Exemplo n.º 1
0
    def post(self, **post):
        try:
            data = Bunch(register_form.native(post)[0])
        except Exception as e:
            if config.get('debug', False):
                raise
            return 'json:', dict(success=False, message=_("Unable to parse data."), data=post, exc=str(e))
        
        if not data.username or not data.email or not data.password or data.password != data.pass2:
            return 'json:', dict(success=False, message=_("Missing data or passwords do not match."), data=data)

        #Make sure that the provided email address is a valid form for an email address
        v = EmailValidator()
        email = data.email
        email, err = v.validate(email)
        if err:
            return 'json:', dict(success=False, message=_("Invalid email address provided."), data=data)
        
        #If the password isn't strong enough, reject it
        if(zxcvbn.password_strength(data.password).get("score") < MINIMUM_PASSWORD_STRENGTH):
            return 'json:', dict(success=False, message=_("Password provided is too weak. please add more characters, or include lowercase, uppercase, and special characters."), data=data)
        
        #Ensures that the provided username and email are lowercase
        user = User(data.username.lower(), data.email.lower(), active=True)
        user.password = data.password
        try:
            user.save()
        except ValidationError:
            return 'json:', dict(success=False, message=_("Invalid email address provided."), data=data)
        except NotUniqueError:
            return 'json:', dict(success=False, message=_("Either the username or email address provided is already taken."), data=data)
        
        authenticate(user.username, data.password)
        
        return 'json:', dict(success=True, location="/")
Exemplo n.º 2
0
    def __post_recovery(self, **post):
        try:
            data = Bunch(reset_password_form.native(post)[0])
        except Exception as e:
            if config.get('debug', False):
                raise
            return 'json:', dict(success=False, message=_("Unable to parse data."), data=post, exc=str(e))
        recovery = self.__get_recovery(data.email, data.recovery_key)
        if not recovery:
            return 'json:', dict(success=False, message=_("Sorry that recovery link has already expired"),
                                 location="/account/recover")
        passwd_ok, error_msg = _check_password(data.password, data.pass2)
        if not passwd_ok:
            return 'json:', dict(success=False, message=error_msg)

        #If the password isn't strong enough, reject it
        if(zxcvbn.password_strength(data.password).get("score") < MINIMUM_PASSWORD_STRENGTH):
            return 'json:', dict(success=False, message=_("Password provided is too weak. please add more characters, or include lowercase, uppercase, and special characters."), data=data)

        #set new password
        user = recovery.user
        user.password = data.password
        user.save()

        #remove recovery key
        recovery.delete()

        authenticate(user.username, data.password)

        return 'json:', dict(success=True, message=_("Password changed, forwarding ..."), location="/")
Exemplo n.º 3
0
    def post(self, **post):
        try:
            data = Bunch(register_form.native(post)[0])
        except Exception as e:
            if config.get('debug', False):
                raise
            return 'json:', dict(success=False,
                                 message=_("Unable to parse data."),
                                 data=post,
                                 exc=str(e))

        if not data.username or not data.email or not data.password or data.password != data.pass2:
            return 'json:', dict(
                success=False,
                message=_("Missing data or passwords do not match."),
                data=data)

        #Make sure that the provided email address is a valid form for an email address
        v = EmailValidator()
        email = data.email
        email, err = v.validate(email)
        if err:
            return 'json:', dict(success=False,
                                 message=_("Invalid email address provided."),
                                 data=data)

        #If the password isn't strong enough, reject it
        if (zxcvbn.password_strength(data.password).get("score") <
                MINIMUM_PASSWORD_STRENGTH):
            return 'json:', dict(
                success=False,
                message=
                _("Password provided is too weak. please add more characters, or include lowercase, uppercase, and special characters."
                  ),
                data=data)

        #Ensures that the provided username and email are lowercase
        user = User(data.username.lower(), data.email.lower(), active=True)
        user.password = data.password
        try:
            user.save()
        except ValidationError:
            return 'json:', dict(success=False,
                                 message=_("Invalid email address provided."),
                                 data=data)
        except NotUniqueError:
            return 'json:', dict(
                success=False,
                message=
                _("Either the username or email address provided is already taken."
                  ),
                data=data)

        authenticate(user.username, data.password)

        return 'json:', dict(success=True, location="/")
Exemplo n.º 4
0
 def authorized(self, token):
     # Capture the returned token and use it to look up the user details.
     # If we don't have this character, create them.
     # Store the token against this user account.
     # Note that our own 'sessions' may not last beyond the UTC date returned as 'expires'.
     # (Though they can be shorter!)
     
     # We request an authenticated session from the server.
     
     authenticate(token)
     
     raise HTTPFound(location='/')
Exemplo n.º 5
0
    def authorized(self, token):
        # Capture the returned token and use it to look up the user details.
        # If we don't have this character, create them.
        # Store the token against this user account.
        # Note that our own 'sessions' may not last beyond the UTC date returned as 'expires'.
        # (Though they can be shorter!)
        
        # Prevent users from specifying their session IDs (Some user-agents were sending null ids, leading to users
        # authenticated with a session id of null
        session.regenerate_id()

        # We request an authenticated session from the server.
        
        authenticate(token)
        
        raise HTTPFound(location='/')
Exemplo n.º 6
0
 def post(self, **post):
     try:
         data = Bunch(register_form.native(post)[0])
     except Exception as e:
         if config.get('debug', False):
             raise
         return 'json:', dict(success=False, message="Unable to parse data.", data=post, exc=str(e))
     
     if not data.username or not data.email or not data.password or data.password != data.pass2:
         return 'json:', dict(success=False, message="Missing data?", data=data)
     
     user = User(data.username, data.email, active=True)
     user.password = data.password
     user.save()
     
     authenticate(data.username, data.password)
     
     return 'json:', dict(success=True, location="/")
Exemplo n.º 7
0
 def post(self, **post):
     try:
         data = Bunch(register_form.native(post)[0])
     except Exception as e:
         if config.get('debug', False):
             raise
         return 'json:', dict(success=False, message="Unable to parse data.", data=post, exc=str(e))
     
     if not data.username or not data.email or not data.password or data.password != data.pass2:
         return 'json:', dict(success=False, message="Missing data?", data=data)
     
     user = User(data.username, data.email, active=True)
     user.password = data.password
     user.save()
     
     authenticate(data.username, data.password)
     
     return 'json:', dict(success=True, location="/")
Exemplo n.º 8
0
    def post(self, identity, password, remember=False, redirect=None):
        # First try with the original input
        success = authenticate(identity, password)

        if not success:
            # Try lowercase if it's an email or username, but not if it's an OTP
            if '@' in identity or len(identity) != 44:
                success = authenticate(identity.lower(), password)

        if not success:
            if request.is_xhr:
                return 'json:', dict(success=False, message=_("Invalid user name or password."))

            return self.get(redirect)

        if request.is_xhr:
            return 'json:', dict(success=True, location=redirect or '/')

        raise HTTPFound(location=redirect or '/')
Exemplo n.º 9
0
    def __post_recovery(self, **post):
        try:
            data = Bunch(reset_password_form.native(post)[0])
        except Exception as e:
            if config.get('debug', False):
                raise
            return 'json:', dict(success=False,
                                 message=_("Unable to parse data."),
                                 data=post,
                                 exc=str(e))
        recovery = self.__get_recovery(data.email, data.recovery_key)
        if not recovery:
            return 'json:', dict(
                success=False,
                message=_("Sorry that recovery link has already expired"),
                location="/account/recover")
        passwd_ok, error_msg = _check_password(data.password, data.pass2)
        if not passwd_ok:
            return 'json:', dict(success=False, message=error_msg)

        #If the password isn't strong enough, reject it
        if (zxcvbn.password_strength(data.password).get("score") <
                MINIMUM_PASSWORD_STRENGTH):
            return 'json:', dict(
                success=False,
                message=
                _("Password provided is too weak. please add more characters, or include lowercase, uppercase, and special characters."
                  ),
                data=data)

        #set new password
        user = recovery.user
        user.password = data.password
        user.save()

        #remove recovery key
        recovery.delete()

        authenticate(user.username, data.password)

        return 'json:', dict(success=True,
                             message=_("Password changed, forwarding ..."),
                             location="/")
Exemplo n.º 10
0
    def post(self, identity, password, remember=False, redirect=None):
        if not authenticate(identity, password):
            if request.is_xhr:
                return 'json:', dict(success=False, message=_("Invalid user name or password."))

            return self.get(redirect)

        if request.is_xhr:
            return 'json:', dict(success=True, location=redirect or '/')

        raise HTTPFound(location=redirect or '/')
Exemplo n.º 11
0
    def post(self, identity, password, remember=False, redirect=None):
        if not authenticate(identity, password):
            if request.is_xhr:
                return 'json:', dict(success=False, message=_("Invalid user name or password."))

            return self.get(redirect)

        if request.is_xhr:
            return 'json:', dict(success=True, location=redirect or '/')

        raise HTTPFound(location=redirect or '/')
Exemplo n.º 12
0
    def post(self, identity, password, remember=False, redirect=None):
        # First try with the original input
        success = authenticate(identity, password)

        if not success:
            # Try lowercase if it's an email or username, but not if it's an OTP
            if '@' in identity or len(identity) != 44:
                success = authenticate(identity.lower(), password)

        if not success:
            if request.is_xhr:
                return 'json:', dict(
                    success=False, message=_("Invalid user name or password."))

            return self.get(redirect)

        if request.is_xhr:
            return 'json:', dict(success=True, location=redirect or '/')

        raise HTTPFound(location=redirect or '/')