From 5b0709c8cb171b07a0a071c54c268bed3ea08c49 Mon Sep 17 00:00:00 2001 From: Holger Frey Date: Wed, 27 Sep 2017 15:07:04 +0200 Subject: [PATCH] added account registration schema --- ordr2/schemas/__init__.py | 26 ++++++++++++++++++++++++++ ordr2/schemas/account.py | 30 ++++++++++++++++++++++++++++++ ordr2/schemas/helpers.py | 39 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 95 insertions(+) create mode 100644 ordr2/schemas/__init__.py create mode 100644 ordr2/schemas/account.py create mode 100644 ordr2/schemas/helpers.py diff --git a/ordr2/schemas/__init__.py b/ordr2/schemas/__init__.py new file mode 100644 index 0000000..fd7c18e --- /dev/null +++ b/ordr2/schemas/__init__.py @@ -0,0 +1,26 @@ +import colander +import deform + +from .helpers import ( + deferred_csrf_default, + deferred_csrf_validator + ) + + +# Base Schema + +class CSRFSchema(colander.Schema): + ''' base class for schemas with csrf validation ''' + csrf_token = colander.SchemaNode( + colander.String(), + default=deferred_csrf_default, + validator=deferred_csrf_validator, + widget=deform.widget.HiddenWidget(), + ) + + @classmethod + def as_form(cls, request, url, **kw): + schema = cls().bind(request=request) + form = deform.Form(schema, action=url, **kw) + return form + diff --git a/ordr2/schemas/account.py b/ordr2/schemas/account.py new file mode 100644 index 0000000..ab0f812 --- /dev/null +++ b/ordr2/schemas/account.py @@ -0,0 +1,30 @@ +import colander +import deform + +from . import CSRFSchema +from .helpers import deferred_unique_email_validator + + +# schema for user registration + +class RegistrationSchema(CSRFSchema): + ''' new user registration ''' + + user_name = colander.SchemaNode( + colander.String(), + widget=deform.widget.TextInputWidget(readonly=True), + ) + first_name = colander.SchemaNode( + colander.String() + ) + last_name = colander.SchemaNode( + colander.String() + ) + email = colander.SchemaNode( + colander.String(), + validator=deferred_unique_email_validator + ) + password = colander.SchemaNode( + colander.String(), + widget=deform.widget.CheckedPasswordWidget() + ) diff --git a/ordr2/schemas/helpers.py b/ordr2/schemas/helpers.py new file mode 100644 index 0000000..05887d0 --- /dev/null +++ b/ordr2/schemas/helpers.py @@ -0,0 +1,39 @@ +import colander +import deform + +from pyramid.csrf import get_csrf_token, check_csrf_token + +from ordr2.models import User + + +@colander.deferred +def deferred_csrf_default(node, kw): + ''' sets the current csrf token ''' + request = kw.get('request') + return get_csrf_token(request) + + +@colander.deferred +def deferred_csrf_validator(node, kw): + ''' validates a submitted csrf token ''' + def validate_csrf(node, value): + request = kw.get('request') + if not check_csrf_token(request, raises=False): + raise colander.Invalid(node, 'Bad CSRF token') + return validate_csrf + + +@colander.deferred +def deferred_unique_email_validator(node, kw): + ''' checks if an email is not registered already ''' + email_validator = colander.Email() + + def validate_unique_email(node, value): + email_validator(node, value) # raises exception on invalid address + request = kw.get('request') + user = request.dbsession.query(User).filter_by(email=value).first() + if user is not None: + raise colander.Invalid(node, 'Email address in use') + return validate_unique_email + +