def change_password(database, reset_hash):
db = models.get_database(database) or abort(404)
user = db.session.query(db.User).filter_by(
activation_hash='pw_reset_' + reset_hash).first() or abort(404)
form = forms.ChangePasswordForm()
if form.validate_on_submit():
user.activation_hash = ''
user.password = password_hash(form.password.data)
try:
db.session.commit()
flash('Password changed.')
except Exception as e:
print e
flash(
'Could not set password in db. Please contact an administrator.'
)
return redirect(
url_for('frontend.experiments_index', database=database))
return render('/accounts/change_password.html',
db=db,
database=database,
form=form,
reset_hash=reset_hash)
def login(database):
""" User login form and handling for a specific database. Users can
only be logged in to one database at a time
"""
db = models.get_database(database) or abort(404)
form = forms.LoginForm(csrf_enabled=False)
error = None
if form.validate_on_submit():
user = db.session.query(
db.User).filter_by(email=form.email.data).first()
if user is None:
error = "Invalid password or username."
else:
if user.activation_hash:
error = "Account not activated yet. Please check your e-mail account, otherwise contact an administrator."
elif not user.verified:
error = "Account was not verified yet. Please wait for an administrator to verify your account. You will be notified by e-mail."
elif user.password != password_hash(form.password.data):
error = 'Invalid password or username.'
else:
session['logged_in'] = True
session['database'] = database
session['idUser'] = user.idUser
session['email'] = user.email
session['db'] = str(db)
session['admin'] = user.admin
session.permanent = form.permanent_login.data
# if db.is_competition() and db.competition_phase() == 5:
# if not user.admin:
# session.pop('logged_in', None)
# flash('Website offline for competition computations.')
# return redirect(url_for('frontend.experiments_index',
# database=database))
flash('Login successful')
return redirect(
url_for('frontend.experiments_index', database=database))
return render('/accounts/login.html',
database=database,
error=error,
db=db,
form=form)
def change_password(database, reset_hash):
db = models.get_database(database) or abort(404)
user = db.session.query(db.User).filter_by(activation_hash='pw_reset_' + reset_hash).first() or abort(404)
form = forms.ChangePasswordForm()
if form.validate_on_submit():
user.activation_hash = ''
user.password = password_hash(form.password.data)
try:
db.session.commit()
flash('Password changed.')
except Exception as e:
print e
flash('Could not set password in db. Please contact an administrator.')
return redirect(url_for('frontend.experiments_index',
database=database))
return render('/accounts/change_password.html', db=db, database=database, form=form, reset_hash=reset_hash)
def login(database):
""" User login form and handling for a specific database. Users can
only be logged in to one database at a time
"""
db = models.get_database(database) or abort(404)
form = forms.LoginForm(csrf_enabled=False)
error = None
if form.validate_on_submit():
user = db.session.query(db.User).filter_by(email=form.email.data).first()
if user is None:
error = "Invalid password or username."
else:
if user.activation_hash:
error = "Account not activated yet. Please check your e-mail account, otherwise contact an administrator."
elif not user.verified:
error = "Account was not verified yet. Please wait for an administrator to verify your account. You will be notified by e-mail."
elif user.password != password_hash(form.password.data):
error = 'Invalid password or username.'
else:
session['logged_in'] = True
session['database'] = database
session['idUser'] = user.idUser
session['email'] = user.email
session['db'] = str(db)
session['admin'] = user.admin
session.permanent = form.permanent_login.data
# if db.is_competition() and db.competition_phase() == 5:
# if not user.admin:
# session.pop('logged_in', None)
# flash('Website offline for competition computations.')
# return redirect(url_for('frontend.experiments_index',
# database=database))
flash('Login successful')
return redirect(url_for('frontend.experiments_index',
database=database))
return render('/accounts/login.html', database=database, error=error,
db=db, form=form)
def register(database):
""" User registration """
db = models.get_database(database) or abort(404)
form = forms.RegistrationForm()
errors = []
if form.validate_on_submit():
if db.session.query(db.User).filter_by(email=form.email.data.lower()) \
.count() > 0:
errors.append(
"An account with this email address already exists. Please check your e-mail account for the activation link.")
try:
captcha = map(int, form.captcha.data.split())
if not utils.satisfies(captcha, session['captcha']):
errors.append("Wrong solution to the captcha challenge.")
except:
errors.append("Wrong format of the solution")
if not errors:
user = db.User()
user.lastname = form.lastname.data
user.firstname = form.firstname.data
user.password = password_hash(form.password.data)
user.email = form.email.data.lower() # store email in lower case for easier password reset etc
user.postal_address = form.address.data
user.affiliation = form.affiliation.data
user.verified = False
user.accepted_terms = form.accepted_terms.data
user.affiliation_type = form.affiliation_type.data
user.country = form.country.data
hash = hashlib.sha256()
hash.update(config.SECRET_KEY)
hash.update(user.email)
hash.update(str(datetime.datetime.now()))
hash.update(user.password)
user.activation_hash = hash.hexdigest()
db.session.add(user)
try:
db.session.commit()
except Exception:
db.session.rollback()
errors.append('Error while trying to save the account to the database. Please \
contact an administrator.')
return render('/accounts/register.html', database=database,
db=db, errors=errors, form=form)
session.pop('captcha', None)
msg = Message("[" + db.label + "] Account activation",
recipients=[user.email])
msg.body = "Dear " + user.firstname + " " + user.lastname + ",\n\n" + \
"Please use the following link to activate your account:\n" + \
request.url_root[:-1] + url_for('accounts.activate', database=database,
activation_hash=user.activation_hash)
mail.send(msg)
flash("Account created successfully. An e-mail has been sent to your account with an activation link.")
return redirect(url_for('frontend.experiments_index',
database=database))
# Save captcha to the session. The user will have to provide a solution for
# the same captcha that was given to him.
random.seed()
f = utils.random_formula(2, 3)
while not utils.SAT(f):
f = utils.random_formula(2, 3)
session['captcha'] = f
return render('/accounts/register.html', database=database, db=db,
errors=errors, form=form)
def register(database):
""" User registration """
db = models.get_database(database) or abort(404)
form = forms.RegistrationForm()
errors = []
if form.validate_on_submit():
if db.session.query(db.User).filter_by(email=form.email.data.lower()) \
.count() > 0:
errors.append(
"An account with this email address already exists. Please check your e-mail account for the activation link."
)
try:
captcha = map(int, form.captcha.data.split())
if not utils.satisfies(captcha, session['captcha']):
errors.append("Wrong solution to the captcha challenge.")
except:
errors.append("Wrong format of the solution")
if not errors:
user = db.User()
user.lastname = form.lastname.data
user.firstname = form.firstname.data
user.password = password_hash(form.password.data)
user.email = form.email.data.lower(
) # store email in lower case for easier password reset etc
user.postal_address = form.address.data
user.affiliation = form.affiliation.data
user.verified = False
user.accepted_terms = form.accepted_terms.data
user.affiliation_type = form.affiliation_type.data
user.country = form.country.data
hash = hashlib.sha256()
hash.update(config.SECRET_KEY)
hash.update(user.email)
hash.update(str(datetime.datetime.now()))
hash.update(user.password)
user.activation_hash = hash.hexdigest()
db.session.add(user)
try:
db.session.commit()
except Exception:
db.session.rollback()
errors.append(
'Error while trying to save the account to the database. Please \
contact an administrator.')
return render('/accounts/register.html',
database=database,
db=db,
errors=errors,
form=form)
session.pop('captcha', None)
msg = Message("[" + db.label + "] Account activation",
recipients=[user.email])
msg.body = "Dear " + user.firstname + " " + user.lastname + ",\n\n" + \
"Please use the following link to activate your account:\n" + \
request.url_root[:-1] + url_for('accounts.activate', database=database,
activation_hash=user.activation_hash)
mail.send(msg)
flash(
"Account created successfully. An e-mail has been sent to your account with an activation link."
)
return redirect(
url_for('frontend.experiments_index', database=database))
# Save captcha to the session. The user will have to provide a solution for
# the same captcha that was given to him.
random.seed()
f = utils.random_formula(2, 3)
while not utils.SAT(f):
f = utils.random_formula(2, 3)
session['captcha'] = f
return render('/accounts/register.html',
database=database,
db=db,
errors=errors,
form=form)
