def create(self):
try:
first_name = request.form.get("first_name", "").strip()
last_name = request.form.get("last_name", "").strip()
email = request.form.get("email", "").strip()
password = request.form.get("password", "").strip()
password_confirm = request.form.get("password_confirm", "").strip()
user_role = request.form.get("user_role")
role = models.AuthUserRole.get(user_role)
if not role:
raise exceptions.AuthError("Invalid ROLE selected")
if not first_name:
raise mocha_exc.AppError("First Name is required")
elif not password or password != password_confirm:
raise mocha_exc.AppError("Passwords don't match")
user = create_user(username=email,
password=password,
first_name=first_name,
last_name=last_name,
login_method="email",
role=role.name)
if user:
flash_success("New account created successfully!")
return redirect(self.info, id=user.id)
else:
raise exceptions.AuthError("Account couldn't be created")
except exceptions.AuthError as ae:
flash_error(ae.message)
return redirect(self.index)
def setup_login(self):
return
user_login = current_user.user_login("email")
if user_login:
return redirect(self.account_settings)
if request.IS_POST:
try:
email = request.form.get("email")
password = request.form.get("password")
password2 = request.form.get("password2")
if not password.strip() or password.strip() != password2.strip():
raise exceptions.AuthError("Passwords don't match")
else:
new_login = models.AuthUserLogin.new(login_method="email",
user_id=current_user.id,
email=email,
password=password.strip())
if verify_email:
send_registration_welcome_email(new_login.user)
flash_success(
"A welcome email containing a confirmation link has been sent to your email")
return redirect(self.account_settings)
except exceptions.AuthError as ex:
flash_error(ex.message)
return redirect(self.setup_login)
except Exception as e:
logging.exception(e)
flash_error("Unable to setup login")
return redirect(self)
def reset_password(self, action_token, signed_data):
"""Reset the user password. It was triggered by LOST-PASSWORD """
try:
action = "reset-password"
user = get_user_by_action_token(action, action_token)
if not user or not user.signed_data_match(signed_data, action):
raise mocha_exc.AppError("Verification Invalid!")
if request.method == "POST":
password = request.form.get("password", "").strip()
password_confirm = request.form.get("password_confirm",
"").strip()
if not password or password != password_confirm:
raise exceptions.AuthError(
"Password is missing or passwords don't match")
user.change_password(password)
user.set_email_verified(True)
session_set_require_password_change(False)
flash_success("Password updated successfully!")
return redirect(__options__.get("login_view") or self.login)
return {"action_token": action_token, "signed_data": signed_data}
except (mocha_exc.AppError, exceptions.AuthError) as ex:
flash_error(str(ex))
except Exception as e:
logging.exception(e)
flash_error("Unable to reset password")
return redirect(self.login)
def which_error(response):
if response.status_code == 401:
raise exceptions.AuthError()
elif response.status_code == 500:
raise Exception(response.text)
elif response.status_code == 404:
# Not in the group
raise exceptions.NotFound()
def change_password(self):
"""Change password """
try:
self._assert_current_password()
password = request.form.get("password", "").strip()
password_confirm = request.form.get("password_confirm", "").strip()
if password != password_confirm:
raise exceptions.AuthError("Passwords don't match")
current_user.change_password(password)
flash_success(_("Your password updated successfully!"))
except exceptions.AuthError as ex:
flash_error(str(ex))
except Exception as e:
logging.exception(e)
flash_error(_("Unable to update password"))
redirect_url = request.form.get("redirect") or self.account_settings
return redirect(redirect_url)
def roles(self):
"""
Only admin and super admin can add/remove roles
RESTRICTED ROLES CAN'T BE CHANGED
"""
roles_max_range = 11
if request.IS_POST:
try:
id = request.form.get("id")
name = request.form.get("name")
level = request.form.get("level")
action = request.form.get("action")
if name and level:
level = int(level)
name = name.upper()
_levels = [r[0] for r in models.AuthUserRole.ROLES]
_names = [r[1] for r in models.AuthUserRole.ROLES]
if level in _levels or name in _names:
raise exceptions.AuthError(
"Can't modify PRIMARY Roles - name: %s, level: %s " % (
name, level))
else:
if id:
role = models.AuthUserRole.get(id)
if role:
if action == "delete":
role.update(level=0) # Free the role
role.delete()
flash_success(
"Role '%s' deleted successfully!" % role.name)
elif action == "update":
if role.level != level and models.AuthUserRole.get_by_level(
level):
raise exceptions.AuthError(
"Role Level '%s' exists already" % level)
elif role.name != models.AuthUserRole.slug_name(
name) and models.AuthUserRole.get_by_name(
name):
raise exceptions.AuthError(
"Role Name '%s' exists already" % name)
else:
role.update(name=name, level=level)
flash_success(
"Role '%s (%s)' updated successfully" % (
name, level))
else:
raise exceptions.AuthError("Role doesn't exist")
else:
if models.AuthUserRole.get_by_level(level):
raise exceptions.AuthError(
"New Role Level '%s' exists already" % level)
elif models.AuthUserRole.get_by_name(name):
raise exceptions.AuthError(
"New Role Name '%s' exists already" % name)
else:
models.AuthUserRole.new(name=name, level=level)
flash_success(
"New Role '%s (%s)' addedd successfully" % (
name, level))
except exceptions.AuthError as ex:
flash_error("%s" % ex.message)
return redirect(self.roles)
page_attr("User Roles")
roles = models.AuthUserRole.query().order_by(
models.AuthUserRole.level.desc())
allocated_levels = [r.level for r in roles]
# levels_options = [(l, l) for l in range(1, roles_max_range) if l not in allocated_levels]
levels_options = [(l, l) for l in range(1, roles_max_range)]
return {
"roles": roles,
"levels_options": levels_options
}
def action(self):
id = request.form.get("id")
action = request.form.get("action")
try:
user = models.AuthUser.get(id, include_deleted=True)
if not user:
abort(404, "User doesn't exist or has been deleted!")
if current_user.role.level < user.role.level:
abort(403, "Not enough power level to update this user info")
user = UserModel(user)
if current_user.id != user.id:
if action == "activate":
user.change_status("active")
flash_success("User has been ACTIVATED")
elif action == "deactivate":
user.change_status("suspended")
flash_success("User is now SUSPENDED")
elif action == "delete":
user.change_status("deleted")
user.delete()
flash_success("User has been DELETED")
elif action == "undelete":
user.change_status("suspended")
user.delete(False)
flash_success("User is now RESTORED / Use is now SUSPENDED")
if action == "info":
first_name = request.form.get("first_name")
last_name = request.form.get("last_name")
data = {}
if first_name:
data["first_name"] = first_name
if last_name:
data["last_name"] = last_name
if current_user.id != user.id:
user_role = request.form.get("user_role")
_role = models.AuthUserRole.get(user_role)
if not _role:
raise exceptions.AuthError("Invalid ROLE selected")
data["role"] = _role
if data:
user.update_info(ACTIONS["UPDATE"], **data)
flash_success("User info updated successfully!")
elif action == "change-username":
username = request.form.get("username")
user.change_username(username)
flash_success("Username changed successfully!")
elif action == "change-email":
email = request.form.get("email")
user.change_email(email)
flash_success("Email changed successfully!")
elif action == "change-password":
password = request.form.get("password", "").strip()
password_confirm = request.form.get("password_confirm", "").strip()
if password != password_confirm:
raise exceptions.AuthError("Invalid passwords")
user.change_password(password)
flash_success("Password changed successfully!")
elif action == "email-reset-password":
user.send_password_reset()
flash_success("Password reset was sent to email")
elif action == "email-account-verification":
user.send_verification_email()
flash_success("Email verification was sent")
elif action == "reset-secret-key":
user.reset_secret_key()
flash_success("The account's secret key has been changed")
elif action == "delete-profile-image":
if user.profile_image is not None:
delete_file(user.profile_image)
user.update_info(profile_image=None,
_action=ACTIONS["PROFILE_IMAGE"])
flash_success("Profile Image deleted successfully!")
except exceptions.AuthError as ae:
flash_error(ae.message)
return redirect(self.info, id=id)
def _confirm_password(self):
user_login = current_user.user_login("email")
password = request.form.get("confirm-password")
if not user_login.password_matched(password):
raise exceptions.AuthError("Invalid password")
return True
def _assert_current_password(self):
"""Assert the password to make sure it matches the current user """
password = request.form.get("current_password")
if not current_user.password_matched(password):
raise exceptions.AuthError("Invalid password")
def register(self):
""" Registration """
if not __options__.get("allow_registration"):
abort(403, "Registration is not allowed. Contact admin if it's a mistake")
page_attr("Register")
if request.method == "POST":
try:
if not recaptcha.verify():
raise mocha_exc.AppError("Invalid Security code")
email = request.form.get("email", "").strip()
username = request.form.get("username", "").strip()
password = request.form.get("password", "").strip()
password_confirm = request.form.get("password_confirm", "").strip()
first_name = request.form.get("first_name", "").strip()
last_name = request.form.get("last_name", "").strip()
with_oauth = request.form.get("with_oauth") == "1"
oauth_provider = request.form.get("oauth_provider")
oauth_user_id = request.form.get("oauth_user_id")
login_method = None
# Require username and email
if __options__.get("registration_username"):
if "@" in username:
raise exceptions.AuthError(_("Username can't be an email"))
if not utils.is_email_valid(email):
raise exceptions.AuthError(_("Invalid email address"))
login_method = "username"
# Require only email. Email will be used as username and email
elif __options__.get("registration_email"):
if not utils.is_email_valid(username):
raise exceptions.AuthError(_("Invalid email address"))
email = username
login_method = "email"
if not first_name:
raise mocha_exc.AppError(
_("First Name or Name is required"))
elif not password or password != password_confirm:
raise mocha_exc.AppError(_("Passwords don't match"))
if not login_method:
raise exceptions.AuthError(_("Registration is disabled"))
user = create_user(username=username,
password=password,
email=email,
first_name=first_name,
last_name=last_name,
login_method=login_method)
# WITH OAUTH, we can straight up login user
if with_oauth and oauth_provider and oauth_user_id:
user.add_federation(oauth_provider, oauth_user_id)
create_session(user)
return redirect(request.form.get(
"next") or views.auth.Account.account_settings)
if __options__.get("require_email_verification"):
user.send_welcome_email(view_class=self)
flash_success(_("Please check your email. We've sent you a message"))
return redirect(
request.form.get("next") or __options__.get("login_view"))
except (mocha_exc.AppError, exceptions.AuthError) as ex:
flash_error(str(ex))
except Exception as e:
logging.exception(e)
flash_error("Unable to register")
return redirect(self.register, next=request.form.get("next"))
return {
"reg_email": __options__.get("registration_email"),
"reg_username": __options__.get("registration_username"),
"reg_social": __options__.get("registration_social"),
"reg_full_name": __options__.get("registration_full_name"),
"login_url_next": request.args.get("next", ""),
"with_oauth": has_oauth_request(),
"oauth_provider": get_oauth_session().get("provider"),
"oauth_user_id": get_oauth_session().get("user_id"),
"email": get_oauth_session().get("email") or "",
"name": get_oauth_session().get("name") or "",
}