Ejemplo n.º 1
0
def fixture_add_user(username=u'chris', password=u'toast',
                     active_user=True, wants_comment_notification=True):
    # Reuse existing user or create a new one
    test_user = User.query.filter_by(username=username).first()
    if test_user is None:
        test_user = User()
    test_user.username = username
    test_user.email = username + u'@example.com'
    if password is not None:
        test_user.pw_hash = gen_password_hash(password)
    if active_user:
        test_user.email_verified = True
        test_user.status = u'active'

    test_user.wants_comment_notification = wants_comment_notification

    test_user.save()

    # Reload
    test_user = User.query.filter_by(username=username).first()

    # ... and detach from session:
    Session.expunge(test_user)

    return test_user
Ejemplo n.º 2
0
def fixture_add_user(username=u'chris',
                     password=u'toast',
                     privileges=[],
                     wants_comment_notification=True):
    # Reuse existing user or create a new one
    test_user = LocalUser.query.filter(LocalUser.username == username).first()
    if test_user is None:
        test_user = LocalUser()
    test_user.username = username
    test_user.email = username + u'@example.com'
    if password is not None:
        test_user.pw_hash = gen_password_hash(password)
    test_user.wants_comment_notification = wants_comment_notification
    for privilege in privileges:
        query = Privilege.query.filter(Privilege.privilege_name == privilege)
        if query.count():
            test_user.all_privileges.append(query.one())

    test_user.save()

    # Reload - The `with_polymorphic` needs to be there to eagerly load
    # the attributes on the LocalUser as this can't be done post detachment.
    user_query = LocalUser.query.with_polymorphic(LocalUser)
    test_user = user_query.filter(LocalUser.username == username).first()

    # ... and detach from session:
    Session.expunge(test_user)

    return test_user
Ejemplo n.º 3
0
def adduser(args):
    #TODO: Lets trust admins this do not validate Emails :)
    commands_util.setup_app(args)

    args.username = commands_util.prompt_if_not_set(args.username, "Username:"******"Password:"******"Email:")

    db = mg_globals.database
    users_with_username = \
        db.User.query.filter_by(
            username=args.username.lower()
        ).count()

    if users_with_username:
        print u'Sorry, a user with that name already exists.'

    else:
        # Create the user
        entry = db.User()
        entry.username = unicode(args.username.lower())
        entry.email = unicode(args.email)
        entry.pw_hash = auth.gen_password_hash(args.password)
        entry.status = u'active'
        entry.email_verified = True
        entry.save()

        print "User created (and email marked as verified)"
Ejemplo n.º 4
0
def fixture_add_user(username=u'chris',
                     password=u'toast',
                     active_user=True,
                     wants_comment_notification=True):
    # Reuse existing user or create a new one
    test_user = User.query.filter_by(username=username).first()
    if test_user is None:
        test_user = User()
    test_user.username = username
    test_user.email = username + u'@example.com'
    if password is not None:
        test_user.pw_hash = gen_password_hash(password)
    if active_user:
        test_user.email_verified = True
        test_user.status = u'active'

    test_user.wants_comment_notification = wants_comment_notification

    test_user.save()

    # Reload
    test_user = User.query.filter_by(username=username).first()

    # ... and detach from session:
    Session.expunge(test_user)

    return test_user
Ejemplo n.º 5
0
def change_pass(request):
    # If no password authentication, no need to change your password
    if 'pass_auth' not in request.template_env.globals:
        return redirect(request, 'index')

    form = forms.ChangePassForm(request.form)
    user = request.user

    if request.method == 'POST' and form.validate():

        if not auth.check_password(form.old_password.data, user.pw_hash):
            form.old_password.errors.append(_('Wrong password'))

            return render_to_response(request,
                                      'mediagoblin/edit/change_pass.html', {
                                          'form': form,
                                          'user': user
                                      })

        # Password matches
        user.pw_hash = auth.gen_password_hash(form.new_password.data)
        user.save()

        messages.add_message(request, messages.SUCCESS,
                             _('Your password was changed successfully'))

        return redirect(request, 'mediagoblin.edit.account')

    return render_to_response(request, 'mediagoblin/edit/change_pass.html', {
        'form': form,
        'user': user
    })
Ejemplo n.º 6
0
def fixture_add_user(username=u'chris',
                     password=u'toast',
                     privileges=[],
                     wants_comment_notification=True):
    # Reuse existing user or create a new one
    test_user = User.query.filter_by(username=username).first()
    if test_user is None:
        test_user = User()
    test_user.username = username
    test_user.email = username + u'@example.com'
    if password is not None:
        test_user.pw_hash = gen_password_hash(password)
    test_user.wants_comment_notification = wants_comment_notification
    for privilege in privileges:
        query = Privilege.query.filter(Privilege.privilege_name == privilege)
        if query.count():
            test_user.all_privileges.append(query.one())

    test_user.save()
    # Reload
    test_user = User.query.filter_by(username=username).first()

    # ... and detach from session:
    Session.expunge(test_user)

    return test_user
Ejemplo n.º 7
0
def adduser(args):
    # TODO: Lets trust admins this do not validate Emails :)
    commands_util.setup_app(args)

    args.username = six.text_type(commands_util.prompt_if_not_set(args.username, "Username:"******"Password:"******"Email:")

    db = mg_globals.database
    users_with_username = db.LocalUser.query.filter(LocalUser.username == args.username.lower()).count()

    if users_with_username:
        print(u"Sorry, a user with that name already exists.")
        sys.exit(1)

    else:
        # Create the user
        entry = db.LocalUser()
        entry.username = six.text_type(args.username.lower())
        entry.email = six.text_type(args.email)
        entry.pw_hash = auth.gen_password_hash(args.password)
        default_privileges = [
            db.Privilege.query.filter(db.Privilege.privilege_name == u"commenter").one(),
            db.Privilege.query.filter(db.Privilege.privilege_name == u"uploader").one(),
            db.Privilege.query.filter(db.Privilege.privilege_name == u"reporter").one(),
            db.Privilege.query.filter(db.Privilege.privilege_name == u"active").one(),
        ]
        entry.all_privileges = default_privileges
        entry.save()

        print(u"User created (and email marked as verified).")
Ejemplo n.º 8
0
def fixture_add_user(username=u'chris', password=u'toast',
                     privileges=[], wants_comment_notification=True):
    # Reuse existing user or create a new one
    test_user = LocalUser.query.filter(LocalUser.username==username).first()
    if test_user is None:
        test_user = LocalUser()
    test_user.username = username
    test_user.email = username + u'@example.com'
    if password is not None:
        test_user.pw_hash = gen_password_hash(password)
    test_user.wants_comment_notification = wants_comment_notification
    for privilege in privileges:
        query = Privilege.query.filter(Privilege.privilege_name==privilege)
        if query.count():
            test_user.all_privileges.append(query.one())

    test_user.save()

    # Reload - The `with_polymorphic` needs to be there to eagerly load
    # the attributes on the LocalUser as this can't be done post detachment.
    user_query = LocalUser.query.with_polymorphic(LocalUser)
    test_user = user_query.filter(LocalUser.username==username).first()

    # ... and detach from session:
    Session.expunge(test_user)

    return test_user
Ejemplo n.º 9
0
def changepw(args):
    commands_util.setup_app(args)

    db = mg_globals.database

    user = db.User.query.filter_by(
        username=unicode(args.username.lower())).one()
    if user:
        user.pw_hash = auth.gen_password_hash(args.password)
        user.save()
        print 'Password successfully changed'
    else:
        print 'The user doesn\'t exist'
Ejemplo n.º 10
0
def changepw(args):
    commands_util.setup_app(args)

    db = mg_globals.database

    user = db.User.query.filter_by(
        username=unicode(args.username.lower())).one()
    if user:
        user.pw_hash = auth.gen_password_hash(args.password)
        user.save()
        print 'Password successfully changed'
    else:
        print 'The user doesn\'t exist'
Ejemplo n.º 11
0
def changepw(args):
    commands_util.setup_app(args)

    db = mg_globals.database

    user = db.LocalUser.query.filter(LocalUser.username == args.username.lower()).first()
    if user:
        user.pw_hash = auth.gen_password_hash(args.password)
        user.save()
        print(u"Password successfully changed for user %s." % args.username)
    else:
        print(u"The user %s doesn't exist." % args.username)
        sys.exit(1)
Ejemplo n.º 12
0
def changepw(args):
    commands_util.setup_app(args)

    db = mg_globals.database

    user = db.LocalUser.query.filter(
        LocalUser.username == args.username.lower()).first()
    if user:
        user.pw_hash = auth.gen_password_hash(args.password)
        user.save()
        print(u'Password successfully changed for user %s.' % args.username)
    else:
        print(u'The user %s doesn\'t exist.' % args.username)
        sys.exit(1)
Ejemplo n.º 13
0
def adduser(args):
    #TODO: Lets trust admins this do not validate Emails :)
    commands_util.setup_app(args)

    args.username = six.text_type(
        commands_util.prompt_if_not_set(args.username, "Username:"******"Password:"******"Email:")

    db = mg_globals.database
    users_with_username = \
        db.LocalUser.query.filter(
            LocalUser.username==args.username.lower()
        ).count()

    if users_with_username:
        print(u'Sorry, a user with that name already exists.')
        sys.exit(1)

    else:
        # Create the user
        entry = db.LocalUser()
        entry.username = six.text_type(args.username.lower())
        entry.email = six.text_type(args.email)
        entry.pw_hash = auth.gen_password_hash(args.password)
        default_privileges = [
            db.Privilege.query.filter(
                db.Privilege.privilege_name == u'commenter').one(),
            db.Privilege.query.filter(
                db.Privilege.privilege_name == u'uploader').one(),
            db.Privilege.query.filter(
                db.Privilege.privilege_name == u'reporter').one(),
            db.Privilege.query.filter(
                db.Privilege.privilege_name == u'active').one()
        ]
        entry.all_privileges = default_privileges
        entry.save()

        print(u"User created (and email marked as verified).")
Ejemplo n.º 14
0
def change_pass(request):
    # If no password authentication, no need to change your password
    if 'pass_auth' not in request.template_env.globals:
        return redirect(request, 'index')

    form = forms.ChangePassForm(request.form)
    user = request.user

    if request.method == 'POST' and form.validate():

        if not auth.check_password(
                form.old_password.data, user.pw_hash):
            form.old_password.errors.append(
                _('Wrong password'))

            return render_to_response(
                request,
                'mediagoblin/edit/change_pass.html',
                {'form': form,
                 'user': user})

        # Password matches
        user.pw_hash = auth.gen_password_hash(
            form.new_password.data)
        user.save()

        messages.add_message(
            request, messages.SUCCESS,
            _('Your password was changed successfully'))

        return redirect(request, 'mediagoblin.edit.account')

    return render_to_response(
        request,
        'mediagoblin/edit/change_pass.html',
        {'form': form,
         'user': user})
Ejemplo n.º 15
0
def adduser(args):
    #TODO: Lets trust admins this do not validate Emails :)
    commands_util.setup_app(args)

    args.username = unicode(commands_util.prompt_if_not_set(args.username, "Username:"******"Password:"******"Email:")

    db = mg_globals.database
    users_with_username = \
        db.User.query.filter_by(
            username=args.username.lower()
        ).count()

    if users_with_username:
        print u'Sorry, a user with that name already exists.'

    else:
        # Create the user
        entry = db.User()
        entry.username = args.username.lower()
        entry.email = unicode(args.email)
        entry.pw_hash = auth.gen_password_hash(args.password)
        default_privileges = [
            db.Privilege.query.filter(
                db.Privilege.privilege_name==u'commenter').one(),
            db.Privilege.query.filter(
                db.Privilege.privilege_name==u'uploader').one(),
            db.Privilege.query.filter(
                db.Privilege.privilege_name==u'reporter').one(),
            db.Privilege.query.filter(
                db.Privilege.privilege_name==u'active').one()
        ]
        entry.all_privileges = default_privileges
        entry.save()

        print "User created (and email marked as verified)"
Ejemplo n.º 16
0
def fixture_add_user(username=u'chris', password=u'toast',
                     privileges=[], wants_comment_notification=True):
    # Reuse existing user or create a new one
    test_user = User.query.filter_by(username=username).first()
    if test_user is None:
        test_user = User()
    test_user.username = username
    test_user.email = username + u'@example.com'
    if password is not None:
        test_user.pw_hash = gen_password_hash(password)
    test_user.wants_comment_notification = wants_comment_notification
    for privilege in privileges:
        query = Privilege.query.filter(Privilege.privilege_name==privilege)
        if query.count():
            test_user.all_privileges.append(query.one())

    test_user.save()
    # Reload
    test_user = User.query.filter_by(username=username).first()

    # ... and detach from session:
    Session.expunge(test_user)

    return test_user
Ejemplo n.º 17
0
def change_pass(request):
    # If no password authentication, no need to change your password
    if "pass_auth" not in request.template_env.globals:
        return redirect(request, "index")

    form = forms.ChangePassForm(request.form)
    user = request.user

    if request.method == "POST" and form.validate():

        if not auth.check_password(form.old_password.data, user.pw_hash):
            form.old_password.errors.append(_("Wrong password"))

            return render_to_response(request, "mediagoblin/edit/change_pass.html", {"form": form, "user": user})

        # Password matches
        user.pw_hash = auth.gen_password_hash(form.new_password.data)
        user.save()

        messages.add_message(request, messages.SUCCESS, _("Your password was changed successfully"))

        return redirect(request, "mediagoblin.edit.account")

    return render_to_response(request, "mediagoblin/edit/change_pass.html", {"form": form, "user": user})
Ejemplo n.º 18
0
def verify_forgot_password(request):
    """
    Check the forgot-password verification and possibly let the user
    change their password because of it.
    """
    # get form data variables, and specifically check for presence of token
    formdata = _process_for_token(request)
    if not formdata['has_token']:
        return render_404(request)

    formdata_vars = formdata['vars']

    # Catch error if token is faked or expired
    try:
        token = get_timed_signer_url("mail_verification_token") \
                .loads(formdata_vars['token'], max_age=10*24*3600)
    except BadSignature:
        messages.add_message(
            request,
            messages.ERROR,
            _('The verification key or user id is incorrect.'))

        return redirect(
            request,
            'index')

    # check if it's a valid user id
    user = User.query.filter_by(id=int(token)).first()

    # no user in db
    if not user:
        messages.add_message(
            request, messages.ERROR,
            _('The user id is incorrect.'))
        return redirect(
            request, 'index')

    # check if user active and has email verified
    if user.email_verified and user.status == 'active':

        cp_form = auth_forms.ChangePassForm(formdata_vars)

        if request.method == 'POST' and cp_form.validate():
            user.pw_hash = auth.gen_password_hash(
                cp_form.password.data)
            user.save()

            messages.add_message(
                request,
                messages.INFO,
                _("You can now log in using your new password."))
            return redirect(request, 'mediagoblin.auth.login')
        else:
            return render_to_response(
                request,
                'mediagoblin/auth/change_fp.html',
                {'cp_form': cp_form,})

    if not user.email_verified:
        messages.add_message(
            request, messages.ERROR,
            _('You need to verify your email before you can reset your'
              ' password.'))

    if not user.status == 'active':
        messages.add_message(
            request, messages.ERROR,
            _('You are no longer an active user. Please contact the system'
              ' admin to reactivate your accoutn.'))

    return redirect(
        request, 'index')