コード例 #1
0
ファイル: auth.py プロジェクト: mardix/Mocha
    def create(self):
        try:

            first_name = request.form.get("first_name", "").strip()
            last_name = request.form.get("last_name", "").strip()
            email = request.form.get("email", "").strip()
            password = request.form.get("password", "").strip()
            password_confirm = request.form.get("password_confirm", "").strip()

            user_role = request.form.get("user_role")
            role = models.AuthUserRole.get(user_role)
            if not role:
                raise exceptions.AuthError("Invalid ROLE selected")
            if not first_name:
                raise mocha_exc.AppError("First Name is required")
            elif not password or password != password_confirm:
                raise mocha_exc.AppError("Passwords don't match")

            user = create_user(username=email,
                               password=password,
                               first_name=first_name,
                               last_name=last_name,
                               login_method="email",
                               role=role.name)

            if user:
                flash_success("New account created successfully!")
                return redirect(self.info, id=user.id)
            else:
                raise exceptions.AuthError("Account couldn't be created")
        except exceptions.AuthError as ae:
            flash_error(ae.message)

        return redirect(self.index)
コード例 #2
0
ファイル: auth.py プロジェクト: mardix/Mocha
    def setup_login(self):
        return
        user_login = current_user.user_login("email")
        if user_login:
            return redirect(self.account_settings)

        if request.IS_POST:
            try:
                email = request.form.get("email")
                password = request.form.get("password")
                password2 = request.form.get("password2")

                if not password.strip() or password.strip() != password2.strip():
                    raise exceptions.AuthError("Passwords don't match")
                else:
                    new_login = models.AuthUserLogin.new(login_method="email",
                                                         user_id=current_user.id,
                                                         email=email,
                                                         password=password.strip())
                    if verify_email:
                        send_registration_welcome_email(new_login.user)
                        flash_success(
                            "A welcome email containing a confirmation link has been sent to your email")
                        return redirect(self.account_settings)
            except exceptions.AuthError as ex:
                flash_error(ex.message)
                return redirect(self.setup_login)
            except Exception as e:
                logging.exception(e)
                flash_error("Unable to setup login")
                return redirect(self)
コード例 #3
0
ファイル: auth.py プロジェクト: mardix/Mocha
    def reset_password(self, action_token, signed_data):
        """Reset the user password. It was triggered by LOST-PASSWORD """
        try:
            action = "reset-password"
            user = get_user_by_action_token(action, action_token)
            if not user or not user.signed_data_match(signed_data, action):
                raise mocha_exc.AppError("Verification Invalid!")

            if request.method == "POST":
                password = request.form.get("password", "").strip()
                password_confirm = request.form.get("password_confirm",
                                                    "").strip()
                if not password or password != password_confirm:
                    raise exceptions.AuthError(
                        "Password is missing or passwords don't match")

                user.change_password(password)
                user.set_email_verified(True)
                session_set_require_password_change(False)
                flash_success("Password updated successfully!")
                return redirect(__options__.get("login_view") or self.login)

            return {"action_token": action_token, "signed_data": signed_data}

        except (mocha_exc.AppError, exceptions.AuthError) as ex:
            flash_error(str(ex))
        except Exception as e:
            logging.exception(e)
            flash_error("Unable to reset password")
        return redirect(self.login)
コード例 #4
0
ファイル: BFF.py プロジェクト: kbaseapps/user-profile-ui-bff
def which_error(response):
    if response.status_code == 401:
        raise exceptions.AuthError()
    elif response.status_code == 500:
        raise Exception(response.text)
    elif response.status_code == 404:
        # Not in the group
        raise exceptions.NotFound()
コード例 #5
0
ファイル: auth.py プロジェクト: mardix/Mocha
    def change_password(self):
        """Change password """
        try:
            self._assert_current_password()
            password = request.form.get("password", "").strip()
            password_confirm = request.form.get("password_confirm", "").strip()
            if password != password_confirm:
                raise exceptions.AuthError("Passwords don't match")
            current_user.change_password(password)
            flash_success(_("Your password updated successfully!"))
        except exceptions.AuthError as ex:
            flash_error(str(ex))
        except Exception as e:
            logging.exception(e)
            flash_error(_("Unable to update password"))

        redirect_url = request.form.get("redirect") or self.account_settings
        return redirect(redirect_url)
コード例 #6
0
ファイル: auth.py プロジェクト: mardix/Mocha
    def roles(self):
        """
        Only admin and super admin can add/remove roles
        RESTRICTED ROLES CAN'T BE CHANGED
        """
        roles_max_range = 11
        if request.IS_POST:
            try:
                id = request.form.get("id")
                name = request.form.get("name")
                level = request.form.get("level")
                action = request.form.get("action")
                if name and level:
                    level = int(level)
                    name = name.upper()
                    _levels = [r[0] for r in models.AuthUserRole.ROLES]
                    _names = [r[1] for r in models.AuthUserRole.ROLES]
                    if level in _levels or name in _names:
                        raise exceptions.AuthError(
                            "Can't modify PRIMARY Roles - name: %s, level: %s " % (
                                name, level))
                    else:
                        if id:
                            role = models.AuthUserRole.get(id)
                            if role:
                                if action == "delete":
                                    role.update(level=0)  # Free the role
                                    role.delete()
                                    flash_success(
                                        "Role '%s' deleted successfully!" % role.name)
                                elif action == "update":
                                    if role.level != level and models.AuthUserRole.get_by_level(
                                            level):
                                        raise exceptions.AuthError(
                                            "Role Level '%s' exists already" % level)
                                    elif role.name != models.AuthUserRole.slug_name(
                                            name) and models.AuthUserRole.get_by_name(
                                        name):
                                        raise exceptions.AuthError(
                                            "Role Name '%s'  exists already" % name)
                                    else:
                                        role.update(name=name, level=level)
                                        flash_success(
                                            "Role '%s (%s)' updated successfully" % (
                                                name, level))
                            else:
                                raise exceptions.AuthError("Role doesn't exist")
                        else:
                            if models.AuthUserRole.get_by_level(level):
                                raise exceptions.AuthError(
                                    "New Role Level '%s' exists already" % level)
                            elif models.AuthUserRole.get_by_name(name):
                                raise exceptions.AuthError(
                                    "New Role Name '%s'  exists already" % name)
                            else:
                                models.AuthUserRole.new(name=name, level=level)
                                flash_success(
                                    "New Role '%s (%s)' addedd successfully" % (
                                        name, level))
            except exceptions.AuthError as ex:
                flash_error("%s" % ex.message)
            return redirect(self.roles)

        page_attr("User Roles")
        roles = models.AuthUserRole.query().order_by(
            models.AuthUserRole.level.desc())

        allocated_levels = [r.level for r in roles]
        # levels_options = [(l, l) for l in range(1, roles_max_range) if l not in allocated_levels]
        levels_options = [(l, l) for l in range(1, roles_max_range)]

        return {
            "roles": roles,
            "levels_options": levels_options
        }
コード例 #7
0
ファイル: auth.py プロジェクト: mardix/Mocha
    def action(self):
        id = request.form.get("id")
        action = request.form.get("action")

        try:
            user = models.AuthUser.get(id, include_deleted=True)

            if not user:
                abort(404, "User doesn't exist or has been deleted!")
            if current_user.role.level < user.role.level:
                abort(403, "Not enough power level to update this user info")

            user = UserModel(user)

            if current_user.id != user.id:
                if action == "activate":
                    user.change_status("active")
                    flash_success("User has been ACTIVATED")
                elif action == "deactivate":
                    user.change_status("suspended")
                    flash_success("User is now SUSPENDED")
                elif action == "delete":
                    user.change_status("deleted")
                    user.delete()
                    flash_success("User has been DELETED")
                elif action == "undelete":
                    user.change_status("suspended")
                    user.delete(False)
                    flash_success("User is now RESTORED / Use is now SUSPENDED")

            if action == "info":
                first_name = request.form.get("first_name")
                last_name = request.form.get("last_name")

                data = {}
                if first_name:
                    data["first_name"] = first_name
                if last_name:
                    data["last_name"] = last_name

                if current_user.id != user.id:
                    user_role = request.form.get("user_role")
                    _role = models.AuthUserRole.get(user_role)
                    if not _role:
                        raise exceptions.AuthError("Invalid ROLE selected")
                    data["role"] = _role
                if data:
                    user.update_info(ACTIONS["UPDATE"], **data)
                    flash_success("User info updated successfully!")

            elif action == "change-username":
                username = request.form.get("username")
                user.change_username(username)
                flash_success("Username changed successfully!")

            elif action == "change-email":
                email = request.form.get("email")
                user.change_email(email)
                flash_success("Email changed successfully!")

            elif action == "change-password":
                password = request.form.get("password", "").strip()
                password_confirm = request.form.get("password_confirm", "").strip()
                if password != password_confirm:
                    raise exceptions.AuthError("Invalid passwords")
                user.change_password(password)
                flash_success("Password changed successfully!")

            elif action == "email-reset-password":
                user.send_password_reset()
                flash_success("Password reset was sent to email")

            elif action == "email-account-verification":
                user.send_verification_email()
                flash_success("Email verification was sent")

            elif action == "reset-secret-key":
                user.reset_secret_key()
                flash_success("The account's secret key has been changed")

            elif action == "delete-profile-image":
                if user.profile_image is not None:
                    delete_file(user.profile_image)
                    user.update_info(profile_image=None,
                                     _action=ACTIONS["PROFILE_IMAGE"])
                    flash_success("Profile Image deleted successfully!")

        except exceptions.AuthError as ae:
            flash_error(ae.message)
        return redirect(self.info, id=id)
コード例 #8
0
ファイル: auth.py プロジェクト: mardix/Mocha
 def _confirm_password(self):
     user_login = current_user.user_login("email")
     password = request.form.get("confirm-password")
     if not user_login.password_matched(password):
         raise exceptions.AuthError("Invalid password")
     return True
コード例 #9
0
ファイル: auth.py プロジェクト: mardix/Mocha
 def _assert_current_password(self):
     """Assert the password to make sure it matches the current user """
     password = request.form.get("current_password")
     if not current_user.password_matched(password):
         raise exceptions.AuthError("Invalid password")
コード例 #10
0
ファイル: auth.py プロジェクト: mardix/Mocha
    def register(self):
        """ Registration """

        if not __options__.get("allow_registration"):
            abort(403, "Registration is not allowed. Contact admin if it's a mistake")

        page_attr("Register")

        if request.method == "POST":
            try:
                if not recaptcha.verify():
                    raise mocha_exc.AppError("Invalid Security code")

                email = request.form.get("email", "").strip()
                username = request.form.get("username", "").strip()
                password = request.form.get("password", "").strip()
                password_confirm = request.form.get("password_confirm", "").strip()
                first_name = request.form.get("first_name", "").strip()
                last_name = request.form.get("last_name", "").strip()

                with_oauth = request.form.get("with_oauth") == "1"
                oauth_provider = request.form.get("oauth_provider")
                oauth_user_id = request.form.get("oauth_user_id")

                login_method = None

                # Require username and email
                if __options__.get("registration_username"):
                    if "@" in username:
                        raise exceptions.AuthError(_("Username can't be an email"))
                    if not utils.is_email_valid(email):
                        raise exceptions.AuthError(_("Invalid email address"))
                    login_method = "username"

                # Require only email. Email will be used as username and email
                elif __options__.get("registration_email"):
                    if not utils.is_email_valid(username):
                        raise exceptions.AuthError(_("Invalid email address"))
                    email = username
                    login_method = "email"

                if not first_name:
                    raise mocha_exc.AppError(
                        _("First Name or Name is required"))
                elif not password or password != password_confirm:
                    raise mocha_exc.AppError(_("Passwords don't match"))

                if not login_method:
                    raise exceptions.AuthError(_("Registration is disabled"))

                user = create_user(username=username,
                                   password=password,
                                   email=email,
                                   first_name=first_name,
                                   last_name=last_name,
                                   login_method=login_method)

                # WITH OAUTH, we can straight up login user
                if with_oauth and oauth_provider and oauth_user_id:
                    user.add_federation(oauth_provider, oauth_user_id)
                    create_session(user)
                    return redirect(request.form.get(
                        "next") or views.auth.Account.account_settings)

                if __options__.get("require_email_verification"):
                    user.send_welcome_email(view_class=self)
                    flash_success(_("Please check your email. We've sent you a message"))

                return redirect(
                    request.form.get("next") or __options__.get("login_view"))

            except (mocha_exc.AppError, exceptions.AuthError) as ex:
                flash_error(str(ex))
            except Exception as e:
                logging.exception(e)
                flash_error("Unable to register")
            return redirect(self.register, next=request.form.get("next"))

        return {
            "reg_email": __options__.get("registration_email"),
            "reg_username": __options__.get("registration_username"),
            "reg_social": __options__.get("registration_social"),
            "reg_full_name": __options__.get("registration_full_name"),
            "login_url_next": request.args.get("next", ""),

            "with_oauth": has_oauth_request(),
            "oauth_provider": get_oauth_session().get("provider"),
            "oauth_user_id": get_oauth_session().get("user_id"),
            "email": get_oauth_session().get("email") or "",
            "name": get_oauth_session().get("name") or "",
        }