def forgot_password(request):
settings = request.registry.settings
if not is_pwreminder_enabled(settings):
raise exc.exception_response(503)
handle_history(request)
_ = request.translate
config = Config(load(get_path_to_form_config('auth.xml')))
form_config = config.get_form('forgot_password')
form = Form(form_config, csrf_token=request.session.get_csrf_token(),
translate=_)
complete = False
if request.POST:
if form.validate(request.params):
username = form.data.get('login')
user = request_password_reset(username, request.db)
if user:
mailer = Mailer(request)
recipient = user.profile[0].email
token = user.reset_tokens[-1]
subject = _('Password reset request')
values = {'url': request.route_url('reset_password',
token=token),
'app_name': get_app_title(),
'email': settings['mail.default_sender'],
'_': _}
mail = Mail([recipient],
subject,
template="password_reset_request",
values=values)
mailer.send(mail)
msg = _("Password reset token has been sent to the users "
"email address. Please check your email.")
request.session.flash(msg, 'success')
complete = True
return {'form': form.render(), 'complete': complete}
def login(request):
handle_history(request)
_ = request.translate
settings = request.registry.settings
config = Config(load(get_path_to_form_config('auth.xml', 'ringo')))
form_config = config.get_form('loginform')
form = Form(form_config, csrf_token=request.session.get_csrf_token(),
translate=_)
if request.POST:
form.validate(request.params)
username = form.data.get('login')
password = form.data.get('pass')
user = user_login(username, password)
if user is None:
msg = _("Login failed!")
request.session.flash(msg, 'error')
elif not user.activated:
msg = _("Login failed!")
request.session.flash(msg, 'error')
target_url = request.route_path('accountdisabled')
return HTTPFound(location=target_url)
else:
msg = _("Login was successfull")
request.session.flash(msg, 'success')
headers = remember(request, user.id)
target_url = request.route_path('home')
return HTTPFound(location=target_url, headers=headers)
return {'form': form.render(),
'registration_enabled': is_registration_enabled(settings),
'pwreminder_enabled': is_pwreminder_enabled(settings)}
class ImportDialogRenderer(DialogRenderer):
"""Docstring for ImportDialogRenderer"""
def __init__(self, request, clazz):
"""@todo: to be defined """
DialogRenderer.__init__(self, request, clazz, "import")
self.template = template_lookup.get_template("internal/import.mako")
config = Config(load(get_path_to_form_config('import.xml', 'ringo')))
form_config = config.get_form('default')
self.form = Form(form_config,
csrf_token=self._request.session.get_csrf_token(),
dbsession=request.db,
eval_url=get_eval_url(),
url_prefix=get_app_url(request))
def render(self, items):
values = {}
values['request'] = self._request
values['body'] = self._render_body()
values['modul'] = get_item_modul(self._request, self._item).get_label(plural=True)
values['action'] = self._action.capitalize()
values['ok_url'] = self._request.current_route_path()
values['_'] = self._request.translate
values['cancel_url'] = self._request.referrer
values['overview_url'] = self._request.route_path(get_action_routename(self._item, 'list'))
values['eval_url'] = self._request.application_url+get_eval_url()
values['items'] = items
values['h'] = ringo.lib.helpers
return literal(self.template.render(**values))
def _render_body(self):
# The output of the form render function of formbar is
# considered safe here as formbar already handles the escapeing.
# So we put it into the literal function to mark it save.
return literal(self.form.render(buttons=False))
class ImportDialogRenderer(DialogRenderer):
"""Docstring for ImportDialogRenderer"""
def __init__(self, request, clazz):
"""@todo: to be defined """
DialogRenderer.__init__(self, request, clazz, "import")
self.template = template_lookup.get_template("internal/import.mako")
config = Config(load(get_path_to_form_config('import.xml', 'ringo')))
form_config = config.get_form('default')
self.form = Form(form_config,
csrf_token=self._request.session.get_csrf_token(),
dbsession=request.db,
eval_url=get_eval_url(),
url_prefix=get_app_url(request))
def render(self, items):
values = {}
values['request'] = self._request
values['body'] = self._render_body()
values['modul'] = get_item_modul(self._request, self._item).get_label(plural=True)
values['action'] = self._action.capitalize()
values['ok_url'] = self._request.current_route_path()
values['_'] = self._request.translate
values['cancel_url'] = self._request.referrer
values['overview_url'] = self._request.route_path(get_action_routename(self._item, 'list'))
values['eval_url'] = self._request.application_url+get_eval_url()
values['items'] = items
values['h'] = ringo.lib.helpers
return literal(self.template.render(**values))
def _render_body(self):
# The output of the form render function of formbar is
# considered safe here as formbar already handles the escapeing.
# So we put it into the literal function to mark it save.
return literal(self.form.render(buttons=False))
def removeaccount(request):
"""Method to remove the useraccout by the user."""
# Check authentification
# The view is only available for authenticated users and callable
# if the user is not the admin unser (id=1)
id = request.matchdict.get('id')
if not request.user or id == '1':
raise HTTPUnauthorized
clazz = User
_ = request.translate
# Load the item return 400 if the item can not be found.
factory = clazz.get_item_factory()
try:
item = factory.load(id, request.db)
# Check authorisation
if item.id != request.user.id:
raise HTTPForbidden()
except sa.orm.exc.NoResultFound:
raise HTTPBadRequest()
form = Form(get_form_config(item, 'removeaccount'),
item,
request.db,
translate=_,
renderers={},
change_page_callback={
'url': 'set_current_form_page',
'item': clazz.__tablename__,
'itemid': id
},
request=request,
csrf_token=request.session.get_csrf_token(),
dependencies=create_dependencies(request))
if request.POST:
mapping = {'item': item}
if form.validate(request.params):
# Delete the account and redirect the user to a result page
request.db.delete(item)
headers = forget(request)
target_url = request.route_path('users-accountremoved')
return HTTPFound(location=target_url, headers=headers)
else:
msg = _('Deleting the account of '
'"${item}" failed.',
mapping=mapping)
log.info(msg)
request.session.flash(msg, 'error')
rvalue = {}
rvalue['clazz'] = clazz
rvalue['item'] = item
rvalue['form'] = form.render(page=get_current_form_page(clazz, request))
return rvalue
def removeaccount(request):
"""Method to remove the useraccout by the user."""
# Check authentification
# The view is only available for authenticated users and callable
# if the user is not the admin unser (id=1)
id = request.matchdict.get('id')
if not request.user or id == '1':
raise HTTPUnauthorized
clazz = User
_ = request.translate
handle_history(request)
handle_params(request)
# Load the item return 400 if the item can not be found.
factory = clazz.get_item_factory()
try:
item = factory.load(id, request.db)
# Check authorisation
if item.id != request.user.id:
raise HTTPForbidden()
except sa.orm.exc.NoResultFound:
raise HTTPBadRequest()
form = Form(get_form_config(item, 'removeaccount'),
item, request.db, translate=_,
renderers={},
change_page_callback={'url': 'set_current_form_page',
'item': clazz.__tablename__,
'itemid': id},
request=request, csrf_token=request.session.get_csrf_token())
if request.POST:
mapping = {'item': item}
if form.validate(request.params):
# Delete the account and redirect the user to a result page
request.db.delete(item)
headers = forget(request)
target_url = request.route_path('users-accountremoved')
return HTTPFound(location=target_url, headers=headers)
else:
msg = _('Deleting the account of '
'"${item}" failed.', mapping=mapping)
log.info(msg)
request.session.flash(msg, 'error')
rvalue = {}
rvalue['clazz'] = clazz
rvalue['item'] = item
rvalue['form'] = form.render(page=get_current_form_page(clazz, request))
return rvalue
def example(request):
config = Config(load(os.path.join(example_dir, 'example.xml')))
form_config = config.get_form('example')
form = Form(form_config, eval_url="/evaluate", request=request)
if request.POST:
form.validate(request.POST)
else:
form.validate({})
template = template_lookup.get_template("index.mako")
values = {'form': form.render()}
return Response(template.render(**values))
def login(request):
_ = request.translate
settings = request.registry.settings
config = Config(load(get_path_to_form_config('auth.xml')))
form_config = config.get_form('loginform')
form = Form(form_config,
csrf_token=request.session.get_csrf_token(),
translate=_)
if request.POST:
form.validate(request.params)
username = form.data.get('login')
password = form.data.get('pass')
user = user_login(username, password)
if user is None:
msg = _("Login failed!")
request.session.flash(msg, 'error')
elif not user.activated:
msg = _("Login failed!")
request.session.flash(msg, 'error')
target_url = request.route_path('accountdisabled')
return HTTPFound(location=target_url)
else:
# Handle authentication callback.
if is_authcallback_enabled(settings):
authenticated = False
try:
callback = dynamic_import(settings.get("auth.callback"))
callback(request, user)
authenticated = True
except AuthentificationException as e:
msg = e.message
request.session.flash(msg, 'critical')
else:
authenticated = True
if authenticated:
# Delete old session data and begin with new fresh session.
request.session.invalidate()
msg = _("Login was successfull")
request.session.flash(msg, 'success')
headers = remember(request, user.id)
target_url = request.route_path('home')
return HTTPFound(location=target_url, headers=headers)
return {
'form': form.render(),
'registration_enabled': is_registration_enabled(settings),
'pwreminder_enabled': is_pwreminder_enabled(settings)
}
class PrintDialogRenderer(DialogRenderer):
"""Docstring for ImportDialogRenderer"""
def __init__(self, request, clazz):
"""@todo: to be defined """
DialogRenderer.__init__(self, request, clazz, "print")
self.template = template_lookup.get_template("internal/print.mako")
config = Config(
load(
get_path_to_form_config('print.xml', 'ringo_printtemplate',
'.')))
form_config = config.get_form('default')
# Load available_printtemplates and put them into the form as
# external data. This than later used to render the available
# printtemplates.
mid = clazz._modul_id
values = {}
values['printtemplates'] = [(p, p.id)
for p in self._item.printtemplates]
self.form = Form(form_config,
item=clazz,
csrf_token=self._request.session.get_csrf_token(),
dbsession=request.db,
translate=request.translate,
url_prefix=get_app_url(request),
eval_url=get_eval_url(),
values=values)
def render(self):
modul = get_item_modul(self._request, self._item)
template_modul = get_item_modul(self._request, Printtemplate)
values = {}
values['request'] = self._request
values['body'] = self._render_body()
values['modul'] = modul.get_label(plural=True)
values['header'] = template_modul.get_label(plural=True)
values['action'] = self._action.capitalize()
values['ok_text'] = template_modul.get_label(plural=False)
values['ok_url'] = self._request.current_route_path()
values['_'] = self._request.translate
values['cancel_url'] = self._request.ringo.history.last(
) or self._request.url.replace("print", "read")
values['eval_url'] = self.form._eval_url
values['h'] = ringo.lib.helpers
return literal(self.template.render(**values))
def _render_body(self):
out = []
out.append(self.form.render(buttons=False))
return literal("").join(out)
def login(request):
handle_history(request)
_ = request.translate
settings = request.registry.settings
config = Config(load(get_path_to_form_config('auth.xml')))
form_config = config.get_form('loginform')
form = Form(form_config, csrf_token=request.session.get_csrf_token(),
translate=_)
if request.POST:
form.validate(request.params)
username = form.data.get('login')
password = form.data.get('pass')
user = user_login(username, password)
if user is None:
msg = _("Login failed!")
request.session.flash(msg, 'error')
elif not user.activated:
msg = _("Login failed!")
request.session.flash(msg, 'error')
target_url = request.route_path('accountdisabled')
return HTTPFound(location=target_url)
else:
# Handle authentication callback.
if is_authcallback_enabled(settings):
authenticated = False
try:
callback = dynamic_import(settings.get("auth.callback"))
callback(request, user)
authenticated = True
except AuthentificationException as e:
msg = e.message
request.session.flash(msg, 'critical')
else:
authenticated = True
if authenticated:
msg = _("Login was successfull")
request.session.flash(msg, 'success')
headers = remember(request, user.id)
target_url = request.route_path('home')
return HTTPFound(location=target_url, headers=headers)
return {'form': form.render(),
'registration_enabled': is_registration_enabled(settings),
'pwreminder_enabled': is_pwreminder_enabled(settings)}
def render(request):
"""Will return a JSONResponse with a rendererd form. The form
defintion and the formid is provided in the POST request."""
_ = request.translate
form_config = request.POST.get("definition")
config_name = request.POST.get("formid")
out = []
try:
config = Config(parse(form_config))
form_config = config.get_form(config_name)
form = Form(form_config, None, request.db,
csrf_token=request.session.get_csrf_token())
out.append(form.render(buttons=False, outline=False))
except Exception as ex:
out.append(_('ERROR: %s' % str(ex)))
data = {"form": "".join(out)}
return JSONResponse(True, data, {"msg": "Ole!"})
def forgot_password(request):
settings = request.registry.settings
if not is_pwreminder_enabled(settings):
raise exc.exception_response(503)
_ = request.translate
config = Config(load(get_path_to_form_config('auth.xml')))
form_config = config.get_form('forgot_password')
form = Form(form_config,
csrf_token=request.session.get_csrf_token(),
translate=_)
complete = False
msg = None
if request.POST:
if form.validate(request.params):
username = form.data.get('login')
user = request_password_reset(username, request.db)
if user and user.profile[0].email:
recipient = user.profile[0].email
mailer = Mailer(request)
token = user.reset_tokens[-1]
subject = _('Password reset request')
values = {
'url': request.route_url('reset_password', token=token),
'app_name': get_app_title(),
'email': settings['mail.default_sender'],
'username': username,
'_': _
}
mail = Mail([recipient],
subject,
template="password_reset_request",
values=values)
mailer.send(mail)
log.info(u"Passwort reset token sent to "
u"user {} with email {}".format(username, recipient))
else:
log.info(u"Failed sending Passwort reset token for {}. "
u"User not found or missing email".format(username))
# Return a message to the user which does not allow to get
# information about the existence of a user.
msg = _("If the user has been found together with configured "
"e-mail, a confirmation mail for resetting the password "
"has been sent. Please check your e-mail box.")
request.session.flash(msg, 'success')
complete = True
return {'form': form.render(), 'complete': complete, 'msg': msg}
def render(request):
"""Will return a JSONResponse with a rendererd form. The form
defintion and the formid is provided in the POST request."""
_ = request.translate
form_config = request.POST.get("definition")
config_name = request.POST.get("formid")
out = []
try:
config = Config(parse(form_config))
form_config = config.get_form(config_name)
form = Form(form_config,
None,
request.db,
csrf_token=request.session.get_csrf_token())
out.append(form.render(buttons=False, outline=False))
except Exception as ex:
out.append(_('ERROR: %s' % str(ex)))
data = {"form": "".join(out)}
return JSONResponse(True, data, {"msg": "Ole!"})
class EvaluationDialogRenderer(DialogRenderer):
"""Docstring for ExportDialogRenderer"""
def __init__(self, request, clazz):
"""@todo: to be defined """
DialogRenderer.__init__(self, request, clazz, "evaluate")
self.template = template_lookup.get_template("internal/evaluation.mako")
config = Config(load(get_path_to_form_config('evaluations.xml', 'ringo_evaluation', location=".")))
form_config = config.get_form('dialog')
url_prefix = request.application_url
self.form = Form(form_config,
csrf_token=self._request.session.get_csrf_token(),
translate=request.translate,
eval_url=get_eval_url(),
url_prefix=url_prefix)
def render(self, items):
values = {}
values['request'] = self._request
values['items'] = items
values['body'] = self._render_body()
values['modul'] = get_item_modul(self._request, self._item).get_label(plural=True)
values['action'] = self._action.capitalize()
values['ok_url'] = self._request.current_route_path()
values['_'] = self._request.translate
values['cancel_url'] = self._request.referrer
values['evalurl'] = self._request.application_url+get_eval_url()
return literal(self.template.render(**values))
def _render_body(self):
out = []
# Collect all available evaluations and provide the evaluations
# for this modul to the form while rendering.
evaluations = []
#converter = get_converter()
modul = get_item_modul(self._request, self._item)
for evaluation in modul.evaluations:
evaluations.append((evaluation, evaluation.id))
values = {"evaluations": evaluations}
values["_converter"] = False # converter.is_available()
out.append(self.form.render(buttons=False, values=values))
return "".join(out)
def trainable_index_view(request):
values = index_view(request)
if request.user:
client = Client()
client_id = request.user.profile[0].strava_client_id
redirect_uri = request.route_url("authstrava")
url = client.authorization_url(client_id=client_id,
redirect_uri=redirect_uri,
scope="view_private")
_ = request.translate
config = Config(load(get_path_to_form_config('strava.xml')))
form_config = config.get_form('syncform')
form = Form(form_config, csrf_token=request.session.get_csrf_token(),
translate=_, locale="de", eval_url=get_eval_url())
if request.POST and form.validate(request.params):
sync(request, form.data.get("sport"),
form.data.get("start"), form.data.get("end"),
form.data.get("commute"))
values["fitness"] = get_fitness(0, 0, get_activities_for_user(request))
values["strava_auth_url"] = url
values["strava_syncform"] = form.render()
return values
def changepassword(request):
"""Method to change the users password by the user. The user user
musst provide his old and the new pasword. Users are only allowed to
change their own password."""
# Check authentification
# As this view has now security configured it is
# generally callable by all users. For this reason we first check if
# the user is authenticated. If the user is not authenticated the
# raise an 401 (unauthorized) exception.
if not request.user:
raise HTTPUnauthorized
clazz = User
_ = request.translate
rvalue = {}
# Load the item return 400 if the item can not be found.
id = request.matchdict.get('id')
factory = clazz.get_item_factory()
try:
item = factory.load(id, request.db)
# Check authorisation
# User are only allowed to set their own password.
if item.id != request.user.id:
raise HTTPForbidden()
except sa.orm.exc.NoResultFound:
raise HTTPBadRequest()
form = Form(get_form_config(item, 'changepassword'),
item, request.db, translate=_,
renderers={},
change_page_callback={'url': 'set_current_form_page',
'item': clazz.__tablename__,
'itemid': id},
request=request, csrf_token=request.session.get_csrf_token())
if request.POST:
mapping = {'item': item}
# Do extra validation which is not handled by formbar.
# Is the provided old password correct?
validator = Validator('oldpassword',
_('The given password is not correct'),
check_password)
pw_len_validator = Validator('password',
_('Password must be at least 12 '
'characters long.'),
password_minlength_validator)
pw_nonchar_validator = Validator('password',
_('Password must contain at least 2 '
'non-letters.'),
password_nonletter_validator)
form.add_validator(validator)
form.add_validator(pw_len_validator)
form.add_validator(pw_nonchar_validator)
if form.validate(request.params):
form.save()
# Actually save the password. This is not done in the form
# as the password needs to be encrypted.
encrypt_password_callback(request, item)
msg = _('Changed password for "${item}" successfull.',
mapping=mapping)
log.info(msg)
request.session.flash(msg, 'success')
route_name = get_action_routename(item, 'changepassword')
url = request.route_path(route_name, id=item.id)
# Invalidate cache
invalidate_cache()
return HTTPFound(location=url)
else:
msg = _('Error on changing the password for '
'"${item}".', mapping=mapping)
log.info(msg)
request.session.flash(msg, 'error')
rvalue['clazz'] = clazz
rvalue['item'] = item
rvalue['form'] = form.render(page=get_current_form_page(clazz, request))
return rvalue
def register_user(request):
settings = request.registry.settings
if not is_registration_enabled(settings):
raise exc.exception_response(503)
handle_history(request)
_ = request.translate
config = Config(load(get_path_to_form_config('auth.xml')))
form_config = config.get_form('register_user')
form = Form(form_config, csrf_token=request.session.get_csrf_token(),
translate=_)
# Do extra validation which is not handled by formbar.
# Is the login unique?
login_unique_validator = Validator('login',
_('There is already a user with this '
'name'),
is_login_unique)
pw_len_validator = Validator('pass',
_('Password must be at least 12 characters '
'long.'),
password_minlength_validator)
pw_nonchar_validator = Validator('pass',
_('Password must contain at least 2 '
'non-letters.'),
password_nonletter_validator)
form.add_validator(login_unique_validator)
form.add_validator(pw_len_validator)
form.add_validator(pw_nonchar_validator)
registration_complete = False
if request.POST:
if form.validate(request.params):
# 1. Create user. Do not activate him. Default role is user.
ufac = User.get_item_factory()
user = ufac.create(None, form.data)
# Set login from formdata
user.login = form.data['login']
# Encrypt password and save
user.password = encrypt_password(form.data['pass'])
# Deactivate the user. To activate the user needs to confirm
# with the activation link
user.activated = False
atoken = str(uuid.uuid4())
user.activation_token = atoken
# Set profile data
user.profile[0].email = form.data['_email']
# 2. Set user group
gfac = Usergroup.get_item_factory()
default_grps = settings.get("auth.register_user_default_groups",
str(USER_GROUP_ID))
for gid in [int(id) for id in default_grps.split(",")]:
group = gfac.load(gid)
user.groups.append(group)
# 3. Set user role
rfac = Role.get_item_factory()
default_roles = settings.get("auth.register_user_default_roles",
str(USER_ROLE_ID))
for rid in [int(id) for id in default_roles.split(",")]:
role = rfac.load(rid)
user.roles.append(role)
# Set default user group.
request.db.add(user)
# 4. Send confirmation email. The user will be activated
# after the user clicks on the confirmation link
mailer = Mailer(request)
recipient = user.profile[0].email
subject = _('Confirm user registration')
values = {'url': request.route_url('confirm_user', token=atoken),
'app_name': get_app_title(),
'email': settings['mail.default_sender'],
'_': _}
mail = Mail([recipient],
subject,
template="register_user",
values=values)
mailer.send(mail)
msg = _("User has been created and a confirmation mail was sent"
" to the users email adress. Please check your email.")
request.session.flash(msg, 'success')
registration_complete = True
return {'form': form.render(), 'complete': registration_complete}
def register_user(request):
settings = request.registry.settings
if not is_registration_enabled(settings):
raise exc.exception_response(503)
handle_history(request)
_ = request.translate
config = Config(load(get_path_to_form_config('auth.xml', 'ringo')))
form_config = config.get_form('register_user')
form = Form(form_config, csrf_token=request.session.get_csrf_token(),
translate=_)
# Do extra validation which is not handled by formbar.
# Is the login unique?
validator = Validator('login',
'There is already a user with this name',
is_login_unique)
form.add_validator(validator)
if request.POST:
if form.validate(request.params):
# 1. Create user. Do not activate him. Default role is user.
ufac = User.get_item_factory()
user = ufac.create(None, form.data)
# Set login from formdata
user.login = form.data['login']
# Encrypt password and save
user.password = encrypt_password(form.data['pass'])
# Deactivate the user. To activate the user needs to confirm
# with the activation link
user.activated = False
atoken = str(uuid.uuid4())
user.activation_token = atoken
# Set profile data
user.profile[0].email = form.data['_email']
# 2. Set user group
gfac = Usergroup.get_item_factory()
group = gfac.load(USER_GROUP_ID)
user.groups.append(group)
# 3. Set user role
rfac = Role.get_item_factory()
role = rfac.load(USER_ROLE_ID)
user.roles.append(role)
# Set default user group.
request.db.add(user)
# 4. Send confirmation email. The user will be activated
# after the user clicks on the confirmation link
mailer = Mailer(request)
recipient = user.profile[0].email
subject = _('Confirm user registration')
values = {'url': request.route_url('confirm_user', token=atoken),
'app_name': get_app_title(),
'email': settings['mail.default_sender'],
'_': _}
mail = Mail([recipient], subject, template="register_user", values=values)
mailer.send(mail)
target_url = request.route_path('login')
headers = forget(request)
msg = _("User has been created and a confirmation mail was sent"
" to the users email adress. Please check your email.")
request.session.flash(msg, 'success')
return HTTPFound(location=target_url, headers=headers)
return {'form': form.render()}
def changepassword(request):
"""Method to change the users password by the user. The user user
musst provide his old and the new pasword. Users are only allowed to
change their own password."""
# Check authentification
# As this view has now security configured it is
# generally callable by all users. For this reason we first check if
# the user is authenticated. If the user is not authenticated the
# raise an 401 (unauthorized) exception.
if not request.user:
raise HTTPUnauthorized
clazz = User
handle_history(request)
handle_params(request)
_ = request.translate
rvalue = {}
# Load the item return 400 if the item can not be found.
id = request.matchdict.get('id')
factory = clazz.get_item_factory()
try:
item = factory.load(id, request.db)
# Check authorisation
# User are only allowed to set their own password.
if item.id != request.user.id:
raise HTTPForbidden()
except sa.orm.exc.NoResultFound:
raise HTTPBadRequest()
form = Form(get_form_config(item, 'changepassword'),
item, request.db, translate=_,
renderers={},
change_page_callback={'url': 'set_current_form_page',
'item': clazz.__tablename__,
'itemid': id},
request=request, csrf_token=request.session.get_csrf_token())
if request.POST:
mapping = {'item': item}
# Do extra validation which is not handled by formbar.
# Is the provided old password correct?
validator = Validator('oldpassword',
_('The given password is not correct'),
check_password)
pw_len_validator = Validator('password',
_('Password must be at least 12 '
'characters long.'),
password_minlength_validator)
pw_nonchar_validator = Validator('password',
_('Password must contain at least 2 '
'non-letters.'),
password_nonletter_validator)
form.add_validator(validator)
form.add_validator(pw_len_validator)
form.add_validator(pw_nonchar_validator)
if form.validate(request.params):
form.save()
# Actually save the password. This is not done in the form
# as the password needs to be encrypted.
encrypt_password_callback(request, item)
msg = _('Changed password for "${item}" successfull.',
mapping=mapping)
log.info(msg)
request.session.flash(msg, 'success')
route_name = get_action_routename(item, 'changepassword')
url = request.route_path(route_name, id=item.id)
# Invalidate cache
invalidate_cache()
return HTTPFound(location=url)
else:
msg = _('Error on changing the password for '
'"${item}".', mapping=mapping)
log.info(msg)
request.session.flash(msg, 'error')
rvalue['clazz'] = clazz
rvalue['item'] = item
rvalue['form'] = form.render(page=get_current_form_page(clazz, request))
return rvalue
def register_user(request):
settings = request.registry.settings
if not is_registration_enabled(settings):
raise exc.exception_response(503)
_ = request.translate
config = Config(load(get_path_to_form_config('auth.xml')))
form_config = config.get_form('register_user')
form = Form(form_config,
csrf_token=request.session.get_csrf_token(),
translate=_)
# Do extra validation which is not handled by formbar.
# Is the login unique?
login_unique_validator = Validator(
'login', _('There is already a user with this '
'name'), is_login_unique)
pw_len_validator = Validator(
'pass', _('Password must be at least 12 characters '
'long.'), password_minlength_validator)
pw_nonchar_validator = Validator(
'pass', _('Password must contain at least 2 '
'non-letters.'), password_nonletter_validator)
form.add_validator(login_unique_validator)
form.add_validator(pw_len_validator)
form.add_validator(pw_nonchar_validator)
registration_complete = False
if request.POST:
if form.validate(request.params):
# 1. Create user. Do not activate him. Default role is user.
ufac = User.get_item_factory()
user = ufac.create(None, form.data)
# Set login from formdata
user.login = form.data['login']
# Encrypt password and save
user.password = encrypt_password(form.data['pass'])
# Deactivate the user. To activate the user needs to confirm
# with the activation link
user.activated = False
atoken = str(uuid.uuid4())
user.activation_token = atoken
# Set profile data
user.profile[0].email = form.data['_email']
# 2. Set user group
gfac = Usergroup.get_item_factory()
default_grps = settings.get("auth.register_user_default_groups",
str(USER_GROUP_ID))
for gid in [int(id) for id in default_grps.split(",")]:
group = gfac.load(gid)
user.groups.append(group)
# 3. Set user role
rfac = Role.get_item_factory()
default_roles = settings.get("auth.register_user_default_roles",
str(USER_ROLE_ID))
for rid in [int(id) for id in default_roles.split(",")]:
role = rfac.load(rid)
user.roles.append(role)
# Set default user group.
request.db.add(user)
# 4. Send confirmation email. The user will be activated
# after the user clicks on the confirmation link
mailer = Mailer(request)
recipient = user.profile[0].email
subject = _('Confirm user registration')
values = {
'url': request.route_url('confirm_user', token=atoken),
'app_name': get_app_title(),
'email': settings['mail.default_sender'],
'login': user.login,
'_': _
}
mail = Mail([recipient],
subject,
template="register_user",
values=values)
mailer.send(mail)
msg = _("User has been created and a confirmation mail was sent"
" to the users email adress. Please check your email.")
request.session.flash(msg, 'success')
registration_complete = True
return {'form': form.render(), 'complete': registration_complete}
