def groups_users_add(request): """ Get list of permissions assigned to specific resources """ group = GroupService.by_id(request.matchdict.get("group_id")) user = UserService.by_user_name(request.unsafe_json_body.get("user_name")) if not user: user = UserService.by_email(request.unsafe_json_body.get("user_name")) if not group or not user: return HTTPNotFound() if user not in group.users: group.users.append(user) group.member_count = group.users_dynamic.count() props = [ "user_name", "id", "first_name", "last_name", "email", "last_login_date", "status", ] u_dict = user.get_dict(include_keys=props) u_dict["gravatar_url"] = UserService.gravatar_url(user, s=20) return u_dict
def user_resource_permission_create(request): """ Set new permissions for user for a resource """ resource = request.context.resource user_name = request.unsafe_json_body.get("user_name") user = UserService.by_user_name(user_name) if not user: user = UserService.by_email(user_name) if not user: return False for perm_name in request.unsafe_json_body.get("permissions", []): permission = UserResourcePermissionService.by_resource_user_and_perm( user.id, perm_name, resource.resource_id ) if not permission: permission = UserResourcePermission(perm_name=perm_name, user_id=user.id) resource.user_permissions.append(permission) DBSession.flush() perms = [ p.perm_name for p in ResourceService.perms_for_user(resource, user) if p.type == "user" ] result = {"user_name": user.user_name, "permissions": list(set(perms))} return result
def lost_password(request): """ Presents lost password page - sends password reset link to specified email address. This link is valid only for 10 minutes """ form = forms.LostPasswordForm(request.POST, csrf_context=request) if request.method == "POST" and form.validate(): user = UserService.by_email(form.email.data) if user: UserService.regenerate_security_code(user) user.security_code_date = datetime.datetime.utcnow() email_vars = { "user": user, "request": request, "email_title": "AppEnlight :: New password request", } UserService.send_email( request, recipients=[user.email], variables=email_vars, template="/email_templates/lost_password.jinja2", ) msg = ( "Password reset email had been sent. " "Please check your mailbox for further instructions." ) request.session.flash(_(msg)) return HTTPFound(location=request.route_url("lost_password")) return {"form": form}
def validate_email(self, value): request = self.context['request'] modified_obj = self.context.get('modified_obj') user = UserService.by_email(value, db_session=request.dbsession) if user: if not modified_obj or modified_obj.id != user.id: msg = _('Email already exists in database') raise validate.ValidationError(msg)
def by_email(cls, email, db_session=None): """ .. deprecated:: 0.8 :param email: :param db_session: :return: """ db_session = get_db_session(db_session) return UserService.by_email(email=email, db_session=db_session)
def search_users(request): """ Returns a list of users for autocomplete """ user = request.user items_returned = [] like_condition = request.params.get("user_name", "") + "%" # first append used if email is passed found_user = UserService.by_email(request.params.get("user_name", "")) if found_user: name = "{} {}".format(found_user.first_name, found_user.last_name) items_returned.append({"user": found_user.user_name, "name": name}) for found_user in UserService.user_names_like(like_condition).limit(20): name = "{} {}".format(found_user.first_name, found_user.last_name) items_returned.append({"user": found_user.user_name, "name": name}) return items_returned
def sign_in(self, request): came_from = request.params.get(self.signin_came_from_key, "/") db_session = self.session_getter(request) user = UserService.by_user_name(request.params.get( self.signin_username_key), db_session=db_session) if user is None: # if no result, test to see if email exists user = UserService.by_email(request.params.get( self.signin_username_key), db_session=db_session) if user: password = request.params.get(self.signin_password_key) if UserService.check_password(user, password): headers = pyramid.security.remember(request, user.id) return ZigguratSignInSuccess(headers=headers, came_from=came_from, user=user) headers = pyramid.security.forget(request) return ZigguratSignInBadAuth(headers=headers, came_from=came_from)
def sign_in(self, request): came_from = request.params.get(self.signin_came_from_key, "/") db_session = self.session_getter(request) user = UserService.by_user_name( request.params.get(self.signin_username_key), db_session=db_session ) if user is None: # if no result, test to see if email exists user = UserService.by_email( request.params.get(self.signin_username_key), db_session=db_session ) if user: password = request.params.get(self.signin_password_key) if UserService.check_password(user, password): headers = pyramid.security.remember(request, user.id) return ZigguratSignInSuccess( headers=headers, came_from=came_from, user=user ) headers = pyramid.security.forget(request) return ZigguratSignInBadAuth(headers=headers, came_from=came_from)
def test_by_email_wrong_email(self, db_session): add_user(db_session) queried_user = UserService.by_email("wrong_email", db_session=db_session) assert queried_user is None
def test_by_email_none(self, db_session): add_user(db_session) queried_user = UserService.by_email(None, db_session=db_session) assert queried_user is None
def test_by_email(self, db_session): created_user = add_user(db_session) queried_user = UserService.by_email("email", db_session=db_session) assert created_user == queried_user
def unique_email_validator(form, field): user = UserService.by_email(field.data) if user: raise wtforms.ValidationError("This email already exists in system")
def found_username_email_validator(form, field): user = UserService.by_email(field.data) if not user: raise wtforms.ValidationError("Email is incorrect")