def post(self): """ Creates a new user. """ # Ensure that we are using database auth. if app.config["AUTHENTICATION_TYPE"] != "Database": raise InvalidRequest("Cannot create a user in a non-database auth system") user_information = request.get_json() if SuperUserPermission().can(): # Generate a temporary password for the user. random = SystemRandom() password = "".join( [random.choice(string.ascii_uppercase + string.digits) for _ in range(32)] ) # Create the user. username = user_information["username"] email = user_information.get("email") install_user, confirmation_code = pre_oci_model.create_install_user( username, password, email ) if features.MAILING: send_confirmation_email( install_user.username, install_user.email, confirmation_code ) return { "username": username, "email": email, "password": password, "encrypted_password": authentication.encrypt_user_password(password), } raise Unauthorized()
def sendConfirmation(username): user = model.user.get_nonrobot_user(username) if not user: print "No user found" return with app.app_context(): confirmation_code = model.user.create_confirm_email_code(user) send_confirmation_email(user.username, user.email, confirmation_code) print "Email sent to %s" % (user.email)
def post(self): """ Create a new user. """ if app.config["AUTHENTICATION_TYPE"] != "Database": abort(404) user_data = request.get_json() invite_code = user_data.get("invite_code", "") existing_user = model.user.get_nonrobot_user(user_data["username"]) if existing_user: raise request_error(message="The username already exists") # Ensure an e-mail address was specified if required. if features.MAILING and not user_data.get("email"): raise request_error(message="Email address is required") # If invite-only user creation is turned on and no invite code was sent, return an error. # Technically, this is handled by the can_create_user call below as well, but it makes # a nicer error. if features.INVITE_ONLY_USER_CREATION and not invite_code: raise request_error(message="Cannot create non-invited user") # Ensure that this user can be created. blacklisted_domains = app.config.get("BLACKLISTED_EMAIL_DOMAINS", []) if not can_create_user(user_data.get("email"), blacklisted_domains=blacklisted_domains): raise request_error( message="Creation of a user account for this e-mail is disabled; please contact an administrator" ) # If recaptcha is enabled, then verify the user is a human. if features.RECAPTCHA: recaptcha_response = user_data.get("recaptcha_response", "") result = recaptcha2.verify( app.config["RECAPTCHA_SECRET_KEY"], recaptcha_response, get_request_ip() ) if not result["success"]: return {"message": "Are you a bot? If not, please revalidate the captcha."}, 400 is_possible_abuser = ip_resolver.is_ip_possible_threat(get_request_ip()) try: prompts = model.user.get_default_user_prompts(features) new_user = model.user.create_user( user_data["username"], user_data["password"], user_data.get("email"), auto_verify=not features.MAILING, email_required=features.MAILING, is_possible_abuser=is_possible_abuser, prompts=prompts, ) email_address_confirmed = handle_invite_code(invite_code, new_user) if features.MAILING and not email_address_confirmed: confirmation_code = model.user.create_confirm_email_code(new_user) send_confirmation_email(new_user.username, new_user.email, confirmation_code) return {"awaiting_verification": True} else: success, headers = common_login(new_user.uuid) if not success: return {"message": "Could not login. Is your account inactive?"}, 403 return user_view(new_user), 200, headers except model.user.DataModelException as ex: raise request_error(exception=ex)