def confirm_new_account(self):
# confirm new user account
try:
token = self.request.path[2]
activation_item = self.tables['activation'].get_item(hash_key=token)
if (timestamp() - activation_item['timestamp']) > (15 * 60):
self.response = Response(status=400)
return
user_id = generate_key()
user_item = self.tables['user'].new_item(hash_key=user_id, attrs={'email': activation_item['email'], 'username': activation_item['username'], 'password': activation_item['password']})
user_item.put()
email_item = self.tables['email'].new_item(hash_key=activation_item['email'], attrs={'user': user_id})
email_item.put()
username_item = self.tables['username'].new_item(hash_key=activation_item['username'], attrs={'user': user_id})
username_item.put()
activation_item.delete()
self.response = Response(status=201)
return
except:
exc_type, exc_value, exc_traceback = sys.exc_info()
print traceback.format_exception(exc_type, exc_value, exc_traceback)
self.response = Response(status=400)
return
def reset_password(self):
# process password reset request
try:
token = self.request.path[2]
body = self.request.body
password = body['password']
reset_item = self.tables['reset'].get_item(hash_key=token)
if (timestamp() - reset_item['timestamp']) > (15 * 60):
self.response = Response(status=400)
return
email_item = self.tables['email'].get_item(hash_key=reset_item['email'])
user_item = self.tables['user'].get_item(hash_key=email_item['user'])
user_item['password'] = hash_password(password)
user_item.put()
reset_item.delete()
self.response = Response(status=204)
return
except:
exc_type, exc_value, exc_traceback = sys.exc_info()
print traceback.format_exception(exc_type, exc_value, exc_traceback)
self.response = Response(status=400)
return
def setUp(self):
self.userid = generate_key()
self.username = '******'
self.email = '*****@*****.**'
self.password = '******'
self.sessionid = None
self.connection = boto.dynamodb.connect_to_region('eu-west-1')
try:
username_item = self.connection.get_table('username').get_item(
hash_key=self.username)
self.connection.get_table('user').get_item(
hash_key=username_item['user']).delete()
username_item.delete()
# XXX scan these test user tags and delete them
except:
pass
try:
self.connection.get_table('email').get_item(
hash_key=self.email).delete()
except:
pass
self.connection.get_table('user').new_item(hash_key=self.userid,
attrs={
'username':
self.username,
'email':
self.email,
'password':
hash_password(
self.password),
}).put()
self.connection.get_table('username').new_item(hash_key=self.username,
attrs={
'user': self.userid,
}).put()
self.connection.get_table('email').new_item(hash_key=self.email,
attrs={
'user': self.userid,
}).put()
self.sessionid = generate_key()
self.connection.get_table('session').new_item(hash_key=self.sessionid,
attrs={
'user': self.userid,
'email': self.email,
'username':
self.username,
'timestamp':
timestamp()
}).put()
self.cookie = 'session_id=' + self.sessionid + ';'
def setUp(self):
self.userid = generate_key()
self.username = '******'
self.email = '*****@*****.**'
self.password = '******'
self.sessionid = None
self.connection = boto.dynamodb.connect_to_region('eu-west-1')
try:
username_item = self.connection.get_table('username').get_item(hash_key=self.username)
self.connection.get_table('user').get_item(hash_key=username_item['user']).delete()
username_item.delete()
# XXX scan these test user tags and delete them
except: pass
try: self.connection.get_table('email').get_item(hash_key=self.email).delete()
except: pass
self.connection.get_table('user').new_item(
hash_key=self.userid,
attrs={
'username': self.username,
'email': self.email,
'password': hash_password(self.password),
}
).put()
self.connection.get_table('username').new_item(
hash_key=self.username,
attrs={
'user': self.userid,
}
).put()
self.connection.get_table('email').new_item(
hash_key=self.email,
attrs={
'user': self.userid,
}
).put()
self.sessionid = generate_key()
self.connection.get_table('session').new_item(
hash_key=self.sessionid,
attrs={
'user': self.userid,
'email': self.email,
'username': self.username,
'timestamp': timestamp()
}
).put()
self.cookie = 'session_id=' + self.sessionid + ';'
def do_post(self): # log in user
if self.session: # user already logged in
self.response = Response(status=400)
return
try:
credentials = self.request.body
if not credentials['login'] or not credentials[
'password']: # malformed credential payload
self.response = Response(status=400)
return
except: # malformed credential payload
self.response = Response(status=400)
return
if '@' in credentials['login']: # log in with email address
lookup = self.tables['email'].get_item(
hash_key=credentials['login'])
else: # log in with username
lookup = self.tables['username'].get_item(
hash_key=credentials['login'])
user = self.tables['user'].get_item(hash_key=lookup['user'])
if not user: # no such user
self.response = Response(status=400)
return
if not check_password(credentials['password'],
user['password']): # incorrect password
self.response = Response(status=401)
return
# create session
session_id = generate_key()
attrs = {
'timestamp': timestamp(),
'user': user['id'],
'email': user['email'],
'username': user['username']
}
session = self.tables['session'].new_item(hash_key=session_id,
attrs=attrs)
session.put()
# return session id
self.response = Response(status=200,
headers={'Set-Cookie': cookie(session_id)})
def request_new_account(self):
# request creation of new user account
try:
body = self.request.body
try: email_item = self.tables['email'].get_item(hash_key=body['email'])
except: email_item = None
try: username_item = self.tables['username'].get_item(hash_key=body['username'])
except: username_item = None
if email_item or username_item: # such a user already exists
self.response = Response(status=400, body='Username and/or email already registered')
return
attrs = {
'email': body['email'],
'username': body['username'],
'password': hash_password(body['password']),
'timestamp': timestamp(),
}
token = generate_key()
activation_item = self.tables['activation'].new_item(hash_key=token, attrs=attrs)
activation_item.put()
# send email with activation token to given address
conn = boto.ses.connect_to_region('us-east-1')
msg_subject = 'XXX Service Name Here new user account creation requested'
msg_body = '' \
'You requested that we create a new XXX Service Name Here user account for you. ' \
'To activate your account, please click the following link, or copy and paste it to your web browser:\n\n' \
'http://xxxservicedomain/user/activation/%s\n\n' \
'The link is valid until XXXX-XX-XX XX:XX:XX\n\n' \
'\tYours, &c.\n\tXXX Service Name Here' % token
conn.send_email('*****@*****.**', msg_subject, msg_body, [body['email']])
self.response = Response(status=204)
return
except:
exc_type, exc_value, exc_traceback = sys.exc_info()
print traceback.format_exception(exc_type, exc_value, exc_traceback)
self.response = Response(status=400)
return
def do_post(self): # log in user
if self.session: # user already logged in
self.response = Response(status=400)
return
try:
credentials = self.request.body
if not credentials['login'] or not credentials['password']: # malformed credential payload
self.response = Response(status=400)
return
except: # malformed credential payload
self.response = Response(status=400)
return
if '@' in credentials['login']: # log in with email address
lookup = self.tables['email'].get_item(hash_key=credentials['login'])
else: # log in with username
lookup = self.tables['username'].get_item(hash_key=credentials['login'])
user = self.tables['user'].get_item(hash_key=lookup['user'])
if not user: # no such user
self.response = Response(status=400)
return
if not check_password(credentials['password'], user['password']): # incorrect password
self.response = Response(status=401)
return
# create session
session_id = generate_key()
attrs = { 'timestamp': timestamp(), 'user': user['id'], 'email': user['email'], 'username': user['username'] }
session = self.tables['session'].new_item(hash_key=session_id, attrs=attrs)
session.put()
# return session id
self.response = Response(status=200, headers={'Set-Cookie': cookie(session_id) })
def request_password_reset(self):
# request password reset
try:
# create new item in reset table
body = self.request.body
token = generate_key()
reset_item = self.tables['reset'].new_item(hash_key=token, attrs={'email': body['email'], 'timestamp': timestamp()})
reset_item.put()
# send email with reset token to given address
conn = boto.ses.connect_to_region('us-east-1')
msg_subject = 'XXX Service Name Here password reset requested'
msg_body = '' \
'You requested that we reset your XXX Service Name Here password. ' \
'To do so, please click the following link, or copy and paste it to your web browser:\n\n' \
'http://xxxservicedomain/user/reset/%s\n\n' \
'The link is valid until XXXX-XX-XX XX:XX:XX\n\n' \
'\tYours, &c.\n\tXXX Service Name Here' % token
conn.send_email('*****@*****.**', msg_subject, msg_body, [body['email']])
self.response = Response(status=204)
return
except:
exc_type, exc_value, exc_traceback = sys.exc_info()
print traceback.format_exception(exc_type, exc_value, exc_traceback)
self.response = Response(status=400)
return