def post(self): username = self.request.get('username') password = self.request.get('password') verify = self.request.get('verify') email = self.request.get('email') have_error = False params = dict(username = username, email = email) # Valid input if not generic.valid_input(username, USERNAME_RE): params['error_username'] = "******" have_error = True elif db.GqlQuery("select * from User where username = '******'" % username).get(): params['error_username'] = "******" have_error = True if not generic.valid_input(password, PASSWORD_RE): params['error_password'] = "******" have_error = True elif password != verify: params['error_verify'] = "Las contrasenas no coinciden." have_error = True if email and not generic.valid_input(email, EMAIL_RE): params['error_email'] = "Esa no parece ser una direccion de correo electronico valida." have_error = True if have_error: self.render('registro.html', **params) else: salt = generic.make_salt() ph = generic.hash_str(password + salt) u = generic.User(username = username, password_hash = ph, salt = salt) u.put() user_cookie_val = 'username=%s; Path=/' % generic.make_secure_val(username) self.response.headers.add_header('Set-Cookie', str(user_cookie_val)) self.redirect('/bienvenido')
def _on_signin(self, data, auth_info, provider): """Callback whenever a new or existing user is logging in. data is a user info dictionary. auth_info contains access token or oauth token and secret. See what's in it with logging.info(data, auth_info) """ # Test if we already have a registered user user = self.get_user_by_email(data['email']) new_user_p = False if not user: prefix = data['email'].split("@")[0] test_user = self.get_user_by_username(prefix) username = ("g." + prefix) if test_user else prefix salt = generic.make_salt() user = generic.RegisteredUsers( username=username, password_hash=generic.hash_str(generic.make_salt() + salt), salt=salt, email=data['email']) if data['id']: user.gplusid = data['id'] user.set_gplus_profile() try: user.about_me = user.gplus_profile_json['aboutMe'] except: pass if data['picture']: user.profile_image_url = data['picture'] self.log_and_put(user) new_user_p = True if (not new_user_p) and data['id']: try: user.gplusid = data['id'] user.set_gplus_profile() user.set_profile_image_url(provider="google") except: logging.error( "There was a problem fetching a gplus profile and/or profile image url for an existing user. " ) self.set_cookie("username", user.username, user.salt, max_age=LOGIN_COOKIE_MAXAGE) self.redirect("/settings" if new_user_p else "/")
def _on_signin(self, data, auth_info, provider): """Callback whenever a new or existing user is logging in. data is a user info dictionary. auth_info contains access token or oauth token and secret. See what's in it with logging.info(data, auth_info) """ # Test if we already have a registered user user = self.get_user_by_email(data['email']) new_user_p = False if not user: prefix = data['email'].split("@")[0] test_user = self.get_user_by_username(prefix) username = ("g." + prefix) if test_user else prefix salt = generic.make_salt() user = generic.RegisteredUsers(username = username, password_hash = generic.hash_str(generic.make_salt() + salt), salt = salt, email = data['email']) if data['id']: user.gplusid = data['id'] user.set_gplus_profile() try: user.about_me = user.gplus_profile_json['aboutMe'] except: pass if data['picture']: user.profile_image_url = data['picture'] self.log_and_put(user) new_user_p = True if (not new_user_p) and data['id']: try: user.gplusid = data['id'] user.set_gplus_profile() user.set_profile_image_url(provider = "google") except: logging.error("There was a problem fetching a gplus profile and/or profile image url for an existing user. ") self.set_cookie("username", user.username, user.salt, max_age = LOGIN_COOKIE_MAXAGE) self.redirect("/settings" if new_user_p else "/")
def post(self): action = self.request.get('action') have_error = False email = self.request.get("email") if action == "send_email": if (not email) or (not re.match(EMAIL_RE, email)): have_error = True r_error_message = "Please write a valid email." if not have_error: user = self.get_user_by_email(email) if not user: have_error = True r_error_message = "That's not a registered email." if have_error: self.redirect("/login?r_error_message=%s" % r_error_message) else: link = '%s/recover_password?email=%s&k=%s' % (generic.APP_URL, email, generic.hash_str(user.username + user.salt)) message = mail.EmailMessage(sender = generic.APP_NAME + ' <' + generic.ADMIN_EMAIL + '>', to = email, subject = 'Password recovery', body = generic.render_str('emails/recover_password.txt', reset_link = link, ADMIN_EMAIL = generic.ADMIN_EMAIL), html = generic.render_str('emails/recover_password.html', reset_link = link, ADMIN_EMAIL = generic.ADMIN_EMAIL)) if generic.DEBUG: logging.debug("EMAIL: Sending an email for password recovery. ") message.send() self.redirect('/login?info=Email sent. To reset your password follow the instructions on the email.') elif action == "do_reset": password = self.request.get("password") p_repeat = self.request.get("p_repeat") key = self.request.get("k") if not (email and key): have_error = True if not (password and p_repeat and re.match(PASSWORD_RE, password) and password == p_repeat): self.redirect('/recover_password?email=%s&k=%s&error=%s' % (email, key, "Please fill both boxes with the same password. ")) return if not have_error: user = self.get_user_by_email(email) if not user: have_error = True elif not key == generic.hash_str(user.username + user.salt): have_error = True if have_error: self.error(400) error = "Invalid request. " self.write(error) else: salt = generic.make_salt() user.salt = salt user.password_hash = generic.hash_str(password + salt) self.log_and_put(user) self.redirect("/login?info=Password successfully changed, you can login now with your new password.")
def post(self): user = self.get_login_user() if not user: self.redirect("/login", goback = "/settings") return kw = {"usern" : self.request.get("usern").strip(), "email" : self.request.get("email").strip(), "about_me" : self.request.get("about_me").strip(), "passwd" : self.request.get("passwd").strip(), "repPasswd": self.request.get("repPasswd").strip(), "gplusid" : user.gplusid if user.gplusid else '', "plusone_p": True} have_error = False if kw["usern"]: kw["usern"] = kw["usern"].lower() if user.username != kw["usern"]: u2 = self.get_user_by_username(kw["usern"], "Checking if new username is available. ") if u2 or (not re.match(USERNAME_RE, kw["usern"])): kw["uname_error_p"] = True kw['error'] = "Sorry, that username is not available. " have_error = True if user.email != kw["email"]: u2 = self.get_user_by_email(kw["email"], "Checking if new email is available. ") if u2: kw["email_error_p"] = True kw["error"] += "That email is already in use by someone. " have_error = True if not re.match(EMAIL_RE, kw["email"]): kw["email_error_p"] = True kw["error"] += "That doesn't seem like a valid email. " have_error = True if kw["passwd"] and (kw["passwd"] != kw["repPasswd"]): kw["passwd_error_p"] = True kw["error"] = "The new password doesn't match. Please type it again" have_error = True if have_error: self.render("settings.html", **kw) else: user.username = kw["usern"] user.email = kw["email"] user.about_me = kw["about_me"] if kw["passwd"]: salt = generic.make_salt() user.salt = salt user.password_hash = generic.hash_str(kw["passwd"] + salt) if user.gplusid: user.set_gplus_profile() self.log_and_put(user, "Updating settings.") user.set_profile_image_url("google" if user.gplus_profile_json else "gravatar") self.set_cookie("username", user.username, user.salt, max_age = LOGIN_COOKIE_MAXAGE) self.redirect("/settings?info=Changes saved")
def post(self): usern = self.request.get('usern') password = self.request.get('password') verify = self.request.get('verify') email = self.request.get('email') have_error = False kw = {"usern" : usern, "email" : email, "error" : '', "info" : self.request.get("info")} # Valid input if usern and (usern.lower() in FORBIDDEN_USERNAMES): kw['error_username'] = True kw['error'] = "That username is not available" have_error = True if not re.match(USERNAME_RE, usern): kw['error_username'] = True kw['error'] += "That's not a valid username, it must be from 3 to 20 characters long, start with a letter and contain only letters, numbers, dashes and underscores. " have_error = True if not re.match(EMAIL_RE, email): kw['error_email'] = True kw['error'] += "That doesn't seem like a valid email. " have_error = True if not re.match(PASSWORD_RE, password): kw['error_password'] = True kw['error'] += "That's not a valid password, it must be between 3 and 20 characters long. " have_error = True elif password != verify: kw['error_verify'] = True kw['error'] += "Your passwords didn't match. " have_error = True if not have_error: usern = usern.lower() # Available username another_user = self.get_user_by_username(usern, "Checking if username is available") if not another_user: self.log_read(generic.UnverifiedUsers, "Checking if username is available. ") another_user = generic.UnverifiedUsers.query(generic.UnverifiedUsers.username == usern).get() if another_user: have_error = True kw['error_username'] = True kw['error'] += 'That username is not available. ' # Available email another_email = self.get_user_by_email(email, "Checking if email is available. ") if another_email: have_error = True kw['error_email'] = True kw['error'] += 'That email is already in use by someone. Did you <a href="/recover_password?email=%s">forget your password?. </a>' % email else: self.log_read(generic.UnverifiedUsers, "Checking if email is available. ") another_email = generic.UnverifiedUsers.query(generic.UnverifiedUsers.email == email).get() if another_email: have_error = True kw['error_email'] = True kw['error'] = 'This email is already registered but it still needs to be verified, click <a href="/verify_email?email=%s">here</a> to send the verification email again.' % email # Render if have_error: self.render('signup.html', **kw) else: salt = generic.make_salt() ph = generic.hash_str(password + salt) u = generic.UnverifiedUsers(username = usern, password_hash = ph, salt = salt, email = email) self.log_and_put(u, "New user registration") email_messages.send_verify_email(u) self.render('signup.html', info = "A message has been sent to your email, please follow the instructions provided there.")
def post(self): action = self.request.get('action') have_error = False email = self.request.get("email") if action == "send_email": if (not email) or (not re.match(EMAIL_RE, email)): have_error = True r_error_message = "Please write a valid email." if not have_error: user = self.get_user_by_email(email) if not user: have_error = True r_error_message = "That's not a registered email." if have_error: self.redirect("/login?r_error_message=%s" % r_error_message) else: link = '%s/recover_password?email=%s&k=%s' % ( generic.APP_URL, email, generic.hash_str(user.username + user.salt)) message = mail.EmailMessage( sender=generic.APP_NAME + ' <' + generic.ADMIN_EMAIL + '>', to=email, subject='Password recovery', body=generic.render_str('emails/recover_password.txt', reset_link=link, ADMIN_EMAIL=generic.ADMIN_EMAIL), html=generic.render_str('emails/recover_password.html', reset_link=link, ADMIN_EMAIL=generic.ADMIN_EMAIL)) if generic.DEBUG: logging.debug( "EMAIL: Sending an email for password recovery. ") message.send() self.redirect( '/login?info=Email sent. To reset your password follow the instructions on the email.' ) elif action == "do_reset": password = self.request.get("password") p_repeat = self.request.get("p_repeat") key = self.request.get("k") if not (email and key): have_error = True if not (password and p_repeat and re.match(PASSWORD_RE, password) and password == p_repeat): self.redirect( '/recover_password?email=%s&k=%s&error=%s' % (email, key, "Please fill both boxes with the same password. ")) return if not have_error: user = self.get_user_by_email(email) if not user: have_error = True elif not key == generic.hash_str(user.username + user.salt): have_error = True if have_error: self.error(400) error = "Invalid request. " self.write(error) else: salt = generic.make_salt() user.salt = salt user.password_hash = generic.hash_str(password + salt) self.log_and_put(user) self.redirect( "/login?info=Password successfully changed, you can login now with your new password." )
def post(self): usern = self.request.get('usern') password = self.request.get('password') verify = self.request.get('verify') email = self.request.get('email') have_error = False kw = { "usern": usern, "email": email, "error": '', "info": self.request.get("info") } # Valid input if usern and (usern.lower() in FORBIDDEN_USERNAMES): kw['error_username'] = True kw['error'] = "That username is not available" have_error = True if not re.match(USERNAME_RE, usern): kw['error_username'] = True kw['error'] += "That's not a valid username, it must be from 3 to 20 characters long, start with a letter and contain only letters, numbers, dashes and underscores. " have_error = True if not re.match(EMAIL_RE, email): kw['error_email'] = True kw['error'] += "That doesn't seem like a valid email. " have_error = True if not re.match(PASSWORD_RE, password): kw['error_password'] = True kw['error'] += "That's not a valid password, it must be between 3 and 20 characters long. " have_error = True elif password != verify: kw['error_verify'] = True kw['error'] += "Your passwords didn't match. " have_error = True if not have_error: usern = usern.lower() # Available username another_user = self.get_user_by_username( usern, "Checking if username is available") if not another_user: self.log_read(generic.UnverifiedUsers, "Checking if username is available. ") another_user = generic.UnverifiedUsers.query( generic.UnverifiedUsers.username == usern).get() if another_user: have_error = True kw['error_username'] = True kw['error'] += 'That username is not available. ' # Available email another_email = self.get_user_by_email( email, "Checking if email is available. ") if another_email: have_error = True kw['error_email'] = True kw['error'] += 'That email is already in use by someone. Did you <a href="/recover_password?email=%s">forget your password?. </a>' % email else: self.log_read(generic.UnverifiedUsers, "Checking if email is available. ") another_email = generic.UnverifiedUsers.query( generic.UnverifiedUsers.email == email).get() if another_email: have_error = True kw['error_email'] = True kw['error'] = 'This email is already registered but it still needs to be verified, click <a href="/verify_email?email=%s">here</a> to send the verification email again.' % email # Render if have_error: self.render('signup.html', **kw) else: salt = generic.make_salt() ph = generic.hash_str(password + salt) u = generic.UnverifiedUsers(username=usern, password_hash=ph, salt=salt, email=email) self.log_and_put(u, "New user registration") email_messages.send_verify_email(u) self.render( 'signup.html', info= "A message has been sent to your email, please follow the instructions provided there." )