def changepw(user_id):
if not current_user.is_admin and user_id != current_user.id:
abort(401)
user = User.query.get(user_id)
if not user:
abort(404)
form = ChangePasswordForm()
if form.validate_on_submit():
current_pw = hash_password(user.login, form.current_password.data)
if current_pw != user.password:
flash(gettext('Current password doesn\'t match'))
else:
user.password = hash_password(user.login, form.password.data)
db.session.add(user)
db.session.commit()
flash(gettext('Password changed successfully'))
if current_user.is_admin:
return redirect(url_for('users.index'))
else:
return redirect(url_for('general.index'))
return render_template('users/change_password.html', form=form, user=user)
def changepw(user_id):
if not current_user.is_admin and user_id != current_user.id:
abort(401)
user = User.query.get(user_id)
if not user:
abort(404)
form = ChangePasswordForm()
if form.validate_on_submit():
current_pw = hash_password(user.login, form.current_password.data)
if current_pw != user.password:
flash(gettext('Current password doesn\'t match'))
else:
user.password = hash_password(user.login, form.password.data)
db.session.add(user)
db.session.commit()
flash(gettext('Password changed successfully'))
if current_user.is_admin:
return redirect(url_for('users.index'))
else:
return redirect(url_for('general.index'))
return render_template('users/change_password.html', form=form, user=user)
def add():
if not current_user.is_admin:
abort(401)
form = NewUserForm()
if form.validate_on_submit():
user = User(
login=form.login.data,
email=form.email.data,
password = hash_password(form.login.data, form.password.data)
)
user.active = form.active.data
user.account_type = form.account_type.data
user.locale = form.locale.data
user.timezone = form.timezone.data
user.first_name = form.first_name.data
user.last_name = form.last_name.data
db.session.add(user)
db.session.commit()
flash(gettext(u'User added successfully'))
return redirect(url_for('users.index'))
else:
form.timezone.data = str(get_timezone())
form.locale.data = str(get_locale())
return render_template('users/new.html', form=form)
def login():
if g.user is not None and g.user.is_authenticated():
return redirect(url_for('general.index'))
form = LoginForm()
if form.validate_on_submit():
# Validate User
user = User.query.filter(User.login == form.username.data).first()
if not user:
flash(gettext('Invalid credentials'), 'danger')
else:
password = hash_password(form.username.data, form.password.data)
if user.password != password:
flash(gettext('Invalid credentials'), 'danger')
else:
if login_user(user):
flash(gettext('You have been successfully signed in'), 'success')
session['remember_me'] = form.remember_me.data
return redirect(url_for('general.index'))
else:
flash(gettext('Cannot sign in'),'danger')
return render_template('users/login.html', form=form, hide_sidebar=True, hide_header=True, class_body='bg-black', class_html = 'bg-black')
def add():
if not current_user.is_admin:
abort(401)
form = NewUserForm()
if form.validate_on_submit():
user = User(login=form.login.data,
email=form.email.data,
password=hash_password(form.login.data,
form.password.data))
user.active = form.active.data
user.account_type = form.account_type.data
user.locale = form.locale.data
user.timezone = form.timezone.data
user.first_name = form.first_name.data
user.last_name = form.last_name.data
db.session.add(user)
db.session.commit()
flash(gettext(u'User added successfully'))
return redirect(url_for('users.index'))
else:
form.timezone.data = str(get_timezone())
form.locale.data = str(get_locale())
return render_template('users/new.html', form=form)
def login():
if g.user is not None and g.user.is_authenticated():
return redirect(url_for('general.index'))
form = LoginForm()
if form.validate_on_submit():
# Validate User
user = User.query.filter(User.login == form.username.data).first()
if not user:
flash(gettext('Invalid credentials'), 'danger')
else:
password = hash_password(form.username.data, form.password.data)
if user.password != password:
flash(gettext('Invalid credentials'), 'danger')
else:
if login_user(user):
flash(gettext('You have been successfully signed in'),
'success')
session['remember_me'] = form.remember_me.data
return redirect(url_for('general.index'))
else:
flash(gettext('Cannot sign in'), 'danger')
return render_template('users/login.html',
form=form,
hide_sidebar=True,
hide_header=True,
class_body='bg-black',
class_html='bg-black')
def register():
if not app.config.get('ALLOW_REGISTRATIONS'):
abort(404)
form = NewUserForm()
if form.validate_on_submit():
try:
exists = User.query.filter(User.email == form.email.data).first()
if exists:
flash(gettext('Email address already registered'))
else:
user = User(
login=form.login.data,
email=form.email.data,
password = hash_password(form.login.data, form.password.data),
active = ACCOUNT_DISABLED
)
user.first_name = form.first_name.data
user.last_name = form.last_name.data
user.locale = str(get_locale())
user.timezone = str(get_timezone())
db.session.add(user)
db.session.commit()
# Send email
sent = send_email(
gettext('Welcome to %(appname)s', appname = app.config.get('APP_TITLE')),
app.config.get('MAIL_SENDER'),
[form.email.data],
render_template('users/mail_register.txt', user=user),
render_template('users/mail_register.html', user=user),
)
if sent:
flash(gettext('Account created successfully. Please check your email for instructions on activating your account'))
else:
flash(gettext('Account created successfully but there were server-side errors while sending the email activation code. Your account needs to be manually activated.'))
return redirect(url_for('users.login'))
except OperationalError:
if app.config.get('DEBUG'):
flash(gettext('Error creating user. Database not set'))
return redirect(url_for('users.login'))
else:
abort(500)
return render_template('users/register.html', form=form, hide_sidebar=True, hide_header=True, class_body='bg-black', class_html ='bg-black')
#!/usr/bin/env python
import sys, os
# Fix path for importing modules
CURRENT_DIR = os.path.abspath(os.path.dirname(__file__))
PACKAGE_DIR = os.path.abspath(os.path.join(CURRENT_DIR, os.pardir))
sys.path.append(PACKAGE_DIR)
from aleph.webui.database import db
from aleph.webui.models import *
from aleph.webui.utils import hash_password
from aleph.constants import ACCOUNT_SUPERUSER
try:
db.create_all()
# Let's create an admin user
u = User(login='******',
email='*****@*****.**',
password=hash_password('admin', 'changeme12!'))
u.account_type = ACCOUNT_SUPERUSER
u.first_name = 'System'
u.last_name = 'Administrator'
db.session.add(u)
db.session.commit()
print "Database created successfully"
except Exception, e:
print "Error creating database: %s" % str(e)
#!/usr/bin/env python
import sys, os
# Fix path for importing modules
CURRENT_DIR = os.path.abspath(os.path.dirname(__file__))
PACKAGE_DIR = os.path.abspath(os.path.join(CURRENT_DIR, os.pardir))
sys.path.append(PACKAGE_DIR)
from aleph.webui.database import db
from aleph.webui.models import *
from aleph.webui.utils import hash_password
from aleph.constants import ACCOUNT_SUPERUSER
try:
db.create_all()
# Let's create an admin user
u = User(login='******', email='*****@*****.**', password=hash_password('admin', 'changeme12!'))
u.account_type = ACCOUNT_SUPERUSER
u.first_name = 'System'
u.last_name = 'Administrator'
db.session.add(u)
db.session.commit()
print "Database created successfully"
except Exception, e:
print "Error creating database: %s" % str(e)
def register():
if not app.config.get('ALLOW_REGISTRATIONS'):
abort(404)
form = NewUserForm()
if form.validate_on_submit():
try:
exists = User.query.filter(User.email == form.email.data).first()
if exists:
flash(gettext('Email address already registered'))
else:
user = User(login=form.login.data,
email=form.email.data,
password=hash_password(form.login.data,
form.password.data),
active=ACCOUNT_DISABLED)
user.first_name = form.first_name.data
user.last_name = form.last_name.data
user.locale = str(get_locale())
user.timezone = str(get_timezone())
db.session.add(user)
db.session.commit()
# Send email
sent = send_email(
gettext('Welcome to %(appname)s',
appname=app.config.get('APP_TITLE')),
app.config.get('MAIL_SENDER'),
[form.email.data],
render_template('users/mail_register.txt', user=user),
render_template('users/mail_register.html', user=user),
)
if sent:
flash(
gettext(
'Account created successfully. Please check your email for instructions on activating your account'
))
else:
flash(
gettext(
'Account created successfully but there were server-side errors while sending the email activation code. Your account needs to be manually activated.'
))
return redirect(url_for('users.login'))
except OperationalError:
if app.config.get('DEBUG'):
flash(gettext('Error creating user. Database not set'))
return redirect(url_for('users.login'))
else:
abort(500)
return render_template('users/register.html',
form=form,
hide_sidebar=True,
hide_header=True,
class_body='bg-black',
class_html='bg-black')
