def api_register_put(): username = request.form.get('username') email = request.form.get('email') new_password = request.form.get('new-password') username_exists = check_username(username) email_exists = check_email(email) email_syntax_ok = syntax_check.check_email_syntax(email) username_syntax_ok = syntax_check.check_username_syntax(username) password_syntax_ok = syntax_check.check_password_syntax(new_password) form_filled = username and new_password and email if not form_filled: return make_response('MISSING ARGS', 422) elif not email_syntax_ok: return make_response('INVALID EMAIL SYNTAX', 422) elif not username_syntax_ok: return make_response('INVALID USERNAME SYNTAX', 422) elif not password_syntax_ok: return make_response('INVALID PASSWORD SYNTAX', 422) elif username_exists: return make_response('USERNAME EXISTS', 422) elif email_exists: return make_response('EMAIL EXISTS', 422) else: cookie_id = generate_hash() add_new_user(username, email, new_password, cookie_id) resp = make_response(make_response('OK', 201)) resp.set_cookie(COOKIE_NAME, cookie_id, max_age=60 * 60 * 24 * 30) return resp
def web_recover_processor(): key = request.form.get('key') user = find_user_by_recover_key(key) new_password = request.form.get('new-password') repeat_new_password = request.form.get('repeat-new-password') new_password_check = new_password == repeat_new_password if not user: return render_template('status/error.html', code='user_not_found') elif not new_password or not repeat_new_password: return render_template('status/error.html', code='form_not_filled') elif not new_password_check: return render_template('status/error.html', code='passwords_do_not_match') else: cookie_id = generate_hash() update_user(user, password_reset=True, new_password=new_password, cookie_id=cookie_id) resp = make_response( render_template('status/success.html', code='edit_success')) resp.set_cookie(COOKIE_NAME, cookie_id, max_age=60 * 60 * 24 * 30) return resp
def update_user(user, password_reset=False, **kwargs): cursor = DATABASE.cursor() if 'username' in kwargs: cursor.execute('update users set username = %s where id = %s', (kwargs['username'], user['id'])) user['username'] = kwargs['username'] if 'email' in kwargs: link = generate_hash() if user['verification_link']: delete_hash(user['verification_link']) cursor.execute( 'update users set email = %s, verification_link = %s, verified = false ' 'where id = %s', (kwargs['email'], link, user['id'])) send_mail(kwargs['email'], user['username'], link, 'email_change') if 'new_password' and 'cookie_id' in kwargs: password_hash = pbkdf2_sha512.encrypt(kwargs['new_password'], rounds=200000, salt_size=64) delete_hash(user['cookieid']) cursor.execute( 'update users set password = %s, cookieid = %s where id = %s', (password_hash, user['cookieid'], user['id'])) if password_reset: delete_hash(user['recovery_link']) cursor.execute( 'update users set recovery_link = null where id = %s', (user['id'], ))
def create_recover_link(user): cursor = DATABASE.cursor() link = generate_hash() if user['recovery_link']: delete_hash(user['recovery_link']) cursor.execute('update users set recovery_link = %s where id = %s', (link, user['id'])) send_mail( user['verified_email'] if user['verified_email'] else user['email'], user['username'], link, 'password-recovery')
def add_new_user(username, email, new_password, cookie_id): cursor = DATABASE.cursor() link = generate_hash() password_hash = pbkdf2_sha512.encrypt(new_password, rounds=200000, salt_size=64) cursor.execute( 'insert into users (username, password, cookieid, email, verification_link) ' 'values (%s, %s, %s, %s, %s)', (username, password_hash, cookie_id, email, link)) send_mail(email, username, link, 'register')
def web_settings_processor(): username = request.form.get('username') email = request.form.get('email') repeat_email = request.form.get('repeat-email') new_password = request.form.get('new-password') repeat_new_password = request.form.get('repeat-new-password') user = get_user() new_password_check = new_password == repeat_new_password email_check = email == repeat_email username_exists = check_username(username) email_exists = check_email(email) email_syntax_ok = syntax_check.check_email_syntax(email) username_syntax_ok = syntax_check.check_username_syntax(username) password_syntax_ok = syntax_check.check_password_syntax(new_password) if not user: return redirect('/logout/', code=302) elif email and not email_syntax_ok: return render_template('status/error.html', code='wrong_email_syntax') elif username and not username_syntax_ok: return render_template('status/error.html', code='wrong_username_syntax') elif new_password and not password_syntax_ok: return render_template('status/error.html', code='wrong_password_syntax') if not new_password_check: return render_template('status/error.html', code='passwords_do_not_match') elif not email_check: return render_template('status/error.html', code='emails_do_not_match') elif username_exists: return render_template('status/error.html', code='username_exists') elif email_exists: return render_template('status/error.html', code='email_exists') if username: update_user(user, username=username) if email: update_user(user, email=email) if new_password: cookie_id = generate_hash() update_user(user, new_password=new_password, cookie_id=cookie_id) resp = make_response( render_template('status/success.html', code='edit_success')) resp.set_cookie(COOKIE_NAME, cookie_id, max_age=60 * 60 * 24 * 30) return resp return render_template('status/success.html', code='edit_success')
def api_recover_put(): key = request.form.get('key') user = find_user_by_recover_key(key) new_password = request.form.get('new-password') password_syntax_ok = syntax_check.check_password_syntax(new_password) if not user: return make_response('NO USER', 422) elif not new_password: return make_response('MISSING ARGS', 422) elif not password_syntax_ok: return make_response('INVALID PASSWORD SYNTAX', 422) else: cookie_id = generate_hash() update_user(user, password_reset=True, new_password=new_password, cookie_id=cookie_id) resp = make_response(make_response('OK', 200)) resp.set_cookie(COOKIE_NAME, cookie_id, max_age=60 * 60 * 24 * 30) return resp
def api_settings_post(): username = request.form.get('username') email = request.form.get('email') new_password = request.form.get('new-password') user = get_user() username_exists = check_username(username) email_exists = check_email(email) email_syntax_ok = syntax_check.check_email_syntax(email) username_syntax_ok = syntax_check.check_username_syntax(username) password_syntax_ok = syntax_check.check_password_syntax(new_password) if not user: return make_response('NO USER', 422) elif email and not email_syntax_ok: return make_response('INVALID EMAIL SYNTAX', 422) elif username and not username_syntax_ok: return make_response('INVALID USERNAME SYNTAX', 422) elif new_password and not password_syntax_ok: return make_response('INVALID PASSWORD SYNTAX', 422) elif username_exists: return make_response('USERNAME EXISTS', 422) elif email_exists: return make_response('EMAIL EXISTS', 422) if username: update_user(user, username=username) if email: update_user(user, email=email) if new_password: cookie_id = generate_hash() update_user(user, new_password=new_password, cookie_id=cookie_id) resp = make_response(make_response('OK', 200)) resp.set_cookie(COOKIE_NAME, cookie_id, max_age=60 * 60 * 24 * 30) return resp return make_response('OK', 200)
def web_register_processor(): username = request.form.get('username') email = request.form.get('email') new_password = request.form.get('new-password') repeat_new_password = request.form.get('repeat-new-password') username_exists = check_username(username) email_exists = check_email(email) email_syntax_ok = syntax_check.check_email_syntax(email) username_syntax_ok = syntax_check.check_username_syntax(username) password_syntax_ok = syntax_check.check_password_syntax(new_password) form_filled = username and new_password and repeat_new_password and email if not form_filled: return render_template('status/error.html', code='form_not_filled') elif not email_syntax_ok: return render_template('status/error.html', code='wrong_email_syntax') elif not username_syntax_ok: return render_template('status/error.html', code='wrong_username_syntax') elif not password_syntax_ok: return render_template('status/error.html', code='wrong_password_syntax') elif username_exists: return render_template('status/error.html', code='username_exists') elif email_exists: return render_template('status/error.html', code='email_exists') elif new_password != repeat_new_password: return render_template('status/error.html', code='passwords_do_not_match') else: cookie_id = generate_hash() add_new_user(username, email, new_password, cookie_id) resp = make_response( render_template('status/success.html', code='register_success')) resp.set_cookie(COOKIE_NAME, cookie_id, max_age=60 * 60 * 24 * 30) return resp