def __init__(self): """ Constructor, does nothing but to define the submenu """ c.submenu = SubMenu() c.submenu.set_label("About Sponsoring") c.submenu.add_entry(_("Overview"), url("sponsors")) #c.submenu.add_entry(_("Join a packaging team"), url("packaging-team")) c.submenu.add_entry(_("Sponsoring Guidelines"), url("guidelines")) c.submenu.add_entry(_("Request for Sponsorship"), url("rfs-howto")) BaseController.__init__(self)
def _reset(self): """ Manages submissions to the password reset form. """ log.debug('Form validated successfully') try: u = meta.session.query(User).filter_by(email=self.form_result['email']).one() except: log.debug('Invalid email address somehow') c.message = _('We do not have an account with that email address') return self.index(get=True) # If that worked, then we send the user an email with a temporary URL # they can use to have our system generate a new password for them. log.debug('Sending activation email') email = Email('password_reset') password_reset_data = PasswordReset.create_for_user(u) meta.session.add(password_reset_data) meta.session.commit() recipient = u.email password_reset_url = 'http://' + config['debexpo.sitename'] + url.current( action='actually_reset_password', id=password_reset_data.temporary_auth_key) email.send([recipient], password_reset_url=password_reset_url) # FIXME: This should be a HTTP redirect return render('/password_recover/_reset.mako')
def _reset(self): """ Manages submissions to the password reset form. """ log.debug('Form validated successfully') try: u = meta.session.query(User).filter_by( email=self.form_result['email']).one() except: log.debug('Invalid email address somehow') c.message = _('We do not have an account with that email address') return self.index(get=True) # If that worked, then we send the user an email with a temporary URL # they can use to have our system generate a new password for them. log.debug('Sending activation email') email = Email('password_reset') password_reset_data = PasswordReset.create_for_user(u) meta.session.add(password_reset_data) meta.session.commit() recipient = u.email password_reset_url = 'http://' + config[ 'debexpo.sitename'] + url.current( action='actually_reset_password', id=password_reset_data.temporary_auth_key) email.send([recipient], password_reset_url=password_reset_url) # FIXME: This should be a HTTP redirect return render('/password_recover/_reset.mako')
def _login(self): """ Manages submissions to the login form. """ log.debug('Form validated successfully') password = debexpo.lib.utils.hash_it(self.form_result['password']) u = None try: u = meta.session.query(User).filter_by( email=self.form_result['email']).filter_by( password=password).filter_by(verification=None).one() except: log.debug('Invalid email or password') c.message = _('Invalid email or password') return self.index(True) session['user_id'] = u.id session['user_type'] = u.type session.save() log.debug('Authentication successful; saving session') u.lastlogin = datetime.now() # Clear the 'path_before_login' once it was used once. This is necessary to make sure users won't be redirected # to pages which don't exist anymore, as the path may have been stored in the session for a long time. Consider # following use case: # a) User is not logged in # b) User opens the URL /package/sunflow/delete/... in the browser # c) User is being redirected to /login, he logs in and is being redirected # to the URL in b). This deletes the package, but leaves the URL in the session. # d) Once the user is trying to log in again - possibly after several weeks, the URL from # b) is still in the session - but it may not exist anymore. if 'path_before_login' in session: path = session['path_before_login'] del (session['path_before_login']) else: path = url('my') # Purge the session upload key keys = meta.session.query( debexpo.model.user_upload_key.UserUploadKey).filter_by(user=u) if keys: for key in keys: meta.session.delete(key) meta.session.commit() redirect(path)
def _login(self): """ Manages submissions to the login form. """ log.debug('Form validated successfully') password = debexpo.lib.utils.hash_it(self.form_result['password']) u = None try: u = meta.session.query(User).filter_by(email=self.form_result['email']).filter_by(password=password).filter_by(verification=None).one() except: log.debug('Invalid email or password') c.message = _('Invalid email or password') return self.index(True) session['user_id'] = u.id session['user_type'] = u.type session.save() log.debug('Authentication successful; saving session') u.lastlogin = datetime.now() # Clear the 'path_before_login' once it was used once. This is necessary to make sure users won't be redirected # to pages which don't exist anymore, as the path may have been stored in the session for a long time. Consider # following use case: # a) User is not logged in # b) User opens the URL /package/sunflow/delete/... in the browser # c) User is being redirected to /login, he logs in and is being redirected # to the URL in b). This deletes the package, but leaves the URL in the session. # d) Once the user is trying to log in again - possibly after several weeks, the URL from # b) is still in the session - but it may not exist anymore. if 'path_before_login' in session: path = session['path_before_login'] del(session['path_before_login']) else: path = url('my') # Purge the session upload key keys = meta.session.query(debexpo.model.user_upload_key.UserUploadKey ).filter_by(user=u) if keys: for key in keys: meta.session.delete(key) meta.session.commit() redirect(path)