def set_password(request):
secret_key = request.POST['k']
user_id = request.POST['id']
password = request.POST['p']
is_for_profile = request.POST.get('n', False);
if not is_for_profile:
signup = session.query(Signup).filter(Signup.id==user_id)[0]
profile = session.query(Profile).filter(Profile.email==signup.email)[0]
if signup.secret_key == secret_key:
profile.password = encode_password(password)
else:
profile = session.query(Profile).filter(Profile.id==user_id)[0]
if profile.password_reset_key == secret_key:
profile.password = encode_password(password)
def reset_password(request):
email = request.POST['email']
try:
profile = session.query(Profile).filter(Profile.email==email)[0]
except IndexError:
request.response.status = '404 Not Found'
return {'message':'Email not found','code':'1'}
profile.password_reset_key = ''.join(random.choice(
string.ascii_letters + string.digits) for _ in range(20))
now = datetime.datetime.now()
profile.password_reset_date = datetime.date(now.year, now.month, now.day)
session.flush()
mailer = get_mailer(request)
body = """
Someone requested a password reset for your account.
If this was you, then you can click on this link to change your password:
http://localhost/set_new_password?id=%s&k=%s&email=%s
""" % (profile.id, profile.password_reset_key, email)
message = Message(
subject="Passpord Date password reset request",
sender="*****@*****.**",
recipients=[profile.email],
body=body,
)
mailer.send(message)
return {'message':'Password request sent. Check your email.', 'code':'0'}
def get_profile(request):
request.response.content_type = 'application/vnd.api+json'
profileid = request.matchdict['profileid']
try:
profile = session.query(Profile).filter(Profile.id==profileid)[0]
except IndexError:
request.response.status = '404 Not Found'
return {}
return {
'data': {
'type':'profile',
'id':profileid,
'attributes': {
'orientation':profile.orientation,
'gender':profile.gender,
'city':profile.city,
'country':profile.country,
'birthdate':str(profile.birthdate),
'name':profile.name,
'about_me':profile.about_me,
'interests':profile.interests,
'looking_for':profile.looking_for
},
},
}
def validate_signup(request):
signup = session.query(Signup).filter(Signup.id==request.GET['id'])[0]
if signup.secret_key != request.GET['k']:
# probably just a 200 and an error message is OK?
request.response.status = '400 Bad Request'
return 'foo!'
if not session.query(Profile).filter(Profile.id==request.GET['id']):
profile = Profile()
profile.id = str(signup.id)
profile.orientation = signup.orientation
profile.gender = signup.gender
profile.country = signup.country
profile.city = signup.city
profile.birthdate = signup.birthdate
profile.email = signup.email
session.add(profile)
session.flush()
# handle response
request.response.status = '200 OK'
request.response.content_type = 'application/vnd.api+json'
request.response.headers['Location'] = 'http://localhost/api/1/signups/%s' % signup.id
return {
"data": {
"type": "signups",
"id": str(signup.id),
"attributes": {
'orientation':signup.orientation,
'gender':signup.gender,
'country':signup.country,
'city':signup.city,
'birthdate':signup.birthdate.isoformat(),
'email':signup.email,
},
},
}
def sign_in(request):
identification = request.POST['identification']
password = request.POST['password']
try:
profile = session.query(Profile).filter(Profile.email==identification)[0]
except IndexError:
request.response.status = '401 Unauthorized'
request.response.content_type = 'application/vnd.api+json'
return {'message':'Account does not exist.', 'code':True}
algorithm, iterations, salt, hash = profile.password.split('$', 3)
if profile.password == encode_password(password, salt):
# authentication success
authtkt_ticket = remember(request, identification)
return {'token':authtkt_ticket,'email':identification}
else:
request.response.status = '401 Unauthorized'
request.response.content_type = 'application/vnd.api+json'
return {'message':'Password incorrect.', 'code':False}