def login():
return_url = request.args.get('returnUrl') or url_for('index')
if request.user:
flash('Already logged in')
return redirect(return_url)
if request.method == 'GET':
return render_template('login.html')
name, password = map(request.form.get, [ 'user', 'password' ])
error = False
if name in ('', None):
flash('Missing user name')
error = True
if password in ('', None):
flash('Missing password')
error = True
if not error:
status, user = UserManager.try_auth(store, name, password)
if status == UserManager.SUCCESS:
session['userid'] = str(user.id)
flash('Logged in!')
return redirect(return_url)
else:
flash(UserManager.error_str(status))
return render_template('login.html')
def add_user_post():
error = False
(name, passwd, passwd_confirm, mail, admin) = map(request.form.get, [ 'user', 'passwd', 'passwd_confirm', 'mail', 'admin' ])
if not name:
flash('The name is required.')
error = True
if not passwd:
flash('Please provide a password.')
error = True
elif passwd != passwd_confirm:
flash("The passwords don't match.")
error = True
if admin is None:
admin = True if store.find(User, User.admin == True).count() == 0 else False
else:
admin = True
if not error:
status = UserManager.add(store, name, passwd, mail, admin)
if status == UserManager.SUCCESS:
flash("User '%s' successfully added" % name)
return redirect(url_for('user_index'))
else:
flash(UserManager.error_str(status))
return add_user_form()
def change_password(uid):
if uid == 'me':
user = UserManager.get(store, session.get('userid'))[1].name
else:
if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS:
return redirect(url_for('index'))
user = UserManager.get(store, uid)[1].name
if request.method == 'POST':
error = False
if uid == 'me' or uid == session.get('userid'):
current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
if current in ('', None):
flash('The current password is required')
error = True
else:
new, confirm = map(request.form.get, [ 'new', 'confirm' ])
if new in ('', None):
flash('The new password is required')
error = True
if new != confirm:
flash("The new password and its confirmation don't match")
error = True
if not error:
if uid == 'me' or uid == session.get('userid'):
status = UserManager.change_password(store, session.get('userid'), current, new)
else:
status = UserManager.change_password2(store, UserManager.get(store, uid)[1].name, new)
if status != UserManager.SUCCESS:
flash(UserManager.error_str(status))
else:
flash('Password changed')
return redirect(url_for('user_profile', uid = uid))
return render_template('change_pass.html', user = user, admin = UserManager.get(store, session.get('userid'))[1].admin)
def change_username_form(uid):
code, user = UserManager.get(store, uid)
if code != UserManager.SUCCESS:
flash(UserManager.error_str(code))
return redirect(url_for('index'))
return render_template('change_username.html', user = user)
def add_user_post():
error = False
(name, passwd, passwd_confirm, mail, admin) = map(request.form.get, [ 'user', 'passwd', 'passwd_confirm', 'mail', 'admin' ])
if not name:
flash('The name is required.')
error = True
if not passwd:
flash('Please provide a password.')
error = True
elif passwd != passwd_confirm:
flash("The passwords don't match.")
error = True
if admin is None:
admin = True if store.find(User, User.admin == True).count() == 0 else False
else:
admin = True
if not error:
status = UserManager.add(store, name, passwd, mail, admin)
if status == UserManager.SUCCESS:
flash("User '%s' successfully added" % name)
return redirect(url_for('user_index'))
else:
flash(UserManager.error_str(status))
return add_user_form()
def add_user():
if request.method == 'GET':
return render_template('adduser.html', admin = UserManager.get(store, session.get('userid'))[1].admin)
error = False
(name, passwd, passwd_confirm, mail, admin) = map(request.form.get, [ 'user', 'passwd', 'passwd_confirm', 'mail', 'admin' ])
if name in (None, ''):
flash('The name is required.')
error = True
if passwd in (None, ''):
flash('Please provide a password.')
error = True
elif passwd != passwd_confirm:
flash("The passwords don't match.")
error = True
if admin is None:
admin = True if store.find(User, User.admin == True).count() == 0 else False
else:
admin = True
if not error:
status = UserManager.add(store, name, passwd, mail, admin)
if status == UserManager.SUCCESS:
flash("User '%s' successfully added" % name)
return redirect(url_for('user_index'))
else:
flash(UserManager.error_str(status))
return render_template('adduser.html', admin = UserManager.get(store, session.get('userid'))[1].admin)
def change_username_form(uid):
code, user = UserManager.get(store, uid)
if code != UserManager.SUCCESS:
flash(UserManager.error_str(code))
return redirect(url_for('index'))
return render_template('change_username.html', user = user)
def change_password_post(uid, user):
error = False
if user.id == request.user.id:
current = request.form.get('current')
if not current:
flash('The current password is required')
error = True
new, confirm = map(request.form.get, [ 'new', 'confirm' ])
if not new:
flash('The new password is required')
error = True
if new != confirm:
flash("The new password and its confirmation don't match")
error = True
if not error:
if user.id == request.user.id:
status = UserManager.change_password(store, user.id, current, new)
else:
status = UserManager.change_password2(store, user.name, new)
if status != UserManager.SUCCESS:
flash(UserManager.error_str(status))
else:
flash('Password changed')
return redirect(url_for('user_profile', uid = uid))
return change_password_form(uid, user)
def login():
return_url = request.args.get('returnUrl') or url_for('index')
if session.get('userid'):
flash('Already logged in')
return redirect(return_url)
if request.method == 'GET':
return render_template('login.html')
name, password = map(request.form.get, [ 'user', 'password' ])
error = False
if name in ('', None):
flash('Missing user name')
error = True
if password in ('', None):
flash('Missing password')
error = True
if not error:
status, user = UserManager.try_auth(store, name, password)
if status == UserManager.SUCCESS:
session['userid'] = str(user.id)
session['username'] = user.name
flash('Logged in!')
return redirect(return_url)
else:
flash(UserManager.error_str(status))
return render_template('login.html')
def change_password_post(uid, user):
error = False
if user.id == request.user.id:
current = request.form.get('current')
if not current:
flash('The current password is required')
error = True
new, confirm = map(request.form.get, [ 'new', 'confirm' ])
if not new:
flash('The new password is required')
error = True
if new != confirm:
flash("The new password and its confirmation don't match")
error = True
if not error:
if user.id == request.user.id:
status = UserManager.change_password(store, user.id, current, new)
else:
status = UserManager.change_password2(store, user.name, new)
if status != UserManager.SUCCESS:
flash(UserManager.error_str(status))
else:
flash('Password changed')
return redirect(url_for('user_profile', uid = uid))
return change_password_form(uid, user)
def del_user(uid):
status = UserManager.delete(store, uid)
if status == UserManager.SUCCESS:
flash('Deleted user')
else:
flash(UserManager.error_str(status))
return redirect(url_for('user_index'))
def del_user(uid):
status = UserManager.delete(store, uid)
if status == UserManager.SUCCESS:
flash('Deleted user')
else:
flash(UserManager.error_str(status))
return redirect(url_for('user_index'))
def user_changepass():
username, password = map(request.args.get, [ 'username', 'password' ])
if not username or not password:
return request.error_formatter(10, 'Missing parameter')
if username != request.username and not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
status = UserManager.change_password2(store, username, password)
if status != UserManager.SUCCESS:
return request.error_formatter(0, UserManager.error_str(status))
return request.formatter({})
def user_changepass():
username, password = map(request.args.get, ['username', 'password'])
if not username or not password:
return request.error_formatter(10, 'Missing parameter')
if username != request.username and not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
status = UserManager.change_password2(store, username, password)
if status != UserManager.SUCCESS:
return request.error_formatter(0, UserManager.error_str(status))
return request.formatter({})
def user_del():
if not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
username = request.args.get('username')
user = store.find(User, User.name == username).one()
if not user:
return request.error_formatter(70, 'Unknown user')
status = UserManager.delete(store, user.id)
if status != UserManager.SUCCESS:
return request.error_formatter(0, UserManager.error_str(status))
return request.formatter({})
def user_del():
if not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
username = request.args.get('username')
user = store.find(User, User.name == username).one()
if not user:
return request.error_formatter(70, 'Unknown user')
status = UserManager.delete(store, user.id)
if status != UserManager.SUCCESS:
return request.error_formatter(0, UserManager.error_str(status))
return request.formatter({})
def user_changepass():
username, password = map(request.values.get, [ 'username', 'password' ])
if not username or not password:
return request.error_formatter(10, 'Missing parameter')
if username != request.username and not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
password = decode_password(password)
status = UserManager.change_password2(store, username, password)
if status != UserManager.SUCCESS:
code = 0
if status == UserManager.NO_SUCH_USER:
code = 70
return request.error_formatter(code, UserManager.error_str(status))
return request.formatter({})
def user_changepass():
username, password = map(request.values.get, ['username', 'password'])
if not username or not password:
return request.error_formatter(10, 'Missing parameter')
if username != request.username and not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
password = decode_password(password)
status = UserManager.change_password2(store, username, password)
if status != UserManager.SUCCESS:
code = 0
if status == UserManager.NO_SUCH_USER:
code = 70
return request.error_formatter(code, UserManager.error_str(status))
return request.formatter({})
def decorated_func(*args, **kwargs):
if kwargs:
uid = kwargs[arg]
else:
uid = args[0]
if uid == 'me':
user = request.user
elif not request.user.admin:
return redirect(url_for('index'))
else:
code, user = UserManager.get(store, uid)
if code != UserManager.SUCCESS:
flash(UserManager.error_str(code))
return redirect(url_for('index'))
if kwargs:
kwargs['user'] = user
else:
args = (uid, user)
return f(*args, **kwargs)
def decorated_func(*args, **kwargs):
if kwargs:
uid = kwargs[arg]
else:
uid = args[0]
if uid == 'me':
user = request.user
elif not request.user.admin:
return redirect(url_for('index'))
else:
code, user = UserManager.get(store, uid)
if code != UserManager.SUCCESS:
flash(UserManager.error_str(code))
return redirect(url_for('index'))
if kwargs:
kwargs['user'] = user
else:
args = (uid, user)
return f(*args, **kwargs)
def change_password():
if request.method == 'POST':
current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
error = False
if current in ('', None):
flash('The current password is required')
error = True
if new in ('', None):
flash('The new password is required')
error = True
if new != confirm:
flash("The new password and its confirmation don't match")
error = True
if not error:
status = UserManager.change_password(store, session.get('userid'), current, new)
if status != UserManager.SUCCESS:
flash(UserManager.error_str(status))
else:
flash('Password changed')
return redirect(url_for('user_profile'))
return render_template('change_pass.html', user = UserManager.get(store, session.get('userid'))[1].name)
def test_human_readable_error(self):
values = [ UserManager.SUCCESS, UserManager.INVALID_ID, UserManager.NO_SUCH_USER, UserManager.NAME_EXISTS,
UserManager.WRONG_PASS, 1594826, 'string', uuid.uuid4() ]
for value in values:
self.assertIsInstance(UserManager.error_str(value), basestring)