def users_create(request):
"""
Returns users list
"""
form = forms.UserCreateForm(MultiDict(request.safe_json_body or {}),
csrf_context=request)
if form.validate():
log.info("registering user")
# probably not needed in the future since this requires root anyways
# lets keep this here in case we lower view permission in the future
# if request.registry.settings['appenlight.disable_registration']:
# return HTTPUnprocessableEntity(body={'error': 'Registration is currently disabled.'})
user = User()
# insert new user here
DBSession.add(user)
form.populate_obj(user)
UserService.regenerate_security_code(user)
UserService.set_password(user, user.user_password)
user.status = 1 if form.status.data else 0
request.session.flash(_("User created"))
DBSession.flush()
return user.get_dict(exclude_keys=[
"security_code_date",
"notes",
"security_code",
"user_password",
])
else:
return HTTPUnprocessableEntity(body=form.errors_json)
def bad_auth(request):
"""
Handles incorrect login flow
"""
request.session.flash(_('Incorrect username or password'), 'warning')
return HTTPFound(location=request.route_url('register'),
headers=request.context.headers)
def lost_password(request):
"""
Presents lost password page - sends password reset link to
specified email address.
This link is valid only for 10 minutes
"""
form = forms.LostPasswordForm(request.POST, csrf_context=request)
if request.method == 'POST' and form.validate():
user = User.by_email(form.email.data)
if user:
user.regenerate_security_code()
user.security_code_date = datetime.datetime.utcnow()
email_vars = {
'user': user,
'request': request,
'email_title': "AppEnlight :: New password request"
}
UserService.send_email(
request,
recipients=[user.email],
variables=email_vars,
template='/email_templates/lost_password.jinja2')
msg = 'Password reset email had been sent. ' \
'Please check your mailbox for further instructions.'
request.session.flash(_(msg))
return HTTPFound(location=request.route_url('lost_password'))
return {"form": form}
def users_DELETE(request):
"""
Removes a user permanently from db - makes a check to see if after the
operation there will be at least one admin left
"""
msg = _("There needs to be at least one administrator in the system")
user = UserService.by_id(request.matchdict.get("user_id"))
if user:
users = UserService.users_for_perms(["root_administration"]).all()
if len(users) < 2 and user.id == users[0].id:
request.session.flash(msg, "warning")
else:
DBSession.delete(user)
request.session.flash(_("User removed"))
return True
request.response.status = 422
return False
def handle_auth_error(request, result):
# Login procedure finished with an error.
request.session.pop('zigg.social_auth', None)
request.session.flash(_('Something went wrong when we tried to '
'authorize you via external provider. '
'Please try again.'), 'warning')
return HTTPFound(location=request.route_url('/'))
def handle_auth_error(request, result):
# Login procedure finished with an error.
request.session.pop("zigg.social_auth", None)
request.session.flash(
_("Something went wrong when we tried to "
"authorize you via external provider. "
"Please try again."),
"warning",
)
return HTTPFound(location=request.route_url("/"))
def alert_channels_authorize(request):
"""
Performs alert channel authorization based on auth code sent in email
"""
user = request.user
for channel in user.alert_channels:
security_code = request.params.get("security_code", "")
if channel.channel_json_conf["security_code"] == security_code:
channel.channel_validated = True
request.session.flash(_("Your email was authorized."))
return HTTPFound(location=request.route_url("/"))
def alert_channels_POST(request):
"""
Creates a new email alert channel for user, sends a validation email
"""
user = request.user
form = forms.EmailChannelCreateForm(MultiDict(request.unsafe_json_body),
csrf_context=request)
if not form.validate():
return HTTPUnprocessableEntity(body=form.errors_json)
email = form.email.data.strip()
channel = EmailAlertChannel()
channel.channel_name = "email"
channel.channel_value = email
security_code = generate_random_string(10)
channel.channel_json_conf = {"security_code": security_code}
user.alert_channels.append(channel)
email_vars = {
"user": user,
"email": email,
"request": request,
"security_code": security_code,
"email_title": "AppEnlight :: "
"Please authorize your email",
}
UserService.send_email(
request,
recipients=[email],
variables=email_vars,
template="/email_templates/authorize_email.jinja2",
)
request.session.flash(_("Your alert channel was " "added to the system."))
request.session.flash(
_("You need to authorize your email channel, a message was "
"sent containing necessary information."),
"warning",
)
DBSession.flush()
channel.get_dict()
def alert_channel_DELETE(request):
"""
Removes alert channel from users channel
"""
user = request.user
channel = None
for chan in user.alert_channels:
if (chan.channel_name == request.params.get('channel_name') and
chan.channel_value == request.params.get('channel_value')):
channel = chan
break
if channel:
user.alert_channels.remove(channel)
request.session.flash(_('Your channel was removed.'))
return True
return False
def users_password(request):
"""
Sets new password for user account
"""
user = request.user
form = forms.ChangePasswordForm(MultiDict(request.unsafe_json_body),
csrf_context=request)
form.old_password.user = user
if form.validate():
UserService.regenerate_security_code(user)
UserService.set_password(user, form.new_password.data)
msg = ("Your password got updated. "
"Next time log in with your new credentials.")
request.session.flash(_(msg))
return True
else:
return HTTPUnprocessableEntity(body=form.errors_json)
return False
def users_self(request):
"""
Updates user personal information
"""
if request.method == 'PATCH':
form = forms.gen_user_profile_form()(
MultiDict(request.unsafe_json_body),
csrf_context=request)
if form.validate():
form.populate_obj(request.user)
request.session.flash(_('Your profile got updated.'))
else:
return HTTPUnprocessableEntity(body=form.errors_json)
return request.user.get_dict(
exclude_keys=['security_code_date', 'notes', 'security_code',
'user_password'],
extended_info=True)
def lost_password_generate(request):
"""
Shows new password form - perform time check and set new password for user
"""
user = User.by_user_name_and_security_code(
request.GET.get('user_name'), request.GET.get('security_code'))
if user:
delta = datetime.datetime.utcnow() - user.security_code_date
if user and delta.total_seconds() < 600:
form = forms.NewPasswordForm(request.POST, csrf_context=request)
if request.method == "POST" and form.validate():
user.set_password(form.new_password.data)
request.session.flash(_('You can sign in with your new password.'))
return HTTPFound(location=request.route_url('register'))
else:
return {"form": form}
else:
return Response('Security code expired')
def sign_in(request):
"""
Performs sign in by sending proper user identification headers
Regenerates CSRF token
"""
user = request.context.user
if user.status == 1:
request.session.new_csrf_token()
user.last_login_date = datetime.datetime.utcnow()
social_data = request.session.get('zigg.social_auth')
if social_data:
handle_social_data(request, user, social_data)
else:
request.session.flash(_('Account got disabled'))
if request.context.came_from != '/':
return HTTPFound(location=request.context.came_from,
headers=request.context.headers)
else:
return HTTPFound(location=request.route_url('/'),
headers=request.context.headers)
def users_create(request):
"""
Returns users list
"""
form = forms.UserCreateForm(MultiDict(request.safe_json_body or {}),
csrf_context=request)
if form.validate():
log.info('registering user')
user = User()
# insert new user here
DBSession.add(user)
form.populate_obj(user)
user.regenerate_security_code()
user.set_password(user.user_password)
user.status = 1 if form.status.data else 0
request.session.flash(_('User created'))
DBSession.flush()
return user.get_dict(exclude_keys=[
'security_code_date', 'notes', 'security_code', 'user_password'
])
else:
return HTTPUnprocessableEntity(body=form.errors_json)
def register(request):
"""
Render register page with form
Also handles oAuth flow for registration
"""
login_url = request.route_url('ziggurat.routes.sign_in')
if request.query_string:
query_string = '?%s' % request.query_string
else:
query_string = ''
referrer = '%s%s' % (request.path, query_string)
if referrer in [login_url, '/register', '/register?sign_in=1']:
referrer = '/' # never use the login form itself as came_from
sign_in_form = forms.SignInForm(came_from=request.params.get(
'came_from', referrer),
csrf_context=request)
# populate form from oAuth session data returned by authomatic
social_data = request.session.get('zigg.social_auth')
if request.method != 'POST' and social_data:
log.debug(social_data)
user_name = social_data['user'].get('user_name', '').split('@')[0]
form_data = {
'user_name': user_name,
'email': social_data['user'].get('email')
}
form_data['user_password'] = str(uuid.uuid4())
form = forms.UserRegisterForm(MultiDict(form_data),
csrf_context=request)
form.user_password.widget.hide_value = False
else:
form = forms.UserRegisterForm(request.POST, csrf_context=request)
if request.method == 'POST' and form.validate():
log.info('registering user')
# insert new user here
if request.registry.settings['appenlight.disable_registration']:
request.session.flash(_('Registration is currently disabled.'))
return HTTPFound(location=request.route_url('/'))
new_user = User()
DBSession.add(new_user)
form.populate_obj(new_user)
new_user.regenerate_security_code()
new_user.status = 1
new_user.set_password(new_user.user_password)
new_user.registration_ip = request.environ.get('REMOTE_ADDR')
if social_data:
handle_social_data(request, new_user, social_data)
email_vars = {
'user': new_user,
'request': request,
'email_title': "AppEnlight :: Start information"
}
UserService.send_email(request,
recipients=[new_user.email],
variables=email_vars,
template='/email_templates/registered.jinja2')
request.session.flash(_('You have successfully registered.'))
DBSession.flush()
headers = security.remember(request, new_user.id)
return HTTPFound(location=request.route_url('/'), headers=headers)
settings = request.registry.settings
social_plugins = {}
if settings.get('authomatic.pr.twitter.key', ''):
social_plugins['twitter'] = True
if settings.get('authomatic.pr.google.key', ''):
social_plugins['google'] = True
if settings.get('authomatic.pr.github.key', ''):
social_plugins['github'] = True
if settings.get('authomatic.pr.bitbucket.key', ''):
social_plugins['bitbucket'] = True
return {
"form": form,
"sign_in_form": sign_in_form,
"social_plugins": social_plugins
}
def register(request):
"""
Render register page with form
Also handles oAuth flow for registration
"""
login_url = request.route_url("ziggurat.routes.sign_in")
if request.query_string:
query_string = "?%s" % request.query_string
else:
query_string = ""
referrer = "%s%s" % (request.path, query_string)
if referrer in [login_url, "/register", "/register?sign_in=1"]:
referrer = "/" # never use the login form itself as came_from
sign_in_form = forms.SignInForm(
came_from=request.params.get("came_from", referrer), csrf_context=request
)
# populate form from oAuth session data returned by authomatic
social_data = request.session.get("zigg.social_auth")
if request.method != "POST" and social_data:
log.debug(social_data)
user_name = social_data["user"].get("user_name", "").split("@")[0]
form_data = {"user_name": user_name, "email": social_data["user"].get("email")}
form_data["user_password"] = str(uuid.uuid4())
form = forms.UserRegisterForm(MultiDict(form_data), csrf_context=request)
form.user_password.widget.hide_value = False
else:
form = forms.UserRegisterForm(request.POST, csrf_context=request)
if request.method == "POST" and form.validate():
log.info("registering user")
# insert new user here
if request.registry.settings["appenlight.disable_registration"]:
request.session.flash(_("Registration is currently disabled."))
return HTTPFound(location=request.route_url("/"))
new_user = User()
DBSession.add(new_user)
form.populate_obj(new_user)
UserService.regenerate_security_code(new_user)
new_user.status = 1
UserService.set_password(new_user, new_user.user_password)
new_user.registration_ip = request.environ.get("REMOTE_ADDR")
if social_data:
handle_social_data(request, new_user, social_data)
email_vars = {
"user": new_user,
"request": request,
"email_title": "AppEnlight :: Start information",
}
UserService.send_email(
request,
recipients=[new_user.email],
variables=email_vars,
template="/email_templates/registered.jinja2",
)
request.session.flash(_("You have successfully registered."))
DBSession.flush()
headers = security.remember(request, new_user.id)
return HTTPFound(location=request.route_url("/"), headers=headers)
settings = request.registry.settings
social_plugins = {}
if settings.get("authomatic.pr.twitter.key", ""):
social_plugins["twitter"] = True
if settings.get("authomatic.pr.google.key", ""):
social_plugins["google"] = True
if settings.get("authomatic.pr.github.key", ""):
social_plugins["github"] = True
if settings.get("authomatic.pr.bitbucket.key", ""):
social_plugins["bitbucket"] = True
return {
"form": form,
"sign_in_form": sign_in_form,
"social_plugins": social_plugins,
}
