def wrapped(*args, **kwargs): if is_authenticated(): if not flask_login.current_user.has_any_roles(*roles): return abort(403) else: return abort(401) return f(*args, **kwargs)
def setup(): if db._IS_OK_: try: app_data.set(APP_DATA_KEY, data, init=True) except Exception as ex: logging.fatal("mocha.contrib.app_data has not been setup. Need to run `mocha :dbsync`") abort(500)
def info(self, id): page_attr("User Info") user = models.AuthUser.get(id, include_deleted=True) if not user: abort(404, "User doesn't exist") if current_user.role.level < user.role.level: abort(403, "Not enough rights to access this user info") return { "user": user, "user_roles_options": self._user_roles_options() }
def lost_password(self): if not __options__.get("allow_login"): abort(403, "Login is not allowed. Contact admin if it's a mistake") page_attr("Lost Password") if request.method == "POST": username = request.form.get("username") user = models.AuthUser.get_by_username(username) if user: user = UserModel(user) user.send_password_reset(view_class=self) flash_success("A new password has been sent to '%s'" % user.email) return redirect(self.login) else: flash_error("Invalid login") return redirect(self.lost_password)
def login(self): if not __options__.get("allow_login"): abort(403, "Login is not allowed. Contact admin if it's a mistake") if request.method == "POST": username = request.form.get("username", "").strip() password = request.form.get("password", "").strip() try: if not username or not password: raise mocha_exc.AppError("Email/Username or Password is empty") user = authenticate(username=username, password=password) if not user: raise mocha_exc.AppError("Email or Password is invalid") create_session(user) # if user.require_password_change is True: # flash_info("Password change is required") # session_set_require_password_change(True) # return redirect(views.auth.Account.account_settings, edit_password=1) return redirect(request.form.get("next") or __options__.get("login_view")) except exceptions.VerifyEmailError as ve: return redirect(self.login, username=username, v="1") except (mocha_exc.AppError, exceptions.AuthError) as ae: flash_error(str(ae)) except Exception as e: logging.exception(e) flash_error("Unable to login") return redirect(self.login, next=request.form.get("next")) page_attr("Login") return { "username": request.args.get("username"), "login_url_next": request.args.get("next", ""), "allow_registration": __options__.get("allow_registration"), "show_verification_message": True if request.args.get("v") == "1" else False }
def page(self): recipients = app_data.get(APP_DATA_KEY, "recipients") \ or __options__.get("recipients") \ or config("CONTACT_EMAIL") if not recipients: abort(500, "ContactPage missing email recipient") success_message = app_data.get(APP_DATA_KEY, "success_message", __options__.get("success_message")) return_to = __options__.get("return_to", None) if return_to: if "/" not in return_to: return_to = url_for(return_to) else: return_to = url_for(self) if request.method == "POST": email = request.form.get("email") subject = request.form.get("subject") message = request.form.get("message") name = request.form.get("name") try: if recaptcha.verify(): if not email or not subject or not message: raise exceptions.AppError("All fields are required") elif not utils.is_email_valid(email): raise exceptions.AppError("Invalid email address") else: try: send_mail(to=recipients, reply_to=email, mail_from=email, mail_subject=subject, mail_message=message, mail_name=name, template=__options__.get("template", "contact-us.txt") ) flash_data("ContactPage:EmailSent") except Exception as ex: logging.exception(ex) raise exceptions.AppError("Unable to send email") else: raise exceptions.AppError("Security code is invalid") except exceptions.AppError as e: flash_error(e.message) return redirect(self) title = __options__.get("title", _("Contact Us")) page_attr(title) fd = get_flash_data() return { "title": title, "email_sent": True if fd and "ContactPage:EmailSent" in fd else False, "success_message": success_message, "return_to": return_to }
def action(self): id = request.form.get("id") action = request.form.get("action") try: user = models.AuthUser.get(id, include_deleted=True) if not user: abort(404, "User doesn't exist or has been deleted!") if current_user.role.level < user.role.level: abort(403, "Not enough power level to update this user info") user = UserModel(user) if current_user.id != user.id: if action == "activate": user.change_status("active") flash_success("User has been ACTIVATED") elif action == "deactivate": user.change_status("suspended") flash_success("User is now SUSPENDED") elif action == "delete": user.change_status("deleted") user.delete() flash_success("User has been DELETED") elif action == "undelete": user.change_status("suspended") user.delete(False) flash_success("User is now RESTORED / Use is now SUSPENDED") if action == "info": first_name = request.form.get("first_name") last_name = request.form.get("last_name") data = {} if first_name: data["first_name"] = first_name if last_name: data["last_name"] = last_name if current_user.id != user.id: user_role = request.form.get("user_role") _role = models.AuthUserRole.get(user_role) if not _role: raise exceptions.AuthError("Invalid ROLE selected") data["role"] = _role if data: user.update_info(ACTIONS["UPDATE"], **data) flash_success("User info updated successfully!") elif action == "change-username": username = request.form.get("username") user.change_username(username) flash_success("Username changed successfully!") elif action == "change-email": email = request.form.get("email") user.change_email(email) flash_success("Email changed successfully!") elif action == "change-password": password = request.form.get("password", "").strip() password_confirm = request.form.get("password_confirm", "").strip() if password != password_confirm: raise exceptions.AuthError("Invalid passwords") user.change_password(password) flash_success("Password changed successfully!") elif action == "email-reset-password": user.send_password_reset() flash_success("Password reset was sent to email") elif action == "email-account-verification": user.send_verification_email() flash_success("Email verification was sent") elif action == "reset-secret-key": user.reset_secret_key() flash_success("The account's secret key has been changed") elif action == "delete-profile-image": if user.profile_image is not None: delete_file(user.profile_image) user.update_info(profile_image=None, _action=ACTIONS["PROFILE_IMAGE"]) flash_success("Profile Image deleted successfully!") except exceptions.AuthError as ae: flash_error(ae.message) return redirect(self.info, id=id)
def register(self): """ Registration """ if not __options__.get("allow_registration"): abort(403, "Registration is not allowed. Contact admin if it's a mistake") page_attr("Register") if request.method == "POST": try: if not recaptcha.verify(): raise mocha_exc.AppError("Invalid Security code") email = request.form.get("email", "").strip() username = request.form.get("username", "").strip() password = request.form.get("password", "").strip() password_confirm = request.form.get("password_confirm", "").strip() first_name = request.form.get("first_name", "").strip() last_name = request.form.get("last_name", "").strip() with_oauth = request.form.get("with_oauth") == "1" oauth_provider = request.form.get("oauth_provider") oauth_user_id = request.form.get("oauth_user_id") login_method = None # Require username and email if __options__.get("registration_username"): if "@" in username: raise exceptions.AuthError(_("Username can't be an email")) if not utils.is_email_valid(email): raise exceptions.AuthError(_("Invalid email address")) login_method = "username" # Require only email. Email will be used as username and email elif __options__.get("registration_email"): if not utils.is_email_valid(username): raise exceptions.AuthError(_("Invalid email address")) email = username login_method = "email" if not first_name: raise mocha_exc.AppError( _("First Name or Name is required")) elif not password or password != password_confirm: raise mocha_exc.AppError(_("Passwords don't match")) if not login_method: raise exceptions.AuthError(_("Registration is disabled")) user = create_user(username=username, password=password, email=email, first_name=first_name, last_name=last_name, login_method=login_method) # WITH OAUTH, we can straight up login user if with_oauth and oauth_provider and oauth_user_id: user.add_federation(oauth_provider, oauth_user_id) create_session(user) return redirect(request.form.get( "next") or views.auth.Account.account_settings) if __options__.get("require_email_verification"): user.send_welcome_email(view_class=self) flash_success(_("Please check your email. We've sent you a message")) return redirect( request.form.get("next") or __options__.get("login_view")) except (mocha_exc.AppError, exceptions.AuthError) as ex: flash_error(str(ex)) except Exception as e: logging.exception(e) flash_error("Unable to register") return redirect(self.register, next=request.form.get("next")) return { "reg_email": __options__.get("registration_email"), "reg_username": __options__.get("registration_username"), "reg_social": __options__.get("registration_social"), "reg_full_name": __options__.get("registration_full_name"), "login_url_next": request.args.get("next", ""), "with_oauth": has_oauth_request(), "oauth_provider": get_oauth_session().get("provider"), "oauth_user_id": get_oauth_session().get("user_id"), "email": get_oauth_session().get("email") or "", "name": get_oauth_session().get("name") or "", }
def disable_admin(*a, **kw): abort(404)
def deco(*a, **kw): if not __options__.get("allow_register"): abort(403, "Signup not allowed. Contact admin if it's a mistake") return f(*a, **kw)
def deco(*a, **kw): if not __options__.get("allow_login"): abort(403, "Login not allowed. Contact admin if it's a mistake") return f(*a, **kw)
def deco(*a, **kw): if not "Authorization" in request.headers: abort(401, "Not Authorized") return func(*a, **kw)