def setup_change_pass_submit(): """ Set a new password """ user_id = session['user_id'] user = Users2.get_user(user_id) if "newpass" not in request.form or "confirm" not in request.form: flash("Please provide your new password") return redirect(url_for("setup_change_pass")) newpass = request.form['newpass'] confirm = request.form['confirm'] if len(newpass) < 7: flash("Password is too short, please try something longer.") return redirect(url_for("setup_change_pass")) if not newpass == confirm: flash("Passwords do not match") return redirect(url_for("setup_change_pass")) Users2.set_password(user_id=user_id, clearpass=newpass) audit(1, user_id, user_id, "Setup", "%s reset password for %s." % (user['uname'], user['uname'])) flash("Password changed") return redirect(url_for("setup_myprofile"))
def setup_change_pass_submit(): """ Set a new password """ user_id = session['user_id'] user = Users2.get_user(user_id) if "newpass" not in request.form or "confirm" not in request.form: flash("Please provide your new password") return redirect(url_for("setup_change_pass")) newpass = request.form['newpass'] confirm = request.form['confirm'] if len(newpass) < 7: flash("Password is too short, please try something longer.") return redirect(url_for("setup_change_pass")) if not newpass == confirm: flash("Passwords do not match") return redirect(url_for("setup_change_pass")) Users2.set_password(user_id=user_id, clearpass=newpass) audit(1, user_id, user_id, "Setup", "%s reset password for %s." % (user['uname'], user['uname'])) flash("Password changed") return redirect(url_for("setup_myprofile"))
def setup_usercreate(): """ Show a page allowing the admin to enter user details to create an account. """ user_id = session['user_id'] if not check_perm(user_id, -1, "useradmin"): flash("You do not have User Administration access.") return redirect(url_for('setup_top')) new_uname = "" new_fname = "" new_sname = "" new_email = "" new_pass = "" new_confirm = "" error = None if request.method == "POST": form = request.form if "usercreate_cancel" in form: flash("User Account Creation Cancelled") return redirect(url_for('setup_usersearch')) if "usercreate_save" in form: new_uname = form.get('new_uname', "") new_fname = form.get('new_fname', "") new_sname = form.get('new_sname', "") new_email = form.get('new_email', "") new_pass = form.get('new_pass', "") new_confirm = form.get('new_confirm', "") if not all((new_uname, new_email, new_pass, new_confirm)): error = "Please fill in all fields." elif Users2.uid_by_uname(new_uname): error = "ERROR: An account already exists with that name" elif new_confirm == "" or not new_confirm == new_pass: error = "Passwords don't match (or are empty)" else: # yaay, it's ok # uname, passwd, givenname, familyname, acctstatus, # studentid, email=None, expiry=None, source="local" Users2.create(new_uname, "nologin-creation", new_fname, new_sname, 2, '', new_email) Users2.set_password(Users2.uid_by_uname(new_uname), new_pass) flash("New User Account Created for %s" % new_uname) new_uname = "" new_fname = "" new_sname = "" new_email = "" new_pass = "" new_confirm = "" if error: flash(error) return render_template( 'setup_usercreate.html', new_uname=new_uname, new_fname=new_fname, new_sname=new_sname, new_email=new_email, new_pass=new_pass, new_confirm=new_confirm )
def login_signup_submit(): """ They've entered some information and want an account. Do some checks and send them a confirmation email if all looks good. """ # TODO: How do we stop someone using this to spam someone? if not OaConfig.open_registration: abort(404) form = request.form if not ('username' in form and 'password' in form and 'confirm' in form and 'email' in form): flash("Please fill in all fields") return redirect(url_for("login_signup")) username = sanitize_username(form['username']) password = form['password'] confirm = form['confirm'] email = form['email'] if username == "" or password == "" or confirm == "" or email == "": flash("Please fill in all fields") return redirect(url_for("login_signup")) if not confirm == password: flash("Passwords don't match") return redirect(url_for("login_signup")) # basic checks in case they entered their street address or something # a fuller check is too hard or prone to failure if "@" not in email or "." not in email: flash("Email address doesn't appear to be valid") return redirect(url_for("login_signup")) existing = Users2.uid_by_uname(username) if existing: flash("An account with that name already exists, " "please try another username.") return redirect(url_for("login_signup")) code = Users.gen_confirm_code() newuid = Users.create(uname=username, passwd="NOLOGIN", email=email, givenname=username, familyname="", acctstatus=1, studentid="", source="local", confirm_code=code, confirm=False) Users2.set_password(newuid, password) text_body = render_template(os.path.join("email", "confirmation.txt"), code=code) html_body = render_template(os.path.join("email", "confirmation.html"), code=code) send_email(email, from_addr=None, subject="OASIS Signup Confirmation", text_body=text_body, html_body=html_body) return render_template("login_signup_submit.html", email=email)
def setup_usercreate(): """ Show a page allowing the admin to enter user details to create an account. """ user_id = session['user_id'] if not check_perm(user_id, -1, "useradmin"): flash("You do not have User Administration access.") return redirect(url_for('setup_top')) new_uname = "" new_fname = "" new_sname = "" new_email = "" new_pass = "" new_confirm = "" error = None if request.method == "POST": form = request.form if "usercreate_cancel" in form: flash("User Account Creation Cancelled") return redirect(url_for('setup_usersearch')) if "usercreate_save" in form: new_uname = form.get('new_uname', "") new_fname = form.get('new_fname', "") new_sname = form.get('new_sname', "") new_email = form.get('new_email', "") new_pass = form.get('new_pass', "") new_confirm = form.get('new_confirm', "") if not all((new_uname, new_email, new_pass, new_confirm)): error = "Please fill in all fields." elif Users2.uid_by_uname(new_uname): error = "ERROR: An account already exists with that name" elif new_confirm == "" or not new_confirm == new_pass: error = "Passwords don't match (or are empty)" else: # yaay, it's ok # uname, passwd, givenname, familyname, acctstatus, # studentid, email=None, expiry=None, source="local" Users2.create(new_uname, "nologin-creation", new_fname, new_sname, 2, '', new_email) Users2.set_password(Users2.uid_by_uname(new_uname), new_pass) flash("New User Account Created for %s" % new_uname) new_uname = "" new_fname = "" new_sname = "" new_email = "" new_pass = "" new_confirm = "" if error: flash(error) return render_template('setup_usercreate.html', new_uname=new_uname, new_fname=new_fname, new_sname=new_sname, new_email=new_email, new_pass=new_pass, new_confirm=new_confirm)
def login_signup_submit(): """ They've entered some information and want an account. Do some checks and send them a confirmation email if all looks good. """ # TODO: How do we stop someone using this to spam someone? if not OaConfig.open_registration: abort(404) form = request.form if not ('username' in form and 'password' in form and 'confirm' in form and 'email' in form): flash("Please fill in all fields") return redirect(url_for("login_signup")) username = sanitize_username(form['username']) password = form['password'] confirm = form['confirm'] email = form['email'] if username == "" or password == "" or confirm == "" or email == "": flash("Please fill in all fields") return redirect(url_for("login_signup")) if not confirm == password: flash("Passwords don't match") return redirect(url_for("login_signup")) # basic checks in case they entered their street address or something # a fuller check is too hard or prone to failure if "@" not in email or "." not in email: flash("Email address doesn't appear to be valid") return redirect(url_for("login_signup")) existing = Users2.uid_by_uname(username) if existing: flash("An account with that name already exists, " "please try another username.") return redirect(url_for("login_signup")) code = Users.gen_confirm_code() newuid = Users.create(uname=username, passwd="NOLOGIN", email=email, givenname=username, familyname="", acctstatus=1, studentid="", source="local", confirm_code=code, confirm=False) Users2.set_password(newuid, password) text_body = render_template(os.path.join("email", "confirmation.txt"), code=code) html_body = render_template(os.path.join("email", "confirmation.html"), code=code) send_email(email, from_addr=None, subject="OASIS Signup Confirmation", text_body=text_body, html_body=html_body) return render_template("login_signup_submit.html", email=email)