def post(self):
email = self.request.get('email', '')
password = self.request.get('password', '')
other_username = self.request.get('other-user')
logging.info('%s, %s' % (email, other_username))
user = User.user_from_email(email)
if not user:
logging.info('not a valid email address')
self.render('error.html', **{'error_msg': 'You cannot do this'})
return
if not self.validate_user(user, password):
logging.info('username password fail')
self.render('error.html', **{'error_msg': 'You cannot do this'})
return
if not user.admin:
logging.info('Need to be admin to login as other user')
self.render('error.html', **{'error_msg': 'You cannot do this'})
return
other_user = User.user_from_name(other_username)
logging.info('Other user: %s' % other_user)
if not other_user:
logging.info('cannot find other user')
self.render('error.html', **{'error_msg': "Can't find other user"})
return
self.set_cookie(other_user)
self.redirect('/user/%d' % other_user.key.id())
def post(self):
'''When the user clicks the submit button.'''
email = self.request.get('email', '')
password = self.request.get('password', '')
# collect the errors
errors = []
# data for the page if it has to be re-rendered because of invalid login
data = {
'errors': errors,
'email': email,
'page_title': 'Login'
}
# catch errors in the form
if not email:
errors.append('You forgot to enter an email address.')
if not password:
errors.append('You forgot to enter a password.')
if errors:
self.render('login.html', **data)
return
logging.warning('This is the email address: %s' % repr(email))
user = User.user_from_email(email)
# invalid email address or password
if not user or not self.validate_user(user, password):
errors.append('Invalid email address or password.')
self.render('login.html', **data)
log_msg = 'Login: invalid email address or password. %s'
logging.warning(log_msg, user)
return
# unverified user
if not user.verified:
errors.append(
'Your account has not yet been verified. '
'You should have received an email with a verification link. '
'Please check your mail (and your spam folder). If you have '
'not received the email, please contact admin.'
)
data['contact'] = True
self.render('login.html', **data)
logging.warning('Login: unverified user attempted login. %s', user)
return
# reward time
user.login_count += 1
user.put()
# user exists - set cookie and redirect
self.set_cookie(user)
self.redirect('/user/%d' % user.key.id())
def post(self):
email = self.request.get('email')
logging.info('Reset password for email: %s', email)
errors = []
messages = []
data = {
'page_title': 'Reset Password',
'errors': errors,
'messages': messages
}
if not email:
errors.append(
'You forgot to enter an email address.'
)
else:
user = User.user_from_email(email)
if not user:
errors.append(
'There is no account for this email address. Please check '
'that you typed in the correct email address.'
)
data['email'] = email
else:
expire = datetime.datetime.now()
expire += datetime.timedelta(hours=1)
code = generate_random_string(length=30)
user.pass_reset_code = code
user.pass_reset_expire = expire
user.put()
subject = 'HMPC: request to change password'
logging.info('generated verify code: %s' % code)
body = (
'This is an automated email form HMPC.\n\n'
'Please click the following link (or paste it into the '
'browser address bar) to change your password. This code '
'is valid for only one hour.\n\n'
'When you reset your password, you will be redirected to '
'the login page to login.\n\n'
'http://prelude-hmpc.appspot.com/password/%s\n'
)
mail.send_mail(
'*****@*****.**',
email,
subject,
body % code
)
msg = (
'An email has been sent to the following email address: %s.'
' Follow the instructions in the email to change your '
'password.'
)
messages.append(msg % email)
self.render('reset.html', **data)
def input_errors(self, username, password, validate, email):
'''Return a list of errors with user registration data.'''
# collect error text strings
errors = []
# username errors
if not username:
errors.append('You forgot to enter a username.')
logging.warning('Register: forgot username.')
elif not self.valid_name(username):
errors.append(
'A Valid user name can contain only the characters '
'a-z, A-Z, 0-9, _ (underscore) and - (dash) and must be at '
'least 3 characters long.'
)
logging.warning('Register: invalid username: %s.', username)
user = User.user_from_name(username)
if user:
# user name already exists
errors.append(
'That user name already exists, please choose another one.'
)
logging.warning('Register: username already in use. %s', user)
# email errors
if not email:
errors.append('You forgot to enter an email address.')
logging.warning('Register: forgot email.')
elif not self.valid_email(email):
errors.append(
'Check your email address - it may not '
'be correct.')
logging.warning('Register: invalid email: %s', email)
else:
# maybe the email address is being used by another user - can't
# have more than one user with the same email address because the
# email address is used as login id
user = User.user_from_email(email)
if user:
# email address is attached to other user
errors.append(
'This email address is used by another user.'
)
msg = 'Register: email address already in use: %s'
logging.warning(msg, email)
# password errors
if not password or not validate:
errors.append('You forgot to enter your password twice.')
logging.warning('Register: forgot to enter password twice.')
elif password != validate:
msg = "Your password confirmation doesn't match your password."
errors.append(msg)
logging.warning('Register: validate != password.')
if not self.valid_pass(password):
errors.append(
'Not a valid password - it must contain at least '
'3 characters.')
logging.warning('Register: invalid password.')
return errors
