def login(self, request):
_message, _code = _(u'Please log in.'), 401
# Try to get an already logged in user
if request.session.get('user_id', None):
return redirect_to('portal/index')
if request.authorization:
auth = request.authorization
try:
user = User.query.get(auth.username)
if user.check_password(request.authorization.password):
self.set_user(request, user)
request.flash(_(u'You are now logged in.'), True)
return redirect_to('portal/index')
else:
_message, _code = _(u'Invalid login.'), 403
except db.NoResultFound:
_message, _code = _(u'Invalid login'), 403
# ask for login
response = Response(
_message, _code,
{'WWW-Authenticate': 'Basic realm="%s' % self.realm})
abort(response)
def confirm(self, request, key):
try:
ret = call_confirm(key)
except KeyError:
ret = _(u'Key not found. Maybe it has already been used?'), False
except Expired:
ret = _(u'The supplied key is not valid anymore.'), False
if isinstance(ret, tuple) and len(ret) == 2:
return Response(u'%s: %s' % (['success', 'fail'][not ret[1]],
ret[0]), mimetype='text/plain')
return ret
def login(self, request):
"""Like `register` just for login."""
form = self.get_login_form(request)
# some login systems require an external login URL.
try:
rv = self.before_login(request)
if rv is not None:
return rv
except LoginUnsucessful as err:
request.flash(lazy_gettext(unicode(err)), False)
# only validate if the before_login handler did not already cause
# an error. In that case there is not much win in validating
# twice, it would clear the error added.
if form.validate_on_submit():
try:
fd = form.data
rv = self.perform_login(
request, username=fd["username"], password=fd["password"], permanent=fd["permanent"]
)
except LoginUnsucessful as err:
request.flash(lazy_gettext(unicode(err)), False)
else:
if rv is not None:
return rv
request.flash(_(u"You are now logged in."), True)
return form.redirect("portal/index")
return self.render_login_template(request, form)
def login(self, request):
"""Like `register` just for login."""
form = self.get_login_form(request)
# some login systems require an external login URL.
try:
rv = self.before_login(request)
if rv is not None:
return rv
except LoginUnsucessful as err:
request.flash(lazy_gettext(unicode(err)), False)
# only validate if the before_login handler did not already cause
# an error. In that case there is not much win in validating
# twice, it would clear the error added.
if form.validate_on_submit():
try:
fd = form.data
rv = self.perform_login(request,
username=fd['username'],
password=fd['password'],
permanent=fd['permanent'])
except LoginUnsucessful as err:
request.flash(lazy_gettext(unicode(err)), False)
else:
if rv is not None:
return rv
request.flash(_(u'You are now logged in.'), True)
return form.redirect('portal/index')
return self.render_login_template(request, form)
def deactivate(self, request):
form = DeactivateProfileForm(request.form)
if form.validate_on_submit():
if not request.user.check_password(form.password.data):
form.password.errors = [_(u'The password was not correct.')]
else:
user = request.user
get_auth_system().logout(request)
user.deactivate()
db.session.commit()
request.flash(_(u'Your profile was deactivated successfully'),
success=True)
return redirect(href('portal/index'))
return {
'form': form
}
def password(self, request):
form = get_change_password_form(request)(request.form)
if form.validate_on_submit():
if not request.user.check_password(form.old_password.data):
form.old_password.errors = [_(u'The password you entered '
u'doesn\'t match your old one.')]
else:
request.user.set_password(form.new_password.data)
db.session.commit()
request.flash(_(u'Your password was changed successfully'),
success=True)
return redirect(href('usercp/index'))
return {
'random_pw': form.new_password.data,
'form': form,
}
def activate_user(data):
try:
u = User.query.get(data["user"])
except db.NoResultFound:
return redirect_to("portal/index")
u.status = "normal"
db.session.commit()
ctx.current_request.flash(_(u"Activation successful, you can now login with your credentials"))
return redirect_to("portal/login")
def activate_user(data):
try:
u = User.query.get(data['user'])
except db.NoResultFound:
return redirect_to('portal/index')
u.status = 'normal'
db.session.commit()
ctx.current_request.flash(
_(u'Activation successful, you can now login with your credentials'))
return redirect_to('portal/login')
def __init__(self, formdata=None, expand_all=False, *args, **kwargs):
self.expand_all = expand_all
if not expand_all:
choices = [(x,x) for x in self.dynamic_fields]
self._unbound_fields += [
('new_field', fields.SelectField(choices=choices)),
('add_field', fields.SubmitField(_(u'Add filter')))]
Form.__init__(self, formdata=formdata, *args, **kwargs)
class QuestionsContentProvider(ITaggableContentProvider):
type = 'forum_questions'
name = _('Questions')
def get_taggable_content(self, tag):
return Question.query.order_by(Question.score, Question.view_count) \
.filter(db.and_(
question_tag.c.tag_id == tag.id,
question_tag.c.question_id == Question.id
)).options(db.noload('votes'), db.noload('author'))
def __init__(self, formdata=None, expand_all=False, *args, **kwargs):
self.expand_all = expand_all
if not expand_all:
choices = [(x, x) for x in self.dynamic_fields]
self._unbound_fields += [
('new_field', fields.SelectField(choices=choices)),
('add_field', fields.SubmitField(_(u'Add filter')))
]
Form.__init__(self, formdata=formdata, *args, **kwargs)
def profile(self, request):
profile = UserProfile.query.filter_by(user_id=request.user.id).first()
form = ProfileForm(request.form, profile=profile)
if request.method == 'POST' and form.validate():
form.save()
request.flash(_(u'Your profile was saved successfully'), True)
return {
'form': form
}
def logout(self, request):
"""This has to logout the user again. This method must not fail.
If the logout requires the redirect to an external resource it
might return a redirect response. That resource then should not
redirect back to the logout page, but instead directly to the
**current** `request.next_url`.
Most auth systems do not have to implement this method. The
default one calls `set_user(request, None)`.
"""
self.set_user(request, None)
request.flash(_(u"You have been logged out successfully."), True)
def logout(self, request):
"""This has to logout the user again. This method must not fail.
If the logout requires the redirect to an external resource it
might return a redirect response. That resource then should not
redirect back to the logout page, but instead directly to the
**current** `request.next_url`.
Most auth systems do not have to implement this method. The
default one calls `set_user(request, None)`.
"""
self.set_user(request, None)
request.flash(_(u'You have been logged out successfully.'), True)
def perform_login(self, request, username, password, permanent=False):
try:
user = User.query.get(username)
except db.NoResultFound:
raise LoginUnsucessful(self.login_failed_message)
if user.check_password(password):
self.set_user(request, user)
if permanent:
request.session.permanent = True
request.flash(_(u"You are now logged in."))
return redirect_to("portal/index")
else:
raise LoginUnsucessful(self.login_failed_message)
def perform_login(self, request, username, password, permanent=False):
try:
user = User.query.get(username)
except db.NoResultFound:
raise LoginUnsucessful(self.login_failed_message)
if user.check_password(password):
self.set_user(request, user)
if permanent:
request.session.permanent = True
request.flash(_(u'You are now logged in.'))
return redirect_to('portal/index')
else:
raise LoginUnsucessful(self.login_failed_message)
def tags(self, request):
cloud, more = Tag.query.public().get_cloud()
if request.method in ('POST', 'PUT'):
# the user choosed a tag by manually entered name
name = request.form.get('tag')
tag = Tag.query.filter_by(name=name).first()
if tag is not None:
return redirect_to('portal/tag', slug=tag.slug)
request.flash(_(u'The tag ā%sā does not exist' % name), False)
return {
'tag_cloud': cloud,
'tag_names': [t['name'] for t in cloud]
}
def login(self, request):
_message, _code = _(u"Please log in."), 401
# Try to get an already logged in user
if request.session.get("user_id", None):
return redirect_to("portal/index")
if request.authorization:
auth = request.authorization
try:
user = User.query.get(auth.username)
if user.check_password(request.authorization.password):
self.set_user(request, user)
request.flash(_(u"You are now logged in."), True)
return redirect_to("portal/index")
else:
_message, _code = _(u"Invalid login."), 403
except db.NoResultFound:
_message, _code = _(u"Invalid login"), 403
# ask for login
response = Response(_message, _code, {"WWW-Authenticate": 'Basic realm="%s' % self.realm})
abort(response)
class EasyAuth(IAuthSystem):
"""Auth system that uses the user model for authentication.
It also supports permanent sessions using the `_permanent_session`
key in the current session.
"""
#: This message is occured if the login fails.
login_failed_message = _(
u'User is unknown or the password is not correct.')
def get_login_form(self, request, default=None):
"""Returns the login form."""
default = {} if default is None else default
return LoginForm(self, request.form, **default)
@templated('portal/register.html')
def register(self, request):
"""Called like a view function with only the request. Has to do the
register heavy-lifting. Auth systems that only use the internal
database do not have to override this method. Implementers that
override this function *have* to call `after_register` to finish
the registration of the new user. If `before_register` is unnused
it does not have to be called, otherwise as documented.
"""
rv = self.before_register(request)
if rv is not None:
return rv
form = get_registration_form(request)(request.form)
if form.validate_on_submit():
user = User(username=form.username.data,
email=form.email.data,
password=form.password.data)
db.session.commit()
r = self.after_register(request, user)
if isinstance(r, Response):
return r
return redirect_to('portal/index')
return {'form': form, 'random_pw': form.password.data}
def after_register(self, request, user):
"""
Tasks to be performed after the registration.
Per default this sends an activation email.
"""
# send the activation email.
c = Confirm('activate_user', {'user': user.id}, 3)
db.session.commit()
tasks.send_activation_mail.delay(user.id, c.url)
def login(self, request):
"""Like `register` just for login."""
form = self.get_login_form(request)
# some login systems require an external login URL.
try:
rv = self.before_login(request)
if rv is not None:
return rv
except LoginUnsucessful as err:
request.flash(lazy_gettext(unicode(err)), False)
# only validate if the before_login handler did not already cause
# an error. In that case there is not much win in validating
# twice, it would clear the error added.
if form.validate_on_submit():
try:
fd = form.data
rv = self.perform_login(request,
username=fd['username'],
password=fd['password'],
permanent=fd['permanent'])
except LoginUnsucessful as err:
request.flash(lazy_gettext(unicode(err)), False)
else:
if rv is not None:
return rv
request.flash(_(u'You are now logged in.'), True)
return form.redirect('portal/index')
return self.render_login_template(request, form)
@templated('portal/login.html')
def render_login_template(self, request, form):
"""Renders the login template"""
return {'login_form': form}
def logout(self, request):
"""This has to logout the user again. This method must not fail.
If the logout requires the redirect to an external resource it
might return a redirect response. That resource then should not
redirect back to the logout page, but instead directly to the
**current** `request.next_url`.
Most auth systems do not have to implement this method. The
default one calls `set_user(request, None)`.
"""
self.set_user(request, None)
request.flash(_(u'You have been logged out successfully.'), True)
def perform_login(self, request, username, password, permanent=False):
try:
user = User.query.get(username)
except db.NoResultFound:
raise LoginUnsucessful(self.login_failed_message)
if user.check_password(password):
self.set_user(request, user)
if permanent:
request.session.permanent = True
request.flash(_(u'You are now logged in.'))
return redirect_to('portal/index')
else:
raise LoginUnsucessful(self.login_failed_message)
def get_user(self, request):
if request.session.get('user_id'):
return User.query.get(request.session.get('user_id'))
else:
return User.query.get_anonymous()
def set_user(self, request, user):
if user is None:
user = User.query.get_anonymous()
request.session.permanent = False
request.session['user_id'] = user.id
def display_title(self):
if self.title:
return self.title
return _(u'Paste #%d') % self.id
def __unicode__(self):
return _(u'Comment by %s on %s') % (
self.author.display_name, self.article.title
)
def __unicode__(self):
return _(u'Comment by %s on %s') % (self.author.display_name,
self.article.title)
def display_title(self):
if self.title:
return self.title
return _(u'Paste #%d') % self.id
class ArticlesContentProvider(ITaggableContentProvider):
type = 'news_articles'
name = _('Articles')
def get_taggable_content(self, tag):
return tag.articles.order_by('view_count')
