예제 #1
0
def modify_password(sid, pn, password, role):
    # validate sid to confirm the phone validation process
    session = get_session_dict(sid)
    if session is None:
        raise Error404("Sid does not exist")

    # validate if sid match pn
    if pn != session.get(RegistrationSessionKeys.PHONE_NUMBER):
        raise Error409("Validation code not match")

    if session.get(RegistrationSessionKeys.VALIDATE_STATUS
                   ) == ValidateStatus.VALIDATE_SUCCEEDED:
        # change password and save
        users = User.objects.filter(pn=pn, role=role)
        if len(users) == 0:
            raise Error404("User does not exist")

        if not validators.validate(password, "user password"):
            raise Error403("Format of password not valid")

        users[0].set_password(password)
        users[0].save()
        # destroy sid
        destroy_session(sid)

    else:
        raise Error405("Not validated")
예제 #2
0
def register(sid, pn, password, role):
    try:
        session = get_session_dict(sid)
    except KeyError:
        raise Error404("Sid does not exist")

    if pn != session.get(RegistrationSessionKeys.PHONE_NUMBER):
        raise Error409("Phone number and sid do not match.")

    if session.get(RegistrationSessionKeys.VALIDATE_STATUS
                   ) == ValidateStatus.VALIDATE_SUCCEEDED:
        if len(User.objects.filter(pn=pn)) != 0:
            raise Error401("User exists")

        # Validation is moved to serializers, Below is discarded
        # if not validators.validate(password, "user password"):
        #     raise Error403("Format of password not valid")
        #
        # if not role_choice.validate(role):
        #     raise Error400("role is invalid")

        User.objects.create_user(pn=pn, password=password, role=role)
        # destroy sid
        destroy_session(sid)

    else:
        raise Error405("Not validated")
예제 #3
0
def validate_sid(sid, pn, vcode):
    try:
        session = get_session_dict(sid)
    except KeyError:
        raise Error404("Sid does not exist")

    if pn != session.get(RegistrationSessionKeys.PHONE_NUMBER):
        raise Error409("pn conflicts with sid")

    if session.get(RegistrationSessionKeys.VALIDATE_STATUS) == ValidateStatus.VALIDATE_FAILED:
        raise Error401("Validate code not match")

    if session.get(RegistrationSessionKeys.VALIDATE_STATUS) == ValidateStatus.VALIDATE_SUCCEEDED:
        return

    if session.get(RegistrationSessionKeys.VALIDATE_STATUS) is None:
        # should not happen but cleanup in case
        destroy_session(sid)
        destroy_session(RegistrationSessionKeys.PN_2_SID % pn)
        raise Error404("Sid does not exist")

    if session.get(RegistrationSessionKeys.VALIDATE_STATUS) == ValidateStatus.VALIDATE_SENT:
        if session.get(RegistrationSessionKeys.VCODE) == vcode:
            session[RegistrationSessionKeys.VALIDATE_STATUS] = ValidateStatus.VALIDATE_SUCCEEDED
            update_session_dict(sid, session)
            return
        else:
            session[RegistrationSessionKeys.VALIDATE_STATUS] = ValidateStatus.VALIDATE_FAILED
            update_session_dict(sid, session)
            raise Error401("Validate code not match")

    raise Error500("Unexpected fork")
예제 #4
0
def get_sid_by_phonenumber(pn):
    # validate phone number format
    if not validators.validate(pn, "phone number"):
        raise Error401("Format of phone number is incorrect.")

    # Ensure that user did not access this api recently.
    sid_reverse = RegistrationSessionKeys.PN_2_SID % pn

    try:
        sid_exist = get_session(sid_reverse, RegistrationSessionKeys.SID)
    except KeyError:
        sid_exist = None

    if sid_exist is not None:
        try:
            session_exist = get_session_dict(sid_exist)
        except KeyError:
            session_exist = None
        # If we have a exist session, Then:
        # 1) If the user gives a wrong validation code, this api send the validation code again;
        # 2) If the user does not validate within MIN_INTERVAL, send validation code again;
        # 3) If the user has already successfully validated, but call this api again, re-validate;
        # Otherwise, do nothing.
        if session_exist is not None and not (
                session_exist.get(RegistrationSessionKeys.VALIDATE_STATUS)
                == ValidateStatus.VALIDATE_FAILED or
            (session_exist.get(RegistrationSessionKeys.VALIDATE_STATUS)
             == ValidateStatus.VALIDATE_SENT and time.time() -
             session_exist.get(RegistrationSessionKeys.VCODE_LAST_TIME, 0.0) >
             ValidateStatus.MIN_INTERVAL)
                or session_exist.get(RegistrationSessionKeys.VALIDATE_STATUS)
                == ValidateStatus.VALIDATE_SUCCEEDED):
            return sid_exist

        if session_exist is None:
            sid_exist = None

    # send validate message
    vcode = phone_validator.generate_and_send(pn)

    # save validate message into sid
    sid = sid_exist if sid_exist is not None else create_session()

    session = {
        RegistrationSessionKeys.VALIDATE_STATUS: ValidateStatus.VALIDATE_SENT,
        RegistrationSessionKeys.PHONE_NUMBER: pn,
        RegistrationSessionKeys.VCODE: vcode,
        RegistrationSessionKeys.VCODE_LAST_TIME: time.time()
    }
    update_session_dict(sid, session)

    create_session(sid=sid_reverse)
    update_session(sid_reverse, RegistrationSessionKeys.SID, sid)

    # return sid
    return sid