Ejemplo n.º 1
0
 def _request_token(self):
     form = ResetPasswordEmailForm()
     if form.validate_on_submit():
         user = form.user
         # The only case where someone would have more than one identity is after a merge.
         # And the worst case that can happen here is that we send the user a different
         # username than the one he expects. But he still gets back into his profile.
         # Showing a list of usernames would be a little bit more user-friendly but less
         # secure as we'd expose valid usernames for a specific user to an untrusted person.
         identity = next(iter(user.local_identities))
         _send_confirmation(form.email.data,
                            'reset-password',
                            '.resetpass',
                            'auth/emails/reset_password.txt', {
                                'user': user,
                                'username': identity.identifier
                            },
                            data=identity.id)
         session['resetpass_email_sent'] = True
         logger.info('Password reset requested for user %s', user)
         return redirect(url_for('.resetpass'))
     return WPAuth.render_template('reset_password.html',
                                   form=form,
                                   identity=None,
                                   widget_attrs={},
                                   email_sent=session.pop(
                                       'resetpass_email_sent', False))
Ejemplo n.º 2
0
 def _handle_edit_local_account(self, form):
     self.user.local_identity.identifier = form.data['username']
     if form.data['new_password']:
         self.user.local_identity.password = form.data['new_password']
         session.pop('insecure_password_error', None)
         logger.info('User %s (%s) changed their password', self.user, self.user.local_identity.identifier)
     flash(_('Your local account credentials have been updated successfully'), 'success')
Ejemplo n.º 3
0
 def _handle_add_local_account(self, form):
     identity = Identity(provider='indico',
                         identifier=form.data['username'],
                         password=form.data['password'])
     self.user.identities.add(identity)
     logger.info('User %s added a local account (%s)', self.user,
                 identity.identifier)
     flash(_('Local account added successfully'), 'success')
Ejemplo n.º 4
0
 def _create_identity(self):
     identity = Identity(user=self.user, provider=self.identity_info['provider'],
                         identifier=self.identity_info['identifier'], data=self.identity_info['data'],
                         multipass_data=self.identity_info['multipass_data'])
     logger.info('Created new identity for %s: %s', self.user, identity)
     del session['login_identity_info']
     db.session.flush()
     login_user(self.user, identity)
     return multipass.redirect_success()
Ejemplo n.º 5
0
 def _create_identity(self):
     identity = Identity(user=self.user, provider=self.identity_info['provider'],
                         identifier=self.identity_info['identifier'], data=self.identity_info['data'],
                         multipass_data=self.identity_info['multipass_data'])
     logger.info('Created new identity for %s: %s', self.user, identity)
     del session['login_identity_info']
     db.session.flush()
     login_user(self.user, identity)
     return multipass.redirect_success()
Ejemplo n.º 6
0
 def _reset_password(self, identity):
     form = ResetPasswordForm()
     if form.validate_on_submit():
         identity.password = form.password.data
         flash(_('Your password has been changed successfully.'), 'success')
         login_user(identity.user, identity)
         logger.info('Password reset confirmed for user %s', identity.user)
         # We usually come here from a multipass login page so we should have a target url
         return multipass.redirect_success()
     form.username.data = identity.identifier
     return WPAuth.render_template('reset_password.html', form=form, identity=identity, email_sent=False,
                                   widget_attrs={'username': {'disabled': True}})
Ejemplo n.º 7
0
Archivo: util.py Proyecto: zenny/indico
def undo_impersonate_user():
    """Undo an admin impersonation login and revert to the old user"""
    from indico.modules.auth import logger
    from indico.modules.users import User

    try:
        entry = session.pop('login_as_orig_user')
    except KeyError:
        # The user probably already switched back from another tab
        return
    user = User.get_one(entry['user_id'])
    logger.info('Admin %r stopped impersonating user %r', user, session.user)
    session.user = user
    session.update(entry['session_data'])
Ejemplo n.º 8
0
Archivo: util.py Proyecto: zenny/indico
def impersonate_user(user):
    """Impersonate another user as an admin"""
    from indico.modules.auth import login_user, logger

    current_user = session.user
    # We don't overwrite a previous entry - the original (admin) user should be kept there
    # XXX: Don't change this to setdefault - building `session_data` pops stuff from the session
    if 'login_as_orig_user' not in session:
        session['login_as_orig_user'] = {
            'session_data': {k: session.pop(k) for k in session.keys() if k[0] != '_' or k in ('_timezone', '_lang')},
            'user_id': session.user.id,
            'user_name': session.user.get_full_name(last_name_first=False, last_name_upper=False)
        }
    login_user(user, admin_impersonation=True)
    logger.info('Admin %r is impersonating user %r', current_user, user)