def validate_password(self, password, confirm):
if password != confirm:
raise ValidationException('password_mismatch')
if not self.PASS_RX.match(password):
raise ValidationException('password_invalid')
return True
def validate_password(self, password, confirm):
if password != confirm:
raise ValidationException('Passwords do not match!')
if not self.PASS_RX.match(password):
raise ValidationException('Please choose a different password')
return True
def validate_user(self, user, email):
if not self.is_username_available(user):
raise ValidationException('username_not_available')
if self.has_user_email(email):
raise ValidationException('email_not_available')
return True
def reset_password(self, password, confirm, resetcode):
self.validate_password(password, confirm)
try:
self.cork.reset_password(resetcode, password)
except AuthException:
raise ValidationException('invalid_reset_code')
def create_coll_post():
title = self.post_get('title')
if not title:
self.flash_message('Title is required')
self.redirect('/_create')
is_public = self.post_get('public') == 'on'
coll = self.sanitize_title(title)
user = self.manager.get_curr_user()
try:
if not coll:
raise ValidationException('Invalid Collection Name')
#self.manager.add_collection(user, coll_name, title, access)
collection = self.manager.create_collection(user,
coll,
title,
desc='',
public=is_public)
self.flash_message(
'Created collection <b>{0}</b>!'.format(
collection['title']), 'success')
redir_to = self.get_redir_back('/_create')
except ValidationException as ve:
self.flash_message(str(ve))
redir_to = '/_create'
self.redirect(redir_to)
def update_password(self, curr_password, password, confirm):
user = self.get_curr_user()
if not self.cork.verify_password(user, curr_password):
raise ValidationException('Incorrect Current Password')
self.validate_password(password, confirm)
self.cork.update_password(user, password)
def validate_user(self, user, email):
if self.has_user(user):
msg = 'User <b>{0}</b> already exists! Please choose a different username'
msg = msg.format(user)
raise ValidationException(msg)
if not self.USER_RX.match(user) or user in self.RESTRICTED_NAMES:
msg = 'The name <b>{0}</b> is not a valid username. Please choose a different username'
msg = msg.format(user)
raise ValidationException(msg)
if self.has_user_email(email):
msg = 'There is already an account for <b>{0}</b>. If you have trouble logging in, you may <a href="/_forgot"><b>reset the password</b></a>.'
msg = msg.format(email)
raise ValidationException(msg)
return True
def update_password(self, curr_password, password, confirm):
username = self.access.session_user.name
if not self.cork.verify_password(username, curr_password):
raise ValidationException('invalid_password')
self.validate_password(password, confirm)
self.cork.update_password(username, password)
def create_user(self, reg):
try:
user, init_info = self.cork.validate_registration(reg)
except AAAException as a:
raise ValidationException(a)
if init_info:
init_info = json.loads(init_info)
else:
init_info = {}
key = self.user_key.format(user=user)
now = int(time.time())
max_size, max_coll = self.redis.hmget('h:defaults',
['max_size', 'max_coll'])
if not max_size:
max_size = self.default_max_size
if not max_coll:
max_coll = self.default_max_coll
with redis_pipeline(self.redis) as pi:
pi.hset(key, 'max_size', max_size)
pi.hset(key, 'max_coll', max_coll)
pi.hset(key, 'created_at', now)
pi.hset(key, 'name', init_info.get('name', ''))
pi.hsetnx(key, 'size', '0')
self.cork.do_login(user)
sesh = self.get_session()
if not sesh.curr_user:
sesh.curr_user = user
# Move Temp collection to be permanent
move_info = init_info.get('move_info')
if move_info:
self.move_temp_coll(user, move_info)
first_coll = init_info.get('to_title')
else:
self.create_collection(user,
coll=self.default_coll['id'],
coll_title=self.default_coll['title'],
desc=self.default_coll['desc'].format(user),
public=False)
first_coll = self.default_coll['title']
# Check for mailing list management
if self.mailing_list:
self.add_to_mailing_list(user, self.get_user_email(user),
self.get_user_info(user).get('name', ''))
return user, first_coll
def get_move_temp_info(self, input_data):
move_temp = input_data.get('moveTemp')
if not move_temp:
return None
to_coll_title = input_data.get('toColl', '')
to_coll = sanitize_title(to_coll_title)
if not to_coll:
raise ValidationException('invalid_coll_name')
if not self.access.session_user.is_anon():
raise ValidationException('invalid_user_import')
return {'from_user': self.access.session_user.name,
'to_coll': to_coll,
'to_title': to_coll_title,
}
def is_valid_invite(self, invitekey):
try:
if not invitekey:
return False
key = base64.b64decode(invitekey.encode('utf-8')).decode('utf-8')
key.split(':', 1)
email, hash_ = key.split(':', 1)
entry = self.invites[email]
if entry and entry.get('hash_') == hash_:
return email
except Exception as e:
print(e)
pass
msg = 'Sorry, that is not a valid invite code. Please try again or request another invite'
raise ValidationException(msg)
def get_move_temp_info(self):
move_info = None
move_temp = self.post_get('move-temp')
if move_temp == '1':
to_coll_title = self.post_get('to-coll')
to_coll = self.sanitize_title(to_coll_title)
if not to_coll:
raise ValidationException(
'Invalid new collection name, please pick a different name'
)
sesh = self.get_session()
if sesh.is_anon() and to_coll:
move_info = {
'from_user': sesh.anon_user,
'to_coll': to_coll,
'to_title': to_coll_title,
}
return move_info
def register_user(self, input_data, host):
msg = OrderedDict()
redir_extra = ''
username = input_data.get('username', '')
full_name = input_data.get('full_name', '')
email = input_data.get('email', '')
if 'username' not in input_data:
msg['username'] = '******'
elif username.startswith(self.temp_prefix):
msg['username'] = '******'
if 'email' not in input_data:
msg['email'] = 'Missing Email'
if self.invites_enabled:
try:
val_email = self.is_valid_invite(input_data['invite'])
if val_email != email:
raise ValidationException('Sorry, this invite can only be used with email: {0}'.format(val_email))
except ValidationException as ve:
msg['invite'] = str(ve)
else:
redir_extra = '?invite=' + input_data.get('invite', '')
try:
self.validate_user(username, email)
self.validate_password(input_data['password'], input_data['confirmpassword'])
except ValidationException as ve:
msg['validation'] = str(ve)
try:
move_info = self.get_move_temp_info(input_data)
except ValidationException as ve:
msg['move_info'] = str(ve)
if msg:
return msg, redir_extra
try:
desc = {'name': full_name}
if move_info:
desc['move_info'] = move_info
desc = json.dumps(desc)
self.cork.register(username, input_data['password'], email, role='archivist',
max_level=50,
subject='webrecorder.io Account Creation',
email_template='webrecorder/templates/emailconfirm.html',
description=desc,
host=host)
# add to announce list if user opted in
if input_data.get('announce_mailer') and self.announce_list:
self.add_to_mailing_list(username, email, full_name,
list_endpoint=self.announce_list)
if self.invites_enabled:
self.delete_invite(email)
# extend session for upto 90 mins to store data to be migrated
# to allow time for user to validate registration
if move_info:
self.get_session().save()
except ValidationException as ve:
msg['validation'] = str(ve)
except Exception as ex:
import traceback
traceback.print_exc()
msg['other_error'] = 'Registration failed: ' + str(ex)
if not msg:
msg['success'] = ('A confirmation e-mail has been sent to <b>{0}</b>. ' +
'Please check your e-mail to complete the registration!').format(username)
return msg, redir_extra
def register_post():
self.redirect_home_if_logged_in()
email = self.post_get('email')
username = self.post_get('username')
password = self.post_get('password')
name = self.post_get('name')
decoy_name = self.post_get('full_name')
confirm_password = self.post_get('confirmpassword')
invitecode = self.post_get('invite')
opt_in_mailer = self.post_get('announce_mailer') == '1'
redir_to = REGISTER_PATH
if decoy_name:
return self.redirect(redir_to)
if username.startswith(self.manager.temp_prefix):
self.flash_message('Sorry, this is not a valid username')
self.redirect(redir_to)
return
try:
move_info = self.get_move_temp_info()
except ValidationException as ve:
self.flash_message('Registration Failed: ' + str(ve))
self.redirect('/')
return
if self.invites_enabled:
try:
val_email = self.manager.is_valid_invite(invitecode)
if val_email != email:
raise ValidationException(
'Sorry, this invite can only be used with email: {0}'
.format(val_email))
except ValidationException as ve:
self.flash_message(str(ve))
self.redirect(redir_to)
return
redir_to += '?invite=' + invitecode
try:
self.manager.validate_user(username, email)
self.manager.validate_password(password, confirm_password)
#TODO: set default host?
host = self.get_host()
desc = {'name': name}
if move_info:
desc['move_info'] = move_info
desc = json.dumps(desc)
self.manager.cork.register(
username,
password,
email,
role='archivist',
max_level=50,
subject='webrecorder.io Account Creation',
email_template='webrecorder/templates/emailconfirm.html',
description=desc,
host=host)
self.flash_message(
('A confirmation e-mail has been sent to <b>{0}</b>. '
'Please check your e-mail to complete the registration!'
).format(username), 'warning')
# add to announce list if user opted in
if opt_in_mailer and self.announce_list:
self.manager.add_to_mailing_list(
username,
email,
name,
list_endpoint=self.announce_list)
redir_to = '/'
if self.invites_enabled:
self.manager.delete_invite(email)
except ValidationException as ve:
self.flash_message(str(ve))
except Exception as ex:
self.flash_message('Registration failed: ' + str(ex))
self.redirect(redir_to)
