Exemple #1
0
 def request_password(self):        
     schema = createSchema('RequestNewPasswordSchema').bind(context=self.context, request=self.request)
     form = Form(schema, buttons=(button_request, button_cancel))
     self.api.register_form_resources(form)
 
     #Handle submitted information
     if 'request' in self.request.POST:
         controls = self.request.POST.items()
 
         try:
             #appstruct is deforms convention. It will be the submitted data in a dict.
             appstruct = form.validate(controls)
         except ValidationFailure, e:
             self.response['form'] = e.render()
             return self.response
         
         userid_or_email = appstruct['userid_or_email']
 
         #userid here can be either an email address or a login name
         if '@' in userid_or_email:
             #assume email
             user = self.context['users'].get_user_by_email(userid_or_email)
         else:
             user = self.context['users'].get(userid_or_email)
         
         if IUser.providedBy(user):
             user.new_request_password_token(self.request)
             self.api.flash_messages.add(_('Email sent.'))
             url = resource_url(self.api.root, self.request)
             return HTTPFound(location = url)
 
         self.api.flash_messages.add(_('Username or email not found.'), type='error')
Exemple #2
0
 def set_auth_domain(self, user, domain, **kw):
     assert domain == self.name
     assert IUser.providedBy(user)
     auth_info = get_auth_info(self.request)
     reg_data = self.appstruct(auth_info)
     kw['openid_username'] = reg_data['openid_username']
     user.auth_domains[self.name] = kw
Exemple #3
0
    def request_password(self):
        schema = createSchema('RequestNewPasswordSchema').bind(
            context=self.context, request=self.request)
        form = Form(schema, buttons=(button_request, button_cancel))
        self.api.register_form_resources(form)

        #Handle submitted information
        if 'request' in self.request.POST:
            controls = self.request.POST.items()

            try:
                #appstruct is deforms convention. It will be the submitted data in a dict.
                appstruct = form.validate(controls)
            except ValidationFailure, e:
                self.response['form'] = e.render()
                return self.response

            userid_or_email = appstruct['userid_or_email']

            #userid here can be either an email address or a login name
            if '@' in userid_or_email:
                #assume email
                user = self.context['users'].get_user_by_email(userid_or_email)
            else:
                user = self.context['users'].get(userid_or_email)

            if IUser.providedBy(user):
                user.new_request_password_token(self.request)
                self.api.flash_messages.add(_('Email sent.'))
                url = resource_url(self.api.root, self.request)
                return HTTPFound(location=url)

            self.api.flash_messages.add(_('Username or email not found.'),
                                        type='error')
Exemple #4
0
 def test_get_user(self):
     root = bootstrap_and_fixture(self.config)
     request = testing.DummyRequest()
     obj = self._cut(root, request)
     self.failIf(hasattr(request, '_user_lookup_cache'))
     user = obj.get_user('admin')
     from voteit.core.models.interfaces import IUser
     self.failUnless(IUser.providedBy(user))
     self.assertEqual(user, request._user_lookup_cache['admin'])
Exemple #5
0
 def test_get_user(self):
     root = bootstrap_and_fixture(self.config)
     request = testing.DummyRequest()
     obj = self._cut(root, request)
     self.failIf(hasattr(request, '_user_lookup_cache'))
     user = obj.get_user('admin')
     from voteit.core.models.interfaces import IUser
     self.failUnless(IUser.providedBy(user))
     self.assertEqual(user, request._user_lookup_cache['admin'])
Exemple #6
0
 def __call__(self, node, value):
     if '@' in value:
         #assume email
         root = find_root(self.context)
         user = root['users'].get_user_by_email(value)
         if not IUser.providedBy(user):
             msg = _(u"email_to_user_validation_error",
                     default=u"I couldn't find any user with this email.")
             raise colander.Invalid(node, msg)
     else:
         userid_validator = GlobalExistingUserId(self.context)
         userid_validator(node, value)
Exemple #7
0
 def login(self):
     """ Login action used by sidebar widget for password login. """
     browser_result = self.browser_check()
     if browser_result:
         return browser_result
     #FIXME: Validation in schema, not in view
     schema = createSchema(
         'LoginSchema', validator=deferred_login_password_validator).bind(
             context=self.context, request=self.request, api=self.api)
     form = deform.Form(schema, buttons=(button_login, ))
     self.api.register_form_resources(form)
     users = self.context.users
     POST = self.request.POST
     if 'login' in POST:
         controls = POST.items()
         try:
             appstruct = form.validate(controls)
         except deform.ValidationFailure, e:
             self.response['form'] = e.render()
             return self.response
         # Force lowercase userid
         userid = appstruct['userid'].lower()
         password = appstruct['password']
         came_from = appstruct['came_from']
         #userid here can be either an email address or a login name
         if '@' in userid:
             #assume email
             user = users.get_user_by_email(userid)
         else:
             user = users.get(userid)
         if not IUser.providedBy(user):
             raise HTTPForbidden(
                 u"Userid returned something else then a user from users folder."
             )
         #Password validation already handled by schema here
         headers = remember(self.request, user.__name__)
         url = self.request.resource_url(self.context)
         if came_from:
             url = urllib.unquote(came_from)
         return HTTPFound(location=url, headers=headers)
Exemple #8
0
 def login(self):
     """ Login action used by sidebar widget for password login. """
     browser_result = self.browser_check()
     if browser_result:
         return browser_result
     #FIXME: Validation in schema, not in view
     schema = createSchema('LoginSchema', validator = deferred_login_password_validator).bind(context=self.context, request=self.request, api=self.api)
     form = deform.Form(schema, buttons=(button_login,))
     self.api.register_form_resources(form)
     users = self.context.users
     POST = self.request.POST
     if 'login' in POST:
         controls = POST.items()
         try:
             appstruct = form.validate(controls)
         except deform.ValidationFailure, e:
             self.response['form'] = e.render()
             return self.response
         # Force lowercase userid
         userid = appstruct['userid'].lower()
         password = appstruct['password']
         came_from = appstruct['came_from']
         #userid here can be either an email address or a login name
         if '@' in userid:
             #assume email
             user = users.get_user_by_email(userid)
         else:
             user = users.get(userid)
         if not IUser.providedBy(user):
             raise HTTPForbidden(u"Userid returned something else then a user from users folder.")
         #Password validation already handled by schema here
         headers = remember(self.request, user.__name__)
         url = self.request.resource_url(self.context)
         if came_from:
             url = urllib.unquote(came_from)
         return HTTPFound(location = url,
                          headers = headers)
 def __init__(self, context):
     assert IUser.providedBy(context)  # pragma : no cover
     self.context = context
 def __init__(self, context):
     assert IUser.providedBy(context)
     self.context = context
Exemple #11
0
    def facebook_register(self):
        schema = createSchema('CSORegisterUserSchema')
        add_csrf_token(self.context, self.request, schema)
        schema = schema.bind(context=self.context,
                             request=self.request,
                             api=self.api)
        form = Form(schema, buttons=(
            button_register,
            button_cancel,
        ))
        self.api.register_form_resources(form)

        if 'cancel' in self.request.POST:
            self.api.flash_messages.add(_(u"Canceled"))

            url = self.request.resource_url(self.api.root)
            return HTTPFound(location=url)

        if self.request.POST:
            post = dict(self.request.POST)

            oauth_userid = post['oauth_userid']
            oauth_access_token = post['oauth_access_token']

            came_from = post['came_from']

            # Logged in user, connect auth token to user
            if self.api.userid:
                user = self.api.user_profile

                #check that no other user has this token already
                other_user = self.api.root.users.get_user_by_oauth_token(
                    'facebook', oauth_access_token)
                if other_user and user != other_user:
                    raise Forbidden(
                        _("Another user has already registered with this token."
                          ))

                #setting domain stuff
                user.auth_domains['facebook'] = {
                    'oauth_userid': oauth_userid,
                    'oauth_access_token': oauth_access_token,
                }
                url = self.request.resource_url(user)
                return HTTPFound(location=url)
            else:
                # Find user with auth token and log it in
                user = self.api.root.users.get_user_by_oauth_token(
                    'facebook', oauth_access_token)
                if IUser.providedBy(user):
                    headers = remember(self.request, user.__name__)
                    url = self.request.resource_url(self.context)
                    if came_from:
                        url = urllib.unquote(came_from)
                    return HTTPFound(location=url, headers=headers)

            if 'register' in self.request.POST:
                controls = self.request.POST.items()
                try:
                    appstruct = form.validate(controls)
                except ValidationFailure, e:
                    self.response['form'] = e.render()
                    return self.response

                name = appstruct['userid']
                del appstruct['userid']

                # removing domain data from appstruct
                del appstruct['oauth_userid']
                del appstruct['oauth_access_token']

                # add facebook as selected profile image
                appstruct['profile_image_plugin'] = 'facebook_profile_image'

                del appstruct['came_from']

                obj = createContent('User', creators=[name], **appstruct)
                self.context.users[name] = obj
                #setting domain stuff
                obj.auth_domains['facebook'] = {
                    'oauth_userid': oauth_userid,
                    'oauth_access_token': oauth_access_token,
                }

                headers = remember(self.request, name)  # login user

                url = self.request.resource_url(self.api.root)
                if came_from:
                    url = urllib.unquote(came_from)
                return HTTPFound(location=url, headers=headers)
            else:
                self.response['form'] = form.render(self.request.POST)
                return self.response
Exemple #12
0
    def openid_register(self):
        schema = createSchema('CSORegisterUserOpenIDSchema')
        add_csrf_token(self.context, self.request, schema)
        schema = schema.bind(context=self.context,
                             request=self.request,
                             api=self.api)
        form = Form(schema, buttons=(
            button_register,
            button_cancel,
        ))
        self.api.register_form_resources(form)

        if 'cancel' in self.request.POST:
            self.api.flash_messages.add(_(u"Canceled"))
            url = self.request.resource_url(self.api.root)
            return HTTPFound(location=url)

        if self.request.POST:
            post = dict(self.request.POST)
            openid_identifier = post['openid_identifier']
            domain = post['domain']
            userid = post['userid']
            came_from = post['came_from']

            # Logged in user, connect openid_identifier
            if self.api.userid:
                user = self.api.user_profile
                #check that no other user has this token already
                other_user = self.api.root.users.get_auth_domain_user(
                    'openid', 'openid_identifier', openid_identifier)
                if other_user and user != other_user:
                    raise Forbidden(
                        _("Another user has already registered with this identifier."
                          ))
                #setting domain stuff
                user.auth_domains['openid'] = {
                    'openid_identifier': openid_identifier,
                    'domain': domain
                }
                url = self.request.resource_url(user)
                return HTTPFound(location=url)
            else:
                # Find user with auth token and log it in
                user = self.api.root.users.get_auth_domain_user(
                    'openid', 'openid_identifier', openid_identifier)
                if IUser.providedBy(user):
                    headers = remember(self.request, user.__name__)
                    url = self.request.resource_url(self.context)
                    if came_from:
                        url = urllib.unquote(came_from)
                    return HTTPFound(location=url, headers=headers)

            if 'register' in self.request.POST:
                controls = self.request.POST.items()
                try:
                    appstruct = form.validate(controls)
                except ValidationFailure, e:
                    self.response['form'] = e.render()
                    return self.response

                userid = appstruct['userid']
                email = appstruct['email']
                first_name = appstruct['first_name']
                last_name = appstruct['last_name']
                obj = createContent('User',
                                    creators=[userid],
                                    email=email,
                                    first_name=first_name,
                                    last_name=last_name)
                self.context.users[userid] = obj
                #setting domain stuff
                obj.auth_domains['openid'] = {
                    'openid_identifier': openid_identifier,
                    'domain': domain
                }
                headers = remember(self.request, userid)  # login user
                url = self.request.resource_url(self.api.root)
                if came_from:
                    url = urllib.unquote(came_from)
                return HTTPFound(location=url, headers=headers)
            else:
                self.response['form'] = form.render(self.request.POST)
                return self.response
Exemple #13
0
 def __init__(self, context):
     assert IUser.providedBy(context) # pragma : no cover
     self.context = context
Exemple #14
0
 def __init__(self, context):
     assert IUser.providedBy(context)
     self.context = context
Exemple #15
0
    def facebook_register(self):
        schema = createSchema('CSORegisterUserSchema')
        add_csrf_token(self.context, self.request, schema)
        schema = schema.bind(context=self.context, request=self.request, api = self.api)
        form = Form(schema, buttons=(button_register, button_cancel,))
        self.api.register_form_resources(form)
        
        if 'cancel' in self.request.POST:
            self.api.flash_messages.add(_(u"Canceled"))

            url = self.request.resource_url(self.api.root)
            return HTTPFound(location=url)

        if self.request.POST:
            post = dict(self.request.POST)
            
            oauth_userid = post['oauth_userid']
            oauth_access_token = post['oauth_access_token']
            
            came_from = post['came_from']
            
            # Logged in user, connect auth token to user
            if self.api.userid:
                user = self.api.user_profile
                
                #check that no other user has this token already
                other_user = self.api.root.users.get_user_by_oauth_token('facebook', oauth_access_token)
                if other_user and user != other_user:
                    raise Forbidden(_("Another user has already registered with this token."))
                
                #setting domain stuff
                user.auth_domains['facebook'] = {'oauth_userid': oauth_userid, 
                                                 'oauth_access_token': oauth_access_token,}
                url = self.request.resource_url(user)
                return HTTPFound(location=url)
            else:
                # Find user with auth token and log it in
                user = self.api.root.users.get_user_by_oauth_token('facebook', oauth_access_token)
                if IUser.providedBy(user):
                    headers = remember(self.request, user.__name__)
                    url = self.request.resource_url(self.context)
                    if came_from:
                        url = urllib.unquote(came_from)
                    return HTTPFound(location = url,
                                     headers = headers)
            
    
            if 'register' in self.request.POST:
                controls = self.request.POST.items()
                try:
                    appstruct = form.validate(controls)
                except ValidationFailure, e:
                    self.response['form'] = e.render()
                    return self.response
                
                name = appstruct['userid']
                del appstruct['userid']
                
                # removing domain data from appstruct
                del appstruct['oauth_userid']
                del appstruct['oauth_access_token']
                
                # add facebook as selected profile image
                appstruct['profile_image_plugin'] = 'facebook_profile_image'
                
                del appstruct['came_from']
    
                obj = createContent('User', creators=[name], **appstruct)
                self.context.users[name] = obj
                #setting domain stuff
                obj.auth_domains['facebook'] = {'oauth_userid': oauth_userid,
                                                 'oauth_access_token': oauth_access_token,}
                
                headers = remember(self.request, name) # login user
                
                url = self.request.resource_url(self.api.root)
                if came_from:
                    url = urllib.unquote(came_from)
                return HTTPFound(location=url, headers=headers)
            else:
                self.response['form'] = form.render(self.request.POST)
                return self.response
Exemple #16
0
    def openid_register(self):
        schema = createSchema('CSORegisterUserOpenIDSchema')
        add_csrf_token(self.context, self.request, schema)
        schema = schema.bind(context=self.context, request=self.request, api = self.api)
        form = Form(schema, buttons=(button_register, button_cancel,))
        self.api.register_form_resources(form)

        if 'cancel' in self.request.POST:
            self.api.flash_messages.add(_(u"Canceled"))
            url = self.request.resource_url(self.api.root)
            return HTTPFound(location=url)

        if self.request.POST:
            post = dict(self.request.POST)
            openid_identifier = post['openid_identifier']
            domain = post['domain']
            userid = post['userid']
            came_from = post['came_from']
            
            # Logged in user, connect openid_identifier
            if self.api.userid:
                user = self.api.user_profile
                #check that no other user has this token already
                other_user = self.api.root.users.get_auth_domain_user('openid', 'openid_identifier', openid_identifier)
                if other_user and user != other_user:
                    raise Forbidden(_("Another user has already registered with this identifier."))
                #setting domain stuff
                user.auth_domains['openid'] = {'openid_identifier': openid_identifier,
                                               'domain': domain}
                url = self.request.resource_url(user)
                return HTTPFound(location=url)
            else:
                # Find user with auth token and log it in
                user = self.api.root.users.get_auth_domain_user('openid', 'openid_identifier', openid_identifier)
                if IUser.providedBy(user):
                    headers = remember(self.request, user.__name__)
                    url = self.request.resource_url(self.context)
                    if came_from:
                        url = urllib.unquote(came_from)
                    return HTTPFound(location = url,
                                     headers = headers)

            if 'register' in self.request.POST:
                controls = self.request.POST.items()
                try:
                    appstruct = form.validate(controls)
                except ValidationFailure, e:
                    self.response['form'] = e.render()
                    return self.response
                
                userid = appstruct['userid']
                email = appstruct['email']
                first_name = appstruct['first_name']
                last_name = appstruct['last_name']
                obj = createContent('User', creators=[userid], email = email, first_name = first_name, last_name = last_name)
                self.context.users[userid] = obj
                #setting domain stuff
                obj.auth_domains['openid'] = {'openid_identifier': openid_identifier,
                                              'domain': domain}
                headers = remember(self.request, userid) # login user
                url = self.request.resource_url(self.api.root)
                if came_from:
                    url = urllib.unquote(came_from)
                return HTTPFound(location=url, headers=headers)
            else:
                self.response['form'] = form.render(self.request.POST)
                return self.response