def add_user(first_name, last_name, username, password, method, is_hashed, email, timezone, preferred_languages, overwrite=False): logger.info("Creating the user in the database.") pwd_generated = False if password is None: assert not is_hashed password = generate_random_password() pwd_generated = True if is_hashed: stored_password = build_password(password, method) else: stored_password = hash_password(password, method) if preferred_languages is None or preferred_languages == "": preferred_languages = "[]" else: preferred_languages = \ "[" + ",".join("\"" + lang + "\"" for lang in preferred_languages.split(",")) + "]" user = User(first_name=first_name, last_name=last_name, username=username, password=stored_password, email=email, timezone=timezone, preferred_languages=preferred_languages) with SessionGen() as session: if overwrite: existing_user = session.query(User) \ .filter(User.username == username).first() if existing_user is not None: user = existing_user user.first_name = first_name user.last_name = last_name user.username = username if not pwd_generated: user.password = stored_password else: pwd_generated = False user.email = email or user.email user.timezone = timezone or user.timezone user.preferred_languages = preferred_languages or \ user.preferred_languages try: session.add(user) session.commit() except IntegrityError: logger.error("A user with the given username already exists.") return False logger.info("User added%s. " "Use AddParticipation to add this user to a contest." % (" with password %s" % password if pwd_generated else "")) return True
def add_user(first_name, last_name, username, password, email, timezone=None, preferred_languages=None): if password is None: password = generate_random_password() if preferred_languages is None or preferred_languages == "": preferred_languages = [] else: preferred_languages = [lang for lang in preferred_languages.split(",")] user = User( first_name=first_name, last_name=last_name, username=username, password=password, email=email, timezone=timezone, preferred_languages=preferred_languages ) try: with SessionGen() as session: session.add(user) session.commit() except IntegrityError: return False logger.info("Registered user {} with password {}".format(username, password)) return True
def add_user(first_name, last_name, username, password, email, timezone, preferred_languages): logger.info("Creating the user in the database.") if password is None: password = generate_random_password() if preferred_languages is None or preferred_languages == "": preferred_languages = "[]" else: preferred_languages = \ "[" + ",".join("\"" + lang + "\"" for lang in preferred_languages.split(",")) + "]" user = User(first_name=first_name, last_name=last_name, username=username, password=password, email=email, timezone=timezone, preferred_languages=preferred_languages) try: with SessionGen() as session: session.add(user) session.commit() except IntegrityError: logger.error("A user with the given username already exists.") return False logger.info("User added. " "Use AddParticipation to add this user to a contest.") return True
def get_user(self, username): """See docstring in class Loader. """ logger.info("Loading parameters for user %s." % username) conf = self.users_conf[username] assert username == conf['username'] args = {} load(conf, args, "username") load(conf, args, "password") load(conf, args, "ip") load(conf, args, ["first_name", "nome"]) load(conf, args, ["last_name", "cognome"]) if "first_name" not in args: args["first_name"] = "" if "last_name" not in args: args["last_name"] = args["username"] load(conf, args, ["hidden", "fake"], conv=lambda a: a is True or a == "True") logger.info("User parameters loaded.") return User(**args)
def post(self): fallback_page = "/users/add" try: attrs = dict() self.get_string(attrs, "first_name") self.get_string(attrs, "last_name") self.get_string(attrs, "username", empty=None) self.get_string(attrs, "password") self.get_string(attrs, "email") assert attrs.get("username") is not None, \ "No username specified." self.get_string(attrs, "timezone", empty=None) self.get_string(attrs, "preferred_languages") # Create the user. user = User(**attrs) self.sql_session.add(user) except Exception as error: self.application.service.add_notification( make_datetime(), "Invalid field(s)", repr(error)) self.redirect(fallback_page) return if self.try_commit(): # Create the user on RWS. self.application.service.proxy_service.reinitialize() self.redirect("/user/%s" % user.id) else: self.redirect(fallback_page)
def add_users(users_info, contest_name=None): """ Add the given users to the database, if they don't exist. If contest_name is given and it exists, participations are created (for existing users, too). Each user info should be a dictionary with the fields: username, password. Optionally: first_name (default is empty). last_name (default is empty). hidden (default is false). unrestricted (default is false). """ with SessionGen() as session: existing_users = session.query(User).all() existing_usernames = {user.username: user for user in existing_users} # If the contest does not exist, this raises an exception, # and participations will not be created. try: contest = get_contest(session, contest_name) participations = session.query(Participation)\ .filter(Participation.contest_id == contest.id)\ .all() existing_participations = set(participation.user.username for participation in participations) except Exception: contest = None existing_participations = set() for user_info in users_info: username = user_info["username"] # If this user exists, fetch the User database object. # Otherwise, create one. if username in existing_usernames: user = existing_usernames[username] else: first_name = user_info.get("first_name", "") last_name = user_info.get("last_name", "") password = user_info["password"] user = User(first_name=unicode(first_name), last_name=unicode(last_name), username=unicode(username), password=unicode(password)) session.add(user) # If the participation does not exist and the contest is given, # add it. if contest is not None and \ username not in existing_participations: participation = Participation( user=user, contest=contest, hidden=user_info.get("hidden", False), unrestricted=user_info.get("unrestricted", False)) session.add(participation) session.commit()
def post(self): if not self.contest.allow_registration: raise tornado.web.HTTPError(404) try: first_name = self.get_argument("first_name") last_name = self.get_argument("last_name") username = self.get_argument("username") password = self.get_argument("password") if not 1 <= len(first_name) <= self.MAX_INPUT_LENGTH: raise ValueError() if not 1 <= len(last_name) <= self.MAX_INPUT_LENGTH: raise ValueError() if not 1 <= len(username) <= self.MAX_INPUT_LENGTH: raise ValueError() if not re.match(r"^[A-Za-z0-9_-]+$", username): raise ValueError() if not self.MIN_PASSWORD_LENGTH <= len(password) \ <= self.MAX_INPUT_LENGTH: raise ValueError() except (tornado.web.MissingArgumentError, ValueError): raise tornado.web.HTTPError(400) # Override password with its hash password = hash_password(password) # If we have teams, we assume that the 'team' field is mandatory if self.sql_session.query(Team).count() > 0: try: team_code = self.get_argument("team") team = self.sql_session.query(Team)\ .filter(Team.code == team_code)\ .one() except (tornado.web.MissingArgumentError, NoResultFound): raise tornado.web.HTTPError(400) else: team = None # Check if the username is available tot_users = self.sql_session.query(User)\ .filter(User.username == username).count() if tot_users != 0: # HTTP 409: Conflict raise tornado.web.HTTPError(409) # Store new user and participation user = User(first_name, last_name, username, password) self.sql_session.add(user) participation = Participation(user=user, contest=self.contest, team=team) self.sql_session.add(participation) self.sql_session.commit() self.finish(username)
def get_user(cls, **kwargs): """Create a user""" args = { "username": unique_unicode_id(), "password": "", "first_name": unique_unicode_id(), "last_name": unique_unicode_id(), } args.update(kwargs) user = User(**args) return user
def add_user(self, **kwargs): """Add a user.""" args = { "username": unique_unicode_id(), "password": "", "first_name": unique_unicode_id(), "last_name": unique_unicode_id(), } args.update(kwargs) user = User(**args) self.session.add(user) return user
def _create_user(self): try: first_name = self.get_argument("first_name") last_name = self.get_argument("last_name") username = self.get_argument("username") password = self.get_argument("password") email = self.get_argument("email") if len(email) == 0: email = None if self.contest.registration_requires_captcha: captcha_input = self.get_argument("captcha") captcha_input_signature = self.signature(captcha_input) captcha_cookie = self.get_secure_cookie("captcha").decode( 'utf-8') captcha_clear_signature, captcha_username = captcha_cookie.split( '_', 1) if not 1 <= len(first_name) <= self.MAX_INPUT_LENGTH: raise ValueError() if not 1 <= len(last_name) <= self.MAX_INPUT_LENGTH: raise ValueError() if not 1 <= len(username) <= self.MAX_INPUT_LENGTH: raise ValueError() if not re.match(r"^[A-Za-z0-9_-]+$", username): raise ValueError() if not self.MIN_PASSWORD_LENGTH <= len(password) \ <= self.MAX_INPUT_LENGTH: raise ValueError() if self.contest.registration_requires_captcha: if not re.match(r"^[0-9]+$", captcha_input): raise ValueError() if not captcha_input_signature == captcha_clear_signature: raise ValueError() if not username == captcha_username: raise ValueError() except (tornado_web.MissingArgumentError, ValueError): raise tornado_web.HTTPError(400) # Override password with its hash password = hash_password(password) # Check if the username is available tot_users = self.sql_session.query(User)\ .filter(User.username == username).count() if tot_users != 0: # HTTP 409: Conflict raise tornado_web.HTTPError(409) # Store new user user = User(first_name, last_name, username, password, email=email) self.sql_session.add(user) return user
def _makeuser(self, username): """ Return a User object for the specified user which can be saved to the database. username (unicode): the name of the user to generate return (User,Participation): database object for the user """ user = self.users[username] # The user should never actually use this password, because we set # different passwords for each participation. udb = User(username=user.username, first_name=user.firstname, last_name=user.lastname, password=build_password(user.password)) udb.timezone = user.timezone udb.preferred_languages = user.primary_statements return udb
def add_user(contest_id, first_name, last_name, username, password, ip_address, email, hidden): with SessionGen() as session: contest = Contest.get_from_id(contest_id, session) user = User(first_name=first_name, last_name=last_name, username=username, password=password, email=email, ip=ip_address, hidden=hidden, contest=contest) session.add(user) session.commit()
def get_users(self): users = self.read_users() result = [] for user in users: args = {'username': user['username'], 'first_name': user.get('name', user['username']), 'last_name': user.get('last_name', ''), 'email': user.get('email', None)} password = user.get('password') if password: args['password'] = password user_obj = User(**args) result.append(user_obj) return result
def get_user(self, username): """See docstring in class Loader. """ logger.info("Loading parameters for user %s.", username) user = self.users_conf[username] args = {} args['username'] = user[0] args['password'] = user[1] args['first_name'] = user[2] args['last_name'] = user[3] args['hidden'] = (len(user) > 4 and user[4] == '1') logger.info("User parameters loaded.") return User(**args)
def get_user(self): """See docstring in class UserLoader.""" if not os.path.exists( os.path.join(os.path.dirname(self.path), "contest.yaml")): logger.critical("File missing: \"contest.yaml\"") return None username = os.path.basename(self.path) logger.info("Loading parameters for user %s.", username) conf = yaml.safe_load( io.open(os.path.join(os.path.dirname(self.path), "contest.yaml"), "rt", encoding="utf-8")) args = {} conf = load(conf, None, ["users", "utenti"]) if not conf: conf = [] conf += load_csv(os.path.dirname(self.path)) for user in conf: if user["username"] == username: conf = user break else: logger.critical("The specified user cannot be found.") return None load(conf, args, "username") load(conf, args, "password") load(conf, args, "level") load(conf, args, "school") load(conf, args, ["first_name", "nome"]) load(conf, args, ["last_name", "cognome"]) if "first_name" not in args: args["first_name"] = "" if "last_name" not in args: args["last_name"] = args["username"] logger.info("User parameters loaded.") return User(**args)
def do_import(self): """Get the contest from the Loader and store it.""" if not self._prepare_db(): return False # Get the contest contest, tasks, users = self.loader.get_contest() # Get the tasks for task in tasks: contest.tasks.append(self.loader.get_task(task)) # Get the users or, if asked, generate them if self.user_number is None: for user in users: contest.users.append(self.loader.get_user(user)) else: logger.info("Generating %s random users." % self.user_number) contest.users = [ User("User %d" % i, "Last name %d" % i, "user%03d" % i) for i in xrange(self.user_number) ] # Apply the modification flags if self.zero_time: contest.start = datetime.datetime(1970, 1, 1) contest.stop = datetime.datetime(1970, 1, 1) elif self.test: contest.start = datetime.datetime(1970, 1, 1) contest.stop = datetime.datetime(2100, 1, 1) for user in contest.users: user.password = '******' user.ip = None # Store logger.info("Creating contest on the database.") with SessionGen() as session: session.add(contest) session.commit() contest_id = contest.id logger.info("Import finished (new contest id: %s)." % contest_id)
def get_user(self): """See docstring in class Loader. """ username = os.path.basename(self.path) userdata = None # This is not standard Polygon feature, but useful for CMS users # we assume contestants.txt contains one line for each user: # # username;password;first_name;last_name;hidden # # For example: # # contestant1;123;Cont;Estant;0 # jury;1234;Ju;Ry;1 users_path = os.path.join(os.path.dirname(self.path), 'contestants.txt') if os.path.exists(users_path): with io.open(users_path, "rt", encoding="utf-8") as users_file: for user in users_file.readlines(): user = user.strip().split(';') name = user[0].strip() if name == username: userdata = [x.strip() for x in user] if userdata is not None: logger.info("Loading parameters for user %s.", username) args = {} args['username'] = userdata[0] args['password'] = build_password(userdata[1]) args['first_name'] = userdata[2] args['last_name'] = userdata[3] args['hidden'] = (len(userdata) > 4 and userdata[4] == '1') logger.info("User parameters loaded.") return User(**args) else: logger.critical("User %s not found in contestants.txt file.", username) return None
def post(self): fallback_page = self.url("users", "add") try: attrs = dict() self.get_string(attrs, "first_name") self.get_string(attrs, "last_name") self.get_string(attrs, "username", empty=None) self.get_int(attrs, "grade") self.get_string(attrs, "city_region") self.get_string(attrs, "school_name") self.get_password(attrs, None, False) self.get_string(attrs, "email", empty=None) assert attrs.get("username") is not None, \ "No username specified." self.get_string(attrs, "timezone", empty=None) self.get_string_list(attrs, "preferred_languages") # Create the user. user = User(**attrs) self.sql_session.add(user) except Exception as error: self.service.add_notification(make_datetime(), "Invalid field(s)", repr(error)) self.redirect(fallback_page) return if self.try_commit(): # Create the user on RWS. self.service.proxy_service.reinitialize() self.redirect(self.url("user", user.id)) else: self.redirect(fallback_page)
def get_user(self): """See docstring in class UserLoader.""" if not os.path.exists(os.path.join(os.path.dirname(self.path), "contest.yaml")): logger.critical("File missing: \"contest.yaml\"") return None username = os.path.basename(self.path) logger.info("Loading parameters for user %s.", username) conf = load_yaml_from_path( os.path.join(os.path.dirname(self.path), "contest.yaml")) args = {} conf = load(conf, None, ["users", "utenti"]) for user in conf: if user["username"] == username: conf = user break else: logger.critical("The specified user cannot be found.") return None load(conf, args, "username") load(conf, args, "password", conv=build_password) load(conf, args, ["first_name", "nome"]) load(conf, args, ["last_name", "cognome"]) if "first_name" not in args: args["first_name"] = "" if "last_name" not in args: args["last_name"] = args["username"] logger.info("User parameters loaded.") return User(**args)
def _create_user(self): try: first_name = self.get_argument("first_name") last_name = self.get_argument("last_name") username = self.get_argument("username") password = self.get_argument("password") email = self.get_argument("email") if len(email) == 0: email = None if not 1 <= len(first_name) <= self.MAX_INPUT_LENGTH: raise ValueError() if not 1 <= len(last_name) <= self.MAX_INPUT_LENGTH: raise ValueError() if not 1 <= len(username) <= self.MAX_INPUT_LENGTH: raise ValueError() if not re.match(r"^[A-Za-z0-9_-]+$", username): raise ValueError() if not self.MIN_PASSWORD_LENGTH <= len(password) \ <= self.MAX_INPUT_LENGTH: raise ValueError() except (tornado_web.MissingArgumentError, ValueError): raise tornado_web.HTTPError(400) # Override password with its hash password = hash_password(password) # Check if the username is available tot_users = self.sql_session.query(User)\ .filter(User.username == username).count() if tot_users != 0: # HTTP 409: Conflict raise tornado_web.HTTPError(409) # Store new user user = User(first_name, last_name, username, password, email=email) self.sql_session.add(user) return user
def get_user(self): # due to the terrible AddUser script conf_path = os.path.dirname(self.path) username = os.path.basename(self.path) if not exists(conf_path): logger.critical("cannot find user config file") return None logger.info("loading parameters for user \"%s\"", username) conf = load_yaml(conf_path) candidates = [u for u in conf['users'] if u['username'] == username] if len(candidates) == 0: logger.critical("cannot find specified user") return None if len(candidates) > 1: logger.critical("multiple users found with the same name") return None user_conf = candidates[0] # default values user_conf.setdefault('first_name', '') user_conf.setdefault('last_name', username) user = {} assign(user, user_conf, 'username') assign(user, user_conf, 'first_name') assign(user, user_conf, 'last_name') assign(user, user_conf, 'password', build_password) logger.info("user parameters loaded") return User(**user)
def add_user(first_name, last_name, username, password, method, is_hashed, email, timezone, preferred_languages): logger.info("Creating the user in the database.") pwd_generated = False if password is None: assert not is_hashed password = generate_random_password() pwd_generated = True if is_hashed: stored_password = build_password(password, method) else: stored_password = hash_password(password, method) if preferred_languages is None: preferred_languages = [] else: preferred_languages = list(lang.strip() for lang in preferred_languages.split(",") if lang.strip()) user = User(first_name=first_name, last_name=last_name, username=username, password=stored_password, email=email, timezone=timezone, preferred_languages=preferred_languages) try: with SessionGen() as session: session.add(user) session.commit() except IntegrityError: logger.error("A user with the given username already exists.") return False logger.info("User added%s. " "Use AddParticipation to add this user to a contest." % (" with password %s" % password if pwd_generated else "")) return True
def post(self): if not self.contest.allow_registration: raise tornado.web.HTTPError(404) try: first_name = self.get_argument("first_name") last_name = self.get_argument("last_name") username = self.get_argument("username") password = self.get_argument("password") email = self.get_argument("email") if len(email) == 0: email = None if not 1 <= len(first_name) <= self.MAX_INPUT_LENGTH: raise ValueError() if not 1 <= len(last_name) <= self.MAX_INPUT_LENGTH: raise ValueError() if not 1 <= len(username) <= self.MAX_INPUT_LENGTH: raise ValueError() if not re.match(r"^[A-Za-z0-9_-]+$", username): raise ValueError() if not self.MIN_PASSWORD_LENGTH <= len(password) \ <= self.MAX_INPUT_LENGTH: raise ValueError() except (tornado.web.MissingArgumentError, ValueError): raise tornado.web.HTTPError(400) # Override password with its hash password = hash_password(password) # If we have teams, we assume that the 'team' field is mandatory if self.sql_session.query(Team).count() > 0: try: team_code = self.get_argument("team") school = self.get_argument("school") team = self.sql_session.query(Team)\ .filter(Team.code == team_code)\ .one() except (tornado.web.MissingArgumentError, NoResultFound): raise tornado.web.HTTPError(400) else: team = None school = None # Check if the username is available tot_users = self.sql_session.query(User)\ .filter(User.username == username).count() if tot_users != 0: # HTTP 409: Conflict raise tornado.web.HTTPError(409) # Store new user and participation user = User(first_name, last_name, username, password, email=email) self.sql_session.add(user) # # Get contest IDs of all contests which are public # f = open('/home/ubuntu/public_contests') # public_contests = set() # for line in f: # digit_contain = False # if (line[0] == '#'): # continue # for c in line: # if (48 <= ord(c)) and (ord(c) <= 57): # digit_contain = True # break # if digit_contain: # public_contests.add(int(line.strip())) # f.close() # Add participation to all public contests for contest in self.sql_session.query(Contest): # if (contest.id in public_contests): if (contest.allow_registration): self.sql_session.add(Participation(user=user, contest=contest, team=team)) # Make log to add additional school if (school != None) and (len(school) > 0): f = open('/home/ubuntu/logs/TODO_logs', 'a') l = str(datetime.datetime.now()) l += " ADD SCHOOL REQUEST " l += " Username: "******" School: " + school f.write(l+'\n') f.close() self.sql_session.commit() self.finish(username)
def get_user(self): """See docstring in class Loader. """ username = os.path.basename(self.path) userdata = None # Shaker user format (CSV-based): # # This is not standard Polygon feature, but useful for CMS users # we assume contestants.txt contains one line for each user, and # a header line, as follow: # # ...,Prénom,Nom,Pseudo,Mot de passe,... # (additionnal columns are accepted, and order isn't important) # users_path = os.path.join(os.path.dirname(self.path), 'contestants.csv') if not os.path.exists(users_path): users_path = os.path.join(os.path.dirname(self.path), '../contestants.csv') if not os.path.exists(users_path): logger.critical("contestants.csv not found!") exit(1) return None try: headers = dict() if os.path.exists(users_path): with io.open(users_path, "rt", encoding="utf-8") as users_file: reader = unicode_csv_reader(users_file) # Headers headers_list = next(reader) headers = dict(zip(headers_list, range(len(headers_list)))) # Content for user in reader: if len(user) == 0: continue name = user[headers['Pseudo']].strip() if name == username: userdata = [x.strip() for x in user] break def get_param(param, default=None): try: return userdata[headers[param]] except KeyError as _: if default is None: raise _ return default if userdata is not None: logger.info("Loading parameters for user %s.", username) args = { 'username': get_param('Pseudo'), 'password': get_param('Mot de passe', ''), 'first_name': get_param('Prénom', ''), 'last_name': get_param('Nom', '') } # args['hidden'] = get_param('hidden', False) == '1' # Generate a password if none is defined if len(args['password']) == 0: args['password'] = random_password() # Build an auth string from the password args['password'] = build_password(args['password']) logger.info("User parameters loaded.") return User(**args) else: logger.critical("User %s not found in contestants.csv file.", username) exit(1) return None except KeyError as e: logger.critical( "contestants.csv is ill-formed: column %s not found!", e) exit(1) return None
def user_handler(self): if local.data['action'] == 'new': try: username = local.data['username'] password = local.data['password'] email = local.data['email'].lower() firstname = local.data['firstname'] lastname = local.data['lastname'] recaptcha_response = local.data['recaptcha_response'] except KeyError: logger.warning('Missing parameters') return 'Bad request' # Check captcha r = requests.post( "https://www.google.com/recaptcha/api/siteverify", data={'secret': config.get("core", "recaptcha_secret_key"), 'response': recaptcha_response}, #, 'remoteip': ''}, verify=False) try: assert r.json()["success"] == True except: return "Bad request" token = self.hashpw(password) err = self.check_user(username) if err is not None: return err err = self.check_email(email) if err is not None: return err user = User( first_name=firstname, last_name=lastname, username=username, password=token, email=email ) social_user = SocialUser( access_level=6, registration_time=make_datetime() ) contest = local.session.query(Contest)\ .filter(Contest.id == self.CONTEST_ID)\ .first() participation = Participation( user=user, contest=contest ) social_user.user = user if 'institute' in local.data: social_user.institute_id = int(local.data['institute']) try: local.session.add(user) local.session.add(social_user) local.session.add(participation) local.session.commit() except IntegrityError: return 'User already exists' elif local.data['action'] == 'login': try: username = local.data['username'] password = local.data['password'] except KeyError: logger.warning('Missing parameter') return 'Bad request' token = self.hashpw(password) participation = self.get_participation(username, token) if participation is None: return 'login.error' else: user = participation.user local.resp['token'] = token local.resp['user'] = self.get_user_info(user) elif local.data['action'] == 'get': user = local.session.query(User)\ .filter(User.username == local.data['username']).first() if user is None: return 'Not found' local.resp = self.get_user_info(user) # Append scores of tried tasks local.resp['scores'] = [] for ts in user.social_user.taskscores: taskinfo = dict() taskinfo['name'] = ts.task.name taskinfo['score'] = ts.score taskinfo['title'] = ts.task.title local.resp['scores'].append(taskinfo) elif local.data['action'] == 'list': query = local.session.query(User)\ .join(SocialUser)\ .order_by(desc(SocialUser.score))\ .order_by(desc(SocialUser.id)) if 'institute' in local.data: query = query\ .filter(SocialUser.institute_id == local.data['institute']) users, local.resp['num'] = self.sliced_query(query) local.resp['users'] = map(self.get_user_info, users) elif local.data['action'] == 'update': if local.user is None: return 'Unauthorized' if 'institute' in local.data and \ local.data['institute'] is not None: local.user.institute_id = int(local.data['institute']) if 'email' in local.data and \ local.data['email'] != '' and \ local.user.email != local.data['email']: err = self.check_email(local.data['email']) if err is not None: return err local.user.email = local.data['email'] if 'old_password' in local.data and \ local.data['old_password'] != '': old_token = self.hashpw(local.data['old_password']) if local.user.password != old_token: return 'Wrong password' if len(local.data['password']) < 5: return 'Password\'s too short' new_token = self.hashpw(local.data['password']) local.user.password = new_token local.resp['token'] = new_token local.session.commit() else: return 'Bad request'
def post(self): fallback_page = self.url("users", "import") r_params = self.render_params() action = self.get_body_argument('action', 'upload') if action == 'upload': ignore_existing = self.get_body_argument('ignore_existing', False) generate_passwords = self.get_body_argument( 'generate_passwords', False) ignored = 0 try: user_csv = self.request.files["users_csv"][0] users = CsvUserLoader(None, None, user_csv['body']).get_users() processed_users = [] for user in users: if generate_passwords or callable(user.password): user.password = None db_user = self.sql_session.query(User).filter_by( username=user.username).first() if db_user: if ignore_existing: if db_user.password: db_user.password = '******' processed_users.append((False, db_user)) ignored += 1 else: self.application.service.add_notification( make_datetime(), 'Import failed', 'User "%s" already exists' % user.username) self.redirect(fallback_page) return else: processed_users.append((True, user)) if ignored: self.application.service.add_notification( make_datetime(), "User exists", '%d users already exist, ignored' % ignored) r_params['users'] = processed_users self.render("users_import_preview.html", **r_params) return except Exception as error: self.application.service.add_notification( make_datetime(), "Bad CSV file", repr(error)) self.redirect(fallback_page) return elif action == 'save': usernames = self.get_body_arguments('username', False) first_names = self.get_body_arguments('first_name', False) last_names = self.get_body_arguments('last_name', False) passwords = self.get_body_arguments('password', False) emails = self.get_body_arguments('email', False) for i in range(len(usernames)): args = { 'username': usernames[i], 'first_name': first_names[i], 'last_name': last_names[i], 'email': emails[i], } if passwords[i]: args['password'] = passwords[i] else: args['password'] = crypto.generate_random_password() args['password'] = crypto.hash_password(args['password'], method='plaintext') user = User(**args) self.sql_session.add(user) if self.try_commit(): # Create the user on RWS. self.application.service.proxy_service.reinitialize() self.redirect(self.url("users")) return else: self.redirect(fallback_page) return self.redirect(fallback_page)
def post(self): if not self.contest.online_registration: raise tornado.web.HTTPError(404) fail_redirect = lambda msg: self.redirect("/register?register_error=" + escape.url_escape(msg)) attrs = dict() attrs['password'] = self.get_argument("password", "") attrs['first_name'] = self.get_argument("first_name", "").strip() attrs['last_name'] = self.get_argument("last_name", "").strip() attrs['email'] = self.get_argument("email", "").strip() attrs['city'] = self.get_argument("city", "").strip() attrs['school'] = self.get_argument("school", "").strip() attrs['username'] = self.get_argument("email", "").strip() if len(attrs['username']) < 3: fail_redirect('El usuario tiene que tener al menos 3 caracteres.') return if len(attrs['password']) < 3: fail_redirect('La clave tiene que tener al menos 3 caracteres.') return if not re.match(r"[A-Za-z0-9]*$", attrs['password']): fail_redirect('La clave sólo puede tener letras y números.') return if len(attrs['first_name']) < 3: fail_redirect('El nombre tiene que tener al menos 3 caracteres.') return if len(attrs['last_name']) < 3: fail_redirect('El apellido tiene que tener al menos 3 caracteres.') return if not re.match(r"([^@|\s]+@[^@]+\.[^@|\s]+)", attrs['email']): fail_redirect('Email invalido.') return if len(attrs['city']) < 3: fail_redirect('La ciudad tiene que tener al menos 3 caracteres.') return if len(attrs['school']) < 3: fail_redirect('La escuela tiene que tener al menos 3 caracteres.') return url = 'https://www.google.com/recaptcha/api/siteverify' values = { 'secret': self.contest.captcha_server_code, 'response': self.get_argument("g-recaptcha-response", ""), 'remoteip': self.request.remote_ip } data = urllib.urlencode(values) req = urllib2.Request(url, data) response = urllib2.urlopen(req) captcha = json.load(response)['success'] if not captcha: fail_redirect('Por favor, vuelva a verificar el captcha.') return try: user = self.sql_session.query(User)\ .filter(User.username == attrs['username'])\ .first() if user is not None: fail_redirect('El nombre de usuario ya existe.') return user = self.sql_session.query(User)\ .filter(User.email == attrs['email'])\ .first() if user is not None: fail_redirect( 'El email ya esta asociado a una cuenta existente.') return except Exception as error: fail_redirect("Error verificando usuario.") return code = uuid.uuid4().hex attrs['activation_code'] = code attrs['activation_expire'] = datetime.now() + timedelta(days=3) self.sql_session.query(User)\ .filter(User.activation_expire < datetime.now())\ .delete() try: # Create the user. user = User(**attrs) self.sql_session.add(user) self.sql_session.commit() send_confirmation_code(self.contest.gmail_sender, self.contest.gmail_password, attrs, self.request.host) except Exception as error: fail_redirect("Error creando usuario.") else: # Create the user on RWS. self.application.service.proxy_service.reinitialize() self.redirect("/?msg=" + escape.url_escape( "Un correo electrónico fue enviado al email conteniendo el link para activar la cuenta." ))
def user_handler(self): if local.data['action'] == 'new': try: username = local.data['username'] password = local.data['password'] email = local.data['email'] firstname = local.data['firstname'] lastname = local.data['lastname'] institute = int(local.data['institute']) except KeyError: logger.warning('Missing parameters') return 'Bad request' token = self.hashpw(password) err = self.check_user(username) if err is not None: return err err = self.check_email(email) if err is not None: return err user = User( first_name=firstname, last_name=lastname, username=username, password=token, email=email, access_level=6, registration_time=make_datetime() ) user.institute_id = institute try: local.session.add(user) local.session.commit() except IntegrityError: return 'signup.user_exists' elif local.data['action'] == 'login': try: username = local.data['username'] password = local.data['password'] except KeyError: logger.warning('Missing parameter') return 'Bad request' token = self.hashpw(password) user = self.get_user(username, token) if user is None: return 'login.error' else: local.resp['token'] = token local.resp['user'] = self.get_user_info(user) elif local.data['action'] == 'get': user = local.session.query(User)\ .filter(User.username == local.data['username']).first() if user is None: return 'Not found' local.resp = self.get_user_info(user) # Append scores of tried tasks local.resp['scores'] = [] for ts in user.taskscores: taskinfo = dict() taskinfo['name'] = ts.task.name taskinfo['score'] = ts.score taskinfo['title'] = ts.task.title local.resp['scores'].append(taskinfo) elif local.data['action'] == 'list': query = local.session.query(User)\ .filter(User.hidden == False)\ .order_by(desc(User.score))\ .order_by(desc(User.id)) if 'institute' in local.data: query = query\ .filter(User.institute_id == local.data['institute']) users, local.resp['num'] = self.sliced_query(query) local.resp['users'] = map(self.get_user_info, users) elif local.data['action'] == 'update': if local.user is None: return 'Unauthorized' if 'institute' in local.data and \ local.data['institute'] is not None: local.user.institute_id = int(local.data['institute']) if 'email' in local.data and \ local.data['email'] != '' and \ local.user.email != local.data['email']: err = self.check_email(local.data['email']) if err is not None: return err local.user.email = local.data['email'] if 'old_password' in local.data and \ local.data['old_password'] != '': old_token = self.hashpw(local.data['old_password']) if local.user.password != old_token: return 'Wrong password' if len(local.data['password']) < 5: return 'Password\'s too short' new_token = self.hashpw(local.data['password']) local.user.password = new_token local.resp['token'] = new_token local.session.commit() else: return 'Bad request'
def user_handler(self): if local.data["action"] == "new": try: username = local.data["username"] password = local.data["password"] email = local.data["email"] firstname = local.data["firstname"] lastname = local.data["lastname"] institute = int(local.data["institute"]) except KeyError: logger.warning("Missing parameters") return "Bad request" token = self.hashpw(password) err = self.check_user(username) if err is not None: return err err = self.check_email(email) if err is not None: return err user = User( first_name=firstname, last_name=lastname, username=username, password=token, email=email, access_level=6, registration_time=make_datetime(), ) user.institute_id = institute try: local.session.add(user) local.session.commit() except IntegrityError: return "signup.user_exists" elif local.data["action"] == "login": try: username = local.data["username"] password = local.data["password"] except KeyError: logger.warning("Missing parameter") return "Bad request" token = self.hashpw(password) user = self.get_user(username, token) if user is None: return "login.error" else: local.resp["token"] = token local.resp["user"] = self.get_user_info(user) elif local.data["action"] == "get": user = local.session.query(User).filter(User.username == local.data["username"]).first() if user is None: return "Not found" local.resp = self.get_user_info(user) # Append scores of tried tasks local.resp["scores"] = [] for ts in user.taskscores: taskinfo = dict() taskinfo["name"] = ts.task.name taskinfo["score"] = ts.score taskinfo["title"] = ts.task.title local.resp["scores"].append(taskinfo) elif local.data["action"] == "list": query = ( local.session.query(User) .filter(User.hidden == False) .order_by(desc(User.score)) .order_by(desc(User.id)) ) if "institute" in local.data: query = query.filter(User.institute_id == local.data["institute"]) users, local.resp["num"] = self.sliced_query(query) local.resp["users"] = map(self.get_user_info, users) elif local.data["action"] == "update": if local.user is None: return "Unauthorized" if "institute" in local.data and local.data["institute"] is not None: local.user.institute_id = int(local.data["institute"]) if "email" in local.data and local.data["email"] != "" and local.user.email != local.data["email"]: err = self.check_email(local.data["email"]) if err is not None: return err local.user.email = local.data["email"] if "old_password" in local.data and local.data["old_password"] != "": old_token = self.hashpw(local.data["old_password"]) if local.user.password != old_token: return "Wrong password" if len(local.data["password"]) < 5: return "Password's too short" new_token = self.hashpw(local.data["password"]) local.user.password = new_token local.resp["token"] = new_token local.session.commit() else: return "Bad request"
def load_participations(path): logger.info("Loading...") with open(path, 'r') as io: data = json.load(io) participations = data['participations'] with SessionGen() as session: for entry in participations: logger.info('Loading: %s' % (entry)) contest = Contest.get_from_id(entry['contest_id'], session) if contest is None: logger.error(" Contest ID %d not found" % (entry['contest_id'])) session.rollback() return False userdata = entry['user'] user = session.query(User).filter( User.username == userdata['username']).first() if user is None: user = User(username=userdata['username'], first_name=userdata['first_name'], last_name=userdata['last_name'], password=build_password( generate_random_password())) logger.info(' Creating new user: %s' % (user.username)) session.add(user) else: logger.info(' Using existing user: %s (id=%d)' % (user.username, user.id)) if 'plaintext_password' in userdata: logger.info(' * password') user.password = build_password(userdata['plaintext_password'], 'plaintext') if 'first_name' in userdata: logger.info(' * first_name: %s' % (userdata['first_name'])) user.first_name = userdata['first_name'] if 'last_name' in userdata: logger.info(' * last_name: %s' % (userdata['last_name'])) user.last_name = userdata['last_name'] participation = session.query(Participation).join( Participation.user).filter( Participation.contest == contest).filter( User.username == user.username).first() if participation is None: participation = Participation(user=user, contest=contest) logger.info( ' Creating new participation for contest_id=%d user=%s' % (contest.id, user.username)) session.add(participation) else: logger.info( ' Updating participation: id=%d contest_id=%d user=%s' % (participation.id, participation.contest_id, participation.user.username)) if 'plaintext_password' in entry: logger.info(' * plaintext_password') participation.password = build_password( entry['plaintext_password'], 'plaintext') if 'ip' in entry: logger.info(' * ip: %s' % (entry['ip'])) participation.ip = [ipaddress.ip_network(entry['ip'])] if 'delay_time' in entry: logger.info(' * delay_time: %d' % (entry['delay_time'])) participation.delay_time = datetime.timedelta( seconds=entry['delay_time']) if 'extra_time' in entry: logger.info(' * extra_time: %d' % (entry['extra_time'])) participation.extra_time = datetime.timedelta( seconds=entry['extra_time']) if 'hidden' in entry: logger.info(' * hidden: %s' % (entry['hidden'])) participation.hidden = entry['hidden'] if 'unrestricted' in entry: logger.info(' * unrestricted: %s' % (entry['unrestricted'])) participation.unrestricted = entry['unrestricted'] if 'team' in userdata: team = session.query(Team).filter( Team.code == userdata['team']['code']).first() if team is None: team = Team(code=userdata['team']['code'], name=userdata['team']['name']) logger.info(' Creating new team: %s' % (team.code)) session.add(team) else: logger.info(' Using existing team: %s' % (team.code)) if 'name' in userdata['team']: logger.info(' * name: %s' % (userdata['team']['name'])) team.name = userdata['team']['name'] participation.team = team session.commit() logger.info("Done.") return True