def create_activation(request, user):
db = get_session(request)
Activation = request.registry.getUtility(IActivationClass)
activation = Activation()
db.add(activation)
user.activation = activation
db.flush()
# TODO Create a hook for the app to give us body and subject!
# TODO We don't need pystache just for this!
body = pystache.render(
_("Please validate your email and activate your account by visiting:\n"
"{{ link }}"),
{
'link': request.route_url('activate', user_id=user.id,
code=user.activation.code)
}
)
subject = _("Please activate your account!")
message = Message(subject=subject, recipients=[user.email], body=body)
mailer = get_mailer(request)
mailer.send(message)
def edit_profile(self):
user = self.request.context
if not user:
return HTTPNotFound()
if self.request.method == 'GET':
username = user.username
email = user.email
return {
'form': self.form.render(
appstruct=dict(
username=username,
email=email if email else '',
)
)
}
elif self.request.method == 'POST':
try:
controls = self.request.POST.items()
captured = self.form.validate(controls)
except deform.ValidationFailure as e:
# We pre-populate username
e.cstruct['username'] = user.username
return {'form': e.render(), 'errors': e.error.children}
email = captured.get('email', None)
if email:
email_user = self.User.get_by_email(self.request, email)
if email_user:
if email_user.id != user.id:
self.request.session.flash(
_('That e-mail is already used.'), 'error')
return HTTPFound(location=self.request.url)
user.email = email
password = captured.get('password')
if password:
user.password = password
self.request.session.flash(_('Profile successfully updated.'),
'success')
self.db.add(user)
self.request.registry.notify(
ProfileUpdatedEvent(self.request, user, captured)
)
return HTTPFound(location=self.request.url)
def forgot_password(self):
schema = self.request.registry.getUtility(IForgotPasswordSchema)
schema = schema().bind(request=self.request)
form = self.request.registry.getUtility(IForgotPasswordForm)
form = form(schema)
if self.request.method == 'GET':
if self.request.user:
return HTTPFound(location=self.forgot_password_redirect_view)
return {'form': form.render()}
elif self.request.method == 'POST':
try:
controls = self.request.POST.items()
captured = form.validate(controls)
except deform.ValidationFailure as e:
return {'form': e.render(), 'errors': e.error.children}
email = captured['email']
user = self.User.get_by_email(self.request, email)
activation = self.Activation()
self.db.add(activation)
user.activation = activation
if user:
mailer = get_mailer(self.request)
body = pystache.render(
_("Someone has tried to reset your password. "
"If it was you, click here:\n{{ link }}"),
{
'link': route_url('reset_password', self.request,
code=user.activation.code)
}
)
subject = _("Reset your password")
message = Message(subject=subject, recipients=[user.email],
body=body)
mailer.send(message)
# we don't want to say "E-mail not registered" or anything like that
# because it gives spammers context
self.request.session.flash(_('Please check your e-mail to finish '
'resetting your password.'), 'success')
return HTTPFound(location=self.reset_password_redirect_view)
def check_credentials(self, username, password):
allow_email_auth = self.settings.get("horus.allow_email_auth", False)
user = self.User.get_user(self.request, username, password)
if allow_email_auth and not user:
user = self.User.get_by_email_password(self.request, username, password)
if not user:
raise AuthenticationFailure(_("Invalid username or password."))
if not self.allow_inactive_login and self.require_activation and not user.is_activated:
raise AuthenticationFailure(_("Your account is not active, please check your e-mail."))
return user
def activate(self):
code = self.request.matchdict.get('code', None)
user_id = self.request.matchdict.get('user_id', None)
activation = self.Activation.get_by_code(self.request, code)
if activation:
user = self.User.get_by_id(self.request, user_id)
if user.activation != activation:
return HTTPNotFound()
if user:
self.db.delete(activation)
self.db.add(user)
self.db.flush()
self.request.registry.notify(
RegistrationActivatedEvent(self.request, user, activation)
)
self.request.session.flash(
_('Your e-mail address has been verified.'), 'success')
return HTTPFound(location=self.activate_redirect_view)
return HTTPNotFound()
def register(self):
if self.request.method == 'GET':
if self.request.user:
return HTTPFound(location=self.register_redirect_view)
return {'form': self.form.render()}
elif self.request.method == 'POST':
try:
controls = self.request.POST.items()
captured = self.form.validate(controls)
except deform.ValidationFailure as e:
return {'form': e.render(), 'errors': e.error.children}
email = captured['email']
username = captured['username'].lower()
password = captured['password']
try:
user = self.create_user(email, username, password)
except RegistrationFailure as e:
self.request.session.flash(str(e), 'error')
return HTTPFound(location=self.request.url)
autologin = asbool(self.settings.get('horus.autologin', False))
activation = None
if self.require_activation:
# SEND EMAIL ACTIVATION
create_activation(self.request, user)
self.request.session.flash(
_('Please check your e-mail for an activation link.'),
'success')
else:
if not autologin:
self.request.session.flash(
_('You have been registered. You may log in now!'),
'success')
self.request.registry.notify(
NewRegistrationEvent(self.request, user, activation, captured)
)
if autologin:
self.db.flush() # in order to get the id
return authenticated(self.request, user.id)
else: # not autologin: User must log in just after registering.
return HTTPFound(location=self.register_redirect_view)
def check_credentials(self, username, password):
allow_email_auth = self.settings.get('horus.allow_email_auth', False)
user = self.User.get_user(self.request, username, password)
if allow_email_auth and not user:
user = self.User.get_by_email_password(self.request, username,
password)
if not user:
raise AuthenticationFailure(_('Invalid username or password.'))
if not self.allow_inactive_login and self.require_activation \
and not user.is_activated:
raise AuthenticationFailure(
_('Your account is not active, please check your e-mail.'))
return user
def logout(self):
"""Removes the auth cookies and redirects to the view defined in
horus.logout_redirect, which defaults to a view named 'index'.
"""
self.request.session.invalidate()
self.request.session.flash(_('You have logged out.'), 'success')
headers = forget(self.request)
return HTTPFound(location=self.logout_redirect_view, headers=headers)
def create_user(self, email, username, password):
user = self.User.get_by_username_or_email(
self.request,
username,
email
)
if user:
# XXX offload this logic to the model
if user.email.lower() == email.lower():
raise RegistrationFailure(
_('That e-mail is already used.'))
else:
raise RegistrationFailure(
_('That username is already used.'))
user = self.User(username=username, email=email, password=password)
self.db.add(user)
return user
def edit_profile(self):
user = self.request.context
if not user:
return HTTPNotFound()
if self.request.method == 'GET':
username = user.username
email = user.email
appstruct = {'username': username,
'email': email if email else ''}
return render_form(self.request, self.form, appstruct)
elif self.request.method == 'POST':
controls = self.request.POST.items()
try:
captured = validate_form(controls, self.form)
except FormValidationFailure as e:
# We pre-populate username
return e.result(self.request, username=user.username)
email = captured.get('email', None)
if email:
email_user = self.User.get_by_email(self.request, email)
if email_user:
if email_user.id != user.id:
FlashMessage(self.request,
_('That e-mail is already used.'), kind='error')
return HTTPFound(location=self.request.url)
user.email = email
password = captured.get('password')
if password:
user.password = password
FlashMessage(self.request, self.Str.edit_profile_done,
kind='success')
self.db.add(user)
self.request.registry.notify(
ProfileUpdatedEvent(self.request, user, captured)
)
return HTTPFound(location=self.request.url)
def check_credentials(self, username, password):
allow_email_auth = self.settings.get('horus.allow_email_auth', False)
# Check login with username
User = get_user_class(self.request.registry)
user = User.get_user(self.request, username, password)
# Check login with email
if allow_email_auth and not user:
user = User.get_by_email_password(self.request, username, password)
if not user:
raise AuthenticationFailure(_('Invalid username or password.'))
if not self.allow_inactive_login and self.require_activation \
and not user.is_activated:
raise AuthenticationFailure(
_('Your account is not active, please check your e-mail.'))
if not user.can_login():
raise AuthenticationFailure(_('This user account cannot log in at the moment.'))
return user
def edit_profile(self):
user = self.request.context
if not user:
return HTTPNotFound()
if self.request.method == 'GET':
username = user.username
email = user.email
appstruct = {'username': username, 'email': email if email else ''}
return render_form(self.request, self.form, appstruct)
elif self.request.method == 'POST':
controls = self.request.POST.items()
try:
captured = validate_form(controls, self.form)
except FormValidationFailure as e:
# We pre-populate username
return e.result(self.request, username=user.username)
email = captured.get('email', None)
if email:
email_user = self.User.get_by_email(self.request, email)
if email_user:
if email_user.id != user.id:
FlashMessage(self.request,
_('That e-mail is already used.'),
kind='error')
return HTTPFound(location=self.request.url)
user.email = email
password = captured.get('password')
if password:
user.password = password
FlashMessage(self.request,
self.Str.edit_profile_done,
kind='success')
self.db.add(user)
self.request.registry.notify(
ProfileUpdatedEvent(self.request, user, captured))
return HTTPFound(location=self.request.url)
def authenticated(request, userid):
"""Sets the auth cookies and redirects to the page defined
in horus.login_redirect, which defaults to a view named 'index'.
"""
settings = request.registry.settings
headers = remember(request, userid)
autologin = asbool(settings.get('horus.autologin', False))
if not autologin:
request.session.flash(_('You are now logged in.'), 'success')
login_redirect_route = settings.get('horus.login_redirect', 'index')
location = route_url(login_redirect_route, request)
return HTTPFound(location=location, headers=headers)
def create_activation(request, user):
db = get_session(request)
Activation = request.registry.getUtility(IActivationClass)
activation = Activation()
db.add(activation)
user.activation = activation
db.flush()
# TODO Create a hook for the app to give us body and subject!
# TODO We don't need pystache just for this!
body = pystache.render(
_("Please validate your email and activate your account by visiting:\n"
"{{ link }}"), {
'link':
request.route_url(
'activate', user_id=user.id, code=user.activation.code)
})
subject = _("Please activate your account!")
message = Message(subject=subject, recipients=[user.email], body=body)
mailer = get_mailer(request)
mailer.send(message)
def reset_password(self):
schema = self.request.registry.getUtility(IResetPasswordSchema)
schema = schema().bind(request=self.request)
form = self.request.registry.getUtility(IResetPasswordForm)
form = form(schema)
code = self.request.matchdict.get('code', None)
activation = self.Activation.get_by_code(self.request, code)
if activation:
user = self.User.get_by_activation(self.request, activation)
if user:
if self.request.method == 'GET':
return {
'form': form.render(
appstruct=dict(
username=user.username
)
)
}
elif self.request.method == 'POST':
try:
controls = self.request.POST.items()
captured = form.validate(controls)
except deform.ValidationFailure as e:
return {'form': e.render(), 'errors': e.error.children}
password = captured['password']
user.password = password
self.db.add(user)
self.db.delete(activation)
self.request.registry.notify(
PasswordResetEvent(self.request, user, password)
)
self.request.session.flash(
_('Your password has been reset!'), 'success')
location = self.reset_password_redirect_view
return HTTPFound(location=location)
return HTTPNotFound()
def create_user(self):
schema = AdminUserSchema()
schema = schema.bind(request=self.request)
form = HorusForm(schema)
if self.request.method == 'GET':
if isinstance(self.request.context, RootFactory):
return dict(form=form)
else:
return dict(
form=form,
appstruct=self.request.context.__json__()
)
else:
try:
controls = self.request.POST.items()
captured = form.validate(controls)
except deform.ValidationFailure as e:
return dict(form=e, errors=e.error.children)
if isinstance(self.request.context, RootFactory):
user = self.User(
username=captured['username'],
email=captured['email']
)
else:
user = self.request.context
if captured['password']:
user.password = captured['password']
self.db.add(user)
self.request.session.flash(_('The user was created'), 'success')
return HTTPFound(
location=self.request.route_url('admin_users_index')
)
