def delete(self, user_id):
self.request_parser.add_argument('password',
type=str,
required=True,
help='No password is provided')
args = self.request_parser.parse_args()
password = args['password']
if not password:
return make_response('Password is mandatory!', 400)
user = service.get_user_by_id(user_id)
if user is None:
return make_response('User ' + str(user_id) + ' does not exist!',
404)
else:
existing_password_entry = \
service.find_user_password_by_email(user.email)
if not existing_password_entry.verify_password(password):
logger.warn(
'Cannot delete user %s (%s): '
'wrong password provided', user_id, user.email)
return make_response('Wrong password', 400)
service.delete_user(user.email)
logger.info('Deleted user %s (%s)', user_id, user.email)
return redirect('/')
def delete(self, user_id):
self.request_parser.add_argument('password',
type=str,
required=True,
help='No password is provided')
args = self.request_parser.parse_args()
password = args['password']
if not password:
return make_response('Password is mandatory!', 400)
user = service.get_user_by_id(user_id)
if user is None:
return make_response('User ' + str(user_id) + ' does not exist!',
404)
else:
existing_password_entry = \
service.find_user_password_by_email(user.email)
if not existing_password_entry.verify_password(password):
logger.warn('Cannot delete user %s (%s): '
'wrong password provided',
user_id, user.email)
return make_response('Wrong password', 400)
service.delete_user(user.email)
logger.info('Deleted user %s (%s)', user_id, user.email)
return redirect('/')
def post(self):
self.request_parser.add_argument('username',
type=str,
required=True,
help='No username is provided')
self.request_parser.add_argument('password',
type=str,
required=True,
help='No password is provided')
self.request_parser.add_argument('source',
type=str,
required=False)
args = self.request_parser.parse_args()
username = args['username']
password = args['password']
if not username or not password:
return make_response('Username and password are mandatory!', 400)
user = users_service.find_user_by_email(username)
if user is None:
return make_response('User ' + username + ' does not exist!', 404)
else:
logger.info('Logging in with an existing username: %s',
user.email)
existing_password_entry = \
users_service.find_user_password_by_email(username)
if not existing_password_entry.verify_password(password):
logger.warn('User %s tried to login with a wrong password',
user.email)
return make_response('Wrong password', 404)
elif not user.email_is_confirmed:
logger.warn('User %s has not verified their email yet.'
' Login attempt denied.',
user.email)
return make_response(
'Please confirm the email first.'
'The confirmation link is sent to your email.', 403)
else:
login_user(user)
logger.info('User %s logged in', user.email)
if args['source']:
return redirect(args['source'])
else:
return redirect('/')
