def profile(account_id=None): """ Render the user page. """ if not is_authenticated(current_user): flash_error("This is only for registered users") abort(403) if account_id: account = Account.by_id(account_id) else: account = current_user if not account: flash_error("Cannot find the user account") abort(404) dataview_list = Dataview.query.filter_by(account_id=account.id).all() topics_tracked = current_user.tracked_topics.count() # page = request.args.get("forumpage", 1, type=int) # topics = current_user.tracked_topics.\ # outerjoin(TopicsRead, # db.and_(TopicsRead.topic_id == Topic.id, # TopicsRead.user_id == current_user.id)).\ # add_entity(TopicsRead).\ # order_by(Topic.last_updated.desc()).\ # paginate(page, flaskbb_config['TOPICS_PER_PAGE'], True) # return render_template("forum/forum/topictracker.html", topics=topics) return render_template('user/user.jade', account=account, dataviews=dataview_list, topics_tracked=topics_tracked)
def trigger_reset(): """ Allow user to trigger a reset of the password in case they forget it """ values = {"csrf_token": generate_csrf_token()} # If it's a simple GET method we return the form if request.method == 'GET': return render_template('account/trigger_reset.html', form_fill=values) # Get the email email = request.form.get('email') # Simple check to see if the email was provided. Flash error if not if email is None or not len(email): flash_error("Please enter an email address!") return render_template('account/trigger_reset.html', form_fill=values) # Get the account for this email account = Account.by_email(email) # If no account is found we let the user know that it's not registered if account is None: flash_error("No user is registered under this address!") return render_template('account/trigger_reset.html', form_fill=values) account.reset_loginhash() db.session.commit() # Send the reset link to the email of this account sendhash(account) # Redirect to the login page return redirect(url_for('account.email_message', id=account.id))
def login_perform(): account = Account.by_email(request.form.get('login')) #if account is not None and account.verified == True: if account is not None: if check_password_hash(account.password, request.form.get('password')): logout_user() login_user(account, remember=True) flash_success("Welcome back, " + account.fullname + "!") return redirect(url_for('home.index')) flash_error("Incorrect user name or password!") return login()
def edit_profile(account_id): account = Account.by_id(account_id) if not account: flash_error("This is not a valid account") abort(404) if account.id != current_user.id and not current_user.admin: flash_error("You cannot access this content") abort(403) values = { "fullname": account.fullname, "website": account.website, "csrf_token": generate_csrf_token() } return render_template('account/edit_profile.jade', form_fill=values, account_id=account_id)
def edit_profile_post(account_id): """ Perform registration of a new user """ errors, values = {}, dict(request.form.items()) account = Account.by_id(account_id) if not account: flash_error("This is not a valid account") abort(404) if account.id != current_user.id and not current_user.admin: flash_error("You cannot access this content") abort(403) try: # Grab the actual data and validate it data = AccountSettings().deserialize(values) if (data['website'].find('http://') == -1) and data['website'] != "": data['website'] = 'http://%s' % data['website'] account.fullname = data['fullname'] account.website = data['website'] db.session.commit() # TO DO redirect to email sent page return redirect(url_for('account.profile', account_id=account.id)) except colander.Invalid as i: errors = i.asdict() print errors if request.form.get("csrf_token", None): values['csrf_token'] = request.form.get('csrf_token') else: values["csrf_token"] = generate_csrf_token() return render_template('account/edit_profile.jade', form_fill=values, form_errors=errors, account_id=account_id)
def register(): """ Perform registration of a new user """ errors, values = {}, dict(request.form.items()) try: # Grab the actual data and validate it data = AccountRegister().deserialize(values) #check if email is already registered # it is, then send the email hash for the login #check that email is real #get the domain if (data['email'].find('@') == -1 or data['email'].find('.') == -1): flash_error("You must use a valid USG email address") raise colander.Invalid(AccountRegister.email, "You must use a valid USG email address") domain = data['email'][data['email'].find('@') + 1:] if 'EMAIL_WHITELIST' not in current_app.config.keys(): flash_error( "Your email is not current supported. The login option is only available for US Government offices at this time." ) raise colander.Invalid( AccountRegister.email, "System not set correctly. Please contact the administrator.") domainvalid = False for domainemail in current_app.config['EMAIL_WHITELIST']: if domain.lower() == domainemail.lower(): domainvalid = True if not domainvalid: flash_error( "Your email is not current supported. The login option is only available for US Government offices at this time." ) raise colander.Invalid( AccountRegister.email, "Your email is not available for registration. Currently it is only available for US Government emails." ) # Check if the username already exists, return an error if so if Account.by_email(data['email']): flash_error( "Login Name already exists. Click request password reset to change your password." ) #resend the hash here to the email and notify the user raise colander.Invalid( AccountRegister.email, "Login Name already exists. Click request password reset to change your password." ) # Create the account account = Account() account.fullname = data['fullname'] account.email = data['email'] db.session.add(account) db.session.commit() # Perform a login for the user #login_user(account, remember=True) sendhash(account) # TO DO redirect to email sent page return redirect(url_for('account.email_message', id=account.id)) except colander.Invalid as i: errors = i.asdict() if request.form.get("csrf_token", None): values['csrf_token'] = request.form.get('csrf_token') else: values["csrf_token"] = generate_csrf_token() return render_template( 'account/login.jade', form_fill=values, form_errors=errors, form_fill_login={'csrf_token': values['csrf_token']})