def lost_password(request):
"""
Presents lost password page - sends password reset link to
specified email address.
This link is valid only for 10 minutes
"""
form = forms.LostPasswordForm(request.POST, csrf_context=request)
if request.method == 'POST' and form.validate():
user = User.by_email(form.email.data)
if user:
user.regenerate_security_code()
user.security_code_date = datetime.datetime.utcnow()
email_vars = {
'user': user,
'request': request,
'email_title': "AppEnlight :: New password request"
}
UserService.send_email(
request,
recipients=[user.email],
variables=email_vars,
template='/email_templates/lost_password.jinja2')
msg = 'Password reset email had been sent. ' \
'Please check your mailbox for further instructions.'
request.session.flash(_(msg))
return HTTPFound(location=request.route_url('lost_password'))
return {"form": form}
def user_resource_permission_create(request):
"""
Set new permissions for user for a resource
"""
resource = request.context.resource
user_name = request.unsafe_json_body.get('user_name')
user = User.by_user_name(user_name)
if not user:
user = User.by_email(user_name)
if not user:
return False
for perm_name in request.unsafe_json_body.get('permissions', []):
permission = UserResourcePermission.by_resource_user_and_perm(
user.id, perm_name, resource.resource_id)
if not permission:
permission = UserResourcePermission(perm_name=perm_name,
user_id=user.id)
resource.user_permissions.append(permission)
DBSession.flush()
perms = [
p.perm_name for p in resource.perms_for_user(user) if p.type == 'user'
]
result = {'user_name': user.user_name, 'permissions': list(set(perms))}
return result
def search_users(request):
"""
Returns a list of users for autocomplete
"""
user = request.user
items_returned = []
like_condition = request.params.get('user_name', '') + '%'
# first append used if email is passed
found_user = User.by_email(request.params.get('user_name', ''))
if found_user:
name = '{} {}'.format(found_user.first_name, found_user.last_name)
items_returned.append({'user': found_user.user_name, 'name': name})
for found_user in User.user_names_like(like_condition).limit(20):
name = '{} {}'.format(found_user.first_name, found_user.last_name)
items_returned.append({'user': found_user.user_name, 'name': name})
return items_returned
def groups_users_add(request):
"""
Get list of permissions assigned to specific resources
"""
group = GroupService.by_id(request.matchdict.get('group_id'))
user = User.by_user_name(request.unsafe_json_body.get('user_name'))
if not user:
user = User.by_email(request.unsafe_json_body.get('user_name'))
if not group or not user:
return HTTPNotFound()
if user not in group.users:
group.users.append(user)
group.member_count = group.users_dynamic.count()
props = [
'user_name', 'id', 'first_name', 'last_name', 'email',
'last_login_date', 'status'
]
u_dict = user.get_dict(include_keys=props)
u_dict['gravatar_url'] = user.gravatar_url(s=20)
return u_dict
def unique_email_validator(form, field):
user = User.by_email(field.data)
if user:
raise wtforms.ValidationError('This email already exists in system')
def found_username_email_validator(form, field):
user = User.by_email(field.data)
if not user:
raise wtforms.ValidationError('Email is incorrect')