def get(self, login_id, key):
session_user.add_message(
'notice',
"Please choose a new password to complete the reset request."
)
self.assign_form()
self.render_template()
def auth_post(self, action=None, objid=None, session_key=None):
CrudBase.auth_post(self, action, objid, session_key)
if self.action == self.DELETE:
# prevent self-deletion
if objid == session_user.id:
session_user.add_message('error', 'You cannot delete your own user account')
abort(403)
def process_args(self): # noqa
had_strict_arg_failure = False
for argname, processor, required, takes_list, list_item_invalidates, \
strict, show_msg, custom_msg, pass_as in self._processors:
is_invalid = False
pass_as = pass_as or argname
argval = self.calling_args.get(argname, None)
try:
if isinstance(argval, list):
if takes_list is False:
raise formencode.Invalid('multiple values not allowed', argval, None)
if takes_list is None:
self.calling_args[pass_as] = argval = argval[0]
elif takes_list:
self.calling_args[pass_as] = argval = tolist(argval)
if pass_as != argname:
# catches a couple cases where a replacement doesn't
# already happen above
self.calling_args[pass_as] = argval
# delete the old value if it exists
if argname in self.calling_args:
del self.calling_args[argname]
if processor:
if takes_list:
processor = formencode.ForEach(processor)
try:
if required:
processor = formencode.All(formencode.validators.NotEmpty, processor)
processed_val = processor.to_python(argval)
except formencode.Invalid as e:
""" do a second round of processing for list values """
if not takes_list or not e.error_list or list_item_invalidates:
raise
""" only remove the bad values, keep the good ones """
new_list = []
for index, error in enumerate(e.error_list):
if error is None:
new_list.append(argval[index])
# revalidate for conversion and required
processed_val = processor.to_python(new_list)
self.calling_args[pass_as] = processed_val
except formencode.Invalid as e:
is_invalid = True
if self.strict_args or strict:
had_strict_arg_failure = True
self.invalid_arg_keys.append(argname)
if show_msg:
invalid_msg = '%s: %s' % (argname, custom_msg or str(e))
user.add_message('error', invalid_msg)
try:
if is_invalid or self.calling_args[pass_as] is None or \
self.calling_args[pass_as] == '':
del self.calling_args[pass_as]
except KeyError:
pass
if len(self.invalid_arg_keys) > 0:
log.debug('%s had bad args: %s', self.__class__.__name__, self.invalid_arg_keys)
if had_strict_arg_failure:
raise BadRequest('strict arg failure w/ invalid keys: %s' % self.invalid_arg_keys)
def process_args(self): # noqa
had_strict_arg_failure = False
for argname, processor, required, takes_list, list_item_invalidates, \
strict, show_msg, custom_msg, pass_as in self._processors:
is_invalid = False
pass_as = pass_as or argname
argval = self.calling_args.get(argname, None)
try:
if isinstance(argval, list):
if takes_list is False:
raise formencode.Invalid('multiple values not allowed', argval, None)
if takes_list is None:
self.calling_args[pass_as] = argval = argval[0]
elif takes_list:
self.calling_args[pass_as] = argval = tolist(argval)
if pass_as != argname:
# catches a couple cases where a replacement doesn't
# already happen above
self.calling_args[pass_as] = argval
# delete the old value if it exists
if argname in self.calling_args:
del self.calling_args[argname]
if processor:
if takes_list:
processor = formencode.ForEach(processor)
try:
if required:
processor = formencode.All(formencode.validators.NotEmpty, processor)
processed_val = processor.to_python(argval)
except formencode.Invalid as e:
""" do a second round of processing for list values """
if not takes_list or not e.error_list or list_item_invalidates:
raise
""" only remove the bad values, keep the good ones """
new_list = []
for index, error in enumerate(e.error_list):
if error is None:
new_list.append(argval[index])
# revalidate for conversion and required
processed_val = processor.to_python(new_list)
self.calling_args[pass_as] = processed_val
except formencode.Invalid as e:
is_invalid = True
if self.strict_args or strict:
had_strict_arg_failure = True
self.invalid_arg_keys.append(argname)
if show_msg:
invalid_msg = '%s: %s' % (argname, custom_msg or str(e))
user.add_message('error', invalid_msg)
try:
if is_invalid or self.calling_args[pass_as] is None or \
self.calling_args[pass_as] == '':
del self.calling_args[pass_as]
except KeyError:
pass
if len(self.invalid_arg_keys) > 0:
log.debug('%s had bad args: %s', self.__class__.__name__, self.invalid_arg_keys)
if had_strict_arg_failure:
raise BadRequest('strict arg failure w/ invalid keys: %s' % self.invalid_arg_keys)
def delete_record(self):
try:
CommonCrudBase.delete_record(self)
except IntegrityError:
session_user.add_message(
'warning',
'could not delete, the {0} is in use'.format(self.objname)
)
redirect(url_for(self.endpoint, action='manage', session_key=self.session_key))
def form_on_valid(self):
formvals = self.form.get_values()
# assigned groups and permissions stay the same for profile submissions
formvals['assigned_groups'] = self.objinst.group_ids
formvals['approved_permissions'], formvals['denied_permissions'] = \
self.objinst.assigned_permission_ids
formvals['pass_reset_ok'] = False
orm_User.edit(self.objid, **formvals)
session_user.add_message('notice', 'profile updated succesfully')
def send_email_notifications(self):
if self.form.elements.email_notify.value:
if self.action == self.ADD:
email_sent = send_new_user_email(self.form_resulting_entity)
elif self.form.elements.password.value:
email_sent = send_change_password_email(self.form_resulting_entity)
if (self.action == self.ADD or self.form.elements.password.value) and not email_sent:
session_user.add_message(
'error',
'An error occurred while sending the user notification email.'
)
def post(self):
if self.form.is_valid():
orm_User.get(session_user.id).update_password(self.form.elements.password.value)
session_user.reset_required = False
session_user.add_message('notice', 'Your password has been changed successfully.')
url = after_login_url() if rg.request.url == url_for('auth:ChangePassword') \
else rg.request.url
redirect(url)
elif self.form.is_submitted():
# form was submitted, but invalid
self.form.assign_user_errors()
self.default()
def post(self, login_id, key):
if self.form.is_valid():
self.user.update_password(self.form.elements.password.value)
session_user.add_message('notice', 'Your password has been reset successfully.')
# at this point, the user has been verified, and we can setup the user
# session and kill the reset
load_session_user(self.user)
self.user.kill_reset_key()
# redirect as if this was a login
url = after_login_url()
redirect(url)
elif self.form.is_submitted():
# form was submitted, but invalid
self.form.assign_user_errors()
self.assign_form()
self.render_template()
def post(self):
if self.form.is_valid():
user = orm_User.validate(
self.form.els.login_id.value,
self.form.els.password.value
)
if user:
if user.inactive:
session_user.add_message('error', 'That user is inactive.')
else:
load_session_user(user)
log.application('user %s logged in; session id: %s; remote_ip: %s',
user.login_id, rg.session.id, rg.request.remote_addr)
session_user.add_message('notice', 'You logged in successfully!')
if user.reset_required:
url = url_for('auth:ChangePassword')
else:
url = after_login_url()
redirect(url)
else:
log.application('user login failed; user login: %s; session id: %s; remote_ip: %s',
self.form.elements.login_id.value, rg.session.id,
rg.request.remote_addr)
session_user.add_message('error', 'Login failed! Please try again.')
elif self.form.is_submitted():
# form was submitted, but invalid
self.form.assign_user_errors()
self.default()
def post(self):
if self.form.is_valid():
em_address = self.form.elements.email_address.value
user_obj = orm_User.reset_password(em_address)
if user_obj:
if send_reset_password_email(user_obj):
session_user.add_message(
'notice',
'An email with a link to reset your password has been sent.'
)
else:
session_user.add_message(
'error',
'An error occurred while sending the notification email. Your '
'password has not been reset.'
)
url = current_url(root_only=True)
redirect(url)
else:
session_user.add_message(
'error',
'Did not find a user with email address: %s' % em_address
)
elif self.form.is_submitted():
# form was submitted, but invalid
self.form.assign_user_errors()
self.default()
def post(self):
if self.form.is_cancel():
user.add_message('notice',
'form submission cancelled, data not changed')
self.default()
if self.form.is_valid():
try:
user.add_message('notice', 'form posted succesfully')
self.assign('result', self.form.get_values())
return
except Exception as e:
# if the form can't handle the exception, re-raise it
if not self.form.handle_exception(e):
raise
elif not self.form.is_submitted():
# form was not submitted, nothing left to do
return
# form was either invalid or caught an exception, assign error
# messages
self.form.assign_user_errors()
self.default()
def form_on_cancel(self):
session_user.add_message('notice', 'no changes made to your profile')
redirect(current_url(root_only=True))
def default(self):
user.add_message('notice', 'hi')
self.render_json({'foo1': 'bar'}, add_user_messages=False)
def default(self):
user.add_message('test', 'my message')
def default(self):
user.add_message('notice', 'hi')
self.render_json({'foo1': 'bar'}, add_user_messages=False)
def abort(self, msg='invalid reset request'):
session_user.add_message('error', '%s, use the form below to resend reset link' % msg)
url = url_for('auth:LostPassword')
redirect(url)
def flash_message(self, category, message):
user.add_message(category, message)
def flash_message(self, category, message):
user.add_message(category, message)
