def post(self, **post): try: data = Bunch(register_form.native(post)[0]) except Exception as e: if config.get('debug', False): raise return 'json:', dict(success=False, message=_("Unable to parse data."), data=post, exc=str(e)) if not data.username or not data.email or not data.password or data.password != data.pass2: return 'json:', dict(success=False, message=_("Missing data or passwords do not match."), data=data) #Make sure that the provided email address is a valid form for an email address v = EmailValidator() email = data.email email, err = v.validate(email) if err: return 'json:', dict(success=False, message=_("Invalid email address provided."), data=data) #If the password isn't strong enough, reject it if(zxcvbn.password_strength(data.password).get("score") < MINIMUM_PASSWORD_STRENGTH): return 'json:', dict(success=False, message=_("Password provided is too weak. please add more characters, or include lowercase, uppercase, and special characters."), data=data) #Ensures that the provided username and email are lowercase user = User(data.username.lower(), data.email.lower(), active=True) user.password = data.password try: user.save() except ValidationError: return 'json:', dict(success=False, message=_("Invalid email address provided."), data=data) except NotUniqueError: return 'json:', dict(success=False, message=_("Either the username or email address provided is already taken."), data=data) authenticate(user.username, data.password) return 'json:', dict(success=True, location="/")
def __post_recovery(self, **post): try: data = Bunch(reset_password_form.native(post)[0]) except Exception as e: if config.get('debug', False): raise return 'json:', dict(success=False, message=_("Unable to parse data."), data=post, exc=str(e)) recovery = self.__get_recovery(data.email, data.recovery_key) if not recovery: return 'json:', dict(success=False, message=_("Sorry that recovery link has already expired"), location="/account/recover") passwd_ok, error_msg = _check_password(data.password, data.pass2) if not passwd_ok: return 'json:', dict(success=False, message=error_msg) #If the password isn't strong enough, reject it if(zxcvbn.password_strength(data.password).get("score") < MINIMUM_PASSWORD_STRENGTH): return 'json:', dict(success=False, message=_("Password provided is too weak. please add more characters, or include lowercase, uppercase, and special characters."), data=data) #set new password user = recovery.user user.password = data.password user.save() #remove recovery key recovery.delete() authenticate(user.username, data.password) return 'json:', dict(success=True, message=_("Password changed, forwarding ..."), location="/")
def post(self, **post): try: data = Bunch(register_form.native(post)[0]) except Exception as e: if config.get('debug', False): raise return 'json:', dict(success=False, message=_("Unable to parse data."), data=post, exc=str(e)) if not data.username or not data.email or not data.password or data.password != data.pass2: return 'json:', dict( success=False, message=_("Missing data or passwords do not match."), data=data) #Make sure that the provided email address is a valid form for an email address v = EmailValidator() email = data.email email, err = v.validate(email) if err: return 'json:', dict(success=False, message=_("Invalid email address provided."), data=data) #If the password isn't strong enough, reject it if (zxcvbn.password_strength(data.password).get("score") < MINIMUM_PASSWORD_STRENGTH): return 'json:', dict( success=False, message= _("Password provided is too weak. please add more characters, or include lowercase, uppercase, and special characters." ), data=data) #Ensures that the provided username and email are lowercase user = User(data.username.lower(), data.email.lower(), active=True) user.password = data.password try: user.save() except ValidationError: return 'json:', dict(success=False, message=_("Invalid email address provided."), data=data) except NotUniqueError: return 'json:', dict( success=False, message= _("Either the username or email address provided is already taken." ), data=data) authenticate(user.username, data.password) return 'json:', dict(success=True, location="/")
def authorized(self, token): # Capture the returned token and use it to look up the user details. # If we don't have this character, create them. # Store the token against this user account. # Note that our own 'sessions' may not last beyond the UTC date returned as 'expires'. # (Though they can be shorter!) # We request an authenticated session from the server. authenticate(token) raise HTTPFound(location='/')
def authorized(self, token): # Capture the returned token and use it to look up the user details. # If we don't have this character, create them. # Store the token against this user account. # Note that our own 'sessions' may not last beyond the UTC date returned as 'expires'. # (Though they can be shorter!) # Prevent users from specifying their session IDs (Some user-agents were sending null ids, leading to users # authenticated with a session id of null session.regenerate_id() # We request an authenticated session from the server. authenticate(token) raise HTTPFound(location='/')
def post(self, **post): try: data = Bunch(register_form.native(post)[0]) except Exception as e: if config.get('debug', False): raise return 'json:', dict(success=False, message="Unable to parse data.", data=post, exc=str(e)) if not data.username or not data.email or not data.password or data.password != data.pass2: return 'json:', dict(success=False, message="Missing data?", data=data) user = User(data.username, data.email, active=True) user.password = data.password user.save() authenticate(data.username, data.password) return 'json:', dict(success=True, location="/")
def post(self, identity, password, remember=False, redirect=None): # First try with the original input success = authenticate(identity, password) if not success: # Try lowercase if it's an email or username, but not if it's an OTP if '@' in identity or len(identity) != 44: success = authenticate(identity.lower(), password) if not success: if request.is_xhr: return 'json:', dict(success=False, message=_("Invalid user name or password.")) return self.get(redirect) if request.is_xhr: return 'json:', dict(success=True, location=redirect or '/') raise HTTPFound(location=redirect or '/')
def __post_recovery(self, **post): try: data = Bunch(reset_password_form.native(post)[0]) except Exception as e: if config.get('debug', False): raise return 'json:', dict(success=False, message=_("Unable to parse data."), data=post, exc=str(e)) recovery = self.__get_recovery(data.email, data.recovery_key) if not recovery: return 'json:', dict( success=False, message=_("Sorry that recovery link has already expired"), location="/account/recover") passwd_ok, error_msg = _check_password(data.password, data.pass2) if not passwd_ok: return 'json:', dict(success=False, message=error_msg) #If the password isn't strong enough, reject it if (zxcvbn.password_strength(data.password).get("score") < MINIMUM_PASSWORD_STRENGTH): return 'json:', dict( success=False, message= _("Password provided is too weak. please add more characters, or include lowercase, uppercase, and special characters." ), data=data) #set new password user = recovery.user user.password = data.password user.save() #remove recovery key recovery.delete() authenticate(user.username, data.password) return 'json:', dict(success=True, message=_("Password changed, forwarding ..."), location="/")
def post(self, identity, password, remember=False, redirect=None): if not authenticate(identity, password): if request.is_xhr: return 'json:', dict(success=False, message=_("Invalid user name or password.")) return self.get(redirect) if request.is_xhr: return 'json:', dict(success=True, location=redirect or '/') raise HTTPFound(location=redirect or '/')
def post(self, identity, password, remember=False, redirect=None): # First try with the original input success = authenticate(identity, password) if not success: # Try lowercase if it's an email or username, but not if it's an OTP if '@' in identity or len(identity) != 44: success = authenticate(identity.lower(), password) if not success: if request.is_xhr: return 'json:', dict( success=False, message=_("Invalid user name or password.")) return self.get(redirect) if request.is_xhr: return 'json:', dict(success=True, location=redirect or '/') raise HTTPFound(location=redirect or '/')