def post(self):
if not self.global_modes['allow_registration']:
self.see_other('home', error='Registration is currently disabled.')
return
try:
with AccountSaver(rqh=self) as saver:
email = self.get_argument('email', None)
saver['first_name'] = self.get_argument('first_name', None)
saver['last_name'] = self.get_argument('last_name', None)
university = self.get_argument('university', None)
if not university:
university = self.get_argument('university_other', None)
saver['university'] = university
saver['department'] = self.get_argument('department', None)
saver['pi'] = utils.to_bool(self.get_argument('pi', False))
gender = self.get_argument('gender', None)
if gender:
saver['gender'] = gender.lower()
group_size = self.get_argument('group_size', None)
if group_size:
saver['group_size'] = group_size
try:
saver['subject'] = int(self.get_argument('subject'))
except (tornado.web.MissingArgumentError, ValueError,
TypeError):
saver['subject'] = None
saver['address'] = dict(
address=self.get_argument('address', None),
zip=self.get_argument('zip', None),
city=self.get_argument('city', None),
country=self.get_argument('country', None))
saver['invoice_ref'] = self.get_argument('invoice_ref', None)
saver['invoice_address'] = dict(
address=self.get_argument('invoice_address', None),
zip=self.get_argument('invoice_zip', None),
city=self.get_argument('invoice_city', None),
country=self.get_argument('invoice_country', None))
saver['phone'] = self.get_argument('phone', None)
if not email:
raise ValueError('Email is required.')
saver.set_email(email)
saver['owner'] = saver['email']
saver['role'] = constants.USER
saver['status'] = constants.PENDING
saver.check_required()
saver.erase_password()
except ValueError, msg:
kwargs = OD()
for key in self.KEYS:
kwargs[key] = saver.get(key) or ''
for key in self.ADDRESS_KEYS:
kwargs[key] = saver.get('address', {}).get(key) or ''
for key in self.ADDRESS_KEYS:
kwargs['invoice_' + key] = saver.get('invoice_address', {}).\
get(key) or ''
self.see_other('register', error=str(msg), **kwargs)
return
def post(self):
if not self.global_modes['allow_registration']:
self.see_other('home', error='Registration is currently disabled.')
return
try:
with AccountSaver(rqh=self) as saver:
email = self.get_argument('email', None)
saver['first_name'] = self.get_argument('first_name', None)
saver['last_name'] = self.get_argument('last_name', None)
university = self.get_argument('university', None)
if not university:
university = self.get_argument('university_other', None)
saver['university'] = university
saver['department'] = self.get_argument('department', None)
saver['pi'] = utils.to_bool(self.get_argument('pi', False))
gender = self.get_argument('gender', None)
if gender:
saver['gender'] = gender.lower()
group_size = self.get_argument('group_size', None)
if group_size:
saver['group_size'] = group_size
try:
saver['subject'] = int(self.get_argument('subject'))
except (tornado.web.MissingArgumentError,ValueError,TypeError):
saver['subject'] = None
saver['address'] = dict(
address=self.get_argument('address', None),
zip=self.get_argument('zip', None),
city=self.get_argument('city', None),
country=self.get_argument('country', None))
saver['invoice_ref'] = self.get_argument('invoice_ref', None)
saver['invoice_address'] = dict(
address=self.get_argument('invoice_address', None),
zip=self.get_argument('invoice_zip', None),
city=self.get_argument('invoice_city', None),
country=self.get_argument('invoice_country', None))
saver['phone'] = self.get_argument('phone', None)
if not email:
raise ValueError('Email is required.')
saver.set_email(email)
saver['owner'] = saver['email']
saver['role'] = constants.USER
saver['status'] = constants.PENDING
saver.check_required()
saver.erase_password()
except ValueError, msg:
kwargs = OD()
for key in self.KEYS:
kwargs[key] = saver.get(key) or ''
for key in self.ADDRESS_KEYS:
kwargs[key] = saver.get('address', {}).get(key) or ''
for key in self.ADDRESS_KEYS:
kwargs['invoice_' + key] = saver.get('invoice_address', {}).\
get(key) or ''
self.see_other('register', error=str(msg), **kwargs)
return
def post(self, email):
try:
account = self.get_account(email)
except ValueError as msg:
self.see_other('home', error=str(msg))
return
self.check_admin()
with AccountSaver(account, rqh=self) as saver:
saver['status'] = constants.DISABLED
saver.erase_password()
self.see_other('account', account['email'])
class AccountDisable(RequestHandler):
"Disable the account; from status pending or enabled."
@tornado.web.authenticated
def post(self, email):
try:
account = self.get_account(email)
except ValueError, msg:
self.see_other('home', error=str(msg))
return
self.check_admin()
with AccountSaver(account, rqh=self) as saver:
saver['status'] = constants.DISABLED
saver.erase_password()
self.see_other('account', account['email'])
class Login(RequestHandler):
"Login to a account account. Set a secure cookie."
def get(self):
self.render('login.html', next=self.get_argument('next', None))
def post(self):
"""Login to a account account. Set a secure cookie.
Forward to account edit page if first login.
Log failed login attempt. Disable account if too many recent.
"""
try:
email = self.get_argument('email')
password = self.get_argument('password')
except tornado.web.MissingArgumentError:
self.see_other('home', error='Missing email or password argument.')
return
msg = 'Sorry, no such account or invalid password.'
try:
account = self.get_account(email)
except ValueError, msg:
self.see_other('home', error=str(msg))
return
if utils.hashed_password(password) != account.get('password'):
utils.log(self.db,
self,
account,
changed=dict(login_failure=account['email']))
view = self.db.view('log/login_failure',
startkey=[account['_id'],
utils.timestamp(-1)],
endkey=[account['_id'],
utils.timestamp()])
if len(list(view)) > settings['LOGIN_MAX_FAILURES']:
logging.warning(
"account %s has been disabled due to"
" too many login failures", account['email'])
with AccountSaver(doc=account, rqh=self) as saver:
saver['status'] = constants.DISABLED
saver.erase_password()
msg = 'Too many failed login attempts: Your account has been' \
' disabled. You must contact the site administrators.'
# Prepare message sent by cron job script 'script/messenger.py'
try:
template = self.db['account_messages']['disabled']
except KeyError:
pass
else:
with MessageSaver(rqh=self) as saver:
saver.set_params()
saver.set_template(template)
saver['recipients'] = [account['email']]
self.see_other('home', error=msg)
return
try:
if not account.get('status') == constants.ENABLED:
raise ValueError
except ValueError:
self.see_other('home',
error='Account is disabled.'
' Contact the site admin.')
return
if not self.global_modes['allow_login'] \
and account['role'] != constants.ADMIN:
self.see_other('home', error='Login is currently disabled.')
return
self.set_secure_cookie(constants.USER_COOKIE,
account['email'],
expires_days=settings['LOGIN_MAX_AGE_DAYS'])
with AccountSaver(doc=account, rqh=self) as saver:
saver['login'] = utils.timestamp() # Set login timestamp.
if account.get('update_info'):
self.see_other(
'account_edit',
account['email'],
message='Please review and update your account information.')
return
next = self.get_argument('next', None)
if next is None:
self.see_other('home')
else:
# Not quite right: should be an absolute URL to redirect.
# But seems to work anyway.
self.redirect(next)
def post(self):
"""Login to a account account. Set a secure cookie.
Forward to account edit page if first login.
Log failed login attempt. Disable account if too many recent.
"""
try:
email = self.get_argument('email')
password = self.get_argument('password')
except tornado.web.MissingArgumentError:
self.see_other('home', error='Missing email or password argument.')
return
msg = 'Sorry, no such account or invalid password.'
try:
account = self.get_account(email)
except ValueError as msg:
self.see_other('home', error=str(msg))
return
if utils.hashed_password(password) != account.get('password'):
utils.log(self.db,
self,
account,
changed=dict(login_failure=account['email']))
view = self.db.view('log/login_failure',
startkey=[account['_id'],
utils.timestamp(-1)],
endkey=[account['_id'],
utils.timestamp()])
# Disable account if too many recent login failures.
if len(list(view)) > settings['LOGIN_MAX_FAILURES']:
logging.warning(
"account %s has been disabled due to"
" too many login failures", account['email'])
with AccountSaver(doc=account, rqh=self) as saver:
saver['status'] = constants.DISABLED
saver.erase_password()
msg = "Too many failed login attempts: Your account has been" \
" disabled. Contact the site administrator %s." % \
settings.get('SITE_SUPPORT_EMAIL', '')
# Prepare email message
try:
template = settings['ACCOUNT_MESSAGES'][constants.DISABLED]
except KeyError:
pass
else:
with MessageSaver(rqh=self) as saver:
saver.create(template)
# Recipient is hardwired here.
saver.send([account['email']])
self.see_other('home', error=msg)
return
try:
if not account.get('status') == constants.ENABLED:
raise ValueError
except ValueError:
msg = "Account is disabled. Contact the site administrator %s." % \
settings.get('SITE_SUPPORT_EMAIL', '')
self.see_other('home', error=msg)
return
if not self.global_modes['allow_login'] \
and account['role'] != constants.ADMIN:
self.see_other('home', error='Login is currently disabled.')
return
self.set_secure_cookie(constants.USER_COOKIE,
account['email'],
expires_days=settings['LOGIN_MAX_AGE_DAYS'])
logging.info("Basic auth login: account %s", account['email'])
with AccountSaver(doc=account, rqh=self) as saver:
saver['login'] = utils.timestamp() # Set login timestamp.
if account.get('update_info'):
self.see_other(
'account_edit',
account['email'],
message='Please review and update your account information.')
return
next = self.get_argument('next', None)
if next is None:
self.see_other('home')
else:
# Not quite right: should be an absolute URL to redirect.
# But seems to work anyway.
self.redirect(next)