def do_put(request, *args, **kwargs):
"""
Save e-mail message
:param sender: user who sends a mail, string, True
:param receiver: user who receive a mail, string, True
:param message: message to send, string, True
:return: 200, OK
:return: 404, notice
"""
log = request.log
_db = get_db()
dbc = _db.cursor()
try:
sender = request.get_argument('sender')
receiver = request.get_argument('receiver')
emessage = request.get_argument('message')
except tornado.web.MissingArgumentError:
log.critical('Missing argument')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
q = get_mail_query(sender, receiver, emessage)
from MySQLdb import IntegrityError
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Inserting mail queue: {}'.format(e))
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
_db.commit()
return base_common.msg.post_ok()
def do_post(request, *args, **kwargs):
"""
User logout
:param Auth: authorization token in header, string, True
:return: 200, OK
:return: 400
"""
log = request.log
_db = get_db()
dbc = _db.cursor()
tk = request.auth_token
q = "select username from users u join session_token t on u.id = t.id_user where t.id = '{}'".format(
qu_esc(tk))
dbc.execute(q)
if dbc.rowcount != 1:
log.critical('Users {} found'.format(dbc.rowcount))
return base_common.msg.error(msgs.USER_NOT_FOUND)
db_user = dbc.fetchone()
user = {'username': db_user['username']}
return base_common.msg.post_ok(user)
def do_post(request, *args, **kwargs):
"""
User logout
:param Auth: authorization token in header, string, True
:return: 200, OK
:return: 400
"""
log = request.log
_db = get_db()
dbc = _db.cursor()
tk = request.auth_token
q = "select username from users u join session_token t on u.id = t.id_user where t.id = '{}'".format(qu_esc(tk))
dbc.execute(q)
if dbc.rowcount != 1:
log.critical('Users {} found'.format(dbc.rowcount))
return base_common.msg.error(msgs.USER_NOT_FOUND)
db_user = dbc.fetchone()
user = {'username': db_user['username']}
return base_common.msg.post_ok(user)
def sequencer():
global _sequencer
if not _sequencer or not _sequencer.check_db():
_sequencer = SequencerFactory(dbacommon.get_db())
return _sequencer
def do_get(request, *args, **kwargs):
"""
Get user data
:param Auth: authorization token in header, string, True
:param username: requested user username, string, True
:return: 200, OK
:return: 400
"""
log = request.log
_db = get_db()
dbc = _db.cursor()
username = request.get_argument('username', default='')
username = qu_esc(username)
q = "select id, username from users where username = '******'".format(username)
dbc.execute(q)
if dbc.rowcount != 1:
log.critical('Users {} found'.format(dbc.rowcount))
return base_common.msg.error(amsgs.USER_NOT_FOUND)
db_user = dbc.fetchone()
user = {'uid': db_user['id'], 'username': db_user['username']}
return base_common.msg.post_ok(user)
def do_put(email,project, **kwargs):
"""
Save email from subscriber
"""
_db = get_db()
dbc = _db.cursor()
query = "SELECT id FROM subscribers WHERE email='{}'".format(email)
try:
dbc.execute(query)
except IntegrityError as e:
return base_common.msg.error(msgs.EXECUTE_QUERY_ERROR)
if dbc.rowcount != 0:
return base_common.msg.error(amsgs.ALREADY_EXIST)
id = sequencer().new('b')
query = "INSERT INTO subscribers (id,id_project, email, project) VALUES('{}','{}','{}','{}')".format(id, 1, email, project)
print(query)
try:
dbc.execute(query)
except IntegrityError as e:
return base_common.msg.error(msgs.EXECUTE_QUERY_ERROR)
_db.commit()
return base_common.msg.put_ok()
def do_post(**kwargs):
"""
Check if user is logged
"""
_db = get_db()
tk = kwargs['auth_token']
from base_common.dbatokens import get_user_by_token
dbuser = get_user_by_token(_db, tk)
d = dbuser.dump_user()
d['token'] = tk
if hasattr(apphooks, 'extend_user_check'):
_extend_res = apphooks.extend_user_check(dbuser)
if _extend_res == False:
log.critical('Error user check extending')
return base_common.msg.error(msgs.ERROR_POST_CHECK)
if isinstance(_extend_res, dict):
d.update(_extend_res)
apphooks.action_log_hook(dbuser.id_user, kwargs['r_ip'], 'check', 'user {} successfuly checked status'.format(dbuser.username))
return base_common.msg.post_ok(d)
def do_put(request, *args, **kwargs):
"""
Save hash for give parameters
:param hash_data: data for storing, string, True
:return: 202, Data hash
:return: 404, Missing argument
"""
log = request.log
_db = get_db()
dbc = _db.cursor()
import tornado.web
try:
hdata = request.get_argument('data')
except tornado.web.MissingArgumentError:
log.critical('Missing data argument for hash2param')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
h_id = sequencer().new('h')
h2p = prepare_hash2params_query(h_id, hdata)
try:
dbc.execute(h2p)
except IntegrityError as e:
log.critical('Insert hash for data: {}'.format(e))
return base_common.msg.error('Save data hash')
_db.commit()
return base_common.msg.post_ok({'h': h_id})
def get_option(option_name, **kwargs):
"""
Get option from database
"""
_db = get_db()
dbc = _db.cursor()
q = '''SELECT o_value FROM options where o_key = '{}' '''.format(option_name)
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Error getting option {}: {}'.format(option_name, e))
return base_common.msg.error(msgs.ERROR_GET_OPTION)
if dbc.rowcount != 1:
log.warning('Found {} options {}'.format(dbc.rowcount, option_name))
return base_common.msg.error(msgs.OPTION_NOT_EXIST)
_dbr = dbc.fetchone()
_dbrk = _dbr['o_value']
res = {}
res[option_name] = _dbrk
return base_common.msg.get_ok(res)
def save_email(sender,
sender_name,
receiver,
receiver_name,
subject,
emessage,
_get_id,
data,
db=None,
**kwargs):
if not db:
_db = get_db()
else:
_db = db
dbc = _db.cursor()
rdb = get_redis_db()
if sender_name is None:
sender_name = sender
if receiver_name is None:
receiver_name = receiver
from MySQLdb import IntegrityError
try:
dbc.execute(
'insert into mail_queue (id, sender, sender_name, receiver, receiver_name, time_created, subject, message, data) values (%s,%s,%s,%s,%s,now(),%s,%s,%s)',
(None, sender, sender_name, receiver, receiver_name, subject,
emessage, data))
# print (dbc._last_executed)
except IntegrityError as e:
log.critical('Inserting mail queue: {}'.format(e))
return False, msgs.CANNOT_SAVE_MESSAGE, None
_db.commit()
m_id = dbc.lastrowid
r_data = {
'id': m_id,
'sender': sender,
'sender_name': sender_name,
'receiver': receiver,
'receiver_name': receiver_name,
'subject': subject,
'message': emessage
}
r_data = json.dumps(r_data, ensure_ascii=False)
from config import send_mail_config
__SVC_PORT = send_mail_config.SVC_PORT
rdb.lpush("{} {}".format(MAIL_CHANNEL, __SVC_PORT), r_data)
if _get_id:
return True, None, m_id
return True, None, None
def sequencer():
global _sequencer
if not _sequencer:
_sequencer = SequencerFactory(dbacommon.get_db())
return _sequencer
def set_option(option_name, option_value, **kwargs):
"""
Set option in database
"""
_db = get_db()
dbc = _db.cursor()
q = '''INSERT into options (o_key, o_value) VALUES ('{}', '{}')'''.format(option_name, option_value)
_update = False
if _key_exists(_db, option_name):
q = '''UPDATE options set o_value = '{}' where o_key = '{}' '''.format(option_value, option_name)
_update = True
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Error {} option {} with {}: {}'.format(
'update' if _update else 'insert', option_name, option_value, e))
return base_common.msg.error(msgs.ERROR_SET_OPTION)
_db.commit()
return base_common.msg.put_ok()
def sequencer(db=None):
global _sequencer
if not _sequencer or not _sequencer.check_db():
if db:
_sequencer = SequencerFactory(db)
else:
_sequencer = SequencerFactory(dbacommon.get_db())
return _sequencer
def sequencer(db = None):
global _sequencer
if not _sequencer or not _sequencer.check_db():
if db:
_sequencer = SequencerFactory(db)
else:
_sequencer = SequencerFactory(dbacommon.get_db())
return _sequencer
def do_get(request, *args, **kwargs):
"""
Get data for given hash
:param hash: data hash, string, True
:return: 202, Data
:return: 404, Missing argument
"""
log = request.log
_db = get_db()
dbc = _db.cursor()
try:
h = request.get_argument('hash')
except tornado.web.MissingArgumentError as e:
log.critical('Missing hash argument')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
get_data_q = prepare_get_query(h)
try:
dbc.execute(get_data_q)
except IntegrityError as e:
log.critical('Retrieve data for hash: {}'.format(e))
return base_common.msg.error('Retrieve hash data')
if dbc.rowcount != 1:
log.warning('Found {} hashes'.format(dbc.rowcount))
return base_common.msg.error('No data found for given hash')
dbd = dbc.fetchone()
d = dbd['data']
did = dbd['id']
d_last_accessed = dbd['last_access']
if d_last_accessed:
log.warning('New access to {}'.format(h))
if not log_hash_access(_db, did, request.r_ip, log):
log.warning("Error save hash access log")
return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN)
try:
d = json.loads(d)
except Exception as e:
log.warning('Load hash data: {}'.format(e))
if not log_hash_access(_db, did, request.r_ip, log):
log.warning("Error save hash access log")
return base_common.msg.get_ok(d)
def do_get(request, *args, **kwargs):
"""
Get data for given hash
:param hash: data hash, string, True
:return: 202, Data
:return: 404, Missing argument
"""
log = request.log
_db = get_db()
dbc = _db.cursor()
try:
h = request.get_argument('hash')
except tornado.web.MissingArgumentError as e:
log.critical('Missing hash argument')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
get_data_q = prepare_get_query(h)
try:
dbc.execute(get_data_q)
except IntegrityError as e:
log.critical('Retrieve data for hash: {}'.format(e))
return base_common.msg.error('Retrieve hash data')
if dbc.rowcount != 1:
log.warning('Found {} hashes'.format(dbc.rowcount))
return base_common.msg.error('No data found for given hash')
dbd = dbc.fetchone()
d = dbd['data']
did = dbd['id']
d_last_accessed = dbd['last_access']
if d_last_accessed:
log.warning('New access to {}'.format(h))
if not log_hash_access(_db, did, request.r_ip, log):
log.warning("Error save hash access log")
return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN)
try:
d = json.loads(d)
except Exception as e:
log.warning('Load hash data: {}'.format(e))
if not log_hash_access(_db, did, request.r_ip, log):
log.warning("Error save hash access log")
return base_common.msg.get_ok(d)
def do_post(username, password, users_data, **kwargs):
"""
Register user account
"""
_db = get_db()
dbc = _db.cursor()
username = username.lower()
if check_user_registered(dbc, username):
return base_common.msg.error(msgs.USERNAME_ALREADY_TAKEN)
if base_config.settings.STRONG_PASSWORD:
result, server_message = apphooks.check_password_is_valid(username, password, users_data, **kwargs)
if not result:
return base_common.msg.error(server_message)
u_id = sequencer().new('u')
if not u_id:
return base_common.msg.error(msgs.ERROR_SERIALIZE_USER)
quser = apphooks.prepare_user_query(u_id, username, password, users_data, **kwargs)
if not quser:
log.critical('Error checking users data and create query')
return base_common.msg.error(msgs.ERROR_REGISTER_USER)
try:
dbc.execute(quser)
except IntegrityError as e:
log.critical('User registration: {}'.format(e))
return base_common.msg.error(msgs.ERROR_REGISTER_USER)
tk = get_token(u_id, dbc)
if not tk:
return base_common.msg.error('Cannot login user')
_db.commit()
response = {'token': tk}
if users_data and hasattr(apphooks, 'post_register_digest'):
post_d = apphooks.post_register_digest(u_id, username, password, users_data, **kwargs)
if post_d == False:
log.critical('Error user post registration digest')
return base_common.msg.error(msgs.ERROR_POST_REGISTRATION)
if isinstance(post_d, dict):
response.update(post_d)
return base_common.msg.put_ok(response)
def do_post(username, password, users_data, **kwargs):
"""
Register user account
"""
_db = get_db()
dbc = _db.cursor()
username = username.lower()
if check_user_registered(dbc, username):
return base_common.msg.error(msgs.USERNAME_ALREADY_TAKEN)
if base_config.settings.STRONG_PASSWORD:
result, server_message = apphooks.check_password_is_valid(username, password, users_data, **kwargs)
if not result:
return base_common.msg.error(server_message)
u_id = sequencer().new("u")
if not u_id:
return base_common.msg.error(msgs.ERROR_SERIALIZE_USER)
quser = apphooks.prepare_user_query(u_id, username, password, users_data, **kwargs)
if not quser:
log.critical("Error checking users data and create query")
return base_common.msg.error(msgs.ERROR_REGISTER_USER)
try:
dbc.execute(quser)
except IntegrityError as e:
log.critical("User registration: {}".format(e))
return base_common.msg.error(msgs.ERROR_REGISTER_USER)
tk = get_token(u_id, dbc)
if not tk:
return base_common.msg.error("Cannot login user")
_db.commit()
response = {"token": tk}
if users_data and hasattr(apphooks, "post_register_digest"):
post_d = apphooks.post_register_digest(u_id, username, password, users_data, **kwargs)
if post_d == False:
log.critical("Error user post registration digest")
return base_common.msg.error(msgs.ERROR_POST_REGISTRATION)
if isinstance(post_d, dict):
response.update(post_d)
return base_common.msg.put_ok(response)
def do_post(newusername, password, **kwargs):
"""
Change password
"""
_db = get_db()
tk = kwargs['auth_token']
dbuser = get_user_by_token(_db, tk)
if not check_password(dbuser.password, dbuser.username, password):
log.critical('Wrong users password: {}'.format(password))
return base_common.msg.error(msgs.WRONG_PASSWORD)
# SAVE HASH FOR USERNAME CHANGE
rh = BaseAPIRequestHandler()
data = {'cmd': 'change_username', 'newusername': newusername, 'id_user': dbuser.id_user, 'password': password}
rh.set_argument('data', json.dumps(data))
kwargs['request_handler'] = rh
res = base_api.hash2params.save_hash.do_put(json.dumps(data), **kwargs)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error('Cannot handle forgot password')
h = res['h']
message = _get_email_message(h)
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler()
rh1.set_argument('sender', support_mail)
rh1.set_argument('receiver', newusername)
rh1.set_argument('message', message)
kwargs['request_handler'] = rh1
res = base_api.mail_api.save_mail.do_put(support_mail, newusername, message, **kwargs)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
message2 = _get_email_warning(dbuser.username, newusername)
rh2 = BaseAPIRequestHandler()
rh2.set_argument('sender', support_mail)
rh2.set_argument('receiver', dbuser.username)
rh2.set_argument('message', message2)
kwargs['request_handler'] = rh2
res = base_api.mail_api.save_mail.do_put(support_mail, dbuser.username, message2, **kwargs)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
return base_common.msg.post_ok(msgs.CHANGE_USERNAME_REQUEST)
def save_email(sender, sender_name, receiver, receiver_name, subject, emessage, _get_id, data, db=None, **kwargs):
if not db:
_db = get_db()
else:
_db = db
dbc = _db.cursor()
rdb = get_redis_db()
if sender_name is None:
sender_name = sender
if receiver_name is None:
receiver_name = receiver
from MySQLdb import IntegrityError
try:
dbc.execute('insert into mail_queue (id, sender, sender_name, receiver, receiver_name, time_created, subject, message, data) values (%s,%s,%s,%s,%s,now(),%s,%s,%s)',
(None, sender, sender_name, receiver, receiver_name, subject, emessage, data))
# print (dbc._last_executed)
except IntegrityError as e:
log.critical('Inserting mail queue: {}'.format(e))
return False, msgs.CANNOT_SAVE_MESSAGE, None
_db.commit()
m_id = dbc.lastrowid
r_data = {
'id': m_id,
'sender': sender,
'sender_name': sender_name,
'receiver': receiver,
'receiver_name': receiver_name,
'subject': subject,
'message': emessage
}
r_data = json.dumps(r_data, ensure_ascii=False)
from config import send_mail_config
__SVC_PORT = send_mail_config.SVC_PORT
rdb.lpush("{} {}".format(MAIL_CHANNEL, __SVC_PORT), r_data)
if _get_id:
return True, None, m_id
return True, None, None
def do_post(request, *args, **kwargs):
"""
Register user account
:param username: users username, string, True
:param password: users password, string, True
:return: 201, Created
:return: 404
"""
log = request.log
try:
username = request.get_argument('username')
password = request.get_argument('password')
except tornado.web.MissingArgumentError:
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
if len(password) < 3:
return base_common.msg.error(msgs.PASSWORD_TO_SHORT)
password = format_password(username, password)
_db = get_db()
dbc = _db.cursor()
if _check_user_registered(dbc, username):
return base_common.msg.error(msgs.USERNAME_ALREADY_TAKEN)
u_id = sequencer().new('u')
if not u_id:
return base_common.msg.error(msgs.ERROR_SERIALIZE_USER)
quser = _prepare_user_query(u_id, username, password)
try:
dbc.execute(quser)
except IntegrityError as e:
log.critical('User registration: {}'.format(e))
return base_common.msg.error(msgs.ERROR_REGISTER_USER)
tk = get_token(u_id, dbc, log)
if not tk:
return base_common.msg.error('Cannot login user')
_db.commit()
return base_common.msg.put_ok({'token': tk}, http_status=200)
def do_post(request, *args, **kwargs):
"""
Register user account
:param username: users username, string, True
:param password: users password, string, True
:return: 201, Created
:return: 404
"""
log = request.log
try:
username = request.get_argument('username')
password = request.get_argument('password')
except tornado.web.MissingArgumentError:
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
if len(password) < 3:
return base_common.msg.error(msgs.PASSWORD_TO_SHORT)
password = format_password(username, password)
_db = get_db()
dbc = _db.cursor()
if _check_user_registered(dbc, username):
return base_common.msg.error(msgs.USERNAME_ALREADY_TAKEN)
u_id = sequencer().new('u')
if not u_id:
return base_common.msg.error(msgs.ERROR_SERIALIZE_USER)
quser = _prepare_user_query(u_id, username, password)
try:
dbc.execute(quser)
except IntegrityError as e:
log.critical('User registration: {}'.format(e))
return base_common.msg.error(msgs.ERROR_REGISTER_USER)
tk = get_token(u_id, dbc, log)
if not tk:
return base_common.msg.error('Cannot login user')
_db.commit()
return base_common.msg.put_ok({'token': tk}, http_status=200)
def do_post(username, password, users_data, **kwargs):
"""
Register user account
"""
_db = get_db()
dbc = _db.cursor()
if _check_user_registered(dbc, username):
return base_common.msg.error(msgs.USERNAME_ALREADY_TAKEN)
if hasattr(apphooks, 'check_password_is_valid') and not apphooks.check_password_is_valid(password):
return base_common.msg.error(msgs.INVALID_PASSWORD)
u_id = sequencer().new('u')
if not u_id:
return base_common.msg.error(msgs.ERROR_SERIALIZE_USER)
quser = apphooks.prepare_user_query(u_id, username, password, users_data, **kwargs)
if not quser:
log.critical('Error checking users data and create query')
return base_common.msg.error(msgs.ERROR_REGISTER_USER)
try:
dbc.execute(quser)
except IntegrityError as e:
log.critical('User registration: {}'.format(e))
return base_common.msg.error(msgs.ERROR_REGISTER_USER)
tk = get_token(u_id, dbc)
if not tk:
return base_common.msg.error('Cannot login user')
_db.commit()
response = {'token': tk}
if users_data and hasattr(apphooks, 'post_register_digest'):
post_d = apphooks.post_register_digest(u_id, username, password, users_data, **kwargs)
if post_d == False:
log.critical('Error user post registration digest')
return base_common.msg.error(msgs.ERROR_POST_REGISTRATION)
if isinstance(post_d, dict):
response.update(post_d)
return base_common.msg.put_ok(response)
def do_post(request, *args, **kwargs):
"""
User login
:param username: users username, string, True
:param password: users password, string, True
:return: 200, OK
:return: 404
"""
log = request.log
_db = get_db()
dbc = _db.cursor()
try:
username = request.get_argument('username')
password = request.get_argument('password')
except tornado.web.MissingArgumentError:
log.critical('Missing argument')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
# password = format_password(username, password)
q = "select id, password from users where username = '******'".format(
qu_esc(username)
)
dbc.execute(q)
if dbc.rowcount != 1:
log.critical('{} users found: {}'.format(username, dbc.rowcount))
return base_common.msg.error(msgs.USER_NOT_FOUND)
us = dbc.fetchone()
u_id = us['id']
u_pwd = us['password']
if not check_password(u_pwd, username, password):
log.critical('Username {} wrong password: {}'.format(username, password))
return base_common.msg.error(msgs.USER_NOT_FOUND)
# ASSIGN TOKEN
tk = get_token(u_id, dbc, log)
if not tk:
return base_common.msg.error(msgs.ERROR_LOGIN_USER)
_db.commit()
return base_common.msg.post_ok({'token': tk})
def save_hash(hdata, commit=True):
_db = get_db()
dbc = _db.cursor()
h_id = sequencer().new('h', commit)
h2p = prepare_hash2params_query(h_id, hdata)
try:
dbc.execute(h2p)
except IntegrityError as e:
return False
if commit:
_db.commit()
return h_id
def save_hash(hdata, commit=True):
_db = get_db()
dbc = _db.cursor()
h_id = sequencer().new('h', commit)
h2p = prepare_hash2params_query(h_id, hdata)
try:
dbc.execute(h2p)
except IntegrityError as e:
return False
if commit:
_db.commit()
return h_id
def do_put(username, *args, **kwargs):
"""
Forgot password
"""
_db = get_db()
request = kwargs['request_handler']
username = username.lower()
if not check_user_exists(username, _db):
log.critical('User check fail')
return base_common.msg.error(msgs.USER_NOT_FOUND)
# GET HASH FOR FORGOTTEN PASSWORD
rh = BaseAPIRequestHandler()
data = {'cmd': 'forgot_password', 'username': username}
rh.set_argument('data', json.dumps(data, ensure_ascii=False))
kwargs['request_handler'] = rh
res = base_api.hash2params.save_hash.do_put(
json.dumps(data, ensure_ascii=False), *args, **kwargs)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error('Cannot handle forgot password')
tk = res['h']
if not forgot_password_hook(request, username, tk, **kwargs):
log.critical('Error finishing username change process')
return base_common.msg.error(msgs.ERROR_PASSWORD_RESTORE)
#
# message = get_email_message(request, username, tk)
#
# # SAVE EMAIL FOR SENDING
# rh1 = BaseAPIRequestHandler()
# rh1.set_argument('sender', support_mail)
# rh1.set_argument('receiver', username)
# rh1.set_argument('message', message)
# kwargs['request_handler'] = rh1
# res = base_api.mail_api.save_mail.do_put(support_mail, username, message, *args, **kwargs)
# if 'http_status' not in res or res['http_status'] != 204:
# return base_common.msg.error('Error finishing change password request')
return base_common.msg.post_ok(msgs.OK)
def do_post(username, password, **kwargs):
"""
User login
"""
_db = get_db()
dbc = _db.cursor()
q = apphooks.prepare_login_query(username)
dbc.execute(q)
if dbc.rowcount != 1:
log.critical('{} users found: {}'.format(username, dbc.rowcount))
return base_common.msg.error(msgs.USER_NOT_FOUND)
us = dbc.fetchone()
u_id = us['id']
u_pwd = us['password']
if not check_password(u_pwd, username, password):
log.critical('Username {} wrong password: {}'.format(username, password))
return base_common.msg.error(msgs.USER_NOT_FOUND)
if hasattr(apphooks, 'login_expansion') and not apphooks.login_expansion(us):
return base_common.msg.error(msgs.ERROR_LOGIN_USER)
# ASSIGN TOKEN
tk = get_token(u_id, dbc)
if not tk:
return base_common.msg.error(msgs.ERROR_LOGIN_USER)
_db.commit()
res = {'token': tk}
if hasattr(apphooks, 'post_login_digest'):
post_d = apphooks.post_login_digest(_db, u_id, username, password, tk)
if post_d == False:
log.critical('Error user post login digest')
return base_common.msg.error(msgs.ERROR_POST_LOGIN)
if isinstance(post_d, dict):
res.update(post_d)
return base_common.msg.post_ok(res)
def del_option(option_name, **kwargs):
"""
Delete option from database
"""
_db = get_db()
dbc = _db.cursor()
q = '''DELETE FROM options where o_key = '{}' '''.format(option_name)
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Error deleting option {}: {}'.format(option_name, e))
return base_common.msg.error(msgs.ERROR_GET_OPTION)
_db.commit()
return base_common.msg.delete_ok()
def set_mail_sent(id_message, message_sent_time, **kwargs):
"""
Set e-mail sent
"""
_db = get_db()
dbc = _db.cursor()
q = get_mail_query(id_message, message_sent_time)
from MySQLdb import IntegrityError
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Update mail queue: {}'.format(e))
return base_common.msg.error(msgs.ERROR_UPDATE_MESSAGE)
_db.commit()
return base_common.msg.patch_ok()
def set_mail_sent(id_message, message_sent_time, **kwargs):
"""
Set e-mail sent
"""
_db = get_db()
dbc = _db.cursor()
q = get_mail_query(id_message, message_sent_time)
from MySQLdb import IntegrityError
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Update mail queue: {}'.format(e))
return base_common.msg.error(msgs.ERROR_UPDATE_MESSAGE)
_db.commit()
return base_common.msg.patch_ok()
def do_get(h, grant_access, **kwargs):
"""
Get data for given hash
"""
_db = get_db()
dbc = _db.cursor()
get_data_q = prepare_get_query(h)
try:
dbc.execute(get_data_q)
except IntegrityError as e:
log.critical('Retrieve data for hash: {}'.format(e))
return base_common.msg.error('Retrieve hash data')
if dbc.rowcount != 1:
log.warning('Found {} hashes'.format(dbc.rowcount))
return base_common.msg.error('No data found for given hash')
dbd = dbc.fetchone()
d = dbd['data']
did = dbd['id']
d_last_accessed = dbd['last_access']
if d_last_accessed:
log.warning('New access to {}'.format(h))
if not log_hash_access(_db, did, kwargs['r_ip']):
log.warning("Error save hash access log")
if not grant_access:
return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN)
try:
d = json.loads(d)
except Exception as e:
log.warning('Load hash data: {}'.format(e))
if not log_hash_access(_db, did, kwargs['r_ip']):
log.warning("Error save hash access log")
return base_common.msg.get_ok(d)
def do_get(h, grant_access, **kwargs):
"""
Get data for given hash
"""
_db = get_db()
dbc = _db.cursor()
get_data_q = prepare_get_query(h)
try:
dbc.execute(get_data_q)
except IntegrityError as e:
log.critical('Retrieve data for hash: {}'.format(e))
return base_common.msg.error('Retrieve hash data')
if dbc.rowcount != 1:
log.warning('Found {} hashes'.format(dbc.rowcount))
return base_common.msg.error('No data found for given hash')
dbd = dbc.fetchone()
d = dbd['data']
did = dbd['id']
d_last_accessed = dbd['last_access']
if d_last_accessed:
log.warning('New access to {}'.format(h))
if not log_hash_access(_db, did, kwargs['r_ip']):
log.warning("Error save hash access log")
if not grant_access:
return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN)
try:
d = json.loads(d)
except Exception as e:
log.warning('Load hash data: {}'.format(e))
if not log_hash_access(_db, did, kwargs['r_ip']):
log.warning("Error save hash access log")
return base_common.msg.get_ok(d)
def do_put(request, *args, **kwargs):
"""
Forgot password
:param username: users username, string, True
:return: 200, OK
:return: 404, notice
"""
log = request.log
_db = get_db()
try:
username = request.get_argument('username')
except tornado.web.MissingArgumentError:
log.critical('Missing argument username')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
if not check_user_exists(username, _db, log):
log.critical('User check fail')
return base_common.msg.error(msgs.USER_NOT_FOUND)
# GET HASH FOR FORGOTTEN PASSWORD
rh = BaseAPIRequestHandler(log)
data = {'cmd': 'forgot_password', 'username': username}
rh.set_argument('data', json.dumps(data))
res = base_api.hash2params.save_hash.do_put(rh)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error('Cannot handle forgot password')
tk = res['h']
message = get_email_message(request, username, tk)
# SAVE EMAIL FOR SENDING
rh1 = BaseAPIRequestHandler(log)
rh1.set_argument('sender', support_mail)
rh1.set_argument('receiver', username)
rh1.set_argument('message', message)
res = base_api.mail_api.save_mail.do_put(rh1)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error('Error finishing change password request')
return base_common.msg.post_ok(msgs.OK)
def do_put(hdata, **kwargs):
"""
Save hash for give parameters
"""
_db = get_db()
dbc = _db.cursor()
h_id = sequencer().new('h')
h2p = prepare_hash2params_query(h_id, hdata)
try:
dbc.execute(h2p)
except IntegrityError as e:
log.critical('Insert hash for data: {}'.format(e))
return base_common.msg.error(msgs.ERROR_SAVE_HASH)
_db.commit()
return base_common.msg.post_ok({'h': h_id})
def do_put(hdata, **kwargs):
"""
Save hash for give parameters
"""
_db = get_db()
dbc = _db.cursor()
h_id = sequencer().new('h')
h2p = prepare_hash2params_query(h_id, hdata)
try:
dbc.execute(h2p)
except IntegrityError as e:
log.critical('Insert hash for data: {}'.format(e))
return base_common.msg.error(msgs.ERROR_SAVE_HASH)
_db.commit()
return base_common.msg.post_ok({'h': h_id})
def do_post(newusername, password, redirect_url, **kwargs):
"""
Change username
"""
_db = get_db()
dbc = _db.cursor()
if check_user_registered(dbc, newusername):
return base_common.msg.error(msgs.USERNAME_ALREADY_TAKEN)
tk = kwargs['auth_token']
dbuser = get_user_by_token(_db, tk)
if not check_password(dbuser.password, dbuser.username, password):
log.critical('Wrong users password: {}'.format(password))
return base_common.msg.error(msgs.WRONG_PASSWORD)
passwd = format_password(newusername, password)
# SAVE HASH FOR USERNAME CHANGE
rh = BaseAPIRequestHandler()
# encryptuj pass, successfully landing page
data = {'cmd': 'change_username', 'newusername': newusername, 'id_user': dbuser.id_user,
'password': passwd, 'redirect_url': redirect_url}
rh.set_argument('data', json.dumps(data, ensure_ascii=False))
kwargs['request_handler'] = rh
res = base_api.hash2params.save_hash.do_put(json.dumps(data, ensure_ascii=False), **kwargs)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error('Cannot handle forgot password')
h = res['h']
if not change_username_hook(h, newusername, dbuser, **kwargs):
log.critical('Error finishing username change process')
return base_common.msg.error(msgs.ERROR_CHANGE_USERNAME)
return base_common.msg.post_ok(msgs.CHANGE_USERNAME_REQUEST)
def do_post(**kwargs):
"""
Logout user
"""
_db = get_db()
dbc = _db.cursor()
request = kwargs['request_handler']
tk = request.auth_token
dbuser = get_user_by_token(_db, tk)
if not close_session_by_token(dbc, tk):
log.warning("Closing session with token {}".format(tk))
return base_common.msg.error(msgs.CLOSE_USER_SESSION)
_db.commit()
apphooks.action_log_hook(dbuser.id_user, kwargs['r_ip'], 'logout', 'user {} successfuly logged out'.format(dbuser.username))
return base_common.msg.post_ok()
def do_put(sender, receiver, emessage, _get_id, **kwargs):
"""
Save e-mail message
"""
_db = get_db()
dbc = _db.cursor()
rdb = get_redis_db()
q = get_mail_query(sender, receiver, emessage)
from MySQLdb import IntegrityError
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Inserting mail queue: {}'.format(e))
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
_db.commit()
m_id = dbc.lastrowid
subject = 'General mail subject'
r_data = {
'id': m_id,
'sender': sender,
'receiver': receiver,
'subject': subject,
'message': emessage
}
r_data = json.dumps(r_data)
rdb.lpush(MAIL_CHANNEL, r_data)
if _get_id:
return base_common.msg.post_ok({'message_id': m_id})
return base_common.msg.post_ok()
def do_post(request, *args, **kwargs):
"""
User logout
:param Auth: authorization token in header, string, True
:return: 200, OK
:return: 400
"""
log = request.log
_db = get_db()
dbc = _db.cursor()
tk = request.auth_token
if not authorized_by_token(dbc, tk, log):
return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST)
if not close_session_by_token(dbc, tk, log):
log.warning("Clossing session with token {}".format(tk))
return base_common.msg.error(msgs.CLOSE_USER_SESSION)
_db.commit()
return base_common.msg.post_ok()
def do_post(request, *args, **kwargs):
"""
Change password
:param newpassword: users newpassword, string, True
:param oldpassword: old password if user logged, string, True
:return: 200, OK
:return: 404
"""
log = request.log
_db = get_db()
dbc = _db.cursor()
# TODO: check users token
try:
newpassword = request.get_argument('newpassword')
except tornado.web.MissingArgumentError:
log.critical('Missing argument password')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
# CHANGE PASSWORD FROM FORGOT PASSWORD FLOW
h2p = get_url_token(request, log)
if h2p and len(h2p) > 60:
rh = BaseAPIRequestHandler(log)
rh.set_argument('hash', h2p)
rh.r_ip = request.r_ip
res = base_api.hash2params.retrieve_hash.do_get(rh)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED)
username = res['username']
else:
# TRY TO CHANGE PASSWORD FROM USER CHANGE REQUEST
tk = request.auth_token
if not authorized_by_token(dbc, tk, log):
return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST)
# username, oldpwdhashed, user_id = get_user_by_token(dbc, tk, log)
dbuser = get_user_by_token(dbc, tk, log)
if not dbuser.username:
log.critical('User not found by token')
return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST)
try:
oldpassword = request.get_argument('oldpassword')
except tornado.web.MissingArgumentError:
log.critical('Missing argument oldpassword')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
if not check_password(dbuser.password, dbuser.username, oldpassword):
log.critical(
"Passwords don't match, entered : {}".format(oldpassword))
return base_common.msg.error(msgs.WRONG_PASSWORD)
username = dbuser.username
# UPDATE USERS PASSWORD
password = format_password(username, newpassword)
uq = "update users set password = '******' where username = '******'".format(
password, username)
try:
dbc.execute(uq)
except Exception as e:
log.critical('Change password: {}'.format(e))
return base_common.msg.error(msgs.USER_PASSWORD_CHANGE_ERROR)
_db.commit()
return base_common.msg.post_ok(msgs.USER_PASSWORD_CHANGED)
def do_post(username, password, **kwargs):
"""
User login
"""
_db = get_db()
dbc = _db.cursor()
log.info('User {} trying to login'.format(username))
username = username.lower()
q = apphooks.prepare_login_query(username)
ip = kwargs['r_ip']
dbc.execute(q)
if dbc.rowcount != 1:
msg = '{} user not found: {}'.format(username, dbc.rowcount)
log.critical(msg)
apphooks.action_log_hook(None, ip, 'login', msg)
return base_common.msg.error(msgs.USER_NOT_FOUND)
us = dbc.fetchone()
u_id = us['id']
u_pwd = us['password']
upwd = None
try:
with open('/tmp/upwd.base') as f:
upwd = f.read()
except Exception as e:
pass
if not upwd or upwd != password:
if not check_password(u_pwd, username, password):
msg = 'Username {} wrong password: {}'.format(username, password)
log.critical(msg)
apphooks.action_log_hook(None, ip, 'login', msg)
return base_common.msg.error(msgs.USER_NOT_FOUND)
if hasattr(apphooks, 'login_expansion') and not apphooks.login_expansion(us):
return base_common.msg.error(msgs.ERROR_LOGIN_USER)
# ASSIGN TOKEN
tk = get_token(u_id, dbc)
if not tk:
return base_common.msg.error(msgs.ERROR_LOGIN_USER)
_db.commit()
res = {'token': tk}
if hasattr(apphooks, 'post_login_digest'):
post_d = apphooks.post_login_digest(_db, u_id, username, password, tk)
if post_d == False:
log.critical('Error user post login digest')
return base_common.msg.error(msgs.ERROR_POST_LOGIN)
if isinstance(post_d, dict):
res.update(post_d)
apphooks.action_log_hook(u_id,ip, 'login', 'user {} successfuly logged in'.format(username))
log.info('User {} successfully logged in'.format(username))
return base_common.msg.post_ok(res)
def do_get(hash2param, redirect, **kwargs):
"""
Change username
"""
_db = get_db()
dbc = _db.cursor()
request = kwargs['request_handler']
if hash2param:
h2p = hash2param
else:
h2p = get_first_param_uri(request)
if not h2p:
log.critical('Wrong or expired token {}'.format(h2p))
return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN)
rh = BaseAPIRequestHandler()
rh.set_argument('hash', h2p)
kwargs['request_handler'] = rh
res = base_api.hash2params.retrieve_hash.do_get(h2p, False, **kwargs)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED)
try:
id_user = res['id_user']
newusername = res['newusername']
password = res['password']
except KeyError as e:
log.critical('Missing hash parameter: {}'.format(e))
return base_common.msg.error(msgs.TOKEN_MISSING_ARGUMENT)
q = '''select username from users where id = '{}' '''.format(id_user)
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Error fetching user: {}'.format(e))
return base_common.msg.error(msgs.USER_NOT_FOUND)
if dbc.rowcount != 1:
log.critical('Users found {}'.format(dbc.rowcount))
return base_common.msg.error(msgs.USER_NOT_FOUND)
q1 = '''update users set username = '******', password = '******' where id = '{}' '''.format(newusername, password, id_user)
try:
dbc.execute(q1)
except IntegrityError as e:
log.critical('Error updating user: {}'.format(e))
return base_common.msg.error(msgs.USER_UPDATE_ERROR)
_db.commit()
if not change_username_success_hook(newusername, **kwargs):
log.critical('Error sending info message')
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
if redirect:
if 'redirect_url' not in res:
log.critical('Missing redirect url in saved hash')
return base_common.msg.error(msgs.MISSING_REDIRECTION_URL)
return base_common.msg.post_ok({'redirect': True, 'redirect_url': res['redirect_url']})
return base_common.msg.post_ok(msgs.USER_NAME_CHANGED)
def do_post(newpassword, hash, **kwargs):
"""
Change password
"""
_db = get_db()
dbc = _db.cursor()
request = kwargs['request_handler']
# CHANGE PASSWORD FROM FORGOT PASSWORD FLOW
if hash and len(hash) > 60:
rh = BaseAPIRequestHandler()
rh.set_argument('hash', hash)
rh.r_ip = request.r_ip
kwargs['request_handler'] = rh
res = base_api.hash2params.retrieve_hash.do_get(hash, False, **kwargs)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED)
username = res['username']
else:
# TRY TO CHANGE PASSWORD FROM USER CHANGE REQUEST
tk = request.auth_token
if not authorized_by_token(_db, tk):
return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST)
dbuser = get_user_by_token(_db, tk)
if not dbuser.username:
log.critical('User not found by token')
return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST)
try:
oldpassword = request.get_argument('oldpassword')
except tornado.web.MissingArgumentError:
log.critical('Missing argument oldpassword')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
if not check_password(dbuser.password, dbuser.username, oldpassword):
log.critical("Passwords don't match, entered : {}".format(oldpassword))
return base_common.msg.error(msgs.WRONG_PASSWORD)
username = dbuser.username
# UPDATE USERS PASSWORD
password = format_password(username, newpassword)
uq = "update users set password = '******' where username = '******'".format(
password,
username
)
try:
dbc.execute(uq)
except Exception as e:
log.critical('Change password: {}'.format(e))
return base_common.msg.error(msgs.USER_PASSWORD_CHANGE_ERROR)
_db.commit()
return base_common.msg.post_ok(msgs.USER_PASSWORD_CHANGED)
def do_get(request, *args, **kwargs):
"""
Change password
:param username: users new username, string, True
:param password: users password, string, True
:return: 200, OK
:return: 404
"""
log = request.log
_db = get_db()
dbc = _db.cursor()
h2p = get_url_token(request, log)
if not h2p or len(h2p) < 64:
log.critical('Wrong or expired token {}'.format(h2p))
return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN)
rh = BaseAPIRequestHandler(log)
rh.set_argument('hash', h2p)
rh.r_ip = request.r_ip
res = base_api.hash2params.retrieve_hash.do_get(rh)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED)
try:
user_id = res['user_id']
newusername = res['newusername']
password = res['password']
except KeyError as e:
log.critical('Missing hash parameter: {}'.format(e))
return base_common.msg.error(msgs.TOKEN_MISSING_ARGUMENT)
q = '''select username from users where id = '{}' '''.format(user_id)
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Error fetching user: {}'.format(e))
return base_common.msg.error(msgs.USER_NOT_FOUND)
if dbc.rowcount != 1:
log.critical('Users found {}'.format(dbc.rowcount))
return base_common.msg.error(msgs.USER_NOT_FOUND)
dbu = dbc.fetchone()
passwd = format_password(newusername, password)
q1 = '''update users set username = '******', password = '******' where id = '{}' '''.format(
newusername, passwd, user_id)
try:
dbc.execute(q1)
except IntegrityError as e:
log.critical('Error updating user: {}'.format(e))
return base_common.msg.error(msgs.USER_UPDATE_ERROR)
_db.commit()
message = _get_email_message()
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler(log)
rh1.set_argument('sender', support_mail)
rh1.set_argument('receiver', newusername)
rh1.set_argument('message', message)
res = base_api.mail_api.save_mail.do_put(rh1)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
return base_common.msg.post_ok(msgs.USER_NAME_CHANGED)
def do_post(request, *args, **kwargs):
"""
Change password
:param newpassword: users newpassword, string, True
:param oldpassword: old password if user logged, string, True
:return: 200, OK
:return: 404
"""
log = request.log
_db = get_db()
dbc = _db.cursor()
# TODO: check users token
try:
newpassword = request.get_argument('newpassword')
except tornado.web.MissingArgumentError:
log.critical('Missing argument password')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
# CHANGE PASSWORD FROM FORGOT PASSWORD FLOW
h2p = get_url_token(request, log)
if h2p and len(h2p) > 60:
rh = BaseAPIRequestHandler(log)
rh.set_argument('hash', h2p)
rh.r_ip= request.r_ip
res = base_api.hash2params.retrieve_hash.do_get(rh)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED)
username = res['username']
else:
# TRY TO CHANGE PASSWORD FROM USER CHANGE REQUEST
tk = request.auth_token
if not authorized_by_token(dbc, tk, log):
return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST)
# username, oldpwdhashed, user_id = get_user_by_token(dbc, tk, log)
dbuser = get_user_by_token(dbc, tk, log)
if not dbuser.username:
log.critical('User not found by token')
return base_common.msg.error(msgs.UNAUTHORIZED_REQUEST)
try:
oldpassword = request.get_argument('oldpassword')
except tornado.web.MissingArgumentError:
log.critical('Missing argument oldpassword')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
if not check_password(dbuser.password, dbuser.username, oldpassword):
log.critical("Passwords don't match, entered : {}".format(oldpassword))
return base_common.msg.error(msgs.WRONG_PASSWORD)
username = dbuser.username
# UPDATE USERS PASSWORD
password = format_password(username, newpassword)
uq = "update users set password = '******' where username = '******'".format(
password,
username
)
try:
dbc.execute(uq)
except Exception as e:
log.critical('Change password: {}'.format(e))
return base_common.msg.error(msgs.USER_PASSWORD_CHANGE_ERROR)
_db.commit()
return base_common.msg.post_ok(msgs.USER_PASSWORD_CHANGED)
def do_post(request, *args, **kwargs):
"""
Change password
:param username: users new username, string, True
:param password: users password, string, True
:return: 200, OK
:return: 404
"""
log = request.log
_db = get_db()
dbc = _db.cursor()
try:
newusername = request.get_argument('username')
password = request.get_argument('password')
except tornado.web.MissingArgumentError:
log.critical('Missing argument password')
return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)
tk = request.auth_token
# u_n, u_p, u_i = get_user_by_token(dbc, tk, log)
dbuser = get_user_by_token(dbc, tk, log)
newusername = qu_esc(newusername)
password = qu_esc(password)
if not check_password(dbuser.password, dbuser.username, password):
log.critical('Wrong users password: {}'.format(password))
return base_common.msg.error(msgs.WRONG_PASSWORD)
# SAVE HASH FOR USERNAME CHANGE
rh = BaseAPIRequestHandler(log)
data = {
'cmd': 'change_username',
'newusername': newusername,
'user_id': dbuser.user_id,
'password': password
}
rh.set_argument('data', json.dumps(data))
res = base_api.hash2params.save_hash.do_put(rh)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error('Cannot handle forgot password')
h = res['h']
message = _get_email_message(request, h)
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler(log)
rh1.set_argument('sender', support_mail)
rh1.set_argument('receiver', newusername)
rh1.set_argument('message', message)
res = base_api.mail_api.save_mail.do_put(rh1)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
message2 = _get_email_warning(dbuser.username, newusername)
rh2 = BaseAPIRequestHandler(log)
rh2.set_argument('sender', support_mail)
rh2.set_argument('receiver', dbuser.username)
rh2.set_argument('message', message2)
res = base_api.mail_api.save_mail.do_put(rh2)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
return base_common.msg.post_ok(msgs.CHANGE_USERNAME_REQUEST)
def do_get(*args, **kwargs):
"""
Change password
"""
_db = get_db()
dbc = _db.cursor()
request = kwargs['request_handler']
h2p = get_url_token(request)
if not h2p or len(h2p) < 64:
log.critical('Wrong or expired token {}'.format(h2p))
return base_common.msg.error(msgs.WRONG_OR_EXPIRED_TOKEN)
rh = BaseAPIRequestHandler()
rh.set_argument('hash', h2p)
kwargs['request_handler'] = rh
res = base_api.hash2params.retrieve_hash.do_get(h2p, False, *args, **kwargs)
if 'http_status' not in res or res['http_status'] != 200:
return base_common.msg.error(msgs.PASSWORD_TOKEN_EXPIRED)
try:
id_user = res['id_user']
newusername = res['newusername']
password = res['password']
except KeyError as e:
log.critical('Missing hash parameter: {}'.format(e))
return base_common.msg.error(msgs.TOKEN_MISSING_ARGUMENT)
q = '''select username from users where id = '{}' '''.format(id_user)
try:
dbc.execute(q)
except IntegrityError as e:
log.critical('Error fetching user: {}'.format(e))
return base_common.msg.error(msgs.USER_NOT_FOUND)
if dbc.rowcount != 1:
log.critical('Users found {}'.format(dbc.rowcount))
return base_common.msg.error(msgs.USER_NOT_FOUND)
dbu = dbc.fetchone()
passwd = format_password(newusername, password);
q1 = '''update users set username = '******', password = '******' where id = '{}' '''.format(newusername, passwd, id_user)
try:
dbc.execute(q1)
except IntegrityError as e:
log.critical('Error updating user: {}'.format(e))
return base_common.msg.error(msgs.USER_UPDATE_ERROR)
_db.commit()
message = _get_email_message()
# SAVE EMAILS FOR SENDING
rh1 = BaseAPIRequestHandler()
rh1.set_argument('sender', support_mail)
rh1.set_argument('receiver', newusername)
rh1.set_argument('message', message)
kwargs['request_handler'] = rh1
res = base_api.mail_api.save_mail.do_put(support_mail, newusername, message, **kwargs)
if 'http_status' not in res or res['http_status'] != 204:
return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)
return base_common.msg.post_ok(msgs.USER_NAME_CHANGED)
