def login(self):
context = self.context
request = self.request
# identify
login = request.POST.get('login')
password = request.POST.get('password')
if self.login_locked_out(login):
redirect = request.resource_url(
request.root, 'login.html', query={
'reason': 'User locked out. Too many failed login attempts.'})
return HTTPFound(location=redirect)
notify(events.LoginAttempt(context, request, login, password))
if login is None or password is None:
return HTTPFound(location='%s/login.html' % request.application_url)
max_age = request.POST.get('max_age')
if max_age is not None:
max_age = int(max_age)
# authenticate
userid = None
reason = 'Bad username or password'
users = find_users(context)
for authenticate in (password_authenticator, impersonate_authenticator):
userid = authenticate(context, users, login, password)
if userid:
break
# if not successful, try again
if not userid:
notify(events.LoginFailed(context, request, login, password))
redirect = request.resource_url(
request.root, 'login.html', query={'reason': reason})
return HTTPFound(location=redirect)
tf = TwoFactor(context, request)
if tf.enabled:
code = request.POST.get('code')
if not code:
redirect = request.resource_url(
request.root, 'login.html',
query={'reason': 'No authentication code provided'})
notify(events.LoginFailed(context, request, login, password))
return HTTPFound(location=redirect)
if tf.validate(userid, code): # noqa
notify(events.LoginFailed(context, request, login, password))
redirect = request.resource_url(
request.root, 'login.html', query={'reason': 'Invalid authorization code'}) # noqa
return HTTPFound(location=redirect)
# else, remember
notify(events.LoginSuccess(context, request, login, password))
return remember_login(context, request, userid, max_age)
def send_auth_code_view(context, request):
username = request.params.get('username', '')
if not username:
return {'message': 'Must provide a username'}
users = find_users(context)
user = _get_valid_login(context, users, username)
if user is None:
return {'message': 'Not a valid username to send auth code to'}
profiles = find_profiles(context)
profile = profiles.get(user['id'])
tf = TwoFactor(context, request)
return {'message': tf.send_code(profile)}
def send_auth_code_view(context, request):
username = request.params.get('username', '')
if not username:
return {
'message': 'Must provide a username'
}
users = find_users(context)
user = _get_valid_login(context, users, username)
if user is None:
return {
'message': 'Not a valid username to send auth code to'
}
profiles = find_profiles(context)
profile = profiles.get(user['id'])
tf = TwoFactor(context, request)
return {
'message': tf.send_code(profile)
}
def configure_twofactor_view(context, request):
page_title = "Profile: %s" % context.title
api = TemplateAPI(context, request, page_title)
tf = TwoFactor(context, request)
if (not tf.enabled or not tf.phone_factor_enabled or
not authenticated_userid(request) == context.__name__):
return HTTPFound(request.resource_url(context))
form = 'number'
number = ''
if request.method == 'POST':
number = request.POST.get('phonenumber', '')
if 'form.verifyemail.submitted' in request.POST:
number = ''.join(n for n in number if n in string.digits)
if len(number) == 10:
context.two_factor_phone = number
code = context._two_factor_verify_code = make_random_code(6)
msg = "%s phone verification code: %s" % (
get_setting(context, 'title'),
code)
tf.send_text_to_number(number, msg)
api.set_status_message('Verification code sent to phone number: %s' % number)
form = 'verify'
else:
api.set_status_message('Invalid phone number')
elif 'form.verifycode.submitted' in request.POST:
form = 'verify'
code = request.POST['code']
if code == context._two_factor_verify_code:
context._two_factor_verify_code = ''
context.two_factor_verified = True
form = 'success'
else:
api.set_status_message('Invalid verification code')
return dict(
api=api,
form=form,
number=number,
context=context)
def configure_twofactor_view(context, request):
page_title = "Profile: %s" % context.title
api = TemplateAPI(context, request, page_title)
tf = TwoFactor(context, request)
if (not tf.enabled or not tf.phone_factor_enabled
or not authenticated_userid(request) == context.__name__):
return HTTPFound(request.resource_url(context))
form = 'number'
number = ''
if request.method == 'POST':
number = request.POST.get('phonenumber', '')
if 'form.verifyemail.submitted' in request.POST:
number = ''.join(n for n in number if n in string.digits)
if len(number) == 10:
context.two_factor_phone = number
code = context._two_factor_verify_code = make_random_code(6)
msg = "%s phone verification code: %s" % (get_setting(
context, 'title'), code)
tf.send_text_to_number(number, msg)
api.set_status_message(
'Verification code sent to phone number: %s' % number)
form = 'verify'
else:
api.set_status_message('Invalid phone number')
elif 'form.verifycode.submitted' in request.POST:
form = 'verify'
code = request.POST['code']
if code == context._two_factor_verify_code:
context._two_factor_verify_code = ''
context.two_factor_verified = True
form = 'success'
else:
api.set_status_message('Invalid verification code')
return dict(api=api, form=form, number=number, context=context)
def login(self):
context = self.context
request = self.request
# identify
login = request.POST.get('login')
password = request.POST.get('password')
if self.login_locked_out(login):
redirect = request.resource_url(
request.root,
'login.html',
query={
'reason':
'User locked out. Too many failed login attempts.'
})
return HTTPFound(location=redirect)
notify(events.LoginAttempt(context, request, login, password))
if login is None or password is None:
return HTTPFound(location='%s/login.html' %
request.application_url)
max_age = request.POST.get('max_age')
if max_age is not None:
max_age = int(max_age)
# authenticate
userid = None
reason = 'Bad username or password'
users = find_users(context)
for authenticate in (password_authenticator,
impersonate_authenticator):
userid = authenticate(context, users, login, password)
if userid:
break
# if not successful, try again
if not userid:
notify(events.LoginFailed(context, request, login, password))
redirect = request.resource_url(request.root,
'login.html',
query={'reason': reason})
return HTTPFound(location=redirect)
tf = TwoFactor(context, request)
if tf.enabled:
code = request.POST.get('code')
if not code:
redirect = request.resource_url(
request.root,
'login.html',
query={'reason': 'No authentication code provided'})
notify(events.LoginFailed(context, request, login, password))
return HTTPFound(location=redirect)
if tf.validate(userid, code): # noqa
notify(events.LoginFailed(context, request, login, password))
redirect = request.resource_url(
request.root,
'login.html',
query={'reason': 'Invalid authorization code'}) # noqa
return HTTPFound(location=redirect)
# else, remember
notify(events.LoginSuccess(context, request, login, password))
return remember_login(context, request, userid, max_age)
def show_profile_view(context, request):
"""Show a profile with actions if the current user"""
page_title = "Profile: %s" % context.title
api = TemplateAPI(context, request, page_title)
# Create display values from model object
profile = {}
for name in [
name for name in context.__dict__.keys()
if not name.startswith("_")
]:
profile_value = getattr(context, name)
if profile_value is not None:
# Don't produce u'None'
profile[name] = unicode(profile_value)
else:
profile[name] = None
if 'fax' not in profile:
profile['fax'] = '' # BBB
# 'websites' is a property, so the loop above misses it
profile["websites"] = context.websites
# ditto for 'title'
profile["title"] = context.title
if "languages" in profile:
profile["languages"] = context.languages
if "department" in profile:
profile["department"] = context.department
if "last_login_time" in profile and context.last_login_time:
stamp = context.last_login_time.strftime('%Y-%m-%dT%H:%M:%SZ')
profile["last_login_time"] = stamp
if "country" in profile:
# translate from country code to country name
country_code = profile["country"]
country = countries.as_dict.get(country_code, u'')
profile["country"] = country
# Display portrait
photo = context.get('photo')
display_photo = {}
if photo is not None:
display_photo["url"] = thumb_url(photo, request, PROFILE_THUMB_SIZE)
else:
display_photo["url"] = api.static_url + "/images/defaultUser.gif"
profile["photo"] = display_photo
# provide client data for rendering current tags in the tagbox
client_json_data = dict(tagbox=get_tags_client_data(context, request))
# Get communities this user is a member of, along with moderator info
#
communities = {}
communities_folder = find_communities(context)
user_info = find_users(context).get_by_id(context.__name__)
if user_info is not None:
for group in user_info["groups"]:
if group.startswith("group.community:"):
unused, community_name, role = group.split(":")
if (community_name in communities and role != "moderators"):
continue
community = communities_folder.get(community_name, None)
if community is None:
continue
if has_permission('view', community, request):
communities[community_name] = {
"title": community.title,
"moderator": role == "moderators",
"url": resource_url(community, request),
}
communities = communities.values()
communities.sort(key=lambda x: x["title"])
preferred_communities = []
my_communities = None
name = context.__name__
# is this the current user's profile?
if authenticated_userid(request) == name:
preferred_communities = get_preferred_communities(
communities_folder, request)
my_communities = get_my_communities(communities_folder, request)
tagger = find_tags(context)
if tagger is None:
tags = ()
else:
tags = []
names = tagger.getTags(users=[context.__name__])
for name, count in sorted(tagger.getFrequency(names,
user=context.__name__),
key=lambda x: x[1],
reverse=True)[:10]:
tags.append({'name': name, 'count': count})
# List recently added content
num, docids, resolver = ICatalogSearch(context)(
sort_index='creation_date',
reverse=True,
interfaces=[IContent],
limit=5,
creator=context.__name__,
allowed={
'query': effective_principals(request),
'operator': 'or'
},
)
recent_items = []
for docid in docids:
item = resolver(docid)
if item is None:
continue
adapted = getMultiAdapter((item, request), IGridEntryInfo)
recent_items.append(adapted)
recent_url = request.resource_url(context, 'recent_content.html')
same_user = (authenticated_userid(request) == context.__name__)
return dict(api=api,
context=context,
profile=profile,
actions=get_profile_actions(context, request),
same_user=same_user,
tf=TwoFactor(context, request),
photo=photo,
head_data=convert_to_script(client_json_data),
communities=communities,
my_communities=my_communities,
preferred_communities=preferred_communities,
tags=tags,
recent_items=recent_items,
recent_url=recent_url)