def process_upload_profile_photo(context, request): form = upload_form(request) controls = list(request.POST.items()) failed = False data = {} try: data = form.validate(controls) except deform.ValidationFailure as e: failed = True form = e if not failed: userid = request.identity.userid newreq = request.get_authn_request() usercol = get_user_collection(newreq) user = usercol.get_by_userid(userid) filedata = data['upload'] user.put_blob('profile-photo', filedata['fp'], filename=filedata['filename'], mimetype=filedata['mimetype']) request.notify('success', 'Profile photo updated', 'Successfully updated profile photo') return morepath.redirect(request.relative_url('/personal-settings')) return { 'page_title': 'Upload image', 'form_title': 'Upload', 'form': form, 'form_data': data if not failed else None }
def get_user_model_ui(request, username): newreq = request.get_authn_request() user = get_user(newreq, username) if user is None: return None col = get_user_collection(newreq) return UserModelUI(newreq, user, UserCollectionUI(newreq, col))
def process_login(context, request): username = request.POST.get('username') password = request.POST.get('password') newreq = request.copy(app=SQLAuthApp()) collection = get_user_collection(newreq) if not collection.authenticate(username, password): request.notify('error', 'Invalid Login', 'Please check your username / password') return @request.after def remember(response): """Remember the identity of the user logged in.""" # We pass the extra info to the identity object. response.headers.add('Access-Control-Expose-Headers', 'Authorization') u = collection.get(username) identity = morepath.Identity(u.userid) request.app.remember_identity(response, request, identity) came_from = request.GET.get('came_from', '') if came_from: came_from = urllib.parse.unquote(came_from) else: came_from = request.relative_url('/') return morepath.redirect(came_from)
def profile(context, request: morepath.Request): userid = request.identity.userid newreq = request.get_authn_request() usercol = get_user_collection(newreq) user = usercol.get_by_userid(userid) has_photo = user.get_blob('profile-photo') return { 'page_title': 'Profile', 'profile_photo': newreq.link(user, '+blobs?field=profile-photo') if has_photo else None, 'forms': [{ 'form_title': 'Personal Information', 'form': attributes_form(user, request), 'readonly': False, 'form_data': user.data['xattrs'] }, { 'form_title': 'User Information', 'form': userinfo_form(request), 'readonly': False, 'form_data': user.data.as_dict() }, { 'form_title': 'Password', 'form': password_form(request), 'readonly': False, }] }
def finalize(self): data = self.sessiondata user = get_user_collection(self.request).get_by_userid( self.request.identity.userid) xattrprovider = user.xattrprovider() xattrprovider.update(data)
def get_resource(self, request, identifier): if not identifier: return None users = get_user_collection(request) user = users.get_by_uuid(identifier) if user: return UserModelUI(request, user, get_user_collection_ui(request)) return None
def finalize(self): user = get_user_collection(self.request).get_by_userid( self.request.identity.userid) sm = user.statemachine() if not sm.initialize(): raise AssertionError("User validation failed for some reason") self.clear() return morepath.redirect(self.request.relative_url('/'))
def get_current_user_model_ui(request): userid = request.identity.userid if userid is None: return None col = get_user_collection(request) user = col.get_by_userid(userid) if user is None: return None return CurrentUserModelUI(request, user, UserCollectionUI(request, col))
def get_resource(self, request, identifier): # Fixme: should not handle string None if not identifier or identifier == 'None': return None newreq = request.get_authn_request() users = get_user_collection(newreq) user = users.get_by_uuid(identifier) if user: return UserModelUI(request, user, get_user_collection_ui(request)) return None
def get_current_user_model_ui(request): userid = request.identity.userid if userid is None: return None newreq = request.get_authn_request() col = get_user_collection(newreq) user = col.get_by_userid(userid) if user is None: return None return CurrentUserModelUI(newreq, user, UserCollectionUI(newreq, col))
def process_register(context, request): enabled = request.app.get_config("morpfw.new_registration.enabled", True) if not enabled: raise HTTPNotFound() controls = list(request.POST.items()) schema = request.app.get_schemaextender(RegistrationForm) formschema = dc2colander.convert(schema, request=request, default_tzinfo=request.timezone()) fs = formschema() fs = fs.bind(context=context, request=request) form = deform.Form(fs) failed = False try: data = form.validate(controls) except deform.ValidationFailure as e: form = e failed = True if not failed: collection = get_user_collection(request) if data["password"] != data["password_validate"]: request.notify("error", "Password does not match", "Please check your password") return morepath.redirect(request.relative_url("/register")) username = data["username"].lower() email = data["email"] if collection.get_by_username(username): request.notify("error", "Username already taken", "Please use a different username") return morepath.redirect(request.relative_url("/register")) if collection.get_by_email(email): request.notify( "error", "Email already registered", "Log-in using your existing account", ) return morepath.redirect(request.relative_url("/register")) del data["password_validate"] data["username"] = data["username"].lower() user = collection.create(data) @request.after def remember(response): """Remember the identity of the user logged in.""" # We pass the extra info to the identity object. response.headers.add("Access-Control-Expose-Headers", "Authorization") identity = morepath.Identity(user.userid) request.app.remember_identity(response, request, identity) return morepath.redirect(request.relative_url("/"))
def process_register(context, request): controls = list(request.POST.items()) formschema = dataclass_to_colander(RegistrationForm) form = deform.Form(formschema()) failed = False try: data = form.validate(controls) except deform.ValidationFailure as e: form = e failed = True if not failed: newreq = request.get_authn_request() collection = get_user_collection(newreq) if data['password'] != data['password_validate']: request.notify('error', 'Password does not match', 'Please check your password') return morepath.redirect(request.relative_url('/login#signup')) username = data['username'].lower() email = data['email'] if collection.get(username): request.notify('error', 'Username already taken', 'Please use a different username') return morepath.redirect(request.relative_url('/login#signup')) if collection.get_by_email(email): request.notify('error', 'Email already registered', 'Log-in using your existing account') return morepath.redirect(request.relative_url('/login#signup')) del data['password_validate'] data['username'] = data['username'].lower() user = collection.create(data) @request.after def remember(response): """Remember the identity of the user logged in.""" # We pass the extra info to the identity object. response.headers.add('Access-Control-Expose-Headers', 'Authorization') identity = morepath.Identity(user.userid) request.app.remember_identity(response, request, identity) return morepath.redirect(request.relative_url('/'))
def process_login(context, request): controls = list(request.POST.items()) schema = request.app.get_schemaextender(LoginForm) formschema = dataclass_to_colander(schema, request=request) fs = formschema() fs.bind(context=context, request=request) form = deform.Form(fs) failed = False try: data = form.validate(controls) except deform.ValidationFailure as e: form = e failed = True if not failed: username = data["username"].lower() password = data["password"] collection = get_user_collection(request) if not collection.authenticate(username, password): request.notify("error", "Invalid Login", "Please check your username / password") return morepath.redirect(request.relative_url("/login")) @request.after def remember(response): """Remember the identity of the user logged in.""" # We pass the extra info to the identity object. response.headers.add("Access-Control-Expose-Headers", "Authorization") u = collection.get(username) identity = morepath.Identity(u.userid) request.app.remember_identity(response, request, identity) came_from = request.GET.get("came_from", "") if came_from: came_from = urllib.parse.unquote(came_from) else: came_from = request.relative_url("/") return morepath.redirect(came_from) request.notify("error", "Invalid Login", "Please check your username / password") return morepath.redirect(request.relative_url("/login"))
def process_login(context, request): controls = list(request.POST.items()) formschema = dataclass_to_colander(LoginForm) form = deform.Form(formschema()) failed = False try: data = form.validate(controls) except deform.ValidationFailure as e: form = e failed = True if not failed: username = data['username'].lower() password = data['password'] newreq = request.get_authn_request() collection = get_user_collection(newreq) if not collection.authenticate(username, password): request.notify('error', 'Invalid Login', 'Please check your username / password') return @request.after def remember(response): """Remember the identity of the user logged in.""" # We pass the extra info to the identity object. response.headers.add('Access-Control-Expose-Headers', 'Authorization') u = collection.get(username) identity = morepath.Identity(u.userid) request.app.remember_identity(response, request, identity) came_from = request.GET.get('came_from', '') if came_from: came_from = urllib.parse.unquote(came_from) else: came_from = request.relative_url('/') return morepath.redirect(came_from) request.notify('error', 'Invalid Login', 'Please check your username / password')
def process_profile(context, request): userinfo_f = userinfo_form(request) password_f = password_form(request) controls = list(request.POST.items()) controls_dict = dict(controls) active_form = controls_dict['__formid__'] userid = request.identity.userid newreq = request.get_authn_request() usercol = get_user_collection(newreq) user = usercol.get_by_userid(userid) attributes_f = attributes_form(user, request) failed = False if active_form == 'userinfo-form': try: data = userinfo_f.validate(controls) except deform.ValidationFailure as e: failed = True userinfo_f = e userdata = userinfo_f.field.schema.serialize(user.data.as_dict()) for k in userdata.keys(): if userinfo_f.cstruct[k] is not colander.null: userdata[k] = userinfo_f.cstruct[k] userinfo_f.field.cstruct = userdata if not failed: updatedata = {} for f in ['email']: updatedata[f] = data[f] user.update(updatedata) if not failed: request.notify('success', 'Profile updated', 'Your profile have been successfully updated') return morepath.redirect(request.url) elif active_form == 'password-form': try: data = password_f.validate(controls) except deform.ValidationFailure as e: failed = True password_f = e if not failed: if not user.validate(data['password_current']): exc = colander.Invalid(password_f, 'Invalid password') password_f.widget.handle_error(password_f, exc) failed = True if not failed: try: user.change_password(data['password_current'], data['password']) except morpfw.authn.pas.exc.InvalidPasswordError as e: exc = colander.Invalid(password_f, 'Invalid password') password_f.widget.handle_error(password_f, exc) failed = True if not failed: request.notify('success', 'Password changed', 'Your password have been successfully changed') return morepath.redirect(request.url) elif active_form == 'personalinfo-form': try: data = attributes_f.validate(controls) except deform.ValidationFailure as e: failed = True attributes_f = e if not failed: xattrprovider = user.xattrprovider() xattrprovider.update(data) request.notify('success', 'Profile updated', 'Your profile have been successfully updated') return morepath.redirect(request.url) else: request.notify('error', 'Unknown form', 'Invalid form identifier was supplied') return morepath.redirect(request.url) has_photo = user.get_blob('profile-photo') return { 'page_title': 'Personal Settings', 'profile_photo': newreq.link(user, '+blobs?field=profile-photo') if has_photo else None, 'forms': [{ 'form_title': 'Personal Information', 'form': attributes_f, 'readonly': False, 'form_data': user['xattrs'] if active_form != 'personalinfo-form' else None }, { 'form_title': 'User Information', 'form': userinfo_f, 'readonly': False, 'form_data': user.data.as_dict() if active_form != 'userinfo-form' else None }, { 'form_title': 'Password', 'form': password_f, 'readonly': False, }] }
def get_user_collection_ui(request): col = get_user_collection(request) return UserCollectionUI(request, col)
def get_user_model_ui(request, username): user = get_user(request, username) if user is None: return None col = get_user_collection(request) return UserModelUI(request, user, UserCollectionUI(request, col))
def get_user_collection_ui(request): newreq = request.get_authn_request() col = get_user_collection(newreq) return UserCollectionUI(newreq, col)
def login(context, request): newreq = request.copy(app=MountedApp()) coll = get_user_collection(newreq) data = newreq.json return {'authenticated': True if coll.authenticate(**data) else False}