def forgot_password(request): settings = request.registry.settings if not is_pwreminder_enabled(settings): raise exc.exception_response(503) handle_history(request) _ = request.translate config = Config(load(get_path_to_form_config('auth.xml'))) form_config = config.get_form('forgot_password') form = Form(form_config, csrf_token=request.session.get_csrf_token(), translate=_) complete = False if request.POST: if form.validate(request.params): username = form.data.get('login') user = request_password_reset(username, request.db) if user: mailer = Mailer(request) recipient = user.profile[0].email token = user.reset_tokens[-1] subject = _('Password reset request') values = {'url': request.route_url('reset_password', token=token), 'app_name': get_app_title(), 'email': settings['mail.default_sender'], '_': _} mail = Mail([recipient], subject, template="password_reset_request", values=values) mailer.send(mail) msg = _("Password reset token has been sent to the users " "email address. Please check your email.") request.session.flash(msg, 'success') complete = True return {'form': form.render(), 'complete': complete}
def login(request): handle_history(request) _ = request.translate settings = request.registry.settings config = Config(load(get_path_to_form_config('auth.xml', 'ringo'))) form_config = config.get_form('loginform') form = Form(form_config, csrf_token=request.session.get_csrf_token(), translate=_) if request.POST: form.validate(request.params) username = form.data.get('login') password = form.data.get('pass') user = user_login(username, password) if user is None: msg = _("Login failed!") request.session.flash(msg, 'error') elif not user.activated: msg = _("Login failed!") request.session.flash(msg, 'error') target_url = request.route_path('accountdisabled') return HTTPFound(location=target_url) else: msg = _("Login was successfull") request.session.flash(msg, 'success') headers = remember(request, user.id) target_url = request.route_path('home') return HTTPFound(location=target_url, headers=headers) return {'form': form.render(), 'registration_enabled': is_registration_enabled(settings), 'pwreminder_enabled': is_pwreminder_enabled(settings)}
class ImportDialogRenderer(DialogRenderer): """Docstring for ImportDialogRenderer""" def __init__(self, request, clazz): """@todo: to be defined """ DialogRenderer.__init__(self, request, clazz, "import") self.template = template_lookup.get_template("internal/import.mako") config = Config(load(get_path_to_form_config('import.xml', 'ringo'))) form_config = config.get_form('default') self.form = Form(form_config, csrf_token=self._request.session.get_csrf_token(), dbsession=request.db, eval_url=get_eval_url(), url_prefix=get_app_url(request)) def render(self, items): values = {} values['request'] = self._request values['body'] = self._render_body() values['modul'] = get_item_modul(self._request, self._item).get_label(plural=True) values['action'] = self._action.capitalize() values['ok_url'] = self._request.current_route_path() values['_'] = self._request.translate values['cancel_url'] = self._request.referrer values['overview_url'] = self._request.route_path(get_action_routename(self._item, 'list')) values['eval_url'] = self._request.application_url+get_eval_url() values['items'] = items values['h'] = ringo.lib.helpers return literal(self.template.render(**values)) def _render_body(self): # The output of the form render function of formbar is # considered safe here as formbar already handles the escapeing. # So we put it into the literal function to mark it save. return literal(self.form.render(buttons=False))
class ImportDialogRenderer(DialogRenderer): """Docstring for ImportDialogRenderer""" def __init__(self, request, clazz): """@todo: to be defined """ DialogRenderer.__init__(self, request, clazz, "import") self.template = template_lookup.get_template("internal/import.mako") config = Config(load(get_path_to_form_config('import.xml', 'ringo'))) form_config = config.get_form('default') self.form = Form(form_config, csrf_token=self._request.session.get_csrf_token(), dbsession=request.db, eval_url=get_eval_url(), url_prefix=get_app_url(request)) def render(self, items): values = {} values['request'] = self._request values['body'] = self._render_body() values['modul'] = get_item_modul(self._request, self._item).get_label(plural=True) values['action'] = self._action.capitalize() values['ok_url'] = self._request.current_route_path() values['_'] = self._request.translate values['cancel_url'] = self._request.referrer values['overview_url'] = self._request.route_path(get_action_routename(self._item, 'list')) values['eval_url'] = self._request.application_url+get_eval_url() values['items'] = items values['h'] = ringo.lib.helpers return literal(self.template.render(**values)) def _render_body(self): # The output of the form render function of formbar is # considered safe here as formbar already handles the escapeing. # So we put it into the literal function to mark it save. return literal(self.form.render(buttons=False))
def removeaccount(request): """Method to remove the useraccout by the user.""" # Check authentification # The view is only available for authenticated users and callable # if the user is not the admin unser (id=1) id = request.matchdict.get('id') if not request.user or id == '1': raise HTTPUnauthorized clazz = User _ = request.translate # Load the item return 400 if the item can not be found. factory = clazz.get_item_factory() try: item = factory.load(id, request.db) # Check authorisation if item.id != request.user.id: raise HTTPForbidden() except sa.orm.exc.NoResultFound: raise HTTPBadRequest() form = Form(get_form_config(item, 'removeaccount'), item, request.db, translate=_, renderers={}, change_page_callback={ 'url': 'set_current_form_page', 'item': clazz.__tablename__, 'itemid': id }, request=request, csrf_token=request.session.get_csrf_token(), dependencies=create_dependencies(request)) if request.POST: mapping = {'item': item} if form.validate(request.params): # Delete the account and redirect the user to a result page request.db.delete(item) headers = forget(request) target_url = request.route_path('users-accountremoved') return HTTPFound(location=target_url, headers=headers) else: msg = _('Deleting the account of ' '"${item}" failed.', mapping=mapping) log.info(msg) request.session.flash(msg, 'error') rvalue = {} rvalue['clazz'] = clazz rvalue['item'] = item rvalue['form'] = form.render(page=get_current_form_page(clazz, request)) return rvalue
def removeaccount(request): """Method to remove the useraccout by the user.""" # Check authentification # The view is only available for authenticated users and callable # if the user is not the admin unser (id=1) id = request.matchdict.get('id') if not request.user or id == '1': raise HTTPUnauthorized clazz = User _ = request.translate handle_history(request) handle_params(request) # Load the item return 400 if the item can not be found. factory = clazz.get_item_factory() try: item = factory.load(id, request.db) # Check authorisation if item.id != request.user.id: raise HTTPForbidden() except sa.orm.exc.NoResultFound: raise HTTPBadRequest() form = Form(get_form_config(item, 'removeaccount'), item, request.db, translate=_, renderers={}, change_page_callback={'url': 'set_current_form_page', 'item': clazz.__tablename__, 'itemid': id}, request=request, csrf_token=request.session.get_csrf_token()) if request.POST: mapping = {'item': item} if form.validate(request.params): # Delete the account and redirect the user to a result page request.db.delete(item) headers = forget(request) target_url = request.route_path('users-accountremoved') return HTTPFound(location=target_url, headers=headers) else: msg = _('Deleting the account of ' '"${item}" failed.', mapping=mapping) log.info(msg) request.session.flash(msg, 'error') rvalue = {} rvalue['clazz'] = clazz rvalue['item'] = item rvalue['form'] = form.render(page=get_current_form_page(clazz, request)) return rvalue
def example(request): config = Config(load(os.path.join(example_dir, 'example.xml'))) form_config = config.get_form('example') form = Form(form_config, eval_url="/evaluate", request=request) if request.POST: form.validate(request.POST) else: form.validate({}) template = template_lookup.get_template("index.mako") values = {'form': form.render()} return Response(template.render(**values))
def login(request): _ = request.translate settings = request.registry.settings config = Config(load(get_path_to_form_config('auth.xml'))) form_config = config.get_form('loginform') form = Form(form_config, csrf_token=request.session.get_csrf_token(), translate=_) if request.POST: form.validate(request.params) username = form.data.get('login') password = form.data.get('pass') user = user_login(username, password) if user is None: msg = _("Login failed!") request.session.flash(msg, 'error') elif not user.activated: msg = _("Login failed!") request.session.flash(msg, 'error') target_url = request.route_path('accountdisabled') return HTTPFound(location=target_url) else: # Handle authentication callback. if is_authcallback_enabled(settings): authenticated = False try: callback = dynamic_import(settings.get("auth.callback")) callback(request, user) authenticated = True except AuthentificationException as e: msg = e.message request.session.flash(msg, 'critical') else: authenticated = True if authenticated: # Delete old session data and begin with new fresh session. request.session.invalidate() msg = _("Login was successfull") request.session.flash(msg, 'success') headers = remember(request, user.id) target_url = request.route_path('home') return HTTPFound(location=target_url, headers=headers) return { 'form': form.render(), 'registration_enabled': is_registration_enabled(settings), 'pwreminder_enabled': is_pwreminder_enabled(settings) }
class PrintDialogRenderer(DialogRenderer): """Docstring for ImportDialogRenderer""" def __init__(self, request, clazz): """@todo: to be defined """ DialogRenderer.__init__(self, request, clazz, "print") self.template = template_lookup.get_template("internal/print.mako") config = Config( load( get_path_to_form_config('print.xml', 'ringo_printtemplate', '.'))) form_config = config.get_form('default') # Load available_printtemplates and put them into the form as # external data. This than later used to render the available # printtemplates. mid = clazz._modul_id values = {} values['printtemplates'] = [(p, p.id) for p in self._item.printtemplates] self.form = Form(form_config, item=clazz, csrf_token=self._request.session.get_csrf_token(), dbsession=request.db, translate=request.translate, url_prefix=get_app_url(request), eval_url=get_eval_url(), values=values) def render(self): modul = get_item_modul(self._request, self._item) template_modul = get_item_modul(self._request, Printtemplate) values = {} values['request'] = self._request values['body'] = self._render_body() values['modul'] = modul.get_label(plural=True) values['header'] = template_modul.get_label(plural=True) values['action'] = self._action.capitalize() values['ok_text'] = template_modul.get_label(plural=False) values['ok_url'] = self._request.current_route_path() values['_'] = self._request.translate values['cancel_url'] = self._request.ringo.history.last( ) or self._request.url.replace("print", "read") values['eval_url'] = self.form._eval_url values['h'] = ringo.lib.helpers return literal(self.template.render(**values)) def _render_body(self): out = [] out.append(self.form.render(buttons=False)) return literal("").join(out)
def login(request): handle_history(request) _ = request.translate settings = request.registry.settings config = Config(load(get_path_to_form_config('auth.xml'))) form_config = config.get_form('loginform') form = Form(form_config, csrf_token=request.session.get_csrf_token(), translate=_) if request.POST: form.validate(request.params) username = form.data.get('login') password = form.data.get('pass') user = user_login(username, password) if user is None: msg = _("Login failed!") request.session.flash(msg, 'error') elif not user.activated: msg = _("Login failed!") request.session.flash(msg, 'error') target_url = request.route_path('accountdisabled') return HTTPFound(location=target_url) else: # Handle authentication callback. if is_authcallback_enabled(settings): authenticated = False try: callback = dynamic_import(settings.get("auth.callback")) callback(request, user) authenticated = True except AuthentificationException as e: msg = e.message request.session.flash(msg, 'critical') else: authenticated = True if authenticated: msg = _("Login was successfull") request.session.flash(msg, 'success') headers = remember(request, user.id) target_url = request.route_path('home') return HTTPFound(location=target_url, headers=headers) return {'form': form.render(), 'registration_enabled': is_registration_enabled(settings), 'pwreminder_enabled': is_pwreminder_enabled(settings)}
def render(request): """Will return a JSONResponse with a rendererd form. The form defintion and the formid is provided in the POST request.""" _ = request.translate form_config = request.POST.get("definition") config_name = request.POST.get("formid") out = [] try: config = Config(parse(form_config)) form_config = config.get_form(config_name) form = Form(form_config, None, request.db, csrf_token=request.session.get_csrf_token()) out.append(form.render(buttons=False, outline=False)) except Exception as ex: out.append(_('ERROR: %s' % str(ex))) data = {"form": "".join(out)} return JSONResponse(True, data, {"msg": "Ole!"})
def forgot_password(request): settings = request.registry.settings if not is_pwreminder_enabled(settings): raise exc.exception_response(503) _ = request.translate config = Config(load(get_path_to_form_config('auth.xml'))) form_config = config.get_form('forgot_password') form = Form(form_config, csrf_token=request.session.get_csrf_token(), translate=_) complete = False msg = None if request.POST: if form.validate(request.params): username = form.data.get('login') user = request_password_reset(username, request.db) if user and user.profile[0].email: recipient = user.profile[0].email mailer = Mailer(request) token = user.reset_tokens[-1] subject = _('Password reset request') values = { 'url': request.route_url('reset_password', token=token), 'app_name': get_app_title(), 'email': settings['mail.default_sender'], 'username': username, '_': _ } mail = Mail([recipient], subject, template="password_reset_request", values=values) mailer.send(mail) log.info(u"Passwort reset token sent to " u"user {} with email {}".format(username, recipient)) else: log.info(u"Failed sending Passwort reset token for {}. " u"User not found or missing email".format(username)) # Return a message to the user which does not allow to get # information about the existence of a user. msg = _("If the user has been found together with configured " "e-mail, a confirmation mail for resetting the password " "has been sent. Please check your e-mail box.") request.session.flash(msg, 'success') complete = True return {'form': form.render(), 'complete': complete, 'msg': msg}
def render(request): """Will return a JSONResponse with a rendererd form. The form defintion and the formid is provided in the POST request.""" _ = request.translate form_config = request.POST.get("definition") config_name = request.POST.get("formid") out = [] try: config = Config(parse(form_config)) form_config = config.get_form(config_name) form = Form(form_config, None, request.db, csrf_token=request.session.get_csrf_token()) out.append(form.render(buttons=False, outline=False)) except Exception as ex: out.append(_('ERROR: %s' % str(ex))) data = {"form": "".join(out)} return JSONResponse(True, data, {"msg": "Ole!"})
class EvaluationDialogRenderer(DialogRenderer): """Docstring for ExportDialogRenderer""" def __init__(self, request, clazz): """@todo: to be defined """ DialogRenderer.__init__(self, request, clazz, "evaluate") self.template = template_lookup.get_template("internal/evaluation.mako") config = Config(load(get_path_to_form_config('evaluations.xml', 'ringo_evaluation', location="."))) form_config = config.get_form('dialog') url_prefix = request.application_url self.form = Form(form_config, csrf_token=self._request.session.get_csrf_token(), translate=request.translate, eval_url=get_eval_url(), url_prefix=url_prefix) def render(self, items): values = {} values['request'] = self._request values['items'] = items values['body'] = self._render_body() values['modul'] = get_item_modul(self._request, self._item).get_label(plural=True) values['action'] = self._action.capitalize() values['ok_url'] = self._request.current_route_path() values['_'] = self._request.translate values['cancel_url'] = self._request.referrer values['evalurl'] = self._request.application_url+get_eval_url() return literal(self.template.render(**values)) def _render_body(self): out = [] # Collect all available evaluations and provide the evaluations # for this modul to the form while rendering. evaluations = [] #converter = get_converter() modul = get_item_modul(self._request, self._item) for evaluation in modul.evaluations: evaluations.append((evaluation, evaluation.id)) values = {"evaluations": evaluations} values["_converter"] = False # converter.is_available() out.append(self.form.render(buttons=False, values=values)) return "".join(out)
def trainable_index_view(request): values = index_view(request) if request.user: client = Client() client_id = request.user.profile[0].strava_client_id redirect_uri = request.route_url("authstrava") url = client.authorization_url(client_id=client_id, redirect_uri=redirect_uri, scope="view_private") _ = request.translate config = Config(load(get_path_to_form_config('strava.xml'))) form_config = config.get_form('syncform') form = Form(form_config, csrf_token=request.session.get_csrf_token(), translate=_, locale="de", eval_url=get_eval_url()) if request.POST and form.validate(request.params): sync(request, form.data.get("sport"), form.data.get("start"), form.data.get("end"), form.data.get("commute")) values["fitness"] = get_fitness(0, 0, get_activities_for_user(request)) values["strava_auth_url"] = url values["strava_syncform"] = form.render() return values
def changepassword(request): """Method to change the users password by the user. The user user musst provide his old and the new pasword. Users are only allowed to change their own password.""" # Check authentification # As this view has now security configured it is # generally callable by all users. For this reason we first check if # the user is authenticated. If the user is not authenticated the # raise an 401 (unauthorized) exception. if not request.user: raise HTTPUnauthorized clazz = User _ = request.translate rvalue = {} # Load the item return 400 if the item can not be found. id = request.matchdict.get('id') factory = clazz.get_item_factory() try: item = factory.load(id, request.db) # Check authorisation # User are only allowed to set their own password. if item.id != request.user.id: raise HTTPForbidden() except sa.orm.exc.NoResultFound: raise HTTPBadRequest() form = Form(get_form_config(item, 'changepassword'), item, request.db, translate=_, renderers={}, change_page_callback={'url': 'set_current_form_page', 'item': clazz.__tablename__, 'itemid': id}, request=request, csrf_token=request.session.get_csrf_token()) if request.POST: mapping = {'item': item} # Do extra validation which is not handled by formbar. # Is the provided old password correct? validator = Validator('oldpassword', _('The given password is not correct'), check_password) pw_len_validator = Validator('password', _('Password must be at least 12 ' 'characters long.'), password_minlength_validator) pw_nonchar_validator = Validator('password', _('Password must contain at least 2 ' 'non-letters.'), password_nonletter_validator) form.add_validator(validator) form.add_validator(pw_len_validator) form.add_validator(pw_nonchar_validator) if form.validate(request.params): form.save() # Actually save the password. This is not done in the form # as the password needs to be encrypted. encrypt_password_callback(request, item) msg = _('Changed password for "${item}" successfull.', mapping=mapping) log.info(msg) request.session.flash(msg, 'success') route_name = get_action_routename(item, 'changepassword') url = request.route_path(route_name, id=item.id) # Invalidate cache invalidate_cache() return HTTPFound(location=url) else: msg = _('Error on changing the password for ' '"${item}".', mapping=mapping) log.info(msg) request.session.flash(msg, 'error') rvalue['clazz'] = clazz rvalue['item'] = item rvalue['form'] = form.render(page=get_current_form_page(clazz, request)) return rvalue
def register_user(request): settings = request.registry.settings if not is_registration_enabled(settings): raise exc.exception_response(503) handle_history(request) _ = request.translate config = Config(load(get_path_to_form_config('auth.xml'))) form_config = config.get_form('register_user') form = Form(form_config, csrf_token=request.session.get_csrf_token(), translate=_) # Do extra validation which is not handled by formbar. # Is the login unique? login_unique_validator = Validator('login', _('There is already a user with this ' 'name'), is_login_unique) pw_len_validator = Validator('pass', _('Password must be at least 12 characters ' 'long.'), password_minlength_validator) pw_nonchar_validator = Validator('pass', _('Password must contain at least 2 ' 'non-letters.'), password_nonletter_validator) form.add_validator(login_unique_validator) form.add_validator(pw_len_validator) form.add_validator(pw_nonchar_validator) registration_complete = False if request.POST: if form.validate(request.params): # 1. Create user. Do not activate him. Default role is user. ufac = User.get_item_factory() user = ufac.create(None, form.data) # Set login from formdata user.login = form.data['login'] # Encrypt password and save user.password = encrypt_password(form.data['pass']) # Deactivate the user. To activate the user needs to confirm # with the activation link user.activated = False atoken = str(uuid.uuid4()) user.activation_token = atoken # Set profile data user.profile[0].email = form.data['_email'] # 2. Set user group gfac = Usergroup.get_item_factory() default_grps = settings.get("auth.register_user_default_groups", str(USER_GROUP_ID)) for gid in [int(id) for id in default_grps.split(",")]: group = gfac.load(gid) user.groups.append(group) # 3. Set user role rfac = Role.get_item_factory() default_roles = settings.get("auth.register_user_default_roles", str(USER_ROLE_ID)) for rid in [int(id) for id in default_roles.split(",")]: role = rfac.load(rid) user.roles.append(role) # Set default user group. request.db.add(user) # 4. Send confirmation email. The user will be activated # after the user clicks on the confirmation link mailer = Mailer(request) recipient = user.profile[0].email subject = _('Confirm user registration') values = {'url': request.route_url('confirm_user', token=atoken), 'app_name': get_app_title(), 'email': settings['mail.default_sender'], '_': _} mail = Mail([recipient], subject, template="register_user", values=values) mailer.send(mail) msg = _("User has been created and a confirmation mail was sent" " to the users email adress. Please check your email.") request.session.flash(msg, 'success') registration_complete = True return {'form': form.render(), 'complete': registration_complete}
def register_user(request): settings = request.registry.settings if not is_registration_enabled(settings): raise exc.exception_response(503) handle_history(request) _ = request.translate config = Config(load(get_path_to_form_config('auth.xml', 'ringo'))) form_config = config.get_form('register_user') form = Form(form_config, csrf_token=request.session.get_csrf_token(), translate=_) # Do extra validation which is not handled by formbar. # Is the login unique? validator = Validator('login', 'There is already a user with this name', is_login_unique) form.add_validator(validator) if request.POST: if form.validate(request.params): # 1. Create user. Do not activate him. Default role is user. ufac = User.get_item_factory() user = ufac.create(None, form.data) # Set login from formdata user.login = form.data['login'] # Encrypt password and save user.password = encrypt_password(form.data['pass']) # Deactivate the user. To activate the user needs to confirm # with the activation link user.activated = False atoken = str(uuid.uuid4()) user.activation_token = atoken # Set profile data user.profile[0].email = form.data['_email'] # 2. Set user group gfac = Usergroup.get_item_factory() group = gfac.load(USER_GROUP_ID) user.groups.append(group) # 3. Set user role rfac = Role.get_item_factory() role = rfac.load(USER_ROLE_ID) user.roles.append(role) # Set default user group. request.db.add(user) # 4. Send confirmation email. The user will be activated # after the user clicks on the confirmation link mailer = Mailer(request) recipient = user.profile[0].email subject = _('Confirm user registration') values = {'url': request.route_url('confirm_user', token=atoken), 'app_name': get_app_title(), 'email': settings['mail.default_sender'], '_': _} mail = Mail([recipient], subject, template="register_user", values=values) mailer.send(mail) target_url = request.route_path('login') headers = forget(request) msg = _("User has been created and a confirmation mail was sent" " to the users email adress. Please check your email.") request.session.flash(msg, 'success') return HTTPFound(location=target_url, headers=headers) return {'form': form.render()}
def changepassword(request): """Method to change the users password by the user. The user user musst provide his old and the new pasword. Users are only allowed to change their own password.""" # Check authentification # As this view has now security configured it is # generally callable by all users. For this reason we first check if # the user is authenticated. If the user is not authenticated the # raise an 401 (unauthorized) exception. if not request.user: raise HTTPUnauthorized clazz = User handle_history(request) handle_params(request) _ = request.translate rvalue = {} # Load the item return 400 if the item can not be found. id = request.matchdict.get('id') factory = clazz.get_item_factory() try: item = factory.load(id, request.db) # Check authorisation # User are only allowed to set their own password. if item.id != request.user.id: raise HTTPForbidden() except sa.orm.exc.NoResultFound: raise HTTPBadRequest() form = Form(get_form_config(item, 'changepassword'), item, request.db, translate=_, renderers={}, change_page_callback={'url': 'set_current_form_page', 'item': clazz.__tablename__, 'itemid': id}, request=request, csrf_token=request.session.get_csrf_token()) if request.POST: mapping = {'item': item} # Do extra validation which is not handled by formbar. # Is the provided old password correct? validator = Validator('oldpassword', _('The given password is not correct'), check_password) pw_len_validator = Validator('password', _('Password must be at least 12 ' 'characters long.'), password_minlength_validator) pw_nonchar_validator = Validator('password', _('Password must contain at least 2 ' 'non-letters.'), password_nonletter_validator) form.add_validator(validator) form.add_validator(pw_len_validator) form.add_validator(pw_nonchar_validator) if form.validate(request.params): form.save() # Actually save the password. This is not done in the form # as the password needs to be encrypted. encrypt_password_callback(request, item) msg = _('Changed password for "${item}" successfull.', mapping=mapping) log.info(msg) request.session.flash(msg, 'success') route_name = get_action_routename(item, 'changepassword') url = request.route_path(route_name, id=item.id) # Invalidate cache invalidate_cache() return HTTPFound(location=url) else: msg = _('Error on changing the password for ' '"${item}".', mapping=mapping) log.info(msg) request.session.flash(msg, 'error') rvalue['clazz'] = clazz rvalue['item'] = item rvalue['form'] = form.render(page=get_current_form_page(clazz, request)) return rvalue
def register_user(request): settings = request.registry.settings if not is_registration_enabled(settings): raise exc.exception_response(503) _ = request.translate config = Config(load(get_path_to_form_config('auth.xml'))) form_config = config.get_form('register_user') form = Form(form_config, csrf_token=request.session.get_csrf_token(), translate=_) # Do extra validation which is not handled by formbar. # Is the login unique? login_unique_validator = Validator( 'login', _('There is already a user with this ' 'name'), is_login_unique) pw_len_validator = Validator( 'pass', _('Password must be at least 12 characters ' 'long.'), password_minlength_validator) pw_nonchar_validator = Validator( 'pass', _('Password must contain at least 2 ' 'non-letters.'), password_nonletter_validator) form.add_validator(login_unique_validator) form.add_validator(pw_len_validator) form.add_validator(pw_nonchar_validator) registration_complete = False if request.POST: if form.validate(request.params): # 1. Create user. Do not activate him. Default role is user. ufac = User.get_item_factory() user = ufac.create(None, form.data) # Set login from formdata user.login = form.data['login'] # Encrypt password and save user.password = encrypt_password(form.data['pass']) # Deactivate the user. To activate the user needs to confirm # with the activation link user.activated = False atoken = str(uuid.uuid4()) user.activation_token = atoken # Set profile data user.profile[0].email = form.data['_email'] # 2. Set user group gfac = Usergroup.get_item_factory() default_grps = settings.get("auth.register_user_default_groups", str(USER_GROUP_ID)) for gid in [int(id) for id in default_grps.split(",")]: group = gfac.load(gid) user.groups.append(group) # 3. Set user role rfac = Role.get_item_factory() default_roles = settings.get("auth.register_user_default_roles", str(USER_ROLE_ID)) for rid in [int(id) for id in default_roles.split(",")]: role = rfac.load(rid) user.roles.append(role) # Set default user group. request.db.add(user) # 4. Send confirmation email. The user will be activated # after the user clicks on the confirmation link mailer = Mailer(request) recipient = user.profile[0].email subject = _('Confirm user registration') values = { 'url': request.route_url('confirm_user', token=atoken), 'app_name': get_app_title(), 'email': settings['mail.default_sender'], 'login': user.login, '_': _ } mail = Mail([recipient], subject, template="register_user", values=values) mailer.send(mail) msg = _("User has been created and a confirmation mail was sent" " to the users email adress. Please check your email.") request.session.flash(msg, 'success') registration_complete = True return {'form': form.render(), 'complete': registration_complete}