def account(): """Return account details and/or update given keys. -- http://developer.getcloudapp.com/view-account-details -- http://developer.getcloudapp.com/change-default-security -- http://developer.getcloudapp.com/change-email -- http://developer.getcloudapp.com/change-password PUT: accepts every new password (stored in plaintext) and similar to /register no digit-only "email" address is allowed.""" conf, db = current_app.config, current_app.db account = db.accounts.find_one({'email': request.authorization.username}) if request.method == 'GET': return jsonify(clear(account)) try: _id = account['_id'] data = json.loads(request.data)['user'] except ValueError: return ('Unprocessable Entity', 422) if len(data.keys()) == 1 and 'private_items' in data: db.accounts.update({'_id': _id}, {'$set': {'private_items': data['private_items']}}) account['private_items'] = data['private_items'] elif len(data.keys()) == 2 and 'current_password' in data: if not account['passwd'] == A1(account['email'], data['current_password']): return abort(403) if 'email' in data: if filter(lambda c: not c in conf['ALLOWED_CHARS'], data['email']) \ or data['email'].isdigit(): # no numbers allowed abort(400) if db.accounts.find_one({'email': data['email']}) and \ account['email'] != data['email']: return ('User already exists', 406) new = {'email': data['email'], 'passwd': A1(data['email'], data['current_password'])} db.accounts.update({'_id': _id}, {'$set': new}) account['email'] = new['email'] account['passwd'] = new['passwd'] elif 'password' in data: passwd = A1(account['email'], data['password']) db.accounts.update({'_id': _id}, {'$set': {'passwd': passwd}}) account['passwd'] = passwd else: abort(400) db.accounts.update({'_id': account['_id']}, {'$set': {'updated_at': strftime('%Y-%m-%dT%H:%M:%SZ', gmtime())}}) return jsonify(clear(account))
def register(): """Registration of new users (no digits-only usernames are allowed), if PUBLIC_REGISTRATION is set to True new accounts are instantly activated. Otherwise you have to do it manually via `manage.py activate $USER`. -- http://developer.getcloudapp.com/register""" conf, db = current_app.config, current_app.db if len(request.data) > 200: return ('Request Entity Too Large', 413) try: d = json.loads(request.data) email = d['user']['email'] if email.isdigit(): raise ValueError # no numbers as username allowed passwd = d['user']['password'] except (ValueError, KeyError): return ('Bad Request', 422) # TODO: allow more characters, unicode -> ascii, before filter if filter(lambda c: not c in conf['ALLOWED_CHARS'], email): return ('Bad Request', 422) if db.accounts.find_one({'email': email}) != None: return ('User already exists', 406) if not db.accounts.find_one({"_id": "autoinc"}): db.accounts.insert({"_id": "_inc", "seq": 1}) account = Account( { 'email': email, 'passwd': passwd, 'id': db.accounts.find_one({'_id': '_inc'})['seq'] }, conf) db.accounts.update({'_id': '_inc'}, {'$inc': {'seq': 1}}) if conf['PUBLIC_REGISTRATION']: account['activated_at'] = strftime('%Y-%m-%dT%H:%M:%SZ', gmtime()) account['_id'] = account['id'] db.accounts.insert(account) return (jsonify(clear(account)), 201)
def register(): """Registration of new users (no digits-only usernames are allowed), if PUBLIC_REGISTRATION is set to True new accounts are instantly activated. Otherwise you have to do it manually via `manage.py activate $USER`. -- http://developer.getcloudapp.com/register""" conf, db = current_app.config, current_app.db if len(request.data) > 200: return ('Request Entity Too Large', 413) try: d = json.loads(request.data) email = d['user']['email'] if email.isdigit(): raise ValueError # no numbers as username allowed passwd = d['user']['password'] except (ValueError, KeyError): return ('Bad Request', 422) # TODO: allow more characters, unicode -> ascii, before filter if filter(lambda c: not c in conf['ALLOWED_CHARS'], email): return ('Bad Request', 422) if db.accounts.find_one({'email': email}) != None: return ('User already exists', 406) if not db.accounts.find_one({"_id":"autoinc"}): db.accounts.insert({"_id":"_inc", "seq": 1}) account = Account({'email': email, 'passwd': passwd, 'id': db.accounts.find_one({'_id': '_inc'})['seq']}, conf) db.accounts.update({'_id': '_inc'}, {'$inc': {'seq': 1}}) if conf['PUBLIC_REGISTRATION']: account['activated_at'] = strftime('%Y-%m-%dT%H:%M:%SZ', gmtime()) account['_id'] = account['id'] db.accounts.insert(account) return (jsonify(clear(account)), 201)
def account(): """Return account details and/or update given keys. -- http://developer.getcloudapp.com/view-account-details -- http://developer.getcloudapp.com/change-default-security -- http://developer.getcloudapp.com/change-email -- http://developer.getcloudapp.com/change-password PUT: accepts every new password (stored in plaintext) and similar to /register no digit-only "email" address is allowed.""" conf, db = current_app.config, current_app.db account = db.accounts.find_one({'email': request.authorization.username}) if request.method == 'GET': return jsonify(clear(account)) try: _id = account['_id'] data = json.loads(request.data)['user'] except ValueError: return ('Unprocessable Entity', 422) if len(data.keys()) == 1 and 'private_items' in data: db.accounts.update({'_id': _id}, {'$set': { 'private_items': data['private_items'] }}) account['private_items'] = data['private_items'] elif len(data.keys()) == 2 and 'current_password' in data: if not account['passwd'] == A1(account['email'], data['current_password']): return abort(403) if 'email' in data: if filter(lambda c: not c in conf['ALLOWED_CHARS'], data['email']) \ or data['email'].isdigit(): # no numbers allowed abort(400) if db.accounts.find_one({'email': data['email']}) and \ account['email'] != data['email']: return ('User already exists', 406) new = { 'email': data['email'], 'passwd': A1(data['email'], data['current_password']) } db.accounts.update({'_id': _id}, {'$set': new}) account['email'] = new['email'] account['passwd'] = new['passwd'] elif 'password' in data: passwd = A1(account['email'], data['password']) db.accounts.update({'_id': _id}, {'$set': {'passwd': passwd}}) account['passwd'] = passwd else: abort(400) db.accounts.update( {'_id': account['_id']}, {'$set': { 'updated_at': strftime('%Y-%m-%dT%H:%M:%SZ', gmtime()) }}) return jsonify(clear(account))