async def __call__(self):
user_id: str = self.request.matchdict["user"]
actual_user = get_authenticated_user()
if actual_user.id == user_id:
# Self setting password
# Payload : {
# 'old_password': '******',
# 'new_password': '******',
# }
data = await self.request.json()
try:
await actual_user.set_password(
data.get("new_password", None), old_password=data.get("old_password", None)
)
except AttributeError:
raise HTTPNotAcceptable()
else:
# We validate with recaptcha
validator = RecaptchaValidator()
status = await validator.validate()
if status is False:
raise HTTPUnauthorized(content={"text": "Invalid validation"})
# We need to validate is a valid user
user = await find_user({"id": user_id})
if user is None:
raise HTTPUnauthorized(content={"text": "Invalid operation"})
# We need to validate is a valid user
try:
email = user.properties.get("email", user.email)
except AttributeError:
email = None
if email is None and "@" in user_id:
email = user_id
if email is None:
raise HTTPPreconditionFailed(content={"reason": "User without mail configured"})
# We need to generate a token and send to user email
validation_utility = get_utility(IAuthValidationUtility)
if validation_utility is not None:
redirect_url = self.request.query.get("redirect_url", None)
await validation_utility.start(
as_user=user_id,
from_user=actual_user.id,
email=email,
task_description="Reset password",
task_id="reset_password",
context_description=self.context.title,
redirect_url=redirect_url,
)
else:
raise HTTPNotAcceptable()
async def __call__(self):
allowed = app_settings.get("allow_register", False)
if allowed is False:
raise HTTPUnauthorized(content={"text": "Not allowed registration"})
validator = RecaptchaValidator()
status = await validator.validate()
if status is False:
raise HTTPUnauthorized(content={"text": "Invalid validation"})
payload = await self.request.json()
user_id = payload.get("id", None)
user = await find_user({"id": user_id})
if user is not None:
raise HTTPUnauthorized(content={"text": "Invalid login"})
validation_utility = get_utility(IAuthValidationUtility)
if validation_utility is not None:
redirect_url = self.request.query.get("redirect_url", None)
username = payload.get("fullname", payload.get("id", ""))
task_description = f"Registering user {username}"
actual_user = get_authenticated_user()
await validation_utility.start(
as_user=payload.get("id"),
from_user=actual_user.id,
task_description=task_description,
task_id="register_user",
email=payload.get("email"),
context_description=self.context.title,
redirect_url=redirect_url,
data=payload,
)
else:
raise HTTPNotAcceptable()
async def __call__(self):
validation_utility = get_utility(IAuthValidationUtility)
if validation_utility is not None:
payload = await validation_utility.schema(token=self.request.matchdict["token"])
return payload
else:
raise HTTPNotAcceptable()
async def __call__(self):
user = get_authenticated_user()
session_manager = query_utility(ISessionManagerUtility)
if session_manager is not None:
try:
await session_manager.drop_session(user.id, user._v_session)
except AttributeError:
raise HTTPPreconditionFailed("Session manager configured but no session on jwt")
else:
raise HTTPNotAcceptable()
async def __call__(self):
user = get_authenticated_user()
user_id: str = self.request.matchdict["user"]
if user.id != user_id:
raise HTTPUnauthorized()
session_manager = query_utility(ISessionManagerUtility)
if session_manager is not None:
return await session_manager.list_sessions(user.id)
else:
raise HTTPNotAcceptable()
async def __call__(self):
validation_utility = get_utility(IAuthValidationUtility)
if validation_utility is not None:
try:
request_payload = await self.request.json()
except JSONDecodeError:
request_payload = None
payload = await validation_utility.finish(
token=self.request.matchdict["token"], payload=request_payload
)
return payload
else:
raise HTTPNotAcceptable()
async def __call__(self):
user = get_authenticated_user()
user_id: str = self.request.matchdict["user"]
session_id: str = self.request.matchdict["session"]
if user.id != user_id:
raise HTTPUnauthorized()
session_manager = query_utility(ISessionManagerUtility)
if session_manager is not None:
value = await session_manager.get_session(user.id, session_id)
return json.loads(value)
else:
raise HTTPNotAcceptable()