Beispiel #1
0
def login():
    return_url = request.args.get('returnUrl') or url_for('index')
    if request.user:
        flash('Already logged in')
        return redirect(return_url)

    if request.method == 'GET':
        return render_template('login.html')

    name, password = map(request.form.get, [ 'user', 'password' ])
    error = False
    if name in ('', None):
        flash('Missing user name')
        error = True
    if password in ('', None):
        flash('Missing password')
        error = True

    if not error:
        status, user = UserManager.try_auth(store, name, password)
        if status == UserManager.SUCCESS:
            session['userid'] = str(user.id)
            flash('Logged in!')
            return redirect(return_url)
        else:
            flash(UserManager.error_str(status))

    return render_template('login.html')
Beispiel #2
0
def add_user_post():
    error = False
    (name, passwd, passwd_confirm, mail, admin) = map(request.form.get, [ 'user', 'passwd', 'passwd_confirm', 'mail', 'admin' ])
    if not name:
        flash('The name is required.')
        error = True
    if not passwd:
        flash('Please provide a password.')
        error = True
    elif passwd != passwd_confirm:
        flash("The passwords don't match.")
        error = True

    if admin is None:
        admin = True if store.find(User, User.admin == True).count() == 0 else False
    else:
        admin = True

    if not error:
        status = UserManager.add(store, name, passwd, mail, admin)
        if status == UserManager.SUCCESS:
            flash("User '%s' successfully added" % name)
            return redirect(url_for('user_index'))
        else:
            flash(UserManager.error_str(status))

    return add_user_form()
Beispiel #3
0
def change_password(uid):
	if uid == 'me':
		user = UserManager.get(store, session.get('userid'))[1].name
	else:
		if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS:
			return redirect(url_for('index'))
		user = UserManager.get(store, uid)[1].name
	if request.method == 'POST':
		error = False
		if uid == 'me' or uid == session.get('userid'):
			current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
			if current in ('', None):
				flash('The current password is required')
				error = True
		else:
			new, confirm = map(request.form.get, [ 'new', 'confirm' ])
		if new in ('', None):
			flash('The new password is required')
			error = True
		if new != confirm:
			flash("The new password and its confirmation don't match")
			error = True

		if not error:
			if uid == 'me' or uid == session.get('userid'):
				status = UserManager.change_password(store, session.get('userid'), current, new)
			else:
				status = UserManager.change_password2(store, UserManager.get(store, uid)[1].name, new)
			if status != UserManager.SUCCESS:
				flash(UserManager.error_str(status))
			else:
				flash('Password changed')
				return redirect(url_for('user_profile', uid = uid))

	return render_template('change_pass.html', user = user, admin = UserManager.get(store, session.get('userid'))[1].admin)
Beispiel #4
0
def change_username_form(uid):
    code, user = UserManager.get(store, uid)
    if code != UserManager.SUCCESS:
        flash(UserManager.error_str(code))
        return redirect(url_for('index'))

    return render_template('change_username.html', user = user)
Beispiel #5
0
def add_user_post():
    error = False
    (name, passwd, passwd_confirm, mail, admin) = map(request.form.get, [ 'user', 'passwd', 'passwd_confirm', 'mail', 'admin' ])
    if not name:
        flash('The name is required.')
        error = True
    if not passwd:
        flash('Please provide a password.')
        error = True
    elif passwd != passwd_confirm:
        flash("The passwords don't match.")
        error = True

    if admin is None:
        admin = True if store.find(User, User.admin == True).count() == 0 else False
    else:
        admin = True

    if not error:
        status = UserManager.add(store, name, passwd, mail, admin)
        if status == UserManager.SUCCESS:
            flash("User '%s' successfully added" % name)
            return redirect(url_for('user_index'))
        else:
            flash(UserManager.error_str(status))

    return add_user_form()
Beispiel #6
0
def add_user():
	if request.method == 'GET':
		return render_template('adduser.html', admin = UserManager.get(store, session.get('userid'))[1].admin)

	error = False
	(name, passwd, passwd_confirm, mail, admin) = map(request.form.get, [ 'user', 'passwd', 'passwd_confirm', 'mail', 'admin' ])
	if name in (None, ''):
		flash('The name is required.')
		error = True
	if passwd in (None, ''):
		flash('Please provide a password.')
		error = True
	elif passwd != passwd_confirm:
		flash("The passwords don't match.")
		error = True

	if admin is None:
		admin = True if store.find(User, User.admin == True).count() == 0 else False
	else:
		admin = True

	if not error:
		status = UserManager.add(store, name, passwd, mail, admin)
		if status == UserManager.SUCCESS:
			flash("User '%s' successfully added" % name)
			return redirect(url_for('user_index'))
		else:
			flash(UserManager.error_str(status))

	return render_template('adduser.html', admin = UserManager.get(store, session.get('userid'))[1].admin)
Beispiel #7
0
def change_username_form(uid):
    code, user = UserManager.get(store, uid)
    if code != UserManager.SUCCESS:
        flash(UserManager.error_str(code))
        return redirect(url_for('index'))

    return render_template('change_username.html', user = user)
Beispiel #8
0
def change_password_post(uid, user):
    error = False
    if user.id == request.user.id:
        current = request.form.get('current')
        if not current:
            flash('The current password is required')
            error = True

    new, confirm = map(request.form.get, [ 'new', 'confirm' ])

    if not new:
        flash('The new password is required')
        error = True
    if new != confirm:
        flash("The new password and its confirmation don't match")
        error = True

    if not error:
        if user.id == request.user.id:
            status = UserManager.change_password(store, user.id, current, new)
        else:
            status = UserManager.change_password2(store, user.name, new)

        if status != UserManager.SUCCESS:
            flash(UserManager.error_str(status))
        else:
            flash('Password changed')
            return redirect(url_for('user_profile', uid = uid))

    return change_password_form(uid, user)
Beispiel #9
0
def login():
	return_url = request.args.get('returnUrl') or url_for('index')
	if session.get('userid'):
		flash('Already logged in')
		return redirect(return_url)

	if request.method == 'GET':
		return render_template('login.html')

	name, password = map(request.form.get, [ 'user', 'password' ])
	error = False
	if name in ('', None):
		flash('Missing user name')
		error = True
	if password in ('', None):
		flash('Missing password')
		error = True

	if not error:
		status, user = UserManager.try_auth(store, name, password)
		if status == UserManager.SUCCESS:
			session['userid'] = str(user.id)
			session['username'] = user.name
			flash('Logged in!')
			return redirect(return_url)
		else:
			flash(UserManager.error_str(status))

	return render_template('login.html')
Beispiel #10
0
def change_password_post(uid, user):
    error = False
    if user.id == request.user.id:
        current = request.form.get('current')
        if not current:
            flash('The current password is required')
            error = True

    new, confirm = map(request.form.get, [ 'new', 'confirm' ])

    if not new:
        flash('The new password is required')
        error = True
    if new != confirm:
        flash("The new password and its confirmation don't match")
        error = True

    if not error:
        if user.id == request.user.id:
            status = UserManager.change_password(store, user.id, current, new)
        else:
            status = UserManager.change_password2(store, user.name, new)

        if status != UserManager.SUCCESS:
            flash(UserManager.error_str(status))
        else:
            flash('Password changed')
            return redirect(url_for('user_profile', uid = uid))

    return change_password_form(uid, user)
Beispiel #11
0
def del_user(uid):
	status = UserManager.delete(store, uid)
	if status == UserManager.SUCCESS:
		flash('Deleted user')
	else:
		flash(UserManager.error_str(status))

	return redirect(url_for('user_index'))
Beispiel #12
0
def del_user(uid):
    status = UserManager.delete(store, uid)
    if status == UserManager.SUCCESS:
        flash('Deleted user')
    else:
        flash(UserManager.error_str(status))

    return redirect(url_for('user_index'))
Beispiel #13
0
def user_changepass():
	username, password = map(request.args.get, [ 'username', 'password' ])
	if not username or not password:
		return request.error_formatter(10, 'Missing parameter')

	if username != request.username and not request.user.admin:
		return request.error_formatter(50, 'Admin restricted')

	status = UserManager.change_password2(store, username, password)
	if status != UserManager.SUCCESS:
		return request.error_formatter(0, UserManager.error_str(status))

	return request.formatter({})
Beispiel #14
0
def user_changepass():
    username, password = map(request.args.get, ['username', 'password'])
    if not username or not password:
        return request.error_formatter(10, 'Missing parameter')

    if username != request.username and not request.user.admin:
        return request.error_formatter(50, 'Admin restricted')

    status = UserManager.change_password2(store, username, password)
    if status != UserManager.SUCCESS:
        return request.error_formatter(0, UserManager.error_str(status))

    return request.formatter({})
Beispiel #15
0
def user_del():
	if not request.user.admin:
		return request.error_formatter(50, 'Admin restricted')

	username = request.args.get('username')
	user = store.find(User, User.name == username).one()
	if not user:
		return request.error_formatter(70, 'Unknown user')

	status = UserManager.delete(store, user.id)
	if status != UserManager.SUCCESS:
		return request.error_formatter(0, UserManager.error_str(status))

	return request.formatter({})
Beispiel #16
0
def user_del():
    if not request.user.admin:
        return request.error_formatter(50, 'Admin restricted')

    username = request.args.get('username')
    user = store.find(User, User.name == username).one()
    if not user:
        return request.error_formatter(70, 'Unknown user')

    status = UserManager.delete(store, user.id)
    if status != UserManager.SUCCESS:
        return request.error_formatter(0, UserManager.error_str(status))

    return request.formatter({})
Beispiel #17
0
def user_changepass():
    username, password = map(request.values.get, [ 'username', 'password' ])
    if not username or not password:
        return request.error_formatter(10, 'Missing parameter')

    if username != request.username and not request.user.admin:
        return request.error_formatter(50, 'Admin restricted')

    password = decode_password(password)
    status = UserManager.change_password2(store, username, password)
    if status != UserManager.SUCCESS:
        code = 0
        if status == UserManager.NO_SUCH_USER:
            code = 70
        return request.error_formatter(code, UserManager.error_str(status))

    return request.formatter({})
Beispiel #18
0
def user_changepass():
    username, password = map(request.values.get, ['username', 'password'])
    if not username or not password:
        return request.error_formatter(10, 'Missing parameter')

    if username != request.username and not request.user.admin:
        return request.error_formatter(50, 'Admin restricted')

    password = decode_password(password)
    status = UserManager.change_password2(store, username, password)
    if status != UserManager.SUCCESS:
        code = 0
        if status == UserManager.NO_SUCH_USER:
            code = 70
        return request.error_formatter(code, UserManager.error_str(status))

    return request.formatter({})
Beispiel #19
0
    def decorated_func(*args, **kwargs):
        if kwargs:
            uid = kwargs[arg]
        else:
            uid = args[0]

        if uid == 'me':
            user = request.user
        elif not request.user.admin:
            return redirect(url_for('index'))
        else:
            code, user = UserManager.get(store, uid)
            if code != UserManager.SUCCESS:
                flash(UserManager.error_str(code))
                return redirect(url_for('index'))

        if kwargs:
            kwargs['user'] = user
        else:
            args = (uid, user)

        return f(*args, **kwargs)
Beispiel #20
0
    def decorated_func(*args, **kwargs):
        if kwargs:
            uid = kwargs[arg]
        else:
            uid = args[0]

        if uid == 'me':
            user = request.user
        elif not request.user.admin:
            return redirect(url_for('index'))
        else:
            code, user = UserManager.get(store, uid)
            if code != UserManager.SUCCESS:
                flash(UserManager.error_str(code))
                return redirect(url_for('index'))

        if kwargs:
            kwargs['user'] = user
        else:
            args = (uid, user)

        return f(*args, **kwargs)
Beispiel #21
0
def change_password():
	if request.method == 'POST':
		current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
		error = False
		if current in ('', None):
			flash('The current password is required')
			error = True
		if new in ('', None):
			flash('The new password is required')
			error = True
		if new != confirm:
			flash("The new password and its confirmation don't match")
			error = True

		if not error:
			status = UserManager.change_password(store, session.get('userid'), current, new)
			if status != UserManager.SUCCESS:
				flash(UserManager.error_str(status))
			else:
				flash('Password changed')
				return redirect(url_for('user_profile'))

	return render_template('change_pass.html', user = UserManager.get(store, session.get('userid'))[1].name)
Beispiel #22
0
 def test_human_readable_error(self):
     values = [ UserManager.SUCCESS, UserManager.INVALID_ID, UserManager.NO_SUCH_USER, UserManager.NAME_EXISTS,
         UserManager.WRONG_PASS, 1594826, 'string', uuid.uuid4() ]
     for value in values:
         self.assertIsInstance(UserManager.error_str(value), basestring)