def customerio():
if request.headers.get('x-cio-timestamp', '') == '':
return make_response(
jsonify({
'success': False,
'reason': 'Invalid request made.'
}), 400)
payload = b'v0:' + request.headers.get(
'x-cio-timestamp').encode() + b':' + request.get_data()
signature = hmac.new(
key=current_app.config.get('CUSTOMERIO_SIGNING_KEY').encode(),
msg=payload,
digestmod=hashlib.sha256).hexdigest()
if signature != request.headers.get('x-cio-signature'):
return make_response(
jsonify({
'success': False,
'reason': 'Invalid request made.'
}), 400)
body = request.get_json()
assert body.get('event_type') == 'email_bounced'
account = Account.find_by_email(body.get('data').get('email_address'))
if account is None:
return 'ok'
account.lock('bounced')
account.save(True)
return 'ok'
def login():
if "email" in session:
account = Account.find_by_email(session["email"])
if account:
return redirect(url_for("instances.list"))
return render_template("auth/login.html", form=AuthenticationForm())
def lost_password():
"""
Send a one time login link to authenticate the user.
The link will contain an Session token that can be used directly from the app.
"""
form = LostPasswordForm.load(request)
form.validate()
account = Account.find_by_email(form.email.data)
if account:
ot = Session(account.id)
ot.save(True)
ot.send()
return jsonify({
'success': True
})
def authenticate():
form = AuthenticationForm(request.form)
if not form.validate():
return render_template("auth/login.html", form=form)
account = Account.find_by_email(form.email.data)
if not account:
form.email.errors = ["Invalid email or password."]
elif not account.check_passwd(form.password.data):
form.email.errors = ["Invalid email or password."]
if len(form.email.errors) > 0:
form.password.data = None
return render_template("auth/login.html", form=form)
session["email"] = form.email.data
return redirect(url_for("instances.list"))
def login():
"""
Authenticate the user via the provided login/password
"""
form = AuthForm.load(request)
form.validate()
account = Account.find_by_email(form.email.data)
if not account:
form.error('email', 'Invalid email/password credentials provided.')
if not account.verify_password(form.password.data):
form.error('email', 'Invalid email/password credentials provided.')
ot = Session(account.id).save(True)
return jsonify({
'success': True,
'token': ot.token,
'account': account.serialize()
})
def update():
form = AccountUpdateForm.load(request)
form.validate()
if form.email.data != g.account.email:
if Account.find_by_email(form.email.data):
form.error('email', 'This email is already used on our service.')
updates = form.get_as_dict()
pendingEmail = False
if updates.get('email', None) and g.account.email != updates['email']:
ae = AccountEmail(g.account.id, updates['email'])
ae.save(True)
ae.send(updated=True)
del updates['email']
pendingEmail = True
if updates.get('company_vat'):
try:
details = get_vat_details(form.company_vat.data)
if not updates.get('company_name') and not g.account.company_name:
updates['company_name'] = details['name']
if not updates.get('company_details') and not g.account.company_details:
updates['company_details'] = details['address']
if not updates.get('country') and not g.account.country:
updates['country'] = details['countryCode']
except Exception as e:
form.error('company_vat', 'Invalid VAT provided.')
g.account.update(**updates)
g.account.save(True)
return jsonify({
'success': True,
'pendingEmail': pendingEmail,
'account': g.account.serialize()
})
