def email_exists(node, value): '''Colander validator that ensures a user with this email exists.''' user = User.get_by_email(value) if not user: msg = _('We have no user with the email address "{}". Try correcting ' 'this address or try another.') raise colander.Invalid(node, msg)
def unique_email(node, value): '''Colander validator that ensures no user with this email exists.''' user = User.get_by_email(value) if user: msg = _("Sorry, an account with this email address already exists. " "Try logging in instead.") raise colander.Invalid(node, msg)
def validator(self, node, value): super(LoginSchema, self).validator(node, value) username = value.get('username') password = value.get('password') user = User.get_by_username(username) if user is None: user = User.get_by_email(username) if user is None: err = colander.Invalid(node) err['username'] = _('User does not exist.') raise err if not User.validate_user(user, password): err = colander.Invalid(node) err['password'] = _('Incorrect password. Please try again.') raise err if not user.is_activated: reason = _('Your account is not active. Please check your e-mail.') raise colander.Invalid(node, reason) value['user'] = user
def email_exists(node, value): '''Colander validator that ensures a user with this email exists.''' user = User.get_by_email(value) if not user: msg = _('We have no user with the email address "{}". Try correcting ' 'this address or try another.').format(value) raise colander.Invalid(node, msg)
def edit_profile(self): """Handle POST payload from profile update form.""" if self.request.method != 'POST': return httpexceptions.HTTPMethodNotAllowed() # Nothing to do here for non logged-in users if self.request.authenticated_userid is None: return httpexceptions.HTTPUnauthorized() err, appstruct = validate_form(self.form, self.request.POST.items()) if err is not None: return err user = User.get_by_userid(self.request.domain, self.request.authenticated_userid) response = {'model': {'email': user.email}} # We allow updating subscriptions without validating a password subscriptions = appstruct.get('subscriptions') if subscriptions: data = json.loads(subscriptions) err = _update_subscription_data(self.request, data) if err is not None: return err return response # Any updates to fields below this point require password validation. # # `pwd` is the current password # `password` (used below) is optional, and is the new password # if not User.validate_user(user, appstruct.get('pwd')): return {'errors': {'pwd': _('Invalid password')}, 'code': 401} email = appstruct.get('email') if email: email_user = User.get_by_email(email) if email_user: if email_user.id != user.id: return { 'errors': { 'pwd': _('That email is already used') }, } response['model']['email'] = user.email = email password = appstruct.get('password') if password: user.password = password return response
def edit_profile(self): """Handle POST payload from profile update form.""" if self.request.method != 'POST': return httpexceptions.HTTPMethodNotAllowed() # Nothing to do here for non logged-in users if self.request.authenticated_userid is None: return httpexceptions.HTTPUnauthorized() err, appstruct = validate_form(self.form, self.request.POST.items()) if err is not None: return err user = User.get_by_userid( self.request.domain, self.request.authenticated_userid) response = {'model': {'email': user.email}} # We allow updating subscriptions without validating a password subscriptions = appstruct.get('subscriptions') if subscriptions: data = json.loads(subscriptions) err = _update_subscription_data(self.request, data) if err is not None: return err return response # Any updates to fields below this point require password validation. # # `pwd` is the current password # `password` (used below) is optional, and is the new password # if not User.validate_user(user, appstruct.get('pwd')): return {'errors': {'pwd': _('Invalid password')}, 'code': 401} email = appstruct.get('email') if email: email_user = User.get_by_email(email) if email_user: if email_user.id != user.id: return { 'errors': {'pwd': _('That email is already used')}, } response['model']['email'] = user.email = email password = appstruct.get('password') if password: user.password = password return response
def forgot_password(self): """ Handle submission of the forgot password form. Validates that the email is one we know about, and then generates a new activation for the associated user, and dispatches a "reset your password" email which contains a token and/or link to the reset password form. """ schema = schemas.ForgotPasswordSchema().bind(request=self.request) form = deform.Form(schema) # Nothing to do here for logged-in users if self.request.authenticated_userid is not None: return httpexceptions.HTTPFound( location=self.forgot_password_redirect) err, appstruct = validate_form(form, self.request.POST.items()) if err is not None: return err # If the validation passes, we assume the user exists. # # TODO: fix this latent race condition by returning a user object in # the appstruct. user = User.get_by_email(appstruct['email']) # Create a new activation for this user. Any previous activation will # get overwritten. activation = Activation() self.request.db.add(activation) user.activation = activation # Write the new activation to the database in order to set up the # foreign key field and generate the code. self.request.db.flush() # Send the reset password email code = user.activation.code link = reset_password_link(self.request, code) message = reset_password_email(user, code, link) mailer = get_mailer(self.request) mailer.send(message) self.request.session.flash(_("Please check your email to finish " "resetting your password."), "success") return httpexceptions.HTTPFound(location=self.reset_password_redirect)
def forgot_password(self): """ Handle submission of the forgot password form. Validates that the email is one we know about, and then generates a new activation for the associated user, and dispatches a "reset your password" email which contains a token and/or link to the reset password form. """ schema = schemas.ForgotPasswordSchema().bind(request=self.request) form = deform.Form(schema) # Nothing to do here for logged-in users if self.request.authenticated_userid is not None: return httpexceptions.HTTPFound( location=self.forgot_password_redirect) err, appstruct = validate_form(form, self.request.POST.items()) if err is not None: return err # If the validation passes, we assume the user exists. # # TODO: fix this latent race condition by returning a user object in # the appstruct. user = User.get_by_email(appstruct['email']) # Create a new activation for this user. Any previous activation will # get overwritten. activation = Activation() self.request.db.add(activation) user.activation = activation # Write the new activation to the database in order to set up the # foreign key field and generate the code. self.request.db.flush() # Send the reset password email code = user.activation.code link = reset_password_link(self.request, code) message = reset_password_email(user, code, link) mailer = get_mailer(self.request) mailer.send(message) self.request.session.flash( _("Please check your email to finish " "resetting your password."), "success") return httpexceptions.HTTPFound(location=self.reset_password_redirect)
def edit_profile(self): """Handle POST payload from profile update form.""" if self.request.method != "POST": return httpexceptions.HTTPMethodNotAllowed() # Nothing to do here for non logged-in users if self.request.authenticated_userid is None: return httpexceptions.HTTPUnauthorized() err, appstruct = validate_form(self.form, self.request.POST.items()) if err is not None: return err user = User.get_by_id(self.request, self.request.authenticated_userid) response = {"model": {"email": user.email}} # We allow updating subscriptions without validating a password subscriptions = appstruct.get("subscriptions") if subscriptions: data = json.loads(subscriptions) err = _update_subscription_data(self.request, data) if err is not None: return err return response # Any updates to fields below this point require password validation. # # `pwd` is the current password # `password` (used below) is optional, and is the new password # if not User.validate_user(user, appstruct.get("pwd")): return {"errors": {"pwd": _("Invalid password")}, "code": 401} email = appstruct.get("email") if email: email_user = User.get_by_email(email) if email_user: if email_user.id != user.id: return {"errors": {"pwd": _("That email is already used")}} response["model"]["email"] = user.email = email password = appstruct.get("password") if password: user.password = password return response