removing misplaced stuffs from views, more controllers use

2 files changed, 26 insertions, 1 deletions

diff --git a/src/web/controllers/abstract.py b/src/web/controllers/abstract.py
index f33d241e..99d92ff3 100644
--- a/src/web/controllers/abstract.py
+++ b/src/web/controllers/abstract.py
@@ -84,7 +84,7 @@ class AbstractController(object):
 
     def create(self, **attrs):
         assert self._user_id_key is None or self._user_id_key in attrs \
-                or self.user_id is not None, \
+                or self.user_id is None, \
                 "You must provide user_id one way or another"
 
         if self._user_id_key is not None and self._user_id_key not in attrs:
diff --git a/src/web/controllers/user.py b/src/web/controllers/user.py
index 3f96b185..d8bf1fa1 100644
--- a/src/web/controllers/user.py
+++ b/src/web/controllers/user.py
@@ -1,3 +1,6 @@
+import random
+import hashlib
+from werkzeug import generate_password_hash
 from .abstract import AbstractController
 from web.models import User
 
@@ -5,3 +8,25 @@ from web.models import User
 class UserController(AbstractController):
     _db_cls = User
     _user_id_key = 'id'
+
+    def unset_activation_key(self, obj_id):
+        self.update({'id': obj_id}, {'activation_key': ""})
+
+    def set_activation_key(self, obj_id):
+        key = str(random.getrandbits(256)).encode("utf-8")
+        key = hashlib.sha512(key).hexdigest()[:86]
+        self.update({'id': obj_id}, {'activation_key': key})
+
+    def _handle_password(self, attrs):
+        if attrs.get('password'):
+            attrs['pwdhash'] = generate_password_hash(attrs.pop('password'))
+        elif 'password' in attrs:
+            del attrs['password']
+
+    def create(self, **attrs):
+        self._handle_password(attrs)
+        return super().create(**attrs)
+
+    def update(self, filters, attrs):
+        self._handle_password(attrs)
+        return super().update(filters, attrs)