def post(self):
"""Login to a account account. Set a secure cookie.
Log failed login attempt and disable account if too many recent.
"""
try:
email = self.get_argument("email")
password = self.get_argument("password")
except tornado.web.MissingArgumentError:
self.set_error_flash("Missing email or password argument.")
self.see_other("login")
return
try:
account = self.get_account(email)
if utils.hashed_password(password) != account.get("password"):
raise KeyError
except KeyError:
self.set_error_flash("No such account or invalid password.")
self.see_other("login")
else:
self.set_secure_cookie(
constants.USER_COOKIE,
account["email"],
expires_days=settings["LOGIN_MAX_AGE_DAYS"],
)
with AccountSaver(doc=account, rqh=self) as saver:
saver["login"] = utils.timestamp() # Set last login timestamp.
self.redirect(self.reverse_url("home"))
def create_admin(db, email, password):
with AccountSaver(db=db) as saver:
saver.set_email(email)
saver['owner'] = email
saver.set_password(password)
saver['role'] = constants.ADMIN
saver['labels'] = []
print("Created 'admin' role account", email)
def create_curator(db, email, labels):
with AccountSaver(db=db) as saver:
saver.set_email(email)
saver['owner'] = email
saver['role'] = constants.CURATOR
saver['labels'] = labels
print("Created 'curator' role account", email)
print('NOTE: No email sent!')
def set_password(db, email):
account = utils.get_account(db, email)
password = getpass.getpass('Password > ')
if not password:
raise ValueError('Error: no password provided')
if password != getpass.getpass('Password again > '):
raise ValueError('Error: passwords did not match')
with AccountSaver(doc=account, db=db) as saver:
saver.set_password(password)
print("Set password for", email)
def admin(email, password):
"Create a user account having the admin role."
db = utils.get_db()
try:
with AccountSaver(db=db) as saver:
saver.set_email(email)
saver["owner"] = email
if not password:
password = click.prompt("Password",
hide_input=True,
confirmation_prompt=True)
saver.set_password(password)
saver["role"] = constants.ADMIN
saver["labels"] = []
except ValueError as error:
raise click.ClickException(str(error))
click.echo(f"Created 'admin' role account {email}")
def password(email, password):
"Set the password for the given account."
db = utils.get_db()
try:
user = utils.get_account(db, email)
except KeyError as error:
raise click.ClickException(str(error))
try:
with AccountSaver(doc=user, db=db) as saver:
if not password:
password = click.prompt("Password",
hide_input=True,
confirmation_prompt=True)
saver.set_password(password)
except ValueError as error:
raise click.ClickException(str(error))
click.echo(f"Password set for account {email}")
def post(self, identifier):
self.check_admin()
try:
label = self.get_label(identifier)
except KeyError as error:
self.see_other("labels", error=str(error))
return
old_value = label["value"]
new_value = self.get_argument("value")
try:
with LabelSaver(label, rqh=self) as saver:
saver.check_revision()
saver.set_value(new_value)
saver.set_secondary(self.get_argument("secondary", None))
saver["href"] = self.get_argument("href", None)
saver["description"] = self.get_argument("description", None)
if settings["TEMPORAL_LABELS"]:
saver["started"] = self.get_argument("started", "") or None
saver["ended"] = self.get_argument("ended", "") or None
except SaverError:
self.set_error_flash(constants.REV_ERROR)
self.see_other("label", label["value"])
return
except ValueError as error:
self.set_error_flash(str(error))
self.see_other("label_edit", old_value)
return
if new_value != old_value:
for account in self.get_docs("account",
"label",
key=old_value.lower()):
with AccountSaver(account, rqh=self) as saver:
labels = set(account["labels"])
labels.discard(old_value)
labels.discard(old_value.lower())
labels.add(new_value)
saver["labels"] = sorted(labels)
for publication in Subset(self.db, label=old_value):
if old_value in publication["labels"]:
with PublicationSaver(publication, rqh=self) as saver:
labels = publication["labels"].copy()
labels[new_value] = labels.pop(old_value)
saver["labels"] = labels
self.see_other("label", label["value"])
def delete(self, identifier):
self.check_admin()
try:
label = self.get_label(identifier)
except KeyError as error:
self.see_other("labels", error=str(error))
return
value = label["value"]
# Do it in this order; safer if interrupted.
publications = list(Subset(self.db, label=label["value"]))
for publication in publications:
with PublicationSaver(publication, rqh=self) as saver:
labels = publication["labels"].copy()
labels.pop(value, None)
labels.pop(value.lower(), None)
saver["labels"] = labels
for account in self.get_docs("account", "label", key=value.lower()):
with AccountSaver(account, rqh=self) as saver:
labels = set(account["labels"])
labels.discard(value)
saver["labels"] = sorted(labels)
self.delete_entity(label)
self.see_other("labels")
def post(self, identifier):
self.check_admin()
try:
label = self.get_label(identifier)
except KeyError as error:
self.see_other("labels", error=str(error))
return
try:
merge = self.get_label(self.get_argument("merge"))
except tornado.web.MissingArgumentError:
self.set_error_flash("no merge label provided")
self.see_other("labels")
return
except KeyError as error:
self.set_error_flash(str(error))
self.see_other("labels")
return
old_label = label["value"]
new_label = merge["value"]
self.delete_entity(label)
for account in self.get_docs("account", "label",
key=old_label.lower()):
with AccountSaver(account, rqh=self) as saver:
labels = set(account["labels"])
labels.discard(old_label)
labels.discard(old_label.lower())
labels.add(new_label)
saver["labels"] = sorted(labels)
for publication in Subset(self.db, label=old_label):
with PublicationSaver(publication, rqh=self) as saver:
labels = publication["labels"].copy()
qual = labels.pop(old_label, None) or labels.pop(
old_label.lower(), None)
labels[new_label] = labels.get(new_label) or qual
saver["labels"] = labels
self.see_other("label", new_label)