def POST_login(self, i):
# make sure the username is valid
if not forms.vlogin.valid(i.username):
return self.error("account_user_notfound", i)
# Try to find account with exact username, failing which try for case variations.
account = accounts.find(username=i.username) or accounts.find(lusername=i.username)
if not account:
return self.error("account_user_notfound", i)
if i.redirect == "/account/login" or i.redirect == "":
i.redirect = "/"
status = account.login(i.password)
if status == 'ok':
expires = (i.remember and 3600*24*7) or ""
web.setcookie(config.login_cookie_name, web.ctx.conn.get_auth_token(), expires=expires)
raise web.seeother(i.redirect)
elif status == "account_not_verified":
return render_template("account/not_verified", username=account.username, password=i.password, email=account.email)
elif status == "account_not_found":
return self.error("account_user_notfound", i)
elif status == "account_blocked":
return self.error("account_blocked", i)
else:
return self.error("account_incorrect_password", i)
def GET(self, key):
account = accounts.find(username = key) or accounts.find(email = key)
if account:
if "@" in key:
raise web.seeother("/admin/people/" + account.username)
else:
return render_template('admin/people/view', account)
else:
raise web.notfound()
def POST(self, key):
user = accounts.find(username = key)
if not user:
raise web.notfound()
i = web.input(action=None, tag=None, bot=None)
if i.action == "update_email":
return self.POST_update_email(user, i)
elif i.action == "update_password":
return self.POST_update_password(user, i)
elif i.action == "resend_link":
return self.POST_resend_link(user)
elif i.action == "activate_account":
return self.POST_activate_account(user)
elif i.action == "send_password_reset_email":
return self.POST_send_password_reset_email(user)
elif i.action == "block_account":
return self.POST_block_account(user)
elif i.action == "block_account_and_revert":
return self.POST_block_account_and_revert(user)
elif i.action == "unblock_account":
return self.POST_unblock_account(user)
elif i.action == "add_tag":
return self.POST_add_tag(user, i.tag)
elif i.action == "remove_tag":
return self.POST_remove_tag(user, i.tag)
elif i.action == "set_bot_flag":
return self.POST_set_bot_flag(user, i.bot)
elif i.action == "su":
return self.POST_su(user)
else:
raise web.seeother(web.ctx.path)
def create_edition_from_amazon_metadata(isbn):
"""Fetches amazon metadata by isbn from affiliates API, attempts to
create OL edition from metadata, and returns the resulting edition key
`/key/OL..M` if successful or None otherwise
"""
md = get_amazon_metadata(isbn)
if md:
# Save token of currently logged in user (or no-user)
account = accounts.get_current_user()
auth_token = account.generate_login_code() if account else ''
try:
# Temporarily behave (act) as ImportBot for import
tmp_account = accounts.find(username='******')
web.ctx.conn.set_auth_token(tmp_account.generate_login_code())
reply = load(clean_amazon_metadata_for_load(md),
account=tmp_account)
except Exception as e:
web.ctx.conn.set_auth_token(auth_token)
raise e
# Return auth token to original user or no-user
web.ctx.conn.set_auth_token(auth_token)
if reply and reply.get('success'):
return reply['edition']['key']
def GET(self):
i = web.input(email=None)
if i.email:
account = accounts.find(email=i.email)
if account:
raise web.seeother("/admin/people/" + account.username)
return render_template("admin/people/index", email=i.email)
def update_email(self, username, email):
if accounts.find(email=email):
title = _("Email address is already used.")
message = _("Your email address couldn't be updated. The specified email address is already used.")
else:
logger.info("updated email of %s to %s", username, email)
accounts.update_account(username=username, email=email, status="active")
title = _("Email verification successful.")
message = _('Your email address has been successfully verified and updated in your account.')
return render.message(title, message)
def POST(self):
i = web.input(email='')
f = forms.ForgotPassword()
if not f.validates(i):
return render['account/password/forgot'](f)
account = accounts.find(email=i.email)
send_forgot_password_email(account.username, i.email)
return render['account/password/sent'](i.email)
def POST(self, code=None):
"""Called to regenerate account verification code.
"""
i = web.input(email=None)
account = accounts.find(email=i.email)
if not account:
return render_template("account/verify/failed", email=i.email)
elif account['status'] != "pending":
return render['account/verify/activated'](account)
else:
account.send_verification_email()
title = _("Hi %(user)s", user=account.displayname)
message = _("We've sent the verification email to %(email)s. You'll need to read that and click on the verification link to verify your email.", email=account.email)
return render.message(title, message)
def GET(self, code):
docs = web.ctx.site.store.values(type="account-link", name="code", value=code)
if docs:
doc = docs[0]
account = accounts.find(username = doc['username'])
if account:
if account['status'] != "pending":
return render['account/verify/activated'](account)
account.activate()
user = web.ctx.site.get("/people/" + doc['username']) #TBD
return render['account/verify/success'](account)
else:
return render['account/verify/failed']()
def update_email(self, username, email):
if accounts.find(email=email):
title = _("Email address is already used.")
message = _(
"Your email address couldn't be updated. The specified email address is already used."
)
else:
logger.info("updated email of %s to %s", username, email)
accounts.update_account(username=username,
email=email,
status="active")
title = _("Email verification successful.")
message = _(
'Your email address has been successfully verified and updated in your account.'
)
return render.message(title, message)
def POST(self):
i = web.input(email='')
f = forms.ForgotPassword()
if not f.validates(i):
return render['account/password/forgot'](f)
account = accounts.find(email=i.email)
if account.is_blocked():
f.note = utils.get_error("account_blocked")
return render_template('account/password/forgot', f)
send_forgot_password_email(account.username, i.email)
return render['account/password/sent'](i.email)
def POST(self):
i = web.input(email='')
f = forms.ForgotPassword()
if not f.validates(i):
return render['account/password/forgot'](f)
account = accounts.find(email=i.email)
if account.is_blocked():
f.note = utils.get_error("account_blocked")
return render_template('account/password/forgot', f)
send_forgot_password_email(account.username, i.email)
return render['account/password/sent'](i.email)
def POST(self, code=None):
"""Called to regenerate account verification code.
"""
i = web.input(email=None)
account = accounts.find(email=i.email)
if not account:
return render_template("account/verify/failed", email=i.email)
elif account['status'] != "pending":
return render['account/verify/activated'](account)
else:
account.send_verification_email()
title = _("Hi %(user)s", user=account.displayname)
message = _(
"We've sent the verification email to %(email)s. You'll need to read that and click on the verification link to verify your email.",
email=account.email)
return render.message(title, message)
def GET(self, code):
docs = web.ctx.site.store.values(type="account-link",
name="code",
value=code)
if docs:
doc = docs[0]
account = accounts.find(username=doc['username'])
if account:
if account['status'] != "pending":
return render['account/verify/activated'](account)
account.activate()
user = web.ctx.site.get("/people/" + doc['username']) #TBD
return render['account/verify/success'](account)
else:
return render['account/verify/failed']()
def GET(self, username):
account = accounts.find(username=username)
if not account:
raise web.notfound()
else:
return render_template("admin/people/edits", account)
def find_account(username=None, lusername=None, email=None):
return accounts.find(username=username, lusername=lusername, email=email)
def try_login(self, username, password):
account = accounts.find(username=username)
return account and account.verify_password(password)
class account_login(delegate.page):
"""Account login.
Login can fail because of the following reasons:
* account_not_found: Error message is displayed.
* account_bad_password: Error message is displayed with a link to reset password.
* account_not_verified: Error page is dispalyed with button to "resend verification email".
"""
path = "/account/login"
def GET(self):
referer = web.ctx.env.get('HTTP_REFERER', '/')
i = web.input(redirect=referer)
f = forms.Login()
f['redirect'].value = i.redirect
return render.login(f)
def POST(self):
i = web.input(email='',
connect=None,
remember=False,
redirect='/',
action="login")
if i.action == "resend_verification_email":
return self.POST_resend_verification_email(i)
else:
return self.POST_login(i)
def error(self, name, i):
f = forms.Login()
f.fill(i)
f.note = utils.get_error(name)
return render.login(f)
def error_check(self, audit, i):
if 'error' in audit:
error = audit['error']
if error == "account_not_verified":
return render_template("account/not_verified",
username=account.username,
password=i.password,
email=account.email)
elif error == "account_not_found":
return self.error("account_user_notfound", i)
elif error == "account_blocked":
return self.error("account_blocked", i)
else:
return self.error(audit['error'], i)
if not audit['link']:
# This needs to be overriden w/ `test`
return self.error("accounts_not_connected", i)
return None
def POST_login(self, i):
i = web.input(username="", password="", remember=False, redirect='')
audit = audit_accounts(i.username, i.password)
errors = self.error_check(audit, i)
if errors:
return errors
blacklist = [
"/account/login", "/account/password", "/account/email",
"/account/create"
]
if i.redirect == "" or any([path in i.redirect for path in blacklist]):
i.redirect = "/"
expires = (i.remember and 3600 * 24 * 7) or ""
web.setcookie(config.login_cookie_name,
web.ctx.conn.get_auth_token(),
expires=expires)
raise web.seeother(i.redirect)
def POST_resend_verification_email(self, i):
try:
accounts.login(i.username, i.password)
except ClientException, e:
code = e.get_data().get("code")
if code != "account_not_verified":
return self.error("account_incorrect_password", i)
account = accounts.find(username=i.username)
account.send_verification_email()
title = _("Hi %(user)s", user=account.displayname)
message = _(
"We've sent the verification email to %(email)s. You'll need to read that and click on the verification link to verify your email.",
email=account.email)
return render.message(title, message)
def get_account(self):
username = self.get_username()
return accounts.find(username=username)
def get_account(self):
username = self.get_username()
return accounts.find(username=username)
class account_login(delegate.page):
"""Account login.
Login can fail because of the following reasons:
* account_not_found: Error message is displayed.
* account_bad_password: Error message is displayed with a link to reset password.
* account_not_verified: Error page is dispalyed with button to "resend verification email".
"""
path = "/account/login"
def GET(self):
referer = web.ctx.env.get('HTTP_REFERER', '/')
i = web.input(redirect=referer)
f = forms.Login()
f['redirect'].value = i.redirect
return render.login(f)
def POST(self):
i = web.input(remember=False, redirect='/', action="login")
if i.action == "resend_verification_email":
return self.POST_resend_verification_email(i)
else:
return self.POST_login(i)
def error(self, name, i):
f = forms.Login()
f.fill(i)
f.note = utils.get_error(name)
return render.login(f)
def POST_login(self, i):
# make sure the username is valid
if not forms.vlogin.valid(i.username):
return self.error("account_user_notfound", i)
# Try to find account with exact username, failing which try for case variations.
account = accounts.find(username=i.username) or accounts.find(
lusername=i.username)
if not account:
return self.error("account_user_notfound", i)
if i.redirect == "/account/login" or i.redirect == "":
i.redirect = "/"
status = account.login(i.password)
if status == 'ok':
expires = (i.remember and 3600 * 24 * 7) or ""
web.setcookie(config.login_cookie_name,
web.ctx.conn.get_auth_token(),
expires=expires)
raise web.seeother(i.redirect)
elif status == "account_not_verified":
return render_template("account/not_verified",
username=account.username,
password=i.password,
email=account.email)
elif status == "account_not_found":
return self.error("account_user_notfound", i)
elif status == "account_blocked":
return self.error("account_blocked", i)
else:
return self.error("account_incorrect_password", i)
def POST_resend_verification_email(self, i):
try:
accounts.login(i.username, i.password)
except ClientException, e:
code = e.get_data().get("code")
if code != "account_not_verified":
return self.error("account_incorrect_password", i)
account = accounts.find(username=i.username)
account.send_verification_email()
title = _("Hi %(user)s", user=account.displayname)
message = _(
"We've sent the verification email to %(email)s. You'll need to read that and click on the verification link to verify your email.",
email=account.email)
return render.message(title, message)
def GET(self, username):
account = accounts.find(username=username)
if not account:
raise web.notfound()
else:
return render_template("admin/people/edits", account)
def try_login(self, username, password):
account = accounts.find(username=username)
return account and account.verify_password(password)
def find_account(username=None, lusername=None, email=None):
return accounts.find(username=username, lusername=lusername, email=email)