def insert_user(data): user_rec = dict( FIRSTNAME=data.first_name, LASTNAME=data.last_name, LOGINID=data.username, EMAIL=data.email, PHONE=data.phone, PASSWORD=gen_password(), DTUPD=now, DTADD=now, STATUS="A", ) db = system.database table = db.table("dz_users", "USERID") new_id = table.insert(user_rec) # set user password user = User(data.username) user.set_password(data.password) # make sure new users don't accidentally get access db("delete from dz_members where userid=%s", new_id) # add default group add_user(user.username, "users") return new_id
def test_user_can(self): class MyObject(object): def allows(self, user, action): return action == 'read' or user.username == 'admin' obj = MyObject() user = OldUser('user1') self.assertTrue(user.can('read', obj)) self.assertFalse(user.can('edit', obj)) user = OldUser('admin') self.assertTrue(user.can('read', obj)) self.assertTrue(user.can('edit', obj))
def test_user_is_member(self): user = OldUser('admin') self.assertTrue(user.is_member('administrators')) self.assertTrue(user.is_member('users')) self.assertFalse(user.is_member('notagroup')) user = OldUser('user1') self.assertTrue(user.is_member('users')) self.assertFalse(user.is_member('administrators')) self.assertFalse(user.is_member('notagroup'))
def reset_password(token, password, confirm): if not valid_token(token): return Page('expired') elif not valid_new_password(password): error('Invalid password ({})'.format(valid_new_password.msg)) elif password <> confirm: error('Passwords do not match') else: user = user_by_token(token) if not user: error('Invalid request') else: user = User(user['LOGINID']) user.set_password(password) rec = ForgotToken.find(token=token)[0] rec.expiry = time.time() rec.put() return home('complete')
def reset_password(token,password,confirm): if not valid_token(token): return Page('expired') elif not valid_new_password(password): error('Invalid password ({})'.format(valid_new_password.msg)) elif password <> confirm: error('Passwords do not match') else: user = user_by_token(token) if not user: error('Invalid request') else: user = User(user['LOGINID']) user.set_password(password) rec = ForgotToken.find(token=token)[0] rec.expiry = time.time() rec.put() return home('complete')
def insert(cls, form): values = form.evaluate() username = values['USERNAME'].lower() password = gen_password() values['FIRSTNAME'] = values['FIRST_NAME'] values['LASTNAME'] = values['LAST_NAME'] values['LOGINID'] = username values['PASSWORD'] = '' values['DTUPD'] = values['DTADD'] = datetime.datetime.now() values['STATUS'] = 'A' users = db.table('dz_users', 'USERID') id = users.insert(values) db('delete from dz_members where userid=%s', id) # make sure new users have no memberships add_user(values['LOGINID'], 'users') new_user = ZoomUser(username) new_user.set_password(password) msg = '<a href="/users/%s">%s</a> added new user <a href="/users/%s">%s</a>' logger.activity( 'users', msg % (user.id, user.username, new_user.id, new_user.username)) audit('created user account', new_user.username) if values['SEND_INVITATION'] == True: recipients = [values['EMAIL']] tpl = load('welcome.md') t = dict( first_name=values['FIRST_NAME'], username=username, password=password, site_name=site_name(), site_url=site_url(), admin_email='*****@*****.**', owner_name=owner_name(), ) body = markdown(viewfill(tpl, t.get)) subject = 'Welcome - ' + site_name() send(recipients, subject, body) message('invitation sent')
def insert(cls, form): values = form.evaluate() username = values['USERNAME'].lower() password = gen_password() values['FIRSTNAME'] = values['FIRST_NAME'] values['LASTNAME'] = values['LAST_NAME'] values['LOGINID'] = username values['PASSWORD'] = '' values['DTUPD'] = values['DTADD'] = datetime.datetime.now() values['STATUS'] = 'A' users = db.table('dz_users','USERID') id = users.insert(values) db('delete from dz_members where userid=%s', id) # make sure new users have no memberships add_user(values['LOGINID'], 'users') new_user = ZoomUser(username) new_user.set_password(password) msg = '<a href="/users/%s">%s</a> added new user <a href="/users/%s">%s</a>' logger.activity('users', msg % (user.id, user.username, new_user.id, new_user.username)) audit('created user account', new_user.username) if values['SEND_INVITATION'] == True: recipients = [values['EMAIL']] tpl = load('welcome.md') t = dict( first_name = values['FIRST_NAME'], username = username, password = password, site_name = site_name(), site_url = site_url(), admin_email = '*****@*****.**', owner_name = owner_name(), ) body = markdown(viewfill(tpl, t.get)) subject = 'Welcome - ' + site_name() send(recipients, subject, body) message('invitation sent')
def test_user_authorize(self): class MyObject(object): def allows(self, user, action): return action == 'read' or user.username == 'admin' obj = MyObject() user = OldUser('user1') user.authorize('read', obj) with self.assertRaises(UnauthorizedException): user.authorize('edit', obj) user = OldUser('admin') user.authorize('read', obj) user.authorize('edit', obj)
def show(self, id): from zoom.user import User from zoom.manager import manager user = Users.get(id) if user: user_fields.update(user.__dict__) edit_button = '<a id="edit-button" class=action href="/users/%s/edit">Edit</a>' % ( id) password_button = '<a id="password-button" class=action href="/users/%s/password">Set Password</a>' % ( id) deactivate_button = '<a id="deactiveate-button" class=action href="/users/%s/deactivate">Deactivate</a>' % ( id) activate_button = '<a id=activate-button class=action href="/users/%s/activate">Activate</a>' % ( id) delete_button = '<a id="delete-button" class=action href="/users/%s/delete">Delete</a>' % ( id) if user.status == 'A': actions = deactivate_button status = '' else: actions = activate_button status = ( '<div style="display:inline;padding-left:10px;font-size:0.8em;">(deactivated)</tab>' ) actions = delete_button + actions + password_button + edit_button + '<div style="clear:both"></div>' u = User(user['username']) activity_data = db( 'select id, timestamp, route, status, address, elapsed, message from log where user=%s and timestamp>=%s order by timestamp desc limit 50', user.username, today - 26 * one_week) labels = 'id', 'When', 'Route', 'Status', 'Address', 'Elapsed', 'Message' activity = browse([ (link_to(a[0], abs_url_for( '/info/system-log', a[0])), '<span title="%s">%s</span>' % (a[1], how_long_ago(a[1])), a[2], a[3], a[4], a[5], a[6][:40]) for a in activity_data ], labels=labels) auth_data = db( 'select * from audit_log where (subject1=%s or subject2=%s) and timestamp>=%s order by timestamp desc limit 20', user.username, user.username, today - 26 * one_week) labels = 'id', 'App', 'User', 'Activity', 'Subject1', 'Subject2', 'Timestamp' auth_activity = browse([(a[0], a[1], a[2], a[3], a[4], a[5], a[6]) for a in auth_data], labels=labels) apps = [ a.name for a in manager.apps.values() if a.name in (hasattr(u, 'apps') and u.apps or []) ] page = Page( 'show', dict( id=id, fields=user_fields.show(), full_name=user.get_full_name(), roles=' '.join([ link_to(g, '/groups/%s' % g) for g in sorted(hasattr(u, 'roles') and u.roles or []) ]), apps=' '.join( [link_to(g, '/apps/%s' % g) for g in sorted(apps)]), actions=actions, status=status, activity=activity, auth_activity=auth_activity, ).get) return page
def test_user_is_disabled(self): user = OldUser('user1') self.assertEqual(user.is_disabled, False) user.status = 'D' self.assertEqual(user.is_disabled, True)