def test_validation(self):
self.assertTrue(User.validate_username('username'))
self.assertFalse(User.validate_username('username/'))
self.assertFalse(User.validate_username(''))
self.assertFalse(User.validate_username(None))
self.assertTrue(User.validate_email('user@host'))
self.assertFalse(User.validate_email('user host'))
self.assertFalse(User.validate_email(''))
self.assertFalse(User.validate_email(None))
self.assertTrue(User.validate_password('password'))
self.assertFalse(User.validate_password(''))
self.assertFalse(User.validate_password(None))
def test_validation(self):
self.assertTrue(User.validate_username('username'))
self.assertFalse(User.validate_username('username/'))
self.assertFalse(User.validate_username(''))
self.assertFalse(User.validate_username(None))
self.assertTrue(User.validate_email('user@host'))
self.assertFalse(User.validate_email('user host'))
self.assertFalse(User.validate_email(''))
self.assertFalse(User.validate_email(None))
self.assertTrue(User.validate_password('password'))
self.assertFalse(User.validate_password(''))
self.assertFalse(User.validate_password(None))
def signup(request):
## TODO: seriously needs refactoring
_ = request.translate
if request.method != 'POST':
return {}
errors = []
try:
username = request.POST.get('username')
password = request.POST.get('password')
password2 = request.POST.get('password2')
email = request.POST.get('email')
if not User.validate_username(username):
errors.append(_('Invalid username.'))
if not User.validate_password(password):
errors.append(_('Invalid password.'))
if email and not User.validate_email(email):
errors.append(_('Invalid email address.'))
if password != password2:
errors.append(_('Both passwords do not match.'))
assert not errors
used = User.is_used(username, email)
if used[0] > 0:
errors.append(_('Username already registered.'))
if used[1] > 0 and email:
errors.append(_('E-mail address already registered.'))
assert not errors
with transaction.manager:
u = User(username=username, email=email, password=password)
if request.referrer:
u.referrer_id = request.referrer.id
DBSession.add(u)
DBSession.flush()
dp = Profile(uid=u.id, name='')
DBSession.add(dp)
request.session['uid'] = u.id
return HTTPSeeOther(location=request.route_url('account'))
except AssertionError:
for error in errors:
request.messages.error(error)
fields = ('username', 'password', 'password2', 'email')
request.response.status_code = HTTPBadRequest.code
return {k: request.POST[k] for k in fields}
def signup(request):
## TODO: seriously needs refactoring
_ = request.translate
if request.method != 'POST':
return {}
errors = []
try:
username = request.POST.get('username')
password = request.POST.get('password')
password2 = request.POST.get('password2')
email = request.POST.get('email')
if not User.validate_username(username):
errors.append(_('Invalid username.'))
if not User.validate_password(password):
errors.append(_('Invalid password.'))
if email and not User.validate_email(email):
errors.append(_('Invalid email address.'))
if password != password2:
errors.append(_('Both passwords do not match.'))
assert not errors
used = User.is_used(username, email)
if used[0] > 0:
errors.append(_('Username already registered.'))
if used[1] > 0 and email:
errors.append(_('E-mail address already registered.'))
assert not errors
with transaction.manager:
u = User(username=username, email=email, password=password)
if request.referrer:
u.referrer_id = request.referrer.id
DBSession.add(u)
DBSession.flush()
dp = Profile(uid=u.id, name='')
DBSession.add(dp)
request.session['uid'] = u.id
return HTTPSeeOther(location=request.route_url('account'))
except AssertionError:
for error in errors:
request.messages.error(error)
fields = ('username', 'password', 'password2', 'email')
request.response.status_code = HTTPBadRequest.code
return {k: request.POST[k] for k in fields}
def reset(request):
_ = request.translate
token = DBSession.query(PasswordResetToken) \
.filter_by(token=request.matchdict['token']) \
.first()
if not token or not token.user:
request.messages.error(_('Unknown password reset token.'))
url = request.route_url('account_forgot')
return HTTPMovedPermanently(location=url)
password = request.POST.get('password')
password2 = request.POST.get('password2')
if request.method != 'POST' or not password or not password2:
return {'token': token}
if not User.validate_password(password) or password != password2:
request.messages.error(_('Invalid password.'))
request.response.status_code = HTTPBadRequest.code
return {'token': token}
token.user.set_password(password)
mailer = get_mailer(request)
body = render('mail/password_reset_done.mako', {
'user': token.user,
'changed_by': request.remote_addr,
},
request=request)
message = Message(subject=_('CCVPN: Password changed'),
recipients=[token.user.email],
body=body)
mailer.send(message)
msg = _('You have changed the password for ${user}.',
mapping={'user': token.user.username})
msg += ' ' + _('You can now log in.')
request.messages.info(msg)
DBSession.delete(token)
url = request.route_url('account_login')
return HTTPMovedPermanently(location=url)
def reset(request):
_ = request.translate
token = DBSession.query(PasswordResetToken) \
.filter_by(token=request.matchdict['token']) \
.first()
if not token or not token.user:
request.messages.error(_('Unknown password reset token.'))
url = request.route_url('account_forgot')
return HTTPMovedPermanently(location=url)
password = request.POST.get('password')
password2 = request.POST.get('password2')
if request.method != 'POST' or not password or not password2:
return {'token': token}
if not User.validate_password(password) or password != password2:
request.messages.error(_('Invalid password.'))
request.response.status_code = HTTPBadRequest.code
return {'token': token}
token.user.set_password(password)
mailer = get_mailer(request)
body = render('mail/password_reset_done.mako', {
'user': token.user,
'changed_by': request.remote_addr,
}, request=request)
message = Message(subject=_('CCVPN: Password changed'),
recipients=[token.user.email],
body=body)
mailer.send(message)
msg = _('You have changed the password for ${user}.',
mapping={'user': token.user.username})
msg += ' ' + _('You can now log in.')
request.messages.info(msg)
DBSession.delete(token)
url = request.route_url('account_login')
return HTTPMovedPermanently(location=url)