def lost_password(request): """ Presents lost password page - sends password reset link to specified email address. This link is valid only for 10 minutes """ form = forms.LostPasswordForm(request.POST, csrf_context=request) if request.method == "POST" and form.validate(): user = UserService.by_email(form.email.data) if user: UserService.regenerate_security_code(user) user.security_code_date = datetime.datetime.utcnow() email_vars = { "user": user, "request": request, "email_title": "AppEnlight :: New password request", } UserService.send_email( request, recipients=[user.email], variables=email_vars, template="/email_templates/lost_password.jinja2", ) msg = ( "Password reset email had been sent. " "Please check your mailbox for further instructions." ) request.session.flash(_(msg)) return HTTPFound(location=request.route_url("lost_password")) return {"form": form}
def assign_users(request): """ Assigns specific report group to user for review - send email notification """ report_group = request.context.report_group application = request.context.resource currently_assigned = [u.user_name for u in report_group.assigned_users] new_assigns = request.unsafe_json_body # first unassign old users for user_name in new_assigns["unassigned"]: if user_name in currently_assigned: user = UserService.by_user_name(user_name) report_group.assigned_users.remove(user) comment = ReportComment(owner_id=request.user.id, report_time=report_group.first_timestamp) comment.body = "Unassigned group from @%s" % user_name report_group.comments.append(comment) # assign new users for user_name in new_assigns["assigned"]: if user_name not in currently_assigned: user = UserService.by_user_name(user_name) if user in report_group.assigned_users: report_group.assigned_users.remove(user) DBSession.flush() assignment = ReportAssignment( owner_id=user.id, report_time=report_group.first_timestamp, group_id=report_group.id, ) DBSession.add(assignment) comment = ReportComment(owner_id=request.user.id, report_time=report_group.first_timestamp) comment.body = "Assigned report_group to @%s" % user_name report_group.comments.append(comment) email_vars = { "user": user, "request": request, "application": application, "report_group": report_group, "email_title": "AppEnlight :: Assigned Report", } UserService.send_email( request, recipients=[user.email], variables=email_vars, template="/email_templates/assigned_report.jinja2", ) return True
def comment_create(request): """ Creates user comments for report group, sends email notifications of said comments """ report_group = request.context.report_group application = request.context.resource form = forms.CommentForm(MultiDict(request.unsafe_json_body), csrf_context=request) if request.method == "POST" and form.validate(): comment = ReportComment(owner_id=request.user.id, report_time=report_group.first_timestamp) form.populate_obj(comment) report_group.comments.append(comment) perm_list = ResourceService.users_for_perm(application, "view") uids_to_notify = [] users_to_notify = [] for perm in perm_list: user = perm.user if ("@{}".format(user.user_name) in comment.body and user.id not in uids_to_notify): uids_to_notify.append(user.id) users_to_notify.append(user) commenters = ReportGroupService.users_commenting( report_group, exclude_user_id=request.user.id) for user in commenters: if user.id not in uids_to_notify: uids_to_notify.append(user.id) users_to_notify.append(user) for user in users_to_notify: email_vars = { "user": user, "commenting_user": request.user, "request": request, "application": application, "report_group": report_group, "comment": comment, "email_title": "AppEnlight :: New comment", } UserService.send_email( request, recipients=[user.email], variables=email_vars, template="/email_templates/new_comment_report.jinja2", ) request.session.flash(_("Your comment was created")) return comment.get_dict() else: return form.errors
def alert_channels_POST(request): """ Creates a new email alert channel for user, sends a validation email """ user = request.user form = forms.EmailChannelCreateForm(MultiDict(request.unsafe_json_body), csrf_context=request) if not form.validate(): return HTTPUnprocessableEntity(body=form.errors_json) email = form.email.data.strip() channel = EmailAlertChannel() channel.channel_name = "email" channel.channel_value = email security_code = generate_random_string(10) channel.channel_json_conf = {"security_code": security_code} user.alert_channels.append(channel) email_vars = { "user": user, "email": email, "request": request, "security_code": security_code, "email_title": "AppEnlight :: " "Please authorize your email", } UserService.send_email( request, recipients=[email], variables=email_vars, template="/email_templates/authorize_email.jinja2", ) request.session.flash(_("Your alert channel was " "added to the system.")) request.session.flash( _("You need to authorize your email channel, a message was " "sent containing necessary information."), "warning", ) DBSession.flush() channel.get_dict()
def register(request): """ Render register page with form Also handles oAuth flow for registration """ login_url = request.route_url("ziggurat.routes.sign_in") if request.query_string: query_string = "?%s" % request.query_string else: query_string = "" referrer = "%s%s" % (request.path, query_string) if referrer in [login_url, "/register", "/register?sign_in=1"]: referrer = "/" # never use the login form itself as came_from sign_in_form = forms.SignInForm( came_from=request.params.get("came_from", referrer), csrf_context=request ) # populate form from oAuth session data returned by authomatic social_data = request.session.get("zigg.social_auth") if request.method != "POST" and social_data: log.debug(social_data) user_name = social_data["user"].get("user_name", "").split("@")[0] form_data = {"user_name": user_name, "email": social_data["user"].get("email")} form_data["user_password"] = str(uuid.uuid4()) form = forms.UserRegisterForm(MultiDict(form_data), csrf_context=request) form.user_password.widget.hide_value = False else: form = forms.UserRegisterForm(request.POST, csrf_context=request) if request.method == "POST" and form.validate(): log.info("registering user") # insert new user here if request.registry.settings["appenlight.disable_registration"]: request.session.flash(_("Registration is currently disabled.")) return HTTPFound(location=request.route_url("/")) new_user = User() DBSession.add(new_user) form.populate_obj(new_user) UserService.regenerate_security_code(new_user) new_user.status = 1 UserService.set_password(new_user, new_user.user_password) new_user.registration_ip = request.environ.get("REMOTE_ADDR") if social_data: handle_social_data(request, new_user, social_data) email_vars = { "user": new_user, "request": request, "email_title": "AppEnlight :: Start information", } UserService.send_email( request, recipients=[new_user.email], variables=email_vars, template="/email_templates/registered.jinja2", ) request.session.flash(_("You have successfully registered.")) DBSession.flush() headers = security.remember(request, new_user.id) return HTTPFound(location=request.route_url("/"), headers=headers) settings = request.registry.settings social_plugins = {} if settings.get("authomatic.pr.twitter.key", ""): social_plugins["twitter"] = True if settings.get("authomatic.pr.google.key", ""): social_plugins["google"] = True if settings.get("authomatic.pr.github.key", ""): social_plugins["github"] = True if settings.get("authomatic.pr.bitbucket.key", ""): social_plugins["bitbucket"] = True return { "form": form, "sign_in_form": sign_in_form, "social_plugins": social_plugins, }