Пример #1
0
    def validator(self, node, value):
        super(LoginSchema, self).validator(node, value)

        username = value.get('username')
        password = value.get('password')

        user = User.get_by_username(username)
        if user is None:
            user = User.get_by_email(username)

        if user is None:
            err = colander.Invalid(node)
            err['username'] = _('User does not exist.')
            raise err

        if not User.validate_user(user, password):
            err = colander.Invalid(node)
            err['password'] = _('Incorrect password. Please try again.')
            raise err

        if not user.is_activated:
            reason = _('Your account is not active. Please check your e-mail.')
            raise colander.Invalid(node, reason)

        value['user'] = user
Пример #2
0
    def validator(self, node, value):
        super(LoginSchema, self).validator(node, value)

        username = value.get('username')
        password = value.get('password')

        user = User.get_by_username(username)
        if user is None:
            user = User.get_by_email(username)

        if user is None:
            err = colander.Invalid(node)
            err['username'] = _('User does not exist.')
            raise err

        if not User.validate_user(user, password):
            err = colander.Invalid(node)
            err['password'] = _('Incorrect password. Please try again.')
            raise err

        if not user.is_activated:
            reason = _('Your account is not active. Please check your e-mail.')
            raise colander.Invalid(node, reason)

        value['user'] = user
Пример #3
0
    def edit_profile(self):
        """Handle POST payload from profile update form."""
        if self.request.method != 'POST':
            return httpexceptions.HTTPMethodNotAllowed()

        # Nothing to do here for non logged-in users
        if self.request.authenticated_userid is None:
            return httpexceptions.HTTPUnauthorized()

        err, appstruct = validate_form(self.form, self.request.POST.items())
        if err is not None:
            return err

        user = User.get_by_userid(self.request.domain,
                                  self.request.authenticated_userid)
        response = {'model': {'email': user.email}}

        # We allow updating subscriptions without validating a password
        subscriptions = appstruct.get('subscriptions')
        if subscriptions:
            data = json.loads(subscriptions)
            err = _update_subscription_data(self.request, data)
            if err is not None:
                return err
            return response

        # Any updates to fields below this point require password validation.
        #
        #   `pwd` is the current password
        #   `password` (used below) is optional, and is the new password
        #
        if not User.validate_user(user, appstruct.get('pwd')):
            return {'errors': {'pwd': _('Invalid password')}, 'code': 401}

        email = appstruct.get('email')
        if email:
            email_user = User.get_by_email(email)

            if email_user:
                if email_user.id != user.id:
                    return {
                        'errors': {
                            'pwd': _('That email is already used')
                        },
                    }

            response['model']['email'] = user.email = email

        password = appstruct.get('password')
        if password:
            user.password = password

        return response
Пример #4
0
    def edit_profile(self):
        """Handle POST payload from profile update form."""
        if self.request.method != 'POST':
            return httpexceptions.HTTPMethodNotAllowed()

        # Nothing to do here for non logged-in users
        if self.request.authenticated_userid is None:
            return httpexceptions.HTTPUnauthorized()

        err, appstruct = validate_form(self.form, self.request.POST.items())
        if err is not None:
            return err

        user = User.get_by_userid(
            self.request.domain, self.request.authenticated_userid)
        response = {'model': {'email': user.email}}

        # We allow updating subscriptions without validating a password
        subscriptions = appstruct.get('subscriptions')
        if subscriptions:
            data = json.loads(subscriptions)
            err = _update_subscription_data(self.request, data)
            if err is not None:
                return err
            return response

        # Any updates to fields below this point require password validation.
        #
        #   `pwd` is the current password
        #   `password` (used below) is optional, and is the new password
        #
        if not User.validate_user(user, appstruct.get('pwd')):
            return {'errors': {'pwd': _('Invalid password')}, 'code': 401}

        email = appstruct.get('email')
        if email:
            email_user = User.get_by_email(email)

            if email_user:
                if email_user.id != user.id:
                    return {
                        'errors': {'pwd': _('That email is already used')},
                    }

            response['model']['email'] = user.email = email

        password = appstruct.get('password')
        if password:
            user.password = password

        return response
Пример #5
0
Файл: views.py Проект: stuk88/h
    def edit_profile(self):
        """Handle POST payload from profile update form."""
        if self.request.method != "POST":
            return httpexceptions.HTTPMethodNotAllowed()

        # Nothing to do here for non logged-in users
        if self.request.authenticated_userid is None:
            return httpexceptions.HTTPUnauthorized()

        err, appstruct = validate_form(self.form, self.request.POST.items())
        if err is not None:
            return err

        user = User.get_by_id(self.request, self.request.authenticated_userid)
        response = {"model": {"email": user.email}}

        # We allow updating subscriptions without validating a password
        subscriptions = appstruct.get("subscriptions")
        if subscriptions:
            data = json.loads(subscriptions)
            err = _update_subscription_data(self.request, data)
            if err is not None:
                return err
            return response

        # Any updates to fields below this point require password validation.
        #
        #   `pwd` is the current password
        #   `password` (used below) is optional, and is the new password
        #
        if not User.validate_user(user, appstruct.get("pwd")):
            return {"errors": {"pwd": _("Invalid password")}, "code": 401}

        email = appstruct.get("email")
        if email:
            email_user = User.get_by_email(email)

            if email_user:
                if email_user.id != user.id:
                    return {"errors": {"pwd": _("That email is already used")}}

            response["model"]["email"] = user.email = email

        password = appstruct.get("password")
        if password:
            user.password = password

        return response
Пример #6
0
    def disable_user(self):
        """Disable the user by setting a random password."""
        if self.request.authenticated_userid is None:
            return httpexceptions.HTTPUnauthorized()

        err, appstruct = validate_form(self.form, self.request.POST.items())
        if err is not None:
            return err

        user = User.get_by_userid(
            self.request.domain, self.request.authenticated_userid)

        if User.validate_user(user, appstruct['pwd']):  # Password check.
            # TODO: maybe have an explicit disabled flag in the status
            user.password = User.generate_random_password()
            self.request.session.flash(_('Account disabled.'), 'success')
            return {}
        else:
            return dict(errors={'pwd': _('Invalid password')}, code=401)
Пример #7
0
    def disable_user(self):
        """Disable the user by setting a random password."""
        if self.request.authenticated_userid is None:
            return httpexceptions.HTTPUnauthorized()

        err, appstruct = validate_form(self.form, self.request.POST.items())
        if err is not None:
            return err

        user = User.get_by_userid(self.request.domain,
                                  self.request.authenticated_userid)

        if User.validate_user(user, appstruct['pwd']):  # Password check.
            # TODO: maybe have an explicit disabled flag in the status
            user.password = User.generate_random_password()
            self.request.session.flash(_('Account disabled.'), 'success')
            return {}
        else:
            return dict(errors={'pwd': _('Invalid password')}, code=401)