def loginresetpassword(self) -> Dict[str, Any]: set_common_headers(self.request, "login", Cache.PRIVATE_NO) user, username, password, error = self._loginresetpassword() if error is not None: LOG.info(error) return {"success": True} if user is None: LOG.info("The user is not found without any error.") return {"success": True} if user.deactivated: LOG.info("The user '%s' is deactivated", username) return {"success": True} send_email_config( self.request.registry.settings, "reset_password", user.email, user=username, password=password, application_url=self.request.route_url("base"), current_url=self.request.current_route_url(), ) return {"success": True}
def save(self): if self._is_new(): response = super().save() if isinstance(response, HTTPFound): password = pwgenerator.generate() user = self._obj user.password = password user.is_password_changed = False user = self._request.dbsession.merge(user) self._request.dbsession.flush() send_email_config( settings=self._request.registry.settings, email_config_name="welcome_email", email=user.email, user=user.username, password=password, application_url=self._request.route_url("base"), current_url=self._request.current_route_url(), ) return response return super().save()
def loginresetpassword(self) -> Dict[str, Any]: set_common_headers(self.request, "login", Cache.NO) user, username, password, error = self._loginresetpassword() if error is not None: LOG.info(error) raise HTTPUnauthorized("See server logs for details") assert user is not None assert password is not None if user.deactivated: LOG.info("The user '%s' is deactivated", username) raise HTTPUnauthorized("See server logs for details") send_email_config(self.request.registry.settings, "reset_password", user.email, user=username, password=password) return {"success": True}
def save(self): if self._is_new(): response = super().save() if isinstance(response, HTTPFound): password = pwgenerator.generate() user = self._obj user.set_temp_password(password) user = self._request.dbsession.merge(user) self._request.dbsession.flush() send_email_config( settings=self._request.registry.settings, email_config_name='welcome_email', email=user.email, user=user.username, password=password) return response return super().save()
def create(self): if "url" not in self.request.params: raise HTTPBadRequest("The parameter url is required") url = self.request.params["url"] # see: http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestline if len(url) > 8190: # pragma: no cover raise HTTPBadRequest( "The parameter url is too long ({} > {})".format( len(url), 8190)) # Check that it is an internal URL... uri_parts = urlparse(url) hostname = uri_parts.hostname if "allowed_hosts" in self.settings: if hostname not in self.settings[ "allowed_hosts"]: # pragma: no cover raise HTTPBadRequest("The requested host is not allowed.") else: if hostname != self.request.server_name: raise HTTPBadRequest( "The requested host '{0!s}' should be '{1!s}'".format( hostname, self.request.server_name)) shortened = False for base in self.short_bases: base_parts = urlparse(base) if uri_parts.path.startswith(base_parts.path): shortened = True ref = uri_parts.path.split("/")[-1] tries = 0 while not shortened: ref = "".join( random.choice(string.ascii_letters + string.digits) for i in range(self.settings.get("length", 4))) test_url = DBSession.query(Shorturl).filter( Shorturl.ref == ref).all() if len(test_url) == 0: break tries += 1 # pragma: no cover if tries > 20: # pragma: no cover message = "No free ref found, considere to increase the length" logging.error(message) raise HTTPInternalServerError(message) user_email = self.request.user.email \ if self.request.user is not None else None email = self.request.params.get("email") if not shortened: short_url = Shorturl() short_url.url = url short_url.ref = ref short_url.creator_email = user_email short_url.creation = datetime.now() short_url.nb_hits = 0 DBSession.add(short_url) if "base_url" in self.settings: s_url = self.settings["base_url"] + ref else: s_url = self.request.route_url("shortener_get", ref=ref) email = email or user_email if email is not None: # pragma: no cover send_email_config( self.request.registry.settings, "shortener", email, full_url=url, short_url=s_url, message=self.request.params.get("message", ""), ) set_common_headers(self.request, "shortener", NO_CACHE) return {"short_url": s_url}
def create(self) -> Dict[str, str]: if "url" not in self.request.params: raise HTTPBadRequest("The parameter url is required") url = self.request.params["url"] # see: https://httpd.apache.org/docs/2.2/mod/core.html#limitrequestline if len(url) > 8190: raise HTTPBadRequest( f"The parameter url is too long ({len(url)} > {8190})") # Check that it is an internal URL... uri_parts = urlparse(url) if "allowed_hosts" in self.settings: if uri_parts.netloc not in self.settings["allowed_hosts"]: raise HTTPBadRequest( f"The requested host '{uri_parts.netloc}' is not part of allowed hosts: " f"{', '.join(self.settings['allowed_hosts'])}") else: hostname = uri_parts.hostname if hostname != self.request.server_name: raise HTTPBadRequest( f"The requested host '{hostname!s}' should be '{self.request.server_name!s}'" ) shortened = False for base in self.short_bases: base_parts = urlparse(base) if uri_parts.path.startswith(base_parts.path): shortened = True ref = uri_parts.path.split("/")[-1] tries = 0 while not shortened: ref = "".join( random.choice(string.ascii_letters + string.digits) # nosec for i in range(self.settings.get("length", 4))) test_url = DBSession.query(Shorturl).filter( Shorturl.ref == ref).all() if not test_url: break tries += 1 if tries > 20: message = "No free ref found, considered to increase the length" logger.error(message) raise HTTPInternalServerError(message) user_email = self.request.user.email if self.request.user is not None else None email = self.request.params.get("email") if not shortened: short_url = Shorturl() short_url.url = url short_url.ref = ref short_url.creator_email = user_email short_url.creation = datetime.now() short_url.nb_hits = 0 DBSession.add(short_url) if "base_url" in self.settings: s_url = self.settings["base_url"] + ref else: s_url = self.request.route_url("shortener_get", ref=ref) if email is not None: send_email_config( self.request.registry.settings, "shortener", email, full_url=url, short_url=s_url, message=self.request.params.get("message", ""), application_url=self.request.route_url("base"), current_url=self.request.current_route_url(), ) set_common_headers(self.request, "shortener", Cache.PRIVATE_NO) return {"short_url": s_url}