async def post(self):
slug = self.get_secure_cookie('auth_key').decode()
model.Auth.delete().where(model.Auth.id == slug).execute()
helpers.uncache('auth_' + slug)
self.clear_all_cookies(domain=self.host)
self.redirect("/")
async def post(self):
app = self.get_argument('app', None)
form_data, errors, valid_data = self.validate()
if errors:
if app:
return self.renderJSONError(400, {'errors': errors})
return self.redisplay(form_data, errors)
auth = model.Auth.getBySlug(valid_data['auth_key'])
if not auth:
if app:
self.renderJSONError(404)
return self.renderError(404)
if auth.account_id != self.current_user.id:
if app:
return self.renderJSONError(403)
return self.renderError(403)
auth.delete_instance()
helpers.uncache(valid_data['auth_key'])
if app:
return self.renderJSON({'ok': '1'})
self.flash('Access revoked.', level='success')
self.redisplay()
async def post(self):
if self.get_argument('clear_cache', None):
helpers.clear_cache()
self.logger.info('Cleared cache.')
self.flash('Cache Cleared')
elif self.get_argument('make_admin', None):
form_data, errors, valid_data = self.validate()
if not errors:
user = model.User.getByEmail(valid_data["email"])
if user:
user.is_admin = True
user.save()
# the user may currently be signed in so invalidate its cache to get the new permissions
helpers.uncache(user.slug)
self.logger.info('Made user admin: ' + valid_data['email'])
self.flash('User successfully made admin.',
level='success')
else:
errors['exists'] = True
if errors:
return self.redisplay(form_data, errors)
elif self.get_argument('migrate', None):
self.logger.info('Beginning migration.')
# FUTURE: probably want to move this to a script outside the webserver
# change and uncomment to do migration work
# can also use a dictionary instead of kwargs here
# q = model.User.update(model.User.prop='value').where()
total = 0 # q.execute()
self.logger.info('Migration finished. Modified ' + str(total) +
' items.')
self.flash('Migrations Complete', level='success')
elif self.get_argument('reset', None) and self.debug:
# use model.py to reset the db, then you can run this to add fixture data
model.reset()
# add any fixtures needed for development here
password_salt, hashed_password = model.User.changePassword('test')
user = model.User(first_name='Test',
last_name='Testerson',
email='*****@*****.**',
password_salt=password_salt,
hashed_password=hashed_password)
user.save()
# auto signout since the IDs and keys have all changed
self.clear_all_cookies(domain=self.host)
helpers.clear_cache()
self.flash('Data Reset')
self.redisplay()
async def post(self):
app = self.get_argument('app', None)
form_data, errors, valid_data = self.validate()
hashed_password = model.Account.hashPassword(
valid_data["password"],
self.current_user.password_salt.encode('utf8'))
if hashed_password != self.current_user.hashed_password:
errors["match"] = True
# extra validation to make sure that email address isn't already in use
if not errors:
# note that emails are supposed to be case sensitive according to RFC 5321
# however in practice users consistenly expect them to be case insensitive
email = valid_data["email"].lower()
user = model.Account.getByEmail(email)
if user:
errors["exists"] = True
if errors:
if "password" in form_data:
del form_data[
"password"] # never send password back for security
if app:
return self.renderJSONError(400, {'errors': errors})
return self.redisplay(form_data, errors)
self.current_user.email = email
self.current_user.save()
helpers.uncache(self.current_user.slug)
if app:
return self.renderJSON({'ok': '1'})
self.flash("Email changed successfully.", level="success")
self.redirect("/account")
async def post(self):
app = self.get_argument('app', None)
form_data, errors, valid_data = self.validate()
if not errors:
hashed_password = model.Account.hashPassword(
valid_data["password"],
self.current_user.password_salt.encode('utf8'))
if hashed_password != self.current_user.hashed_password:
errors["match"] = True
if errors:
if "password" in form_data:
del form_data["password"]
if "new_password" in form_data:
del form_data["new_password"]
if app:
return self.renderJSONError(400, {'errors': errors})
return self.redisplay(form_data, errors)
password_salt, hashed_password = model.Account.changePassword(
valid_data["new_password"])
self.current_user.password_salt = password_salt
self.current_user.hashed_password = hashed_password
self.current_user.save()
helpers.uncache(self.current_user.slug)
if app:
return self.renderJSON({'ok': '1'})
self.flash("Password changed successfully.", level="success")
self.redirect("/account")
async def post(self):
form_data, errors, valid_data = self.validate()
if errors:
self.redisplay(
form_data, errors, "/account/resetpassword?key=" + self.key +
"&token=" + self.token)
else:
password_salt, hashed_password = model.Account.changePassword(
valid_data["password"])
del valid_data["password"]
self.reset_user.password_salt = password_salt
self.reset_user.hashed_password = hashed_password
self.reset_user.hashed_token = None
self.reset_user.token_dt = None
self.reset_user.save()
# need to uncache so that changes to the user object get picked up by the cache
helpers.uncache(self.reset_user.slug)
self.flash(
"Your password has been changed. You have been logged in with your new password.",
level="success")
self.login(self.reset_user)