def test_create_duplicate_person(self): Dummy_smtplib.install() # create a fake user p = Person(email_address='*****@*****.**') p.activated = True self.dbsession.save(p) self.dbsession.flush() pid = p.id resp = self.app.get('/person/new') f = resp.form f['person.email_address'] = '*****@*****.**' f['person.firstname'] = 'Testguy' f['person.lastname'] = 'McTest' f['person.password'] = '******' f['person.password_confirm'] = 'test' f['person.phone'] = '1234' f['person.mobile'] = '1234' f['person.address1'] = 'Moo St' f['person.city'] = 'Tassie' f['person.country'] = 'Australia' f['person.postcode'] = '2000' resp = f.submit() resp.mustcontain('A person with this email already exists.') resp.click('recover your password') self.dbsession.delete(self.dbsession.query(Person).get(pid)) self.dbsession.flush()
def _forgotten_password(self): """Action to let the user request a password change. GET returns a form for emailing them the password change confirmation. POST checks the form and then creates a confirmation record: date, email_address, and a url_hash that is a hash of a combination of date, email_address, and a random nonce. The email address must exist in the person database. The second half of the password change operation happens in the ``confirm`` action. """ c.email = self.form_result['email_address'] c.person = Person.find_by_email(c.email) if c.person is not None: # Check if there is already a password recovery in progress reset = PasswordResetConfirmation.find_by_email(c.email) if reset is not None: return render('person/in_progress.mako') # Ok kick one off c.conf_rec = PasswordResetConfirmation(email_address=c.email) meta.Session.add(c.conf_rec) meta.Session.commit() email(c.email, render('person/confirmation_email.mako')) return render('person/password_confirmation_sent.mako')
def _edit(self, id): """UPDATE PERSON""" # We need to recheck auth in here so we can pass in the id if not h.auth.authorized( h.auth.Or(h.auth.is_same_zookeepr_user(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.person = Person.find_by_id(id) for key in self.form_result['person']: setattr(c.person, key, self.form_result['person'][key]) for sn in self.form_result['social_network']: network = SocialNetwork.find_by_name(sn['name']) if sn['account_name']: c.person.social_networks[network] = sn['account_name'] elif network in c.person.social_networks: del c.person.social_networks[network] # update the objects with the validated form data meta.Session.commit() redirect_to(action='view', id=id)
def _new(self): # Do we allow account creation? if lca_info['account_creation']: """Create a new person submit. """ # Remove fields not in class results = self.form_result['person'] del results['password_confirm'] del results['email_address2'] c.person = Person(**results) c.person.email_address = c.person.email_address.lower() meta.Session.add(c.person) #for sn in self.form_result['social_network']: # network = SocialNetwork.find_by_name(sn['name']) # if sn['account_name']: # c.person.social_networks[network] = sn['account_name'] meta.Session.commit() if lca_rego['confirm_email_address'] == 'no': redirect_to(controller='person', action='confirm', confirm_hash=c.person.url_hash) else: email(c.person.email_address, render('/person/new_person_email.mako')) return render('/person/thankyou.mako') else: return render('/not_allowed.mako')
def test_registration_confirmation(self): # insert registration model object timestamp = datetime.datetime.now() email_address = '*****@*****.**' password = '******' handle = 'testguy' r = Person(creation_timestamp=timestamp, email_address=email_address, password=password, handle=handle, activated=False) url_hash = r.url_hash print url_hash self.dbsession.save(r) self.dbsession.flush() rid = r.id print r # clear so that we reload the object later self.dbsession.clear() # visit the link response = self.app.get('/person/confirm/' + url_hash) response.mustcontain('Thanks for confirming your account') # test that it's activated r = self.dbsession.get(Person, rid) self.assertEqual(True, r.activated, "registration was not activated") # clean up self.dbsession.delete(self.dbsession.query(Person).get(rid)) self.dbsession.flush()
def signed_in_person(): email_address = request.environ.get("REMOTE_USER") if email_address is None: return None person = Person.find_by_email(email_address, True) return person
def check(self, app, environ, start_response): if not environ.get('REMOTE_USER'): set_redirect() raise NotAuthenticatedError('Not Authenticated') person = Person.find_by_email(environ['REMOTE_USER']) if person is None: environ['auth_failure'] = 'NO_USER' raise NotAuthorizedError( 'You are not one of the users allowed to access this resource.' ) registration = Registration.find_by_id(self.registration_id) if registration is None: raise NotAuthorizedError( "Registration doesn't exist" ) if person.id <> registration.person_id: set_role("Registration is not for this user"); raise NotAuthorizedError( "Registration is not for this user" ) return app(environ, start_response)
def check(self, app, environ, start_response): if not environ.get('REMOTE_USER'): raise NotAuthenticatedError('Not Authenticated') person = Person.find_by_email(environ['REMOTE_USER']) if person is None: environ['auth_failure'] = 'NO_USER' raise NotAuthorizedError( 'You are not one of the users allowed to access this resource.' ) funding = Funding.find_by_id(self.funding_id) if funding is None: raise NotAuthorizedError( "Funding Request doesn't exist" ) if person != funding.person: set_role("User doesn't have any of the specified roles") raise NotAuthorizedError( "User doesn't have any of the specified roles" ) return app(environ, start_response)
def check(self, app, environ, start_response): if not environ.get('REMOTE_USER'): set_redirect() raise NotAuthenticatedError('Not Authenticated') person = Person.find_by_email(environ['REMOTE_USER']) if person is None: environ['auth_failure'] = 'NO_USER' raise NotAuthorizedError( 'You are not one of the users allowed to access this resource.' ) proposal = Proposal.find_by_id(self.proposal_id) if proposal is None: raise NotAuthorizedError( "Proposal doesn't exist" ) if person not in proposal.people: set_role("User doesn't have any of the specified roles") raise NotAuthorizedError( "User doesn't have any of the specified roles" ) return app(environ, start_response)
def validate_python(self, value, state): person = Person.find_by_email(value) if person is None: msg = ( "Your supplied e-mail does not exist in our database. Please try again or if you continue to have problems, contact %s." % lca_info["contact_email"] ) raise Invalid(msg, value, state, error_dict={"email_address": msg})
def index(self): c.DAYS_OPEN = DAYS_OPEN c.open_date = lca_info.lca_info['date'] days_open = (datetime.date.today() - c.open_date.date()).days photo_db = PhotoCompEntry.read_db() photos = [ photo for days in photo_db.values() for entries in days for photo in entries if photo is not None and photo.day < days_open ] c.no_photos = not photos day_filter = request.GET.get('day', 'All') if day_filter and day_filter != 'All': photos = [p for p in photos if str(p.day) == day_filter] person_filter = request.GET.get('person', 'All') if person_filter and person_filter != 'All': photos = [p for p in photos if str(p.person_id) == person_filter] submitted = request.GET.get('s', None) randomise = not submitted or 'randomise' in request.GET if randomise: random.shuffle(photos) else: photos.sort(key=lambda p: (p.day, p.person_id, p.entry_id)) person_map = {} for photo in photos: photo.write_scaled() person_map[photo.person_id] = None c.all_person = [] for person_id in person_map: person = Person.find_by_id(person_id) person_map[person_id] = person c.all_person.append(person) c.all_person.sort(key=lambda person: (person.firstname + " " + person.lastname).lower()) c.photos = photos def photo_title(photo): return "%s %s, %s entry %s, %s" % ( person_map[photo.person_id].firstname, person_map[photo.person_id].lastname, (c.open_date + datetime.timedelta(photo.day)).strftime('%A'), ENTRY_NAMES[photo.entry_id], photo.image_name, ) c.photo_title = photo_title field_values = { 'day': day_filter, 'person': person_filter, } if randomise: field_values['randomise'] = '1' if submitted == 'Full Screen' and photos: html = render('/photocomp/index-fullscreen.mako') else: html = render('/photocomp/index.mako') return htmlfill.render(html, field_values)
def view(self, id): # We need to recheck auth in here so we can pass in the id if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_user(id), h.auth.has_reviewer_role, h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.registration_status = h.config['app_conf'].get('registration_status') c.person = Person.find_by_id(id) return render('person/view.mako')
def index(self): c.DAYS_OPEN = DAYS_OPEN c.open_date = lca_info.lca_info['date'] days_open = (datetime.date.today() - c.open_date.date()).days photo_db = PhotoCompEntry.read_db() photos = [ photo for days in photo_db.values() for entries in days for photo in entries if photo is not None and photo.day < days_open] c.no_photos = not photos day_filter = request.GET.get('day', 'All') if day_filter and day_filter != 'All': photos = [p for p in photos if str(p.day) == day_filter] person_filter = request.GET.get('person', 'All') if person_filter and person_filter != 'All': photos = [p for p in photos if str(p.person_id) == person_filter] submitted = request.GET.get('s', None) randomise = not submitted or 'randomise' in request.GET if randomise: random.shuffle(photos) else: photos.sort(key=lambda p: (p.day, p.person_id, p.entry_id)) person_map = {} for photo in photos: photo.write_scaled() person_map[photo.person_id] = None c.all_person = [] for person_id in person_map: person = Person.find_by_id(person_id) person_map[person_id] = person c.all_person.append(person) c.all_person.sort(key=lambda person: (person.firstname + " " + person.lastname).lower()) c.photos = photos def photo_title(photo): return "%s %s, %s entry %s, %s" % ( person_map[photo.person_id].firstname, person_map[photo.person_id].lastname, (c.open_date + datetime.timedelta(photo.day)).strftime('%A'), ENTRY_NAMES[photo.entry_id], photo.image_name,) c.photo_title = photo_title field_values = { 'day': day_filter, 'person': person_filter, } if randomise: field_values['randomise'] = '1' if submitted == 'Full Screen' and photos: html = render('/photocomp/index-fullscreen.mako') else: html = render('/photocomp/index.mako') return htmlfill.render(html, field_values)
def user_exists(self, username): """ Returns ``True`` if the user exists, ``False`` otherwise. Users are case insensitive. """ person = Person.find_by_email(username) if person is not None: return True return False
def view(self, id): # We need to recheck auth in here so we can pass in the id if not h.auth.authorized( h.auth.Or(h.auth.is_same_zookeepr_user(id), h.auth.has_reviewer_role, h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.registration_status = h.config['app_conf'].get('registration_status') c.person = Person.find_by_id(id) return render('person/view.mako')
def validate_python(self, values, state): c.email = values['email_address'] c.person = Person.find_by_email(c.email) error_message = None if c.person is None: error_message = "Your sign-in details are incorrect; try the 'Forgotten your password' link below or sign up for a new person." elif not c.person.activated: error_message = "You haven't yet confirmed your registration, please refer to your email for instructions on how to do so." elif not c.person.check_password(values['password']): error_message = "Your sign-in details are incorrect; try the 'Forgotten your password' link below or sign up for a new person." if error_message: message = "Login failed" error_dict = {'email_address': error_message} raise Invalid(message, values, state, error_dict=error_dict)
def check(self, app, environ, start_response): if not environ.get('REMOTE_USER'): set_redirect() raise NotAuthenticatedError('Not Authenticated') person = Person.find_by_email(environ['REMOTE_USER']) if Person is None: environ['auth_failure'] = 'NO_USER' raise NotAuthorizedError( 'You are not one of the users allowed to access this resource.' ) return app(environ, start_response)
def edit(self, id): # We need to recheck auth in here so we can pass in the id if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_user(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.form = 'edit' c.person = Person.find_by_id(id) c.social_networks = SocialNetwork.find_all() c.person.fetch_social_networks() defaults = h.object_to_defaults(c.person, 'person') defaults['person.email_address2'] = c.person.email_address form = render('/person/edit.mako') return htmlfill.render(form, defaults)
def _reset_password(self, url_hash): """Confirm a password change request, and let the user change their password. `url_hash` is a hash of the email address, with which we can look up the confuirmation record in the database. If `url_hash` doesn't exist, 404. If `url_hash` exists and the date is older than 24 hours, warn the user, offer to send a new confirmation, and delete the confirmation record. GET returns a form for setting their password, with their email address already shown. POST checks that the email address (in the session, not in the form) is part of a valid person record (again). If the record exists, then update the password, hashed. Report success to the user. Delete the confirmation record. If the record doesn't exist, throw an error, delete the confirmation record. """ c.conf_rec = PasswordResetConfirmation.find_by_url_hash(url_hash) now = datetime.datetime.now(c.conf_rec.timestamp.tzinfo) delta = now - c.conf_rec.timestamp if delta > datetime.timedelta(hours=24): # this confirmation record has expired meta.Session.delete(c.conf_rec) meta.Session.commit() return render('person/expired.mako') person = Person.find_by_email(c.conf_rec.email_address) if person is None: raise RuntimeError, "Person doesn't exist %s" % c.conf_rec.email_address # set the password person.password = self.form_result['password'] # also make sure the person is activated person.activated = True # delete the conf rec meta.Session.delete(c.conf_rec) meta.Session.commit() return render('person/success.mako')
def user_has_role(self, username, role): """ Returns ``True`` if the user has the role specified, ``False`` otherwise. Raises an exception if the user doesn't exist. """ if not self.user_exists(username.lower()): raise users.AuthKitNoSuchUserError("No such user %r"%username.lower()) if not self.role_exists(role.lower()): raise users.AuthKitNoSuchRoleError("No such role %r"%role.lower()) person = Person.find_by_email(username) if person is None: return False for role_ in person.roles: if role_.name == role.lower(): return True return False
def confirm(self, confirm_hash): """Confirm a registration with the given ID. `confirm_hash` is a md5 hash of the email address of the registrant, the time they regsitered, and a nonce. """ person = Person.find_by_url_hash(confirm_hash) if person.activated: return render('person/already_confirmed.mako') person.activated = True meta.Session.commit() return render('person/confirmed.mako')
def edit(self, id): # We need to recheck auth in here so we can pass in the id if not h.auth.authorized( h.auth.Or(h.auth.is_same_zookeepr_user(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.form = 'edit' c.person = Person.find_by_id(id) c.social_networks = SocialNetwork.find_all() c.person.fetch_social_networks() defaults = h.object_to_defaults(c.person, 'person') defaults['person.email_address2'] = c.person.email_address form = render('/person/edit.mako') return htmlfill.render(form, defaults)
def test_confirm(self): """Test confirmation of a password reset that should succeed""" # create a confirmation record email = '*****@*****.**' p = Person(email_address=email) self.dbsession.save(p) c = PasswordResetConfirmation(email_address=email) # set the timestamp to just under 24 hours ago c.timestamp = datetime.datetime.now() - datetime.timedelta(23, 59, 59) self.dbsession.save(c) self.dbsession.flush() pid = p.id cid = c.id resp = self.app.get( url_for(controller='person', action='reset_password', url_hash=c.url_hash)) # showing the email on the page resp.mustcontain(email) f = resp.form f['password'] = '******' f['password_confirm'] = 'test' resp = f.submit() # check for success resp.mustcontain("Your password has been updated") self.dbsession.clear() # conf rec should be gone c = self.dbsession.get(PasswordResetConfirmation, cid) self.assertEqual(None, c) # password should be set to 'test' p_hash = md5.new('test').hexdigest() p = self.dbsession.get(Person, pid) self.assertEqual(p_hash, p.password_hash) self.dbsession.delete(p) self.dbsession.flush()
def _edit(self, id): """UPDATE PERSON""" # We need to recheck auth in here so we can pass in the id if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_user(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.person = Person.find_by_id(id) for key in self.form_result['person']: setattr(c.person, key, self.form_result['person'][key]) for sn in self.form_result['social_network']: network = SocialNetwork.find_by_name(sn['name']) if sn['account_name']: c.person.social_networks[network] = sn['account_name'] elif network in c.person.social_networks: del c.person.social_networks[network] # update the objects with the validated form data meta.Session.commit() redirect_to(action='view', id=id)
def _roles(self, id): """ Lists and changes the person's roles. """ c.person = Person.find_by_id(id) c.roles = Role.find_all() role = self.form_result['role'] action = self.form_result['action'] role = Role.find_by_name(name=role) if action == 'Revoke' and role in c.person.roles: c.person.roles.remove(role) h.flash('Role ' + role.name + ' Revoked') elif action == 'Grant' and role not in c.person.roles: c.person.roles.append(role) h.flash('Role ' + role.name + ' Granted') else: h.flash("Nothing to do") meta.Session.commit() return render('person/roles.mako')
def test_duplicate_password_reset(self): """Try to reset a password twice. """ c = Person(email_address='*****@*****.**') self.dbsession.save(c) self.dbsession.flush() cid = c.id # email = '*****@*****.**' # trap smtp Dummy_smtplib.install() resp = self.app.get(url_for(controller='person', action='signin')) resp = resp.click('Forgotten your password?') f = resp.forms[0] f['email_address'] = email f.submit() crec = self.dbsession.query(PasswordResetConfirmation).filter_by( email_address=email).one() self.failIfEqual(None, crec) crecid = crec.id # submit a second time resp = f.submit() resp.mustcontain("password recovery process is already in progress") # clean up Dummy_smtplib.existing.reset() self.dbsession.delete( self.dbsession.query(PasswordResetConfirmation).get(crecid)) self.dbsession.delete(self.dbsession.query(Person).get(cid)) self.dbsession.flush()
def roles(self, id): c.person = Person.find_by_id(id) c.roles = Role.find_all() return render('person/roles.mako')
def _to_python(self, value, state): person = Person.find_by_id(int(value), abort_404=False) if person is None: raise Invalid("Unknown person ID.", value, state) else: return person
def index(self): c.person_collection = Person.find_all() return render('/person/list.mako')
def reprint(self, id): c.person = Person.find_by_id(id) c.person.badge_printed = False meta.Session.commit() redirect_to(action='view', id=id)
def validate_python(self, value, state): person = Person.find_by_email(value) if person is None: msg = 'Your supplied e-mail does not exist in our database. Please try again or if you continue to have problems, contact %s.' % lca_info['contact_email'] raise Invalid(msg, value, state, error_dict={'email_address': msg})
def validate_python(self, values, state): person = Person.find_by_email(values["email_address"]) if person is not None: msg = "A person with this email already exists. Please try signing in first." raise Invalid(msg, values, state, error_dict={"email_address": msg})
def _to_python(self, value, state): return Person.find_by_id(int(value))
def validate_python(self, values, state): person = Person.find_by_email(values['email_address']) if person is not None: msg = "A person with this email already exists. Please try signing in first." raise Invalid(msg, values, state, error_dict={'email_address': msg})