def _request_token(self):
form = ResetPasswordEmailForm()
if form.validate_on_submit():
user = form.user
# The only case where someone would have more than one identity is after a merge.
# And the worst case that can happen here is that we send the user a different
# username than the one he expects. But he still gets back into his profile.
# Showing a list of usernames would be a little bit more user-friendly but less
# secure as we'd expose valid usernames for a specific user to an untrusted person.
identity = next(iter(user.local_identities))
_send_confirmation(form.email.data,
'reset-password',
'.resetpass',
'auth/emails/reset_password.txt', {
'user': user,
'username': identity.identifier
},
data=identity.id)
session['resetpass_email_sent'] = True
logger.info('Password reset requested for user %s', user)
return redirect(url_for('.resetpass'))
return WPAuth.render_template('reset_password.html',
form=form,
identity=None,
widget_attrs={},
email_sent=session.pop(
'resetpass_email_sent', False))
def _handle_edit_local_account(self, form):
self.user.local_identity.identifier = form.data['username']
if form.data['new_password']:
self.user.local_identity.password = form.data['new_password']
session.pop('insecure_password_error', None)
logger.info('User %s (%s) changed their password', self.user, self.user.local_identity.identifier)
flash(_('Your local account credentials have been updated successfully'), 'success')
def _handle_add_local_account(self, form):
identity = Identity(provider='indico',
identifier=form.data['username'],
password=form.data['password'])
self.user.identities.add(identity)
logger.info('User %s added a local account (%s)', self.user,
identity.identifier)
flash(_('Local account added successfully'), 'success')
def _create_identity(self):
identity = Identity(user=self.user, provider=self.identity_info['provider'],
identifier=self.identity_info['identifier'], data=self.identity_info['data'],
multipass_data=self.identity_info['multipass_data'])
logger.info('Created new identity for %s: %s', self.user, identity)
del session['login_identity_info']
db.session.flush()
login_user(self.user, identity)
return multipass.redirect_success()
def _create_identity(self):
identity = Identity(user=self.user, provider=self.identity_info['provider'],
identifier=self.identity_info['identifier'], data=self.identity_info['data'],
multipass_data=self.identity_info['multipass_data'])
logger.info('Created new identity for %s: %s', self.user, identity)
del session['login_identity_info']
db.session.flush()
login_user(self.user, identity)
return multipass.redirect_success()
def _reset_password(self, identity):
form = ResetPasswordForm()
if form.validate_on_submit():
identity.password = form.password.data
flash(_('Your password has been changed successfully.'), 'success')
login_user(identity.user, identity)
logger.info('Password reset confirmed for user %s', identity.user)
# We usually come here from a multipass login page so we should have a target url
return multipass.redirect_success()
form.username.data = identity.identifier
return WPAuth.render_template('reset_password.html', form=form, identity=identity, email_sent=False,
widget_attrs={'username': {'disabled': True}})
def undo_impersonate_user():
"""Undo an admin impersonation login and revert to the old user"""
from indico.modules.auth import logger
from indico.modules.users import User
try:
entry = session.pop('login_as_orig_user')
except KeyError:
# The user probably already switched back from another tab
return
user = User.get_one(entry['user_id'])
logger.info('Admin %r stopped impersonating user %r', user, session.user)
session.user = user
session.update(entry['session_data'])
def impersonate_user(user):
"""Impersonate another user as an admin"""
from indico.modules.auth import login_user, logger
current_user = session.user
# We don't overwrite a previous entry - the original (admin) user should be kept there
# XXX: Don't change this to setdefault - building `session_data` pops stuff from the session
if 'login_as_orig_user' not in session:
session['login_as_orig_user'] = {
'session_data': {k: session.pop(k) for k in session.keys() if k[0] != '_' or k in ('_timezone', '_lang')},
'user_id': session.user.id,
'user_name': session.user.get_full_name(last_name_first=False, last_name_upper=False)
}
login_user(user, admin_impersonation=True)
logger.info('Admin %r is impersonating user %r', current_user, user)
