Exemplo n.º 1
0
    def create_user(self):
        """ Add user to the database """
        if User.by_handle(self.get_argument("handle", "")) is not None:
            raise ValidationError("This handle is already registered")
        if self.get_argument("pass1", "") != self.get_argument("pass2", ""):
            raise ValidationError("Passwords do not match")
        user = User()
        user.handle = self.get_argument("handle", "")
        user.password = self.get_argument("pass1", "")
        user.bank_password = self.get_argument("bpass", "")
        user.name = self.get_argument("playername", "")
        user.email = self.get_argument("email", "")
        team = self.get_team()
        self.dbsession.add(user)
        self.dbsession.add(team)
        self.dbsession.commit()

        # Avatar
        avatar_select = self.get_argument("user_avatar_select", "")
        if avatar_select and len(avatar_select) > 0:
            user._avatar = avatar_select
        elif hasattr(self.request, "files") and "avatar" in self.request.files:
            user.avatar = self.request.files["avatar"][0]["body"]
        team.members.append(user)
        if not options.teams:
            if avatar_select and len(avatar_select) > 0:
                team._avatar = avatar_select
            elif hasattr(self.request,
                         "files") and "avatar" in self.request.files:
                team.avatar = self.request.files["avatar"][0]["body"]
        self.dbsession.add(user)
        self.dbsession.add(team)
        self.dbsession.commit()
        self.event_manager.user_joined_team(user)
        return user
Exemplo n.º 2
0
 def post(self, *args, **kwargs):
     ''' Checks submitted username and password '''
     user = User.by_handle(self.get_argument('account', ''))
     password_attempt = self.get_argument('password', '')
     if user is not None:
         if user.validate_password(password_attempt):
             if not user.locked:
                 if self.game_started(user):
                     self.successful_login(user)
                     if self.config.story_mode and user.logins == 1 and not user.has_permission(
                             ADMIN_PERMISSION):
                         self.redirect('/user/missions/firstlogin')
                     else:
                         self.redirect('/user')
                 else:
                     self.render('public/login.html',
                                 errors=None,
                                 info=["The game has not started yet"])
             else:
                 self.render('public/login.html',
                             info=None,
                             errors=["Your account has been locked"])
         else:
             self.failed_login()
     else:
         if password_attempt is not None:
             PBKDF2.crypt(password_attempt, "BurnTheHashTime")
         self.failed_login()
Exemplo n.º 3
0
 def post(self, *args, **kwargs):
     """ Checks submitted username and password """
     user = User.by_handle(self.get_argument("account", ""))
     password_attempt = self.get_argument("password", "")
     if user is not None:
         if user.validate_password(password_attempt):
             if not user.locked:
                 self.successful_login(user)
                 if (self.config.story_mode and user.logins == 1
                         and not user.is_admin()):
                     self.redirect("/user/missions/firstlogin")
                 else:
                     self.redirect("/user")
             else:
                 self.render(
                     "public/login.html",
                     info=None,
                     errors=["Your account has been locked"],
                 )
         else:
             self.failed_login()
     else:
         if password_attempt is not None:
             PBKDF2.crypt(password_attempt, "BurnTheHashTime")
         self.failed_login()
Exemplo n.º 4
0
 def form_validation(self):
     if (bool(
             re.match(r"^[a-zA-Z0-9_\-\.]{3,16}$",
                      self.get_argument("handle", ""))) is False):
         raise ValidationError("Invalid handle format")
     email = self.get_argument("email", None)
     if options.require_email and (not email or not len(email) > 0):
         raise ValidationError("Email address is required")
     if (email and bool(
             re.match(
                 r"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$",
                 self.get_argument("email", ""),
             )) is False):
         raise ValidationError("Invalid email format")
     if (self.get_argument("playername", None) and bool(
             re.match(r"^[a-zA-Z0-9 ]{3,64}$",
                      self.get_argument("playername", ""))) is False):
         raise ValidationError("Invalid playername format")
     if (User.by_handle(self.get_argument("handle", ""),
                        case_sensitive=False) is not None):
         raise ValidationError("This handle is already registered")
     if (options.require_email and User.by_email(
             self.get_argument("email", None)) is not None):
         raise ValidationError("This email address is already registered")
     if self.get_argument("pass1", "") != self.get_argument("pass2", ""):
         raise ValidationError("Passwords do not match")
Exemplo n.º 5
0
    def create_user(self):
        ''' Add user to the database '''
        if User.by_handle(self.get_argument('handle', '')) is not None:
            raise ValidationError("This handle is already registered")
        if self.get_argument('pass1', '') != self.get_argument('pass2', ''):
            raise ValidationError("Passwords do not match")
        user = User()
        user.handle = self.get_argument('handle', '')
        user.password = self.get_argument('pass1', '')
        user.bank_password = self.get_argument('bpass', '')
        user.name = self.get_argument('playername', '')
        user.email = self.get_argument('email','')
        team = self.get_team()
        self.dbsession.add(user)
        self.dbsession.add(team)
        self.dbsession.commit()

         # Avatar
        avatar_select = self.get_argument('user_avatar_select', '')
        if avatar_select and len(avatar_select) > 0:
            user._avatar = avatar_select
        elif hasattr(self.request, 'files') and 'avatar' in self.request.files:
            user.avatar = self.request.files['avatar'][0]['body']
        team.members.append(user)
        if not options.teams:
            if avatar_select and len(avatar_select) > 0:
                team._avatar = avatar_select
            elif hasattr(self.request, 'files') and 'avatar' in self.request.files:
                team.avatar = self.request.files['avatar'][0]['body']  
        self.dbsession.add(user)
        self.dbsession.add(team)
        self.dbsession.commit()  
        self.event_manager.user_joined_team(user)
        return user
Exemplo n.º 6
0
    def create_user(self):
        ''' Add user to the database '''
        if User.by_handle(self.get_argument('handle', '')) is not None:
            raise ValidationError("This hacker name is already registered")
        if self.get_argument('pass1', '') != self.get_argument('pass2', ''):
            raise ValidationError("Passwords do not match")
        user = User()
        user.handle = self.get_argument('handle', '')
        user.password = self.get_argument('pass1', '')
        user.bank_password = self.get_argument('bpass', '')
        user._name = self.get_argument('playername', '')
        team = self.get_team()
        self.dbsession.add(user)
        self.dbsession.add(team)
        self.dbsession.commit()

         # Avatar
        avatar_select = self.get_argument('user_avatar_select', '')
        if avatar_select and len(avatar_select) > 0:
            user._avatar = avatar_select
        elif hasattr(self.request, 'files') and 'avatar' in self.request.files:
            user.avatar = self.request.files['avatar'][0]['body']
        team.members.append(user)
        if not options.teams:
            if avatar_select and len(avatar_select) > 0:
                team._avatar = avatar_select
            elif hasattr(self.request, 'files') and 'avatar' in self.request.files:
                team.avatar = self.request.files['avatar'][0]['body']  
        self.dbsession.add(user)
        self.dbsession.add(team)
        self.dbsession.commit()  
        self.event_manager.user_joined_team(user)
        return user
Exemplo n.º 7
0
 def wrapper(self, *args, **kwargs):
     if self.session is not None:
         user = User.by_handle(self.session["handle"])
         if user is not None and user.has_permission(permission):
             return method(self, *args, **kwargs)
     logging.warn("Attempted unauthorized access from %s to %s" %
                  (self.request.remote_ip, self.request.uri))
     self.redirect(self.application.settings["forbidden_url"])
Exemplo n.º 8
0
 def wrapper(self, *args, **kwargs):
     if self.session is not None:
         user = User.by_handle(self.session['handle'])
         if user is not None and user.has_permission(permission):
             return method(self, *args, **kwargs)
     logging.warn("Attempted unauthorized access from %s to %s" % (
         self.request.remote_ip, self.request.uri,
     ))
     self.redirect(self.application.settings['forbidden_url'])
Exemplo n.º 9
0
def create_user():
    user = User.by_handle("HacKer")
    if user is None:
        user = User()
        user.handle = "HacKer"
        user.password = "******"
        user.bank_password = "******"
        dbsession.add(user)
        dbsession.commit()
    return user
Exemplo n.º 10
0
 def get_current_user(self):
     """ Get current user object from database """
     if self.session is not None:
         try:
             return User.by_handle(self.session["handle"])
         except KeyError:
             logging.exception("Malformed session: %r" % self.session)
         except:
             logging.exception("Failed call to get_current_user()")
     return None
Exemplo n.º 11
0
 def get_current_user(self):
     """ Get current user object from database """
     if self.session is not None:
         try:
             return User.by_handle(self.session["handle"])
         except KeyError:
             logging.exception("Malformed session: %r" % self.session)
         except:
             logging.exception("Failed call to get_current_user()")
     return None
Exemplo n.º 12
0
def create_user():
    user = User.by_handle("HacKer")
    if user is None:
        user = User()
        user.handle = "HacKer"
        user.password = "******"
        user.bank_password = "******"
        dbsession.add(user)
        dbsession.commit()
    return user
Exemplo n.º 13
0
 def post(self, *args, **kwargs):
     """ Checks submitted username and password """
     user = User.by_handle(self.get_argument("account", ""))
     password_attempt = self.get_argument("password", "")
     if user is not None:
         if user.validate_password(password_attempt):
             self.valid_login(user)
         else:
             self.failed_login()
     else:
         if password_attempt is not None:
             PBKDF2.crypt(password_attempt, "BurnTheHashTime")
         self.failed_login()
 def create_user(self, team):
     ''' Add user to the database '''
     if User.by_handle(self.get_argument('handle', '')) is not None:
         raise ValidationError("This hacker name is already registered")
     if self.get_argument('pass1', '') != self.get_argument('pass2', ''):
         raise ValidationError("Passwords do not match")
     user = User()
     user.handle = self.get_argument('handle', '')
     user.password = self.get_argument('pass1', '')
     user.bank_password = self.get_argument('bpass', '')
     team.members.append(user)
     self.dbsession.add(user)
     self.dbsession.add(team)
     self.dbsession.commit()
     self.event_manager.user_joined_team(user)
     return user
Exemplo n.º 15
0
 def create_user(self, team):
     ''' Add user to the database '''
     if User.by_handle(self.get_argument('handle', '')) is not None:
         raise ValidationError("This hacker name is already registered")
     if self.get_argument('pass1', '') != self.get_argument('pass2', ''):
         raise ValidationError("Passwords do not match")
     user = User()
     user.handle = self.get_argument('handle', '')
     user.password = self.get_argument('pass1', '')
     user.bank_password = self.get_argument('bpass', '')
     team.members.append(user)
     self.dbsession.add(user)
     self.dbsession.add(team)
     self.dbsession.commit()
     self.event_manager.user_joined_team(user)
     return user
Exemplo n.º 16
0
 def edit_user(self):
     ''' Update user objects in the database '''
     try:
         user = User.by_uuid(self.get_argument('uuid', ''))
         if user is None:
             raise ValidationError("User does not exist")
         handle = self.get_argument('handle', '')
         if user.handle != handle:
             if User.by_handle(handle) is None:
                 logging.info("Updated user handle %s -> %s" % (
                     user.handle, handle
                 ))
                 user.handle = handle
             else:
                 raise ValidationError("Handle is already in use")
         hash_algorithm = self.get_argument('hash_algorithm', '')
         if hash_algorithm != user.algorithm:
             if hash_algorithm in user.algorithms:
                 if 0 < len(self.get_argument('bank_password', '')):
                     logging.info("Updated %s's hashing algorithm %s -> %s" % (
                         user.handle, user.algorithm, hash_algorithm,
                     ))
                     user.algorithm = hash_algorithm
                 else:
                     raise ValidationError(
                         "You must provide a new bank password when updating the hashing algorithm")
             else:
                 raise ValidationError("Not a valid hash algorithm")
         user.password = self.get_argument('password', '')
         if len(self.get_argument('bank_password', '')):
             user.bank_password = self.get_argument('bank_password', '')
         team = Team.by_uuid(self.get_argument('team_uuid', ''))
         if team is not None:
             if user not in team.members:
                 logging.info("Updated %s's team %s -> %s" % (
                     user.handle, user.team_id, team.name
                 ))
                 user.team_id = team.id
         else:
             raise ValidationError("Team does not exist in database")
         self.dbsession.add(user)
         self.dbsession.commit()
         self.redirect('/admin/users')
     except ValidationError as error:
         self.render("admin/view/users.html",
                     errors=[str(error), ]
                     )
Exemplo n.º 17
0
 def transfer(self):
     user = self.get_current_user()
     source = Team.by_name(self.get_argument('source', ''))
     destination = Team.by_name(self.get_argument('destination', ''))
     try:
         amount = int(self.get_argument('amount', 0))
     except ValueError:
         amount = 0
     victim_user = User.by_handle(self.get_argument('user', None))
     password = self.get_argument('password', '')
     user = self.get_current_user()
     # Validate what we got from the user
     if source is None:
         self.write({"error": "Source account does not exist"})
     elif destination is None:
         self.write({"error": "Destination account does not exist"})
     elif victim_user is None or not victim_user in source.members:
         self.write({"error": "User is not authorized for this account"})
     elif victim_user in user.team.members:
         self.write({"error": "You cannot steal from your own team"})
     elif not 0 < amount <= source.money:
         self.write({
             "error":
             "Invalid transfer amount; must be greater than 0 and less than $%d"
             % source.money
         })
     elif destination == source:
         self.write(
             {"error": "Source and destination are the same account"})
     elif victim_user.validate_bank_password(password):
         logging.info("Transfer request from %s to %s for $%d by %s" %
                      (source.name, destination.name, amount, user.handle))
         xfer = self.theft(victim_user, destination, amount, password)
         self.write({
             "success":
             "Confirmed transfer to '%s' for $%d (after 15%s commission)" %
             (
                 destination.name,
                 xfer,
                 '%',
             )
         })
     else:
         self.write({"error": "Incorrect password for account, try again"})
     self.finish()
Exemplo n.º 18
0
 def post(self, *args, **kwargs):
     ''' Checks submitted username and password '''
     user = User.by_handle(self.get_argument('account', ''))
     password_attempt = self.get_argument('password', '')
     if user is not None and user.validate_password(password_attempt):
         if not user.locked:
             if self.game_started(user):
                 self.successful_login(user)
                 if user.logins == 1 and not user.has_permission(ADMIN_PERMISSION):
                     self.redirect('/user/missions/firstlogin')
                 else:
                     self.redirect('/user')
             else:
                 self.render('public/login.html', errors=["The game has not started yet"])
         else:
             self.render('public/login.html', errors=["Your account has been locked"])
     else:
         self.failed_login()
Exemplo n.º 19
0
 def transfer(self):
     user = self.get_current_user()
     source = Team.by_name(self.get_argument('source', ''))
     destination = Team.by_name(self.get_argument('destination', ''))
     try:
         amount = int(self.get_argument('amount', 0))
     except ValueError:
         amount = 0
     victim_user = User.by_handle(self.get_argument('user', None))
     password = self.get_argument('password', '')
     user = self.get_current_user()
     # Validate what we got from the user
     if source is None:
         self.write({"error": "Source account does not exist"})
     elif destination is None:
         self.write({"error": "Destination account does not exist"})
     elif victim_user is None or victim_user not in source.members:
         self.write({"error": "User is not authorized for this account"})
     elif victim_user in user.team.members:
         self.write({"error": "You cannot steal from your own team"})
     elif not 0 < amount <= source.money:
         self.write({
             "error":
             "Invalid transfer amount; must be greater than 0 and less than $%d" % source.money
         })
     elif destination == source:
         self.write({
             "error": "Source and destination are the same account"
         })
     elif victim_user.validate_bank_password(password):
         logging.info("Transfer request from %s to %s for $%d by %s" % (
             source.name, destination.name, amount, user.handle
         ))
         xfer = self.theft(victim_user, destination, amount, password)
         self.write({
             "success":
             "Confirmed transfer to '%s' for $%d (15%s commission)" % (
                 destination.name, xfer, '%'
             )
         })
     else:
         self.write({"error": "Incorrect password for account, try again"})
     self.finish()
Exemplo n.º 20
0
 def form_validation(self):
     if (bool(
             re.match(r"^[a-zA-Z0-9_\-\.]{3,16}$",
                      self.get_argument("handle", ""))) is False):
         raise ValidationError("Invalid handle format")
     if (self.get_argument("email", None) and bool(
             re.match(
                 r"^[a-z0-9]+[\._]?[a-z0-9]+[@]\w+[.]\w{2,3}$",
                 self.get_argument("email", ""),
             )) is False):
         raise ValidationError("Invalid email format")
     if (self.get_argument("playername", None) and bool(
             re.match(r"^[a-zA-Z0-9 ]{3,64}$",
                      self.get_argument("playername", ""))) is False):
         raise ValidationError("Invalid email format")
     if (User.by_handle(self.get_argument("handle", ""),
                        case_sensitive=False) is not None):
         raise ValidationError("This handle is already registered")
     if self.get_argument("pass1", "") != self.get_argument("pass2", ""):
         raise ValidationError("Passwords do not match")
Exemplo n.º 21
0
 def post(self, *args, **kwargs):
     ''' Checks submitted username and password '''
     user = User.by_handle(self.get_argument('account', ''))
     password_attempt = self.get_argument('password', '')
     if user is not None:
         if user.validate_password(password_attempt):
             if not user.locked:
                 self.successful_login(user)
                 if self.config.story_mode and user.logins == 1 and not user.is_admin():
                     self.redirect('/user/missions/firstlogin')
                 else:
                     self.redirect('/user')
             else:
                 self.render('public/login.html',
                             info=None, errors=["Your account has been locked"])
         else:
             self.failed_login()
     else:
         if password_attempt is not None:
             PBKDF2.crypt(password_attempt, "BurnTheHashTime")
         self.failed_login()
Exemplo n.º 22
0
    def edit_user(self):
        """ Update user objects in the database """
        try:
            user = User.by_uuid(self.get_argument("uuid", ""))
            if user is None:
                raise ValidationError("User does not exist")
            handle = self.get_argument("handle", "")
            if user.handle != handle:
                if User.by_handle(handle) is None:
                    logging.info("Updated user handle %s -> %s" %
                                 (user.handle, handle))
                    user.handle = handle
                else:
                    raise ValidationError("Handle is already in use")
            name = self.get_argument("name", "")
            email = self.get_argument("email", "")
            if user.name != name:
                logging.info("Updated user Name %s -> %s" % (user.name, name))
                user.name = name
            if user.email != email:
                logging.info("Updated user Email %s -> %s" %
                             (user.email, email))
                user.email = email
            if options.banking:
                hash_algorithm = self.get_argument("hash_algorithm", "")
                if hash_algorithm != user.algorithm:
                    if hash_algorithm in user.algorithms:
                        if 0 < len(self.get_argument("bank_password", "")):
                            logging.info(
                                "Updated %s's hashing algorithm %s -> %s" %
                                (user.handle, user.algorithm, hash_algorithm))
                            user.algorithm = hash_algorithm
                        else:
                            raise ValidationError(
                                "You must provide a new bank password when updating the hashing algorithm"
                            )
                    else:
                        raise ValidationError("Not a valid hash algorithm")
                if len(self.get_argument("bank_password", "")):
                    user.bank_password = self.get_argument("bank_password", "")
            password = self.get_argument("password", "")
            if password and len(password) > 0:
                user.password = password
            if hasattr(self.request,
                       "files") and "avatarfile" in self.request.files:
                user.avatar = self.request.files["avatarfile"][0]["body"]
            else:
                avatar = self.get_argument("avatar", user.avatar)
                # allow for default without setting
                user._avatar = avatar
            team = Team.by_uuid(self.get_argument("team_uuid", ""))
            if team is not None:
                if user not in team.members:
                    logging.info("Updated %s's team %s -> %s" %
                                 (user.handle, user.team_id, team.name))
                    user.team_id = team.id
            elif options.teams:
                raise ValidationError("Team does not exist in database")
            self.dbsession.add(user)

            admin = self.get_argument("admin", "false")
            if admin == "true" and not user.is_admin():
                permission = Permission()
                permission.name = ADMIN_PERMISSION
                permission.user_id = user.id
                self.dbsession.add(permission)
            elif admin == "false" and user.is_admin():
                permissions = Permission.by_user_id(user.id)
                for permission in permissions:
                    if permission.name == ADMIN_PERMISSION:
                        self.dbsession.delete(permission)

            self.dbsession.commit()
            self.redirect("/admin/users")
        except ValidationError as error:
            self.render("admin/view/users.html", errors=[str(error)])
Exemplo n.º 23
0
    def edit_user(self):
        ''' Update user objects in the database '''
        try:
            user = User.by_uuid(self.get_argument('uuid', ''))
            if user is None:
                raise ValidationError("User does not exist")
            handle = self.get_argument('handle', '')
            if user.handle != handle:
                if User.by_handle(handle) is None:
                    logging.info("Updated user handle %s -> %s" % (
                        user.handle, handle
                    ))
                    user.handle = handle
                else:
                    raise ValidationError("Handle is already in use")
            name = self.get_argument('name', '')
            email = self.get_argument('email', '')
            if user.name != name:
                logging.info("Updated user Name %s -> %s" % (
                        user.name, name
                    ))
                user.name = name
            if user.email != email:
                logging.info("Updated user Email %s -> %s" % (
                        user.email, email
                    ))
                user.email = email
            if options.banking:
                hash_algorithm = self.get_argument('hash_algorithm', '')
                if hash_algorithm != user.algorithm:
                    if hash_algorithm in user.algorithms:
                        if 0 < len(self.get_argument('bank_password', '')):
                            logging.info("Updated %s's hashing algorithm %s -> %s" % (
                                user.handle, user.algorithm, hash_algorithm,
                            ))
                            user.algorithm = hash_algorithm
                        else:
                            raise ValidationError(
                                "You must provide a new bank password when updating the hashing algorithm")
                    else:
                        raise ValidationError("Not a valid hash algorithm")
                if len(self.get_argument('bank_password', '')):
                    user.bank_password = self.get_argument('bank_password', '')
            password = self.get_argument('password', '')
            if password and len(password) > 0:
                user.password = password
            if hasattr(self.request, 'files') and 'avatarfile' in self.request.files:
                user.avatar = self.request.files['avatarfile'][0]['body']
            else:
                avatar = self.get_argument('avatar', user.avatar)
                #allow for default without setting
                user._avatar = avatar
            team = Team.by_uuid(self.get_argument('team_uuid', ''))
            if team is not None:
                if user not in team.members:
                    logging.info("Updated %s's team %s -> %s" % (
                        user.handle, user.team_id, team.name
                    ))
                    user.team_id = team.id
            elif options.teams:
                raise ValidationError("Team does not exist in database")
            self.dbsession.add(user)

            admin = self.get_argument('admin', 'false')
            if admin == 'true' and not user.is_admin():
                permission = Permission()
                permission.name = ADMIN_PERMISSION
                permission.user_id = user.id
                self.dbsession.add(permission)
            elif admin == 'false' and user.is_admin():
                permissions = Permission.by_user_id(user.id)
                for permission in permissions:
                    if permission.name == ADMIN_PERMISSION:
                        self.dbsession.delete(permission)
                
            self.dbsession.commit()
            self.redirect('/admin/users')
        except ValidationError as error:
            self.render("admin/view/users.html",
                        errors=[str(error), ]
                        )
Exemplo n.º 24
0
 def edit_user(self):
     ''' Update user objects in the database '''
     try:
         user = User.by_uuid(self.get_argument('uuid', ''))
         if user is None:
             raise ValidationError("User does not exist")
         handle = self.get_argument('handle', '')
         if user.handle != handle:
             if User.by_handle(handle) is None:
                 logging.info("Updated user handle %s -> %s" %
                              (user.handle, handle))
                 user.handle = handle
             else:
                 raise ValidationError("Handle is already in use")
         name = self.get_argument('name', '')
         email = self.get_argument('email', '')
         if user.name != name:
             logging.info("Updated user Name %s -> %s" % (user.name, name))
             user.name = name
         if user.email != email:
             logging.info("Updated user Email %s -> %s" %
                          (user.email, email))
             user.email = email
         if options.banking:
             hash_algorithm = self.get_argument('hash_algorithm', '')
             if hash_algorithm != user.algorithm:
                 if hash_algorithm in user.algorithms:
                     if 0 < len(self.get_argument('bank_password', '')):
                         logging.info(
                             "Updated %s's hashing algorithm %s -> %s" % (
                                 user.handle,
                                 user.algorithm,
                                 hash_algorithm,
                             ))
                         user.algorithm = hash_algorithm
                     else:
                         raise ValidationError(
                             "You must provide a new bank password when updating the hashing algorithm"
                         )
                 else:
                     raise ValidationError("Not a valid hash algorithm")
             if len(self.get_argument('bank_password', '')):
                 user.bank_password = self.get_argument('bank_password', '')
         password = self.get_argument('password', '')
         if password and len(password) > 0:
             user.password = password
         if hasattr(self.request,
                    'files') and 'avatarfile' in self.request.files:
             user.avatar = self.request.files['avatarfile'][0]['body']
         else:
             avatar = self.get_argument('avatar', user.avatar)
             #allow for default without setting
             user._avatar = avatar
         team = Team.by_uuid(self.get_argument('team_uuid', ''))
         if team is not None:
             if user not in team.members:
                 logging.info("Updated %s's team %s -> %s" %
                              (user.handle, user.team_id, team.name))
                 user.team_id = team.id
         elif options.teams:
             raise ValidationError("Team does not exist in database")
         self.dbsession.add(user)
         self.dbsession.commit()
         self.redirect('/admin/users')
     except ValidationError as error:
         self.render("admin/view/users.html", errors=[
             str(error),
         ])