def get_user_with_credentials(identifier, password): errors = ApiErrors() errors.status_code = 401 if identifier is None: errors.add_error('identifier', 'Identifier is missing.') if password is None: errors.add_error('password', 'Password is missing.') errors.maybe_raise() user = User.query.filter_by(email=identifier).first() if not user: errors.add_error('identifier', 'Wrong identifier') raise errors if not user.isValidated: errors.add_error('identifier', "This account is not validated") raise errors if not user.check_password(password): errors.add_error('password', 'Wrong password') raise errors return user
def check_password_strength(field_name, field_value): at_least_one_uppercase = '(?=.*?[A-Z])' at_least_one_lowercase = '(?=.*?[a-z])' at_least_one_digit = '(?=.*?[0-9])' min_length = '.{12,}' at_least_one_special_char = '(?=.*?[#~|=;:,+><?!@$%^&*_.-])' regex = '^' \ + at_least_one_uppercase \ + at_least_one_lowercase \ + at_least_one_digit \ + at_least_one_special_char \ + min_length \ + '$' if not re.match(regex, field_value): errors = ApiErrors() errors.add_error( field_name, 'Le mot de passe doit faire au moins 12 caractères et contenir à minima ' '1 majuscule, 1 minuscule, 1 chiffre et 1 caractère spécial parmi _-&?~#|^@=+.$,<>%*!:;' ) raise errors
def check_and_read_files_thumb(files=None): if 'thumb' in files: thumb = files['thumb'] if files['thumb'].filename == '': api_errors = ApiErrors() api_errors.add_error('thumb', "You need a name for your thumb file") raise api_errors filename_parts = thumb.filename.rsplit('.', 1) if len(filename_parts) < 2 \ or filename_parts[1].lower() not in ALLOWED_EXTENSIONS: api_errors = ApiErrors() api_errors.add_error( 'thumb', "This thumb needs a (.png, .jpg...) like or its format is not authorized" ) raise api_errors return thumb.read() api_errors = ApiErrors() api_errors.add_error('thumb', "You need to provide a thumb in your request") raise api_errors
def check_reset_token_validity(user): if datetime.utcnow() > user.resetPasswordTokenValidityLimit: errors = ApiErrors() errors.add_error('token', 'Votre lien de changement de mot de passe est périmé. Veuillez effecture une nouvelle demande.') raise errors
def send_401(): api_errors = ApiErrors() api_errors.add_error('global', 'Authentification nécessaire') return jsonify([api_errors.errors]), 401
def restize_not_found_route_errors(exception): api_errors = ApiErrors() api_errors.add_error('data', 'Not Found') return jsonify([api_errors.errors]), 404
def invalid_id_for_dehumanize_error(exception): api_errors = ApiErrors() api_errors.add_error('global', 'La page que vous recherchez n\'existe pas') app.logger.error('404 %s' % str(exception)) return jsonify([api_errors.errors]), 404
def decimal_cast_error(exception): api_errors = ApiErrors() app.logger.warning(json.dumps(exception.errors)) for field in exception.errors.keys(): api_errors.add_error(field, 'Saisissez un nombre valide') return jsonify([api_errors.errors]), 400
def date_time_cast_error(exception): api_errors = ApiErrors() app.logger.warning(json.dumps(exception.errors)) for field in exception.errors.keys(): api_errors.add_error(field, 'Format de date invalide') return jsonify([api_errors.errors]), 400
def check_content_is_not_yet_saved(content): if content.id: api_errors = ApiErrors() api_errors.add_error('global', "You posted an content with an id") raise api_errors
def check_article_is_not_yet_saved(content): if content.get('id'): api_errors = ApiErrors() api_errors.add_error('global', "You posted an article with an id") raise api_errors