def POST(self, USERNAME, PASSWORD, LOGIN_BUTTON="", url=""):
if LOGIN_BUTTON:
if user_exists(USERNAME):
if potential_attack(USERNAME):
deactivate_user(USERNAME)
logger.security("user account deactivated")
elif user.login(USERNAME, PASSWORD):
username = user.username
user_id = user.id
msg = '<a href="/users/%(user_id)s">%(username)s</a> logged in' % locals()
logger.info("user %s successfully logged in" % USERNAME)
logger.activity("session", msg)
return redirect_to("/")
else:
logger.security("unknown username (%s)" % USERNAME)
logger.security("failed login attempt", USERNAME)
error("invalid username or password")
else:
# API call
if user.login(USERNAME, PASSWORD):
return "OK"
else:
return "FAIL"
def insert(cls, form):
values = form.evaluate()
username = values['USERNAME'].lower()
password = gen_password()
values['FIRSTNAME'] = values['FIRST_NAME']
values['LASTNAME'] = values['LAST_NAME']
values['LOGINID'] = username
values['PASSWORD'] = ''
values['DTUPD'] = values['DTADD'] = datetime.datetime.now()
values['STATUS'] = 'A'
users = db.table('dz_users', 'USERID')
id = users.insert(values)
db('delete from dz_members where userid=%s',
id) # make sure new users have no memberships
add_user(values['LOGINID'], 'users')
new_user = ZoomUser(username)
new_user.set_password(password)
msg = '<a href="/users/%s">%s</a> added new user <a href="/users/%s">%s</a>'
logger.activity(
'users',
msg % (user.id, user.username, new_user.id, new_user.username))
audit('created user account', new_user.username)
if values['SEND_INVITATION'] == True:
recipients = [values['EMAIL']]
tpl = load('welcome.md')
t = dict(
first_name=values['FIRST_NAME'],
username=username,
password=password,
site_name=site_name(),
site_url=site_url(),
admin_email='*****@*****.**',
owner_name=owner_name(),
)
body = markdown(viewfill(tpl, t.get))
subject = 'Welcome - ' + site_name()
send(recipients, subject, body)
message('invitation sent')
def insert(cls, form):
values = form.evaluate()
username = values['USERNAME'].lower()
password = gen_password()
values['FIRSTNAME'] = values['FIRST_NAME']
values['LASTNAME'] = values['LAST_NAME']
values['LOGINID'] = username
values['PASSWORD'] = ''
values['DTUPD'] = values['DTADD'] = datetime.datetime.now()
values['STATUS'] = 'A'
users = db.table('dz_users','USERID')
id = users.insert(values)
db('delete from dz_members where userid=%s', id) # make sure new users have no memberships
add_user(values['LOGINID'], 'users')
new_user = ZoomUser(username)
new_user.set_password(password)
msg = '<a href="/users/%s">%s</a> added new user <a href="/users/%s">%s</a>'
logger.activity('users', msg % (user.id, user.username, new_user.id, new_user.username))
audit('created user account', new_user.username)
if values['SEND_INVITATION'] == True:
recipients = [values['EMAIL']]
tpl = load('welcome.md')
t = dict(
first_name = values['FIRST_NAME'],
username = username,
password = password,
site_name = site_name(),
site_url = site_url(),
admin_email = '*****@*****.**',
owner_name = owner_name(),
)
body = markdown(viewfill(tpl, t.get))
subject = 'Welcome - ' + site_name()
send(recipients, subject, body)
message('invitation sent')
def login_button(self):
if login_form.validate(data):
values = login_form.evaluate()
username = values['USERNAME']
password = values['PASSWORD']
remember_me = values['REMEMBER_ME']
as_api = os.environ.get('HTTP_ACCEPT','') == 'application/json'
if user_exists(username):
if potential_attack(username):
deactivate_user(username)
logger.security('user account (%s) deactivated' % username)
elif user.login(username, password, remember_me):
if as_api:
logger.info('user %s successfully logged in via api' % username)
return '{}'
else:
username = user.username
user_id = user.id
msg = '<a href="/users/%(user_id)s">%(username)s</a> logged in' % locals()
logger.activity('session', msg)
logger.info('user %s successfully logged in' % username)
referrer = data.get('referrer')
if referrer:
return redirect_to(referrer)
return redirect_to('/'+user.default_app)
else:
logger.security('unknown username (%s)' % username)
logger.security('failed login attempt', username)
if as_api:
return '{"message": "invalid username or password"}'
else:
error('invalid username or password')
def delete(self):
msg = '<a href="/users/%s">%s</a> deleted user %s'
logger.activity('users', msg % (user.id, user.username, self.username))
audit('delete user account', self.username, '')
return Users.delete(self.id)
def delete(self):
msg = '<a href="/users/%s">%s</a> deleted user %s'
logger.activity('users', msg % (user.id, user.username, self.username))
audit('delete user account', self.username, '')
return Users.delete(self.id)
