def delete_user():
"""
Delete a user
"""
userid = get_user_id()
if userid == "":
return
ptext = util.sprintf("delete_user: Are you REALLY REALLY REALLY sure that you want to delete user {%s}? (y/Y=yes; anything else=no): ", userid)
yesorno = prompt(ptext)
if yesorno in ("y", "Y"):
with app.app_context():
# Open database
dbpath = app.config["DBPATH"]
util.dbopen(dbpath)
# User exists?
row = util.dbuser_get(userid)
if row is None:
app.logger.error("delete_user: User {%s} does not exist", userid)
util.dbclose()
return
# Remove user
if util.dbuser_remove(userid):
app.logger.info("delete_user: User {%s} deleted", userid)
# Close database
util.dbclose()
else:
print("delete_user: Cancelled")
def web_request_change_password():
"""
Change password request.
"""
if SESSION_USERID in session:
userid = session[SESSION_USERID]
email = session[SESSION_EMAIL]
else:
# Session Timeout
app.logger.error("web_request_change_password: session expired")
rendered = render_template("login_form.html",
frm_uname=UNAME,
frm_userid="",
frm_password="",
frm_status="* PREVIOUS SESSION EXPIRED *")
return ensure_no_caching(rendered), 200
# Hash the current password
password = util.hash_a_secret(request.form["password"])
# Get database row for this userid
row = util.dbuser_get(userid)
if row is None:
# User not found - impossible!
wtext = util.sprintf(
"web_request_change_password: user {%s} NOT FOUND; logged out",
userid)
app.logger.error(wtext)
response = build_logout_response("<h3>*** " + wtext + "</h3>")
return response, 400
# Extract row columns for userid
(dummy, email, db_password, stamp) = row
# Valid password entered?
if password != db_password:
#Invalid password
app.logger.error(
"web_request_change_password: user {%s} provided an INVALID PASSWORD",
userid)
rendered = render_template("chgpswd_form.html",
frm_uname=UNAME,
frm_userid=userid,
frm_password=email,
frm_status="* INVALID PASSWORD *")
return ensure_no_caching(rendered), 200
# Hash the new password field
ok_password = util.hash_a_secret(request.form["password1"])
# Update user with new password
if util.dbuser_update_password(userid, ok_password):
# Success
rendered = main_form_renderer(userid, email, "Password changed")
app.logger.info(
"web_request_change_password: userid {%s / %s} successfully changed password",
userid, email)
return ensure_no_caching(rendered), 200
# Report database update error
app.logger.error(
"web_request_change_password: Could not update password for user {%s}",
userid)
rendered = main_form_renderer(userid, email,
"*** Password change FAILED ***")
return ensure_no_caching(rendered), 204
def web_request_login():
"""
Process a web login form (userid, password)
"""
userid = request.form["userid"]
if app.debug:
app.logger.debug("web_request_login: userid is {%s}", userid)
# Hash the password
password = util.hash_a_secret(request.form["password"])
# Get database row for this userid
row = util.dbuser_get(userid)
if row is None:
# User not found
app.logger.error("web_request_login: user {%s} NOT FOUND", userid)
rendered = render_template("login_form.html",
frm_uname=UNAME,
frm_userid=userid,
frm_password="",
frm_status="* NO SUCH USER ID *")
return ensure_no_caching(rendered), 200
# Extract row columns for userid
(dummy, email, db_password, stamp) = row
# Valid password entered?
if password != db_password:
#Invalid password
app.logger.error(
"web_request_login: user {%s} provided an INVALID PASSWORD",
userid)
rendered = render_template("login_form.html",
frm_uname=UNAME,
frm_userid=userid,
frm_password=email,
frm_status="* INVALID PASSWORD *")
return ensure_no_caching(rendered), 200
# Password valid
session[SESSION_USERID] = userid
session[SESSION_EMAIL] = email
hello = util.sprintf("Hello, %s", userid)
rendered = main_form_renderer(userid, email, hello)
app.logger.info("web_request_login: user {%s} successfully logged in",
userid)
return ensure_no_caching(rendered), 200