class SignInForm(Form):
'''用户登录表单
'''
user = StringField(_("Username / Email / UID"), default='')
password = PasswordField(_('Password'), default='')
def validate_user(form, field):
if len(field.data) == 0:
raise ValidationError(_('Username is empty.'))
user = guess_user(form._handler.db, field.data)
if not user:
raise ValidationError(_('The user does not exist.'))
if user.is_locked:
raise ValidationError(_('You have been locked.'))
if not user.check_password(form.password.data):
raise ValidationError(_('Password is incorrect.'))
if not user.is_active:
raise ValidationError(_('Your are inactive now.'))
form.__dict__['_user'] = user
class UserCreateForm(Form):
'''用户注册表单
'''
username = StringField(_('Username'))
password = PasswordField(_('Password'), [
validate_password,
validators.DataRequired(),
validators.EqualTo('confirm', message=_('Passwords must match'))
],
default='')
confirm = PasswordField(_('Password Confirm'), default='')
accept_tos = BooleanField(_('I accept the TOS'),
[validators.DataRequired()])
def validate_username(form, field):
username = field.data
## 检查用户名规范
# 不能是数字(与UID有冲突)
if username.isdigit():
raise ValidationError(_('Username can not be a number.'))
# 用户名太短
if len(username) < 2:
raise ValidationError(_('Username less than 2 characters.'))
# 用户名太长
if len(username) > 16:
raise ValidationError(_('Username greater than 16 characters.'))
# 非常乱的用户名合理性检查
import yweb.utils.ystr
en_count, zh_count = yweb.utils.ystr.count_chars_en_zh(username)
if zh_count < 2:
# 汉字数少于2
if en_count < 4:
# 英语字符数也不能少于4
raise ValidationError(
_('English username less than 4 characters.'))
else:
# 汉字数不应大于8个
if zh_count > 8:
raise ValidationError(
_('Chinese username greater than 6 characters.'))
# 检查用户名是否存在
user = guess_user(form._handler.db, field.data)
if user:
raise ValidationError(_('Username occupied.'))
# 使用一个不可以使用的名字清单
if settings.USERNAME_BLACKLIST_FILE:
r, ics, m = yweb.utils.blacklist.has_illegal_chars(
username, settings.USERNAME_BLACKLIST_FILE)
if r:
raise ValidationError(_('Illegal Chars: {0}'.format(ics)))
def get(self, article_id):
cur_uid = self.current_user.id if self.current_user else 0
article = self.db.query(BlogArticle).get( article_id )
if not article:
emsg = _('Can not find article %s') % article_id
return self.send_error(404, emsg=emsg)
if not article.is_public:
if cur_uid != article.user_id:
emsg = _('Article %s is not public.') % article_id
return self.send_error(404, emsg=emsg)
cur_page, page_size, start, stop = pagination(self)
post_total = article.post_count
posts = self.db.query(BlogPost).filter_by(
article_id = article_id).order_by(
get_post_order(self)).slice(start, stop)
# 增加查看次数
article.view_count += 1
self.db.commit()
self.data = dict(article = article,
post_total = post_total,
posts = posts,
ftime = ftime,
urlupdate = urlupdate,
urlupdate2 = urlupdate2)
self.render('blog/article_view.html')
def create_user(db, username, password, email):
# check username
user = db.query(User).filter_by(username=username).first()
if user:
return None, _('Username already exists')
# check email
user = db.query(User).filter_by(email=email).first()
if user:
return None, _('E-mail address already exists')
# TODO: check password
# generate uid
uid = get_available_uid(db)
try:
user = User(uid=uid, username=username, password=password, email=email)
db.add(user)
db.commit()
except Exception, emsg:
return None, emsg
class BasicInfoEditForm(Form):
nickname = StringField(_('Nickname'), [validators.Length(min=1, max=64)])
first_name = StringField(_('First Name'), [validators.Length(max=32)])
last_name = StringField(_('Last Name'), [validators.Length(max=32)])
gender = SelectField(_('Gender'))
language = SelectField(_('Language'))
def post(self):
# 检查 authcode
if not self.check_authcode():
return self.render(authcode_failed=True)
form = self.data['form']
if form.validate():
email = form.email.data
# 创建 authkey
authkey = create_authkey(self.db, type_='03', email=email, user_id=self.current_user.id)
# 发送验证邮件
subject = _("[%s] Change User E-mail") % settings.SITE_NAME
text = self.render_string(
'account/consoles/email_change_sendmail.html',
step2_url=self.step2_url(authkey.key),
settings=settings)
emsg = sendmail(adr_to=email, subject=subject, text=text)
if emsg:
self.data['message'] = _('Send mail failed, please try again later.')
return self.render('account/consoles/failed.html')
else:
self.data['message'] = _('A email have send to %(email)s, please check you inbox.') % {'email': email }
return self.render('account/consoles/success.html')
self.render()
def validate_email(form, field):
current_email = form._handler.current_user.email
if field.data == current_email:
raise ValidationError(_('This is your current E-mail.'))
user = form._handler.db.query(User).filter_by(email=field.data).first()
if user and user.email != current_email:
raise ValidationError(_('Email address is exist.'))
def validate_email(form, field):
current_email = form._handler.current_user.email
if field.data == current_email:
raise ValidationError(_('This is your current E-mail.'))
user = form._handler.db.query(User).filter_by(email=field.data).first()
if user and user.email != current_email:
raise ValidationError(_('Email address is exist.'))
class PasswordResetStep2Form(Form):
'''密码重置步骤2表单:重置密码
'''
password = PasswordField(_('Password'), [
validate_password,
validators.DataRequired(),
validators.EqualTo('confirm', message=_('Passwords must match'))
],
default='')
confirm = PasswordField(_('Password Confirm'), default='')
def get_imind(self, ID):
I = self.db.query( Imind ).get( ID )
if I:
if self.current_user.id != I.user_id:
self.write( _('No permission!') )
I = None
else:
self.page_not_found( _('Can not find imind %s') % ID )
return I
class AdminUserBasicEditForm(BasicInfoEditForm):
email = StringField(_('Email Address'),
[validators.Length(min=6, max=35),
validators.Email()])
avatar = FileField(_('My Avatar'))
password = PasswordField(
_('New Password'),
[validators.EqualTo('confirm', message=_('Passwords must match'))],
default='')
confirm = PasswordField(_('Confirm New Password'), default='')
def prepare(self):
self.title = _('Change My E-mail')
self.template_path = 'account/consoles/basic_edit.html'
self.data = {
'form': EmailChangeStep1Form(self),
'authcode_needed': True
}
def post(self):
# 检查 authcode
if not self.check_authcode():
return self.render(authcode_failed=True)
authkey = self.data['authkey']
form = self.data['form']
if form.validate():
user = self.db.query(User).filter_by(
email=authkey.get('email')).first()
if user:
user.password = enc_login_passwd(form.password.data)
self.db.delete(authkey)
self.db.commit()
return self.render('auth/password_reset_step2_success.html',
user=user)
# 出错:根据 email 没有找到 user
d = {
'emsg': _('No such email: %s') % authkey.get('email'),
'key': key
}
return self.render('auth/password_reset_step2_failed.html', **d)
# form 验证出错
self.render()
def prepare(self):
authkey = None
key = self.get_argument('key', None)
if key:
authkey = self.db.query(AuthKey).get(key)
now = datetime.datetime.now()
if not authkey or authkey.expire_date < now:
authkey = None
if not authkey:
d = {'key': key, 'emsg': _('Key error.')}
return self.render('auth/password_reset_step2_failed.html', **d)
self.title = _('Password Reset')
self.template_path = 'auth/password_reset_step2.html'
self.data = {'form': PasswordResetStep2Form(self), 'authkey': authkey}
def post(self):
# 检查 authcode
if not self.check_authcode():
return self.render(authcode_failed=True)
form = self.data['form']
if form.validate():
email = form.email.data
# 创建 authkey
authkey = create_authkey(self.db, type_='02', email=email)
# 发送验证邮件
subject = _("[%s] Account Password Reset") % settings.SITE_NAME
d = {
'step2_url': self.step2_url(authkey.key),
'settings': settings,
'user': form._user
}
text = self.render_string('auth/password_reset_email.html', **d)
emsg = sendmail(adr_to=email, subject=subject, text=text)
if emsg:
return self.render('auth/password_reset_step1_failed.html',
emsg=emsg,
email=email)
else:
return self.render('auth/password_reset_step1_success.html',
email=email)
self.render()
class ArticleEditForm(Form):
title = StringField(_('Title'), [validators.Length(min=2, max=256)])
abstract = TextAreaField(_('Abstract'),
[validators.Length(min=2, max=1024)])
markup = SelectField(_('Markup Language'),
coerce=int,
default=1,
choices=[(1, 'Markdown'), (2, 'reStructuredText')])
body = TextAreaField(_('Body'),
[validators.Length(min=6, max=1024 * 1024)])
is_public = BooleanField(_('Is Public ?'))
def post(self):
# 检查 authcode
if not self.check_authcode():
return self.render(authcode_failed=True)
form = self.data['form']
if form.validate():
email = form.email.data
# 创建 authkey
authkey = create_authkey(self.db, type_='01', email=email)
# 发送验证邮件
subject = _("Welcome to register %s") % settings.SITE_NAME
text = self.render_string('auth/signup_email.html',
step2_url=self.step2_url(authkey.key),
settings=settings)
emsg = sendmail(adr_to=email, subject=subject, text=text)
if emsg:
return self.render('auth/signup_step1_failed.html',
emsg=emsg,
email=email)
else:
return self.render('auth/signup_step1_success.html',
email=email)
self.render()
def post(self):
# 检查 authcode
if not self.check_authcode():
return self.render(authcode_failed=True)
form = self.data['form']
if form.validate():
email = form.email.data
# 创建 authkey
authkey = create_authkey(self.db, type_='01', email=email)
# 发送验证邮件
subject = _("Welcome to register %s") % settings.SITE_NAME
text = self.render_string('auth/signup_email.html',
step2_url=self.step2_url(authkey.key),
settings=settings)
emsg = sendmail(adr_to=email, subject=subject, text=text)
if emsg:
return self.render('auth/signup_step1_failed.html',
emsg=emsg, email=email)
else:
return self.render('auth/signup_step1_success.html', email=email)
self.render()
def post(self):
# 检查 authcode
if not self.check_authcode():
return self.render(authcode_failed=True)
authkey = self.data['authkey']
form = self.data['form']
if form.validate():
user = self.db.query(User).filter_by(
email = authkey.get('email')).first()
if user:
user.password = enc_login_passwd(form.password.data)
self.db.delete(authkey)
self.db.commit()
return self.render('auth/password_reset_step2_success.html',
user = user)
# 出错:根据 email 没有找到 user
d = {'emsg': _('No such email: %s') % authkey.get('email'),
'key': key}
return self.render('auth/password_reset_step2_failed.html', **d)
# form 验证出错
self.render()
def post(self):
# 检查 authcode
if not self.check_authcode():
return self.render(authcode_failed=True)
form = self.data['form']
if form.validate():
email = form.email.data
# 创建 authkey
authkey = create_authkey(self.db, type_='02', email=email)
# 发送验证邮件
subject = _("[%s] Account Password Reset") % settings.SITE_NAME
d = { 'step2_url': self.step2_url(authkey.key),
'settings': settings,
'user': form._user }
text = self.render_string('auth/password_reset_email.html',**d)
emsg = sendmail(adr_to=email, subject=subject, text=text)
if emsg:
return self.render('auth/password_reset_step1_failed.html',
emsg=emsg, email=email)
else:
return self.render('auth/password_reset_step1_success.html', email=email)
self.render()
def validate_email(form, field):
# 用户邮箱是否存在
user = form._handler.db.query(User).filter_by(email=field.data).first()
if not user:
raise ValidationError(_('Email address is not exist.'))
form.__dict__['_user'] = user
def find_user(self, ID):
user = self.db.query(User).get(ID)
if user:
return user
self.data['message'] = _('Can not find user %s') % ID
self.render('account/consoles/failed.html')
return None
def prepare(self):
authkey = None
key = self.get_argument('key', None)
if key:
authkey = self.db.query(AuthKey).get(key)
now = datetime.datetime.now()
if not authkey or authkey.expire_date < now:
authkey = None
if not authkey:
d = {'key': key, 'emsg': _('Key error.')}
return self.render('auth/password_reset_step2_failed.html', **d)
self.title = _('Password Reset')
self.template_path = 'auth/password_reset_step2.html'
self.data = { 'form': PasswordResetStep2Form(self),
'authkey': authkey }
class PasswordChangeForm(Form):
current = PasswordField(_('Current Password'), default='')
password = PasswordField(_('New Password'), [
validate_password,
validators.DataRequired(),
validators.EqualTo('confirm', message=_('Passwords must match'))
],
default='')
confirm = PasswordField(_('Confirm New Password'), default='')
def validate_current(form, field):
user = form._handler.current_user
if not user.check_password(field.data):
raise ValidationError(_('Current password is incorrect.'))
def find_user(self, ID):
user = self.db.query(User).get(ID)
if user:
return user
self.data['message'] = _('Can not find user %s') % ID
self.render('account/consoles/failed.html')
return None
def get_article(self, ID):
article = self.db.query(BlogArticle).get(ID)
if not article:
emsg = _('Can not find article %s') % ID
self.send_error(404, emsg=emsg)
return article
def prepare(self):
authkey = None
key = self.get_argument('key', None)
if key:
authkey = self.db.query(AuthKey).get(key)
now = datetime.datetime.now()
if not authkey or authkey.expire_date < now:
authkey = None
if not authkey:
d = {'key': key, 'emsg': _('Registration key error.')}
return self.render('auth/signup_step2_failed.html', **d)
self.title = _('Create User')
self.template_path = 'auth/signup_step2.html'
self.data = {'authkey': authkey, 'form': UserCreateForm(self)}
def validate_email(form, field):
# 用户邮箱是否存在
user = form._handler.db.query(User).filter_by(email=field.data).first()
if not user:
raise ValidationError(_('Email address is not exist.'))
form.__dict__['_user'] = user
def get(self, UID):
user = self.db.query(User).filter_by(uid=UID).first()
if not user:
self.data['message'] = _('Can not find user %s') % UID
return self.render('user/failed.html')
d = dict(user=user, ftime=ftime)
self.render('user/index.html', **d)
def get(self, UID):
user = self.db.query(User).filter_by(uid=UID).first()
if not user:
self.data['message'] = _('Can not find user %s') % UID
return self.render('user/failed.html')
d = dict(user=user, ftime=ftime)
self.render('user/index.html', **d)
def prepare(self):
authkey = None
key = self.get_argument('key', None)
if key:
authkey = self.db.query(AuthKey).get(key)
now = datetime.datetime.now()
if not authkey or authkey.expire_date < now:
authkey = None
if not authkey:
d = {'key': key, 'emsg': _('Registration key error.')}
return self.render('auth/signup_step2_failed.html', **d)
self.title = _('Create User')
self.template_path = 'auth/signup_step2.html'
self.data = { 'authkey': authkey,
'form': UserCreateForm(self) }
def get(self, ID):
user = self.db.query(User).get(ID)
if user:
self.data = {'user': user, 'ftime': ftime}
self.render('account/admins/user_view.html')
else:
self.data['message'] = _('Can not find user %s') % ID
self.render('account/consoles/failed.html')
def validate_password(form, field):
'''验证新密码是否合理
'''
password = field.data
if len(password) < 6:
raise ValidationError(_('Password must be greater than 6 characters.'))
if len(password) > 64:
raise ValidationError(_('Password must be less than 64 characters.'))
# 如果密码太简单,不容许通过
if settings.PASSWORD_BLACKLIST_FILE:
if yweb.utils.password.is_too_simple(password,
settings.PASSWORD_BLACKLIST_FILE):
raise ValidationError(_("Password is too simple"))
def get(self, ID):
user = self.db.query(User).get(ID)
if user:
self.data = {'user': user, 'ftime': ftime}
self.render('account/admins/user_view.html')
else:
self.data['message'] = _('Can not find user %s') % ID
self.render('account/consoles/failed.html')
def validate_password(form, field):
'''验证新密码是否合理
'''
password = field.data
if len(password) < 6:
raise ValidationError(_('Password must be greater than 6 characters.'))
if len(password) > 64:
raise ValidationError(_('Password must be less than 64 characters.'))
# 如果密码太简单,不容许通过
if settings.PASSWORD_BLACKLIST_FILE:
if yweb.utils.password.is_too_simple(
password, settings.PASSWORD_BLACKLIST_FILE):
raise ValidationError(_("Password is too simple"))
def validate_user(form, field):
if len(field.data) == 0:
raise ValidationError(_('Username is empty.'))
user = guess_user(form._handler.db, field.data)
if not user:
raise ValidationError( _('The user does not exist.') )
if user.is_locked:
raise ValidationError( _('You have been locked.') )
if not user.check_password( form.password.data ):
raise ValidationError( _('Password is incorrect.') )
if not user.is_active:
raise ValidationError( _('Your are inactive now.') )
form.__dict__['_user'] = user
def get(self):
ret, emsg = self.check_key()
if ret:
self.data['message'] = _('Your E-mail have changed to %s') % self.current_user.email
self.render('account/consoles/success.html')
else:
self.data['message'] = emsg
self.render('account/consoles/failed.html')
def get_article(self, ID):
article = self.db.query(BlogArticle).get(ID)
self.data['article'] = article
# TODO: 文章的回复权限
if not article:
emsg = _('Can not find article %s') % ID
self.send_error(404, emsg=emsg)
return article
def validate_user(form, field):
if len(field.data) == 0:
raise ValidationError(_('Username is empty.'))
user = guess_user(form._handler.db, field.data)
if not user:
raise ValidationError(_('The user does not exist.'))
if user.is_locked:
raise ValidationError(_('You have been locked.'))
if not user.check_password(form.password.data):
raise ValidationError(_('Password is incorrect.'))
if not user.is_active:
raise ValidationError(_('Your are inactive now.'))
form.__dict__['_user'] = user
def get(self):
ret, emsg = self.check_key()
if ret:
self.data['message'] = _(
'Your E-mail have changed to %s') % self.current_user.email
self.render('account/consoles/success.html')
else:
self.data['message'] = emsg
self.render('account/consoles/failed.html')
def prepare(self):
self.title = _('Edit User Basic Information')
self.template_path = 'account/admins/basic_edit.html'
from tornado.locale import LOCALE_NAMES
self.L = []
for codename in settings.SUPPORTED_LANGUAGES:
if codename in LOCALE_NAMES:
self.L.append(
(codename, LOCALE_NAMES.get(codename).get('name')))
self.data = {'form': AdminUserBasicEditForm(self)}
def prepare(self):
if self.current_user:
# 如果用户己经登录
# 方法一:重定向
#self.redirect('/')
# 方法二:宣传
return self.render('auth/resignin.html')
self.template_path = 'auth/signin.html'
self.title = _('Login')
self.data = { 'form': SignInForm(self) }
def prepare(self):
if self.current_user:
# 如果用户己经登录
# 方法一:重定向
#self.redirect('/')
# 方法二:宣传
return self.render('auth/resignin.html')
self.template_path = 'auth/signin.html'
self.title = _('Login')
self.data = {'form': SignInForm(self)}
def prepare(self):
self.title = _('Edit My Basic Information')
self.template_path = 'account/consoles/basic_edit.html'
from tornado.locale import LOCALE_NAMES
self.L = []
for codename in settings.SUPPORTED_LANGUAGES:
if codename in LOCALE_NAMES:
self.L.append( (
codename,
LOCALE_NAMES.get(codename).get('name') ) )
self.data = {'form': BasicInfoEditForm(self)}
class SignUpForm(Form):
'''用户注册表单
'''
email = StringField(_('Email Address'),
[validators.Length(min=6, max=35),
validators.Email()])
def validate_email(form, field):
user = form._handler.db.query(User).filter_by(email=field.data).first()
if user:
raise ValidationError(_('Email address is exist.'))
def post(self):
form = self.data['form']
if self.request.files and form.validate():
ret, emsg = save_avatar(self.request.files['avatar'],
self.current_user)
if ret:
self.data['message'] = _('Change Avatar Success !')
return self.render('account/consoles/success.html')
else:
self.data['message'] = emsg
return self.render('account/consoles/failed.html')
self.render()
def post(self):
form = self.data['form']
if self.request.files and form.validate():
ret, emsg = save_avatar(self.request.files['avatar'],
self.current_user)
if ret:
self.data['message'] = _('Change Avatar Success !')
return self.render('account/consoles/success.html')
else:
self.data['message'] = emsg
return self.render('account/consoles/failed.html')
self.render()
def post(self):
# 检查 authcode
if not self.check_authcode():
return self.render(authcode_failed=True)
form = self.data['form']
if form.validate():
self.current_user.password = enc_login_passwd(form.password.data)
self.db.commit()
self.data['message'] = _('Change Password Success !')
return self.render('account/consoles/success.html')
self.render()
def check_key(self):
# 请求中是否存在 key 值
key = self.get_argument('key', None)
if not key:
return False, _('Have not found key.')
# 验证 key 是否存在
authkey = self.db.query(AuthKey).get(key)
if not authkey:
return False, _('Invalid key: %s') % key
# 验证 key 是否失效
if authkey.expire_date < datetime.datetime.now():
return False, _('Key is timeout')
# 验证用户是否匹配
user_id = authkey.get('user_id')
if user_id != self.current_user.id:
return False, _('User mismatch.') % key
# 验证邮件是否被占用
email = authkey.get('email')
user = self.db.query(User).filter_by(email=email).first()
if user:
return False, _('Email %s exist.') % email
# 修改用户 email
self.current_user.email = email
# 删除 authkey
self.db.delete( authkey )
self.db.commit()
return True, None
def post(self):
form = self.data['form']
form.language.choices = self.L
form.gender.data = int(form.gender.data)
form.gender.choices = settings.GENDER_CHOICES
if form.validate():
user = self.current_user
user.nickname = form.nickname.data
user.first_name = form.first_name.data
user.last_name = form.last_name.data
user.language = form.language.data
user.gender = form.gender.data
self.db.commit()
self.data['message'] = _('Save basic information success !')
return self.render('account/consoles/success.html')
self.render()
def validate_username(form, field):
username = field.data
## 检查用户名规范
# 不能是数字(与UID有冲突)
if username.isdigit():
raise ValidationError(_('Username can not be a number.'))
# 用户名太短
if len(username) < 2:
raise ValidationError(_('Username less than 2 characters.'))
# 用户名太长
if len(username) > 16:
raise ValidationError(_('Username greater than 16 characters.'))
# 非常乱的用户名合理性检查
import yweb.utils.ystr
en_count, zh_count = yweb.utils.ystr.count_chars_en_zh(username)
if zh_count < 2:
# 汉字数少于2
if en_count < 4:
# 英语字符数也不能少于4
raise ValidationError(_('English username less than 4 characters.'))
else:
# 汉字数不应大于8个
if zh_count > 8:
raise ValidationError(_('Chinese username greater than 6 characters.'))
# 检查用户名是否存在
user = guess_user(form._handler.db, field.data)
if user:
raise ValidationError(_('Username occupied.'))
# 使用一个不可以使用的名字清单
if settings.USERNAME_BLACKLIST_FILE:
r, ics, m = yweb.utils.blacklist.has_illegal_chars(
username, settings.USERNAME_BLACKLIST_FILE)
if r:
raise ValidationError(_('Illegal Chars: {0}'.format(ics)))
def prepare(self):
self.title = _('Change My E-mail')
self.template_path = 'account/consoles/basic_edit.html'
self.data = {'form': EmailChangeStep1Form(self),
'authcode_needed': True}
def prepare(self):
self.title = _('Change My Password')
self.template_path = 'account/consoles/basic_edit.html'
self.data = {'form': PasswordChangeForm(self),
'authcode_needed': True}
def prepare(self):
self.title = _('Change My Avatar')
self.template_path = 'account/consoles/basic_edit.html'
self.data = { 'form': AvatarChangeForm(self) }
def prepare(self):
self.title = _('Password Reset')
self.template_path = 'auth/password_reset_step1.html'
self.data = { 'form': PasswordResetForm(self) }
def prepare(self):
self.title = _('Reply Article')
self.template_path = 'blog/post_new.html'
self.data = dict(form = PostEditForm(self),
ftime = ftime)
