def validator(self, node, value):
super(LoginSchema, self).validator(node, value)
username = value.get('username')
password = value.get('password')
user = User.get_by_username(username)
if user is None:
user = User.get_by_email(username)
if user is None:
err = colander.Invalid(node)
err['username'] = _('User does not exist.')
raise err
if not User.validate_user(user, password):
err = colander.Invalid(node)
err['password'] = _('Incorrect password. Please try again.')
raise err
if not user.is_activated:
reason = _('Your account is not active. Please check your e-mail.')
raise colander.Invalid(node, reason)
value['user'] = user
def validator(self, node, value):
super(LoginSchema, self).validator(node, value)
username = value.get('username')
password = value.get('password')
user = User.get_by_username(username)
if user is None:
user = User.get_by_email(username)
if user is None:
err = colander.Invalid(node)
err['username'] = _('User does not exist.')
raise err
if not User.validate_user(user, password):
err = colander.Invalid(node)
err['password'] = _('Incorrect password. Please try again.')
raise err
if not user.is_activated:
reason = _('Your account is not active. Please check your e-mail.')
raise colander.Invalid(node, reason)
value['user'] = user
def edit_profile(self):
"""Handle POST payload from profile update form."""
if self.request.method != 'POST':
return httpexceptions.HTTPMethodNotAllowed()
# Nothing to do here for non logged-in users
if self.request.authenticated_userid is None:
return httpexceptions.HTTPUnauthorized()
err, appstruct = validate_form(self.form, self.request.POST.items())
if err is not None:
return err
user = User.get_by_userid(self.request.domain,
self.request.authenticated_userid)
response = {'model': {'email': user.email}}
# We allow updating subscriptions without validating a password
subscriptions = appstruct.get('subscriptions')
if subscriptions:
data = json.loads(subscriptions)
err = _update_subscription_data(self.request, data)
if err is not None:
return err
return response
# Any updates to fields below this point require password validation.
#
# `pwd` is the current password
# `password` (used below) is optional, and is the new password
#
if not User.validate_user(user, appstruct.get('pwd')):
return {'errors': {'pwd': _('Invalid password')}, 'code': 401}
email = appstruct.get('email')
if email:
email_user = User.get_by_email(email)
if email_user:
if email_user.id != user.id:
return {
'errors': {
'pwd': _('That email is already used')
},
}
response['model']['email'] = user.email = email
password = appstruct.get('password')
if password:
user.password = password
return response
def edit_profile(self):
"""Handle POST payload from profile update form."""
if self.request.method != 'POST':
return httpexceptions.HTTPMethodNotAllowed()
# Nothing to do here for non logged-in users
if self.request.authenticated_userid is None:
return httpexceptions.HTTPUnauthorized()
err, appstruct = validate_form(self.form, self.request.POST.items())
if err is not None:
return err
user = User.get_by_userid(
self.request.domain, self.request.authenticated_userid)
response = {'model': {'email': user.email}}
# We allow updating subscriptions without validating a password
subscriptions = appstruct.get('subscriptions')
if subscriptions:
data = json.loads(subscriptions)
err = _update_subscription_data(self.request, data)
if err is not None:
return err
return response
# Any updates to fields below this point require password validation.
#
# `pwd` is the current password
# `password` (used below) is optional, and is the new password
#
if not User.validate_user(user, appstruct.get('pwd')):
return {'errors': {'pwd': _('Invalid password')}, 'code': 401}
email = appstruct.get('email')
if email:
email_user = User.get_by_email(email)
if email_user:
if email_user.id != user.id:
return {
'errors': {'pwd': _('That email is already used')},
}
response['model']['email'] = user.email = email
password = appstruct.get('password')
if password:
user.password = password
return response
def edit_profile(self):
"""Handle POST payload from profile update form."""
if self.request.method != "POST":
return httpexceptions.HTTPMethodNotAllowed()
# Nothing to do here for non logged-in users
if self.request.authenticated_userid is None:
return httpexceptions.HTTPUnauthorized()
err, appstruct = validate_form(self.form, self.request.POST.items())
if err is not None:
return err
user = User.get_by_id(self.request, self.request.authenticated_userid)
response = {"model": {"email": user.email}}
# We allow updating subscriptions without validating a password
subscriptions = appstruct.get("subscriptions")
if subscriptions:
data = json.loads(subscriptions)
err = _update_subscription_data(self.request, data)
if err is not None:
return err
return response
# Any updates to fields below this point require password validation.
#
# `pwd` is the current password
# `password` (used below) is optional, and is the new password
#
if not User.validate_user(user, appstruct.get("pwd")):
return {"errors": {"pwd": _("Invalid password")}, "code": 401}
email = appstruct.get("email")
if email:
email_user = User.get_by_email(email)
if email_user:
if email_user.id != user.id:
return {"errors": {"pwd": _("That email is already used")}}
response["model"]["email"] = user.email = email
password = appstruct.get("password")
if password:
user.password = password
return response
def disable_user(self):
"""Disable the user by setting a random password."""
if self.request.authenticated_userid is None:
return httpexceptions.HTTPUnauthorized()
err, appstruct = validate_form(self.form, self.request.POST.items())
if err is not None:
return err
user = User.get_by_userid(
self.request.domain, self.request.authenticated_userid)
if User.validate_user(user, appstruct['pwd']): # Password check.
# TODO: maybe have an explicit disabled flag in the status
user.password = User.generate_random_password()
self.request.session.flash(_('Account disabled.'), 'success')
return {}
else:
return dict(errors={'pwd': _('Invalid password')}, code=401)
def disable_user(self):
"""Disable the user by setting a random password."""
if self.request.authenticated_userid is None:
return httpexceptions.HTTPUnauthorized()
err, appstruct = validate_form(self.form, self.request.POST.items())
if err is not None:
return err
user = User.get_by_userid(self.request.domain,
self.request.authenticated_userid)
if User.validate_user(user, appstruct['pwd']): # Password check.
# TODO: maybe have an explicit disabled flag in the status
user.password = User.generate_random_password()
self.request.session.flash(_('Account disabled.'), 'success')
return {}
else:
return dict(errors={'pwd': _('Invalid password')}, code=401)
