def start(self, context, request, appstruct, **kw):
login = appstruct['email']
adapter = request.registry.queryMultiAdapter((context, request),
IUserLocator)
if adapter is None:
adapter = DefaultUserLocator(context, request)
user = adapter.get_user_by_email(login)
if user is not None:
principals = find_service(user, 'principals')
reset = principals.add_reset(user)
reseturl = request.resource_url(reset)
email = user.email
site = get_site_folder(True)
localizer = request.localizer
mail_template = site.get_mail_template('reset_password')
subject = mail_template['subject']
message = mail_template['template'].format(
person=user,
user_title=localizer.translate(
_(getattr(user, 'user_title', ''))),
reseturl=reseturl,
lac_title=request.root.title)
alert('email', [site.get_site_sender()], [email], {
'subject': subject,
'body': message
})
return {}
def velruse_login_complete_view(self):
context = self.context
request = self.request
profile = context.profile
account = profile['accounts'][0]
domain = account['domain']
username = account['username']
userid = account['userid']
sd_userid = f'{domain}_{userid}'
root = root_factory(request)
adapter = request.registry.queryMultiAdapter(
(root, request), IUserLocator)
if adapter is None:
adapter = DefaultUserLocator(root, request)
user = adapter.get_user_by_login(sd_userid)
headers = []
if user is None:
photos = profile.get('photos')
if photos:
photo_url = photos[0]['value']
request.session['photo_url'] = photo_url
request.session['userid'] = sd_userid
realname = profile['displayName']
request.session['profilename'] = username
request.session['realname'] = realname
location = request.resource_url(root, 'create_profile')
else:
objectmap = find_objectmap(root)
performer = list(objectmap.sources(user, PerformerToUser))[0]
location = request.resource_url(performer)
headers = remember(request, get_oid(user))
return HTTPFound(location, headers=headers)
def effective_principals(self, request):
""" See IAuthenticationPolicy.
"""
context = request.context
effective_principals = [Everyone]
userid = self.unauthenticated_userid(request)
if userid is None:
return effective_principals
if userid in (Authenticated, Everyone): #pragma NO COVER
return None
effective_principals.append(userid)
effective_principals.append('system.Identified')
adapter = request.registry.queryMultiAdapter(
(context, request), IUserLocator)
if adapter is None:
adapter = DefaultUserLocator(context, request)
try:
user = adapter.get_user_by_userid(userid)
except ValueError:
user = None
if user is not None:
effective_principals.append(Authenticated)
effective_principals.extend(
adapter.get_groupids(userid))
return effective_principals
def login(self):
"""Log in with 'username' and 'password'
"""
body = self.request.json_body
if 'username' not in body or 'password' not in body:
raise HTTPBadRequest()
username = body['username']
password = body['password']
user_locator = self.request.registry.queryMultiAdapter(
(self.context, self.request), IUserLocator)
if user_locator is None:
user_locator = DefaultUserLocator(self.context, self.request)
user = user_locator.get_user_by_login(username)
if user is None or not user.check_password(password):
raise HTTPUnauthorized()
headers = remember(self.request, get_oid(user))
self.request.response.headerlist.extend(headers)
self.request.registry.notify(
LoggedIn(username, user, self.context, self.request))
return self.user_json(user)
def start(self, context, request, appstruct, **kw):
login = appstruct['email']
adapter = request.registry.queryMultiAdapter(
(context, request),
IUserLocator
)
if adapter is None:
adapter = DefaultUserLocator(context, request)
user = adapter.get_user_by_email(login)
if user is not None:
principals = find_service(user, 'principals')
reset = principals.add_reset(user)
reseturl = request.resource_url(reset)
if not user.email:
raise ValueError('User does not possess a valid email address.')
subject = RESETPW_SUBJECT.format(novaideo_title=request.root.title)
localizer = request.localizer
message = RESETPW_MESSAGE.format(
recipient_title=localizer.translate(_(getattr(user, 'user_title',''))),
recipient_first_name=getattr(user, 'first_name', user.name),
recipient_last_name=getattr(user, 'last_name',''),
reseturl=reseturl,
novaideo_title=request.root.title
)
mailer_send(subject=subject,
recipients=[user.email],
body=message)
return {}
def velruse_login_complete_view(context, request):
provider = context.provider_name
profile = context.profile
username = profile['accounts'][0]['username']
root = root_factory(request)
adapter = request.registry.queryMultiAdapter(
(root, request), IUserLocator)
if adapter is None:
adapter = DefaultUserLocator(root, request)
user = adapter.get_user_by_login(username)
if user is None:
registry = request.registry
principals = find_service(root, 'principals')
user = principals.add_user(username, registry=registry)
performer = registry.content.create('Performer')
root['performers'][username] = performer
performer.title = profile['displayName']
addresses = profile.get('addresses')
if addresses:
user.email = performer.email = addresses[0]['formatted']
photos = profile.get('photos')
if photos:
performer.photo_url = photos[0]['value']
performer.age = colander.null
performer.sex = user.favorite_genre = None
performer.user = user
set_acl(performer, [(Allow, user.__oid__, ['yss.edit-profile'])])
location = request.resource_url(performer, 'edit.html')
else:
location = request.resource_url(root['performers'][username])
headers = remember(request, get_oid(user))
return HTTPFound(location, headers=headers)
def persona_login(context, request):
check_csrf_token(request)
email = verify_persona_assertion(request)
root = root_factory(request)
adapter = request.registry.queryMultiAdapter(
(root, request), IUserLocator)
if adapter is None:
adapter = DefaultUserLocator(root, request)
user = adapter.get_user_by_email(email)
if user is None:
registry = request.registry
username = '******' % email
principals = find_service(root, 'principals')
user = principals.add_user(username, registry=registry)
user.email = email
performer = registry.content.create('Performer')
root['performers'][username] = performer
performer.user = user
set_acl(performer, [(Allow, user.__oid__, ['yss.edit-profile'])])
location = request.resource_url(performer, 'edit.html')
performer.title = email
performer.email = email
performer.photo_url = persona_gravatar_photo(request, email)
performer.age = colander.null
performer.sex = user.favorite_genre = None
location = request.resource_url(performer, 'edit.html')
else:
location = request.resource_url(root['performers'][user.__name__])
headers = remember(request, get_oid(user))
request.response.headers.extend(headers)
return {'redirect': location, 'success': True}
def start(self, context, request, appstruct, **kw):
login = appstruct['email']
adapter = request.registry.queryMultiAdapter(
(context, request),
IUserLocator
)
if adapter is None:
adapter = DefaultUserLocator(context, request)
user = adapter.get_user_by_email(login)
if user is not None:
principals = find_service(user, 'principals')
reset = principals.add_reset(user)
reseturl = request.resource_url(reset)
email = user.email
site = get_site_folder(True)
localizer = request.localizer
mail_template = site.get_mail_template('reset_password')
subject = mail_template['subject']
message = mail_template['template'].format(
person=user,
user_title=localizer.translate(
_(getattr(user, 'user_title', ''))),
reseturl=reseturl,
lac_title=request.root.title)
alert('email', [site.get_site_sender()], [email],
{'subject': subject, 'body': message})
return {}
def _login_validator(node, value):
adapter = request.registry.queryMultiAdapter((context, request),
IUserLocator)
if adapter is None:
adapter = DefaultUserLocator(context, request)
user = adapter.get_user_by_email(value)
if user is None:
raise colander.Invalid(node, 'No such user %s' % value)
def _login_validator(node, value):
adapter = request.registry.queryMultiAdapter(
(context, request),
IUserLocator
)
if adapter is None:
adapter = DefaultUserLocator(context, request)
user = adapter.get_user_by_email(value)
if user is None:
raise colander.Invalid(node, 'No such user %s' % value)
def response(self):
# import pdb; pdb.set_trace()
adapter = DefaultUserLocator(self.context, self.request)
user = adapter.get_user_by_userid(int(self.context.author))
return {
'title': self.context.title,
'description': self.context.description,
'text': self.context.text,
'pubdate': self.context.pubdate.strftime('%Y-%m-%d %H:%M:%S'),
'keywords': self.context.keywords,
'author': user.name,
'short_description': self.context.short_description,
}
def email_validator(node, kw):
context = node.bindings['context']
request = node.bindings['request']
adapter = request.registry.queryMultiAdapter(
(context, request),
IUserLocator
)
if adapter is None:
adapter = DefaultUserLocator(context, request)
user = adapter.get_user_by_email(kw)
if user and user is not context:
raise colander.Invalid(node,
_('${email} email address already in use',
mapping={'email': kw}))
def login(context, request):
login_url = request.sdiapi.mgmt_path(request.context, 'login')
referrer = request.url
if '/auditstream-sse' in referrer:
# If we're being invoked as the result of a failed request to the
# auditstream sse view, bail. Otherwise the came_from will be set to
# the auditstream URL, and the user who this happens to will eventually
# be redirected to it and they'll be left scratching their head when
# they see e.g. "id: 0-10\ndata: " when they log in successfully.
return HTTPForbidden()
if login_url in referrer:
# never use the login form itself as came_from
referrer = request.sdiapi.mgmt_path(request.virtual_root)
came_from = request.session.setdefault('sdi.came_from', referrer)
login = ''
password = ''
if 'form.submitted' in request.params:
try:
check_csrf_token(request)
except:
request.session.flash('Failed login (CSRF)', 'error')
else:
login = request.params['login']
password = request.params['password']
adapter = request.registry.queryMultiAdapter(
(context, request),
IUserLocator
)
if adapter is None:
adapter = DefaultUserLocator(context, request)
user = adapter.get_user_by_login(login)
if user is not None and user.check_password(password):
request.session.pop('sdi.came_from', None)
headers = remember(request, get_oid(user))
request.registry.notify(LoggedIn(login, user, context, request))
return HTTPFound(location = came_from, headers = headers)
request.session.flash('Failed login', 'error')
# Pass this through FBO views (e.g., forbidden) which use its macros.
template = get_renderer('substanced:sdi/views/templates/login.pt'
).implementation()
return dict(
url = request.sdiapi.mgmt_path(request.virtual_root, '@@login'),
came_from = came_from,
login = login,
password = password,
login_template = template,
)
def check_user(self):
login = self.params('email')
password = self.params('password')
context = self.context
request = self.request
adapter = request.registry.queryMultiAdapter((context, request),
IUserLocator)
if adapter is None:
adapter = DefaultUserLocator(context, request)
user = adapter.get_user_by_email(login)
if user and user.check_password(password) and \
(has_role(user=user, role=('Admin', )) or \
'active' in getattr(user, 'state', [])):
return {'check': True}
return {'check': False}
def internal_login(context, request):
login = ''
password = ''
if 'form.submitted' in request.POST:
try:
check_csrf_token(request)
except:
request.sdiapi.flash('Failed login (CSRF)', 'danger')
else:
login = request.POST['login']
password = request.POST['password']
root = request.root
adapter = request.registry.queryMultiAdapter(
(root, request), IUserLocator)
if adapter is None:
adapter = DefaultUserLocator(root, request)
user = adapter.get_user_by_login(login)
if user is None:
request.session.flash('Bad username or password', 'danger')
else:
if user.check_password(password):
request.registry.notify(LoggedIn(
login, user, context, request))
objectmap = find_objectmap(root)
try:
performer = list(
objectmap.sources(user, PerformerToUser)
)[0]
except IndexError:
request.session.flash(
'No performer associated with account', 'danger'
)
else:
headers = remember(request, get_oid(user))
location = request.resource_url(performer)
return HTTPFound(location, headers=headers)
else:
request.session.flash('Bad username or password', 'danger')
return {
'login':login,
'password':password,
'login_url':request.resource_url(
request.virtual_root, '@@internal_login'),
}
def email_validator(node, kw):
context = node.bindings['context']
request = node.bindings['request']
root = getSite()
adapter = request.registry.queryMultiAdapter(
(context, request),
IUserLocator
)
if adapter is None:
adapter = DefaultUserLocator(context, request)
user = adapter.get_user_by_email(kw)
preregistrations = [pr for pr in root.preregistrations
if getattr(pr, 'email', '') == kw]
if (user and user is not context) or preregistrations:
raise colander.Invalid(node,
_('${email} email address already in use',
mapping={'email': kw}))
def check_user(self):
login = self.params('email')
password = self.params('password')
context = self.context
request = self.request
adapter = request.registry.queryMultiAdapter(
(context, request),
IUserLocator
)
if adapter is None:
adapter = DefaultUserLocator(context, request)
user = adapter.get_user_by_email(login)
if user and user.check_password(password) and \
(has_role(user=user, role=('Admin', )) or \
'active' in getattr(user, 'state', [])):
return {'check': True}
return {'check': False}
def validate_user(context, request, appstruct):
login = appstruct.get('login')
password = appstruct.get('password')
adapter = request.registry.queryMultiAdapter((context, request),
IUserLocator)
if adapter is None:
adapter = DefaultUserLocator(context, request)
user = adapter.get_user_by_email(login)
valid = user and user.check_password(password) and \
(has_role(user=user, role=('Admin', )) or \
'active' in getattr(user, 'state', []))
headers = None
if user and valid:
request.session.pop('lac.came_from', None)
headers = remember(request, get_oid(user))
request.registry.notify(LoggedIn(login, user, context, request))
return user, valid, headers
def persons_contacted(self):
""" Return all contacted persons"""
request = get_current_request()
adapter = request.registry.queryMultiAdapter(
(self, request),
IUserLocator
)
if adapter is None:
adapter = DefaultUserLocator(self, request)
result = []
for email in self._email_persons_contacted:
user = adapter.get_user_by_email(email)
if user is not None:
result.append(user)
else:
result.append(email.split('@')[0].split('+')[0])
return set(result)
def _get_user_by_attr(attr, login, request=None):
if request is None:
request = get_current_request()
registry = request.registry
app = request.root
locator = registry.queryMultiAdapter((app, request), IUserLocator)
if locator is None:
locator = DefaultUserLocator(app, request)
user = getattr(locator, attr)(login)
return user
def authenticated_userid(self, request):
""" See IAuthenticationPolicy.
"""
context = request.context
userid = self.unauthenticated_userid(request)
if userid is None:
return None
if userid in (Authenticated, Everyone): #pragma NO COVER
return None
adapter = request.registry.queryMultiAdapter(
(context, request), IUserLocator)
if adapter is None:
adapter = DefaultUserLocator(context, request)
try:
user = adapter.get_user_by_userid(userid)
except ValueError: #pragma NO COVER
user = None
if user is not None:
return userid
def validate_user(context, request, appstruct):
login = appstruct.get('login')
password = appstruct.get('password')
adapter = request.registry.queryMultiAdapter(
(context, request),
IUserLocator
)
if adapter is None:
adapter = DefaultUserLocator(context, request)
user = adapter.get_user_by_email(login)
valid = user and user.check_password(password) and \
(has_role(user=user, role=('Admin', )) or \
'active' in getattr(user, 'state', []))
headers = None
if user and valid:
request.session.pop('lac.came_from', None)
headers = remember(request, get_oid(user))
request.registry.notify(LoggedIn(
login, user, context, request))
return user, valid, headers