def register_user(request):
session = DBSession()
matchdict = request.matchdict
if (request.logged_in):
request.session.flash(_("You are already logged in and therefore cannot register for a new account."))
return HTTPFound(location = route_url("home", request))
login_url = route_url('login', request)
referrer = request.url
if (referrer == login_url):
referrer = '/' # never use the login form itself as came_from
came_from = request.params.get('came_from', referrer)
fs = None
if 'submitted' in request.params:
fs = RegisterUserFieldSet().bind(User, session = session, data = request.params or None)
valid = fs.validate()
if valid:
user = User()
password = bcrypt.hashpw(fs.password1.value, bcrypt.gensalt())
# TODO
# Shouldn't have to do this, but doing it for simplicity now
user.username = fs.username.value
user.password = password
user.given_name = fs.given_name.value
user.surname = fs.surname.value
user.homepage = fs.homepage.value
#user.email = fs.email.value
user.email = bcrypt.hashpw(fs.email.value, bcrypt.gensalt())
user.created_time = time.time()
user.user_type = User.NORMAL
session.add(user)
session.flush()
User.addToGroup(fs.username.value, "nexus")
request.session["username"] = fs.username.value
headers = remember(request, User.getID(fs.username.value))
request.session.flash(_("You have successfully created a new account!"))
return HTTPFound(location = route_url("home", request), headers = headers)
if (fs is None):
fs = RegisterUserFieldSet().bind(User, session = session)
form = fs.render()
return dict(form = form, title = _("Register new user"))
def reset_password(request):
session = DBSession()
matchdict = request.matchdict
token = matchdict["token"]
forgotPassword = ForgotPassword.getByToken(token)
if (not forgotPassword):
request.session.flash(_("Reset password token not found in database."))
return HTTPFound(location = route_url("home", request))
if (request.logged_in):
request.session.flash(_("You are already logged in and therefore cannot reset a password."))
return HTTPFound(location = route_url("home", request))
login_url = route_url('login', request)
referrer = request.url
if (referrer == login_url):
referrer = '/' # never use the login form itself as came_from
came_from = request.params.get('came_from', referrer)
user = User.getByID(forgotPassword.user.id)
fs = None
if 'submitted' in request.params:
fs = ResetPasswordFieldSet().bind(User, session = session, data = request.params or None)
valid = fs.validate()
if valid:
user = User.getByID(request.params["user_id"])
password = bcrypt.hashpw(fs.password1.value, bcrypt.gensalt())
user.password = password
user.user_type = User.NORMAL
session.add(user)
session.flush()
session.query(ForgotPassword).filter(ForgotPassword.user_id == user.id).delete()
request.session["username"] = user.username
headers = remember(request, user.id)
request.session.flash(_("You have successfully updated your password!"))
return HTTPFound(location = route_url("home", request), headers = headers)
if (fs is None):
fs = ResetPasswordFieldSet().bind(User, session = session)
form = fs.render()
return dict(form = form, user_id = user.id, title = _("Forgot your password?"))
def register_user_openid(request):
session = DBSession()
matchdict = request.matchdict
if (request.logged_in):
request.session.flash(_("You are already logged in and therefore cannot register for a new account."))
return HTTPFound(location = route_url("home", request))
fs = OpenIDUserFieldSet().bind(User, session = session)
fs.append(Field("openid_url", value = request.params.get("openid_url", "")).hidden())
if 'submitted' in request.params:
fs = OpenIDUserFieldSet().bind(User, session = session, data = request.params or None)
valid = fs.validate()
if valid:
user = User()
# TODO
# Shouldn't have to do this, but doing it for simplicity now
# Should validate that the username is unique
user.username = fs.username.value
user.given_name = fs.given_name.value
user.surname = fs.surname.value
user.homepage = fs.homepage.value
user.user_type = User.OPENID
now = time.time()
user.created_time = now
user.password = bcrypt.hashpw(str(int(now)), bcrypt.gensalt())
session.add(user)
session.flush()
User.addToGroup(fs.username.value, "nexus")
request.session["username"] = fs.username.value
user_id = User.getID(fs.username.value)
openid = OpenID(openid_url = request.params.get("openid_url", ""), user_id = user_id)
session.add(openid)
headers = remember(request, user_id)
request.session["username"] = fs.username.value
request.session.flash(_("You have successfully registered!"))
return HTTPFound(location = route_url("home", request), headers = headers)
form = fs.render()
return dict(form = form, title = _("Register new user"))
