def render_template(template_name, **context): """Renders a template into a string.""" template = jinja_env.get_template(template_name) context['request'] = Request.current context['theme'] = get_theme() context['auth_system'] = get_auth_system() return template.render(context)
def logout(request): """Logs the user out.""" if request.is_logged_in: rv = get_auth_system().logout(request) if rv is not None: return rv request.flash(_(u'You were logged out.')) return redirect(request.next_url or url_for('kb.overview'))
def __init__(self, user, initial=None, action=None, request=None): self.user = user self.auth_system = get_auth_system() if user is not None: initial = forms.fill_dict(initial, real_name=user.real_name) if not self.auth_system.email_managed_external: initial['email'] = user.email forms.Form.__init__(self, initial, action, request) if self.auth_system.email_managed_external: del self.fields['email']
def reset_password(request, email=None, key=None): """Resets the password if possible.""" auth = get_auth_system() if not auth.can_reset_password: raise NotFound() form = ResetPasswordForm() new_password = None # if the user is logged in, he goes straight back to the overview # page. Why would a user that is logged in (and does not anywhere # see a link to that page) reset the password? Of course that does # not give us anything security wise because he just has to logout. if request.is_logged_in: return redirect(url_for('kb.overview')) # we came back from the link in the mail, try to reset the password if email is not None: for user in User.query.filter_by(email=email).all(): if user.password_reset_key == key: break else: request.flash(_(u'The password-reset key expired or the link ' u'was invalid.'), error=True) return redirect(url_for('core.reset_password')) new_password = user.set_random_password() session.commit() # otherwise validate the form elif request.method == 'POST' and form.validate(request.form): user = form.user reset_url = url_for('core.reset_password', email=user.email, key=user.password_reset_key, _external=True) send_email( _(u'Reset Password'), render_template('mails/reset_password.txt', user=user, reset_url=reset_url), user.email) request.flash( _(u'A mail with a link to reset the password ' u'was sent to “%s”') % user.email) return redirect(url_for('kb.overview')) return render_template('core/reset_password.html', form=form.as_widget(), new_password=new_password)
def reset_password(request, email=None, key=None): """Resets the password if possible.""" auth = get_auth_system() if not auth.can_reset_password: raise NotFound() form = ResetPasswordForm() new_password = None # if the user is logged in, he goes straight back to the overview # page. Why would a user that is logged in (and does not anywhere # see a link to that page) reset the password? Of course that does # not give us anything security wise because he just has to logout. if request.is_logged_in: return redirect(url_for('kb.overview')) # we came back from the link in the mail, try to reset the password if email is not None: for user in User.query.filter_by(email=email).all(): if user.password_reset_key == key: break else: request.flash(_(u'The password-reset key expired or the link ' u'was invalid.'), error=True) return redirect(url_for('core.reset_password')) new_password = user.set_random_password() session.commit() # otherwise validate the form elif request.method == 'POST' and form.validate(request.form): user = form.user reset_url = url_for('core.reset_password', email=user.email, key=user.password_reset_key, _external=True) send_email(_(u'Reset Password'), render_template('mails/reset_password.txt', user=user, reset_url=reset_url), user.email) request.flash(_(u'A mail with a link to reset the password ' u'was sent to “%s”') % user.email) return redirect(url_for('kb.overview')) return render_template('core/reset_password.html', form=form.as_widget(), new_password=new_password)
def user(self): """The current user.""" return get_auth_system().get_user(self)
def __init__(self, initial=None, action=None, request=None): forms.Form.__init__(self, initial, action, request) self.auth_system = get_auth_system() if self.auth_system.passwordless: del self.fields['password']
def edit_profile(request): """Allows the user to change profile information.""" return get_auth_system().edit_profile(request)
def register(request): """Register a new user.""" if request.is_logged_in: return redirect(request.next_url or url_for('kb.overview')) return get_auth_system().register(request)
def login(request): """Shows the login page.""" next_url = request.next_url or url_for('kb.overview') if request.is_logged_in: return redirect(next_url) return get_auth_system().login(request)