def reset_password_key(request): password_reset_key = request.matchdict['password_reset_key'] password = request.params.get('password','') password_confirm = request.params.get('password_confirm','') if request.method == 'POST': user = get_user(password_reset_key=password_reset_key) if not password or password != password_confirm: request.session.flash('Passwords do not match', 'errors') elif user: user.set_password(password) user.password_reset_key = '' headers = remember(request, user.id) request.session.flash('Password successfully reset!', 'messages') return HTTPFound( location=route_url('project:list', request), headers=headers ) return dict( password_reset_key=password_reset_key )
def team_member_remove(project, request): """ Remove a team member """ user_id = request.matchdict['user_id'] user = get_user(user_id=user_id) if 'owner' in project.get_user_roles(user): request.session.flash('Cannot remove a project\'s owner', 'errors') elif user: project.remove_user(user) request.session.flash('%s removed' % user.email, 'messages') return HTTPFound( location=route_url('project:team', request, project_id=project.id) ) return dict( project=project, users=project.get_users(), menu=project_menu(project, request, 'team'), )
def team_member_add(project, request): """ Add team member to the project """ if request.method == 'POST': email = request.params.get('email','') if not validate_email(email): request.session.flash('Invalid e-mail address', 'errors') else: user = get_user(email=email) if user is None: user = User(email) if project.get_user_roles(user): request.session.flash('%s is already part of this team' % email, 'errors') else: project.add_user(user, 'reviewer') request.session.flash('%s added' % email, 'messages') return HTTPFound( location=route_url('project:team', request, project_id=project.id) ) return dict( project=project, users=project.get_users(), menu=project_menu(project, request, 'team'), )
def signup(request): user = request.user if user and not user.is_temporary(): raise StandardError, "You may not signup while logged in" came_from = request.params.get('came_from', request.referer) login_url = route_url('auth:login', request) signup_url = route_url('auth:signup', request) home_url = route_url('home', request) if came_from in [login_url, signup_url, home_url]: came_from = route_url('project:list', request) name = request.params.get('name','') email = request.params.get('email','') password = request.params.get('password','') password_confirm = request.params.get('password_confirm','') if request.method == 'POST': if not (name and email and password and password_confirm): request.session.flash('Oops! Please complete all fields', 'signup_errors') elif get_user(email=email): request.session.flash('The e-mail address %s is already in use' % email, 'signup_errors') elif password != password_confirm: request.session.flash('Your passwords did not match', 'signup_errors') else: if user and user.is_temporary(): # user is logged in with a temporary account # update the account information to transfer the current # project user.set_name(name) user.set_email(email) user.set_password(password) location = came_from else: user = User(email, name, password) location = came_from session = DBSession() session.add(user) session.flush() headers = remember(request, user.id) return HTTPFound( location=location, headers=headers ) return dict( name=name, email=email, came_from=came_from )
def login(request): if request.user and not request.user.is_temporary(): raise StandardError, "You must logout first" came_from = request.params.get('came_from', request.referer) login_url = route_url('auth:login', request) signup_url = route_url('auth:signup', request) home_url = route_url('home', request) logout_url = route_url('auth:logout', request) if came_from in [login_url, signup_url, home_url, logout_url]: came_from = route_url('project:list', request) username = request.params.get('username','') password = request.params.get('password','') if request.method == 'POST': user = get_user(email=username) if not (username and password): request.session.flash('Please provide a username and password', 'login_errors') elif user and user.is_temporary(): request.session.flash('This account is not available for you to use', 'login_errors') elif user and user.authenticate(password): user.set_last_login() if request.user: # A temporary user exists in the request # copy the temporary user's projects to the new user for project in request.user.projects(): project.remove_user(request.user) project.remove_user(user) project.add_user(user, 'owner') request.session.flash('%s saved' % project.name, 'messages') headers = remember(request, user.id) request.session['logged_in'] = 'logged_in' return HTTPFound( location=came_from, headers=headers ) else: request.session.flash('Incorrect username or password', 'login_errors') return dict( came_from=came_from, username=username, )
def reset_password(request): email = request.params.get('username','') if request.method == 'POST' and email: user = get_user(email=email) if not user: request.session.flash('No account found for %s' % email, 'errors') else: settings = request.registry.settings server = smtplib.SMTP(settings['cspot.email_server']) server.login(settings['cspot.email_user'], settings['cspot.email_password']) reset_key = user.generate_password_reset_key() data = {} data['to_address'] = user.email data['to_name'] = user.name data['reset_url'] = route_url('auth:password:reset', request, password_reset_key=reset_key) msg = u""" To: %(to_address)s From: CommitteeSpot <*****@*****.**> Subject: CommitteeSpot password reset %(to_name)s, This e-mail is response to your e-mail password reset request. If you requested this password change, please set a new password by following the link below: %(reset_url)s If you don't want to change your password, just ignore this message. Thanks, CommitteeSpot Team """ % data msg = msg.strip() server.sendmail('*****@*****.**', user.email, msg) server.quit() request.session.flash('An e-mail has been sent to %s' % user.email, 'messages') return HTTPFound( location=route_url('auth:password',request) ) return dict()