def delete(self, user_id): self.request_parser.add_argument('password', type=str, required=True, help='No password is provided') args = self.request_parser.parse_args() password = args['password'] if not password: return make_response('Password is mandatory!', 400) user = service.get_user_by_id(user_id) if user is None: return make_response('User ' + str(user_id) + ' does not exist!', 404) else: existing_password_entry = \ service.find_user_password_by_email(user.email) if not existing_password_entry.verify_password(password): logger.warn( 'Cannot delete user %s (%s): ' 'wrong password provided', user_id, user.email) return make_response('Wrong password', 400) service.delete_user(user.email) logger.info('Deleted user %s (%s)', user_id, user.email) return redirect('/')
def delete(self, user_id): self.request_parser.add_argument('password', type=str, required=True, help='No password is provided') args = self.request_parser.parse_args() password = args['password'] if not password: return make_response('Password is mandatory!', 400) user = service.get_user_by_id(user_id) if user is None: return make_response('User ' + str(user_id) + ' does not exist!', 404) else: existing_password_entry = \ service.find_user_password_by_email(user.email) if not existing_password_entry.verify_password(password): logger.warn('Cannot delete user %s (%s): ' 'wrong password provided', user_id, user.email) return make_response('Wrong password', 400) service.delete_user(user.email) logger.info('Deleted user %s (%s)', user_id, user.email) return redirect('/')
def post(self): self.request_parser.add_argument('username', type=str, required=True, help='No username is provided') self.request_parser.add_argument('password', type=str, required=True, help='No password is provided') self.request_parser.add_argument('source', type=str, required=False) args = self.request_parser.parse_args() username = args['username'] password = args['password'] if not username or not password: return make_response('Username and password are mandatory!', 400) user = users_service.find_user_by_email(username) if user is None: return make_response('User ' + username + ' does not exist!', 404) else: logger.info('Logging in with an existing username: %s', user.email) existing_password_entry = \ users_service.find_user_password_by_email(username) if not existing_password_entry.verify_password(password): logger.warn('User %s tried to login with a wrong password', user.email) return make_response('Wrong password', 404) elif not user.email_is_confirmed: logger.warn('User %s has not verified their email yet.' ' Login attempt denied.', user.email) return make_response( 'Please confirm the email first.' 'The confirmation link is sent to your email.', 403) else: login_user(user) logger.info('User %s logged in', user.email) if args['source']: return redirect(args['source']) else: return redirect('/')