def confirm_registration_view(context, request):
form = Form(Confirm(), buttons=('confirm',))
pending = request.registry.queryAdapter(context, IRegistrations,
name='pending')
if pending is None: #pragma NO COVERAGE
pending = PendingRegistrations(context)
if 'confirm' in request.POST:
try:
appstruct = form.validate(request.POST.items())
except ValidationFailure, e:
rendered_form = e.render()
else:
email = appstruct['email']
token = appstruct['token']
info = pending.get(email)
if info is None:
return HTTPFound(
location=view_url(context, request,
'register_url',
'register.html',
message=REGISTER_FIRST,
))
if token != info.token:
return HTTPFound(
location=view_url(context, request,
'confirmation_url',
'confirm_registration.html',
email=email,
message=CHECK_TOKEN,
))
confirmed = request.registry.queryAdapter(context, IRegistrations,
name='confirmed')
if confirmed is None: #pragma NO COVERAGE
confirmed = ConfirmedRegistrations(context)
pending.remove(email)
uuid = getRandomToken(request)
confirmed.set(uuid,
email=email,
login=email,
password=None,
security_question=None,
security_answer=None,
token=None,
)
info = confirmed.get(uuid)
after_confirmation_url = view_url(context, request,
'after_confirmation_url',
'edit_account.html',
)
auto_login = request.registry.queryUtility(IAutoLogin)
if auto_login is not None:
headers = auto_login(uuid, request)
return HTTPFound(location=after_confirmation_url,
headers=headers)
else:
sendGeneratedPassword(request, uuid, confirmed)
return HTTPFound(location=after_confirmation_url)
def register_view(context, request):
form = Form(Signup(), buttons=('register',))
rendered_form = form.render(null)
if 'register' in request.POST:
try:
appstruct = form.validate(request.POST.items())
except ValidationFailure, e:
rendered_form = e.render()
else:
pending = request.registry.queryAdapter(context, IRegistrations,
name='pending')
if pending is None: #pragma NO COVERAGE
pending = PendingRegistrations(context)
email = appstruct['email']
token = getRandomToken(request)
pending.set(email, token=token)
from_addr = request.registry.settings['cartouche.from_addr']
delivery = request.registry.queryUtility(IMailDelivery,
default=localhost_mta)
confirmation_url = view_url(context, request, 'confirmation_url',
'confirm_registration.html',
email=email)
body = REGISTRATION_EMAIL % {'token': token,
'confirmation_url': confirmation_url}
message = Message()
message['Subject'] = 'Site registration confirmation'
message.set_payload(body)
delivery.send(from_addr, [email], message)
return HTTPFound(location=confirmation_url)
def recover_account_view(context, request):
form = Form(RecoverAccount(), buttons=('recover',))
rendered_form = form.render(null)
confirmed = request.registry.queryAdapter(context, IRegistrations,
name='confirmed')
if confirmed is None: #pragma NO COVERAGE
confirmed = ConfirmedRegistrations(context)
login_url = view_url(context, request, 'login_url', 'login.html')
registry = request.registry
message = request.GET.get('message')
if 'recover' in request.POST:
try:
appstruct = form.validate(request.POST.items())
except ValidationFailure, e: #pragma NO COVER
rendered_form = e.render()
else:
email = appstruct['email']
record = confirmed.get_by_email(email)
if record is not None:
from_addr = registry.settings['cartouche.from_addr']
login = record.login
body = RECOVERY_EMAIL % {'login': login,
'login_url': login_url}
delivery = registry.queryUtility(IMailDelivery,
default=localhost_mta)
email_message = Message()
email_message['Subject'] = 'Account recovery'
email_message.set_payload(body)
delivery.send(from_addr, [email], email_message)
#else: # DO NOT report lookup errors
return HTTPFound(location=login_url)
def register_view(context, request):
form = Form(Signup(), buttons=('register', ))
rendered_form = form.render(null)
if 'register' in request.POST:
try:
appstruct = form.validate(request.POST.items())
except ValidationFailure, e:
rendered_form = e.render()
else:
pending = request.registry.queryAdapter(context,
IRegistrations,
name='pending')
if pending is None: #pragma NO COVERAGE
pending = PendingRegistrations(context)
email = appstruct['email']
token = getRandomToken(request)
pending.set(email, token=token)
from_addr = request.registry.settings['cartouche.from_addr']
delivery = request.registry.queryUtility(IMailDelivery,
default=localhost_mta)
confirmation_url = view_url(context,
request,
'confirmation_url',
'confirm_registration.html',
email=email)
body = REGISTRATION_EMAIL % {
'token': token,
'confirmation_url': confirmation_url
}
message = Message()
message['Subject'] = 'Site registration confirmation'
message.set_payload(body)
delivery.send(from_addr, [email], message)
return HTTPFound(location=confirmation_url)
def _callFUT(self, context=None, request=None,
key='view_url', default_name='view.html', **extra_qs):
from cartouche.util import view_url
if context is None:
context = self._makeContext()
if request is None:
request = self._makeRequest()
return view_url(context, request, key, default_name, **extra_qs)
def login_view(context, request):
whence = request.registry.queryUtility(ICameFromURL)
if whence is not None:
came_from = whence(request)
else:
came_from = resource_url(context, request)
form = Form(Login(), buttons=('login',))
rendered_form = form.render({'came_from': came_from})
message = request.GET.get('message')
if 'login' in request.POST:
try:
appstruct = form.validate(request.POST.items())
except ValidationFailure as e:
rendered_form = e.render()
message = 'Please supply required values'
else:
credentials = {'login': appstruct['login_name'],
'password': appstruct['password'],
}
api = get_api(request.environ)
identity, headers = api.login(credentials)
if identity is not None:
came_from = appstruct.get('came_from')
if came_from is None:
came_from = resource_url(context, request)
return HTTPFound(location=came_from, headers=headers)
message = 'Login failed'
main_template = get_renderer('templates/main.pt')
return {'main_template': main_template.implementation(),
'came_from': came_from,
'rendered_form': rendered_form,
'message': message,
'register_url': view_url(context, request,
'register_url',
'register.html'),
'recover_account_url': view_url(context, request,
'recover_account_url',
'recover_account.html'),
'reset_password_url': view_url(context, request,
'reset_password_url',
'reset_password.html'),
}
def edit_account_view(context, request):
confirmed = request.registry.queryAdapter(context,
IRegistrations,
name='confirmed')
if confirmed is None: #pragma NO COVERAGE
confirmed = ConfirmedRegistrations(context)
identity = request.environ.get('repoze.who.identity')
if identity is None:
return HTTPUnauthorized()
userid = identity['repoze.who.userid']
account_info = confirmed.get(userid)
if account_info is None:
return HTTPForbidden()
appstruct = {
'login_name': account_info.login,
'email': account_info.email,
'security': {
'question': account_info.security_question or '',
'answer': account_info.security_answer or '',
},
}
schema = EditAccount().bind(current_login_name=account_info.login,
confirmed=confirmed,
old_password=account_info.password)
form = Form(schema, buttons=('update', ))
rendered_form = form.render(appstruct)
if 'update' in request.POST:
try:
appstruct = form.validate(request.POST.items())
except ValidationFailure, e:
rendered_form = e.render()
else:
login = appstruct['login_name']
email = appstruct['email']
pwd_mgr = SSHAPasswordManager()
password = pwd_mgr.encodePassword(appstruct['password'])
security_question = appstruct['security']['question']
security_answer = appstruct['security']['answer']
confirmed.set(
userid,
email=email,
login=login,
password=password,
security_question=security_question,
security_answer=security_answer,
)
return HTTPFound(location=view_url(
context,
request,
'after_edit_url',
request.view_name,
))
def logout_view(context, request):
if 'logout' in request.POST:
api = get_api(request.environ)
headers = api.logout()
after_logout_url = view_url(context, request, 'after_logout_url', '')
return HTTPFound(location=after_logout_url, headers=headers)
identity = request.environ.get('repoze.who.identity', {})
main_template = get_renderer('templates/main.pt')
return {'userid': identity.get('repoze.who.userid'),
'main_template': main_template.implementation(),
}
def logout_view(context, request):
if 'logout' in request.POST:
api = get_api(request.environ)
headers = api.logout()
after_logout_url = view_url(context, request, 'after_logout_url', '')
return HTTPFound(location=after_logout_url, headers=headers)
identity = request.environ.get('repoze.who.identity', {})
main_template = get_renderer('templates/main.pt')
return {'userid': identity.get('repoze.who.userid'),
'main_template': main_template.implementation(),
}
def _callFUT(self,
context=None,
request=None,
key='view_url',
default_name='view.html',
**extra_qs):
from cartouche.util import view_url
if context is None:
context = self._makeContext()
if request is None:
request = self._makeRequest()
return view_url(context, request, key, default_name, **extra_qs)
def edit_account_view(context, request):
confirmed = request.registry.queryAdapter(context, IRegistrations,
name='confirmed')
if confirmed is None: #pragma NO COVERAGE
confirmed = ConfirmedRegistrations(context)
identity = request.environ.get('repoze.who.identity')
if identity is None:
return HTTPUnauthorized()
userid = identity['repoze.who.userid']
account_info = confirmed.get(userid)
if account_info is None:
return HTTPForbidden()
appstruct = {'login_name': account_info.login,
'email': account_info.email,
'security': {'question': account_info.security_question or '',
'answer': account_info.security_answer or '',
},
}
schema = EditAccount().bind(current_login_name=account_info.login,
confirmed=confirmed,
old_password=account_info.password)
form = Form(schema, buttons=('update',))
rendered_form = form.render(appstruct)
if 'update' in request.POST:
try:
appstruct = form.validate(request.POST.items())
except ValidationFailure, e:
rendered_form = e.render()
else:
login = appstruct['login_name']
email = appstruct['email']
pwd_mgr = SSHAPasswordManager()
password = pwd_mgr.encodePassword(appstruct['password'])
security_question = appstruct['security']['question']
security_answer = appstruct['security']['answer']
confirmed.set(userid,
email=email,
login=login,
password=password,
security_question=security_question,
security_answer=security_answer,
)
return HTTPFound(
location=view_url(context, request,
'after_edit_url',
request.view_name,
))
)
auto_login = request.registry.queryUtility(IAutoLogin)
if auto_login is not None:
headers = auto_login(uuid, request)
return HTTPFound(location=after_confirmation_url,
headers=headers)
else:
sendGeneratedPassword(request, uuid, confirmed)
return HTTPFound(location=after_confirmation_url)
else:
email = request.GET.get('email')
if email is None:
return HTTPFound(location=view_url(
context,
request,
'register_url',
'register.html',
message=REGISTER_OR_VISIT,
))
if pending.get(email) is None:
return HTTPFound(location=view_url(
context,
request,
'register_url',
'register.html',
message=REGISTER_FIRST,
))
rendered_form = form.render({'email': email})
main_template = get_renderer('templates/main.pt')
return {
def reset_password_view(context, request):
form = Form(ResetPassword(), buttons=('reset',))
rendered_form = form.render(null)
confirmed = request.registry.queryAdapter(context, IRegistrations,
name='confirmed')
if confirmed is None: #pragma NO COVERAGE
confirmed = ConfirmedRegistrations(context)
login_url = view_url(context, request, 'login_url', 'login.html')
reset_url = resource_url(context, request, request.view_name)
registry = request.registry
message = request.GET.get('message')
if 'reset' in request.POST:
try:
appstruct = form.validate(request.POST.items())
except ValidationFailure, e:
rendered_form = e.render()
else:
login = appstruct['login_name']
token = appstruct['token']
record = confirmed.get_by_login(login)
if record is None:
# DO NOT report lookup errors
return HTTPFound(location=login_url)
if token == '':
# send the e-mail
new_token = getRandomToken(request)
confirmed.set(record.uuid,
email=record.email,
login=login,
password=record.password,
security_question=record.security_question,
security_answer=record.security_answer,
token=new_token,
)
from_addr = registry.settings['cartouche.from_addr']
body = RESET_EMAIL % {'token': new_token,
'reset_url': reset_url}
delivery = registry.queryUtility(IMailDelivery,
default=localhost_mta)
message = Message()
message['Subject'] = 'Password reset confirmation'
message.set_payload(body)
delivery.send(from_addr, [record.email], message)
return HTTPFound(location=reset_url)
else:
if token != record.token:
message = CHECK_TOKEN
# fall through to 'GET'
else:
confirmed.set(record.uuid,
email=record.email,
login=record.login,
password=None, # clear it to allow update
security_question=record.security_question,
security_answer=record.security_answer,
token=None, # clear it
)
after_reset_url = view_url(context, request,
'after_reset_url',
'edit_account.html',
)
auto_login = request.registry.queryUtility(IAutoLogin)
if auto_login is not None:
headers = auto_login(record.uuid, request)
return HTTPFound(location=after_reset_url,
headers=headers)
else:
# TODO: generate random password and send e-mail.
sendGeneratedPassword(request, record.uuid, confirmed)
return HTTPFound(location=after_reset_url)
def reset_password_view(context, request):
form = Form(ResetPassword(), buttons=('reset',))
rendered_form = form.render(null)
confirmed = request.registry.queryAdapter(context, IRegistrations,
name='confirmed')
if confirmed is None: #pragma NO COVERAGE
confirmed = ConfirmedRegistrations(context)
login_url = view_url(context, request, 'login_url', 'login.html')
reset_url = resource_url(context, request, request.view_name)
registry = request.registry
message = request.GET.get('message')
if 'reset' in request.POST:
try:
appstruct = form.validate(request.POST.items())
except ValidationFailure as e:
rendered_form = e.render()
else:
login = appstruct['login_name']
token = appstruct['token']
record = confirmed.get_by_login(login)
if record is None:
# DO NOT report lookup errors
return HTTPFound(location=login_url)
if token == '':
# send the e-mail
new_token = getRandomToken(request)
confirmed.set(record.uuid,
email=record.email,
login=login,
password=record.password,
security_question=record.security_question,
security_answer=record.security_answer,
token=new_token,
)
from_addr = registry.settings['cartouche.from_addr']
body = RESET_EMAIL % {'token': new_token,
'reset_url': reset_url}
delivery = registry.queryUtility(IMailDelivery,
default=localhost_mta)
message = Message()
message['Subject'] = 'Password reset confirmation'
message.set_payload(body)
delivery.send(from_addr, [record.email], message)
return HTTPFound(location=reset_url)
else:
if token != record.token:
message = CHECK_TOKEN
# fall through to 'GET'
else:
confirmed.set(record.uuid,
email=record.email,
login=record.login,
password=None, # clear it to allow update
security_question=record.security_question,
security_answer=record.security_answer,
token=None, # clear it
)
after_reset_url = view_url(context, request,
'after_reset_url',
'edit_account.html',
)
auto_login = request.registry.queryUtility(IAutoLogin)
if auto_login is not None:
headers = auto_login(record.uuid, request)
return HTTPFound(location=after_reset_url,
headers=headers)
else:
# TODO: generate random password and send e-mail.
sendGeneratedPassword(request, record.uuid, confirmed)
return HTTPFound(location=after_reset_url)
main_template = get_renderer('templates/main.pt')
return {'main_template': main_template.implementation(),
'message': message,
'rendered_form': rendered_form,
'recover_account_url': view_url(context, request,
'recover_account_url',
'recover_account.html'),
}
)
auto_login = request.registry.queryUtility(IAutoLogin)
if auto_login is not None:
headers = auto_login(uuid, request)
return HTTPFound(location=after_confirmation_url,
headers=headers)
else:
sendGeneratedPassword(request, uuid, confirmed)
return HTTPFound(location=after_confirmation_url)
else:
email = request.GET.get('email')
if email is None:
return HTTPFound(
location=view_url(context, request,
'register_url',
'register.html',
message=REGISTER_OR_VISIT,
))
if pending.get(email) is None:
return HTTPFound(
location=view_url(context, request,
'register_url',
'register.html',
message=REGISTER_FIRST,
))
rendered_form = form.render({'email': email})
main_template = get_renderer('templates/main.pt')
return {'main_template': main_template.implementation(),
'rendered_form': rendered_form,
}
api = get_api(request.environ)
identity, headers = api.login(credentials)
if identity is not None:
came_from = appstruct.get('came_from')
if came_from is None:
came_from = resource_url(context, request)
return HTTPFound(location=came_from, headers=headers)
message = 'Login failed'
main_template = get_renderer('templates/main.pt')
return {'main_template': main_template.implementation(),
'came_from': came_from,
'rendered_form': rendered_form,
'message': message,
'register_url': view_url(context, request,
'register_url',
'register.html'),
'recover_account_url': view_url(context, request,
'recover_account_url',
'recover_account.html'),
'reset_password_url': view_url(context, request,
'reset_password_url',
'reset_password.html'),
}
def logout_view(context, request):
if 'logout' in request.POST:
api = get_api(request.environ)
headers = api.logout()
after_logout_url = view_url(context, request, 'after_logout_url', '')
def confirm_registration_view(context, request):
form = Form(Confirm(), buttons=('confirm', ))
pending = request.registry.queryAdapter(context,
IRegistrations,
name='pending')
if pending is None: #pragma NO COVERAGE
pending = PendingRegistrations(context)
if 'confirm' in request.POST:
try:
appstruct = form.validate(request.POST.items())
except ValidationFailure, e:
rendered_form = e.render()
else:
email = appstruct['email']
token = appstruct['token']
info = pending.get(email)
if info is None:
return HTTPFound(location=view_url(
context,
request,
'register_url',
'register.html',
message=REGISTER_FIRST,
))
if token != info.token:
return HTTPFound(location=view_url(
context,
request,
'confirmation_url',
'confirm_registration.html',
email=email,
message=CHECK_TOKEN,
))
confirmed = request.registry.queryAdapter(context,
IRegistrations,
name='confirmed')
if confirmed is None: #pragma NO COVERAGE
confirmed = ConfirmedRegistrations(context)
pending.remove(email)
uuid = getRandomToken(request)
confirmed.set(
uuid,
email=email,
login=email,
password=None,
security_question=None,
security_answer=None,
token=None,
)
info = confirmed.get(uuid)
after_confirmation_url = view_url(
context,
request,
'after_confirmation_url',
'edit_account.html',
)
auto_login = request.registry.queryUtility(IAutoLogin)
if auto_login is not None:
headers = auto_login(uuid, request)
return HTTPFound(location=after_confirmation_url,
headers=headers)
else:
sendGeneratedPassword(request, uuid, confirmed)
return HTTPFound(location=after_confirmation_url)