def _reset_user_password(self, email):
'''
Reset the password of the user with the given email address to a
random password that they will be sure to change immediately.
Returns a tuple (success, password), where success is a boolean
indicating whether or not the operation completed and password is
the new password of the user if success is True.
'''
user = User.get_by_auth_id(email)
# First we have 5 letters (upper/lowercase) or digits
random_password = ''.join(random.choice(string.ascii_letters + string.digits) for x in range(5))
# Then 2 punctuation chars
random_password += ''.join(random.choice(string.punctuation) for x in range(2))
# Then 5 more letters or digits
random_password += ''.join(random.choice(string.ascii_letters + string.digits) for x in range(5))
user.set_password(random_password)
user.put()
return (True, random_password)
def _delete_user(self, email):
""" Delete existing user """
user = User.get_by_auth_id(email)
if user:
if user.is_admin_user():
return False
# Delete from db
user.key.delete()
pending_users_list = PendingUsersList.shared_list()
if(pending_users_list.is_user_approved(email)):
pending_users_list.remove_user_from_approved_list(email)
# Need to delete the auth_id from the 'unique' model store
# see https://code.google.com/p/webapp-improved/source/browse/webapp2_extras/appengine/auth/models.py
unique_auth_id = "User.auth_id:{0}".format(email)
User.unique_model.delete_multi([unique_auth_id])
return True
def user_exists(self, user_email):
return bool(User.get_by_auth_id(user_email))
def post(self):
'''
This is where user registration takes place, both for regular users as well as admins.
An admin registers by presenting a secret token in the query string, which will be sent with the
POST data.
A user can register only if they have been approved by the admin, i.e. they are in the approved_users
list (see admin.py).
'''
try:
secret_key = self.request.POST['secret_key']
except KeyError:
secret_key = None
if secret_key is None:
# Normal user registration
logging.info('Registering a normal user...')
user_email = self.request.POST['email']
# Just an email address here, we should first make sure they have not been approved
pending_users_list = PendingUsersList.shared_list()
# If the user does not exist, we create it.
if not bool(User.get_by_auth_id(user_email)):
_attrs = {
'email_address': user_email,
'name': self.request.POST['name'],
'password_raw': self.request.POST['password'],
'verified': False
}
success, user = self.auth.store.user_model.create_user(user_email, **_attrs)
if success:
# check if user is preapproved
if pending_users_list.is_user_approved(user_email):
success = True
approved = True
# Has the user been preapproved? If so, we just verify it.
user.verified = True
user.put()
else:
success = pending_users_list.add_user_to_approval_waitlist(user_email)
approved = False
if success:
if approved or (not pending_users_list.email_verification_required and not pending_users_list.admin_approval_required):
context = {
'success_alert': True,
'alert_message': 'Account creation successful! Your account is approved and you can log in immediately.'
}
elif pending_users_list.email_verification_required:
# Create a signup token for the user and send a verification email
token = str(uuid.uuid4())
user.signup_token = token
user.signup_token_time_created=None
user.put()
EmailConfig.send_verification_email(user_email, token)
context = {
'success_alert': True,
'alert_message': 'Account creation successful! You will recieve a verification email, please follow the instructions to activate your account.'
}
elif pending_users_list.admin_approval_required:
context = {
'success_alert': True,
'alert_message': 'Account creation successful! Once an admin has approved your account, you can login.'
}
return self.render_response('login.html', **context)
logging.info("Account registration failed for: {0}".format(user))
context = {
'email_address': self.request.POST['email'],
'name': self.request.POST['name'],
'user_registration_failed': True
}
return self.render_response('user_registration.html', **context)
else:
context = {
'error_alert': True,
'alert_message': 'You have already requested an account.'
}
return self.render_response('login.html', **context)
else:
# Attempt to create an admin user
logging.info('Registering an admin user...')
# Check the secret key again
secret_key_attempt = SecretKey(key_string=secret_key)
if secret_key_attempt.isEqualToAdminKey():
# Then we can attempt to create an admin
if User.admin_exists():
logging.info("Admin already exists...")
# Redirect to login, only one admin allowed
return self.redirect('/login?secret_key={0}'.format(secret_key))
else:
# CREATE THE ADMIN ALREADY
_attrs = {
'email_address': self.request.POST['email'],
'name': self.request.POST['name'],
'password_raw': self.request.POST['password'],
'is_admin': 'YES',
'verified': True
}
success, user = self.auth.store.user_model.create_user(_attrs['email_address'], **_attrs)
if success:
# Invalidate the token
SecretKey.clear_stored_key()
if 'user_mode' in self.request.POST:
if self.request.POST['user_mode'] == 'single':
logging.info("UserRegistrationPage: user_mode set to single")
SingleMultiUserMode.set_single_user_mode()
elif self.request.POST['user_mode'] == 'multi':
logging.info("UserRegistrationPage: user_mode set to multi")
SingleMultiUserMode.set_multi_user_mode()
else:
logging.info("UserRegistrationPage: unknown user_mode {0}".format(self.request.POST['user_mode']))
else:
logging.info("UserRegistrationPage: user_mode not set")
return self.redirect('/login?secret_key={0}'.format(secret_key))
else:
context = {
'email_address': self.request.POST['email'],
'name': self.request.POST['name'],
'user_registration_failed': True
}
return self.render_response('user_registration.html', **context)
else:
# Unauthorized secret key
context = {
'error_alert': True,
'alert_message': 'Invalid secret token.'
}
return self.render_response('login.html', **context)
def post(self):
'''
This is where user registration takes place, both for regular users as well as admins.
An admin registers by presenting a secret token in the query string, which will be sent with the
POST data.
A user can register only if they have been approved by the admin, i.e. they are in the approved_users
list (see admin.py).
'''
try:
secret_key = self.request.POST['secret_key']
except KeyError:
secret_key = None
if secret_key is None:
# Normal user registration
logging.info('Registering a normal user...')
user_email = self.request.POST['email']
# Just an email address here, we should first make sure they have not been approved
pending_users_list = PendingUsersList.shared_list()
# If the user does not exist, we create it.
if not bool(User.get_by_auth_id(user_email)):
_attrs = {
'email_address': user_email,
'name': self.request.POST['name'],
'password_raw': self.request.POST['password'],
'verified': False
}
success, user = self.auth.store.user_model.create_user(
user_email, **_attrs)
if success:
# check if user is preapproved
if pending_users_list.is_user_approved(user_email):
success = True
approved = True
# Has the user been preapproved? If so, we just verify it.
user.verified = True
user.put()
else:
success = pending_users_list.add_user_to_approval_waitlist(
user_email)
approved = False
if success:
if approved or (
not pending_users_list.email_verification_required
and
not pending_users_list.admin_approval_required):
context = {
'success_alert':
True,
'alert_message':
'Account creation successful! Your account is approved and you can log in immediately.'
}
elif pending_users_list.email_verification_required:
# Create a signup token for the user and send a verification email
token = str(uuid.uuid4())
user.signup_token = token
user.signup_token_time_created = None
user.put()
EmailConfig.send_verification_email(user_email, token)
context = {
'success_alert':
True,
'alert_message':
'Account creation successful! You will recieve a verification email, please follow the instructions to activate your account.'
}
elif pending_users_list.admin_approval_required:
context = {
'success_alert':
True,
'alert_message':
'Account creation successful! Once an admin has approved your account, you can login.'
}
return self.render_response('login.html', **context)
logging.info(
"Account registration failed for: {0}".format(user))
context = {
'email_address': self.request.POST['email'],
'name': self.request.POST['name'],
'user_registration_failed': True
}
return self.render_response('user_registration.html',
**context)
else:
context = {
'error_alert': True,
'alert_message': 'You have already requested an account.'
}
return self.render_response('login.html', **context)
else:
# Attempt to create an admin user
logging.info('Registering an admin user...')
# Check the secret key again
secret_key_attempt = SecretKey(key_string=secret_key)
if secret_key_attempt.isEqualToAdminKey():
# Then we can attempt to create an admin
if User.admin_exists():
logging.info("Admin already exists...")
# Redirect to login, only one admin allowed
return self.redirect(
'/login?secret_key={0}'.format(secret_key))
else:
# CREATE THE ADMIN ALREADY
_attrs = {
'email_address': self.request.POST['email'],
'name': self.request.POST['name'],
'password_raw': self.request.POST['password'],
'is_admin': 'YES',
'verified': True
}
success, user = self.auth.store.user_model.create_user(
_attrs['email_address'], **_attrs)
if success:
# Invalidate the token
SecretKey.clear_stored_key()
if 'user_mode' in self.request.POST:
if self.request.POST['user_mode'] == 'single':
logging.info(
"UserRegistrationPage: user_mode set to single"
)
SingleMultiUserMode.set_single_user_mode()
elif self.request.POST['user_mode'] == 'multi':
logging.info(
"UserRegistrationPage: user_mode set to multi"
)
SingleMultiUserMode.set_multi_user_mode()
else:
logging.info(
"UserRegistrationPage: unknown user_mode {0}"
.format(self.request.POST['user_mode']))
else:
logging.info(
"UserRegistrationPage: user_mode not set")
return self.redirect(
'/login?secret_key={0}'.format(secret_key))
else:
context = {
'email_address': self.request.POST['email'],
'name': self.request.POST['name'],
'user_registration_failed': True
}
return self.render_response('user_registration.html',
**context)
else:
# Unauthorized secret key
context = {
'error_alert': True,
'alert_message': 'Invalid secret token.'
}
return self.render_response('login.html', **context)
