def changePassword(self): requestData = parseJsonResponse(request.data) username = requestData['username'] oldPassword = requestData['oldPassword'] newPassword = requestData['newPassword'] try: user = User.objects.get(username = username) except DoesNotExist: raise NotFoundError("User not found") permission = UserAdminPermission(user) if not permission.can(): raise APIException('You have no permission to change the user password') passwordValid = bcrypt.check_password_hash(user.password, oldPassword) if (not passwordValid): raise APIException('Invalid old password') if (len(newPassword) < 6): raise APIException('Your new password has to be at least 6 characters long') user.modify(password = unicode(bcrypt.generate_password_hash(newPassword))) return makeJsonResponse(None, 'Password changed')
def login(self): userData = parseJsonResponse(request.data) if current_user.is_authenticated(): return makeJsonResponse({'msg': 'You are already logged in'}) else: try: user = User.objects.get(email = userData['id']) except DoesNotExist: raise APIException('User does not exist') if (not user.active): raise APIException('User has not been activated or has been deactivated. Please contact the administrator!') if (not user.confirmed): raise APIException('Your registration has not been confirmed. Please visit the link found in yout email!') passwordValid = bcrypt.check_password_hash(user.password, userData['password']) if (passwordValid): login_user(user) identity_changed.send(current_app._get_current_object(), identity = Identity(user.get_id())) response = makeJsonResponse({'msg': 'You have sucessfully logged in'}) response.set_cookie('user.username', user.username) response.set_cookie('user.roles', '-'.join([role.name for role in user.roles])) return response else: raise APIException('Incorrect password')