def initialize_sql(engine):
'Create tables and insert data'
# Create tables
db.configure(bind=engine)
Base.metadata.bind = engine
Base.metadata.create_all(engine)
# If the tables are empty,
if not db.query(User).count():
# Prepare data
userPacks = [
(u'admin', make_random_string(PASSWORD_LEN_MAX), u'Admin',
u'*****@*****.**', True),
(u'user', make_random_string(PASSWORD_LEN_MAX), u'User',
u'*****@*****.**', False),
]
# Insert data
userTemplate = '\nUsername\t%s\nPassword\t%s\nNickname\t%s\nEmail\t\t%s'
for username, password, nickname, email, is_super in userPacks:
print userTemplate % (username, password, nickname, email)
db.add(
User(username=username,
password=password,
nickname=nickname,
email=email,
is_super=is_super))
print
transaction.commit()
class User(Base):
'A user'
__tablename__ = 'users'
id = Column(Integer, primary_key=True)
username = column_property(Column(Unicode(USERNAME_LEN_MAX), unique=True),
comparator_factory=CaseInsensitiveComparator)
password_ = Column('password', LargeBinary(60)) # Hash from bcrypt
@property
def password(self):
return self.password_
@password.setter
def password(self, password):
self.password_ = crypt.encode(password)
password = synonym('password_', descriptor=password)
nickname = column_property(Column(Unicode(NICKNAME_LEN_MAX), unique=True),
comparator_factory=CaseInsensitiveComparator)
email = Column(LowercaseEncrypted(EMAIL_LEN_MAX * 2), unique=True)
is_active = Column(Boolean, default=True)
is_super = Column(Boolean, default=False)
rejection_count = Column(Integer, default=0)
minutes_offset = Column(Integer, default=0)
when_login = Column(DateTime)
code = Column(String(CODE_LEN),
default=lambda: make_random_string(CODE_LEN))
sms_addresses = relationship('SMSAddress')
def __str__(self):
return "<User(id=%s)>" % self.id
def check(self, password):
'Return True if we have a matching password'
return crypt.check(self.password, password)
def initialize_sql(engine):
'Create tables and insert data'
# Create tables
db.configure(bind=engine)
Base.metadata.bind = engine
Base.metadata.create_all(engine)
# If the tables are empty,
if not db.query(User).count():
# Prepare data
userPacks = [
(u'admin', make_random_string(PASSWORD_LEN_MAX), u'Admin', u'*****@*****.**', True),
(u'user', make_random_string(PASSWORD_LEN_MAX), u'User', u'*****@*****.**', False),
]
# Insert data
userTemplate = '\nUsername\t%s\nPassword\t%s\nNickname\t%s\nEmail\t\t%s'
for username, password, nickname, email, is_super in userPacks:
print userTemplate % (username, password, nickname, email)
db.add(User(username=username, password=password, nickname=nickname, email=email, is_super=is_super))
print
transaction.commit()
def reset(request):
'Reset password'
# Get email
email = request.params.get('email')
# Try to load the user
user = db.query(User).filter(User.email==email).first()
# If the email is not in our database,
if not user:
return dict(isOk=0)
# Reset account
return save_user_(request, dict(
username=user.username,
password=make_random_string(PASSWORD_LEN_MAX),
nickname=user.nickname,
email=user.email), 'reset', user)
def reset(request):
'Reset password'
# Get email
email = request.params.get('email')
# Try to load the user
user = db.query(User).filter(User.email == email).first()
# If the email is not in our database,
if not user:
return dict(isOk=0)
# Reset account
return save_user_(
request,
dict(username=user.username,
password=make_random_string(PASSWORD_LEN_MAX),
nickname=user.nickname,
email=user.email), 'reset', user)
def mutate(request):
'Mutate user token'
params = request.params
if params.get('token') != request.session.get_csrf_token():
return dict(isOk=0, message='Invalid session token')
userID = authenticated_userid(request)
# Mutate user code
user = db.query(User).get(userID)
user.code = make_random_string(CODE_LEN)
# Refresh cookie
if not hasattr(request, 'response_headerlist'):
request.response_headerlist = []
request.response_headerlist.extend(remember(request, user.id, tokens=format_tokens(user)))
# Return
region_invalidate(get_properties, None, userID)
return dict(isOk=1, code=user.code)
def mutate(request):
'Mutate user token'
params = request.params
if params.get('token') != request.session.get_csrf_token():
return dict(isOk=0, message='Invalid session token')
userID = authenticated_userid(request)
# Mutate user code
user = db.query(User).get(userID)
user.code = make_random_string(CODE_LEN)
# Refresh cookie
if not hasattr(request, 'response_headerlist'):
request.response_headerlist = []
request.response_headerlist.extend(
remember(request, user.id, tokens=format_tokens(user)))
# Return
region_invalidate(get_properties, None, userID)
return dict(isOk=1, code=user.code)
def apply_user_(ticket):
'Finalize a change to a user account'
user_ = db.query(User_).filter((User_.ticket == ticket) & (
User_.when_expired >= datetime.datetime.utcnow())).first()
if not user_:
raise UserException('')
# If the ticket is valid,
if user_:
# Apply the change and reset rejection_count
userID = user_.user_id
db.merge(
User(id=userID,
username=user_.username,
password_=user_.password_,
nickname=user_.nickname,
email=user_.email,
rejection_count=0,
code=make_random_string(CODE_LEN)))
region_invalidate(get_properties, None, userID)
# Return
return user_
def apply_user_(ticket):
'Finalize a change to a user account'
user_ = db.query(User_).filter(
(User_.ticket == ticket) &
(User_.when_expired >= datetime.datetime.utcnow())).first()
if not user_:
raise UserException('')
# If the ticket is valid,
if user_:
# Apply the change and reset rejection_count
userID = user_.user_id
db.merge(User(
id=userID,
username=user_.username,
password_=user_.password_,
nickname=user_.nickname,
email=user_.email,
rejection_count=0,
code=make_random_string(CODE_LEN)))
region_invalidate(get_properties, None, userID)
# Return
return user_