def login(): return_url = request.args.get('returnUrl') or url_for('index') if request.user: flash('Already logged in') return redirect(return_url) if request.method == 'GET': return render_template('login.html') name, password = map(request.form.get, [ 'user', 'password' ]) error = False if name in ('', None): flash('Missing user name') error = True if password in ('', None): flash('Missing password') error = True if not error: status, user = UserManager.try_auth(store, name, password) if status == UserManager.SUCCESS: session['userid'] = str(user.id) flash('Logged in!') return redirect(return_url) else: flash(UserManager.error_str(status)) return render_template('login.html')
def add_user_post(): error = False (name, passwd, passwd_confirm, mail, admin) = map(request.form.get, [ 'user', 'passwd', 'passwd_confirm', 'mail', 'admin' ]) if not name: flash('The name is required.') error = True if not passwd: flash('Please provide a password.') error = True elif passwd != passwd_confirm: flash("The passwords don't match.") error = True if admin is None: admin = True if store.find(User, User.admin == True).count() == 0 else False else: admin = True if not error: status = UserManager.add(store, name, passwd, mail, admin) if status == UserManager.SUCCESS: flash("User '%s' successfully added" % name) return redirect(url_for('user_index')) else: flash(UserManager.error_str(status)) return add_user_form()
def change_password(uid): if uid == 'me': user = UserManager.get(store, session.get('userid'))[1].name else: if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS: return redirect(url_for('index')) user = UserManager.get(store, uid)[1].name if request.method == 'POST': error = False if uid == 'me' or uid == session.get('userid'): current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ]) if current in ('', None): flash('The current password is required') error = True else: new, confirm = map(request.form.get, [ 'new', 'confirm' ]) if new in ('', None): flash('The new password is required') error = True if new != confirm: flash("The new password and its confirmation don't match") error = True if not error: if uid == 'me' or uid == session.get('userid'): status = UserManager.change_password(store, session.get('userid'), current, new) else: status = UserManager.change_password2(store, UserManager.get(store, uid)[1].name, new) if status != UserManager.SUCCESS: flash(UserManager.error_str(status)) else: flash('Password changed') return redirect(url_for('user_profile', uid = uid)) return render_template('change_pass.html', user = user, admin = UserManager.get(store, session.get('userid'))[1].admin)
def change_username_form(uid): code, user = UserManager.get(store, uid) if code != UserManager.SUCCESS: flash(UserManager.error_str(code)) return redirect(url_for('index')) return render_template('change_username.html', user = user)
def add_user(): if request.method == 'GET': return render_template('adduser.html', admin = UserManager.get(store, session.get('userid'))[1].admin) error = False (name, passwd, passwd_confirm, mail, admin) = map(request.form.get, [ 'user', 'passwd', 'passwd_confirm', 'mail', 'admin' ]) if name in (None, ''): flash('The name is required.') error = True if passwd in (None, ''): flash('Please provide a password.') error = True elif passwd != passwd_confirm: flash("The passwords don't match.") error = True if admin is None: admin = True if store.find(User, User.admin == True).count() == 0 else False else: admin = True if not error: status = UserManager.add(store, name, passwd, mail, admin) if status == UserManager.SUCCESS: flash("User '%s' successfully added" % name) return redirect(url_for('user_index')) else: flash(UserManager.error_str(status)) return render_template('adduser.html', admin = UserManager.get(store, session.get('userid'))[1].admin)
def change_password_post(uid, user): error = False if user.id == request.user.id: current = request.form.get('current') if not current: flash('The current password is required') error = True new, confirm = map(request.form.get, [ 'new', 'confirm' ]) if not new: flash('The new password is required') error = True if new != confirm: flash("The new password and its confirmation don't match") error = True if not error: if user.id == request.user.id: status = UserManager.change_password(store, user.id, current, new) else: status = UserManager.change_password2(store, user.name, new) if status != UserManager.SUCCESS: flash(UserManager.error_str(status)) else: flash('Password changed') return redirect(url_for('user_profile', uid = uid)) return change_password_form(uid, user)
def login(): return_url = request.args.get('returnUrl') or url_for('index') if session.get('userid'): flash('Already logged in') return redirect(return_url) if request.method == 'GET': return render_template('login.html') name, password = map(request.form.get, [ 'user', 'password' ]) error = False if name in ('', None): flash('Missing user name') error = True if password in ('', None): flash('Missing password') error = True if not error: status, user = UserManager.try_auth(store, name, password) if status == UserManager.SUCCESS: session['userid'] = str(user.id) session['username'] = user.name flash('Logged in!') return redirect(return_url) else: flash(UserManager.error_str(status)) return render_template('login.html')
def del_user(uid): status = UserManager.delete(store, uid) if status == UserManager.SUCCESS: flash('Deleted user') else: flash(UserManager.error_str(status)) return redirect(url_for('user_index'))
def user_changepass(): username, password = map(request.args.get, [ 'username', 'password' ]) if not username or not password: return request.error_formatter(10, 'Missing parameter') if username != request.username and not request.user.admin: return request.error_formatter(50, 'Admin restricted') status = UserManager.change_password2(store, username, password) if status != UserManager.SUCCESS: return request.error_formatter(0, UserManager.error_str(status)) return request.formatter({})
def user_changepass(): username, password = map(request.args.get, ['username', 'password']) if not username or not password: return request.error_formatter(10, 'Missing parameter') if username != request.username and not request.user.admin: return request.error_formatter(50, 'Admin restricted') status = UserManager.change_password2(store, username, password) if status != UserManager.SUCCESS: return request.error_formatter(0, UserManager.error_str(status)) return request.formatter({})
def user_del(): if not request.user.admin: return request.error_formatter(50, 'Admin restricted') username = request.args.get('username') user = store.find(User, User.name == username).one() if not user: return request.error_formatter(70, 'Unknown user') status = UserManager.delete(store, user.id) if status != UserManager.SUCCESS: return request.error_formatter(0, UserManager.error_str(status)) return request.formatter({})
def user_changepass(): username, password = map(request.values.get, [ 'username', 'password' ]) if not username or not password: return request.error_formatter(10, 'Missing parameter') if username != request.username and not request.user.admin: return request.error_formatter(50, 'Admin restricted') password = decode_password(password) status = UserManager.change_password2(store, username, password) if status != UserManager.SUCCESS: code = 0 if status == UserManager.NO_SUCH_USER: code = 70 return request.error_formatter(code, UserManager.error_str(status)) return request.formatter({})
def user_changepass(): username, password = map(request.values.get, ['username', 'password']) if not username or not password: return request.error_formatter(10, 'Missing parameter') if username != request.username and not request.user.admin: return request.error_formatter(50, 'Admin restricted') password = decode_password(password) status = UserManager.change_password2(store, username, password) if status != UserManager.SUCCESS: code = 0 if status == UserManager.NO_SUCH_USER: code = 70 return request.error_formatter(code, UserManager.error_str(status)) return request.formatter({})
def decorated_func(*args, **kwargs): if kwargs: uid = kwargs[arg] else: uid = args[0] if uid == 'me': user = request.user elif not request.user.admin: return redirect(url_for('index')) else: code, user = UserManager.get(store, uid) if code != UserManager.SUCCESS: flash(UserManager.error_str(code)) return redirect(url_for('index')) if kwargs: kwargs['user'] = user else: args = (uid, user) return f(*args, **kwargs)
def change_password(): if request.method == 'POST': current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ]) error = False if current in ('', None): flash('The current password is required') error = True if new in ('', None): flash('The new password is required') error = True if new != confirm: flash("The new password and its confirmation don't match") error = True if not error: status = UserManager.change_password(store, session.get('userid'), current, new) if status != UserManager.SUCCESS: flash(UserManager.error_str(status)) else: flash('Password changed') return redirect(url_for('user_profile')) return render_template('change_pass.html', user = UserManager.get(store, session.get('userid'))[1].name)
def test_human_readable_error(self): values = [ UserManager.SUCCESS, UserManager.INVALID_ID, UserManager.NO_SUCH_USER, UserManager.NAME_EXISTS, UserManager.WRONG_PASS, 1594826, 'string', uuid.uuid4() ] for value in values: self.assertIsInstance(UserManager.error_str(value), basestring)