예제 #1
0
def reset_password():
    token = request.form.get('token')
    password = request.form.get('password')
    if not password:
        flash(_('Please enter a new password'))
        return render_template('reset_password.html', token=token)

    try:
        email = signer.unsign(base64_decode(token),
                              max_age=RESET_PASSWORD_TIMEOUT)
    except SignatureExpired as e:
        return render_template('error.html', error=e)

    hash = pwd_context.encrypt(password)
    db['users'].update(dict(email=email, hash=hash), ['email'])
    return render_template('reset_password_success.html')
예제 #2
0
def signup():
    nonce = request.form.get('nonce')
    name = request.form.get('name')
    password = request.form.get('password')
    if not name or not password or not nonce:
        flash(_('Please enter all fields'))
        return redirect_back()

    email = request.form.get('email')
    coppa_email = False
    if not email:
        # Underage users
        email = 'coppa-user+{}@socialhelp.sugarlabs.org'.format(uuid4())
        coppa_email = True

    if db['users'].find_one(name=name) or db['users'].find_one(email=email):
        flash(_('Username or email already in use'))
        return redirect_back()

    hash = pwd_context.encrypt(password)
    info = dict(name=name, email=email, hash=hash, coppa_email=coppa_email)
    info['id'] = db['users'].insert(info)

    return user_ok(info)
예제 #3
0
def create(email, password):
    """ This function creates a new user if possible.

    First, we check if there is a user that exists with the provided email.
    Otherwise, we encrypt the password with passlib and
    store the result as the 'hash' property in the new user profile. Most of
    the properties of the User object are random junk left over from old
    TweetTracker.

    :param email: The email of the new user
    :param password: The password to use for the new user
    :return: The new user's Object_Id or None if failure
    """
    # We REALLY shouldn't be using MD5.
    md5_hash = hashlib.md5(password).hexdigest()
    hashed_password = pwd_context.encrypt(password)

    old_user = users.find_one({'roleID': {'$exists': True}, 'username': email})
    if old_user is not None:
        # Worst security flaw ever
        # users.update({'email': email}, {
        #     '$unset': {
        #         'roleID': ''
        #     },
        #     'password': md5_hash,
        #     'hash': hashed_password
        # })

        # instead of allowing people to hijack accounts, return an error if the usor already exists
        return None
    else:
        # choose the next available user ID
        from pymongo import DESCENDING

        next_id = -99

        maxuser = list(
            users.find({}, {
                "id": 1
            }).sort("id", DESCENDING).limit(1))
        if len(maxuser) > 0:
            next_id = maxuser[0]['id'] + 1
        else:
            next_id = 1

        try:
            user_obj = {
                "creationtime": int(time.time()) * 1000,
                "last_login": int(time.time()) * 1000,
                "username": email,
                "password": md5_hash,
                "id": next_id,
                "logins": 0,
                "roleID": 1,
                "exportrights": 1,
                "description": "auto generated user",
                "realname": "",
                "phone": "",
                "email": "",
                "location": "",
                "numoftweets": 50000
            }
        except Exception as e:
            print e
        return users.insert(user_obj)