diff options
| author | Tulio Casagrande <tcasagra@thoughtworks.com> | 2017-04-05 17:58:32 -0300 |
|---|---|---|
| committer | Tulio Casagrande <tcasagra@thoughtworks.com> | 2017-04-05 18:00:52 -0300 |
| commit | af941920c84b1b1ee5f630993eba0d2d3699aa61 (patch) | |
| tree | 2a829d4ba4c570966e4de660ff51f9b1e2cbb5dd /service/pixelated | |
| parent | a96ed27ff6fa99132c16860fc908156aa2b44134 (diff) | |
[#934] Add back-end password validation
Diffstat (limited to 'service/pixelated')
| -rw-r--r-- | service/pixelated/resources/account_recovery_resource.py | 31 |
1 files changed, 27 insertions, 4 deletions
diff --git a/service/pixelated/resources/account_recovery_resource.py b/service/pixelated/resources/account_recovery_resource.py index 6781f209..6e80f360 100644 --- a/service/pixelated/resources/account_recovery_resource.py +++ b/service/pixelated/resources/account_recovery_resource.py @@ -15,14 +15,23 @@ # along with Pixelated. If not, see <http://www.gnu.org/licenses/>. import os +import json -from pixelated.resources import BaseResource from twisted.python.filepath import FilePath -from pixelated.resources import get_public_static_folder from twisted.web.http import OK, INTERNAL_SERVER_ERROR from twisted.web.template import Element, XMLFile, renderElement from twisted.web.server import NOT_DONE_YET from twisted.internet import defer +from twisted.logger import Logger + +from pixelated.resources import BaseResource +from pixelated.resources import get_public_static_folder + +log = Logger() + + +class InvalidPasswordError(Exception): + pass class AccountRecoveryPage(Element): @@ -52,10 +61,24 @@ class AccountRecoveryResource(BaseResource): request.setResponseCode(OK) request.finish() - def error_response(response): + def error_response(failure): + log.warn(failure) request.setResponseCode(INTERNAL_SERVER_ERROR) request.finish() - d = defer.succeed('Done!') + d = self._validate_password(request) d.addCallbacks(success_response, error_response) return NOT_DONE_YET + + def _get_post_form(self, request): + return json.loads(request.content.getvalue()) + + def _validate_password(self, request): + form = self._get_post_form(request) + password = form.get('password') + confirmPassword = form.get('confirmPassword') + + if password == confirmPassword and len(password) >= 8 and len(password) <= 9999: + return defer.succeed('Done!') + + return defer.fail(InvalidPasswordError('The user entered an invalid password or confirmation')) |