class Password(RequestHandler):
"Set the password of a account account; requires a code."
def get(self):
self.render('password.html',
title='Set your password',
email=self.get_argument('email', default=''),
code=self.get_argument('code', default=''))
def post(self):
try:
account = self.get_account(self.get_argument('email', ''))
except ValueError, msg:
self.see_other('home', error=str(msg))
return
if account.get('code') != self.get_argument('code'):
self.see_other('home',
error="Either the email address or the code" +
" for setting password was wrong." +
" Try to request a new code using the" +
" 'Reset password' button.")
return
password = self.get_argument('password', '')
try:
utils.check_password(password)
except ValueError, msg:
self.see_other('password',
email=self.get_argument('email') or '',
code=self.get_argument('code') or '',
error=str(msg))
return
def post(self):
try:
account = self.get_account(self.get_argument('email', ''))
except ValueError as msg:
self.see_other('home', error=str(msg))
return
if account.get('code') != self.get_argument('code'):
self.see_other('home',
error="Either the email address or the code" +
" for setting password was wrong." +
" Try to request a new code using the" +
" 'Reset password' button.")
return
password = self.get_argument('password', '')
try:
utils.check_password(password)
except ValueError as msg:
self.see_other('password',
email=self.get_argument('email') or '',
code=self.get_argument('code') or '',
error=str(msg))
return
if password != self.get_argument('confirm_password'):
self.see_other('password',
email=self.get_argument('email') or '',
code=self.get_argument('code') or '',
error='password confirmation failed. Not the same!')
return
with AccountSaver(doc=account, rqh=self) as saver:
saver.set_password(password)
saver['login'] = utils.timestamp() # Set login session.
self.set_secure_cookie(constants.USER_COOKIE,
account['email'],
expires_days=settings['LOGIN_MAX_AGE_DAYS'])
if account.get('update_info'):
self.see_other(
'account_edit',
account['email'],
message='Please review and update your account information.')
else:
self.see_other('home')
saver['department'] = None
saver['owner'] = email
saver.set_password(password)
saver['role'] = constants.ADMIN
saver['status'] = constants.ENABLED
print('Created admin account', email)
if __name__ == '__main__':
parser = utils.get_command_line_parser(
description='Create a new admin account.')
(options, args) = parser.parse_args()
utils.load_settings(filepath=options.settings)
email = raw_input('Email address (=account name) > ')
if not email:
sys.exit('no email address provided')
password = getpass.getpass('Password > ')
if not password:
sys.exit('no password provided')
try:
utils.check_password(password)
except ValueError, msg:
sys.exit(str(msg))
again_password = getpass.getpass('Password again > ')
if password != again_password:
sys.exit('passwords do not match')
first_name = raw_input('First name > ') or 'first'
last_name = raw_input('Last name > ') or 'last'
university = raw_input('University > ') or 'university'
create_admin(email, password, first_name, last_name, university)
def set_password(self, new):
utils.check_password(new)
self['code'] = None
# Bypass ordinary 'set'; avoid logging password, even if hashed.
self.doc['password'] = utils.hashed_password(new)
self.changed['password'] = '******'
def set_password(self, new):
utils.check_password(new)
self['code'] = None
# Bypass ordinary 'set'; avoid logging password, even if hashed.
self.doc['password'] = utils.hashed_password(new)
self.changed['password'] = '******'