def change_password(token=None):
if not token and not flask.session.get("logged_in_email"):
return flask.redirect("/login")
if flask.request.method == "POST":
form_data = flask.request.form.to_dict()
new_pass = form_data["new_pass"]
check_pass = form_data["check_pass"]
if token:
staff_member = database.find("staff", token=token)
staff_member = staff_member.next()
else:
old_pass = form_data["old_pass"]
email = flask.session["logged_in_email"]
staff_member = database.find("staff", email=email)
staff_member = staff_member.next()
try:
assert sugar.check_hash(old_pass, staff_member["password"])
except AssertionError:
flask.flash("Wrong password.", "error")
return
try:
assert sugar.check_hash(new_pass, sugar.make_hash(check_pass))
except AssertionError:
flask.flash("New passwords do not match.", "error")
return {"token": token}
try:
assert new_pass != u""
except AssertionError:
flask.flash("Please enter a new password.", "error")
else:
session = database.get_session()
staff_row = database.get_or_404("staff", id=staff_member.id)
staff_schema = StaffSchema.from_flat(staff_row)
staff_schema["password"].set(sugar.make_hash(new_pass))
if staff_schema.validate():
staff_row.update(staff_schema.flatten())
session.save(staff_row)
session.commit()
flask.flash("Password changed sucessfuly.", "success")
if token:
login_url = flask.url_for("auth.login", next=flask.url_for("meeting.home"))
return flask.redirect(login_url)
return {"token": token}
def capitalize_names(meeting_id):
session = database.get_session()
persons = database.find("person", meeting_id=str(meeting_id))
for p in persons:
p["personal_first_name"] = schema.common.clean_and_cap(p["personal_first_name"])
p["personal_last_name"] = schema.common.clean_and_cap(p["personal_last_name"], is_last_name=True)
session.save(p)
session.commit()
def update_past_mail_logs_schema(meeting_id):
session = database.get_session()
mail_logs = database.find("mail_log", meeting_id=str(meeting_id))
for m in mail_logs:
if m.get("mail_to"):
m["mail_to_0"] = m.pop("mail_to")
m["mail_cc_0"] = m.pop("mail_cc")
session.save(m)
session.commit()
def reset_password():
email_to_reset_password = flask.request.form.get("email", "")
if flask.request.method == "POST":
try:
staff_member = [i for i in database.find("staff", email=email_to_reset_password)]
assert len(staff_member) == 1
staff_member = staff_member[0]
except AssertionError:
flask.flash(u"Your email does not exist in our database.", "error")
else:
auth_token = sugar.generate_token(email_to_reset_password)
session = database.get_session()
staff_row = database.get_or_404("staff", id=staff_member.id)
staff_schema = StaffSchema.from_flat(staff_row)
staff_schema["token"].set(auth_token)
if staff_schema.validate():
staff_row.update(staff_schema.flatten())
session.save(staff_row)
session.commit()
app = flask.current_app
mail = Mail(app)
settings_url = app.config.get("HOSTNAME")
mail_msg_link = "%s/%s/change-password" % (settings_url, auth_token)
msg_subject = "Reset your Cites password"
msg_sender = app.config.get("DEFAULT_MAIL_SENDER")
msg_recipients = [email_to_reset_password]
msg_body = str(
"Forgot your password?\n\nCites received a request "
"to reset the password for your account.\n"
"If you want to reset your "
"password, click on the link below (or copy and "
"paste the URL into your browser):\n\n%s\n\nThis "
"link takes you to a secure page where you can "
"change your password.\nIf you don't want to "
"reset your password, please ignore this "
"message. Your password will not be reset."
"\n\nThe Cites Team" % (mail_msg_link)
)
msg = Message(msg_subject, sender=msg_sender, recipients=msg_recipients, body=msg_body)
mail.send(msg)
flash_message = str(
"We've sent password reset instructions to your "
"email address. Please also check your email's "
"spam filter."
)
flask.flash(flash_message, "success")
def change_region_from_zero_to_None(meeting_id):
session = database.get_session()
persons = database.find("person", representing_region="0")
for p in persons:
if p["representing_region"] == "0":
p["representing_region"] = u""
session.save(p)
session.commit()
def generate_users(meeting_id, number_of_copies=27):
app = flask.current_app
user_generator = database.find("person", meeting_id=str(meeting_id))
session = database.get_session()
for user in user_generator:
for i in xrange(int(number_of_copies)):
person_row = database.new('person')
person_row.update(user)
session.save(person_row)
session.commit()
def login():
login_email = flask.request.form.get("email", "").lower()
login_password = flask.request.form.get("password", "")
next_url = flask.request.values.get("next", flask.url_for("meeting.home"))
if flask.request.method == "POST":
try:
staff_member = [i for i in database.find("staff", email=login_email)]
assert len(staff_member) == 1
staff_member = staff_member[0]
assert staff_member.get("password", None)
assert sugar.check_hash(login_password, staff_member["password"])
except AssertionError:
flask.flash(u"Login failed", "error")
else:
flask.session["logged_in_email"] = login_email
return flask.redirect(next_url)
return {"email": login_email, "next": next_url}
def activity(meeting_id, subject, what, what_id):
session = database.get_session()
email = flask.session.get("logged_in_email", "")
try:
staff_member = [i.id for i in database.find("staff", email=email)][0]
except IndexError:
staff_member = None
activity_schema = ActivitySchema.from_flat({
"meeting_id": meeting_id,
"staff_id": staff_member,
"subject": subject,
"date": datetime.now(),
"what": what,
"what_id": what_id,
})
if activity_schema.validate():
activity_row = database.new('activity')
activity_row.update(activity_schema.flatten())
session.save(activity_row)
session.commit()