1 # Copyright 2011 GRNET S.A. All rights reserved.
3 # Redistribution and use in source and binary forms, with or
4 # without modification, are permitted provided that the following
7 # 1. Redistributions of source code must retain the above
8 # copyright notice, this list of conditions and the following
11 # 2. Redistributions in binary form must reproduce the above
12 # copyright notice, this list of conditions and the following
13 # disclaimer in the documentation and/or other materials
14 # provided with the distribution.
16 # THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
17 # OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19 # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
20 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
23 # USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24 # AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
26 # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 # POSSIBILITY OF SUCH DAMAGE.
29 # The views and conclusions contained in the software and
30 # documentation are those of the authors and should not be
31 # interpreted as representing official policies, either expressed
32 # or implied, of GRNET S.A.
34 from django.http import HttpResponse, HttpResponseRedirect, HttpResponseBadRequest
35 from django.conf import settings
36 from django.template.loader import render_to_string
38 from astakos.im.target.util import prepare_response
39 from astakos.im.models import User
41 from urllib import unquote
43 from hashlib import new as newhasher
46 username = request.POST.get('username')
47 password = request.POST.get('password')
50 return HttpResponseBadRequest('No user')
53 return HttpResponseBadRequest('No password')
56 user = User.objects.get(uniq=username)
57 except User.DoesNotExist:
58 return HttpResponseBadRequest('No such user')
60 hasher = newhasher('sha256')
61 hasher.update(password)
62 password = hasher.hexdigest()
64 if not password or user.password != password:
65 return HttpResponseBadRequest('Wrong password')
67 if user.state == 'UNVERIFIED':
68 return HttpResponseBadRequest('Unverified account')
70 next = request.POST.get('next')
71 return prepare_response(request, user, next)
73 def activate(request):
74 token = request.GET.get('auth')
75 next = request.GET.get('next')
77 user = User.objects.get(auth_token=token)
78 except User.DoesNotExist:
79 return HttpResponseBadRequest('No such user')
83 return prepare_response(request, user, next, renew=True)
85 def reset_password(request):
86 if request.method == 'GET':
87 cookie_value = unquote(request.COOKIES.get('_pithos2_a', ''))
88 if cookie_value and '|' in cookie_value:
89 token = cookie_value.split('|', 1)[1]
91 token = request.GET.get('auth')
92 next = request.GET.get('next')
93 username = request.GET.get('username')
94 kwargs = {'auth': token,
96 'username' : username}
98 kwargs.update({'status': 'error',
99 'message': 'Missing token'})
100 html = render_to_string('reset.html', kwargs)
101 return HttpResponse(html)
102 elif request.method == 'POST':
103 token = request.POST.get('auth')
104 username = request.POST.get('username')
105 password = request.POST.get('password')
106 next = request.POST.get('next')
109 message = 'Bad Request: missing token'
111 user = User.objects.get(auth_token=token)
112 if username != user.uniq:
114 message = 'Bad Request: username mismatch'
116 user.password = password
117 user.status = 'NORMAL'
119 return prepare_response(request, user, next, renew=True)
120 except User.DoesNotExist:
122 message = 'Bad Request: invalid token'
124 html = render_to_string('reset.html', {
127 return HttpResponse(html)