class SignInForm(Form): '''用户登录表单 ''' user = StringField(_("Username / Email / UID"), default='') password = PasswordField(_('Password'), default='') def validate_user(form, field): if len(field.data) == 0: raise ValidationError(_('Username is empty.')) user = guess_user(form._handler.db, field.data) if not user: raise ValidationError(_('The user does not exist.')) if user.is_locked: raise ValidationError(_('You have been locked.')) if not user.check_password(form.password.data): raise ValidationError(_('Password is incorrect.')) if not user.is_active: raise ValidationError(_('Your are inactive now.')) form.__dict__['_user'] = user
class UserCreateForm(Form): '''用户注册表单 ''' username = StringField(_('Username')) password = PasswordField(_('Password'), [ validate_password, validators.DataRequired(), validators.EqualTo('confirm', message=_('Passwords must match')) ], default='') confirm = PasswordField(_('Password Confirm'), default='') accept_tos = BooleanField(_('I accept the TOS'), [validators.DataRequired()]) def validate_username(form, field): username = field.data ## 检查用户名规范 # 不能是数字(与UID有冲突) if username.isdigit(): raise ValidationError(_('Username can not be a number.')) # 用户名太短 if len(username) < 2: raise ValidationError(_('Username less than 2 characters.')) # 用户名太长 if len(username) > 16: raise ValidationError(_('Username greater than 16 characters.')) # 非常乱的用户名合理性检查 import yweb.utils.ystr en_count, zh_count = yweb.utils.ystr.count_chars_en_zh(username) if zh_count < 2: # 汉字数少于2 if en_count < 4: # 英语字符数也不能少于4 raise ValidationError( _('English username less than 4 characters.')) else: # 汉字数不应大于8个 if zh_count > 8: raise ValidationError( _('Chinese username greater than 6 characters.')) # 检查用户名是否存在 user = guess_user(form._handler.db, field.data) if user: raise ValidationError(_('Username occupied.')) # 使用一个不可以使用的名字清单 if settings.USERNAME_BLACKLIST_FILE: r, ics, m = yweb.utils.blacklist.has_illegal_chars( username, settings.USERNAME_BLACKLIST_FILE) if r: raise ValidationError(_('Illegal Chars: {0}'.format(ics)))
def get(self, article_id): cur_uid = self.current_user.id if self.current_user else 0 article = self.db.query(BlogArticle).get( article_id ) if not article: emsg = _('Can not find article %s') % article_id return self.send_error(404, emsg=emsg) if not article.is_public: if cur_uid != article.user_id: emsg = _('Article %s is not public.') % article_id return self.send_error(404, emsg=emsg) cur_page, page_size, start, stop = pagination(self) post_total = article.post_count posts = self.db.query(BlogPost).filter_by( article_id = article_id).order_by( get_post_order(self)).slice(start, stop) # 增加查看次数 article.view_count += 1 self.db.commit() self.data = dict(article = article, post_total = post_total, posts = posts, ftime = ftime, urlupdate = urlupdate, urlupdate2 = urlupdate2) self.render('blog/article_view.html')
def create_user(db, username, password, email): # check username user = db.query(User).filter_by(username=username).first() if user: return None, _('Username already exists') # check email user = db.query(User).filter_by(email=email).first() if user: return None, _('E-mail address already exists') # TODO: check password # generate uid uid = get_available_uid(db) try: user = User(uid=uid, username=username, password=password, email=email) db.add(user) db.commit() except Exception, emsg: return None, emsg
class BasicInfoEditForm(Form): nickname = StringField(_('Nickname'), [validators.Length(min=1, max=64)]) first_name = StringField(_('First Name'), [validators.Length(max=32)]) last_name = StringField(_('Last Name'), [validators.Length(max=32)]) gender = SelectField(_('Gender')) language = SelectField(_('Language'))
def post(self): # 检查 authcode if not self.check_authcode(): return self.render(authcode_failed=True) form = self.data['form'] if form.validate(): email = form.email.data # 创建 authkey authkey = create_authkey(self.db, type_='03', email=email, user_id=self.current_user.id) # 发送验证邮件 subject = _("[%s] Change User E-mail") % settings.SITE_NAME text = self.render_string( 'account/consoles/email_change_sendmail.html', step2_url=self.step2_url(authkey.key), settings=settings) emsg = sendmail(adr_to=email, subject=subject, text=text) if emsg: self.data['message'] = _('Send mail failed, please try again later.') return self.render('account/consoles/failed.html') else: self.data['message'] = _('A email have send to %(email)s, please check you inbox.') % {'email': email } return self.render('account/consoles/success.html') self.render()
def validate_email(form, field): current_email = form._handler.current_user.email if field.data == current_email: raise ValidationError(_('This is your current E-mail.')) user = form._handler.db.query(User).filter_by(email=field.data).first() if user and user.email != current_email: raise ValidationError(_('Email address is exist.'))
class PasswordResetStep2Form(Form): '''密码重置步骤2表单:重置密码 ''' password = PasswordField(_('Password'), [ validate_password, validators.DataRequired(), validators.EqualTo('confirm', message=_('Passwords must match')) ], default='') confirm = PasswordField(_('Password Confirm'), default='')
def get_imind(self, ID): I = self.db.query( Imind ).get( ID ) if I: if self.current_user.id != I.user_id: self.write( _('No permission!') ) I = None else: self.page_not_found( _('Can not find imind %s') % ID ) return I
class AdminUserBasicEditForm(BasicInfoEditForm): email = StringField(_('Email Address'), [validators.Length(min=6, max=35), validators.Email()]) avatar = FileField(_('My Avatar')) password = PasswordField( _('New Password'), [validators.EqualTo('confirm', message=_('Passwords must match'))], default='') confirm = PasswordField(_('Confirm New Password'), default='')
def prepare(self): self.title = _('Change My E-mail') self.template_path = 'account/consoles/basic_edit.html' self.data = { 'form': EmailChangeStep1Form(self), 'authcode_needed': True }
def post(self): # 检查 authcode if not self.check_authcode(): return self.render(authcode_failed=True) authkey = self.data['authkey'] form = self.data['form'] if form.validate(): user = self.db.query(User).filter_by( email=authkey.get('email')).first() if user: user.password = enc_login_passwd(form.password.data) self.db.delete(authkey) self.db.commit() return self.render('auth/password_reset_step2_success.html', user=user) # 出错:根据 email 没有找到 user d = { 'emsg': _('No such email: %s') % authkey.get('email'), 'key': key } return self.render('auth/password_reset_step2_failed.html', **d) # form 验证出错 self.render()
def prepare(self): authkey = None key = self.get_argument('key', None) if key: authkey = self.db.query(AuthKey).get(key) now = datetime.datetime.now() if not authkey or authkey.expire_date < now: authkey = None if not authkey: d = {'key': key, 'emsg': _('Key error.')} return self.render('auth/password_reset_step2_failed.html', **d) self.title = _('Password Reset') self.template_path = 'auth/password_reset_step2.html' self.data = {'form': PasswordResetStep2Form(self), 'authkey': authkey}
def post(self): # 检查 authcode if not self.check_authcode(): return self.render(authcode_failed=True) form = self.data['form'] if form.validate(): email = form.email.data # 创建 authkey authkey = create_authkey(self.db, type_='02', email=email) # 发送验证邮件 subject = _("[%s] Account Password Reset") % settings.SITE_NAME d = { 'step2_url': self.step2_url(authkey.key), 'settings': settings, 'user': form._user } text = self.render_string('auth/password_reset_email.html', **d) emsg = sendmail(adr_to=email, subject=subject, text=text) if emsg: return self.render('auth/password_reset_step1_failed.html', emsg=emsg, email=email) else: return self.render('auth/password_reset_step1_success.html', email=email) self.render()
class ArticleEditForm(Form): title = StringField(_('Title'), [validators.Length(min=2, max=256)]) abstract = TextAreaField(_('Abstract'), [validators.Length(min=2, max=1024)]) markup = SelectField(_('Markup Language'), coerce=int, default=1, choices=[(1, 'Markdown'), (2, 'reStructuredText')]) body = TextAreaField(_('Body'), [validators.Length(min=6, max=1024 * 1024)]) is_public = BooleanField(_('Is Public ?'))
def post(self): # 检查 authcode if not self.check_authcode(): return self.render(authcode_failed=True) form = self.data['form'] if form.validate(): email = form.email.data # 创建 authkey authkey = create_authkey(self.db, type_='01', email=email) # 发送验证邮件 subject = _("Welcome to register %s") % settings.SITE_NAME text = self.render_string('auth/signup_email.html', step2_url=self.step2_url(authkey.key), settings=settings) emsg = sendmail(adr_to=email, subject=subject, text=text) if emsg: return self.render('auth/signup_step1_failed.html', emsg=emsg, email=email) else: return self.render('auth/signup_step1_success.html', email=email) self.render()
def post(self): # 检查 authcode if not self.check_authcode(): return self.render(authcode_failed=True) authkey = self.data['authkey'] form = self.data['form'] if form.validate(): user = self.db.query(User).filter_by( email = authkey.get('email')).first() if user: user.password = enc_login_passwd(form.password.data) self.db.delete(authkey) self.db.commit() return self.render('auth/password_reset_step2_success.html', user = user) # 出错:根据 email 没有找到 user d = {'emsg': _('No such email: %s') % authkey.get('email'), 'key': key} return self.render('auth/password_reset_step2_failed.html', **d) # form 验证出错 self.render()
def post(self): # 检查 authcode if not self.check_authcode(): return self.render(authcode_failed=True) form = self.data['form'] if form.validate(): email = form.email.data # 创建 authkey authkey = create_authkey(self.db, type_='02', email=email) # 发送验证邮件 subject = _("[%s] Account Password Reset") % settings.SITE_NAME d = { 'step2_url': self.step2_url(authkey.key), 'settings': settings, 'user': form._user } text = self.render_string('auth/password_reset_email.html',**d) emsg = sendmail(adr_to=email, subject=subject, text=text) if emsg: return self.render('auth/password_reset_step1_failed.html', emsg=emsg, email=email) else: return self.render('auth/password_reset_step1_success.html', email=email) self.render()
def validate_email(form, field): # 用户邮箱是否存在 user = form._handler.db.query(User).filter_by(email=field.data).first() if not user: raise ValidationError(_('Email address is not exist.')) form.__dict__['_user'] = user
def find_user(self, ID): user = self.db.query(User).get(ID) if user: return user self.data['message'] = _('Can not find user %s') % ID self.render('account/consoles/failed.html') return None
def prepare(self): authkey = None key = self.get_argument('key', None) if key: authkey = self.db.query(AuthKey).get(key) now = datetime.datetime.now() if not authkey or authkey.expire_date < now: authkey = None if not authkey: d = {'key': key, 'emsg': _('Key error.')} return self.render('auth/password_reset_step2_failed.html', **d) self.title = _('Password Reset') self.template_path = 'auth/password_reset_step2.html' self.data = { 'form': PasswordResetStep2Form(self), 'authkey': authkey }
class PasswordChangeForm(Form): current = PasswordField(_('Current Password'), default='') password = PasswordField(_('New Password'), [ validate_password, validators.DataRequired(), validators.EqualTo('confirm', message=_('Passwords must match')) ], default='') confirm = PasswordField(_('Confirm New Password'), default='') def validate_current(form, field): user = form._handler.current_user if not user.check_password(field.data): raise ValidationError(_('Current password is incorrect.'))
def get_article(self, ID): article = self.db.query(BlogArticle).get(ID) if not article: emsg = _('Can not find article %s') % ID self.send_error(404, emsg=emsg) return article
def prepare(self): authkey = None key = self.get_argument('key', None) if key: authkey = self.db.query(AuthKey).get(key) now = datetime.datetime.now() if not authkey or authkey.expire_date < now: authkey = None if not authkey: d = {'key': key, 'emsg': _('Registration key error.')} return self.render('auth/signup_step2_failed.html', **d) self.title = _('Create User') self.template_path = 'auth/signup_step2.html' self.data = {'authkey': authkey, 'form': UserCreateForm(self)}
def get(self, UID): user = self.db.query(User).filter_by(uid=UID).first() if not user: self.data['message'] = _('Can not find user %s') % UID return self.render('user/failed.html') d = dict(user=user, ftime=ftime) self.render('user/index.html', **d)
def prepare(self): authkey = None key = self.get_argument('key', None) if key: authkey = self.db.query(AuthKey).get(key) now = datetime.datetime.now() if not authkey or authkey.expire_date < now: authkey = None if not authkey: d = {'key': key, 'emsg': _('Registration key error.')} return self.render('auth/signup_step2_failed.html', **d) self.title = _('Create User') self.template_path = 'auth/signup_step2.html' self.data = { 'authkey': authkey, 'form': UserCreateForm(self) }
def get(self, ID): user = self.db.query(User).get(ID) if user: self.data = {'user': user, 'ftime': ftime} self.render('account/admins/user_view.html') else: self.data['message'] = _('Can not find user %s') % ID self.render('account/consoles/failed.html')
def validate_password(form, field): '''验证新密码是否合理 ''' password = field.data if len(password) < 6: raise ValidationError(_('Password must be greater than 6 characters.')) if len(password) > 64: raise ValidationError(_('Password must be less than 64 characters.')) # 如果密码太简单,不容许通过 if settings.PASSWORD_BLACKLIST_FILE: if yweb.utils.password.is_too_simple(password, settings.PASSWORD_BLACKLIST_FILE): raise ValidationError(_("Password is too simple"))
def validate_password(form, field): '''验证新密码是否合理 ''' password = field.data if len(password) < 6: raise ValidationError(_('Password must be greater than 6 characters.')) if len(password) > 64: raise ValidationError(_('Password must be less than 64 characters.')) # 如果密码太简单,不容许通过 if settings.PASSWORD_BLACKLIST_FILE: if yweb.utils.password.is_too_simple( password, settings.PASSWORD_BLACKLIST_FILE): raise ValidationError(_("Password is too simple"))
def validate_user(form, field): if len(field.data) == 0: raise ValidationError(_('Username is empty.')) user = guess_user(form._handler.db, field.data) if not user: raise ValidationError( _('The user does not exist.') ) if user.is_locked: raise ValidationError( _('You have been locked.') ) if not user.check_password( form.password.data ): raise ValidationError( _('Password is incorrect.') ) if not user.is_active: raise ValidationError( _('Your are inactive now.') ) form.__dict__['_user'] = user
def get(self): ret, emsg = self.check_key() if ret: self.data['message'] = _('Your E-mail have changed to %s') % self.current_user.email self.render('account/consoles/success.html') else: self.data['message'] = emsg self.render('account/consoles/failed.html')
def get_article(self, ID): article = self.db.query(BlogArticle).get(ID) self.data['article'] = article # TODO: 文章的回复权限 if not article: emsg = _('Can not find article %s') % ID self.send_error(404, emsg=emsg) return article
def validate_user(form, field): if len(field.data) == 0: raise ValidationError(_('Username is empty.')) user = guess_user(form._handler.db, field.data) if not user: raise ValidationError(_('The user does not exist.')) if user.is_locked: raise ValidationError(_('You have been locked.')) if not user.check_password(form.password.data): raise ValidationError(_('Password is incorrect.')) if not user.is_active: raise ValidationError(_('Your are inactive now.')) form.__dict__['_user'] = user
def get(self): ret, emsg = self.check_key() if ret: self.data['message'] = _( 'Your E-mail have changed to %s') % self.current_user.email self.render('account/consoles/success.html') else: self.data['message'] = emsg self.render('account/consoles/failed.html')
def prepare(self): self.title = _('Edit User Basic Information') self.template_path = 'account/admins/basic_edit.html' from tornado.locale import LOCALE_NAMES self.L = [] for codename in settings.SUPPORTED_LANGUAGES: if codename in LOCALE_NAMES: self.L.append( (codename, LOCALE_NAMES.get(codename).get('name'))) self.data = {'form': AdminUserBasicEditForm(self)}
def prepare(self): if self.current_user: # 如果用户己经登录 # 方法一:重定向 #self.redirect('/') # 方法二:宣传 return self.render('auth/resignin.html') self.template_path = 'auth/signin.html' self.title = _('Login') self.data = { 'form': SignInForm(self) }
def prepare(self): if self.current_user: # 如果用户己经登录 # 方法一:重定向 #self.redirect('/') # 方法二:宣传 return self.render('auth/resignin.html') self.template_path = 'auth/signin.html' self.title = _('Login') self.data = {'form': SignInForm(self)}
def prepare(self): self.title = _('Edit My Basic Information') self.template_path = 'account/consoles/basic_edit.html' from tornado.locale import LOCALE_NAMES self.L = [] for codename in settings.SUPPORTED_LANGUAGES: if codename in LOCALE_NAMES: self.L.append( ( codename, LOCALE_NAMES.get(codename).get('name') ) ) self.data = {'form': BasicInfoEditForm(self)}
class SignUpForm(Form): '''用户注册表单 ''' email = StringField(_('Email Address'), [validators.Length(min=6, max=35), validators.Email()]) def validate_email(form, field): user = form._handler.db.query(User).filter_by(email=field.data).first() if user: raise ValidationError(_('Email address is exist.'))
def post(self): form = self.data['form'] if self.request.files and form.validate(): ret, emsg = save_avatar(self.request.files['avatar'], self.current_user) if ret: self.data['message'] = _('Change Avatar Success !') return self.render('account/consoles/success.html') else: self.data['message'] = emsg return self.render('account/consoles/failed.html') self.render()
def post(self): # 检查 authcode if not self.check_authcode(): return self.render(authcode_failed=True) form = self.data['form'] if form.validate(): self.current_user.password = enc_login_passwd(form.password.data) self.db.commit() self.data['message'] = _('Change Password Success !') return self.render('account/consoles/success.html') self.render()
def check_key(self): # 请求中是否存在 key 值 key = self.get_argument('key', None) if not key: return False, _('Have not found key.') # 验证 key 是否存在 authkey = self.db.query(AuthKey).get(key) if not authkey: return False, _('Invalid key: %s') % key # 验证 key 是否失效 if authkey.expire_date < datetime.datetime.now(): return False, _('Key is timeout') # 验证用户是否匹配 user_id = authkey.get('user_id') if user_id != self.current_user.id: return False, _('User mismatch.') % key # 验证邮件是否被占用 email = authkey.get('email') user = self.db.query(User).filter_by(email=email).first() if user: return False, _('Email %s exist.') % email # 修改用户 email self.current_user.email = email # 删除 authkey self.db.delete( authkey ) self.db.commit() return True, None
def post(self): form = self.data['form'] form.language.choices = self.L form.gender.data = int(form.gender.data) form.gender.choices = settings.GENDER_CHOICES if form.validate(): user = self.current_user user.nickname = form.nickname.data user.first_name = form.first_name.data user.last_name = form.last_name.data user.language = form.language.data user.gender = form.gender.data self.db.commit() self.data['message'] = _('Save basic information success !') return self.render('account/consoles/success.html') self.render()
def validate_username(form, field): username = field.data ## 检查用户名规范 # 不能是数字(与UID有冲突) if username.isdigit(): raise ValidationError(_('Username can not be a number.')) # 用户名太短 if len(username) < 2: raise ValidationError(_('Username less than 2 characters.')) # 用户名太长 if len(username) > 16: raise ValidationError(_('Username greater than 16 characters.')) # 非常乱的用户名合理性检查 import yweb.utils.ystr en_count, zh_count = yweb.utils.ystr.count_chars_en_zh(username) if zh_count < 2: # 汉字数少于2 if en_count < 4: # 英语字符数也不能少于4 raise ValidationError(_('English username less than 4 characters.')) else: # 汉字数不应大于8个 if zh_count > 8: raise ValidationError(_('Chinese username greater than 6 characters.')) # 检查用户名是否存在 user = guess_user(form._handler.db, field.data) if user: raise ValidationError(_('Username occupied.')) # 使用一个不可以使用的名字清单 if settings.USERNAME_BLACKLIST_FILE: r, ics, m = yweb.utils.blacklist.has_illegal_chars( username, settings.USERNAME_BLACKLIST_FILE) if r: raise ValidationError(_('Illegal Chars: {0}'.format(ics)))
def prepare(self): self.title = _('Change My E-mail') self.template_path = 'account/consoles/basic_edit.html' self.data = {'form': EmailChangeStep1Form(self), 'authcode_needed': True}
def prepare(self): self.title = _('Change My Password') self.template_path = 'account/consoles/basic_edit.html' self.data = {'form': PasswordChangeForm(self), 'authcode_needed': True}
def prepare(self): self.title = _('Change My Avatar') self.template_path = 'account/consoles/basic_edit.html' self.data = { 'form': AvatarChangeForm(self) }
def prepare(self): self.title = _('Password Reset') self.template_path = 'auth/password_reset_step1.html' self.data = { 'form': PasswordResetForm(self) }
def prepare(self): self.title = _('Reply Article') self.template_path = 'blog/post_new.html' self.data = dict(form = PostEditForm(self), ftime = ftime)