def reset_password(): """ Final password reset form POST endpoint. """ code = request.forms.get('code') password = request.forms.get('password') confirm_password = request.forms.get('confirm_password') # Validate password if confirm_password != password: return redirect_with_query( '/account/reset/verified', {'code_valid': True, 'code': code, 'error': "Passwords do not match."}, ) try: User.validate_password(password) except UsageError as e: return redirect_with_query( '/account/reset/verified', {'code_valid': True, 'code': code, 'error': str(e)} ) # Verify reset code again and get user_id user_id = local.model.get_reset_code_user_id(code, delete=True) if user_id is None: return redirect_with_query('/account/reset/verified', {'code_valid': False}) # Update user password user_info = local.model.get_user_info(user_id) user_info['password'] = (User.encode_password(password, crypt_util.get_random_string()),) local.model.update_user_info(user_info) return redirect('/account/reset/complete')
def reset_password(): """ Final password reset form POST endpoint. """ code = request.forms.get('code') password = request.forms.get('password') confirm_password = request.forms.get('confirm_password') # Validate password if confirm_password != password: return redirect_with_query( '/account/reset/verified', {'code_valid': True, 'code': code, 'error': "Passwords do not match."}, ) try: User.validate_password(password) except UsageError as e: return redirect_with_query( '/account/reset/verified', {'code_valid': True, 'code': code, 'error': e.message} ) # Verify reset code again and get user_id user_id = local.model.get_reset_code_user_id(code, delete=True) if user_id is None: return redirect_with_query('/account/reset/verified', {'code_valid': False}) # Update user password user_info = local.model.get_user_info(user_id) user_info['password'] = (User.encode_password(password, crypt_util.get_random_string()),) local.model.update_user_info(user_info) return redirect('/account/reset/complete')
def do_signup(): if request.user: return redirect(default_app().get_url( 'success', message="You are already logged into your account.")) success_uri = request.forms.get('success_uri') error_uri = request.forms.get('error_uri') username = request.forms.get('username') password = request.forms.get('password') email = request.forms.get('email') errors = [] if request.forms.get('confirm_password') != password: errors.append("Passwords do not match.") if not spec_util.NAME_REGEX.match(username): errors.append( "Username must only contain letter, digits, hyphens, underscores, and periods." ) try: User.validate_password(password) except UsageError as e: errors.append(e.message) # Only do a basic validation of email -- the only guaranteed way to check # whether an email address is valid is by sending an actual email. if not spec_util.BASIC_EMAIL_REGEX.match(email): errors.append("Email address is invalid.") if local.model.user_exists(username, email): errors.append("User with this username or email already exists.") if not NAME_REGEX.match(username): errors.append( "Username characters must be alphanumeric, underscores, periods, or dashes." ) if errors: return redirect_with_query( error_uri, { 'error': ' '.join(errors), 'next': success_uri, 'email': email, 'username': username, }) # Create unverified user _, verification_key = local.model.add_user(username, email, password) # Send key send_verification_key(username, email, verification_key) # Redirect to success page return redirect_with_query(success_uri, {'email': email})
def do_signup(): if request.user: return redirect(default_app().get_url('success', message="You are already logged into your account.")) success_uri = request.forms.get('success_uri') error_uri = request.forms.get('error_uri') username = request.forms.get('username') password = request.forms.get('password') email = request.forms.get('email') errors = [] if request.forms.get('confirm_password') != password: errors.append("Passwords do not match.") if not spec_util.NAME_REGEX.match(username): errors.append("Username must only contain letter, digits, hyphens, underscores, and periods.") try: User.validate_password(password) except UsageError as e: errors.append(e.message) # Only do a basic validation of email -- the only guaranteed way to check # whether an email address is valid is by sending an actual email. if not spec_util.BASIC_EMAIL_REGEX.match(email): errors.append("Email address is invalid.") if local.model.user_exists(username, email): errors.append("User with this username or email already exists.") if not NAME_REGEX.match(username): errors.append("Username characters must be alphanumeric, underscores, periods, or dashes.") if errors: return redirect_with_query(error_uri, { 'error': ' '.join(errors), 'next': success_uri, 'email': email, 'username': username, }) # Create unverified user _, verification_key = local.model.add_user(username, email, password) # Send key send_verification_key(username, email, verification_key) # Redirect to success page return redirect_with_query(success_uri, { 'email': email })
def do_signup(): if request.user.is_authenticated: return redirect(default_app().get_url( 'success', message="You are already logged into your account.")) success_uri = request.forms.get('success_uri') error_uri = request.forms.get('error_uri') username = request.forms.get('username') email = request.forms.get('email') first_name = request.forms.get('first_name') last_name = request.forms.get('last_name') password = request.forms.get('password') affiliation = request.forms.get('affiliation') errors = [] if request.user.is_authenticated: errors.append("You are already logged in as %s, please log out before " "creating a new account." % request.user.user_name) if request.forms.get('confirm_password') != password: errors.append("Passwords do not match.") if not spec_util.NAME_REGEX.match(username): errors.append( "Username must only contain letter, digits, hyphens, underscores, and periods." ) try: User.validate_password(password) except UsageError as e: errors.append(str(e)) # Only do a basic validation of email -- the only guaranteed way to check # whether an email address is valid is by sending an actual email. if not spec_util.BASIC_EMAIL_REGEX.match(email): errors.append("Email address is invalid.") if local.model.user_exists(username, email): errors.append("User with this username or email already exists.") if not NAME_REGEX.match(username): errors.append( "Username characters must be alphanumeric, underscores, periods, or dashes." ) if errors: return redirect_with_query( error_uri, { 'error': ' '.join(errors), 'next': success_uri, 'email': email, 'username': username, 'first_name': first_name, 'last_name': last_name, 'affiliation': affiliation, }, ) # If user leaves it blank, empty string is obtained - make it of NoneType. if not affiliation: affiliation = None # Create unverified user _, verification_key = local.model.add_user(username, email, first_name, last_name, password, affiliation) # Send key send_verification_key(username, email, verification_key) # Redirect to success page return redirect_with_query(success_uri, {'email': email})
def do_signup(): success_uri = request.forms.get('success_uri') error_uri = request.forms.get('error_uri') username = request.forms.get('username') email = request.forms.get('email') first_name = request.forms.get('first_name') last_name = request.forms.get('last_name') password = request.forms.get('password') affiliation = request.forms.get('affiliation') token = request.forms.get('token') errors = [] if not token: errors.append('Google reCAPTCHA token is missing.') else: url = 'https://www.google.com/recaptcha/api/siteverify' data = { 'secret': os.environ['CODALAB_RECAPTCHA_SECRET_KEY'], 'response': token, } res = requests.post(url, data) try: data = res.json() if not data.get('success'): errors.append('Google reCAPTCHA failed.') except UsageError as e: errors.append(str(e)) if request.user.is_authenticated: errors.append("You are already logged in as %s, please log out before " "creating a new account." % request.user.user_name) if request.forms.get('confirm_password') != password: errors.append("Passwords do not match.") if not spec_util.NAME_REGEX.match(username): errors.append( "Username must only contain letter, digits, hyphens, underscores, and periods." ) try: User.validate_password(password) except UsageError as e: errors.append(str(e)) # Only do a basic validation of email -- the only guaranteed way to check # whether an email address is valid is by sending an actual email. if not spec_util.BASIC_EMAIL_REGEX.match(email): errors.append("Email address is invalid.") if local.model.user_exists(username, email): errors.append("User with this username or email already exists.") if not NAME_REGEX.match(username): errors.append( "Username characters must be alphanumeric, underscores, periods, or dashes." ) if errors: return redirect_with_query( error_uri, { 'error': ' '.join(errors), 'next': success_uri, 'email': email, 'username': username, 'first_name': first_name, 'last_name': last_name, 'affiliation': affiliation, }, ) # If user leaves it blank, empty string is obtained - make it of NoneType. if not affiliation: affiliation = None # Create unverified user _, verification_key = local.model.add_user(username, email, first_name, last_name, password, affiliation) # Send key send_verification_key(username, email, verification_key) # Redirect to success page return redirect_with_query(success_uri, {'email': email})
def do_signup(): if request.user.is_authenticated: return redirect( default_app().get_url('success', message="You are already logged into your account.") ) success_uri = request.forms.get('success_uri') error_uri = request.forms.get('error_uri') username = request.forms.get('username') email = request.forms.get('email') first_name = request.forms.get('first_name') last_name = request.forms.get('last_name') password = request.forms.get('password') affiliation = request.forms.get('affiliation') errors = [] if request.user.is_authenticated: errors.append( "You are already logged in as %s, please log out before " "creating a new account." % request.user.user_name ) if request.forms.get('confirm_password') != password: errors.append("Passwords do not match.") if not spec_util.NAME_REGEX.match(username): errors.append( "Username must only contain letter, digits, hyphens, underscores, and periods." ) try: User.validate_password(password) except UsageError as e: errors.append(e.message) # Only do a basic validation of email -- the only guaranteed way to check # whether an email address is valid is by sending an actual email. if not spec_util.BASIC_EMAIL_REGEX.match(email): errors.append("Email address is invalid.") if local.model.user_exists(username, email): errors.append("User with this username or email already exists.") if not NAME_REGEX.match(username): errors.append("Username characters must be alphanumeric, underscores, periods, or dashes.") if errors: return redirect_with_query( error_uri, { 'error': ' '.join(errors), 'next': success_uri, 'email': email, 'username': username, 'first_name': first_name, 'last_name': last_name, 'affiliation': affiliation, }, ) # If user leaves it blank, empty string is obtained - make it of NoneType. if not affiliation: affiliation = None # Create unverified user _, verification_key = local.model.add_user( username, email, first_name, last_name, password, affiliation ) # Send key send_verification_key(username, email, verification_key) # Redirect to success page return redirect_with_query(success_uri, {'email': email})