def api_register_put():
username = request.form.get('username')
email = request.form.get('email')
new_password = request.form.get('new-password')
username_exists = check_username(username)
email_exists = check_email(email)
email_syntax_ok = syntax_check.check_email_syntax(email)
username_syntax_ok = syntax_check.check_username_syntax(username)
password_syntax_ok = syntax_check.check_password_syntax(new_password)
form_filled = username and new_password and email
if not form_filled:
return make_response('MISSING ARGS', 422)
elif not email_syntax_ok:
return make_response('INVALID EMAIL SYNTAX', 422)
elif not username_syntax_ok:
return make_response('INVALID USERNAME SYNTAX', 422)
elif not password_syntax_ok:
return make_response('INVALID PASSWORD SYNTAX', 422)
elif username_exists:
return make_response('USERNAME EXISTS', 422)
elif email_exists:
return make_response('EMAIL EXISTS', 422)
else:
cookie_id = generate_hash()
add_new_user(username, email, new_password, cookie_id)
resp = make_response(make_response('OK', 201))
resp.set_cookie(COOKIE_NAME, cookie_id, max_age=60 * 60 * 24 * 30)
return resp
def web_recover_processor():
key = request.form.get('key')
user = find_user_by_recover_key(key)
new_password = request.form.get('new-password')
repeat_new_password = request.form.get('repeat-new-password')
new_password_check = new_password == repeat_new_password
if not user:
return render_template('status/error.html', code='user_not_found')
elif not new_password or not repeat_new_password:
return render_template('status/error.html', code='form_not_filled')
elif not new_password_check:
return render_template('status/error.html',
code='passwords_do_not_match')
else:
cookie_id = generate_hash()
update_user(user,
password_reset=True,
new_password=new_password,
cookie_id=cookie_id)
resp = make_response(
render_template('status/success.html', code='edit_success'))
resp.set_cookie(COOKIE_NAME, cookie_id, max_age=60 * 60 * 24 * 30)
return resp
def update_user(user, password_reset=False, **kwargs):
cursor = DATABASE.cursor()
if 'username' in kwargs:
cursor.execute('update users set username = %s where id = %s',
(kwargs['username'], user['id']))
user['username'] = kwargs['username']
if 'email' in kwargs:
link = generate_hash()
if user['verification_link']:
delete_hash(user['verification_link'])
cursor.execute(
'update users set email = %s, verification_link = %s, verified = false '
'where id = %s', (kwargs['email'], link, user['id']))
send_mail(kwargs['email'], user['username'], link, 'email_change')
if 'new_password' and 'cookie_id' in kwargs:
password_hash = pbkdf2_sha512.encrypt(kwargs['new_password'],
rounds=200000,
salt_size=64)
delete_hash(user['cookieid'])
cursor.execute(
'update users set password = %s, cookieid = %s where id = %s',
(password_hash, user['cookieid'], user['id']))
if password_reset:
delete_hash(user['recovery_link'])
cursor.execute(
'update users set recovery_link = null where id = %s',
(user['id'], ))
def create_recover_link(user):
cursor = DATABASE.cursor()
link = generate_hash()
if user['recovery_link']:
delete_hash(user['recovery_link'])
cursor.execute('update users set recovery_link = %s where id = %s',
(link, user['id']))
send_mail(
user['verified_email'] if user['verified_email'] else user['email'],
user['username'], link, 'password-recovery')
def add_new_user(username, email, new_password, cookie_id):
cursor = DATABASE.cursor()
link = generate_hash()
password_hash = pbkdf2_sha512.encrypt(new_password,
rounds=200000,
salt_size=64)
cursor.execute(
'insert into users (username, password, cookieid, email, verification_link) '
'values (%s, %s, %s, %s, %s)',
(username, password_hash, cookie_id, email, link))
send_mail(email, username, link, 'register')
def web_settings_processor():
username = request.form.get('username')
email = request.form.get('email')
repeat_email = request.form.get('repeat-email')
new_password = request.form.get('new-password')
repeat_new_password = request.form.get('repeat-new-password')
user = get_user()
new_password_check = new_password == repeat_new_password
email_check = email == repeat_email
username_exists = check_username(username)
email_exists = check_email(email)
email_syntax_ok = syntax_check.check_email_syntax(email)
username_syntax_ok = syntax_check.check_username_syntax(username)
password_syntax_ok = syntax_check.check_password_syntax(new_password)
if not user:
return redirect('/logout/', code=302)
elif email and not email_syntax_ok:
return render_template('status/error.html', code='wrong_email_syntax')
elif username and not username_syntax_ok:
return render_template('status/error.html',
code='wrong_username_syntax')
elif new_password and not password_syntax_ok:
return render_template('status/error.html',
code='wrong_password_syntax')
if not new_password_check:
return render_template('status/error.html',
code='passwords_do_not_match')
elif not email_check:
return render_template('status/error.html', code='emails_do_not_match')
elif username_exists:
return render_template('status/error.html', code='username_exists')
elif email_exists:
return render_template('status/error.html', code='email_exists')
if username:
update_user(user, username=username)
if email:
update_user(user, email=email)
if new_password:
cookie_id = generate_hash()
update_user(user, new_password=new_password, cookie_id=cookie_id)
resp = make_response(
render_template('status/success.html', code='edit_success'))
resp.set_cookie(COOKIE_NAME, cookie_id, max_age=60 * 60 * 24 * 30)
return resp
return render_template('status/success.html', code='edit_success')
def api_recover_put():
key = request.form.get('key')
user = find_user_by_recover_key(key)
new_password = request.form.get('new-password')
password_syntax_ok = syntax_check.check_password_syntax(new_password)
if not user:
return make_response('NO USER', 422)
elif not new_password:
return make_response('MISSING ARGS', 422)
elif not password_syntax_ok:
return make_response('INVALID PASSWORD SYNTAX', 422)
else:
cookie_id = generate_hash()
update_user(user,
password_reset=True,
new_password=new_password,
cookie_id=cookie_id)
resp = make_response(make_response('OK', 200))
resp.set_cookie(COOKIE_NAME, cookie_id, max_age=60 * 60 * 24 * 30)
return resp
def api_settings_post():
username = request.form.get('username')
email = request.form.get('email')
new_password = request.form.get('new-password')
user = get_user()
username_exists = check_username(username)
email_exists = check_email(email)
email_syntax_ok = syntax_check.check_email_syntax(email)
username_syntax_ok = syntax_check.check_username_syntax(username)
password_syntax_ok = syntax_check.check_password_syntax(new_password)
if not user:
return make_response('NO USER', 422)
elif email and not email_syntax_ok:
return make_response('INVALID EMAIL SYNTAX', 422)
elif username and not username_syntax_ok:
return make_response('INVALID USERNAME SYNTAX', 422)
elif new_password and not password_syntax_ok:
return make_response('INVALID PASSWORD SYNTAX', 422)
elif username_exists:
return make_response('USERNAME EXISTS', 422)
elif email_exists:
return make_response('EMAIL EXISTS', 422)
if username:
update_user(user, username=username)
if email:
update_user(user, email=email)
if new_password:
cookie_id = generate_hash()
update_user(user, new_password=new_password, cookie_id=cookie_id)
resp = make_response(make_response('OK', 200))
resp.set_cookie(COOKIE_NAME, cookie_id, max_age=60 * 60 * 24 * 30)
return resp
return make_response('OK', 200)
def web_register_processor():
username = request.form.get('username')
email = request.form.get('email')
new_password = request.form.get('new-password')
repeat_new_password = request.form.get('repeat-new-password')
username_exists = check_username(username)
email_exists = check_email(email)
email_syntax_ok = syntax_check.check_email_syntax(email)
username_syntax_ok = syntax_check.check_username_syntax(username)
password_syntax_ok = syntax_check.check_password_syntax(new_password)
form_filled = username and new_password and repeat_new_password and email
if not form_filled:
return render_template('status/error.html', code='form_not_filled')
elif not email_syntax_ok:
return render_template('status/error.html', code='wrong_email_syntax')
elif not username_syntax_ok:
return render_template('status/error.html',
code='wrong_username_syntax')
elif not password_syntax_ok:
return render_template('status/error.html',
code='wrong_password_syntax')
elif username_exists:
return render_template('status/error.html', code='username_exists')
elif email_exists:
return render_template('status/error.html', code='email_exists')
elif new_password != repeat_new_password:
return render_template('status/error.html',
code='passwords_do_not_match')
else:
cookie_id = generate_hash()
add_new_user(username, email, new_password, cookie_id)
resp = make_response(
render_template('status/success.html', code='register_success'))
resp.set_cookie(COOKIE_NAME, cookie_id, max_age=60 * 60 * 24 * 30)
return resp
