Example #1
0
def login_email_passreset(code):
    """ They've clicked on a password reset link.
        Log them in (might as well) and send them to the password reset page."""
    # This will also confirm their email if they haven't.
    # Doesn't seem to be any harm in doing that

    if len(code) > 20:
        abort(404)

    uid = Users.verify_confirm_code(code)
    if not uid:
        abort(404)
    Users.set_confirm(uid)
    Users.set_confirm_code(uid, "")
    user = Users2.get_user(uid)
    session['username'] = user['uname']
    session['user_id'] = uid
    session['user_givenname'] = user['givenname']
    session['user_familyname'] = user['familyname']
    session['user_fullname'] = user['fullname']
    session['user_authtype'] = "local"
    audit(1, uid, uid, "UserAuth",
          "%s logged in using password reset email" % (session['username'],))

    flash("Please change your password")
    return redirect(url_for("setup_change_pass"))
Example #2
0
def login_email_passreset(code):
    """ They've clicked on a password reset link.
        Log them in (might as well) and send them to the password reset page."""
    # This will also confirm their email if they haven't.
    # Doesn't seem to be any harm in doing that

    if len(code) > 20:
        abort(404)

    uid = Users.verify_confirm_code(code)
    if not uid:
        abort(404)
    Users.set_confirm(uid)
    Users.set_confirm_code(uid, "")
    user = Users2.get_user(uid)
    session['username'] = user['uname']
    session['user_id'] = uid
    session['user_givenname'] = user['givenname']
    session['user_familyname'] = user['familyname']
    session['user_fullname'] = user['fullname']
    session['user_authtype'] = "local"
    audit(1, uid, uid, "UserAuth",
          "%s logged in using password reset email" % (session['username'], ))

    flash("Please change your password")
    return redirect(url_for("setup_change_pass"))
Example #3
0
def login_confirm(code):
    """ They've clicked on a confirmation link."""
    if not OaConfig.open_registration:
        abort(404)

    if len(code) > 20:
        abort(404)

    uid = Users.verify_confirm_code(code)
    if not uid:
        abort(404)
    Users.set_confirm(uid)
    Users.set_confirm_code(uid, "")
    return render_template("login_signup_confirmed.html")
Example #4
0
def login_forgot_pass_submit():
    """ Forgot their password. Grab their username and send them a reset email.
    """

    if "cancel" in request.form:
        flash("Password reset cancelled.")
        return redirect(url_for("login_local"))

    username = sanitize_username(request.form.get('username', None))

    if username == "admin":
        flash("""The admin account cannot do an email password reset,
                 please see the Installation instructions.""")
        return redirect(url_for("login_forgot_pass"))

    if username:
        user_id = Users2.uid_by_uname(username)
    else:
        user_id = None

    if not user_id:
        flash("Unknown username ")
        return redirect(url_for("login_forgot_pass"))

    user = Users2.get_user(user_id)
    if not user['source'] == "local":
        flash("Your password is not managed by OASIS, "
              "please contact IT Support.")
        return redirect(url_for("login_forgot_pass"))

    code = Users.gen_confirm_code()
    Users.set_confirm_code(user_id, code)

    email = user['email']
    if not email:
        flash("We do not appear to have an email address on file for "
              "that account.")
        return redirect(url_for("login_forgot_pass"))

    text_body = render_template(os.path.join("email", "forgot_pass.txt"),
                                code=code)
    html_body = render_template(os.path.join("email", "forgot_pass.html"),
                                code=code)
    send_email(user['email'],
               from_addr=None,
               subject="OASIS Password Reset",
               text_body=text_body,
               html_body=html_body)

    return render_template("login_forgot_pass_submit.html")
Example #5
0
def login_confirm(code):
    """ They've clicked on a confirmation link."""
    if not OaConfig.open_registration:
        abort(404)

    if len(code) > 20:
        abort(404)

    uid = Users.verify_confirm_code(code)
    if not uid:
        abort(404)
    Users.set_confirm(uid)
    Users.set_confirm_code(uid, "")
    return render_template("login_signup_confirmed.html")
Example #6
0
def login_forgot_pass_submit():
    """ Forgot their password. Grab their username and send them a reset email.
    """

    if "cancel" in request.form:
        flash("Password reset cancelled.")
        return redirect(url_for("login_local"))

    username = sanitize_username(request.form.get('username', None))

    if username == "admin":
        flash("""The admin account cannot do an email password reset,
                 please see the Installation instructions.""")
        return redirect(url_for("login_forgot_pass"))

    if username:
        user_id = Users2.uid_by_uname(username)
    else:
        user_id = None

    if not user_id:
        flash("Unknown username ")
        return redirect(url_for("login_forgot_pass"))

    user = Users2.get_user(user_id)
    if not user['source'] == "local":
        flash("Your password is not managed by OASIS, "
              "please contact IT Support.")
        return redirect(url_for("login_forgot_pass"))

    code = Users.gen_confirm_code()
    Users.set_confirm_code(user_id, code)

    email = user['email']
    if not email:
        flash("We do not appear to have an email address on file for "
              "that account.")
        return redirect(url_for("login_forgot_pass"))

    text_body = render_template(os.path.join("email", "forgot_pass.txt"), code=code)
    html_body = render_template(os.path.join("email", "forgot_pass.html"), code=code)
    send_email(user['email'],
               from_addr=None,
               subject="OASIS Password Reset",
               text_body=text_body,
               html_body=html_body)

    return render_template("login_forgot_pass_submit.html")
Example #7
0
def api_users_typeahead():
    """ Take a partially typed user name and return records that match it.
    """
    # TODO: This doesn't work!?
    needle = request.form["term"]
    if not needle:
        matches = ['eric', 'ernie', 'columbia']
    else:
        matches = Users.typeahead(needle)
    return jsonify(result=matches)
Example #8
0
def api_users_typeahead():
    """ Take a partially typed user name and return records that match it.
    """
    # TODO: This doesn't work!?
    needle = request.form["term"]
    if not needle:
        matches = ['eric', 'ernie', 'columbia']
    else:
        matches = Users.typeahead(needle)
    return jsonify(result=matches)
Example #9
0
def user_update_details_from_feed(uid, upid):
    """ Refresh the user's details from feed. Maybe their name or ID changed.
    """
    for feed in UFeeds.all_list():
        try:
            out = feeds_run_user_script(feed.script, args=[upid, ])
        except BaseException as err:
            L.error("Exception running user feed '%s': %s" % (feed.script, err))
            continue

        res = out.splitlines()
        if res[0].startswith("ERROR"):
            L.error("Error running user feed '%s': %s" % (feed.script, res))
            continue

        line = res[1]
        studentid = ""
        try:
            (upid, name, email, studentid) = line.split(',')

        except ValueError:
            try:
                (upid, name, email) = line.split(',')
            except ValueError:
                continue

        given = name.split(" ")[0]
        try:
            family = " ".join(name.split(" ")[1:])
        except ValueError:
            family = ""

        Users.set_email(uid, email)
        Users.set_givenname(uid, given)
        Users.set_familyname(uid, family)
        Users.set_studentid(uid, studentid)
Example #10
0
def user_update_details_from_feed(uid, upid):
    """ Refresh the user's details from feed. Maybe their name or ID changed.
    """
    for feed in UFeeds.all_list():
        try:
            out = feeds_run_user_script(feed.script, args=[upid, ])
        except BaseException as err:
            L.error("Exception running user feed '%s': %s" % (feed.script, err))
            continue

        res = out.splitlines()
        if res[0].startswith("ERROR"):
            L.error("Error running user feed '%s': %s" % (feed.script, res))
            continue

        line = res[1]
        studentid = ""
        try:
            (upid, name, email, studentid) = line.split(',')

        except ValueError:
            try:
                (upid, name, email) = line.split(',')
            except ValueError:
                continue

        given = name.split(" ")[0]
        try:
            family = " ".join(name.split(" ")[1:])
        except ValueError:
            family = ""

        Users.set_email(uid, email)
        Users.set_givenname(uid, given)
        Users.set_familyname(uid, family)
        Users.set_studentid(uid, studentid)
Example #11
0
def login_signup_submit():
    """ They've entered some information and want an account.
        Do some checks and send them a confirmation email if all looks good.
    """
    # TODO: How do we stop someone using this to spam someone?
    if not OaConfig.open_registration:
        abort(404)
    form = request.form
    if not ('username' in form and 'password' in form and 'confirm' in form
            and 'email' in form):
        flash("Please fill in all fields")
        return redirect(url_for("login_signup"))

    username = sanitize_username(form['username'])
    password = form['password']
    confirm = form['confirm']
    email = form['email']

    if username == "" or password == "" or confirm == "" or email == "":
        flash("Please fill in all fields")
        return redirect(url_for("login_signup"))

    if not confirm == password:
        flash("Passwords don't match")
        return redirect(url_for("login_signup"))

    # basic checks in case they entered their street address or something
    # a fuller check is too hard or prone to failure
    if "@" not in email or "." not in email:
        flash("Email address doesn't appear to be valid")
        return redirect(url_for("login_signup"))

    existing = Users2.uid_by_uname(username)
    if existing:
        flash("An account with that name already exists, "
              "please try another username.")
        return redirect(url_for("login_signup"))

    code = Users.gen_confirm_code()
    newuid = Users.create(uname=username,
                          passwd="NOLOGIN",
                          email=email,
                          givenname=username,
                          familyname="",
                          acctstatus=1,
                          studentid="",
                          source="local",
                          confirm_code=code,
                          confirm=False)
    Users2.set_password(newuid, password)

    text_body = render_template(os.path.join("email", "confirmation.txt"),
                                code=code)
    html_body = render_template(os.path.join("email", "confirmation.html"),
                                code=code)
    send_email(email,
               from_addr=None,
               subject="OASIS Signup Confirmation",
               text_body=text_body,
               html_body=html_body)

    return render_template("login_signup_submit.html", email=email)
Example #12
0
def login_signup_submit():
    """ They've entered some information and want an account.
        Do some checks and send them a confirmation email if all looks good.
    """
    # TODO: How do we stop someone using this to spam someone?
    if not OaConfig.open_registration:
        abort(404)
    form = request.form
    if not ('username' in form
            and 'password' in form
            and 'confirm' in form
            and 'email' in form):
        flash("Please fill in all fields")
        return redirect(url_for("login_signup"))

    username = sanitize_username(form['username'])
    password = form['password']
    confirm = form['confirm']
    email = form['email']

    if username == "" or password == "" or confirm == "" or email == "":
        flash("Please fill in all fields")
        return redirect(url_for("login_signup"))

    if not confirm == password:
        flash("Passwords don't match")
        return redirect(url_for("login_signup"))

    # basic checks in case they entered their street address or something
    # a fuller check is too hard or prone to failure
    if "@" not in email or "." not in email:
        flash("Email address doesn't appear to be valid")
        return redirect(url_for("login_signup"))

    existing = Users2.uid_by_uname(username)
    if existing:
        flash("An account with that name already exists, "
              "please try another username.")
        return redirect(url_for("login_signup"))

    code = Users.gen_confirm_code()
    newuid = Users.create(uname=username,
                          passwd="NOLOGIN",
                          email=email,
                          givenname=username,
                          familyname="",
                          acctstatus=1,
                          studentid="",
                          source="local",
                          confirm_code=code,
                          confirm=False)
    Users2.set_password(newuid, password)

    text_body = render_template(os.path.join("email", "confirmation.txt"), code=code)
    html_body = render_template(os.path.join("email", "confirmation.html"), code=code)
    send_email(email,
               from_addr=None,
               subject="OASIS Signup Confirmation",
               text_body=text_body,
               html_body=html_body)

    return render_template("login_signup_submit.html", email=email)