def account_activate(request): """Reset a user after being suspended :param username: required to know what user we're resetting :param activation: code needed to activate :param password: new password to use for the user """ params = request.params username = params.get('username', None) activation = params.get('code', None) password = params.get('password', None) if not UserMgr.acceptable_password(password): request.response.status_int = 406 return { 'error': "Come on, pick a real password please", } res = ActivationMgr.activate_user(username, activation, password) if res: # success so respond nicely AuthLog.reactivate(username, success=True, code=activation) return { 'message': "Account activated, please log in.", 'username': username, } else: AuthLog.reactivate(username, success=False, code=activation) request.response.status_int = 500 return { 'error': "There was an issue attempting to activate this account.", }
def account_activate(request): """Reset a user after being suspended :param username: required to know what user we're resetting :param activation: code needed to activate :param password: new password to use for the user """ params = request.params username = params.get('username', None) activation = params.get('code', None) password = params.get('password', None) new_username = params.get('new_username', None) if username is None and activation is None and password is None: # then try to get the same fields out of a json body json_body = request.json_body username = json_body.get('username', None) activation = json_body.get('code', None) password = json_body.get('password', None) new_username = json_body.get('new_username', None) if not UserMgr.acceptable_password(password): request.response.status_int = 406 return _api_response(request, { 'error': "Come on, pick a real password please", }) res = ActivationMgr.activate_user(username, activation, password) if res: # success so respond nicely AuthLog.reactivate(username, success=True, code=activation) # if there's a new username and it's not the same as our current # username, update it if new_username and new_username != username: try: user = UserMgr.get(username=username) user.username = new_username except IntegrityError, exc: request.response.status_int = 500 return _api_response( request, { 'error': 'There was an issue setting your new username', 'exc': str(exc) }) return _api_response(request, { 'message': "Account activated, please log in.", 'username': username, })
def account_activate(request): """Reset a user after being suspended :param username: required to know what user we're resetting :param activation: code needed to activate :param password: new password to use for the user """ params = request.params username = params.get('username', None) activation = params.get('code', None) password = params.get('password', None) new_username = params.get('new_username', None) if username is None and activation is None and password is None: # then try to get the same fields out of a json body json_body = request.json_body username = json_body.get('username', None) activation = json_body.get('code', None) password = json_body.get('password', None) new_username = json_body.get('new_username', None) if not UserMgr.acceptable_password(password): request.response.status_int = 406 return { 'error': "Come on, pick a real password please", } res = ActivationMgr.activate_user(username, activation, password) if res: # success so respond nicely AuthLog.reactivate(username, success=True, code=activation) # if there's a new username and it's not the same as our current # username, update it if new_username and new_username != username: try: user = UserMgr.get(username=username) user.username = new_username except IntegrityError, exc: request.response.status_int = 500 return { 'error': 'There was an issue setting your new username', 'exc': str(exc) } return { 'message': "Account activated, please log in.", 'username': username, }
def reset_password(request): """Change a user's password from the current string :params current_password: :params new_password: Callable by either a logged in user or the api key for mobile apps/etc """ params = request.params # now also load the password info current = params.get('current_password', None) new = params.get('new_password', None) # if we don't have any password info, try a json_body in case it's a json #POST if current is None and new is None: params = request.json_body current = params.get('current_password', None) new = params.get('new_password', None) user_acct = request.user LOG.error("PASSWD") LOG.error(current) LOG.error(new) if not UserMgr.acceptable_password(new): request.response.status_int = 406 return { 'username': user_acct.username, 'error': "Come on, let's try a real password this time" } # before we change the password, let's verify it if user_acct.validate_password(current): # we're good to change it user_acct.password = new return { 'username': user_acct.username, 'message': "Password changed", } else: request.response.status_int = 403 return { 'username': user_acct.username, 'error': "There was a typo somewhere. Please check your request" }
def reset(request): """Once deactivated, allow for changing the password via activation key""" rdict = request.matchdict params = request.params # This is an initial request to show the activation form. username = rdict.get('username', None) activation_key = rdict.get('reset_key', None) user = ActivationMgr.get_user(username, activation_key) if user is None: # just 404 if we don't have an activation code for this user raise HTTPNotFound() if 'code' in params: # This is a posted form with the activation, attempt to unlock the # user's account. username = params.get('username', None) activation = params.get('code', None) password = params.get('new_password', None) new_username = params.get('new_username', None) error = None if not UserMgr.acceptable_password(password): # Set an error message to the template. error = "Come on, pick a real password please." else: res = ActivationMgr.activate_user(username, activation, password) if res: # success so respond nicely AuthLog.reactivate(username, success=True, code=activation) # if there's a new username and it's not the same as our current # username, update it if new_username and new_username != username: try: user = UserMgr.get(username=username) user.username = new_username except IntegrityError, exc: error = 'There was an issue setting your new username' else: AuthLog.reactivate(username, success=False, code=activation) error = 'There was an issue attempting to activate this account.'
def reset(request): """Once deactivated, allow for changing the password via activation key""" rdict = request.matchdict params = request.params # This is an initial request to show the activation form. username = rdict.get('username', None) activation_key = rdict.get('reset_key', None) user = ActivationMgr.get_user(username, activation_key) if user is None: # just 404 if we don't have an activation code for this user raise HTTPNotFound() if 'code' in params: # This is a posted form with the activation, attempt to unlock the # user's account. username = params.get('username', None) activation = params.get('code', None) password = params.get('new_password', None) new_username = params.get('new_username', None) error = None if not UserMgr.acceptable_password(password): # Set an error message to the template. error = "Come on, pick a real password please." else: res = ActivationMgr.activate_user(username, activation, password) if res: # success so respond nicely AuthLog.reactivate(username, success=True, code=activation) # if there's a new username and it's not the same as our # current username, update it if new_username and new_username != username: try: user = UserMgr.get(username=username) user.username = new_username except IntegrityError: error = 'There was an issue setting your new username' else: AuthLog.reactivate(username, success=False, code=activation) error = ('There was an issue attempting to activate' 'this account.') if error: return {'message': error, 'user': user} else: # Log the user in and move along. headers = remember(request, user.id, max_age=60 * 60 * 24 * 30) user.last_login = datetime.utcnow() # log the successful login AuthLog.login(user.username, True) # we're always going to return a user to their own /recent after a # login return HTTPFound(location=request.route_url( 'user_bmark_recent', username=user.username), headers=headers) else: LOG.error("CHECKING") LOG.error(username) if user is None: # just 404 if we don't have an activation code for this user raise HTTPNotFound() LOG.error(user.username) LOG.error(user.email) return { 'user': user, }
def reset(request): """Once deactivated, allow for changing the password via activation key""" rdict = request.matchdict params = request.params # This is an initial request to show the activation form. username = rdict.get("username", None) activation_key = rdict.get("reset_key", None) user = ActivationMgr.get_user(username, activation_key) if user is None: # just 404 if we don't have an activation code for this user raise HTTPNotFound() if "code" in params: # This is a posted form with the activation, attempt to unlock the # user's account. username = params.get("username", None) activation = params.get("code", None) password = params.get("new_password", None) new_username = params.get("new_username", None) error = None if not UserMgr.acceptable_password(password): # Set an error message to the template. error = "Come on, pick a real password please." else: res = ActivationMgr.activate_user(username, activation, password) if res: # success so respond nicely AuthLog.reactivate(username, success=True, code=activation) # if there's a new username and it's not the same as our # current username, update it if new_username and new_username != username: try: user = UserMgr.get(username=username) user.username = new_username except IntegrityError: error = "There was an issue setting your new username" else: AuthLog.reactivate(username, success=False, code=activation) error = "There was an issue attempting to activate" "this account." if error: return {"message": error, "user": user} else: # Log the user in and move along. headers = remember(request, user.id, max_age=60 * 60 * 24 * 30) user.last_login = datetime.utcnow() # log the successful login AuthLog.login(user.username, True) # we're always going to return a user to their own /recent after a # login return HTTPFound(location=request.route_url("user_bmark_recent", username=user.username), headers=headers) else: LOG.error("CHECKING") LOG.error(username) if user is None: # just 404 if we don't have an activation code for this user raise HTTPNotFound() LOG.error(user.username) LOG.error(user.email) return {"user": user}