def post(self, email):
try:
account = self.get_account(email)
except ValueError as msg:
self.see_other('home', error=str(msg))
return
self.check_admin()
with AccountSaver(account, rqh=self) as saver:
saver['status'] = constants.ENABLED
saver.reset_password()
try:
template = settings['ACCOUNT_MESSAGES'][constants.ENABLED]
except KeyError:
pass
else:
with MessageSaver(rqh=self) as saver:
saver.create(
template,
account=account['email'],
password_url=self.absolute_reverse_url('password'),
password_code_url=self.absolute_reverse_url(
'password',
email=account['email'],
code=account['code']),
code=account['code'])
# Recipient is hardwired here.
saver.send([account['email']])
self.see_other('account', account['email'])
class AccountEnable(RequestHandler):
"Enable the account; from status pending or disabled."
@tornado.web.authenticated
def post(self, email):
try:
account = self.get_account(email)
except ValueError, msg:
self.see_other('home', error=str(msg))
return
self.check_admin()
with AccountSaver(account, rqh=self) as saver:
saver['status'] = constants.ENABLED
saver.reset_password()
# Prepare message sent by cron job script 'script/messenger.py'
try:
template = settings['ACCOUNT_MESSAGES'][constants.ENABLED]
except KeyError:
pass
else:
with MessageSaver(rqh=self) as saver:
saver.create(
template,
account=account['email'],
password_url=self.absolute_reverse_url('password'),
password_code_url=self.absolute_reverse_url(
'password',
email=account['email'],
code=account['code']),
code=account['code'])
# Recipient is hardwired here.
saver.send([account['email']])
self.see_other('account', account['email'])
def post(self):
URL = self.absolute_reverse_url
try:
account = self.get_account(self.get_argument('email'))
except (tornado.web.MissingArgumentError, ValueError):
self.see_other('home') # Silent error! Should not show existence.
else:
if account.get('status') == constants.PENDING:
self.see_other('home',
error='Cannot reset password.'
' Account has not been enabled.')
return
elif account.get('status') == constants.DISABLED:
self.see_other('home',
error='Cannot reset password.'
' Account is disabled; contact the site admin.')
return
with AccountSaver(doc=account, rqh=self) as saver:
saver.reset_password()
# Prepare message sent by cron job script 'script/messenger.py'
try:
template = settings['ACCOUNT_MESSAGES'][constants.RESET]
except KeyError:
pass
else:
with MessageSaver(rqh=self) as saver:
saver.create(template,
account=account['email'],
url=URL('password'),
password_url=URL('password'),
password_code_url=URL('password',
email=account['email'],
code=account['code']),
code=account['code'])
# Recipient is hardwired here.
saver.send([account['email']])
if self.current_user:
if not self.is_admin():
# Log out the user
self.set_secure_cookie(constants.USER_COOKIE, '')
self.see_other('home',
message="An email has been sent containing"
" a reset code. Please wait a couple of"
" minutes for it and use the link in it.")
def post(self):
URL = self.absolute_reverse_url
try:
account = self.get_account(self.get_argument('email'))
except (tornado.web.MissingArgumentError, ValueError):
self.see_other('home') # Silent error! Should not show existence.
else:
if account.get('status') == constants.PENDING:
self.see_other('home', error='Cannot reset password.'
' Account has not been enabled.')
return
elif account.get('status') == constants.DISABLED:
self.see_other('home', error='Cannot reset password.'
' Account is disabled; contact the site admin.')
return
with AccountSaver(doc=account, rqh=self) as saver:
saver.reset_password()
try:
template = settings['ACCOUNT_MESSAGES'][constants.RESET]
except KeyError:
pass
else:
with MessageSaver(rqh=self) as saver:
saver.create(template,
account=account['email'],
url=URL('password'),
password_url=URL('password'),
password_code_url=URL('password',
email=account['email'],
code=account['code']),
code=account['code'])
# Recipient is hardwired here.
saver.send([account['email']])
if self.current_user:
if not self.is_admin():
# Log out the user
self.set_secure_cookie(constants.USER_COOKIE, '')
self.see_other('home',
message="An email has been sent containing"
" a reset code. Use the link in the email."
" (Check your spam filter!)")
def post(self):
if not self.global_modes['allow_registration']:
self.see_other('home', error='Registration is currently disabled.')
return
try:
with AccountSaver(rqh=self) as saver:
email = self.get_argument('email', None)
saver['first_name'] = self.get_argument('first_name', None)
saver['last_name'] = self.get_argument('last_name', None)
university = self.get_argument('university', None)
if not university:
university = self.get_argument('university_other', None)
saver['university'] = university
saver['department'] = self.get_argument('department', None)
saver['pi'] = utils.to_bool(self.get_argument('pi', False))
gender = self.get_argument('gender', None)
if gender:
saver['gender'] = gender.lower()
group_size = self.get_argument('group_size', None)
if group_size:
saver['group_size'] = group_size
try:
saver['subject'] = int(self.get_argument('subject'))
except (tornado.web.MissingArgumentError, ValueError,
TypeError):
saver['subject'] = None
saver['address'] = dict(
address=self.get_argument('address', None),
zip=self.get_argument('zip', None),
city=self.get_argument('city', None),
country=self.get_argument('country', None))
saver['invoice_ref'] = self.get_argument('invoice_ref', None)
saver['invoice_address'] = dict(
address=self.get_argument('invoice_address', None),
zip=self.get_argument('invoice_zip', None),
city=self.get_argument('invoice_city', None),
country=self.get_argument('invoice_country', None))
saver['phone'] = self.get_argument('phone', None)
if not email:
raise ValueError('Email is required.')
saver.set_email(email)
saver['owner'] = saver['email']
saver['role'] = constants.USER
saver['status'] = constants.PENDING
saver.check_required()
saver.erase_password()
except ValueError as msg:
kwargs = OD()
for key in self.KEYS:
kwargs[key] = saver.get(key) or ''
for key in self.ADDRESS_KEYS:
kwargs[key] = saver.get('address', {}).get(key) or ''
for key in self.ADDRESS_KEYS:
kwargs['invoice_' + key] = saver.get('invoice_address', {}).\
get(key) or ''
self.see_other('register', error=str(msg), **kwargs)
return
try:
template = settings['ACCOUNT_MESSAGES'][constants.PENDING]
except KeyError:
pass
else:
account = saver.doc
with MessageSaver(rqh=self) as saver:
saver.create(template,
account=account['email'],
url=self.absolute_reverse_url(
'account', account['email']))
# Recipients are hardwired here.
saver.send([a['email'] for a in self.get_admins()])
self.see_other('registered')
def post(self):
"""Login to a account account. Set a secure cookie.
Forward to account edit page if first login.
Log failed login attempt. Disable account if too many recent.
"""
try:
email = self.get_argument('email')
password = self.get_argument('password')
except tornado.web.MissingArgumentError:
self.see_other('home', error='Missing email or password argument.')
return
msg = 'Sorry, no such account or invalid password.'
try:
account = self.get_account(email)
except ValueError as msg:
self.see_other('home', error=str(msg))
return
if utils.hashed_password(password) != account.get('password'):
utils.log(self.db,
self,
account,
changed=dict(login_failure=account['email']))
view = self.db.view('log/login_failure',
startkey=[account['_id'],
utils.timestamp(-1)],
endkey=[account['_id'],
utils.timestamp()])
# Disable account if too many recent login failures.
if len(list(view)) > settings['LOGIN_MAX_FAILURES']:
logging.warning(
"account %s has been disabled due to"
" too many login failures", account['email'])
with AccountSaver(doc=account, rqh=self) as saver:
saver['status'] = constants.DISABLED
saver.erase_password()
msg = "Too many failed login attempts: Your account has been" \
" disabled. Contact the site administrator %s." % \
settings.get('SITE_SUPPORT_EMAIL', '')
# Prepare email message
try:
template = settings['ACCOUNT_MESSAGES'][constants.DISABLED]
except KeyError:
pass
else:
with MessageSaver(rqh=self) as saver:
saver.create(template)
# Recipient is hardwired here.
saver.send([account['email']])
self.see_other('home', error=msg)
return
try:
if not account.get('status') == constants.ENABLED:
raise ValueError
except ValueError:
msg = "Account is disabled. Contact the site administrator %s." % \
settings.get('SITE_SUPPORT_EMAIL', '')
self.see_other('home', error=msg)
return
if not self.global_modes['allow_login'] \
and account['role'] != constants.ADMIN:
self.see_other('home', error='Login is currently disabled.')
return
self.set_secure_cookie(constants.USER_COOKIE,
account['email'],
expires_days=settings['LOGIN_MAX_AGE_DAYS'])
logging.info("Basic auth login: account %s", account['email'])
with AccountSaver(doc=account, rqh=self) as saver:
saver['login'] = utils.timestamp() # Set login timestamp.
if account.get('update_info'):
self.see_other(
'account_edit',
account['email'],
message='Please review and update your account information.')
return
next = self.get_argument('next', None)
if next is None:
self.see_other('home')
else:
# Not quite right: should be an absolute URL to redirect.
# But seems to work anyway.
self.redirect(next)