コード例 #1
0
    def post(self):
        """
            Handles the /login endpoint.
            Logs in users.
        """
        url = "/login/authorize"

        if self.POST("email") and self.POST("password"):
            redirect = None
            email = self.POST("email").strip().lower()
            query = User.query()
            query = query.filter(User.current_email == email)
            user = query.get()

            if self.POST("redirect"):
                redirect = urllib.quote(self.POST("redirect"))
                if redirect:
                    url += "?r=" + str(redirect)

            if self.POST("login_window"):
                url += "?r=" + urllib.quote(self.POST("url"))
                url += "&w=popup"

            if not user:
                error = "Invalid email or password."
                error_message(self, error)
                self.redirect(url)
                return

            if user.verify_password(self.POST("password")):
                error = "Invalid email or password."
                error_message(self, error)
                self.redirect(url)
                return

            if user.status == "PENDING":
                error = "Your account has not been verified. "
                error += "Please verify your account by opening the "
                error += "verification email we sent you. "
                error_message(self, error)
                self.redirect(url)
                return

            if user.role in ["AGENCYADMIN", "USER"]:
                if user.status == "VERIFIED":
                    error = "Your account is still pending approval. "
                    error += "Once your account is approved, you will be able "
                    error += "to login. You will receive an email once your "
                    error += "account is approved."
                    error_message(self, error)
                    self.redirect(url)
                    return

                if user.status == "DISAPPROVED":
                    error = "Your account has been disapproved. "
                    error += "Please contact the Geostore Admin."
                    error_message(self, error)
                    self.redirect(url)
                    return

            session = SessionHandler(user)
            session.login()

            code = session.generate_login_code()

            expires = datetime.datetime.now()
            expires += datetime.timedelta(hours=8)

            if not self.POST("login_window"):
                set_cookie(self, name="_ut_", value=code, expires=expires)

            if self.POST("redirect"):
                url = str(urllib.unquote(self.POST("redirect")))
            elif self.POST("login_window"):
                url = urllib.quote(self.POST("url"))
                url = "/login/authorize?r=" + url
                set_cookie(self, name="_lt_", value=code, expires=expires)
                self.redirect(url)
                return
            else:
                url = self.request.referer

            logging.info(url)

            if len(url.split("?")) > 1:
                url += "&code" + code
            else:
                url += "?code=" + code

            self.redirect(url)
            return

        error = "Please enter your email and password."
        error_message(self, error)
        self.redirect(url)
コード例 #2
0
    def post(self):
        """
            Handles the /login endpoint.
            Logs in users.
        """
        if self.POST("email") and self.POST("password"):
            url = "/login"
            redirect = None
            email = self.POST("email").strip().lower()
            query = User.query()
            query = query.filter(User.current_email == email)
            user = query.get()

            if self.POST("redirect"):
                redirect = urllib.quote(self.POST("redirect"))
                url += "?redirect=" + str(redirect)

            if not user:
                error = "Invalid email or password."
                error_message(self, error)
                self.redirect(url)
                return

            if user.hashed_password:
                if not user.verify_password(self.POST("password")):
                    error = "Invalid email or password."
                    error_message(self, error)
                    self.redirect(url)
                    return
            else:
                password = hp(email=email, password=self.POST("password"))
                if user.password != password:
                    error = "Invalid email or password."
                    error_message(self, error)
                    self.redirect(url)
                    return
                else:
                    user.hashed_password = user.hash_password(
                        self.POST("password"))
                    user.put()

            if user.status == "PENDING":
                error = "Your account has not been verified. "
                error += "Please verify your account by opening the "
                error += "verification email we sent you. "
                error_message(self, error)
                self.redirect(url)
                return

            if user.status == "DISABLED":
                error = "Your account has been disabled. "
                error += "Please contact the Geostore Admin."
                error_message(self, error)
                self.redirect(url)
                return

            if user.role in ["AGENCYADMIN", "USER"]:
                if user.status == "VERIFIED":
                    error = "Your account is still pending approval. "
                    error += "Once your account is approved, you will be able "
                    error += "to login. You will receive an email once your "
                    error += "account is approved."
                    error_message(self, error)
                    self.redirect(url)
                    return

                if user.status == "DISAPPROVED":
                    error = "Your account has been disapproved. "
                    error += "Please contact the Geostore Admin."
                    error_message(self, error)
                    self.redirect(url)
                    return

            user.csrf_token = generate_token()
            session = SessionHandler(user)
            session.login()
            code = session.generate_login_code()
            if self.POST("redirect"):
                self.redirect(urllib.unquote(str(self.POST("redirect"))))
            else:
                self.redirect("/dashboard")
            return

        error = "Please enter your email and password."
        error_message(self, error)
        self.redirect("/login")
コード例 #3
0
    def post(self):
        """
            Handles the /password/reset endpoint.
            Resets password of the user.
        """
        if self.POST("email"):
            email = self.POST("email").lower().strip()

            query = User.query()
            query = query.filter(User.current_email == email)
            user = query.get()

            if user:
                user.password_token = generate_token()
                user.put()

                content = {
                    "token": user.password_token,
                    "uid": str(user.key.id()),
                    "receiver_name": user.first_name,
                    "receiver_email": user.current_email,
                    "subject": "Reset Password",
                    "email_type": "password_reset"
                }

                taskqueue.add(url="/tasks/email/send",
                              params=content,
                              method="POST")

                success = "We sent an email to "
                success += self.POST("email") + ". Please open the "
                success += "email and click on the password reset link "
                success += "to reset your password."
                success_message(self, success)
                self.redirect("/password/reset")
            else:
                error = "Sorry, " + self.POST("email")
                error += " does not belong to an existing account."
                error_message(self, error)
                self.redirect("/password/reset")
        elif self.POST("new_password") and self.POST("confirm_password") \
             and self.GET("uid") and self.GET("password_token"):
            if self.POST("new_password") == self.POST("confirm_password"):
                user = User.get_by_id(int(self.GET("uid")))
                if user:
                    if user.password_token == self.GET("password_token"):
                        password = user.hash_password(
                            self.POST("new_password"))
                        user.password_token = generate_token()
                        user.previous_passwords.append(password)
                        user.password_update = datetime.datetime.now()
                        user.hashed_password = password
                        user.put()

                        session = SessionHandler(user)
                        session.login()
                        code = session.generate_login_code()
                        if self.POST("redirect"):
                            self.redirect(
                                urllib.unquote(str(self.POST("redirect"))))
                        else:
                            self.redirect("/dashboard")
                        return
                    else:
                        error = "Sorry, your password reset request has expired."
                        error += " Please create a new request."
                        error_message(self, error)
                        self.redirect("/password/reset")
                else:
                    error = "Sorry, we couldn't process your request. "
                    error += "Please try again."
                    error_message(self, error)
                    self.redirect("/password/reset")
            else:
                error = "Passwords do not match."
                error_message(self, error)
                url = "/password/reset?password_token=" + self.POST(
                    "password_token")
                url += "&uid=" + self.POST("uid")
                self.redirect(url)
        else:
            error = "Please fill all required fields."
            error_message(self, error)
            self.redirect("/password/reset")