Exemplo n.º 1
0
    def post(self):
        params = {}
        error = False
        if not self.request.get('oldpass'):
            params['oldpass'] = '******'
            error = True

        if not self.request.get('newpass'):
            params['newpass'] = "******"
            error = True

        if not self.request.get('passval'):
            params['valpass'] = '******'
            error = True


        if not self.request.get('valpass') == self.request.get('newpass'):
            params['errorMessage'] = "Passwords didn't match"
        if(self.request.cookies.get('user') and self.check_secure_val(self.request.cookies.get('user'))):
            user = databases.User.get_by_id(int(self.request.cookies.get('user').split('|')[0]))
            oldpass = self.request.get('oldpass')
            newpass = self.request.get('newpass')
            passval = self.request.get('passval')

            if error:
                self.render("changepass.html", **params)
            else:
                if util.valid_pw(user.email, oldpass, user.pw_hash) and (newpass == newpass):
                    passhash = util.make_pw_hash(user.email, newpass)
                    user.pw_hash = passhash
                    user.put()
        
        self.redirect('/')
Exemplo n.º 2
0
    def post(self):
        user = databases.User.get_by_id(int(self.request.cookies.get('user').split('|')[0]))
        firstname = user.name.split(' ')[0]
        lastname = user.name.split(' ')[1]

        if self.request.get('user_password') == '' or util.valid_pw(user.email, self.request.get('user_password'), user.pw_hash) == False:
            self.render('profile.html', password = '******', user = user, firstname = firstname, lastname = lastname)
        else:
            user.name = self.request.get('user_first') + " " + self.request.get('user_last')
            user.email = self.request.get('user_email')
            user.pw_hash = util.make_pw_hash(user.email, self.request.get('user_password'))
            user.put()

            if not self.request.POST[u'image'] == "":
                try:
                    data = self.request.POST[u'image'].file.read()
                    name = self.request.POST[u'image'].filename
                    filetype = self.request.POST[u'image'].type
                    image = databases.userImage(name = name, data = data, filetype = filetype, user = user)
                    for i in databases.userImage.all():
                        if i.user.key().id() == user.key().id():
                            logging.debug('Deleted: ' + i.name)
                            i.delete()

                    logging.debug("Put: " + image.name)
                    image.put()

                    self.redirect('/')
                except Exception as e:
                    error = "Image must be smaller than 1mb."
                    logging.error(e)
                    self.render('profile.html', user = user, firstname = firstname, lastname = lastname, error = error)
            else:
                logging.debug('No image')
                self.redirect('/')
Exemplo n.º 3
0
def login(request):
    error = ""
    redirect_to = request.REQUEST.get('next', '')
    if request.method == "POST":
        form = blogForms.LoginForm(request.POST)
        if form.is_valid():
            try:
                #Gets the user from the db if it exists
                u = User.objects.get(username=request.POST['username'])
                #Compares password user gave with pass stored in db
                if util.valid_pw(request.POST['username'], request.POST['password'], u.password):
                    #Sets cookie if login is valid
                    uid = u.id
                    val = util.make_secure_val(str(uid))
                    # if request.REQUEST.get('next', ''):
                    if redirect_to:
                        response = HttpResponseRedirect(redirect_to)
                    else:
                        response = HttpResponseRedirect('/')
                    # else:
                    #     response = HttpResponseRedirect('/')
                    response.set_cookie("user",val, max_age=2629740)
                    return response
            #If the user doesn't exist
            except ObjectDoesNotExist:
                error = "Invalid Login"
            else:
                error = "Invalid Login"
        else:
            error = "Invalid Login"
    else:
        form = blogForms.LoginForm()
    return render_to_response("login.html", {"form": form, "error": error, "redirect_to": redirect_to}, context_instance=RequestContext(request))
Exemplo n.º 4
0
    def post(self):
        username = self.request.get('username')
        password = self.request.get('password')

        user = models.Admin.login_validation(username)

        if user and util.valid_pw(username, password, user.admin_pw_hash):
            # If statement below prevents default error message on /blog/login
            if util.valid_pw(username, password, user.admin_pw_hash):
                # var added to 'admin' to provide unique cookie for each login
                var = util.random_letters()
                self.set_secure_cookie('user_id', 'admin' + var)
                self.redirect('/admin-pref')
                return
        else:
            self.generate('login.html',
                          {'error_login': '******'})
Exemplo n.º 5
0
    def post(self):
        username = self.request.get('username')
        password = self.request.get('password')

        user = models.Admin.login_validation(username)

        if user and util.valid_pw(username, password, user.admin_pw_hash):
            # If statement below prevents default error message on /blog/login
            if util.valid_pw(username, password, user.admin_pw_hash):
                # var added to 'admin' to provide unique cookie for each login
                var = util.random_letters()
                self.set_secure_cookie('user_id', 'admin' + var)
                self.redirect('/admin-pref')
                return
        else:
            self.generate('login.html',
                          {'error_login': '******'})
Exemplo n.º 6
0
    def is_valid_login(self, username, password):
        username_code = util.get_code(username)

        # Find the user in the database
        user = runners.Runners.get_by_key_name(username_code, parent=runners.key())
        if not user:
            return False, dict(user_error="Username not found")

        # Check for valid password
        if util.valid_pw(username_code, password, user.password):
            return True, dict()
        else:
            return False, dict(pass_error="Invalid password")
Exemplo n.º 7
0
class Handler(webapp2.RequestHandler):
    OVER_QUOTA_ERROR = 'OVER_QUOTA_ERROR'

    # Writing and rendering utility functions
    def write(self, *a, **kw):
        self.response.out.write(*a, **kw)

    def render_str(self, template, **params):
        t = JINJA_ENVIRONMENT.get_template(template)
        return t.render(params)

    def render(self, template, **kw):
        self.write(self.render_str(template, **kw))

    def render_json( self, obj ):
        self.response.headers[ 'Content-Type' ] = ( 'application/json; ' 
                                                    + 'charset=UTF-8' )
        self.response.headers[ "Access-Control-Allow-Origin" ] = ("*")

        # Allow javascript from any domain to access the JSON
#        self.response.headers.add_header( 'Access-Control-Allow-Origin', '*' )
        self.write( json.dumps( obj, cls = util.MyJSONEncoder ) )

    # Helpful override to determine the format of the output
    def initialize( self, *a, **kw ):
        webapp2.RequestHandler.initialize( self, *a, **kw )
        if self.request.path.endswith( '.json' ):
            self.format = 'json'
        else:
            self.format = 'html'

    # User login functions
    def is_valid_login( self, username, password ):
        username_code = util.get_code( username )
        
        # Find the user in the database
        try:
            user = runners.Runners.get_by_key_name( username_code, 
                                                    parent=runners.key() )
        except apiproxy_errors.OverQuotaError, msg:
            logging.error( msg )
            return False, dict( user_error="Over quota error" )

        if not user:
            return False, dict( user_error="Username not found" )

        # Check for valid password
        if util.valid_pw( username_code, password, user.password ):
            return True, dict( )
        else:
            return False, dict( pass_error="Invalid password" )
Exemplo n.º 8
0
    def is_valid_login(self, username, password):
        username_code = util.get_code(username)

        # Find the user in the database
        user = runners.Runners.get_by_key_name(username_code,
                                               parent=runners.key())
        if not user:
            return False, dict(user_error="Username not found")

        # Check for valid password
        if util.valid_pw(username_code, password, user.password):
            return True, dict()
        else:
            return False, dict(pass_error="Invalid password")
Exemplo n.º 9
0
    def post(self):
        username = self.request.get('username')
        password = self.request.get('password')

        if(not username or not password):
            self.render('login.html', username = username, error = "Missing Username or Password")
        else:
            u = models.User.by_name(username)
            if(not u):
                self.render('login.html', username = username, error = "Invalid Username")
            elif(not util.valid_pw(username, password, u.pw_hash)):
                self.render('login.html', username = username, error = "Invalid Password")
            else:
                self.set_cookie('user', str(u.key().id()))
                self.redirect('/')
Exemplo n.º 10
0
	def post(self):
		user_username = self.request.get('username')
		user_password = self.request.get('password')
		err1 = ""
		users = db.GqlQuery("SELECT * FROM User")
		user_exist = None
		for user in users:
			if util.valid_pw(user_username,user_password,user.password):
				user_exist = user
		if user_exist:
			user_id = user_exist.key().id()
			new_cookie_val = util.make_secure_val(str(user_id))
			self.response.headers.add_header('Set-Cookie', 'user_id=%s; Path=/' % new_cookie_val)
			self.redirect("/blog/welcome")
		else:
			err1 = "Invalid login"
			self.render("login.html",error = err1)
Exemplo n.º 11
0
 def change_username(cls, new_username, pw):
     """Function to change Admin username in preferences page.
        Password re-hashing is required since the stored password
        hashes are a function of the username.
     """
     if not new_username or not pw:
         return 'A new username and or password is required. Retry.'
     elif len(new_username) < 6:
         return 'Username must be greater than 6 characters'
     else:
         admin_key = db.Key.from_path('Admin', 'admin_key_name')
         admin = Admin.get(admin_key)
         if not util.valid_pw(admin.admin_username, pw,
                              admin.admin_pw_hash):
             return 'Invalid Password. Please Retry.'
         else:
             admin.admin_username = new_username
             pw_hash = util.make_pw_hash(new_username, pw)
             admin.admin_pw_hash = pw_hash
             admin.put()
             return 'Username change was successful!'
Exemplo n.º 12
0
 def change_username(cls, new_username, pw):
     """Function to change Admin username in preferences page.
        Password re-hashing is required since the stored password
        hashes are a function of the username.
     """
     if not new_username or not pw:
         return 'A new username and or password is required. Retry.'
     elif len(new_username) < 6:
         return 'Username must be greater than 6 characters'
     else:
         admin_key = db.Key.from_path('Admin', 'admin_key_name')
         admin = Admin.get(admin_key)
         if not util.valid_pw(admin.admin_username, pw,
                                   admin.admin_pw_hash):
             return 'Invalid Password. Please Retry.'
         else:
             admin.admin_username = new_username
             pw_hash = util.make_pw_hash(new_username, pw)
             admin.admin_pw_hash = pw_hash
             admin.put()
             return 'Username change was successful!'
Exemplo n.º 13
0
    def post(self):
        params = {}
        error = False

        email = util.escape(self.request.get("email"))
        password = util.escape(self.request.get("password"))
        
        params['email'] = email

        if not email:
            params['errorEmail'] = 'error'
            params['errorMessage'] = "Please enter email"
            error = True

        if not password:
            params['errorPass'] = '******'
            params['errorMessage'] = "Please enter password"
            error = True

        u = databases.User.by_email(email)

        if not u:
            params['errorEmail'] = 'error'
            params['errorPass'] = '******'
            params['errorMessage'] = "Invalid email"
            error = True
        elif not util.valid_pw(email, password, u.pw_hash):
            params['errorEmail'] = 'error'
            params['errorPass'] = '******'
            params['errorMessage'] = "Invalid password"
            error = True

        if error:
            self.render('login.html', **params)
        else:
            self.set_cookie('user', str(u.key().id()))
            logging.info(u.name + " logged in")
            self.redirect('/')
Exemplo n.º 14
0
 def login(cls, name, pw):
     u = cls.by_name(name)
     if u and valid_pw(name, pw, u.pw_hash):
         return u