def add_api(request):
if request.method == 'POST':
form = AddApiKeyForm(request.POST)
form.user = request.user
if form.is_valid():
user_api = UserAPIKey()
user_api.keyID = form.cleaned_data["keyID"]
user_api.vCode = form.cleaned_data["vCode"]
user_api.user = request.user
user_api.save()
members, corps = init_characters(request.user, form.characters)
for corp in corps:
corp.save()
for member in members:
member.save()
update_user_accesses(request.user)
logger.info('"%s" added new API Key %d' % (request.user, user_api.keyID))
return redirect('/account/')
else: # request.method == 'GET'
form = AddApiKeyForm()
data = {
'form': form,
'accessMask': required_access_mask(character=True)
}
return render_to_response('ecm/auth/add_api.html', data, Ctx(request))
def edit_api(request, keyID):
api = get_object_or_404(UserAPIKey, keyID=int(keyID))
if api.user != request.user:
return forbidden(request)
if request.method == 'POST':
form = EditApiKeyForm(request.POST)
form.user = request.user
if form.is_valid():
api.vCode = form.cleaned_data["vCode"]
api.is_valid = True
api.save()
members, corps = init_characters(request.user, form.characters)
for member in members:
member.save()
for corp in corps:
corp.save()
update_user_accesses(request.user)
logger.info('"%s" edited API Key %d' % (request.user, api.keyID))
return redirect('/account/')
else: # request.method == 'GET'
form = EditApiKeyForm(initial={"keyID" : api.keyID, "vCode" : api.vCode})
data = {
'form': form,
'request_path' : request.get_full_path(),
'accessMask': required_access_mask(character=True)
}
return render_to_response('ecm/auth/edit_api.html', data, Ctx(request))
def delete_character(request, characterID):
character = get_object_or_404(Member, characterID=int(characterID))
if character.owner == request.user:
character.owner = None
character.save()
update_user_accesses(request.user)
logger.info('"%s" gave up ownership of character "%s"' % (request.user, character.name))
return redirect('/account/')
else:
return forbidden(request)
def activate_account(request, activation_key):
try:
user = RegistrationProfile.objects.activate_user(activation_key)
update_user_accesses(user)
logger.info('account "%s" activated' % (user.username))
return render_to_response('ecm/auth/account_activated.html',
{ 'activated_user' : user },
context_instance=Ctx(request))
except (ValueError, UserWarning), err:
logger.info('could not use activation key "%s": %s' % (activation_key, str(err)))
return render_to_response('ecm/auth/activation_error.html',
{ 'activation_key': activation_key,
'error_reason': str(err) },
context_instance=Ctx(request))
def activate_account(request, activation_key):
try:
user = RegistrationProfile.objects.activate_user(activation_key)
update_user_accesses(user)
logger.info('account "%s" activated' % (user.username))
return render_to_response('ecm/auth/account_activated.html',
{'activated_user': user},
context_instance=Ctx(request))
except (ValueError, UserWarning), err:
logger.info('could not use activation key "%s": %s' %
(activation_key, str(err)))
return render_to_response('ecm/auth/activation_error.html', {
'activation_key': activation_key,
'error_reason': str(err)
},
context_instance=Ctx(request))
def authenticate(self, username=None, password=None):
"""Authenticate user against phpBB3 database.
Check if the user exists in Django users. If not, create it.
Then authenticate."""
logging.debug("PhpbbBackend::authenticate()")
user = None
try:
phpbb_user = PhpbbUser.objects.get(username=username)
except PhpbbUser.DoesNotExist:
# The user does not exist in phpBB. Bailing out.
logging.info("User '%s' doesn't exist." % username)
return None
phpbb_checker = php_password.PhpbbPassword()
if phpbb_checker.phpbb_check_hash(password, phpbb_user.user_password):
logging.debug("User %s successfully authenticated "
"with phpBB database." % username)
else:
# Invalid password
logging.info("Wrong password for user %s" % username)
return None
# At this point we have successfully checked phpBB user password.
# Now we're getting and returning Django user. If necessary, we're
# creating the user on the fly.
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
logging.info("Creating new Django user '%s'" % username)
if username:
user = User(username=username, password="")
user.is_staff = False
user.is_superuser = False
user.email = phpbb_user.user_email
user.save()
# Do the initial update of the user's characters
characters = api.get_account_characters(
UserAPIKey(keyID=phpbb_user.eveapi_keyid,
vCode=phpbb_user.eveapi_vcode))
members, corps = init_characters(user, characters)
for corp in corps:
corp.save()
for member in members:
member.save()
# Give the new user roles/groups:
update_user_accesses(user)
else:
logging.warning("User name empty. Not creating.")
return None
# In case the phpBB password has changed, we're updating user's
# Django password. Django password is necessary when user wants to log
# in to the admin interface.
user.set_password(password)
# Update the API information always to allow changes from phpBB
user_api = UserAPIKey()
user_api.keyID = phpbb_user.eveapi_keyid
user_api.vCode = phpbb_user.eveapi_vcode
user_api.user = user
user_api.save()
logging.debug("Returning user '%s'" % user)
return user
