def change_pwd(token):
dbm = DataBaseManager()
user_email = dbm.verify_token(token)
field = validate.regex()
password = field.validate(field.password_pattern,
request.form.get("password"))
password_conf = password == request.form.get("password_conf")
err_msg = field.compose_error_message(password, password_conf)
if user_email is None:
return render_template("NewPwd.html", session=True)
else:
if err_msg is not None:
return render_template("NewPwd.html",
session=False,
token=token,
error=err_msg)
pwd_manager = Hash()
salt, hashpwd = pwd_manager.get_salt_hash(password)
stored_pwd = "$" + salt + "$" + hashpwd.decode("utf-8")
dbm.update_new_password(stored_pwd, user_email)
return redirect(url_for('render_gallery'))
def test_upload():
userID = request.form.get("userID")
password = request.form.get("password")
file = extract_photo_from_request()
pwd_manager = Hash()
if not pwd_manager.check_password(userID, password):
return Response(status=401)
file_manager = FileManager()
if not file or not file_manager.save_file(file):
return Response(status=400)
saved_files = ImageTransform.make_transformations(
file_manager.last_saved_full_path)
saved_files["original"] = FileManager.extract_filename(
file_manager.last_saved_full_path)
dbm = DataBaseManager()
db_success = dbm.add_photos(userID, "Auto Uploaded", "#test_image",
saved_files)
if db_success:
return Response(status=200)
else:
return Response(status=500)
def create_session_for(username, password):
pwd_manager = Hash()
if pwd_manager.check_password(username, password):
session['user'] = username
session['authorized'] = True
return True
return False
def create_session_for(username, password):
pwd_manager = Hash()
if pwd_manager.check_password(username, password):
session['user'] = username
session['authorized'] = True
dbm = DataBaseManager()
session['type'] = dbm.get_user_type(username)
return True
return False
def authenticate_user():
username = request.form.get('username')
password = request.form.get('password')
pwd_manager = Hash()
if pwd_manager.check_password(username, password):
session['user'] = username
session['authorized'] = True
return redirect(url_for('render_gallery'))
return render_template("index.html", error=True, username=username)
def gen_unique_file_name(filename):
salt, hashfile = Hash.get_salt_hash(filename)
return "$" + salt + "$" + hashfile.decode("utf-8")
def create_user():
if 'authorized' in session and session['authorized'] is True:
return redirect(url_for("render_gallery"))
input_username = request.form.get("username")
input_first_name = request.form.get("first_name")
input_last_name = request.form.get("last_name")
input_email = request.form.get("email")
input_password = request.form.get("password")
input_password_conf = request.form.get("password_conf")
field = validate.regex()
username = field.validate(field.user_name_pattern, input_username)
first_name = field.validate(field.first_name_pattern, input_first_name)
last_name = field.validate(field.last_name_pattern, input_last_name)
email = field.validate(field.email_pattern, input_email)
password = field.validate(field.password_pattern, input_password)
password_conf = password == input_password_conf
err_msg = compose_error_message(username, first_name, last_name, email,
password, password_conf)
if err_msg is not None:
return render_template("newuser.html",
error=err_msg,
username=input_username,
first_name=input_first_name,
last_name=input_last_name,
email=input_email,
password=input_password,
password_conf=input_password_conf)
pwd_manager = Hash()
salt, hashpwd = pwd_manager.get_salt_hash(password)
stored_pwd = "$" + salt + "$" + hashpwd.decode("utf-8")
dbm = DataBaseManager()
email_already_registered = dbm.email_already_exists(email)
if not email_already_registered:
db_success = dbm.add_user(username, first_name, last_name, email,
stored_pwd)
if db_success:
session['user'] = username
session['authorized'] = True
return redirect(url_for('render_gallery'))
else:
# Getting here means that either there was a database error or the username is already taken.
# Since the user will have to retry anyways, we might as well say there was an error with the
# chosen username
err_msg = ["Username is unavailable."]
return render_template("newuser.html",
error=err_msg,
username=input_username,
first_name=input_first_name,
last_name=input_last_name,
email=input_email,
password=input_password,
password_conf=input_password_conf)
else:
err_msg = ["An account already exists with this Email"]
return render_template("newuser.html",
error=err_msg,
username=username,
first_name=first_name,
last_name=last_name,
email=email,
password=password,
password_conf=password_conf)