Esempio n. 1
0
    def POST(self, USERNAME, PASSWORD, LOGIN_BUTTON="", url=""):

        if LOGIN_BUTTON:
            if user_exists(USERNAME):

                if potential_attack(USERNAME):
                    deactivate_user(USERNAME)
                    logger.security("user account deactivated")

                elif user.login(USERNAME, PASSWORD):
                    username = user.username
                    user_id = user.id
                    msg = '<a href="/users/%(user_id)s">%(username)s</a> logged in' % locals()
                    logger.info("user %s successfully logged in" % USERNAME)
                    logger.activity("session", msg)
                    return redirect_to("/")
            else:
                logger.security("unknown username (%s)" % USERNAME)

            logger.security("failed login attempt", USERNAME)
            error("invalid username or password")

        else:
            # API call
            if user.login(USERNAME, PASSWORD):
                return "OK"
            else:
                return "FAIL"
Esempio n. 2
0
    def insert(cls, form):
        values = form.evaluate()
        username = values['USERNAME'].lower()
        password = gen_password()

        values['FIRSTNAME'] = values['FIRST_NAME']
        values['LASTNAME'] = values['LAST_NAME']
        values['LOGINID'] = username
        values['PASSWORD'] = ''
        values['DTUPD'] = values['DTADD'] = datetime.datetime.now()
        values['STATUS'] = 'A'

        users = db.table('dz_users', 'USERID')
        id = users.insert(values)

        db('delete from dz_members where userid=%s',
           id)  # make sure new users have no memberships
        add_user(values['LOGINID'], 'users')

        new_user = ZoomUser(username)
        new_user.set_password(password)

        msg = '<a href="/users/%s">%s</a> added new user <a href="/users/%s">%s</a>'
        logger.activity(
            'users',
            msg % (user.id, user.username, new_user.id, new_user.username))
        audit('created user account', new_user.username)

        if values['SEND_INVITATION'] == True:
            recipients = [values['EMAIL']]
            tpl = load('welcome.md')
            t = dict(
                first_name=values['FIRST_NAME'],
                username=username,
                password=password,
                site_name=site_name(),
                site_url=site_url(),
                admin_email='*****@*****.**',
                owner_name=owner_name(),
            )
            body = markdown(viewfill(tpl, t.get))
            subject = 'Welcome - ' + site_name()
            send(recipients, subject, body)
            message('invitation sent')
Esempio n. 3
0
    def insert(cls, form):
        values = form.evaluate()
        username = values['USERNAME'].lower()
        password = gen_password()

        values['FIRSTNAME'] = values['FIRST_NAME']
        values['LASTNAME'] = values['LAST_NAME']
        values['LOGINID'] = username
        values['PASSWORD'] = ''
        values['DTUPD'] = values['DTADD'] = datetime.datetime.now()
        values['STATUS'] = 'A'

        users = db.table('dz_users','USERID')
        id = users.insert(values)

        db('delete from dz_members where userid=%s', id) # make sure new users have no memberships
        add_user(values['LOGINID'], 'users')

        new_user = ZoomUser(username)
        new_user.set_password(password)

        msg = '<a href="/users/%s">%s</a> added new user <a href="/users/%s">%s</a>' 
        logger.activity('users', msg % (user.id, user.username, new_user.id, new_user.username))
        audit('created user account', new_user.username)

        if values['SEND_INVITATION'] == True:
            recipients = [values['EMAIL']]
            tpl = load('welcome.md')
            t = dict(
                    first_name = values['FIRST_NAME'],
                    username = username,
                    password = password,
                    site_name = site_name(),
                    site_url = site_url(),
                    admin_email = '*****@*****.**',
                    owner_name = owner_name(),
                    )
            body = markdown(viewfill(tpl, t.get))
            subject = 'Welcome - ' + site_name()
            send(recipients, subject, body)
            message('invitation sent')
Esempio n. 4
0
    def login_button(self):

        if login_form.validate(data):

            values = login_form.evaluate()

            username = values['USERNAME']
            password = values['PASSWORD']
            remember_me = values['REMEMBER_ME']

            as_api = os.environ.get('HTTP_ACCEPT','') == 'application/json'

            if user_exists(username):
                if potential_attack(username):
                    deactivate_user(username)
                    logger.security('user account (%s) deactivated' % username)
                elif user.login(username, password, remember_me):
                    if as_api:
                        logger.info('user %s successfully logged in via api' % username)
                        return '{}'
                    else:
                        username = user.username
                        user_id = user.id
                        msg = '<a href="/users/%(user_id)s">%(username)s</a> logged in' % locals()
                        logger.activity('session', msg)
                        logger.info('user %s successfully logged in' % username)

                        referrer = data.get('referrer')
                        if referrer:
                            return redirect_to(referrer)
                        return redirect_to('/'+user.default_app)
            else:
                logger.security('unknown username (%s)' % username)
            logger.security('failed login attempt', username)

            if as_api:
                return '{"message": "invalid username or password"}'
            else:
                error('invalid username or password')
Esempio n. 5
0
 def delete(self):
     msg = '<a href="/users/%s">%s</a> deleted user %s'
     logger.activity('users', msg % (user.id, user.username, self.username))
     audit('delete user account', self.username, '')
     return Users.delete(self.id)
Esempio n. 6
0
 def delete(self):
     msg = '<a href="/users/%s">%s</a> deleted user %s' 
     logger.activity('users', msg % (user.id, user.username, self.username))
     audit('delete user account', self.username, '')
     return Users.delete(self.id)