def update(self, username):
if username == 'me' or username == self.username:
# A user can only modify his own information
user = models.User.query.options(
db.joinedload(models.User.emails)
).filter(
models.User.username == self.username
).one()
if 'first_name' in self.args:
user.first_name = self.args['first_name']
if 'last_name' in self.args:
user.last_name = self.args['last_name']
if 'password' in self.args and \
username not in config.DEMO_ACCOUNTS:
if 'currentpassword' in self.args and \
authentication.authenticate(
username,
self.args['currentpassword'],
False
):
if len(self.args['password']) < 8:
self.badrequest(
'Password should be at least 8 characters long')
user.passhash = sha512_crypt.encrypt(
self.args['password'],
rounds=config.PASSWORD_SALT_COMPLEXITY
)
else:
self.badrequest(
"Please provide the correct current password")
if 'preferred_currency' in self.args:
currency = models.Currency.query.filter(
db.and_(
models.Currency.isocode == self.args['preferred_currency'],
models.Currency.owner_username == None,
)
).first()
if currency:
# When preferred currency is changed, all owner's
# currencies rates must be changed
# XXX Debts amounts should also be changed... when debts will be implemented
multiplier = user.preferred_currency
multiplier = exchangerate.getrate(
user.preferred_currency.isocode,
currency.isocode
)
for c in models.Currency.query.filter(
models.Currency.owner_username == self.username
):
c.rate = c.rate * multiplier
user.preferred_currency = currency
self.add_to_response('totalbalance')
if 'emails' in self.args:
emails = json.loads(self.args['emails'])
previous_emails = []
previous_notifications = []
for address in models.UserEmail.query.filter(
models.UserEmail.user_username == self.username):
previous_emails.append(address.email_address)
if address.notification:
previous_notifications.append(address.email_address)
if type(emails) == type({}):
if 'add' in emails and \
type(emails['add']) == type([]) and \
username not in config.DEMO_ACCOUNTS:
for address in emails['add']:
# TODO Verify there is a "@" in the email address
if address not in previous_emails:
# Use random hash for email confirmation
# Email confirmation is done outside of OSPFM
# Another process must read the database and
# send confirmation emails
randomhash = os.urandom(8).encode('hex')
db.session.add(
models.UserEmail(
user_username = self.username,
email_address = address,
confirmation = randomhash
)
)
if 'remove' in emails and type(emails['remove'])==type([]):
for address in emails['remove']:
if address in previous_emails:
db.session.delete(
models.UserEmail.query.filter(
db.and_(
models.UserEmail.user_username == self.username,
models.UserEmail.email_address == address
)
).first()
)
if 'enablenotifications' in emails and \
type(emails['enablenotifications']) == type([]):
for address in emails['enablenotifications']:
if address not in previous_notifications:
models.UserEmail.query.filter(
db.and_(
models.UserEmail.user_username == self.username,
models.UserEmail.email_address == address
)
).first().notification = True
if 'disablenotifications' in emails and \
type(emails['disablenotifications']) == type([]):
for address in emails['disablenotifications']:
if address in previous_notifications:
models.UserEmail.query.filter(
db.and_(
models.UserEmail.user_username == self.username,
models.UserEmail.email_address == address
)
).first().notification = False
db.session.commit()
return self.read(username)
else:
self.forbidden('The only user you can modify is yourself')
def login():
return authentication.authenticate()