def validator(self, node, value): super(LoginSchema, self).validator(node, value) username = value.get('username') password = value.get('password') user = User.get_by_username(username) if user is None: user = User.get_by_email(username) if user is None: err = colander.Invalid(node) err['username'] = _('User does not exist.') raise err if not User.validate_user(user, password): err = colander.Invalid(node) err['password'] = _('Incorrect password. Please try again.') raise err if not user.is_activated: reason = _('Your account is not active. Please check your e-mail.') raise colander.Invalid(node, reason) value['user'] = user
def validator(self, node, value): super(LoginSchema, self).validator(node, value) username = value.get('username') password = value.get('password') user = User.get_by_username(username) if user is None: user = User.get_by_email(username) if user is None: err = colander.Invalid(node) err['username'] = _('User does not exist.') raise err if not User.validate_user(user, password): err = colander.Invalid(node) err['password'] = _('Incorrect password. Please try again.') raise err if not user.is_activated: reason = _('Your account is not active. Please check your e-mail.') raise colander.Invalid(node, reason) value['user'] = user
def edit_profile(self): """Handle POST payload from profile update form.""" if self.request.method != 'POST': return httpexceptions.HTTPMethodNotAllowed() # Nothing to do here for non logged-in users if self.request.authenticated_userid is None: return httpexceptions.HTTPUnauthorized() err, appstruct = validate_form(self.form, self.request.POST.items()) if err is not None: return err user = User.get_by_userid(self.request.domain, self.request.authenticated_userid) response = {'model': {'email': user.email}} # We allow updating subscriptions without validating a password subscriptions = appstruct.get('subscriptions') if subscriptions: data = json.loads(subscriptions) err = _update_subscription_data(self.request, data) if err is not None: return err return response # Any updates to fields below this point require password validation. # # `pwd` is the current password # `password` (used below) is optional, and is the new password # if not User.validate_user(user, appstruct.get('pwd')): return {'errors': {'pwd': _('Invalid password')}, 'code': 401} email = appstruct.get('email') if email: email_user = User.get_by_email(email) if email_user: if email_user.id != user.id: return { 'errors': { 'pwd': _('That email is already used') }, } response['model']['email'] = user.email = email password = appstruct.get('password') if password: user.password = password return response
def edit_profile(self): """Handle POST payload from profile update form.""" if self.request.method != 'POST': return httpexceptions.HTTPMethodNotAllowed() # Nothing to do here for non logged-in users if self.request.authenticated_userid is None: return httpexceptions.HTTPUnauthorized() err, appstruct = validate_form(self.form, self.request.POST.items()) if err is not None: return err user = User.get_by_userid( self.request.domain, self.request.authenticated_userid) response = {'model': {'email': user.email}} # We allow updating subscriptions without validating a password subscriptions = appstruct.get('subscriptions') if subscriptions: data = json.loads(subscriptions) err = _update_subscription_data(self.request, data) if err is not None: return err return response # Any updates to fields below this point require password validation. # # `pwd` is the current password # `password` (used below) is optional, and is the new password # if not User.validate_user(user, appstruct.get('pwd')): return {'errors': {'pwd': _('Invalid password')}, 'code': 401} email = appstruct.get('email') if email: email_user = User.get_by_email(email) if email_user: if email_user.id != user.id: return { 'errors': {'pwd': _('That email is already used')}, } response['model']['email'] = user.email = email password = appstruct.get('password') if password: user.password = password return response
def edit_profile(self): """Handle POST payload from profile update form.""" if self.request.method != "POST": return httpexceptions.HTTPMethodNotAllowed() # Nothing to do here for non logged-in users if self.request.authenticated_userid is None: return httpexceptions.HTTPUnauthorized() err, appstruct = validate_form(self.form, self.request.POST.items()) if err is not None: return err user = User.get_by_id(self.request, self.request.authenticated_userid) response = {"model": {"email": user.email}} # We allow updating subscriptions without validating a password subscriptions = appstruct.get("subscriptions") if subscriptions: data = json.loads(subscriptions) err = _update_subscription_data(self.request, data) if err is not None: return err return response # Any updates to fields below this point require password validation. # # `pwd` is the current password # `password` (used below) is optional, and is the new password # if not User.validate_user(user, appstruct.get("pwd")): return {"errors": {"pwd": _("Invalid password")}, "code": 401} email = appstruct.get("email") if email: email_user = User.get_by_email(email) if email_user: if email_user.id != user.id: return {"errors": {"pwd": _("That email is already used")}} response["model"]["email"] = user.email = email password = appstruct.get("password") if password: user.password = password return response
def disable_user(self): """Disable the user by setting a random password.""" if self.request.authenticated_userid is None: return httpexceptions.HTTPUnauthorized() err, appstruct = validate_form(self.form, self.request.POST.items()) if err is not None: return err user = User.get_by_userid( self.request.domain, self.request.authenticated_userid) if User.validate_user(user, appstruct['pwd']): # Password check. # TODO: maybe have an explicit disabled flag in the status user.password = User.generate_random_password() self.request.session.flash(_('Account disabled.'), 'success') return {} else: return dict(errors={'pwd': _('Invalid password')}, code=401)
def disable_user(self): """Disable the user by setting a random password.""" if self.request.authenticated_userid is None: return httpexceptions.HTTPUnauthorized() err, appstruct = validate_form(self.form, self.request.POST.items()) if err is not None: return err user = User.get_by_userid(self.request.domain, self.request.authenticated_userid) if User.validate_user(user, appstruct['pwd']): # Password check. # TODO: maybe have an explicit disabled flag in the status user.password = User.generate_random_password() self.request.session.flash(_('Account disabled.'), 'success') return {} else: return dict(errors={'pwd': _('Invalid password')}, code=401)