def set_password(request): secret_key = request.POST['k'] user_id = request.POST['id'] password = request.POST['p'] is_for_profile = request.POST.get('n', False); if not is_for_profile: signup = session.query(Signup).filter(Signup.id==user_id)[0] profile = session.query(Profile).filter(Profile.email==signup.email)[0] if signup.secret_key == secret_key: profile.password = encode_password(password) else: profile = session.query(Profile).filter(Profile.id==user_id)[0] if profile.password_reset_key == secret_key: profile.password = encode_password(password)
def reset_password(request): email = request.POST['email'] try: profile = session.query(Profile).filter(Profile.email==email)[0] except IndexError: request.response.status = '404 Not Found' return {'message':'Email not found','code':'1'} profile.password_reset_key = ''.join(random.choice( string.ascii_letters + string.digits) for _ in range(20)) now = datetime.datetime.now() profile.password_reset_date = datetime.date(now.year, now.month, now.day) session.flush() mailer = get_mailer(request) body = """ Someone requested a password reset for your account. If this was you, then you can click on this link to change your password: http://localhost/set_new_password?id=%s&k=%s&email=%s """ % (profile.id, profile.password_reset_key, email) message = Message( subject="Passpord Date password reset request", sender="*****@*****.**", recipients=[profile.email], body=body, ) mailer.send(message) return {'message':'Password request sent. Check your email.', 'code':'0'}
def get_profile(request): request.response.content_type = 'application/vnd.api+json' profileid = request.matchdict['profileid'] try: profile = session.query(Profile).filter(Profile.id==profileid)[0] except IndexError: request.response.status = '404 Not Found' return {} return { 'data': { 'type':'profile', 'id':profileid, 'attributes': { 'orientation':profile.orientation, 'gender':profile.gender, 'city':profile.city, 'country':profile.country, 'birthdate':str(profile.birthdate), 'name':profile.name, 'about_me':profile.about_me, 'interests':profile.interests, 'looking_for':profile.looking_for }, }, }
def validate_signup(request): signup = session.query(Signup).filter(Signup.id==request.GET['id'])[0] if signup.secret_key != request.GET['k']: # probably just a 200 and an error message is OK? request.response.status = '400 Bad Request' return 'foo!' if not session.query(Profile).filter(Profile.id==request.GET['id']): profile = Profile() profile.id = str(signup.id) profile.orientation = signup.orientation profile.gender = signup.gender profile.country = signup.country profile.city = signup.city profile.birthdate = signup.birthdate profile.email = signup.email session.add(profile) session.flush() # handle response request.response.status = '200 OK' request.response.content_type = 'application/vnd.api+json' request.response.headers['Location'] = 'http://localhost/api/1/signups/%s' % signup.id return { "data": { "type": "signups", "id": str(signup.id), "attributes": { 'orientation':signup.orientation, 'gender':signup.gender, 'country':signup.country, 'city':signup.city, 'birthdate':signup.birthdate.isoformat(), 'email':signup.email, }, }, }
def sign_in(request): identification = request.POST['identification'] password = request.POST['password'] try: profile = session.query(Profile).filter(Profile.email==identification)[0] except IndexError: request.response.status = '401 Unauthorized' request.response.content_type = 'application/vnd.api+json' return {'message':'Account does not exist.', 'code':True} algorithm, iterations, salt, hash = profile.password.split('$', 3) if profile.password == encode_password(password, salt): # authentication success authtkt_ticket = remember(request, identification) return {'token':authtkt_ticket,'email':identification} else: request.response.status = '401 Unauthorized' request.response.content_type = 'application/vnd.api+json' return {'message':'Password incorrect.', 'code':False}