def verification_email(org_slug=None): if not current_user.is_email_verified: send_verify_email(current_user, current_org) return json_response({ "message": "Please check your email inbox in order to verify your email address." })
def post(self, user_id): require_admin_or_owner(user_id) user = models.User.get_by_id_and_org(user_id, self.current_org) req = request.get_json(True) params = project( req, ('email', 'name', 'password', 'old_password', 'group_ids')) if 'password' in params and 'old_password' not in params: abort(403, message="Must provide current password to update password.") if 'old_password' in params and not user.verify_password( params['old_password']): abort(403, message="Incorrect current password.") if 'password' in params: user.hash_password(params.pop('password')) params.pop('old_password') if 'group_ids' in params: if not self.current_user.has_permission('admin'): abort(403, message="Must be admin to change groups membership.") for group_id in params['group_ids']: try: models.Group.get_by_id_and_org(group_id, self.current_org) except NoResultFound: abort(400, message="Group id {} is invalid.".format(group_id)) if len(params['group_ids']) == 0: params.pop('group_ids') if 'email' in params: _, domain = params['email'].split('@', 1) if domain.lower() in blacklist or domain.lower() == 'qq.com': abort(400, message='Bad email address.') email_address_changed = 'email' in params and params[ 'email'] != user.email needs_to_verify_email = email_address_changed and settings.email_server_is_configured( ) if needs_to_verify_email: user.is_email_verified = False try: self.update_model(user, params) models.db.session.commit() if needs_to_verify_email: send_verify_email(user, self.current_org) # The user has updated their email or password. This should invalidate all _other_ sessions, # forcing them to log in again. Since we don't want to force _this_ session to have to go # through login again, we call `login_user` in order to update the session with the new identity details. if current_user.id == user.id: login_user(user, remember=True) except IntegrityError as e: if "email" in e.message: message = "Email already taken." else: message = "Error updating record" abort(400, message=message) self.record_event({ 'action': 'edit', 'object_id': user.id, 'object_type': 'user', 'updated_fields': params.keys() }) return user.to_dict(with_api_key=is_admin_or_owner(user_id))
def post(self, user_id): require_admin_or_owner(user_id) user = models.User.get_by_id_and_org(user_id, self.current_org) req = request.get_json(True) params = project( req, ("email", "name", "password", "old_password", "group_ids") ) if "password" in params and "old_password" not in params: abort(403, message="Must provide current password to update password.") if "old_password" in params and not user.verify_password( params["old_password"] ): abort(403, message="Incorrect current password.") if "password" in params: user.hash_password(params.pop("password")) params.pop("old_password") if "group_ids" in params: if not self.current_user.has_permission("admin"): abort(403, message="Must be admin to change groups membership.") for group_id in params["group_ids"]: try: models.Group.get_by_id_and_org(group_id, self.current_org) except NoResultFound: abort(400, message="Group id {} is invalid.".format(group_id)) if len(params["group_ids"]) == 0: params.pop("group_ids") if "email" in params: require_allowed_email(params["email"]) email_address_changed = "email" in params and params["email"] != user.email needs_to_verify_email = ( email_address_changed and settings.email_server_is_configured() ) if needs_to_verify_email: user.is_email_verified = False try: self.update_model(user, params) models.db.session.commit() if needs_to_verify_email: send_verify_email(user, self.current_org) # The user has updated their email or password. This should invalidate all _other_ sessions, # forcing them to log in again. Since we don't want to force _this_ session to have to go # through login again, we call `login_user` in order to update the session with the new identity details. if current_user.id == user.id: login_user(user, remember=True) except IntegrityError as e: if "email" in str(e): message = "Email already taken." else: message = "Error updating record" abort(400, message=message) self.record_event( { "action": "edit", "object_id": user.id, "object_type": "user", "updated_fields": list(params.keys()), } ) return user.to_dict(with_api_key=is_admin_or_owner(user_id))
def post(self, user_id): require_admin_or_owner(user_id) user = models.User.get_by_id_and_org(user_id, self.current_org) req = request.get_json(True) params = project(req, ('email', 'name', 'password', 'old_password', 'group_ids')) if 'password' in params and 'old_password' not in params: abort(403, message="Must provide current password to update password.") if 'old_password' in params and not user.verify_password(params['old_password']): abort(403, message="Incorrect current password.") if 'password' in params: user.hash_password(params.pop('password')) params.pop('old_password') if 'group_ids' in params: if not self.current_user.has_permission('admin'): abort(403, message="Must be admin to change groups membership.") for group_id in params['group_ids']: try: models.Group.get_by_id_and_org(group_id, self.current_org) except NoResultFound: abort(400, message="Group id {} is invalid.".format(group_id)) if len(params['group_ids']) == 0: params.pop('group_ids') if 'email' in params: _, domain = params['email'].split('@', 1) if domain.lower() in blacklist or domain.lower() == 'qq.com': abort(400, message='Bad email address.') email_address_changed = 'email' in params and params['email'] != user.email needs_to_verify_email = email_address_changed and settings.email_server_is_configured() if needs_to_verify_email: user.is_email_verified = False try: self.update_model(user, params) models.db.session.commit() if needs_to_verify_email: send_verify_email(user, self.current_org) # The user has updated their email or password. This should invalidate all _other_ sessions, # forcing them to log in again. Since we don't want to force _this_ session to have to go # through login again, we call `login_user` in order to update the session with the new identity details. if current_user.id == user.id: login_user(user, remember=True) except IntegrityError as e: if "email" in e.message: message = "Email already taken." else: message = "Error updating record" abort(400, message=message) self.record_event({ 'action': 'edit', 'object_id': user.id, 'object_type': 'user', 'updated_fields': params.keys() }) return user.to_dict(with_api_key=is_admin_or_owner(user_id))