def login_view(context, request):
login = ''
password = ''
came_from = request.params.get('came_from')
message = request.params.get('reason')
if 'form.submitted' in request.params:
login = request.params['login']
password = request.params['password']
users = find_users(context)
info = users.get_by_login(login)
if info:
if info['password'] == get_sha_password(password):
headers = remember(request, info['id'])
if came_from:
return HTTPFound(location=came_from, headers=headers)
else:
url = resource_url(context, request, 'login')
return HTTPFound(location=url, headers=headers)
else:
message = 'Wrong password'
else:
message = 'No such user name %s' % login
logged_in = authenticated_userid(request)
return dict(
api = API(context, request),
login = login,
password = password,
logged_in = logged_in,
came_from = came_from,
message = message,
)
def register_view(context, request):
logged_in = authenticated_userid(request)
login = request.params.get('login', '')
fullname = request.params.get('fullname', '')
email = request.params.get('email', '')
password = request.params.get('password', '')
password_verify = request.params.get('password_verify')
captcha_answer = request.params.get('captcha_answer', '')
message = ''
if 'form.submitted' in request.params:
schema = RegisterSchema()
message = None
try:
schema.to_python(request.params)
except formencode.validators.Invalid, why:
message = str(why)
else:
ok = False
session = context.sessions.get(request.environ['repoze.browserid'])
solutions = session.get('captcha_solutions', [])
for solution in solutions:
if captcha_answer.lower() == solution.lower():
ok = True
if not ok:
message = 'Bad CAPTCHA answer'
else:
users = find_users(context)
info = users.get_by_login(login)
if info:
message = 'Username %s already exists' % login
else:
if password != password_verify:
message = 'Password and password verify do not match'
else:
users.add(login, login, password, groups=('members',))
profiles = find_profiles(context)
profile = Profile(fullname, email)
profiles[login] = profile
acl = context.__acl__[:]
acl.extend([(Allow, login, 'edit'),
(Allow, 'admin', 'edit')])
profile.__acl__ = acl
headers = remember(request, login)
login_url = resource_url(context, request, 'login')
response = HTTPFound(location = login_url,
headers=headers)
return response
def groupfinder(userid, request=None):
environ = {}
if request is None:
request = get_current_request()
else:
root = request.root
environ = request.environ
users = find_users(root)
info = users.get_by_id(userid)
if info:
groups = info['groups']
environ['REMOTE_ID'] = userid
environ['REMOTE_USER'] = info['login']
environ['REMOTE_GROUPS'] = groups
profiles = find_profiles(root)
profile = profiles.get(userid)
if profile:
environ['REMOTE_EMAIL'] = profile.email
return groups
def forgot_password_view(context, request):
email = request.params.get('email', '')
message = ''
if 'form.submitted' in request.params:
schema = ForgotPasswordSchema()
try:
schema.to_python(request.params)
except formencode.validators.Invalid, why:
message = str(why)
else:
profiles = find_profiles(context)
found_profile = None
for profile in profiles.values():
if profile.email == email:
found_profile = profile
break
if found_profile is None:
message = 'Email %s not found' % email
else:
login = profile.__name__
password = random_password()
users = find_users(context)
users.change_password(login, password)
msg = Message()
frm = 'bfg.repoze.org <*****@*****.**>'
msg['From'] = frm
msg['To'] = email
msg['Subject'] = 'Account information'
body = 'Your new password is "%s" for login name "%s"' % (
password, login)
msg.set_payload(body)
msg.set_type('text/html')
message = msg.as_string()
mailer = get_mailer()
mailer.send(frm, [email], message)
message = 'Mail sent to "%s" with new password' % email
message = 'Profile edited'
if 'form.changepassword' in request.params:
schema = ChangePasswordSchema()
message = None
try:
schema.to_python(request.params)
except formencode.validators.Invalid, why:
message = str(why)
else:
password = request.params['password']
password_verify = request.params['password_verify']
if password != password_verify:
message = 'Password and password verify do not match'
else:
users = find_users(context)
users.change_password(login, password)
message = 'Password changed'
return dict(
api = API(context, request),
login = login,
message = message,
email = email,
fullname = fullname,
password = password,
password_verify = password_verify,
)
@view_config(for_=IWebSite, name='forgot_password', permission='view',
renderer='marlton.views:templates/forgot_password.pt')
