def api_token_issue_view(self):
if (
"user_id" not in self.request.session or
self.request.session["user_id"] == None or
self.request.session["user_id"] not in self.request.root.users or
self.request.root.users[self.request.session["user_id"]] == None
):
return {
"error": "No valid authenticated session present, cannot issue token."
}
else:
user = self.request.root.users[self.request.session["user_id"]]
coder = Coding()
token = jwt.encode({
'user_id': user.__name__,
'username': user.username,
'auth_date': str(int(round(time.time() * 1000.0))),
'unique_id': coder.generateUniqueCode()
},
self.request.registry._settings["api.session_secret"],
algorithm='HS512')
user.api_token = token
logging.info("API: Issued authentication token to %s" % user.username)
return {
"token": token
}
def __init__(self):
coding = Coding()
self.__name__ = coding.generateUniqueCode()
self.name = self.description = None
self.cost = 0
self.total_released = 0
self.allocated = PersistentList()
self.exclusive = False
self.unlimited = False
self.locked_down = False
def __init__(self):
coding = Coding()
self.__name__ = self.id_code = coding.generateUniqueCode()
self.owner = None
self.payment = None
self.issue_date = None
self.creation_date = datetime.now()
self.guest_info = None
self.change_enabled = False
self.tick_type = None
self.addons = PersistentMapping()
self.checked_in = False
self.checkin_data = None
self.notes = ""
def user_add_view(self):
if "submit" in self.request.POST:
username = self.request.POST["username"].lower().replace(" ","")
password = self.request.POST["password"]
userprefix = self.request.POST["userprefix"].lower().replace(" ","")
numberusers = int(float(self.request.POST["numberusers"]))
startingpoint = int(float(self.request.POST["startingnumber"]))
group_key = self.request.POST["group"]
single = (self.request.POST["singleuser"] == "single")
# Check username not already in use
error = True
if single:
if username in self.request.root.users:
self.request.session.flash("A user with this username already exists.", "error")
elif group_key not in self.request.root.groups:
self.request.session.flash("The group selected is invalid, please try again.", "error")
elif len(password) < 6:
self.request.session.flash("The password you entered is too short, please enter a longer one.", "error")
elif len(username) < 3:
self.request.session.flash("Please enter a username longer than 2 letters.", "error")
else:
error = False
# Otherwise we're good, create user
group = self.request.root.groups[group_key]
user = User()
user.username = user.__name__ = username
user.password_salt = Coding().generateUniqueCode()
user.password = salt_password(password, user.password_salt)
user.__parent__ = group
group.members.append(user)
self.request.root.users[user.__name__] = user
self.request.session.flash("User %s has been added successfully!" % username, "info")
return HTTPFound(location=self.request.route_path("admin_accounts"))
else:
if len(userprefix) < 2:
self.request.session.flash("Please enter a prefix of 2 or more characters.", "error")
elif numberusers <= 1:
self.request.session.flash("Please enter a number of users greater than 1.", "error")
elif startingpoint < 0:
self.request.session.flash("Please enter a starting point number greater than or equal to 0.", "error")
elif group_key not in self.request.root.groups:
self.request.session.flash("The group selected is invalid, please try again.", "error")
else:
error = False
creds = {}
coding = Coding()
group = self.request.root.groups[group_key]
# Otherwise we're good, create lots of users and passwords
for i in range(numberusers):
password = coding.genRandomString(size=6).lower()
username = ("%s%i%s" % (userprefix, (i + startingpoint), coding.genRandomString(size=2))).lower()
creds[username] = password
# Create the user
newuser = User()
newuser.username = newuser.__name__ = username
newuser.password_salt = coding.generateUniqueCode()
newuser.password = salt_password(password, newuser.password_salt)
newuser.__parent__ = group
group.members.append(newuser)
self.request.root.users[newuser.__name__] = newuser
# Confirm a success
self.request.session.flash("Successfully added %i users to %s!" % (numberusers, group.name), "info")
# - Forward to showing the full list of users that were added
self.request.session["added_users"] = creds
return HTTPFound(location=self.request.route_path("admin_user_add_list"))
# Respond to a thrown error
if error:
return {
"groups": sorted(self.request.root.groups.values(), key=lambda x: x.name),
"username": username, "selgroup": group_key, "single": single,
"userprefix": userprefix, "numberusers": numberusers, "startingnumber": startingpoint,
}
return {
"groups": sorted(self.request.root.groups.values(), key=lambda x: x.name),
"username": None, "selgroup": None, "single": True,
"userprefix": None, "numberusers": 0, "startingnumber": 0,
}
