def account_initialization_2(request): if request.method == HTTP_METHOD_POST: account_id = request.path_info.split('/')[3] username = request.POST['username'].lower().strip() password = request.POST['pw1'] errors = { 'generic': 'There was a problem updating your data. Please try again. If you are unable to change your password please contact support.', 'collision': 'That username is already taken. Please enter different one.' } api = IndivoClient(settings.CONSUMER_KEY, settings.CONSUMER_SECRET, settings.INDIVO_SERVER_LOCATION) ret = api.add_auth_system( account_id = account_id, data = {'system':'password', 'username': username, 'password': password}) if ret.response['response_status'] == 200: # everything's OK, log this person in, hard redirect to change location tokens_get_from_server(request, username, password) return HttpResponseRedirect('/') elif ret.response['response_status'] == 400: return utils.render_template('ui/account_init_2', {'ERROR': errors['collision']}) else: return utils.render_template('ui/account_init_2', {'ERROR': errors['generic']}) else: return utils.render_template('ui/account_init_2', {})
def account_initialization_2(request): if request.method == HTTP_METHOD_POST: account_id = request.path_info.split('/')[3] username = request.POST['username'] password = request.POST['pw1'] errors = { 'generic': 'There was a problem updating your data. Please try again. If you are unable to set up your account please contact support.' } api = IndivoClient(settings.CONSUMER_KEY, settings.CONSUMER_SECRET, SMART_SERVER_LOCATION) ret = api.add_auth_system(account_id=account_id, data={ 'system': 'password', 'username': username, 'password': password }) if ret.response['response_status'] == 200: # everything's OK, log this person in, hard redirect to change location tokens_get_from_server(request, username, password) return HttpResponseRedirect('/') else: return utils.render_template('ui/account_init_2', {'ERROR': errors['generic']}) else: return utils.render_template('ui/account_init_2', {})
def account_setup(request, account_id, primary_secret, secondary_secret): """ http://localhost/accounts/[email protected]/setup/taOFzInlYlDKLbiM """ api = IndivoClient(settings.CONSUMER_KEY, settings.CONSUMER_SECRET, settings.INDIVO_SERVER_LOCATION) # is this account already initialized? ret = api.account_info(account_id=account_id) status = ret.response.get('response_status', 500) if 404 == status: return utils.render_template(LOGIN_PAGE, {'ERROR': ErrorStr('Unknown account')}) if 200 != status: return utils.render_template('ui/error', {'error_status': status, 'error_message': ErrorStr(ret.response.get('response_data', 'Server Error'))}) account_xml = ret.response.get('response_data', '<root/>') account = utils.parse_account_xml(account_xml) account_state = account.get('state') has_primary_secret = (len(primary_secret) > 0) # TODO: Get this information from the server (API missing as of now) has_secondary_secret = (None != account.get('secret') and len(account.get('secret')) > 0) # if the account is already active, show login IF at least one auth-system is attached if 'active' == account_state: if len(account['auth_systems']) > 0: return utils.render_template(LOGIN_PAGE, {'MESSAGE': _('Your account is now active, you may log in below'), 'SETTINGS': settings}) elif 'uninitialized' != account_state: return utils.render_template(LOGIN_PAGE, {'ERROR': ErrorStr('This account is %s' % account_state), 'SETTINGS': settings}) # received POST data, try to setup params = {'ACCOUNT_ID': account_id, 'PRIMARY_SECRET': primary_secret, 'SECONDARY_SECRET': secondary_secret, 'SETTINGS': settings} if HTTP_METHOD_POST == request.method: post = request.POST username = post.get('username', '').lower().strip() password = post.get('pw1') secondary_secret = post.get('secondary_secret', '') # verify PRIMARY secret first and send back to "resend secret" page if it is wrong ret = api.check_account_secrets(account_id=account_id, primary_secret=primary_secret) if 200 != ret.response.get('response_status', 0): return HttpResponseRedirect('/accounts/%s/send_secret/wrong' % account_id) # verify SECONDARY secret as well, if there is one if has_secondary_secret: ret = api.check_account_secrets(account_id=account_id, primary_secret=primary_secret, parameters={'secondary_secret': secondary_secret}) if 200 != ret.response.get('response_status', 0): params['ERROR'] = ErrorStr('Wrong confirmation code') return utils.render_template('ui/account_init', params) # verify passwords error = None if len(username) < 1: error = ErrorStr("Username too short") if len(password) < (settings.REGISTRATION['min_password_length'] or 8): error = ErrorStr("Password too short") elif password != post.get('pw2'): error = ErrorStr("Passwords do not match") if error is not None: params['ERROR'] = error return utils.render_template('ui/account_setup', params) # secrets are ok, passwords check out: Attach the login credentials to the account ret = api.add_auth_system( account_id = account_id, data = { 'system': 'password', 'username': username, 'password': password }) if 200 == ret.response['response_status']: # everything's OK, log this person in, hard redirect to change location try: tokens_get_from_server(request, username, password) except IOError as e: return utils.render_template(LOGIN_PAGE, {'ERROR': ErrorStr(e.strerror), 'RETURN_URL': request.POST.get('return_url', '/'), 'SETTINGS': settings}) return HttpResponseRedirect('/') elif 400 == ret.response['response_status']: params['ERROR'] = ErrorStr('Username already taken') return utils.render_template('ui/account_setup', params) params['ERROR'] = ErrorStr('account_init_error') return utils.render_template('ui/account_setup', params) # got no secondary_secret, go back to init step which will show a prompt for the secondary secret if has_secondary_secret and not secondary_secret: return HttpResponseRedirect('/accounts/%s/init/%s' % (account_id, primary_secret)) return utils.render_template('ui/account_setup', params)