Esempio n. 1
0
def account_post(request):
    _ = request.translate
    redirect = HTTPSeeOther(location=request.route_url('account'))
    profiles_limit = 10

    profile_name = request.POST.get('profilename')
    profile_delete = request.POST.get('delete')

    if profile_name:
        p = Profile()
        if not p.validate_name(profile_name):
            request.messages.error(_('Invalid name.'))
            return redirect

        # Check if the name is already used
        used = DBSession.query(Profile).filter_by(uid=request.user.id) \
                        .filter_by(name=profile_name).first()
        if used:
            request.messages.error(_('Name already used.'))
            return redirect

        # Check if this user's under the profile number limit
        profiles_count = DBSession.query(func.count(Profile.id)) \
                                  .filter_by(uid=request.user.id).scalar()
        if profiles_count > profiles_limit:
            request.messages.error(_('You have too many profiles.'))
            return redirect

        p.name = profile_name
        p.uid = request.user.id
        DBSession.add(p)
        DBSession.flush()
        return HTTPSeeOther(
            location=request.route_url('account_profiles_edit', id=p.id))

    if profile_delete:
        try:
            profile_delete = int(profile_delete)
        except ValueError:
            return redirect

        p = DBSession.query(Profile) \
            .filter_by(id=int(profile_delete)) \
            .filter(Profile.name != '') \
            .filter_by(uid=request.user.id) \
            .first()

        if not p:
            request.messages.error(_('Unknown profile.'))
            return redirect

        DBSession.delete(p)

    return redirect
Esempio n. 2
0
def account_post(request):
    _ = request.translate
    redirect = HTTPSeeOther(location=request.route_url('account'))
    profiles_limit = 10

    profile_name = request.POST.get('profilename')
    profile_delete = request.POST.get('delete')

    if profile_name:
        p = Profile()
        if not p.validate_name(profile_name):
            request.messages.error(_('Invalid name.'))
            return redirect

        # Check if the name is already used
        used = DBSession.query(Profile).filter_by(uid=request.user.id) \
                        .filter_by(name=profile_name).first()
        if used:
            request.messages.error(_('Name already used.'))
            return redirect

        # Check if this user's under the profile number limit
        profiles_count = DBSession.query(func.count(Profile.id)) \
                                  .filter_by(uid=request.user.id).scalar()
        if profiles_count > profiles_limit:
            request.messages.error(_('You have too many profiles.'))
            return redirect

        p.name = profile_name
        p.uid = request.user.id
        DBSession.add(p)
        DBSession.flush()
        return HTTPSeeOther(location=request.route_url('account_profiles_edit', id=p.id))

    if profile_delete:
        try:
            profile_delete = int(profile_delete)
        except ValueError:
            return redirect

        p = DBSession.query(Profile) \
            .filter_by(id=int(profile_delete)) \
            .filter(Profile.name != '') \
            .filter_by(uid=request.user.id) \
            .first()

        if not p:
            request.messages.error(_('Unknown profile.'))
            return redirect

        DBSession.delete(p)

    return redirect
Esempio n. 3
0
def reset(request):
    _ = request.translate
    token = DBSession.query(PasswordResetToken) \
        .filter_by(token=request.matchdict['token']) \
        .first()

    if not token or not token.user:
        request.messages.error(_('Unknown password reset token.'))
        url = request.route_url('account_forgot')
        return HTTPMovedPermanently(location=url)

    password = request.POST.get('password')
    password2 = request.POST.get('password2')

    if request.method != 'POST' or not password or not password2:
        return {'token': token}

    if not User.validate_password(password) or password != password2:
        request.messages.error(_('Invalid password.'))
        request.response.status_code = HTTPBadRequest.code
        return {'token': token}

    token.user.set_password(password)

    mailer = get_mailer(request)
    body = render('mail/password_reset_done.mako', {
        'user': token.user,
        'changed_by': request.remote_addr,
    },
                  request=request)
    message = Message(subject=_('CCVPN: Password changed'),
                      recipients=[token.user.email],
                      body=body)
    mailer.send(message)

    msg = _('You have changed the password for ${user}.',
            mapping={'user': token.user.username})
    msg += ' ' + _('You can now log in.')
    request.messages.info(msg)
    DBSession.delete(token)
    url = request.route_url('account_login')
    return HTTPMovedPermanently(location=url)
Esempio n. 4
0
def reset(request):
    _ = request.translate
    token = DBSession.query(PasswordResetToken) \
        .filter_by(token=request.matchdict['token']) \
        .first()

    if not token or not token.user:
        request.messages.error(_('Unknown password reset token.'))
        url = request.route_url('account_forgot')
        return HTTPMovedPermanently(location=url)

    password = request.POST.get('password')
    password2 = request.POST.get('password2')

    if request.method != 'POST' or not password or not password2:
        return {'token': token}

    if not User.validate_password(password) or password != password2:
        request.messages.error(_('Invalid password.'))
        request.response.status_code = HTTPBadRequest.code
        return {'token': token}

    token.user.set_password(password)

    mailer = get_mailer(request)
    body = render('mail/password_reset_done.mako', {
        'user': token.user,
        'changed_by': request.remote_addr,
    }, request=request)
    message = Message(subject=_('CCVPN: Password changed'),
                      recipients=[token.user.email],
                      body=body)
    mailer.send(message)

    msg = _('You have changed the password for ${user}.',
            mapping={'user': token.user.username})
    msg += ' ' + _('You can now log in.')
    request.messages.info(msg)
    DBSession.delete(token)
    url = request.route_url('account_login')
    return HTTPMovedPermanently(location=url)
Esempio n. 5
0
def revoke(args):
    q = DBSession.query(APIAccessToken)
    if args.token == '-':
        args.token = input('Search token (empty=*): ')
    if args.token:
        q = q.filter_by(token=args.token)
    if args.label:
        q = q.filter_by(label=args.label)
    count = q.count()
    if count == 0:
        print('No token found.')
        return
    if count > 1:
        if args.force:
            print('Warning: mutliple tokens match.')
        else:
            print('Error: mutliple tokens match. Use -f to force.')
            return
    sure_str = 'Sure revoking %d tokens? [y/n] ' % q.count()
    if not args.yes and input(sure_str).lower() != 'y':
        return
    for t in q.all():
        print('Revoking token #%d (%s)...' % (t.id, t.label))
        DBSession.delete(t)
Esempio n. 6
0
def revoke(args):
    q = DBSession.query(Gateway)
    if args.token == '-':
        args.token = input('Search token (empty=*): ')
    if args.token:
        q = q.filter_by(token=args.token)
    if args.label:
        q = q.filter_by(label=args.label)
    count = q.count()
    if count == 0:
        print('No token found.')
        return
    if count > 1:
        if args.force:
            print('Warning: mutliple tokens match.')
        else:
            print('Error: mutliple tokens match. Use -f to force.')
            return
    sure_str = 'Sure revoking %d tokens? [y/n] ' % q.count()
    if not args.yes and input(sure_str).lower() != 'y':
        return
    for t in q.all():
        print('Revoking token #%d (%s)...' % (t.id, t.label))
        DBSession.delete(t)
Esempio n. 7
0
def account_post(request):
    # TODO: Fix that. split in two functions or something.
    errors = []
    try:
        if 'profilename' in request.POST:
            p = Profile()
            p.validate_name(request.POST['profilename']) or \
                errors.append('Invalid name.')
            assert not errors
            name_used = DBSession.query(Profile) \
                .filter_by(uid=request.user.id,
                           name=request.POST['profilename']) \
                .first()
            if name_used:
                errors.append('Name already used.')
            profiles_count = DBSession.query(func.count(Profile.id)) \
                .filter_by(uid=request.user.id).scalar()
            if profiles_count > 10:
                errors.append('You have too many profiles.')
            assert not errors
            p.name = request.POST['profilename']
            p.askpw = 'askpw' in request.POST and request.POST['askpw'] == '1'
            p.uid = request.user.id
            if not p.askpw:
                p.password = random_access_token()
            DBSession.add(p)
            DBSession.flush()
            return account(request)

        if 'profiledelete' in request.POST:
            p = DBSession.query(Profile) \
                .filter_by(id=int(request.POST['profiledelete'])) \
                .filter_by(uid=request.user.id) \
                .first()
            assert p or errors.append('Unknown profile.')
            DBSession.delete(p)
            DBSession.flush()
            return account(request)

        u = request.user
        if request.POST['password'] != '':
            u.validate_password(request.POST['password']) or \
                errors.append('Invalid password.')
            if request.POST['password'] != request.POST['password2']:
                errors.append('Both passwords do not match.')
        if request.POST['email'] != '':
            u.validate_email(request.POST['email']) or \
                errors.append('Invalid email address.')
        assert not errors

        new_email = request.POST.get('email')
        if new_email and new_email != request.user.email:
            c = DBSession.query(func.count(User.id).label('ec')) \
                .filter_by(email=new_email).first()
            if c.ec > 0:
                errors.append('E-mail address already registered.')
        assert not errors
        if request.POST['password'] != '':
            u.set_password(request.POST['password'])
        if request.POST['email'] != '':
            u.email = request.POST['email']
        request.session.flash(('info', 'Saved!'))
        DBSession.flush()

    except KeyError:
        return HTTPBadRequest()
    except AssertionError:
        for error in errors:
            request.session.flash(('error', error))
    return account(request)
Esempio n. 8
0
def account_post(request):
    _ = request.translate
    # TODO: Fix that. split in two functions or something.
    errors = []
    try:
        if 'profilename' in request.POST:
            p = Profile()
            p.validate_name(request.POST['profilename']) or \
                errors.append(_('Invalid name.'))
            assert not errors
            name_used = DBSession.query(Profile) \
                .filter_by(uid=request.user.id,
                           name=request.POST['profilename']) \
                .first()
            if name_used:
                errors.append(_('Name already used.'))
            profiles_count = DBSession.query(func.count(Profile.id)) \
                .filter_by(uid=request.user.id).scalar()
            if profiles_count > 10:
                errors.append(_('You have too many profiles.'))
            assert not errors
            p.name = request.POST['profilename']
            p.askpw = 'askpw' in request.POST and request.POST['askpw'] == '1'
            p.uid = request.user.id
            if not p.askpw:
                p.password = random_access_token()
            DBSession.add(p)
            DBSession.flush()
            return account(request)

        if 'profiledelete' in request.POST:
            p = DBSession.query(Profile) \
                .filter_by(id=int(request.POST['profiledelete'])) \
                .filter_by(uid=request.user.id) \
                .first()
            assert p or errors.append(_('Unknown profile.'))
            DBSession.delete(p)
            DBSession.flush()
            return account(request)

        u = request.user
        if request.POST['password'] != '':
            u.validate_password(request.POST['password']) or \
                errors.append(_('Invalid password.'))
            if request.POST['password'] != request.POST['password2']:
                errors.append(_('Both passwords do not match.'))
        if request.POST['email'] != '':
            u.validate_email(request.POST['email']) or \
                errors.append(_('Invalid email address.'))
        assert not errors

        new_email = request.POST.get('email')
        if new_email and new_email != request.user.email:
            c = DBSession.query(func.count(User.id).label('ec')) \
                .filter_by(email=new_email).first()
            if c.ec > 0:
                errors.append(_('E-mail address already registered.'))
        assert not errors
        if request.POST['password'] != '':
            u.set_password(request.POST['password'])
        if request.POST['email'] != '':
            u.email = request.POST['email']
        request.messages.info(_('Saved!'))
        DBSession.flush()

    except KeyError:
        return HTTPBadRequest()
    except AssertionError:
        for error in errors:
            request.session.flash(('error', error))
    return account(request)