def send_forgot_password(email): # type: (str) -> Tuple[bool, Optional[str]]
"""
Returns:
(email_sent: bool, error: string)
"""
if not email:
return False, "Email address can't be empty"
email_error = validate_email_address(email)
if email_error:
return False, email_error
with crawl_db(config.get('password_db')) as db:
db.c.execute("select id from dglusers where email=? collate nocase",
(email, ))
result = db.c.fetchone()
if not result:
return False, None
userid = result[0]
token = create_password_token(userid)
msg_body_plaintext, msg_body_html = generate_token_email(token)
send_email(email, 'Request to reset your password', msg_body_plaintext,
msg_body_html)
return True, None
def register_user(username, passwd,
email): # type: (str, str, str) -> Optional[str]
"""Returns an error message or None on success."""
if passwd == "":
return "The password can't be empty!"
if email: # validate the email only if it is provided
result = validate_email_address(email)
if result:
return result
username = username.strip()
if not re.match(config.get('nick_regex'), username):
return "Invalid username!"
crypted_pw = encrypt_pw(passwd)
with crawl_db(config.get('password_db')) as db:
db.c.execute(
"select username from dglusers where username=? collate nocase",
(username, ))
result = db.c.fetchone()
if result:
return "User already exists!"
with crawl_db(config.get('password_db')) as db:
query = """
INSERT INTO dglusers
(username, email, password, flags, env)
VALUES
(?, ?, ?, 0, '')
"""
db.c.execute(query, (username, email, crypted_pw))
db.conn.commit()
return None
def change_email(user_id, email): # type: (str, str) -> Optional[str]
"""Returns an error message or None on success."""
result = validate_email_address(email)
if result:
return result
with crawl_db(config.get('password_db')) as db:
db.c.execute("update dglusers set email=? where id=?",
(email, user_id))
db.conn.commit()
return None
def register_user(username, passwd,
email): # type: (str, str, str) -> Optional[str]
"""Returns an error message or None on success."""
if config.get('new_accounts_disabled'):
# XX show a message before they enter form data...
return "New account creation is disabled."
if passwd == "":
return "The password can't be empty!"
if email: # validate the email only if it is provided
result = validate_email_address(email)
if result:
return result
username = username.strip()
if not re.match(config.get('nick_regex'), username):
return "Account creation failed."
if config.get(
'nick_check_fun') and not config.get('nick_check_fun')(username):
return "Account creation failed."
crypted_pw = encrypt_pw(passwd)
with crawl_db(config.get('password_db')) as db:
db.c.execute(
"select username from dglusers where username=? collate nocase",
(username, ))
result = db.c.fetchone()
if result:
return "User already exists!"
flags = 0
if config.get('new_accounts_hold'):
flags = (flags | DGLACCT_LOGIN_LOCK | DGLACCT_EMAIL_LOCK
| DGLACCT_PASSWD_LOCK | DGLACCT_ACCOUNT_HOLD)
with crawl_db(config.get('password_db')) as db:
query = """
INSERT INTO dglusers
(username, email, password, flags, env)
VALUES
(?, ?, ?, ?, '')
"""
db.c.execute(query, (username, email, crypted_pw, flags))
db.conn.commit()
return None
def change_email(user_id, email): # type: (str, str) -> Optional[str]
"""Returns an error message or None on success."""
result = validate_email_address(email)
if result:
return result
with crawl_db(config.get('password_db')) as db:
query = """
SELECT id, flags
FROM dglusers
WHERE username=?
COLLATE NOCASE
"""
db.c.execute(query, (username,))
result = db.c.fetchone() # type: Optional[Tuple[int, str, int]]
if not result:
return "Invalid username!"
if result[1] & DGLACCT_EMAIL_LOCK:
return "Account has an email lock!"
db.c.execute("update dglusers set email=? where id=?", (email, user_id))
db.conn.commit()
return None
def test_validate_email_address(self, email, valid):
result = util.validate_email_address(email)
if valid:
assert result is None
else:
assert result is not None
