def account_activate(request):
"""Reset a user after being suspended
:param username: required to know what user we're resetting
:param activation: code needed to activate
:param password: new password to use for the user
"""
params = request.params
username = params.get('username', None)
activation = params.get('code', None)
password = params.get('password', None)
if not UserMgr.acceptable_password(password):
request.response.status_int = 406
return {
'error': "Come on, pick a real password please",
}
res = ActivationMgr.activate_user(username, activation, password)
if res:
# success so respond nicely
AuthLog.reactivate(username, success=True, code=activation)
return {
'message': "Account activated, please log in.",
'username': username,
}
else:
AuthLog.reactivate(username, success=False, code=activation)
request.response.status_int = 500
return {
'error': "There was an issue attempting to activate this account.",
}
def suspend_acct(request):
"""Reset a user account to enable them to change their password"""
params = request.params
user = request.user
# we need to get the user from the email
email = params.get('email', None)
if email is None and hasattr(request, 'json_body'):
# try the json body
email = request.json_body.get('email', None)
if user is None and email is None:
request.response.status_int = 406
return {
'error': "Please submit an email address",
}
if user is None and email is not None:
user = UserMgr.get(email=email)
if user is None:
request.response.status_int = 404
return {
'error': "Please submit a valid address",
'email': email
}
# check if we've already gotten an activation for this user
if user.activation is not None:
request.response.status_int = 406
return {
'error': """You've already marked your account for reactivation.
Please check your email for the reactivation link. Make sure to
check your spam folder.""",
'username': user.username,
}
# mark them for reactivation
user.reactivate("FORGOTTEN")
# log it
AuthLog.reactivate(user.username)
# and then send an email notification
# @todo the email side of things
settings = request.registry.settings
msg = ReactivateMsg(user.email,
"Activate your Bookie account",
settings)
msg.send(request.route_url('reset',
username=user.username,
reset_key=user.activation.code))
return {
'message': """Your account has been marked for reactivation. Please
check your email for instructions to reset your
password""",
}
def invite_user(request):
"""Invite a new user into the system.
:param username: user that is requested we invite someone
:param email: email address of the new user
"""
params = request.params
email = params.get('email', None)
user = request.user
if not email:
# try to get it from the json body
email = request.json_body.get('email', None)
if not email:
# if still no email, I give up!
request.response.status_int = 406
return {
'username': user.username,
'error': "Please submit an email address"
}
# first see if the user is already in the system
exists = UserMgr.get(email=email)
if exists:
request.response.status_int = 406
return {
'username': exists.username,
'error': "This user is already a Bookie user!"
}
new_user = user.invite(email)
if new_user:
LOG.error(new_user.username)
# then this user is able to invite someone
# log it
AuthLog.reactivate(new_user.username)
# and then send an email notification
# @todo the email side of things
settings = request.registry.settings
msg = InvitationMsg(new_user.email,
"Enable your Bookie account",
settings)
msg.send(request.route_url('reset',
username=new_user.username,
reset_key=new_user.activation.code))
return {
'message': 'You have invited: ' + new_user.email
}
else:
# you have no invites
request.response.status_int = 406
return {
'username': user.username,
'error': "You have no invites left at this time."
}
def login(request):
"""Login the user to the system
If not POSTed then show the form
If error, display the form with the error message
If successful, forward the user to their /recent
Note: the came_from stuff we're not using atm. We'll clean out if we keep
things this way
"""
login_url = route_url("login", request)
referrer = request.url
if referrer == login_url:
referrer = u"/" # never use the login form itself as came_from
came_from = request.params.get("came_from", referrer)
message = u""
login = u""
password = u""
if "form.submitted" in request.params:
login = request.params["login"]
password = request.params["password"]
LOG.debug(login)
auth = UserMgr.get(username=login)
LOG.debug(auth)
LOG.debug(UserMgr.get_list())
if auth and auth.validate_password(password) and auth.activated:
# We use the Primary Key as our identifier once someone has
# authenticated rather than the username. You can change what is
# returned as the userid by altering what is passed to remember.
headers = remember(request, auth.id, max_age=60 * 60 * 24 * 30)
auth.last_login = datetime.utcnow()
# log the successful login
AuthLog.login(login, True)
# we're always going to return a user to their own /recent after a
# login
return HTTPFound(location=request.route_url("user_bmark_recent", username=auth.username), headers=headers)
# log the right level of problem
if auth and not auth.validate_password(password):
message = "Your login attempt has failed."
AuthLog.login(login, False, password=password)
elif auth and not auth.activated:
message = "User account deactivated. Please check your email."
AuthLog.login(login, False, password=password)
AuthLog.disabled(login)
elif auth is None:
message = "Failed login"
AuthLog.login(login, False, password=password)
return {"message": message, "came_from": came_from, "login": login, "password": password}
def signup_process(request):
"""Process the signup request
If there are any errors drop to the same template with the error
information.
"""
params = request.params
email = params.get('email', None)
if not email:
# if still no email, I give up!
return {
'errors': {
'email': 'Please supply an email address to sign up.'
}
}
# first see if the user is already in the system
exists = UserMgr.get(email=email)
if exists:
return {
'errors': {
'email': 'The user has already signed up.'
}
}
new_user = UserMgr.signup_user(email, 'signup')
if new_user:
# then this user is able to invite someone
# log it
AuthLog.reactivate(new_user.username)
# and then send an email notification
# @todo the email side of things
settings = request.registry.settings
# Add a queue job to send the user a notification email.
tasks.email_signup_user.delay(
new_user.email,
"Enable your Bookie account",
settings,
request.route_url(
'reset',
username=new_user.username,
reset_key=new_user.activation.code
)
)
# And let the user know they're signed up.
return {
'message': 'Thank you for signing up from: ' + new_user.email
}
else:
return {
'errors': {
'email': 'There was an unknown error signing up.'
}
}
def invite_user(request):
"""Invite a new user into the system.
:param username: user that is requested we invite someone
:param email: email address of the new user
"""
params = request.params
email = params.get('email', None)
user = request.user
if not email:
# try to get it from the json body
email = request.json_body.get('email', None)
if not email:
# if still no email, I give up!
request.response.status_int = 406
return {
'username': user.username,
'error': "Please submit an email address"
}
# first see if the user is already in the system
exists = UserMgr.get(email=email)
if exists:
request.response.status_int = 406
return {
'username': exists.username,
'error': "This user is already a Bookie user!"
}
new_user = user.invite(email)
if new_user:
LOG.error(new_user.username)
# then this user is able to invite someone
# log it
AuthLog.reactivate(new_user.username)
# and then send an email notification
# @todo the email side of things
settings = request.registry.settings
msg = InvitationMsg(new_user.email, "Enable your Bookie account",
settings)
msg.send(
request.route_url('reset',
username=new_user.username,
reset_key=new_user.activation.code))
return {'message': 'You have invited: ' + new_user.email}
else:
# you have no invites
request.response.status_int = 406
return {
'username': user.username,
'error': "You have no invites left at this time."
}
def suspend_acct(request):
"""Reset a user account to enable them to change their password"""
params = request.params
user = request.user
# we need to get the user from the email
email = params.get('email', None)
if email is None and hasattr(request, 'json_body'):
# try the json body
email = request.json_body.get('email', None)
if user is None and email is None:
request.response.status_int = 406
return {
'error': "Please submit an email address",
}
if user is None and email is not None:
user = UserMgr.get(email=email)
if user is None:
request.response.status_int = 404
return {'error': "Please submit a valid address", 'email': email}
# check if we've already gotten an activation for this user
if user.activation is not None:
request.response.status_int = 406
return {
'error': """You've already marked your account for reactivation.
Please check your email for the reactivation link. Make sure to
check your spam folder.""",
'username': user.username,
}
# mark them for reactivation
user.reactivate("FORGOTTEN")
# log it
AuthLog.reactivate(user.username)
# and then send an email notification
# @todo the email side of things
settings = request.registry.settings
msg = ReactivateMsg(user.email, "Activate your Bookie account", settings)
msg.send(
request.route_url('reset',
username=user.username,
reset_key=user.activation.code))
return {
'message':
"""Your account has been marked for reactivation. Please
check your email for instructions to reset your
password""",
}
def account_activate(request):
"""Reset a user after being suspended
:param username: required to know what user we're resetting
:param activation: code needed to activate
:param password: new password to use for the user
"""
params = request.params
username = params.get('username', None)
activation = params.get('code', None)
password = params.get('password', None)
new_username = params.get('new_username', None)
if username is None and activation is None and password is None:
# then try to get the same fields out of a json body
json_body = request.json_body
username = json_body.get('username', None)
activation = json_body.get('code', None)
password = json_body.get('password', None)
new_username = json_body.get('new_username', None)
if not UserMgr.acceptable_password(password):
request.response.status_int = 406
return _api_response(request, {
'error': "Come on, pick a real password please",
})
res = ActivationMgr.activate_user(username, activation, password)
if res:
# success so respond nicely
AuthLog.reactivate(username, success=True, code=activation)
# if there's a new username and it's not the same as our current
# username, update it
if new_username and new_username != username:
try:
user = UserMgr.get(username=username)
user.username = new_username
except IntegrityError, exc:
request.response.status_int = 500
return _api_response(
request, {
'error':
'There was an issue setting your new username',
'exc': str(exc)
})
return _api_response(request, {
'message': "Account activated, please log in.",
'username': username,
})
def account_activate(request):
"""Reset a user after being suspended
:param username: required to know what user we're resetting
:param activation: code needed to activate
:param password: new password to use for the user
"""
params = request.params
username = params.get('username', None)
activation = params.get('code', None)
password = params.get('password', None)
new_username = params.get('new_username', None)
if username is None and activation is None and password is None:
# then try to get the same fields out of a json body
json_body = request.json_body
username = json_body.get('username', None)
activation = json_body.get('code', None)
password = json_body.get('password', None)
new_username = json_body.get('new_username', None)
if not UserMgr.acceptable_password(password):
request.response.status_int = 406
return {
'error': "Come on, pick a real password please",
}
res = ActivationMgr.activate_user(username, activation, password)
if res:
# success so respond nicely
AuthLog.reactivate(username, success=True, code=activation)
# if there's a new username and it's not the same as our current
# username, update it
if new_username and new_username != username:
try:
user = UserMgr.get(username=username)
user.username = new_username
except IntegrityError, exc:
request.response.status_int = 500
return {
'error': 'There was an issue setting your new username',
'exc': str(exc)
}
return {
'message': "Account activated, please log in.",
'username': username,
}
def signup_process(request):
"""Process the signup request
If there are any errors drop to the same template with the error
information.
"""
params = request.params
email = params.get('email', None)
if not email:
# if still no email, I give up!
return {
'errors': {
'email': 'Please supply an email address to sign up.'
}
}
# first see if the user is already in the system
exists = UserMgr.get(email=email)
if exists:
return {'errors': {'email': 'The user has already signed up.'}}
new_user = UserMgr.signup_user(email, 'signup')
if new_user:
# then this user is able to invite someone
# log it
AuthLog.reactivate(new_user.username)
# and then send an email notification
# @todo the email side of things
settings = request.registry.settings
# Add a queue job to send the user a notification email.
tasks.email_signup_user.delay(
new_user.email, "Enable your Bookie account", settings,
request.route_url('reset',
username=new_user.username,
reset_key=new_user.activation.code))
# And let the user know they're signed up.
return {'message': 'Thank you for signing up from: ' + new_user.email}
else:
return {'errors': {'email': 'There was an unknown error signing up.'}}
def reset(request):
"""Once deactivated, allow for changing the password via activation key"""
rdict = request.matchdict
params = request.params
# This is an initial request to show the activation form.
username = rdict.get('username', None)
activation_key = rdict.get('reset_key', None)
user = ActivationMgr.get_user(username, activation_key)
if user is None:
# just 404 if we don't have an activation code for this user
raise HTTPNotFound()
if 'code' in params:
# This is a posted form with the activation, attempt to unlock the
# user's account.
username = params.get('username', None)
activation = params.get('code', None)
password = params.get('new_password', None)
new_username = params.get('new_username', None)
error = None
if not UserMgr.acceptable_password(password):
# Set an error message to the template.
error = "Come on, pick a real password please."
else:
res = ActivationMgr.activate_user(username, activation, password)
if res:
# success so respond nicely
AuthLog.reactivate(username, success=True, code=activation)
# if there's a new username and it's not the same as our current
# username, update it
if new_username and new_username != username:
try:
user = UserMgr.get(username=username)
user.username = new_username
except IntegrityError, exc:
error = 'There was an issue setting your new username'
else:
AuthLog.reactivate(username, success=False, code=activation)
error = 'There was an issue attempting to activate this account.'
def reset(request):
"""Once deactivated, allow for changing the password via activation key"""
rdict = request.matchdict
params = request.params
# This is an initial request to show the activation form.
username = rdict.get('username', None)
activation_key = rdict.get('reset_key', None)
user = ActivationMgr.get_user(username, activation_key)
if user is None:
# just 404 if we don't have an activation code for this user
raise HTTPNotFound()
if 'code' in params:
# This is a posted form with the activation, attempt to unlock the
# user's account.
username = params.get('username', None)
activation = params.get('code', None)
password = params.get('new_password', None)
new_username = params.get('new_username', None)
error = None
if not UserMgr.acceptable_password(password):
# Set an error message to the template.
error = "Come on, pick a real password please."
else:
res = ActivationMgr.activate_user(username, activation, password)
if res:
# success so respond nicely
AuthLog.reactivate(username, success=True, code=activation)
# if there's a new username and it's not the same as our current
# username, update it
if new_username and new_username != username:
try:
user = UserMgr.get(username=username)
user.username = new_username
except IntegrityError, exc:
error = 'There was an issue setting your new username'
else:
AuthLog.reactivate(username, success=False, code=activation)
error = 'There was an issue attempting to activate this account.'
else:
AuthLog.reactivate(username, success=False, code=activation)
error = 'There was an issue attempting to activate this account.'
if error:
return {
'message': error,
'user': user
}
else:
# Log the user in and move along.
headers = remember(request, user.id, max_age=60 * 60 * 24 * 30)
user.last_login = datetime.utcnow()
# log the successful login
AuthLog.login(user.username, True)
# we're always going to return a user to their own /recent after a
# login
return HTTPFound(
location=request.route_url(
'user_bmark_recent',
username=user.username),
headers=headers)
else:
LOG.error("CHECKING")
LOG.error(username)
if user is None:
# just 404 if we don't have an activation code for this user
user.username = new_username
except IntegrityError, exc:
error = 'There was an issue setting your new username'
else:
AuthLog.reactivate(username, success=False, code=activation)
error = 'There was an issue attempting to activate this account.'
if error:
return {'message': error, 'user': user}
else:
# Log the user in and move along.
headers = remember(request, user.id, max_age=60 * 60 * 24 * 30)
user.last_login = datetime.utcnow()
# log the successful login
AuthLog.login(user.username, True)
# we're always going to return a user to their own /recent after a
# login
return HTTPFound(location=request.route_url(
'user_bmark_recent', username=user.username),
headers=headers)
else:
LOG.error("CHECKING")
LOG.error(username)
if user is None:
# just 404 if we don't have an activation code for this user
raise HTTPNotFound()
def reset(request):
"""Once deactivated, allow for changing the password via activation key"""
rdict = request.matchdict
params = request.params
# This is an initial request to show the activation form.
username = rdict.get('username', None)
activation_key = rdict.get('reset_key', None)
user = ActivationMgr.get_user(username, activation_key)
if user is None:
# just 404 if we don't have an activation code for this user
raise HTTPNotFound()
if 'code' in params:
# This is a posted form with the activation, attempt to unlock the
# user's account.
username = params.get('username', None)
activation = params.get('code', None)
password = params.get('new_password', None)
new_username = params.get('new_username', None)
error = None
if not UserMgr.acceptable_password(password):
# Set an error message to the template.
error = "Come on, pick a real password please."
else:
res = ActivationMgr.activate_user(username, activation, password)
if res:
# success so respond nicely
AuthLog.reactivate(username, success=True, code=activation)
# if there's a new username and it's not the same as our
# current username, update it
if new_username and new_username != username:
try:
user = UserMgr.get(username=username)
user.username = new_username
except IntegrityError:
error = 'There was an issue setting your new username'
else:
AuthLog.reactivate(username, success=False, code=activation)
error = ('There was an issue attempting to activate'
'this account.')
if error:
return {'message': error, 'user': user}
else:
# Log the user in and move along.
headers = remember(request, user.id, max_age=60 * 60 * 24 * 30)
user.last_login = datetime.utcnow()
# log the successful login
AuthLog.login(user.username, True)
# we're always going to return a user to their own /recent after a
# login
return HTTPFound(location=request.route_url(
'user_bmark_recent', username=user.username),
headers=headers)
else:
LOG.error("CHECKING")
LOG.error(username)
if user is None:
# just 404 if we don't have an activation code for this user
raise HTTPNotFound()
LOG.error(user.username)
LOG.error(user.email)
return {
'user': user,
}
try:
user = UserMgr.get(username=username)
user.username = new_username
except IntegrityError, exc:
request.response.status_int = 500
return {
'error': 'There was an issue setting your new username',
'exc': str(exc)
}
return {
'message': "Account activated, please log in.",
'username': username,
}
else:
AuthLog.reactivate(username, success=False, code=activation)
request.response.status_int = 500
return {
'error': "There was an issue attempting to activate this account.",
}
@view_config(route_name="api_user_invite", renderer="json")
@api_auth('api_key', UserMgr.get)
def invite_user(request):
"""Invite a new user into the system.
:param username: user that is requested we invite someone
:param email: email address of the new user
"""
try:
user = UserMgr.get(username=username)
user.username = new_username
except IntegrityError, exc:
request.response.status_int = 500
return {
'error': 'There was an issue setting your new username',
'exc': str(exc)
}
return {
'message': "Account activated, please log in.",
'username': username,
}
else:
AuthLog.reactivate(username, success=False, code=activation)
request.response.status_int = 500
return {
'error': "There was an issue attempting to activate this account.",
}
@view_config(route_name="api_user_invite", renderer="json")
@api_auth('api_key', UserMgr.get)
def invite_user(request):
"""Invite a new user into the system.
:param username: user that is requested we invite someone
:param email: email address of the new user
"""
def login(request):
"""Login the user to the system
If not POSTed then show the form
If error, display the form with the error message
If successful, forward the user to their /recent
Note: the came_from stuff we're not using atm. We'll clean out if we keep
things this way
"""
login_url = route_url('login', request)
referrer = request.url
if referrer == login_url:
referrer = '/' # never use the login form itself as came_from
came_from = request.params.get('came_from', referrer)
message = ''
login = ''
password = ''
if 'form.submitted' in request.params:
login = request.params['login']
password = request.params['password']
LOG.debug(login)
auth = UserMgr.get(username=login)
LOG.debug(auth)
LOG.debug(UserMgr.get_list())
if auth and auth.validate_password(password) and auth.activated:
# We use the Primary Key as our identifier once someone has
# authenticated rather than the username. You can change what is
# returned as the userid by altering what is passed to remember.
headers = remember(request, auth.id, max_age=60 * 60 * 24 * 30)
auth.last_login = datetime.utcnow()
# log the successful login
AuthLog.login(login, True)
# we're always going to return a user to their own /recent after a
# login
return HTTPFound(location=request.route_url(
'user_bmark_recent', username=auth.username),
headers=headers)
# log the right level of problem
if auth and not auth.validate_password(password):
message = "Your login attempt has failed."
AuthLog.login(login, False, password=password)
elif auth and not auth.activated:
message = "User account deactivated. Please check your email."
AuthLog.login(login, False, password=password)
AuthLog.disabled(login)
elif auth is None:
message = "Failed login"
AuthLog.login(login, False, password=password)
return {
'message': message,
'came_from': came_from,
'login': login,
'password': password,
}
def reset(request):
"""Once deactivated, allow for changing the password via activation key"""
rdict = request.matchdict
params = request.params
# This is an initial request to show the activation form.
username = rdict.get("username", None)
activation_key = rdict.get("reset_key", None)
user = ActivationMgr.get_user(username, activation_key)
if user is None:
# just 404 if we don't have an activation code for this user
raise HTTPNotFound()
if "code" in params:
# This is a posted form with the activation, attempt to unlock the
# user's account.
username = params.get("username", None)
activation = params.get("code", None)
password = params.get("new_password", None)
new_username = params.get("new_username", None)
error = None
if not UserMgr.acceptable_password(password):
# Set an error message to the template.
error = "Come on, pick a real password please."
else:
res = ActivationMgr.activate_user(username, activation, password)
if res:
# success so respond nicely
AuthLog.reactivate(username, success=True, code=activation)
# if there's a new username and it's not the same as our
# current username, update it
if new_username and new_username != username:
try:
user = UserMgr.get(username=username)
user.username = new_username
except IntegrityError:
error = "There was an issue setting your new username"
else:
AuthLog.reactivate(username, success=False, code=activation)
error = "There was an issue attempting to activate" "this account."
if error:
return {"message": error, "user": user}
else:
# Log the user in and move along.
headers = remember(request, user.id, max_age=60 * 60 * 24 * 30)
user.last_login = datetime.utcnow()
# log the successful login
AuthLog.login(user.username, True)
# we're always going to return a user to their own /recent after a
# login
return HTTPFound(location=request.route_url("user_bmark_recent", username=user.username), headers=headers)
else:
LOG.error("CHECKING")
LOG.error(username)
if user is None:
# just 404 if we don't have an activation code for this user
raise HTTPNotFound()
LOG.error(user.username)
LOG.error(user.email)
return {"user": user}
