def groupfinder(userid, request): """ Returns ACL formatted list of groups for the userid in the current request """ auth = AuthUser.get_by_id(userid) if auth: return [('group:%s' % group.name) for group in auth.groups]
def activate(request): """ """ user_id = request.matchdict.get('user_id') user = AuthUser.get_by_id(user_id) submitted_hmac = request.matchdict.get('hmac') current_time = time.time() time_key = int(base64.b64decode(submitted_hmac[10:])) if current_time < time_key: hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \ apex_settings('auth_secret'), time_key), \ user.email).hexdigest()[0:10] if hmac_key == submitted_hmac[0:10]: user.active = 'Y' DBSession.merge(user) DBSession.flush() flash(_('Account activated. Please log in.')) activated_route = apex_settings('activated_route') if not activated_route: activated_route = 'apex_login' return HTTPFound(location=route_url(activated_route, request)) flash(_('Invalid request, please try again')) return HTTPFound(location=route_url(apex_settings('came_from_route'), \ request))
def change_password(request): """ change_password(request): no return value, called with route_url('apex_change_password', request) """ title = _('Change your Password') came_from = get_came_from(request) form = ChangePasswordForm(request.POST) if request.method == 'POST' and form.validate(): user = AuthUser.get_by_id(authenticated_userid(request)) user.password = form.data['password'] DBSession.merge(user) DBSession.flush() return HTTPFound(location=came_from) return {'title': title, 'form': form, 'action': 'changepass'}
def openid_required(request): """ openid_required(request) no return value If apex_settings.openid_required is set, and the ax/sx from the OpenID auth doesn't return the required fields, this is called which builds a dynamic form to ask for the missing information. Called on Registration or Login with OpenID Authentication. """ title = _('OpenID Registration') came_from = request.params.get('came_from', \ route_url(apex_settings('came_from_route'), request)) #This fixes the issue with RegisterForm throwing an UnboundLocalError if apex_settings('openid_register_form_class'): OpenIDRequiredForm = get_module( apex_settings('openid_register_form_class')) else: from apex.forms import OpenIDRequiredForm for required in apex_settings('openid_required').split(','): setattr(OpenIDRequiredForm, required, \ TextField(required, [validators.Required()])) form = OpenIDRequiredForm(request.POST, \ captcha={'ip_address': request.environ['REMOTE_ADDR']}) if request.method == 'POST' and form.validate(): """ need to have the AuthUser id that corresponds to the login method. """ user = AuthUser.get_by_id(request.session['userid']) for required in apex_settings('openid_required').split(','): setattr(user, required, form.data[required]) DBSession.merge(user) DBSession.flush() headers = apex_remember(request, user) return HTTPFound(location=came_from, headers=headers) return {'title': title, 'form': form, 'action': 'openid_required'}
def openid_required(request): """ openid_required(request) no return value If apex_settings.openid_required is set, and the ax/sx from the OpenID auth doesn't return the required fields, this is called which builds a dynamic form to ask for the missing inforation. Called on Registration or Login with OpenID Authentication. """ title = _('OpenID Registration') came_from = request.params.get('came_from', route_url(apex_settings('came_from_route'), request)) # This fixes the issue with RegisterForm throwing an UnboundLocalError if apex_settings('openid_register_form_class'): OpenIDRequiredForm = get_module( apex_settings('openid_register_form_class')) else: from apex.forms import OpenIDRequiredForm for required in apex_settings('openid_required').split(','): setattr(OpenIDRequiredForm, required, TextField(required, [validators.Required()])) form = OpenIDRequiredForm(request.POST, captcha={'ip_address': request.environ['REMOTE_ADDR']}) if request.method == 'POST' and form.validate(): """ need to have the AuthUser id that corresponds to the login method. """ user = AuthUser.get_by_id(request.session['userid']) for required in apex_settings('openid_required').split(','): setattr(user, required, form.data[required]) DBSession.merge(user) DBSession.flush() headers = apex_remember(request, user) return HTTPFound(location=came_from, headers=headers) return {'title': title, 'form': form, 'action': 'openid_required'}
def reset_password(request): """ reset_password(request): no return value, called with route_url('apex_reset_password', request) """ title = _('Reset My Password') if asbool(apex_settings('use_recaptcha_on_reset')): if (apex_settings('recaptcha_public_key') and apex_settings('recaptcha_private_key')): ResetPasswordForm.captcha = RecaptchaField( public_key=apex_settings('recaptcha_public_key'), private_key=apex_settings('recaptcha_private_key'), ) form = ResetPasswordForm(request.POST, captcha={'ip_address': request.environ['REMOTE_ADDR']}) if request.method == 'POST' and form.validate(): user_id = request.matchdict.get('user_id') user = AuthUser.get_by_id(user_id) submitted_hmac = request.matchdict.get('hmac') current_time = int(time.time()) time_key = int(base64.b64decode(submitted_hmac[10:])) if current_time < time_key: hmac_key = get_hmac_key(user, time_key) if hmac_key == submitted_hmac[0:10]: #FIXME reset email, no such attribute email user.password = form.data['password'] DBSession.merge(user) DBSession.flush() flash(_('Password Changed. Please log in.')) return HTTPFound(location=route_url('apex_login', request)) else: flash(_('Invalid request, please try again')) return HTTPFound(location=route_url('apex_forgot', request)) else: flash(_('Change request email expired, please try again')) return HTTPFound(location=route_url('apex_forgot', request)) return {'title': title, 'form': form, 'form_url': request.url, "velruse_forms": None}
def activate(request): """ """ user_id = request.matchdict.get('user_id') user = AuthUser.get_by_id(user_id) submitted_hmac = request.matchdict.get('hmac') current_time = time.time() time_key = int(base64.b64decode(submitted_hmac[10:])) if current_time < time_key: hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \ apex_settings('auth_secret'), time_key), \ user.email).hexdigest()[0:10] if hmac_key == submitted_hmac[0:10]: user.active = 'Y' DBSession.merge(user) DBSession.flush() flash(_('Account activated. Please log in.')) return HTTPFound(location=route_url('apex_login', \ request)) flash(_('Invalid request, please try again')) return HTTPFound(location=route_url(apex_settings('came_from_route'), \ request))
def reset_password(request): """ reset_password(request): no return value, called with route_url('apex_reset_password', request) """ title = _('Reset My Password') if asbool(apex_settings('use_recaptcha_on_reset')): if apex_settings('recaptcha_public_key') and \ apex_settings('recaptcha_private_key'): ResetPasswordForm.captcha = RecaptchaField( public_key=apex_settings('recaptcha_public_key'), private_key=apex_settings('recaptcha_private_key'), ) form = ResetPasswordForm(request.POST, \ captcha={'ip_address': request.environ['REMOTE_ADDR']}) if request.method == 'POST' and form.validate(): user_id = request.matchdict.get('user_id') user = AuthUser.get_by_id(user_id) submitted_hmac = request.matchdict.get('hmac') current_time = time.time() time_key = int(base64.b64decode(submitted_hmac[10:])) if current_time < time_key: hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \ apex_settings('auth_secret'), time_key), \ user.email).hexdigest()[0:10] if hmac_key == submitted_hmac[0:10]: #FIXME reset email, no such attribute email user.password = form.data['password'] DBSession.merge(user) DBSession.flush() flash(_('Password Changed. Please log in.')) return HTTPFound(location=route_url('apex_login', \ request)) else: flash(_('Invalid request, please try again')) return HTTPFound(location=route_url('apex_forgot', \ request)) return {'title': title, 'form': form, 'action': 'reset'}
def reset_password(request): """ reset_password(request): no return value, called with route_url('apex_reset_password', request) """ title = _('Reset My Password') if asbool(apex_settings('use_recaptcha_on_reset')): if apex_settings('recaptcha_public_key') and apex_settings('recaptcha_private_key'): ResetPasswordForm.captcha = RecaptchaField( public_key=apex_settings('recaptcha_public_key'), private_key=apex_settings('recaptcha_private_key'), ) form = ResetPasswordForm(request.POST, \ captcha={'ip_address': request.environ['REMOTE_ADDR']}) if request.method == 'POST' and form.validate(): user_id = request.matchdict.get('user_id') user = AuthUser.get_by_id(user_id) submitted_hmac = request.matchdict.get('hmac') current_time = time.time() time_key = int(base64.b64decode(submitted_hmac[10:])) if current_time < time_key: hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \ apex_settings('auth_secret'), time_key), \ user.email).hexdigest()[0:10] if hmac_key == submitted_hmac[0:10]: user.password = form.data['password'] DBSession.merge(user) DBSession.flush() flash(_('Password Changed. Please log in.')) return HTTPFound(location=route_url('apex_login', \ request)) else: flash(_('Invalid request, please try again')) return HTTPFound(location=route_url('apex_forgot', \ request)) return {'title': title, 'form': form, 'action': 'reset'}
def user(self): user = None if authenticated_userid(self): user = AuthUser.get_by_id(authenticated_userid(self)) return user