Esempio n. 1
0
def homepage_create_user():
    if request.method == "POST":
        if EMAIL_REGEX.match(request.form['email_address']) is None:
            error = "Invalid e-mail address."
            return render_template("create_user.jinja2", error_msg=error)
        if len(request.form['passwd']) < 8:
            error = "Passwords must consist of at least 8 characters."
            return render_template("create_user.jinja2", error_msg=error)
        if request.form["passwd"] == request.form["passwd_repeat"]:
            ip_addr = request.access_route[-1]
            user_passwd = request.form["passwd"]
            full_name = request.form["full_name"]
            db = Database()
            result = db.create_user(full_name,
                                    request.form['email_address'],
                                    user_passwd,
                                    ip_addr)
            if result:
                if result[0] == -1:
                    error = "User with this e-mail address already exists."
                    return render_template("create_user.jinja2", error_msg=error)
                session_id = result[1]
                # log event
                create_user_event = events.Event("Users Create User",
                                                 db,
                                                 logger=current_app.logger)
                metadata = {"ip_addr": ip_addr, "created_by": "self"}
                create_user_event.log_event(result[0], json.dumps(metadata))

                user_ctx = users.UserContext(result[0], db=db, logger=current_app.logger)
                # default permissions
                user_ctx.add_permission("onboard-users")
                user_ctx.add_permission("launch-ico")
                user_ctx.add_permission("ethereum-network")

                db.update_user_permissions(result[0], user_ctx.acl())

                config_stream = open("config.json", "r")
                config_data = json.load(config_stream)
                config_stream.close()
                if config_data["new_user_tokens"] > 0:
                    cr = Credits(result[0], db, current_app.logger)
                    cr.issue_credits(config_data["new_user_tokens"],
                                     {"ip_addr": ip_addr, "reason": "New User Bonus"})
                return redirect(url_for("admin.admin_main", session_token=session_id))
        else:
            error = "Passwords did not match."
            return render_template("create_user.jinja2", error_msg=error)

    return render_template("create_user.jinja2")
Esempio n. 2
0
def admin_confirm():
    session_token = request.form["session_token"]
    confirmation_type = request.form["confirmation_type"]
    confirmation_val = request.form["confirmation_value"]
    choice = request.form["choice"]
    if confirmation_type == "recover_email":
        if choice == "Send E-mail":
            email_address = request.form['email_address']
            mailer = Mailer(email_address, request.access_route[-1], current_app.logger)
            mailer.recover_password()
            return render_template("admin/admin_login.jinja2", error="""
            If the e-mail address is in the database, instructions have been sent on how to recover 
            your password. Please check your spam/junk mail folder.
            """)
        return redirect(url_for('homepage'))
    elif confirmation_type == "no_erc20_tokens":
        return redirect(url_for('admin.admin_tokens', session_token=session_token))
    elif confirmation_type == "erc20_publish" and choice == "Cancel":
        return redirect(url_for('admin.admin_tokens', session_token=session_token))
    elif confirmation_type == "create_erc20_failed" and choice == "OK":
        return redirect(url_for('admin.admin_tokens', session_token=session_token))
    elif confirmation_type == "onboarded_new_user":
        if choice == "Administration":
            return redirect(url_for('admin.admin_main', session_token=session_token))
        else:
            return redirect(url_for('admin.create_user', session_token=session_token))
    elif confirmation_type == "reset-password":
        if choice == "Cancel":
            return redirect(url_for("admin.view_users", session_token=session_token, limit=PAGE_LIMIT, offset=0))
    elif confirmation_type == "acl_updated":
        if choice == "OK":
            return redirect(url_for("admin.view_users", session_token=session_token, limit=PAGE_LIMIT, offset=0))
    db = database.Database(logger=current_app.logger)
    user_id = db.validate_session(session_token)
    if user_id:
        user_ctx = UserContext(user_id, db, current_app.logger)
        if confirmation_type == "erc20_publish":
            token_id = int(confirmation_val)
            sc = SmartContract(smart_token_id=token_id)
            credits = Credits(user_id, db, logger=current_app.logger)
            if sc.smart_contract_id > 0:
                event_data = {"token_name": sc.token_name,
                              "token_symbol": sc.token_symbol,
                              "token_count": sc.tokens,
                              "token_id": sc.smart_contract_id,
                              "ip_address": request.access_route[-1]}
                if user_ctx.check_acl("launch-ico"):
                    credits_balance = credits.get_credit_balance()
                    if credits_balance >= credits.erc20_publish_price:
                        new_event = Event("ERC20 Token Mined", db, logger=current_app.logger)
                        event_id = new_event.log_event(user_id, event_data)
                        event_data["event_id"] = event_id
                        credits.debit(credits.erc20_publish_price, event_data)
                        command_id = db.post_command(json.dumps({"erc20_function":"publish",
                                                                 "token_name":sc.token_name,
                                                                 "token_symbol":sc.token_symbol,
                                                                 "token_count":sc.tokens,
                                                                 "token_id":sc.smart_contract_id}), 100)
                        if command_id:
                            return redirect(url_for("admin.admin_tokens", session_token=session_token))
                        else:
                            abort(500)
                    else:
                        credits.logger.error("Insufficient credits for ERC20 Publish: "
                                             + user_ctx.user_info["email_address"])
                abort(403)
        elif confirmation_type == "reset-password":
            user_id = int(confirmation_val)
            if request.form["password"] != request.form["repeat_password"]:
                return render_template("admin/admin_confirmation.jinja2",
                                       confirmation_type="reset-password",
                                       confirmation_value=user_id,
                                       title="Reset Password",
                                       confirmation_title="Reset Password",
                                       confirmation_message="Passwords must match both times.",
                                       new_password=True,
                                       choices=["Cancel"],
                                       default_choice="Reset Password",
                                       session_token=session_token)
            if db.reset_password(int(confirmation_val), request.form["password"]):
                return redirect(url_for("admin.view_users", session_token=session_token, limit=PAGE_LIMIT, offset=0))
        elif confirmation_type == "issue-credits":
            if choice == "Issue Credits" and user_ctx.check_acl("issue-credits"):
                user_credits = Credits(confirmation_val, db, current_app.logger)
                amount = int(request.form["credits"])
                # max issued credits 10,000
                if 0 < amount < 100000:
                    user_credits.issue_credits(amount, {"ip_addr": request.access_route[-1], "admin": user_id})
                    return redirect(
                        url_for("admin.view_users", session_token=session_token, limit=PAGE_LIMIT, offset=0))
                else:
                    raise ValueError

    abort(403)