def changePassword(self):
requestData = parseJsonResponse(request.data)
username = requestData['username']
oldPassword = requestData['oldPassword']
newPassword = requestData['newPassword']
try:
user = User.objects.get(username = username)
except DoesNotExist:
raise NotFoundError("User not found")
permission = UserAdminPermission(user)
if not permission.can():
raise APIException('You have no permission to change the user password')
passwordValid = bcrypt.check_password_hash(user.password, oldPassword)
if (not passwordValid):
raise APIException('Invalid old password')
if (len(newPassword) < 6):
raise APIException('Your new password has to be at least 6 characters long')
user.modify(password = unicode(bcrypt.generate_password_hash(newPassword)))
return makeJsonResponse(None, 'Password changed')
def login(self):
userData = parseJsonResponse(request.data)
if current_user.is_authenticated():
return makeJsonResponse({'msg': 'You are already logged in'})
else:
try:
user = User.objects.get(email = userData['id'])
except DoesNotExist:
raise APIException('User does not exist')
if (not user.active):
raise APIException('User has not been activated or has been deactivated. Please contact the administrator!')
if (not user.confirmed):
raise APIException('Your registration has not been confirmed. Please visit the link found in yout email!')
passwordValid = bcrypt.check_password_hash(user.password, userData['password'])
if (passwordValid):
login_user(user)
identity_changed.send(current_app._get_current_object(),
identity = Identity(user.get_id()))
response = makeJsonResponse({'msg': 'You have sucessfully logged in'})
response.set_cookie('user.username', user.username)
response.set_cookie('user.roles', '-'.join([role.name for role in user.roles]))
return response
else:
raise APIException('Incorrect password')
