def post(self):
if self.form.is_valid():
em_address = self.form.elements.email_address.value
user_obj = orm_User.reset_password(em_address)
if user_obj:
if send_reset_password_email(user_obj):
session_user.add_message(
'notice',
'An email with a link to reset your password has been sent.'
)
else:
session_user.add_message(
'error',
'An error occurred while sending the notification email. Your '
'password has not been reset.'
)
url = current_url(root_only=True)
redirect(url)
else:
session_user.add_message(
'error',
'Did not find a user with email address: %s' % em_address
)
elif self.form.is_submitted():
# form was submitted, but invalid
self.form.assign_user_errors()
self.default()
def post(self):
if self.form.is_valid():
user = orm_User.validate(
self.form.els.login_id.value,
self.form.els.password.value
)
if user:
if user.inactive:
session_user.add_message('error', 'That user is inactive.')
else:
load_session_user(user)
log.application('user %s logged in; session id: %s; remote_ip: %s',
user.login_id, rg.session.id, rg.request.remote_addr)
session_user.add_message('notice', 'You logged in successfully!')
if user.reset_required:
url = url_for('auth:ChangePassword')
else:
url = after_login_url()
redirect(url)
else:
log.application('user login failed; user login: %s; session id: %s; remote_ip: %s',
self.form.elements.login_id.value, rg.session.id,
rg.request.remote_addr)
session_user.add_message('error', 'Login failed! Please try again.')
elif self.form.is_submitted():
# form was submitted, but invalid
self.form.assign_user_errors()
self.default()
def delete_record(self):
try:
CommonCrudBase.delete_record(self)
except IntegrityError:
session_user.add_message(
'warning',
'could not delete, the {0} is in use'.format(self.objname)
)
redirect(url_for(self.endpoint, action='manage', session_key=self.session_key))
def post(self):
if self.form.is_valid():
orm_User.get(session_user.id).update_password(self.form.elements.password.value)
session_user.reset_required = False
session_user.add_message('notice', 'Your password has been changed successfully.')
url = after_login_url() if rg.request.url == url_for('auth:ChangePassword') \
else rg.request.url
redirect(url)
elif self.form.is_submitted():
# form was submitted, but invalid
self.form.assign_user_errors()
self.default()
def send_to_index(sender, endpoint, urlargs):
"""
simulating hijacking the request and forcing it to go to another view.
This minicks what you would want to do if a user need to change a password,
was locked out, or any number of things that might cause you to want to
send them to a different location than the one they are requesting.
"""
if 'request-hijack/forward' in rg.request.url:
# we have to have a flag that says we have already forwarded, otherwise
# we will get a forward loop since the request isn't modified
# when we forward
if getattr(rg, 'newlayout_events_send_to_index', None):
return
rg.newlayout_events_send_to_index = True
forward('Index', tname='index')
elif 'request-hijack/redirect' in rg.request.url:
redirect('index/index')
def send_to_index(sender, endpoint, urlargs):
"""
simulating hijacking the request and forcing it to go to another view.
This minicks what you would want to do if a user need to change a password,
was locked out, or any number of things that might cause you to want to
send them to a different location than the one they are requesting.
"""
if 'request-hijack/forward' in rg.request.url:
# we have to have a flag that says we have already forwarded, otherwise
# we will get a forward loop since the request isn't modified
# when we forward
if getattr(rg, 'newlayout_events_send_to_index', None):
return
rg.newlayout_events_send_to_index = True
forward('Index', tname='index')
elif 'request-hijack/redirect' in rg.request.url:
redirect('/index/index')
def post(self, login_id, key):
if self.form.is_valid():
self.user.update_password(self.form.elements.password.value)
session_user.add_message('notice', 'Your password has been reset successfully.')
# at this point, the user has been verified, and we can setup the user
# session and kill the reset
load_session_user(self.user)
self.user.kill_reset_key()
# redirect as if this was a login
url = after_login_url()
redirect(url)
elif self.form.is_submitted():
# form was submitted, but invalid
self.form.assign_user_errors()
self.assign_form()
self.render_template()
def default(self, sendby=None):
if sendby == 'forward':
forward('AppLevelView')
assert False
if sendby == 'redirect':
redirect('/applevelview/foo')
assert False
if sendby == 'rdp':
redirect('/applevelview/foo', permanent=True)
if sendby == '303':
redirect('/applevelview/foo', code=303)
return 'news index'
def default(self):
redirect('some/other/page', permanent=True)
def default(self):
redirect('some/other/page')
def form_when_completed(self):
redirect(url_for(
self.endpoint,
action='manage',
session_key=self.session_key
))
def default(self):
rg.session.invalidate()
url = url_for('auth:Login')
redirect(url)
def default(self):
redirect('/some/other/page', permanent=True)
def abort(self, msg='invalid reset request'):
session_user.add_message('error', '%s, use the form below to resend reset link' % msg)
url = url_for('auth:LostPassword')
redirect(url)
def default(self):
redirect('/some/other/page', code=303)
def default(self):
redirect('some/other/page', code=303)
def form_on_cancel(self):
session_user.add_message('notice', 'no changes made to your profile')
redirect(current_url(root_only=True))
def default(self):
redirect('/some/other/page')
