Ejemplo n.º 1
0
def initialize_sql(engine):
    'Create tables and insert data'
    # Create tables
    db.configure(bind=engine)
    Base.metadata.bind = engine
    Base.metadata.create_all(engine)
    # If the tables are empty,
    if not db.query(User).count():
        # Prepare data
        userPacks = [
            (u'admin', make_random_string(PASSWORD_LEN_MAX), u'Admin',
             u'*****@*****.**', True),
            (u'user', make_random_string(PASSWORD_LEN_MAX), u'User',
             u'*****@*****.**', False),
        ]
        # Insert data
        userTemplate = '\nUsername\t%s\nPassword\t%s\nNickname\t%s\nEmail\t\t%s'
        for username, password, nickname, email, is_super in userPacks:
            print userTemplate % (username, password, nickname, email)
            db.add(
                User(username=username,
                     password=password,
                     nickname=nickname,
                     email=email,
                     is_super=is_super))
        print
        transaction.commit()
Ejemplo n.º 2
0
class User(Base):
    'A user'
    __tablename__ = 'users'
    id = Column(Integer, primary_key=True)
    username = column_property(Column(Unicode(USERNAME_LEN_MAX), unique=True),
                               comparator_factory=CaseInsensitiveComparator)
    password_ = Column('password', LargeBinary(60))  # Hash from bcrypt

    @property
    def password(self):
        return self.password_

    @password.setter
    def password(self, password):
        self.password_ = crypt.encode(password)

    password = synonym('password_', descriptor=password)
    nickname = column_property(Column(Unicode(NICKNAME_LEN_MAX), unique=True),
                               comparator_factory=CaseInsensitiveComparator)
    email = Column(LowercaseEncrypted(EMAIL_LEN_MAX * 2), unique=True)
    is_active = Column(Boolean, default=True)
    is_super = Column(Boolean, default=False)
    rejection_count = Column(Integer, default=0)
    minutes_offset = Column(Integer, default=0)
    when_login = Column(DateTime)
    code = Column(String(CODE_LEN),
                  default=lambda: make_random_string(CODE_LEN))
    sms_addresses = relationship('SMSAddress')

    def __str__(self):
        return "<User(id=%s)>" % self.id

    def check(self, password):
        'Return True if we have a matching password'
        return crypt.check(self.password, password)
Ejemplo n.º 3
0
def initialize_sql(engine):
    'Create tables and insert data'
    # Create tables
    db.configure(bind=engine)
    Base.metadata.bind = engine
    Base.metadata.create_all(engine)
    # If the tables are empty,
    if not db.query(User).count():
        # Prepare data
        userPacks = [
            (u'admin', make_random_string(PASSWORD_LEN_MAX), u'Admin', u'*****@*****.**', True),
            (u'user', make_random_string(PASSWORD_LEN_MAX), u'User', u'*****@*****.**', False), 
        ]
        # Insert data
        userTemplate = '\nUsername\t%s\nPassword\t%s\nNickname\t%s\nEmail\t\t%s'
        for username, password, nickname, email, is_super in userPacks:
            print userTemplate % (username, password, nickname, email)
            db.add(User(username=username, password=password, nickname=nickname, email=email, is_super=is_super))
        print
        transaction.commit()
Ejemplo n.º 4
0
def reset(request):
    'Reset password'
    # Get email
    email = request.params.get('email')
    # Try to load the user
    user = db.query(User).filter(User.email==email).first()
    # If the email is not in our database,
    if not user: 
        return dict(isOk=0)
    # Reset account
    return save_user_(request, dict(
        username=user.username, 
        password=make_random_string(PASSWORD_LEN_MAX),
        nickname=user.nickname,
        email=user.email), 'reset', user)
Ejemplo n.º 5
0
def reset(request):
    'Reset password'
    # Get email
    email = request.params.get('email')
    # Try to load the user
    user = db.query(User).filter(User.email == email).first()
    # If the email is not in our database,
    if not user:
        return dict(isOk=0)
    # Reset account
    return save_user_(
        request,
        dict(username=user.username,
             password=make_random_string(PASSWORD_LEN_MAX),
             nickname=user.nickname,
             email=user.email), 'reset', user)
Ejemplo n.º 6
0
def mutate(request):
    'Mutate user token'
    params = request.params
    if params.get('token') != request.session.get_csrf_token():
        return dict(isOk=0, message='Invalid session token')
    userID = authenticated_userid(request)
    # Mutate user code 
    user = db.query(User).get(userID)
    user.code = make_random_string(CODE_LEN)
    # Refresh cookie
    if not hasattr(request, 'response_headerlist'):
        request.response_headerlist = []
    request.response_headerlist.extend(remember(request, user.id, tokens=format_tokens(user)))
    # Return
    region_invalidate(get_properties, None, userID)
    return dict(isOk=1, code=user.code)
Ejemplo n.º 7
0
def mutate(request):
    'Mutate user token'
    params = request.params
    if params.get('token') != request.session.get_csrf_token():
        return dict(isOk=0, message='Invalid session token')
    userID = authenticated_userid(request)
    # Mutate user code
    user = db.query(User).get(userID)
    user.code = make_random_string(CODE_LEN)
    # Refresh cookie
    if not hasattr(request, 'response_headerlist'):
        request.response_headerlist = []
    request.response_headerlist.extend(
        remember(request, user.id, tokens=format_tokens(user)))
    # Return
    region_invalidate(get_properties, None, userID)
    return dict(isOk=1, code=user.code)
Ejemplo n.º 8
0
def apply_user_(ticket):
    'Finalize a change to a user account'
    user_ = db.query(User_).filter((User_.ticket == ticket) & (
        User_.when_expired >= datetime.datetime.utcnow())).first()
    if not user_:
        raise UserException('')
    # If the ticket is valid,
    if user_:
        # Apply the change and reset rejection_count
        userID = user_.user_id
        db.merge(
            User(id=userID,
                 username=user_.username,
                 password_=user_.password_,
                 nickname=user_.nickname,
                 email=user_.email,
                 rejection_count=0,
                 code=make_random_string(CODE_LEN)))
        region_invalidate(get_properties, None, userID)
    # Return
    return user_
Ejemplo n.º 9
0
def apply_user_(ticket):
    'Finalize a change to a user account'
    user_ = db.query(User_).filter(
        (User_.ticket == ticket) & 
        (User_.when_expired >= datetime.datetime.utcnow())).first()
    if not user_:
        raise UserException('')
    # If the ticket is valid,
    if user_:
        # Apply the change and reset rejection_count
        userID = user_.user_id
        db.merge(User(
            id=userID,
            username=user_.username,
            password_=user_.password_,
            nickname=user_.nickname,
            email=user_.email,
            rejection_count=0,
            code=make_random_string(CODE_LEN)))
        region_invalidate(get_properties, None, userID)
    # Return
    return user_