def activate_user(self, token, name, password):
validate_password(password)
try:
Person.objects(token=token).update_one(
name=name,
password=generate_password_hash(password),
active=True
)
rollbar.report_message(u"User account activated - {}".format(name), 'info')
except DoesNotExist:
abort(400, "Invitation expired. A new invitation will need to be sent. Please contact your Organisation's administrator.")
def activate_user(self, token, name, password):
validate_password(password)
try:
Person.objects(token=token).update_one(
name=name,
password=generate_password_hash(password),
token=None,
active=True)
except DoesNotExist:
abort(
400,
"Invitation expired. A new invitation will need to be sent. Please contact your Organisation's administrator."
)
def post(self):
raw_username = self.request.get("username")
raw_password = self.request.get("password")
raw_email = self.request.get("email")
raw_verify = self.request.get("verify")
username = utils.validate_username(raw_username)
password = utils.validate_password(raw_password)
email = utils.validate_email(raw_email)
if not (username and password and raw_password==raw_verify and email):
form_values = {'username':raw_username, 'email':raw_email}
if not username:
form_values['username_error'] = 'Invalid username!'
form_values['isUserErrorOrSuccess'] = 'error'
if not password:
form_values['password_error'] = 'Invalid password!'
form_values['isPassErrorOrSuccess'] = 'error'
if raw_password!=raw_verify:
form_values['verify_error'] = "Ooops! Doesn't match to the password above"
form_values['isVerifyErrorOrSuccess'] = 'error'
if not email:
form_values['email_error'] = "Invalid email address!"
form_values['isEmailErrorOrSuccess'] = 'error'
self.render(signup_template, **form_values)
else:
self.redirect("welcome?user=%s" % str(raw_username))
def register_user(self, name, email, password, company):
validate_password(password)
new_company = Company(name=company)
try:
owner = Person(name=name, email=email.lower(), password=generate_password_hash(password), company=new_company)
owner.save()
except NotUniqueError:
abort(400, 'Email address already in use :(')
try:
new_company.owner = owner
new_company.save()
rollbar.report_message(u"New company added - {}".format(new_company.name), 'info')
except NotUniqueError:
abort(400, 'Company name already in use :(')
def login():
form = LoginForm()
if form.validate_on_submit():
user = collection.User.find_one({'email':form.email.data})
if user and validate_password(user['password'], form.password.data):
login_user(user, True)
return redirect(request.args.get('next') or url_for('index'))
flash('Invalid username or password.')
return render_template('login.html', form=form)
def register_user(self, name, mail, password, company):
validate_password(password)
new_company = Company(name=company)
try:
owner = Person(name=name,
mail=mail.lower(),
password=generate_password_hash(password),
company=new_company)
owner.save()
except NotUniqueError:
abort(400, 'Email address already in use :(')
try:
new_company.owner = owner
new_company.save()
except NotUniqueError:
abort(400, 'Company name already in use :(')
def post(self, request):
try:
data = json.loads(request.body)
email = data['email']
password = data['password']
account = data.get('account')
mobile = data.get('mobile')
if not validate_length(data):
return JsonResponse({'MESSAGE': 'DATA_TOO_LONG'}, status=400)
if not validate_email(email):
return JsonResponse({'MESSAGE': 'INVALID_EMAIL'}, status=400)
if User.objects.filter(email=email).exists():
return JsonResponse({'MESSAGE': 'EMAIL_ALREADY_EXISTS'},
status=409)
if not validate_password(password):
return JsonResponse({'MESSAGE': 'INVALID_PASSWORD'},
status=400)
if account and User.objects.filter(account=account).exists():
return JsonResponse({'MESSAGE': 'ACCOUNT_ALREADY_EXISTS'},
status=409)
if mobile and not validate_mobile(mobile):
return JsonResponse({'MESSAGE': 'INVALID_MOBILE'}, status=400)
if mobile and User.objects.filter(mobile=mobile).exists():
return JsonResponse({'MESSAGE': 'MOBILE_ALREADY_EXISTS'},
status=409)
User.objects.create(email=email,
password=bcrypt.hashpw(
password.encode('utf-8'),
bcrypt.gensalt()).decode('utf-8'),
account=account,
mobile=mobile)
except json.decoder.JSONDecodeError:
return JsonResponse({'MESSAGE': 'REQUEST_WITHOUT_DATA'},
status=400)
except KeyError:
return JsonResponse({'MESSAGE': 'KEY_ERROR'}, status=400)
return JsonResponse({'MESSAGE': 'SUCCESS'}, status=201)
def edit_seller_password(self, seller_info, db_connection):
"""
셀러가 비밀번호를 변경 합니다.
Args:
password : 패스워드,
new password : 변경할 패스워드,
Returns:
Authors:
[email protected](임은수)
History:
2020.11.04(임은수) : 초기 생성
"""
# 기존 암호(복호화한 후)를 가져와서 비밀번호가 맞는지 확인
seller_data = self.seller_dao.get_seller_password(
seller_info, db_connection)
password_validation = validate_password(seller_info['new_password'])
if password_validation != False:
return password_validation
if seller_data:
# bcrypt.checkpw(암호화되지 않은 비밀번호, 암호화된 비밀번호)
if bcrypt.checkpw(seller_info['password'].encode('utf-8'),
seller_data['password'].encode('utf-8')):
# seller_info['new_passaword'] 을 암호화해서 db에 저장
seller_info['password'] = bcrypt.hashpw(
seller_info['new_password'].encode('utf-8'),
bcrypt.gensalt()).decode('utf-8')
result = self.seller_dao.edit_seller_password(
seller_info, db_connection)
return 'S100'
#checkpw 실패할 경우 (ex)invalid salt)
raise InvalidDataError('S107')
#seller_data 가 None 인 경우
raise NotFoundError('S108')
def create_new_account(self, seller_info, db_connection):
"""
새로운 셀러를 생성합니다.
Args:
account_name : 셀러 아이디,
password : 패스워드,
name_english : 영문 셀러명,
name_korean : 셀러명,
cs_contact : 고객센터 전화번호 ,
seller_attribute_id : 셀러 속성 PK(쇼핑몰 마켓 로드샵 디자이너브랜드 제너럴브랜드 내셔널브랜드 뷰티),
phone_number : 담당자 전화번호,
Returns:
password_validation : 비밀번호 유효성 검사 결과
DuplicatedDataError : 중복 아이디 검사 실패 시 에러 반환
S100 : 회원가입 성공 코드
Authors:
[email protected](최지선)
History:
2020.10.28(최지선) : 초기 생성
"""
#비밀번호 유효성 검사를 통과하지 못할 경우 exception을 controller 로 반환
password_validation = validate_password(seller_info['sellerPassword'])
if password_validation != False:
return password_validation
#아이디 중복 검사를 통과하지 못할 경우 exception 을 일으킴
existing_account = self.seller_dao.get_account(seller_info,
db_connection)
if existing_account:
raise DuplicatedDataError('S106')
#유효성 검사를 다 거쳐서 데이터베이스에 데이터 저장 (비밀번호 암호화)
seller_info['sellerPassword'] = bcrypt.hashpw(
seller_info['sellerPassword'].encode('utf-8'),
bcrypt.gensalt()).decode('utf-8')
result = self.seller_dao.insert_seller(seller_info, db_connection)
return 'S100'
def newpass():
if redirect_is_not_logged(session) != True:
return redirect_is_not_logged(session)
page_name = "Setting"
error_array = {}
success_message = ''
valid = True
if request.method == 'POST':
old_password = request.form.get('old_password', None)
new_password = request.form.get('new_password', None)
repeat_password = request.form.get('repeat_password', None)
user = User.query.filter_by(id=session['id'],
password=old_password).first()
if user is None:
error_array['old_password'] = "******"
valid = False
if new_password != repeat_password:
error_array['repeat_password'] = "******"
valid = False
if validate_password(new_password) == False:
error_array['password'] = '******'
valid = False
if valid == True:
user.password = new_password
db.session.commit()
success_message = "Password Updated"
return render_template('settings.html',
page_name=page_name,
session=session,
error_array=error_array,
success_message=success_message)
def login():
error = None
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
if username.strip() == '' or password.strip() == '':
error = 'username or password cannot be empty'
else:
cursor = g.db.execute('select * from user where username = ?',
[username])
if cursor.fetchone() != None:
if (utils.validate_password(password, cursor.fetchone()[2])):
session['logged_in'] = True
session['username'] = username
cursor = g.db.execute(
'select * from user where username = ?', [username])
# print(cursor.fetchone()[2])
session['userid'] = cursor.fetchone()[0]
return redirect(url_for('show_list'))
else:
error = 'invalid password'
else:
error = 'there is no account named ' + username
return render_template('login.html', error=error)
def sign_up():
if redirect_is_logged(session) != True:
return redirect_is_logged(session)
page_name = "login - sign up"
valid = True
error_array = {}
if request.method == 'POST':
fullname = request.form.get('fullname', None)
username = request.form.get('username', None)
email = request.form.get('email', None)
password = request.form.get('password', None)
repeat_password = request.form.get('repeat_password', None)
if validate_password(password) == False:
error_array['password'] = '******'
valid = False
if password != repeat_password:
error_array['password_repeat'] = 'password does\'nt match'
valid = False
if len(fullname) < 2:
error_array['fullname'] = 'fullname too short'
valid = False
if validate_username(username) == False:
error_array['username'] = '******'
valid = False
if User.query.filter_by(username=username).first() is not None:
error_array['username'] = '******'
valid = False
if validate_email(email) == False:
error_array['email'] = 'email is not valid'
valid = False
if User.query.filter_by(email=email).first() is not None:
error_array['email'] = 'email is already taken'
valid = False
if valid == True:
user = User(username=username,
full_name=fullname,
email=email,
password=password)
db.session.add(user)
db.session.commit()
if user == False:
error_array['system'] = 'error insert db'
else:
session['id'] = user.id
session['username'] = username
session['full_name'] = fullname
session['email'] = email
# return render_template('index.html', page_name='Home', session=session)
return redirect(url_for('index'))
return render_template('login.html',
page_name=page_name,
error_array=error_array)
def update_password(self, user_id, password):
validate_password(password)
Person.objects(id=user_id).update_one(
password=generate_password_hash(password)
)