def validator(self, node, value):
super(LoginSchema, self).validator(node, value)
username = value.get('username')
password = value.get('password')
user = User.get_by_username(username)
if user is None:
user = User.get_by_email(username)
if user is None:
err = colander.Invalid(node)
err['username'] = _('User does not exist.')
raise err
if not User.validate_user(user, password):
err = colander.Invalid(node)
err['password'] = _('Incorrect password. Please try again.')
raise err
if not user.is_activated:
reason = _('Your account is not active. Please check your e-mail.')
raise colander.Invalid(node, reason)
value['user'] = user
def unique_username(node, value):
'''Colander validator that ensures the username does not exist.'''
user = User.get_by_username(value)
if user:
msg = _("Sorry, an account with this username already exists. "
"Please enter another one.")
raise colander.Invalid(node, msg)
def unique_username(node, value):
'''Colander validator that ensures the username does not exist.'''
user = User.get_by_username(value)
if user:
msg = _("Sorry, an account with this username already exists. "
"Please enter another one.")
raise colander.Invalid(node, msg)
def validator(self, node, value):
super(LoginSchema, self).validator(node, value)
username = value.get('username')
password = value.get('password')
user = User.get_by_username(username)
if user is None:
user = User.get_by_email(username)
if user is None:
err = colander.Invalid(node)
err['username'] = _('User does not exist.')
raise err
if not User.validate_user(user, password):
err = colander.Invalid(node)
err['password'] = _('Incorrect password. Please try again.')
raise err
if not user.is_activated:
reason = _('Your account is not active. Please check your e-mail.')
raise colander.Invalid(node, reason)
value['user'] = user
def delete(self):
"""Remove a user from the admins."""
if len(User.admins()) > 1:
try:
username = self.request.params["remove"]
except KeyError:
raise httpexceptions.HTTPNotFound
user = User.get_by_username(username)
user.admin = False
return httpexceptions.HTTPSeeOther(location=self.request.route_url("admin_users_index"))
def _validate_request(request):
"""
Check that the passed request is appropriate for proceeding with account
claim. Asserts that:
- the 'claim' feature is toggled on
- no-one is logged in
- the claim token is provided and authentic
- the user referred to in the token exists
- the user referred to in the token has not already claimed their account
and raises for redirect or 404 otherwise.
"""
if not request.feature('claim'):
raise exc.HTTPNotFound()
# If signed in, redirect to stream
if request.authenticated_userid is not None:
_perform_logged_in_redirect(request)
payload = _validate_token(request)
if payload is None:
raise exc.HTTPNotFound()
try:
username = util.split_user(payload['userid'])['username']
except ValueError:
log.warn('got claim token with invalid userid=%r', payload['userid'])
raise exc.HTTPNotFound()
user = User.get_by_username(username)
if user is None:
log.warn('got claim token with invalid userid=%r', payload['userid'])
raise exc.HTTPNotFound()
# User already has a password? Claimed already.
if user.password:
_perform_already_claimed_redirect(request)
return user
def _validate_request(request):
"""
Check that the passed request is appropriate for proceeding with account
claim. Asserts that:
- the 'claim' feature is toggled on
- no-one is logged in
- the claim token is provided and authentic
- the user referred to in the token exists
- the user referred to in the token has not already claimed their account
and raises for redirect or 404 otherwise.
"""
if not request.feature('claim'):
raise exc.HTTPNotFound()
# If signed in, redirect to stream
if request.authenticated_userid is not None:
_perform_logged_in_redirect(request)
payload = _validate_token(request)
if payload is None:
raise exc.HTTPNotFound()
try:
username = util.split_user(payload['userid'])['username']
except ValueError:
log.warn('got claim token with invalid userid=%r', payload['userid'])
raise exc.HTTPNotFound()
user = User.get_by_username(username)
if user is None:
log.warn('got claim token with invalid userid=%r', payload['userid'])
raise exc.HTTPNotFound()
# User already has a password? Claimed already.
if user.password:
_perform_already_claimed_redirect(request)
return user
