def setup_change_pass_submit():
""" Set a new password """
user_id = session['user_id']
user = Users2.get_user(user_id)
if "newpass" not in request.form or "confirm" not in request.form:
flash("Please provide your new password")
return redirect(url_for("setup_change_pass"))
newpass = request.form['newpass']
confirm = request.form['confirm']
if len(newpass) < 7:
flash("Password is too short, please try something longer.")
return redirect(url_for("setup_change_pass"))
if not newpass == confirm:
flash("Passwords do not match")
return redirect(url_for("setup_change_pass"))
Users2.set_password(user_id=user_id, clearpass=newpass)
audit(1, user_id,
user_id,
"Setup", "%s reset password for %s." % (user['uname'], user['uname']))
flash("Password changed")
return redirect(url_for("setup_myprofile"))
def setup_change_pass_submit():
""" Set a new password """
user_id = session['user_id']
user = Users2.get_user(user_id)
if "newpass" not in request.form or "confirm" not in request.form:
flash("Please provide your new password")
return redirect(url_for("setup_change_pass"))
newpass = request.form['newpass']
confirm = request.form['confirm']
if len(newpass) < 7:
flash("Password is too short, please try something longer.")
return redirect(url_for("setup_change_pass"))
if not newpass == confirm:
flash("Passwords do not match")
return redirect(url_for("setup_change_pass"))
Users2.set_password(user_id=user_id, clearpass=newpass)
audit(1, user_id, user_id, "Setup",
"%s reset password for %s." % (user['uname'], user['uname']))
flash("Password changed")
return redirect(url_for("setup_myprofile"))
def setup_usercreate():
""" Show a page allowing the admin to enter user details
to create an account.
"""
user_id = session['user_id']
if not check_perm(user_id, -1, "useradmin"):
flash("You do not have User Administration access.")
return redirect(url_for('setup_top'))
new_uname = ""
new_fname = ""
new_sname = ""
new_email = ""
new_pass = ""
new_confirm = ""
error = None
if request.method == "POST":
form = request.form
if "usercreate_cancel" in form:
flash("User Account Creation Cancelled")
return redirect(url_for('setup_usersearch'))
if "usercreate_save" in form:
new_uname = form.get('new_uname', "")
new_fname = form.get('new_fname', "")
new_sname = form.get('new_sname', "")
new_email = form.get('new_email', "")
new_pass = form.get('new_pass', "")
new_confirm = form.get('new_confirm', "")
if not all((new_uname, new_email, new_pass, new_confirm)):
error = "Please fill in all fields."
elif Users2.uid_by_uname(new_uname):
error = "ERROR: An account already exists with that name"
elif new_confirm == "" or not new_confirm == new_pass:
error = "Passwords don't match (or are empty)"
else: # yaay, it's ok
# uname, passwd, givenname, familyname, acctstatus,
# studentid, email=None, expiry=None, source="local"
Users2.create(new_uname,
"nologin-creation",
new_fname,
new_sname,
2,
'',
new_email)
Users2.set_password(Users2.uid_by_uname(new_uname), new_pass)
flash("New User Account Created for %s" % new_uname)
new_uname = ""
new_fname = ""
new_sname = ""
new_email = ""
new_pass = ""
new_confirm = ""
if error:
flash(error)
return render_template(
'setup_usercreate.html',
new_uname=new_uname,
new_fname=new_fname,
new_sname=new_sname,
new_email=new_email,
new_pass=new_pass,
new_confirm=new_confirm
)
def login_signup_submit():
""" They've entered some information and want an account.
Do some checks and send them a confirmation email if all looks good.
"""
# TODO: How do we stop someone using this to spam someone?
if not OaConfig.open_registration:
abort(404)
form = request.form
if not ('username' in form and 'password' in form and 'confirm' in form
and 'email' in form):
flash("Please fill in all fields")
return redirect(url_for("login_signup"))
username = sanitize_username(form['username'])
password = form['password']
confirm = form['confirm']
email = form['email']
if username == "" or password == "" or confirm == "" or email == "":
flash("Please fill in all fields")
return redirect(url_for("login_signup"))
if not confirm == password:
flash("Passwords don't match")
return redirect(url_for("login_signup"))
# basic checks in case they entered their street address or something
# a fuller check is too hard or prone to failure
if "@" not in email or "." not in email:
flash("Email address doesn't appear to be valid")
return redirect(url_for("login_signup"))
existing = Users2.uid_by_uname(username)
if existing:
flash("An account with that name already exists, "
"please try another username.")
return redirect(url_for("login_signup"))
code = Users.gen_confirm_code()
newuid = Users.create(uname=username,
passwd="NOLOGIN",
email=email,
givenname=username,
familyname="",
acctstatus=1,
studentid="",
source="local",
confirm_code=code,
confirm=False)
Users2.set_password(newuid, password)
text_body = render_template(os.path.join("email", "confirmation.txt"),
code=code)
html_body = render_template(os.path.join("email", "confirmation.html"),
code=code)
send_email(email,
from_addr=None,
subject="OASIS Signup Confirmation",
text_body=text_body,
html_body=html_body)
return render_template("login_signup_submit.html", email=email)
def setup_usercreate():
""" Show a page allowing the admin to enter user details
to create an account.
"""
user_id = session['user_id']
if not check_perm(user_id, -1, "useradmin"):
flash("You do not have User Administration access.")
return redirect(url_for('setup_top'))
new_uname = ""
new_fname = ""
new_sname = ""
new_email = ""
new_pass = ""
new_confirm = ""
error = None
if request.method == "POST":
form = request.form
if "usercreate_cancel" in form:
flash("User Account Creation Cancelled")
return redirect(url_for('setup_usersearch'))
if "usercreate_save" in form:
new_uname = form.get('new_uname', "")
new_fname = form.get('new_fname', "")
new_sname = form.get('new_sname', "")
new_email = form.get('new_email', "")
new_pass = form.get('new_pass', "")
new_confirm = form.get('new_confirm', "")
if not all((new_uname, new_email, new_pass, new_confirm)):
error = "Please fill in all fields."
elif Users2.uid_by_uname(new_uname):
error = "ERROR: An account already exists with that name"
elif new_confirm == "" or not new_confirm == new_pass:
error = "Passwords don't match (or are empty)"
else: # yaay, it's ok
# uname, passwd, givenname, familyname, acctstatus,
# studentid, email=None, expiry=None, source="local"
Users2.create(new_uname, "nologin-creation", new_fname,
new_sname, 2, '', new_email)
Users2.set_password(Users2.uid_by_uname(new_uname), new_pass)
flash("New User Account Created for %s" % new_uname)
new_uname = ""
new_fname = ""
new_sname = ""
new_email = ""
new_pass = ""
new_confirm = ""
if error:
flash(error)
return render_template('setup_usercreate.html',
new_uname=new_uname,
new_fname=new_fname,
new_sname=new_sname,
new_email=new_email,
new_pass=new_pass,
new_confirm=new_confirm)
def login_signup_submit():
""" They've entered some information and want an account.
Do some checks and send them a confirmation email if all looks good.
"""
# TODO: How do we stop someone using this to spam someone?
if not OaConfig.open_registration:
abort(404)
form = request.form
if not ('username' in form
and 'password' in form
and 'confirm' in form
and 'email' in form):
flash("Please fill in all fields")
return redirect(url_for("login_signup"))
username = sanitize_username(form['username'])
password = form['password']
confirm = form['confirm']
email = form['email']
if username == "" or password == "" or confirm == "" or email == "":
flash("Please fill in all fields")
return redirect(url_for("login_signup"))
if not confirm == password:
flash("Passwords don't match")
return redirect(url_for("login_signup"))
# basic checks in case they entered their street address or something
# a fuller check is too hard or prone to failure
if "@" not in email or "." not in email:
flash("Email address doesn't appear to be valid")
return redirect(url_for("login_signup"))
existing = Users2.uid_by_uname(username)
if existing:
flash("An account with that name already exists, "
"please try another username.")
return redirect(url_for("login_signup"))
code = Users.gen_confirm_code()
newuid = Users.create(uname=username,
passwd="NOLOGIN",
email=email,
givenname=username,
familyname="",
acctstatus=1,
studentid="",
source="local",
confirm_code=code,
confirm=False)
Users2.set_password(newuid, password)
text_body = render_template(os.path.join("email", "confirmation.txt"), code=code)
html_body = render_template(os.path.join("email", "confirmation.html"), code=code)
send_email(email,
from_addr=None,
subject="OASIS Signup Confirmation",
text_body=text_body,
html_body=html_body)
return render_template("login_signup_submit.html", email=email)
