def login_view(context, request): login = '' password = '' came_from = request.params.get('came_from') message = request.params.get('reason') if 'form.submitted' in request.params: login = request.params['login'] password = request.params['password'] users = find_users(context) info = users.get_by_login(login) if info: if info['password'] == get_sha_password(password): headers = remember(request, info['id']) if came_from: return HTTPFound(location=came_from, headers=headers) else: url = resource_url(context, request, 'login') return HTTPFound(location=url, headers=headers) else: message = 'Wrong password' else: message = 'No such user name %s' % login logged_in = authenticated_userid(request) return dict( api = API(context, request), login = login, password = password, logged_in = logged_in, came_from = came_from, message = message, )
def register_view(context, request): logged_in = authenticated_userid(request) login = request.params.get('login', '') fullname = request.params.get('fullname', '') email = request.params.get('email', '') password = request.params.get('password', '') password_verify = request.params.get('password_verify') captcha_answer = request.params.get('captcha_answer', '') message = '' if 'form.submitted' in request.params: schema = RegisterSchema() message = None try: schema.to_python(request.params) except formencode.validators.Invalid, why: message = str(why) else: ok = False session = context.sessions.get(request.environ['repoze.browserid']) solutions = session.get('captcha_solutions', []) for solution in solutions: if captcha_answer.lower() == solution.lower(): ok = True if not ok: message = 'Bad CAPTCHA answer' else: users = find_users(context) info = users.get_by_login(login) if info: message = 'Username %s already exists' % login else: if password != password_verify: message = 'Password and password verify do not match' else: users.add(login, login, password, groups=('members',)) profiles = find_profiles(context) profile = Profile(fullname, email) profiles[login] = profile acl = context.__acl__[:] acl.extend([(Allow, login, 'edit'), (Allow, 'admin', 'edit')]) profile.__acl__ = acl headers = remember(request, login) login_url = resource_url(context, request, 'login') response = HTTPFound(location = login_url, headers=headers) return response
def groupfinder(userid, request=None): environ = {} if request is None: request = get_current_request() else: root = request.root environ = request.environ users = find_users(root) info = users.get_by_id(userid) if info: groups = info['groups'] environ['REMOTE_ID'] = userid environ['REMOTE_USER'] = info['login'] environ['REMOTE_GROUPS'] = groups profiles = find_profiles(root) profile = profiles.get(userid) if profile: environ['REMOTE_EMAIL'] = profile.email return groups
def forgot_password_view(context, request): email = request.params.get('email', '') message = '' if 'form.submitted' in request.params: schema = ForgotPasswordSchema() try: schema.to_python(request.params) except formencode.validators.Invalid, why: message = str(why) else: profiles = find_profiles(context) found_profile = None for profile in profiles.values(): if profile.email == email: found_profile = profile break if found_profile is None: message = 'Email %s not found' % email else: login = profile.__name__ password = random_password() users = find_users(context) users.change_password(login, password) msg = Message() frm = 'bfg.repoze.org <*****@*****.**>' msg['From'] = frm msg['To'] = email msg['Subject'] = 'Account information' body = 'Your new password is "%s" for login name "%s"' % ( password, login) msg.set_payload(body) msg.set_type('text/html') message = msg.as_string() mailer = get_mailer() mailer.send(frm, [email], message) message = 'Mail sent to "%s" with new password' % email
message = 'Profile edited' if 'form.changepassword' in request.params: schema = ChangePasswordSchema() message = None try: schema.to_python(request.params) except formencode.validators.Invalid, why: message = str(why) else: password = request.params['password'] password_verify = request.params['password_verify'] if password != password_verify: message = 'Password and password verify do not match' else: users = find_users(context) users.change_password(login, password) message = 'Password changed' return dict( api = API(context, request), login = login, message = message, email = email, fullname = fullname, password = password, password_verify = password_verify, ) @view_config(for_=IWebSite, name='forgot_password', permission='view', renderer='marlton.views:templates/forgot_password.pt')