def reset_password(request):
session = DBSession()
matchdict = request.matchdict
token = matchdict["token"]
forgotPassword = ForgotPassword.getByToken(token)
if (not forgotPassword):
request.session.flash(_("Reset password token not found in database."))
return HTTPFound(location = route_url("home", request))
if (request.logged_in):
request.session.flash(_("You are already logged in and therefore cannot reset a password."))
return HTTPFound(location = route_url("home", request))
login_url = route_url('login', request)
referrer = request.url
if (referrer == login_url):
referrer = '/' # never use the login form itself as came_from
came_from = request.params.get('came_from', referrer)
user = User.getByID(forgotPassword.user.id)
fs = None
if 'submitted' in request.params:
fs = ResetPasswordFieldSet().bind(User, session = session, data = request.params or None)
valid = fs.validate()
if valid:
user = User.getByID(request.params["user_id"])
password = bcrypt.hashpw(fs.password1.value, bcrypt.gensalt())
user.password = password
user.user_type = User.NORMAL
session.add(user)
session.flush()
session.query(ForgotPassword).filter(ForgotPassword.user_id == user.id).delete()
request.session["username"] = user.username
headers = remember(request, user.id)
request.session.flash(_("You have successfully updated your password!"))
return HTTPFound(location = route_url("home", request), headers = headers)
if (fs is None):
fs = ResetPasswordFieldSet().bind(User, session = session)
form = fs.render()
return dict(form = form, user_id = user.id, title = _("Forgot your password?"))
def login(request):
login_url = route_url("login", request)
logged_in = authenticated_userid(request)
if logged_in:
request.session.flash(_("You are already logged in and therefore cannot register for a new account."))
return HTTPFound(location=route_url("home", request))
referrer = request.url
if referrer == login_url:
referrer = "/" # never use the login form itself as came_from
came_from = request.params.get("came_from", referrer)
login = ""
password = ""
if "submitted" in request.params:
session = DBSession()
login = request.params["login"]
password = request.params["password"]
if User.checkPassword(login, password) and (User.checkTypeByUsername(login) != User.FORGOT_PASSWORD):
request.session["username"] = login
headers = remember(request, User.getID(login))
return HTTPFound(location=came_from, headers=headers)
request.session.flash("Failed login")
return dict(
url=request.application_url + "/login",
came_from=came_from,
login=login,
title="Fluid Nexus login",
logged_in=logged_in,
password=password,
)
def forgot_password(request):
session = DBSession()
matchdict = request.matchdict
if (request.logged_in):
request.session.flash(_("You are already logged in and therefore cannot request a new password."))
return HTTPFound(location = route_url("home", request))
login_url = route_url('login', request)
referrer = request.url
if (referrer == login_url):
referrer = '/' # never use the login form itself as came_from
came_from = request.params.get('came_from', referrer)
fs = None
if 'submitted' in request.params:
fs = ForgotPasswordFieldSet().bind(User, session = session, data = request.params or None)
valid_user = User.checkEmail(fs.username.value, fs.email.value)
if (not valid_user):
request.session.flash(_("E-mail and password combination do not match."))
return HTTPFound(location = route_url("home", request))
#user = User.getByEmail(fs.email.value)
token = str(time.time())
# Generate salt
for x in xrange(0, 10):
token += str(random.randint(0, 100))
token = hashlib.sha256(token).hexdigest()
fp = ForgotPassword(token = token)
fp.user_id = valid_user.id
session.add(fp)
valid_user.user_type = User.FORGOT_PASSWORD
session.add(valid_user)
# Import smtplib for the actual sending function
import smtplib
# Import the email modules we'll need
from email.mime.text import MIMEText
text = """Please go to the following link to reset your password:
http://fluidnexus.net/reset_password/%s
If you have any questions please reply to this e-mail.
Best,
fluidnexus.net""" % token
msg = MIMEText(text)
msg["Subject"] = "Forgotten password for %s" % (fs.email.value)
msg["From"] = "*****@*****.**"
msg["To"] = fs.email.value
s = smtplib.SMTP("localhost")
s.sendmail("*****@*****.**", [fs.email.value], msg.as_string())
s.quit()
request.session.flash(_("Please check your e-mail for the link to reset your password."))
return HTTPFound(location = route_url("home", request))
if (fs is None):
fs = ForgotPasswordFieldSet().bind(User, session = session)
form = fs.render()
return dict(form = form, title = _("Forgot your password?"))
def register_user_openid(request):
session = DBSession()
matchdict = request.matchdict
if (request.logged_in):
request.session.flash(_("You are already logged in and therefore cannot register for a new account."))
return HTTPFound(location = route_url("home", request))
fs = OpenIDUserFieldSet().bind(User, session = session)
fs.append(Field("openid_url", value = request.params.get("openid_url", "")).hidden())
if 'submitted' in request.params:
fs = OpenIDUserFieldSet().bind(User, session = session, data = request.params or None)
valid = fs.validate()
if valid:
user = User()
# TODO
# Shouldn't have to do this, but doing it for simplicity now
# Should validate that the username is unique
user.username = fs.username.value
user.given_name = fs.given_name.value
user.surname = fs.surname.value
user.homepage = fs.homepage.value
user.user_type = User.OPENID
now = time.time()
user.created_time = now
user.password = bcrypt.hashpw(str(int(now)), bcrypt.gensalt())
session.add(user)
session.flush()
User.addToGroup(fs.username.value, "nexus")
request.session["username"] = fs.username.value
user_id = User.getID(fs.username.value)
openid = OpenID(openid_url = request.params.get("openid_url", ""), user_id = user_id)
session.add(openid)
headers = remember(request, user_id)
request.session["username"] = fs.username.value
request.session.flash(_("You have successfully registered!"))
return HTTPFound(location = route_url("home", request), headers = headers)
form = fs.render()
return dict(form = form, title = _("Register new user"))
def register_user(request):
session = DBSession()
matchdict = request.matchdict
if (request.logged_in):
request.session.flash(_("You are already logged in and therefore cannot register for a new account."))
return HTTPFound(location = route_url("home", request))
login_url = route_url('login', request)
referrer = request.url
if (referrer == login_url):
referrer = '/' # never use the login form itself as came_from
came_from = request.params.get('came_from', referrer)
fs = None
if 'submitted' in request.params:
fs = RegisterUserFieldSet().bind(User, session = session, data = request.params or None)
valid = fs.validate()
if valid:
user = User()
password = bcrypt.hashpw(fs.password1.value, bcrypt.gensalt())
# TODO
# Shouldn't have to do this, but doing it for simplicity now
user.username = fs.username.value
user.password = password
user.given_name = fs.given_name.value
user.surname = fs.surname.value
user.homepage = fs.homepage.value
#user.email = fs.email.value
user.email = bcrypt.hashpw(fs.email.value, bcrypt.gensalt())
user.created_time = time.time()
user.user_type = User.NORMAL
session.add(user)
session.flush()
User.addToGroup(fs.username.value, "nexus")
request.session["username"] = fs.username.value
headers = remember(request, User.getID(fs.username.value))
request.session.flash(_("You have successfully created a new account!"))
return HTTPFound(location = route_url("home", request), headers = headers)
if (fs is None):
fs = RegisterUserFieldSet().bind(User, session = session)
form = fs.render()
return dict(form = form, title = _("Register new user"))
