def cadmin_editgroup_addperson(course_id, group_id):
""" Add a person to the group.
"""
group = None
try:
group = Groups.Group(g_id=group_id)
except KeyError:
abort(404)
if not group:
abort(404)
if "uname" not in request.form:
abort(400)
new_uname = sanitize_username(request.form['uname'])
try:
new_uid = Users2.uid_by_uname(new_uname)
except KeyError:
flash("User '%s' Not Found" % new_uname)
else:
if not new_uid:
flash("User '%s' Not Found" % new_uname)
elif new_uid in group.members():
flash("%s is already in the group." % new_uname)
else:
group.add_member(new_uid)
flash("Added %s to group." % (new_uname, ))
return redirect(
url_for('cadmin_editgroup', course_id=course_id, group_id=group_id))
def cadmin_assign_coord(course_id):
""" Set someone as course coordinator
"""
cur_user = session['user_id']
course = Courses2.get_course(course_id)
if not course:
abort(404)
if "coord" not in request.form:
abort(400)
new_uname = sanitize_username(request.form['coord'])
try:
new_uid = Users2.uid_by_uname(new_uname)
except KeyError:
flash("User '%s' Not Found" % new_uname)
else:
if not new_uid:
flash("User '%s' Not Found" % new_uname)
else:
L.info(
"courseadmin: user %s assigned as coordinator to course %s by %s"
% (new_uid, course_id, cur_user))
Permissions.add_perm(new_uid, course_id, 3) # courseadmin
Permissions.add_perm(new_uid, course_id, 4) # coursecoord
flash("%s can now control the course." % (new_uname, ))
return redirect(url_for('cadmin_config', course_id=course_id))
def cadmin_editgroup_addperson(course_id, group_id):
""" Add a person to the group.
"""
group = None
try:
group = Groups.Group(g_id=group_id)
except KeyError:
abort(404)
if not group:
abort(404)
if "uname" not in request.form:
abort(400)
new_uname = sanitize_username(request.form['uname'])
try:
new_uid = Users2.uid_by_uname(new_uname)
except KeyError:
flash("User '%s' Not Found" % new_uname)
else:
if not new_uid:
flash("User '%s' Not Found" % new_uname)
elif new_uid in group.members():
flash("%s is already in the group." % new_uname)
else:
group.add_member(new_uid)
flash("Added %s to group." % (new_uname,))
return redirect(url_for('cadmin_editgroup',
course_id=course_id,
group_id=group_id))
def cadmin_assign_coord(course_id):
""" Set someone as course coordinator
"""
cur_user = session['user_id']
course = Courses2.get_course(course_id)
if not course:
abort(404)
if "coord" not in request.form:
abort(400)
new_uname = sanitize_username(request.form['coord'])
try:
new_uid = Users2.uid_by_uname(new_uname)
except KeyError:
flash("User '%s' Not Found" % new_uname)
else:
if not new_uid:
flash("User '%s' Not Found" % new_uname)
else:
L.info("courseadmin: user %s assigned as coordinator to course %s by %s" % (new_uid, course_id, cur_user))
Permissions.add_perm(new_uid, course_id, 3) # courseadmin
Permissions.add_perm(new_uid, course_id, 4) # coursecoord
flash("%s can now control the course." % (new_uname,))
return redirect(url_for('cadmin_config', course_id=course_id))
def login_forgot_pass_submit():
""" Forgot their password. Grab their username and send them a reset email.
"""
if "cancel" in request.form:
flash("Password reset cancelled.")
return redirect(url_for("login_local"))
username = sanitize_username(request.form.get('username', None))
if username == "admin":
flash("""The admin account cannot do an email password reset,
please see the Installation instructions.""")
return redirect(url_for("login_forgot_pass"))
if username:
user_id = Users2.uid_by_uname(username)
else:
user_id = None
if not user_id:
flash("Unknown username ")
return redirect(url_for("login_forgot_pass"))
user = Users2.get_user(user_id)
if not user['source'] == "local":
flash("Your password is not managed by OASIS, "
"please contact IT Support.")
return redirect(url_for("login_forgot_pass"))
code = Users.gen_confirm_code()
Users.set_confirm_code(user_id, code)
email = user['email']
if not email:
flash("We do not appear to have an email address on file for "
"that account.")
return redirect(url_for("login_forgot_pass"))
text_body = render_template(os.path.join("email", "forgot_pass.txt"),
code=code)
html_body = render_template(os.path.join("email", "forgot_pass.html"),
code=code)
send_email(user['email'],
from_addr=None,
subject="OASIS Password Reset",
text_body=text_body,
html_body=html_body)
return render_template("login_forgot_pass_submit.html")
def login_forgot_pass_submit():
""" Forgot their password. Grab their username and send them a reset email.
"""
if "cancel" in request.form:
flash("Password reset cancelled.")
return redirect(url_for("login_local"))
username = sanitize_username(request.form.get('username', None))
if username == "admin":
flash("""The admin account cannot do an email password reset,
please see the Installation instructions.""")
return redirect(url_for("login_forgot_pass"))
if username:
user_id = Users2.uid_by_uname(username)
else:
user_id = None
if not user_id:
flash("Unknown username ")
return redirect(url_for("login_forgot_pass"))
user = Users2.get_user(user_id)
if not user['source'] == "local":
flash("Your password is not managed by OASIS, "
"please contact IT Support.")
return redirect(url_for("login_forgot_pass"))
code = Users.gen_confirm_code()
Users.set_confirm_code(user_id, code)
email = user['email']
if not email:
flash("We do not appear to have an email address on file for "
"that account.")
return redirect(url_for("login_forgot_pass"))
text_body = render_template(os.path.join("email", "forgot_pass.txt"), code=code)
html_body = render_template(os.path.join("email", "forgot_pass.html"), code=code)
send_email(user['email'],
from_addr=None,
subject="OASIS Password Reset",
text_body=text_body,
html_body=html_body)
return render_template("login_forgot_pass_submit.html")
def login_local_submit():
""" They've entered some credentials on the local login screen.
Check them, then set up the session or redirect back with an error.
"""
if 'username' not in request.form or 'password' not in request.form:
L.info("Failed Login")
flash("Incorrect name or password.")
return redirect(url_for("login_local"))
username = sanitize_username(request.form['username'])
password = request.form['password']
user_id = Users2.verify_pass(username, password)
if not user_id:
L.info("Failed Login for %s" % username)
flash("Incorrect name or password.")
return redirect(url_for("login_local"))
user = Users2.get_user(user_id)
if not user['confirmed']:
flash("""Your account is not yet confirmed. You should have received
an email with instructions in it to do so.""")
return redirect(url_for("login_local"))
session['username'] = username
session['user_id'] = user_id
session['user_givenname'] = user['givenname']
session['user_familyname'] = user['familyname']
session['user_fullname'] = user['fullname']
session['user_authtype'] = "local"
audit(1, user_id, user_id, "UserAuth",
"%s successfully logged in locally" % (session['username'],))
if 'redirect' in session:
L.info("Following redirect for %s" % username)
target = OaConfig.parentURL + session['redirect']
del session['redirect']
return redirect(target)
L.info("Successful Login for %s" % username)
return redirect(url_for("main_top"
""))
def login_local_submit():
""" They've entered some credentials on the local login screen.
Check them, then set up the session or redirect back with an error.
"""
if 'username' not in request.form or 'password' not in request.form:
L.info("Failed Login")
flash("Incorrect name or password.")
return redirect(url_for("login_local"))
username = sanitize_username(request.form['username'])
password = request.form['password']
user_id = Users2.verify_pass(username, password)
if not user_id:
L.info("Failed Login for %s" % username)
flash("Incorrect name or password.")
return redirect(url_for("login_local"))
user = Users2.get_user(user_id)
if not user['confirmed']:
flash("""Your account is not yet confirmed. You should have received
an email with instructions in it to do so.""")
return redirect(url_for("login_local"))
session['username'] = username
session['user_id'] = user_id
session['user_givenname'] = user['givenname']
session['user_familyname'] = user['familyname']
session['user_fullname'] = user['fullname']
session['user_authtype'] = "local"
audit(1, user_id, user_id, "UserAuth",
"%s successfully logged in locally" % (session['username'], ))
if 'redirect' in session:
L.info("Following redirect for %s" % username)
target = OaConfig.parentURL + session['redirect']
del session['redirect']
return redirect(target)
L.info("Successful Login for %s" % username)
return redirect(url_for("main_top" ""))
def login_signup_submit():
""" They've entered some information and want an account.
Do some checks and send them a confirmation email if all looks good.
"""
# TODO: How do we stop someone using this to spam someone?
if not OaConfig.open_registration:
abort(404)
form = request.form
if not ('username' in form and 'password' in form and 'confirm' in form
and 'email' in form):
flash("Please fill in all fields")
return redirect(url_for("login_signup"))
username = sanitize_username(form['username'])
password = form['password']
confirm = form['confirm']
email = form['email']
if username == "" or password == "" or confirm == "" or email == "":
flash("Please fill in all fields")
return redirect(url_for("login_signup"))
if not confirm == password:
flash("Passwords don't match")
return redirect(url_for("login_signup"))
# basic checks in case they entered their street address or something
# a fuller check is too hard or prone to failure
if "@" not in email or "." not in email:
flash("Email address doesn't appear to be valid")
return redirect(url_for("login_signup"))
existing = Users2.uid_by_uname(username)
if existing:
flash("An account with that name already exists, "
"please try another username.")
return redirect(url_for("login_signup"))
code = Users.gen_confirm_code()
newuid = Users.create(uname=username,
passwd="NOLOGIN",
email=email,
givenname=username,
familyname="",
acctstatus=1,
studentid="",
source="local",
confirm_code=code,
confirm=False)
Users2.set_password(newuid, password)
text_body = render_template(os.path.join("email", "confirmation.txt"),
code=code)
html_body = render_template(os.path.join("email", "confirmation.html"),
code=code)
send_email(email,
from_addr=None,
subject="OASIS Signup Confirmation",
text_body=text_body,
html_body=html_body)
return render_template("login_signup_submit.html", email=email)
def login_signup_submit():
""" They've entered some information and want an account.
Do some checks and send them a confirmation email if all looks good.
"""
# TODO: How do we stop someone using this to spam someone?
if not OaConfig.open_registration:
abort(404)
form = request.form
if not ('username' in form
and 'password' in form
and 'confirm' in form
and 'email' in form):
flash("Please fill in all fields")
return redirect(url_for("login_signup"))
username = sanitize_username(form['username'])
password = form['password']
confirm = form['confirm']
email = form['email']
if username == "" or password == "" or confirm == "" or email == "":
flash("Please fill in all fields")
return redirect(url_for("login_signup"))
if not confirm == password:
flash("Passwords don't match")
return redirect(url_for("login_signup"))
# basic checks in case they entered their street address or something
# a fuller check is too hard or prone to failure
if "@" not in email or "." not in email:
flash("Email address doesn't appear to be valid")
return redirect(url_for("login_signup"))
existing = Users2.uid_by_uname(username)
if existing:
flash("An account with that name already exists, "
"please try another username.")
return redirect(url_for("login_signup"))
code = Users.gen_confirm_code()
newuid = Users.create(uname=username,
passwd="NOLOGIN",
email=email,
givenname=username,
familyname="",
acctstatus=1,
studentid="",
source="local",
confirm_code=code,
confirm=False)
Users2.set_password(newuid, password)
text_body = render_template(os.path.join("email", "confirmation.txt"), code=code)
html_body = render_template(os.path.join("email", "confirmation.html"), code=code)
send_email(email,
from_addr=None,
subject="OASIS Signup Confirmation",
text_body=text_body,
html_body=html_body)
return render_template("login_signup_submit.html", email=email)
