def post(self):
"""
Handles the /login endpoint.
Logs in users.
"""
url = "/login/authorize"
if self.POST("email") and self.POST("password"):
redirect = None
email = self.POST("email").strip().lower()
query = User.query()
query = query.filter(User.current_email == email)
user = query.get()
if self.POST("redirect"):
redirect = urllib.quote(self.POST("redirect"))
if redirect:
url += "?r=" + str(redirect)
if self.POST("login_window"):
url += "?r=" + urllib.quote(self.POST("url"))
url += "&w=popup"
if not user:
error = "Invalid email or password."
error_message(self, error)
self.redirect(url)
return
if user.verify_password(self.POST("password")):
error = "Invalid email or password."
error_message(self, error)
self.redirect(url)
return
if user.status == "PENDING":
error = "Your account has not been verified. "
error += "Please verify your account by opening the "
error += "verification email we sent you. "
error_message(self, error)
self.redirect(url)
return
if user.role in ["AGENCYADMIN", "USER"]:
if user.status == "VERIFIED":
error = "Your account is still pending approval. "
error += "Once your account is approved, you will be able "
error += "to login. You will receive an email once your "
error += "account is approved."
error_message(self, error)
self.redirect(url)
return
if user.status == "DISAPPROVED":
error = "Your account has been disapproved. "
error += "Please contact the Geostore Admin."
error_message(self, error)
self.redirect(url)
return
session = SessionHandler(user)
session.login()
code = session.generate_login_code()
expires = datetime.datetime.now()
expires += datetime.timedelta(hours=8)
if not self.POST("login_window"):
set_cookie(self, name="_ut_", value=code, expires=expires)
if self.POST("redirect"):
url = str(urllib.unquote(self.POST("redirect")))
elif self.POST("login_window"):
url = urllib.quote(self.POST("url"))
url = "/login/authorize?r=" + url
set_cookie(self, name="_lt_", value=code, expires=expires)
self.redirect(url)
return
else:
url = self.request.referer
logging.info(url)
if len(url.split("?")) > 1:
url += "&code" + code
else:
url += "?code=" + code
self.redirect(url)
return
error = "Please enter your email and password."
error_message(self, error)
self.redirect(url)
def post(self):
"""
Handles the /login endpoint.
Logs in users.
"""
if self.POST("email") and self.POST("password"):
url = "/login"
redirect = None
email = self.POST("email").strip().lower()
query = User.query()
query = query.filter(User.current_email == email)
user = query.get()
if self.POST("redirect"):
redirect = urllib.quote(self.POST("redirect"))
url += "?redirect=" + str(redirect)
if not user:
error = "Invalid email or password."
error_message(self, error)
self.redirect(url)
return
if user.hashed_password:
if not user.verify_password(self.POST("password")):
error = "Invalid email or password."
error_message(self, error)
self.redirect(url)
return
else:
password = hp(email=email, password=self.POST("password"))
if user.password != password:
error = "Invalid email or password."
error_message(self, error)
self.redirect(url)
return
else:
user.hashed_password = user.hash_password(
self.POST("password"))
user.put()
if user.status == "PENDING":
error = "Your account has not been verified. "
error += "Please verify your account by opening the "
error += "verification email we sent you. "
error_message(self, error)
self.redirect(url)
return
if user.status == "DISABLED":
error = "Your account has been disabled. "
error += "Please contact the Geostore Admin."
error_message(self, error)
self.redirect(url)
return
if user.role in ["AGENCYADMIN", "USER"]:
if user.status == "VERIFIED":
error = "Your account is still pending approval. "
error += "Once your account is approved, you will be able "
error += "to login. You will receive an email once your "
error += "account is approved."
error_message(self, error)
self.redirect(url)
return
if user.status == "DISAPPROVED":
error = "Your account has been disapproved. "
error += "Please contact the Geostore Admin."
error_message(self, error)
self.redirect(url)
return
user.csrf_token = generate_token()
session = SessionHandler(user)
session.login()
code = session.generate_login_code()
if self.POST("redirect"):
self.redirect(urllib.unquote(str(self.POST("redirect"))))
else:
self.redirect("/dashboard")
return
error = "Please enter your email and password."
error_message(self, error)
self.redirect("/login")
def post(self):
"""
Handles the /password/reset endpoint.
Resets password of the user.
"""
if self.POST("email"):
email = self.POST("email").lower().strip()
query = User.query()
query = query.filter(User.current_email == email)
user = query.get()
if user:
user.password_token = generate_token()
user.put()
content = {
"token": user.password_token,
"uid": str(user.key.id()),
"receiver_name": user.first_name,
"receiver_email": user.current_email,
"subject": "Reset Password",
"email_type": "password_reset"
}
taskqueue.add(url="/tasks/email/send",
params=content,
method="POST")
success = "We sent an email to "
success += self.POST("email") + ". Please open the "
success += "email and click on the password reset link "
success += "to reset your password."
success_message(self, success)
self.redirect("/password/reset")
else:
error = "Sorry, " + self.POST("email")
error += " does not belong to an existing account."
error_message(self, error)
self.redirect("/password/reset")
elif self.POST("new_password") and self.POST("confirm_password") \
and self.GET("uid") and self.GET("password_token"):
if self.POST("new_password") == self.POST("confirm_password"):
user = User.get_by_id(int(self.GET("uid")))
if user:
if user.password_token == self.GET("password_token"):
password = user.hash_password(
self.POST("new_password"))
user.password_token = generate_token()
user.previous_passwords.append(password)
user.password_update = datetime.datetime.now()
user.hashed_password = password
user.put()
session = SessionHandler(user)
session.login()
code = session.generate_login_code()
if self.POST("redirect"):
self.redirect(
urllib.unquote(str(self.POST("redirect"))))
else:
self.redirect("/dashboard")
return
else:
error = "Sorry, your password reset request has expired."
error += " Please create a new request."
error_message(self, error)
self.redirect("/password/reset")
else:
error = "Sorry, we couldn't process your request. "
error += "Please try again."
error_message(self, error)
self.redirect("/password/reset")
else:
error = "Passwords do not match."
error_message(self, error)
url = "/password/reset?password_token=" + self.POST(
"password_token")
url += "&uid=" + self.POST("uid")
self.redirect(url)
else:
error = "Please fill all required fields."
error_message(self, error)
self.redirect("/password/reset")