def post(self): request = self.request _ = request.translate model_state = request.model_state model_state.schema = LoginSchema() if not model_state.validate(): return {} password = security.MakeRandomPassword() salt = security.MakeSalt() hash = security.Crypt(salt, password) hash_args = [security.DEFAULT_REPEAT, salt, hash] LoginName = model_state.value('LoginName') user = None with request.connmgr.get_connection() as conn: user = conn.execute('EXEC sp_Users_u_PwReset ?, ?, ?, ?', LoginName, *hash_args).fetchone() if user: gettext = get_translate_fn(request, user.Culture) subject = gettext('CIOC Community Manager Site Password Reset') welcome_message = gettext(pwreset_email_template) % { 'FirstName': user.FirstName, 'Password': password, 'url': request.route_url('login') } email.email('*****@*****.**', user.Email, subject, welcome_message) request.session.flash(_('A new password was sent you your email address.')) return HTTPFound(location=request.route_url('home'))
def post(self): request = self.request _ = request.translate is_new = not not request.matched_route.name == 'user_new' is_request = not not request.matched_route.name == 'request_account' is_account = not not request.matched_route.name == 'account' reqid = None if is_new: reqid = self._get_request_id() elif is_account: uid = request.user.User_ID elif not is_request: validator = validators.IntID(not_empty=True) try: uid = validator.to_python(request.matchdict.get('uid')) except validators.Invalid: raise HTTPNotFound() if is_new and request.params.get('Reject'): return HTTPFound(location=request.route_url( 'request_reject', _query=[('reqid', reqid)])) extra_validators = {} if is_new: extra_validators['user'] = NewUserValidator() elif is_account: extra_validators['user'] = BaseUserValidator() extra_validators['password'] = PasswordValidator(if_missing=None) elif not is_request: extra_validators['user'] = ManageUsersValidator() extra_validators['password'] = PasswordValidator(if_missing=None) else: extra_validators['user'] = RequestAccessValidator() extra_validators['TomorrowsDate'] = TomorrowsDateValidator if is_request or is_account: schema = UpdateProfileRequestAccessBase(**extra_validators) else: schema = ManageUserAddUserWrapper(**extra_validators) model_state = request.model_state model_state.form.variable_decode = True model_state.schema = schema if model_state.validate(): form_data = model_state.data user = form_data['user'] fields = list(schema.fields['user'].fields.keys()) args = [user.get(x) for x in fields] if not is_request and not is_account: root = ET.Element('ManageAreas') if not user.get('Admin'): for cmid in form_data.get('manage_areas') or []: if cmid: ET.SubElement(root, 'CM_ID').text = str(cmid) fields.append('ManageAreas') args.append(ET.tostring(root)) root = ET.Element('ManageExternal') if not user.get('Admin'): for code in form_data.get('manage_external') or []: if code: ET.SubElement(root, 'SystemCode').text = str(code) fields.append('ManageExternalSystems') args.append(ET.tostring(root)) log.debug('args: %s', args) if is_new: fields.append('Request_ID') args.append(reqid) if not is_request: fields.append('MODIFIED_BY') args.append(request.user.UserName) password = None if not is_request: if is_new: password = security.MakeRandomPassword() else: password = model_state.value('password.Password') if password: salt = security.MakeSalt() hash = security.Crypt(salt, password) hash_args = [security.DEFAULT_REPEAT, salt, hash] else: hash_args = [None, None, None] fields.extend( ['PasswordHashRepeat', 'PasswordHashSalt', 'PasswordHash']) args.extend(hash_args) user_id_sql = '' if is_new: user_id_sql = '@User_ID OUTPUT,' elif not is_request: fields.append('User_ID') args.append(uid) if is_request: sql = ''' DECLARE @RT int, @ErrMsg nvarchar(500), @Request_ID int %s EXEC @RT = sp_Users_AccountRequest_i @Request_ID OUTPUT, %s, @ErrMsg=@ErrMsg OUTPUT SELECT @RT AS [Return], @ErrMsg AS ErrMsg, @Request_ID AS Request_ID ''' else: sql = ''' DECLARE @RT int, @ErrMsg nvarchar(500), @User_ID int SET @ErrMsg = NULL EXEC @RT = sp_Users_u %s %s, @ErrMsg=@ErrMsg OUTPUT SELECT @RT AS [Return], @ErrMsg AS ErrMsg, @User_ID AS [User_ID] ''' sql = sql % (user_id_sql, ','.join('@%s=?' % x for x in fields)) with request.connmgr.get_connection() as conn: result = conn.execute(sql, args).fetchone() if not result.Return: if is_new: # force to language of request? gettext = get_translate_fn(request, user['Culture']) subject = gettext( 'Your CIOC Community Manager Site Account') welcome_message = gettext(welcome_email_template) % { 'FirstName': user['FirstName'], 'UserName': user['UserName'], 'Password': password, 'url': request.route_url('login') } email.email('*****@*****.**', user['Email'], subject, welcome_message) request.session.flash(_('User Successfully Added')) return HTTPFound( location=request.route_url('user', uid=result.User_ID)) elif is_request: subject = 'CIOC Community Manager Account Request' tmpl_args = { 'url': request.route_url('user_new', _query=[('reqid', result.Request_ID) ]) } tmpl_args.update(user) request_message = request_email_template % tmpl_args email.email('*****@*****.**', '*****@*****.**', subject, request_message) return HTTPFound( location=request.route_url('request_account_thanks')) if is_account: request.session.flash(_('Account successfully updated')) else: request.session.flash(_('User successfully modified')) return HTTPFound(location=request.current_route_url()) model_state.add_error_for( '*', _('Could not add user: '******'manage_areas') or [] else: data = model_state.data decoded = variable_decode(request.POST) data['manage_areas'] = manage_areas = decoded.get( 'manage_areas') or [] if is_account: manage_areas = request.user.ManageAreaList or [] log.debug('errors: %s', model_state.form.errors) account_request = user = None cm_name_map = {} if not is_request: with request.connmgr.get_connection() as conn: if is_new: account_request = conn.execute( 'EXEC sp_Users_AccountRequest_s ?', reqid).fetchone() else: if is_account: user = conn.execute('EXEC sp_Users_s ?', uid).fetchone() else: user = request.context.user cm_name_map = { str(x[0]): x[1] for x in conn.execute( 'EXEC sp_Community_ls_Names ?', ','.join( str(x) for x in manage_areas)).fetchall() } if is_new: if not account_request: request.session.flash(_('Account Request Not Found'), 'errorqueue') return HTTPFound(location=request.route_url('users')) elif not is_request: if not user: raise HTTPNotFound() if is_new: title_text = _('Add New User') elif is_request: title_text = _('Request Account') elif is_account: title_text = _('Update Account') else: title_text = _('Modify User') return { 'title_text': title_text, 'account_request': account_request, 'user': user, 'cm_name_map': cm_name_map, 'is_admin': not is_request and not is_account, 'is_account': is_account }
def post(self): request = self.request _ = request.translate is_new = not not request.matched_route.name == 'user_new' is_request = not not request.matched_route.name == 'request_account' is_account = not not request.matched_route.name == 'account' reqid = None if is_new: reqid = self._get_request_id() elif is_account: uid = request.user.User_ID elif not is_request: validator = validators.IntID(not_empty=True) try: uid = validator.to_python(request.matchdict.get('uid')) except validators.Invalid: raise HTTPNotFound() if is_new and request.params.get('Reject'): return HTTPFound(location=request.route_url('request_reject', _query=[('reqid', reqid)])) extra_validators = {} if is_new: extra_validators['user'] = NewUserValidator() elif is_account: extra_validators['user'] = BaseUserValidator() extra_validators['password'] = PasswordValidator(if_missing=None) elif not is_request: extra_validators['user'] = ManageUsersValidator() extra_validators['password'] = PasswordValidator(if_missing=None) else: extra_validators['user'] = RequestAccessValidator() extra_validators['TomorrowsDate'] = TomorrowsDateValidator if is_request or is_account: schema = UpdateProfileRequestAccessBase(**extra_validators) else: schema = ManageUserAddUserWrapper(**extra_validators) model_state = request.model_state model_state.form.variable_decode = True model_state.schema = schema if model_state.validate(): form_data = model_state.data user = form_data['user'] fields = schema.fields['user'].fields.keys() args = [user.get(x) for x in fields] if not is_request and not is_account: root = ET.Element('ManageAreas') if not user.get('Admin'): for cmid in form_data.get('manage_areas') or []: if cmid: ET.SubElement(root, 'CM_ID').text = unicode(cmid) fields.append('ManageAreas') args.append(ET.tostring(root)) root = ET.Element('ManageExternal') if not user.get('Admin'): for code in form_data.get('manage_external') or []: if code: ET.SubElement(root, 'SystemCode').text = unicode(code) fields.append('ManageExternalSystems') args.append(ET.tostring(root)) log.debug('args: %s', args) if is_new: fields.append('Request_ID') args.append(reqid) if not is_request: fields.append('MODIFIED_BY') args.append(request.user.UserName) password = None if not is_request: if is_new: password = security.MakeRandomPassword() else: password = model_state.value('password.Password') if password: salt = security.MakeSalt() hash = security.Crypt(salt, password) hash_args = [security.DEFAULT_REPEAT, salt, hash] else: hash_args = [None, None, None] fields.extend(['PasswordHashRepeat', 'PasswordHashSalt', 'PasswordHash']) args.extend(hash_args) user_id_sql = '' if is_new: user_id_sql = '@User_ID OUTPUT,' elif not is_request: fields.append('User_ID') args.append(uid) if is_request: sql = ''' DECLARE @RT int, @ErrMsg nvarchar(500), @Request_ID int %s EXEC @RT = sp_Users_AccountRequest_i @Request_ID OUTPUT, %s, @ErrMsg=@ErrMsg OUTPUT SELECT @RT AS [Return], @ErrMsg AS ErrMsg, @Request_ID AS Request_ID ''' else: sql = ''' DECLARE @RT int, @ErrMsg nvarchar(500), @User_ID int SET @ErrMsg = NULL EXEC @RT = sp_Users_u %s %s, @ErrMsg=@ErrMsg OUTPUT SELECT @RT AS [Return], @ErrMsg AS ErrMsg, @User_ID AS [User_ID] ''' sql = sql % (user_id_sql, ','.join('@%s=?' % x for x in fields)) with request.connmgr.get_connection() as conn: result = conn.execute(sql, args).fetchone() if not result.Return: if is_new: # force to language of request? gettext = get_translate_fn(request, user['Culture']) subject = gettext('Your CIOC Community Manager Site Account') welcome_message = gettext(welcome_email_template) % { 'FirstName': user['FirstName'], 'UserName': user['UserName'], 'Password': password, 'url': request.route_url('login')} email.email('*****@*****.**', user['Email'], subject, welcome_message) request.session.flash(_('User Successfully Added')) return HTTPFound(location=request.route_url('user', uid=result.User_ID)) elif is_request: subject = 'CIOC Community Manager Account Request' tmpl_args = {'url': request.route_url('user_new', _query=[('reqid', result.Request_ID)])} tmpl_args.update(user) request_message = request_email_template % tmpl_args email.email('*****@*****.**', '*****@*****.**', subject, request_message) return HTTPFound(location=request.route_url('request_account_thanks')) if is_account: request.session.flash(_('Account successfully updated')) else: request.session.flash(_('User successfully modified')) return HTTPFound(location=request.current_route_url()) model_state.add_error_for('*', _('Could not add user: '******'manage_areas') or [] else: data = model_state.data decoded = variable_decode(request.POST) data['manage_areas'] = manage_areas = decoded.get('manage_areas') or [] if is_account: manage_areas = request.user.ManageAreaList or [] log.debug('errors: %s', model_state.form.errors) account_request = user = None cm_name_map = {} if not is_request: with request.connmgr.get_connection() as conn: if is_new: account_request = conn.execute('EXEC sp_Users_AccountRequest_s ?', reqid).fetchone() else: if is_account: user = conn.execute('EXEC sp_Users_s ?', uid).fetchone() else: user = request.context.user cm_name_map = {str(x[0]): x[1] for x in conn.execute('EXEC sp_Community_ls_Names ?', ','.join(str(x) for x in manage_areas)).fetchall()} if is_new: if not account_request: request.session.flash(_('Account Request Not Found'), 'errorqueue') return HTTPFound(location=request.route_url('users')) elif not is_request: if not user: raise HTTPNotFound() if is_new: title_text = _('Add New User') elif is_request: title_text = _('Request Account') elif is_account: title_text = _('Update Account') else: title_text = _('Modify User') return {'title_text': title_text, 'account_request': account_request, 'user': user, 'cm_name_map': cm_name_map, 'is_admin': not is_request and not is_account, 'is_account': is_account}