Exemplo n.º 1
0
Arquivo: user.py Projeto: vadosl/ospfm
    def update(self, username):
        if username == 'me' or username == self.username:
            # A user can only modify his own information
            user = models.User.query.options(
                db.joinedload(models.User.emails)
            ).filter(
                models.User.username == self.username
            ).one()
            if 'first_name' in self.args:
                user.first_name = self.args['first_name']
            if 'last_name' in self.args:
                user.last_name = self.args['last_name']
            if 'password' in self.args and \
               username not in config.DEMO_ACCOUNTS:
                if 'currentpassword' in self.args and \
                           authentication.authenticate(
                                username,
                                self.args['currentpassword'],
                                False
                           ):
                    if len(self.args['password']) < 8:
                        self.badrequest(
                               'Password should be at least 8 characters long')
                    user.passhash = sha512_crypt.encrypt(
                                        self.args['password'],
                                        rounds=config.PASSWORD_SALT_COMPLEXITY
                                    )
                else:
                    self.badrequest(
                                 "Please provide the correct current password")
            if 'preferred_currency' in self.args:
                currency = models.Currency.query.filter(
                  db.and_(
                     models.Currency.isocode == self.args['preferred_currency'],
                     models.Currency.owner_username == None,
                  )
                ).first()
                if currency:
                    # When preferred currency is changed, all owner's
                    # currencies rates must be changed
                    # XXX Debts amounts should also be changed... when debts will be implemented
                    multiplier = user.preferred_currency
                    multiplier = exchangerate.getrate(
                        user.preferred_currency.isocode,
                        currency.isocode
                    )
                    for c in models.Currency.query.filter(
                        models.Currency.owner_username == self.username
                    ):
                        c.rate = c.rate * multiplier
                    user.preferred_currency = currency
                    self.add_to_response('totalbalance')
            if 'emails' in self.args:
                emails = json.loads(self.args['emails'])
                previous_emails = []
                previous_notifications = []
                for address in models.UserEmail.query.filter(
                              models.UserEmail.user_username == self.username):
                    previous_emails.append(address.email_address)
                    if address.notification:
                        previous_notifications.append(address.email_address)
                if type(emails) == type({}):
                    if 'add' in emails and \
                       type(emails['add']) == type([]) and \
                       username not in config.DEMO_ACCOUNTS:
                        for address in emails['add']:
                            # TODO Verify there is a "@" in the email address
                            if address not in previous_emails:
                                # Use random hash for email confirmation
                                # Email confirmation is done outside of OSPFM
                                # Another process must read the database and
                                # send confirmation emails
                                randomhash = os.urandom(8).encode('hex')
                                db.session.add(
                                    models.UserEmail(
                                        user_username = self.username,
                                        email_address = address,
                                        confirmation = randomhash
                                    )
                                )
                    if 'remove' in emails and type(emails['remove'])==type([]):
                        for address in emails['remove']:
                            if address in previous_emails:
                                db.session.delete(
                                    models.UserEmail.query.filter(
                                        db.and_(
                               models.UserEmail.user_username == self.username,
                               models.UserEmail.email_address == address
                                        )
                                    ).first()
                                )
                    if 'enablenotifications' in emails and \
                       type(emails['enablenotifications']) == type([]):
                        for address in emails['enablenotifications']:
                            if address not in previous_notifications:
                                models.UserEmail.query.filter(
                                    db.and_(
                               models.UserEmail.user_username == self.username,
                               models.UserEmail.email_address == address
                                    )
                                ).first().notification = True
                    if 'disablenotifications' in emails and \
                       type(emails['disablenotifications']) == type([]):
                        for address in emails['disablenotifications']:
                            if address in previous_notifications:
                                models.UserEmail.query.filter(
                                    db.and_(
                               models.UserEmail.user_username == self.username,
                               models.UserEmail.email_address == address
                                    )
                                ).first().notification = False


            db.session.commit()
            return self.read(username)
        else:
            self.forbidden('The only user you can modify is yourself')
Exemplo n.º 2
0
def login():
    return authentication.authenticate()