may proceed!")
while number_of_password_login_attempts < MAX_TIMES_ALLOWED_TO_ENTER:
password = get_password() # get the user's password attempt
old_pass = ""
salt = ""
with open(USER_LIST) as f:
data = json.load(f)
for p in data["Users"]:
salt = p[email]["salt"]
old_pass = p[email]["password"]
new_pass = hash_password(password, salt)
if old_pass == new_pass:
print("password is correct")
bool = True
number_of_password_login_attempts = 4
else:
print("password is incorrect")
bool = False
number_of_password_login_attempts += 1
elif email not in user_data[0]:
print("\nUser with that email not registered!")
print("Exiting\n")
return bool
def log_in(codecool):
"""
Checks is login and password belong to one same user
Args:
codecool (obj): School object - aggregate all users and assignments
Returns:
User (obj)
"""
login = school_view.get_login()
password = school_view.get_password()
password = utilities.hash_password(password)
users = codecool.managers_list + codecool.administrators_list + codecool.mentors_list + codecool.students_list
for user in users:
if user.login == login and user.password == password:
return user
def add_user(school, kind='student'):
"""
Appends users_list in school object by new created user object
Prints error message if login is not unique
Args:
school (obj): school object - aggregate all users and assignments
kind (str): information lets add object to proper list
Returns:
None
"""
try:
name = create_data_for_user('name', is_name_alpha)
surname = create_data_for_user('surname', is_name_alpha)
login = create_login(school)
password = create_data_for_user('password', is_password_sufficient)
email = create_data_for_user('email', is_email)
phone = create_data_for_user('phone', is_phone_number)
id_ = user_model.User.last_id + 1
password = utilities.hash_password(password)
if kind == 'mentor':
users_list = school.mentors_list
else:
users_list = school.students_list
if kind == 'student':
new_user = student_model.Student(name, surname, login, password,
email, phone, id_)
else:
new_user = mentor_model.Mentor(name, surname, login, password,
email, phone, id_)
users_list.append(new_user)
except ValueError:
ui.print_error_message('Adding user was interrupted')
def register(self, username, password):
"""register new account on tasserver"""
phash = utilities.hash_password(self.config.get('tasbot', "password"))
self.tasclient.register(self.config.get('tasbot', "nick"), phash)
