def confirm_email(token): """ Confirm a new email. """ if admin_session_timedout(): return flask.redirect( flask.url_for('auth_login', next=flask.request.url)) email = pagure.lib.search_pending_email(flask.g.session, token=token) if not email: flask.flash('No email associated with this token.', 'error') else: try: pagure.lib.add_email_to_user(flask.g.session, email.user, email.email) flask.g.session.delete(email) flask.g.session.commit() flask.flash('Email validated') except SQLAlchemyError as err: # pragma: no cover flask.g.session.rollback() flask.flash( 'Could not set the account as active in the db, ' 'please report this error to an admin', 'error') _log.exception(err) return flask.redirect(flask.url_for('ui_ns.user_settings'))
def update_user_settings(): """ Update the user's settings set in the settings page. """ if admin_session_timedout(): if flask.request.method == "POST": flask.flash("Action canceled, try it again", "error") return flask.redirect( flask.url_for("auth_login", next=flask.request.url) ) user = _get_user(username=flask.g.fas_user.username) form = pagure.forms.ConfirmationForm() if form.validate_on_submit(): settings = {} for key in flask.request.form: if key == "csrf_token": continue settings[key] = flask.request.form[key] try: message = pagure.lib.query.update_user_settings( flask.g.session, settings=settings, user=user.username ) flask.g.session.commit() flask.flash(message) except pagure.exceptions.PagureException as msg: flask.g.session.rollback() flask.flash(msg, "error") except SQLAlchemyError as err: # pragma: no cover flask.g.session.rollback() flask.flash(str(err), "error") return flask.redirect(flask.url_for("ui_ns.user_settings"))
def check_session_timeout(*args, **kwargs): if admin_session_timedout(): if flask.request.method == "POST": flask.flash("Action canceled, try it again", "error") return flask.redirect( flask.url_for("auth_login", next=flask.request.url)) return function(*args, **kwargs)
def add_user_email(): """ Add a new email for the logged in user. """ if admin_session_timedout(): return flask.redirect( flask.url_for("auth_login", next=flask.request.url) ) user = _get_user(username=flask.g.fas_user.username) form = pagure.forms.UserEmailForm( emails=[mail.email for mail in user.emails] ) if form.validate_on_submit(): email = form.email.data try: pagure.lib.query.add_user_pending_email( flask.g.session, user, email ) flask.g.session.commit() flask.flash("Email pending validation") return flask.redirect(flask.url_for("ui_ns.user_settings")) except pagure.exceptions.PagureException as err: flask.flash(str(err), "error") except SQLAlchemyError as err: # pragma: no cover flask.g.session.rollback() _log.exception(err) flask.flash("Email could not be added", "error") return flask.render_template("user_emails.html", user=user, form=form)
def revoke_api_user_token(token_id): """ Revoke a user token (ie: not project specific). """ if admin_session_timedout(): flask.flash("Action canceled, try it again", "error") url = flask.url_for(".user_settings") return flask.redirect(flask.url_for("auth_login", next=url)) token = pagure.lib.query.get_api_token(flask.g.session, token_id) if not token or token.user.username != flask.g.fas_user.username: flask.abort(404, description="Token not found") form = pagure.forms.ConfirmationForm() if form.validate_on_submit(): try: if token.expiration >= datetime.datetime.utcnow(): token.expiration = datetime.datetime.utcnow() flask.g.session.add(token) flask.g.session.commit() flask.flash("Token revoked") except SQLAlchemyError as err: # pragma: no cover flask.g.session.rollback() _log.exception(err) flask.flash( "Token could not be revoked, please contact an admin", "error" ) return flask.redirect( flask.url_for("ui_ns.user_settings") + "#nav-api-token" )
def reconfirm_email(): """ Re-send the email address of the user. """ if admin_session_timedout(): return flask.redirect( flask.url_for("auth_login", next=flask.request.url) ) user = _get_user(username=flask.g.fas_user.username) form = pagure.forms.UserEmailForm() if form.validate_on_submit(): email = form.email.data try: pagure.lib.query.resend_pending_email(flask.g.session, user, email) flask.g.session.commit() flask.flash("Confirmation email re-sent") except pagure.exceptions.PagureException as err: flask.flash(str(err), "error") except SQLAlchemyError as err: # pragma: no cover flask.g.session.rollback() _log.exception(err) flask.flash("Confirmation email could not be re-sent", "error") return flask.redirect(flask.url_for("ui_ns.user_settings"))
def confirm_email(token): """ Confirm a new email. """ if admin_session_timedout(): return flask.redirect( flask.url_for("auth_login", next=flask.request.url) ) email = pagure.lib.query.search_pending_email(flask.g.session, token=token) if not email: flask.flash("No email associated with this token.", "error") else: try: pagure.lib.query.add_email_to_user( flask.g.session, email.user, email.email ) flask.g.session.delete(email) flask.g.session.commit() flask.flash("Email validated") except pagure.exceptions.PagureException as err: flask.flash(str(err), "error") _log.exception(err) except SQLAlchemyError as err: # pragma: no cover flask.g.session.rollback() flask.flash( "Could not set the account as active in the db, " "please report this error to an admin", "error", ) _log.exception(err) return flask.redirect(flask.url_for("ui_ns.user_settings"))
def set_default_email(): """ Set the default email address of the user. """ if admin_session_timedout(): return flask.redirect( flask.url_for("auth_login", next=flask.request.url) ) user = _get_user(username=flask.g.fas_user.username) form = pagure.forms.UserEmailForm() if form.validate_on_submit(): email = form.email.data useremails = [mail.email for mail in user.emails] if email not in useremails: flask.flash( "You do not have the email: %s, nothing to set" % email, "error", ) return flask.redirect(flask.url_for("ui_ns.user_settings")) user.default_email = email try: flask.g.session.commit() flask.flash("Default email set to: %s" % email) except SQLAlchemyError as err: # pragma: no cover flask.g.session.rollback() _log.exception(err) flask.flash("Default email could not be set", "error") return flask.redirect(flask.url_for("ui_ns.user_settings"))
def revoke_api_user_token(token_id): """ Revoke a user token (ie: not project specific). """ if admin_session_timedout(): flask.flash("Action canceled, try it again", "error") url = flask.url_for(".user_settings") return flask.redirect(flask.url_for("auth_login", next=url)) token = pagure.lib.query.get_api_token(flask.g.session, token_id) if not token or token.user.username != flask.g.fas_user.username: flask.abort(404, "Token not found") form = pagure.forms.ConfirmationForm() if form.validate_on_submit(): try: if token.expiration >= datetime.datetime.utcnow(): token.expiration = datetime.datetime.utcnow() flask.g.session.add(token) flask.g.session.commit() flask.flash("Token revoked") except SQLAlchemyError as err: # pragma: no cover flask.g.session.rollback() _log.exception(err) flask.flash( "Token could not be revoked, please contact an admin", "error" ) return flask.redirect( flask.url_for("ui_ns.user_settings") + "#nav-api-token" )
def check_session_timeout(*args, **kwargs): if admin_session_timedout(): if flask.request.method == "POST": flask.flash("Action canceled, try it again", "error") return flask.redirect( flask.url_for("auth_login", next=flask.request.url) ) return function(*args, **kwargs)
def user_settings(): """ Update the user settings. """ if admin_session_timedout(): return flask.redirect( flask.url_for("auth_login", next=flask.request.url)) user = _get_user(username=flask.g.fas_user.username) form = pagure.forms.ConfirmationForm() return flask.render_template("user_settings.html", user=user, form=form)
def user_settings(): """ Update the user settings. """ if admin_session_timedout(): return flask.redirect( flask.url_for("auth_login", next=flask.request.url) ) user = _get_user(username=flask.g.fas_user.username) form = pagure.forms.ConfirmationForm() return flask.render_template("user_settings.html", user=user, form=form)
def add_user_sshkey(): """ Add the specified SSH key to the user. """ if admin_session_timedout(): if flask.request.method == "POST": flask.flash("Action canceled, try it again", "error") return flask.redirect( flask.url_for("auth_login", next=flask.request.url) ) form = pagure.forms.AddSSHKeyForm() if form.validate_on_submit(): user = _get_user(username=flask.g.fas_user.username) try: msg = pagure.lib.query.add_sshkey_to_project_or_user( flask.g.session, ssh_key=form.ssh_key.data, pushaccess=True, creator=user, user=user, ) flask.g.session.commit() pagure.lib.query.create_user_ssh_keys_on_disk( user, pagure_config.get("GITOLITE_KEYDIR", None) ) pagure.lib.tasks.gitolite_post_compile_only.delay() if ( pagure_config.get("GIT_AUTH_BACKEND") == "pagure_authorized_keys" ): _log.info("SSH FOLDER: %s", pagure_config.get("SSH_FOLDER")) pagure.lib.tasks.add_key_to_authorized_keys.delay( ssh_folder=pagure_config.get("SSH_FOLDER"), username=flask.g.fas_user.username, sshkey=form.ssh_key.data, ) flask.flash(msg) return flask.redirect( flask.url_for("ui_ns.user_settings") + "#nav-ssh-tab" ) except pagure.exceptions.PagureException as msg: flask.g.session.rollback() _log.debug(msg) flask.flash(str(msg), "error") except SQLAlchemyError as err: # pragma: no cover flask.g.session.rollback() _log.exception(err) flask.flash("SSH key could not be added", "error") return flask.redirect( flask.url_for("ui_ns.user_settings") + "#nav-ssh-tab" )
def remove_user_sshkey(keyid): """ Removes an SSH key from the user. """ if admin_session_timedout(): if flask.request.method == "POST": flask.flash("Action canceled, try it again", "error") return flask.redirect( flask.url_for("auth_login", next=flask.request.url) ) form = pagure.forms.ConfirmationForm() if form.validate_on_submit(): user = _get_user(username=flask.g.fas_user.username) found = False sshkey = None for key in user.sshkeys: if key.id == keyid: sshkey = key.public_ssh_key flask.g.session.delete(key) found = True break if not found: flask.flash("SSH key does not exist in user.", "error") return flask.redirect( flask.url_for("ui_ns.user_settings") + "#nav-ssh-tab" ) try: flask.g.session.commit() pagure.lib.query.create_user_ssh_keys_on_disk( user, pagure_config.get("GITOLITE_KEYDIR", None) ) pagure.lib.tasks.gitolite_post_compile_only.delay() if ( pagure_config.get("GIT_AUTH_BACKEND") == "pagure_authorized_keys" ): _log.info("SSH FOLDER: %s", pagure_config.get("SSH_FOLDER")) pagure.lib.tasks.remove_key_from_authorized_keys.delay( ssh_folder=pagure_config.get("SSH_FOLDER"), sshkey=sshkey ) flask.flash("SSH key removed") except SQLAlchemyError as err: # pragma: no cover flask.g.session.rollback() _log.exception(err) flask.flash("SSH key could not be removed", "error") return flask.redirect( flask.url_for("ui_ns.user_settings") + "#nav-ssh-tab" )
def add_api_user_token(): """ Create an user token (not project specific). """ if admin_session_timedout(): if flask.request.method == "POST": flask.flash("Action canceled, try it again", "error") return flask.redirect( flask.url_for("auth_login", next=flask.request.url) ) # Ensure the user is in the DB at least user = _get_user(username=flask.g.fas_user.username) acls = pagure.lib.query.get_acls( flask.g.session, restrict=pagure_config.get("CROSS_PROJECT_ACLS") ) form = pagure.forms.NewTokenForm(acls=acls) if form.validate_on_submit(): try: pagure.lib.query.add_token_to_user( flask.g.session, project=None, description=form.description.data.strip() or None, acls=form.acls.data, username=user.username, expiration_date=form.expiration_date.data, ) flask.g.session.commit() flask.flash("Token created") return flask.redirect( flask.url_for("ui_ns.user_settings") + "#nav-api-tab" ) except pagure.exceptions.PagureException as err: flask.flash(str(err), "error") except SQLAlchemyError as err: # pragma: no cover flask.g.session.rollback() _log.exception(err) flask.flash("API key could not be added", "error") # When form is displayed after an empty submission, show an error. if form.errors.get("acls"): flask.flash("You must select at least one permission.", "error") return flask.render_template( "add_token.html", select="settings", form=form, acls=acls )
def force_logout(): """ Set refuse_sessions_before, logging the user out everywhere """ if admin_session_timedout(): flask.flash("Action canceled, try it again", "error") return flask.redirect( flask.url_for("auth_login", next=flask.request.url)) # we just need an empty form here to validate that csrf token is present form = pagure.forms.PagureForm() if form.validate_on_submit(): # Ensure the user is in the DB at least user = _get_user(username=flask.g.fas_user.username) user.refuse_sessions_before = datetime.datetime.utcnow() flask.g.session.commit() flask.flash("All active sessions logged out") return flask.redirect(flask.url_for("ui_ns.user_settings"))
def add_api_user_token(): """ Create an user token (not project specific). """ if admin_session_timedout(): if flask.request.method == "POST": flask.flash("Action canceled, try it again", "error") return flask.redirect( flask.url_for("auth_login", next=flask.request.url) ) # Ensure the user is in the DB at least user = _get_user(username=flask.g.fas_user.username) acls = pagure.lib.query.get_acls( flask.g.session, restrict=pagure_config.get("CROSS_PROJECT_ACLS") ) form = pagure.forms.NewTokenForm(acls=acls) if form.validate_on_submit(): try: pagure.lib.query.add_token_to_user( flask.g.session, project=None, description=form.description.data.strip() or None, acls=form.acls.data, username=user.username, ) flask.g.session.commit() flask.flash("Token created") return flask.redirect( flask.url_for("ui_ns.user_settings") + "#nav-api-tab" ) except SQLAlchemyError as err: # pragma: no cover flask.g.session.rollback() _log.exception(err) flask.flash("API key could not be added", "error") # When form is displayed after an empty submission, show an error. if form.errors.get("acls"): flask.flash("You must select at least one permission.", "error") return flask.render_template( "add_token.html", select="settings", form=form, acls=acls )
def add_user_sshkey(): """ Add the specified SSH key to the user. """ if admin_session_timedout(): if flask.request.method == "POST": flask.flash("Action canceled, try it again", "error") return flask.redirect( flask.url_for("auth_login", next=flask.request.url) ) form = pagure.forms.AddSSHKeyForm() if form.validate_on_submit(): user = _get_user(username=flask.g.fas_user.username) try: msg = pagure.lib.query.add_sshkey_to_project_or_user( flask.g.session, ssh_key=form.ssh_key.data, pushaccess=True, creator=user, user=user, ) flask.g.session.commit() pagure.lib.query.create_user_ssh_keys_on_disk( user, pagure_config.get("GITOLITE_KEYDIR", None) ) pagure.lib.tasks.gitolite_post_compile_only.delay() flask.flash(msg) return flask.redirect( flask.url_for("ui_ns.user_settings") + "#nav-ssh-tab" ) except pagure.exceptions.PagureException as msg: flask.g.session.rollback() _log.debug(msg) flask.flash(str(msg), "error") except SQLAlchemyError as err: # pragma: no cover flask.g.session.rollback() _log.exception(err) flask.flash("SSH key could not be added", "error") return flask.redirect( flask.url_for("ui_ns.user_settings") + "#nav-ssh-tab" )
def force_logout(): """ Set refuse_sessions_before, logging the user out everywhere """ if admin_session_timedout(): flask.flash("Action canceled, try it again", "error") return flask.redirect( flask.url_for("auth_login", next=flask.request.url) ) # we just need an empty form here to validate that csrf token is present form = pagure.forms.PagureForm() if form.validate_on_submit(): # Ensure the user is in the DB at least user = _get_user(username=flask.g.fas_user.username) user.refuse_sessions_before = datetime.datetime.utcnow() flask.g.session.commit() flask.flash("All active sessions logged out") return flask.redirect(flask.url_for("ui_ns.user_settings"))
def add_api_user_token(): """ Create an user token (not project specific). """ if admin_session_timedout(): if flask.request.method == 'POST': flask.flash('Action canceled, try it again', 'error') return flask.redirect( flask.url_for('auth_login', next=flask.request.url)) # Ensure the user is in the DB at least user = _get_user(username=flask.g.fas_user.username) acls = pagure.lib.get_acls( flask.g.session, restrict=pagure_config.get('CROSS_PROJECT_ACLS')) form = pagure.forms.NewTokenForm(acls=acls) if form.validate_on_submit(): try: msg = pagure.lib.add_token_to_user( flask.g.session, project=None, description=form.description.data.strip() or None, acls=form.acls.data, username=user.username, ) flask.g.session.commit() flask.flash(msg) return flask.redirect(flask.url_for('ui_ns.user_settings')) except SQLAlchemyError as err: # pragma: no cover flask.g.session.rollback() _log.exception(err) flask.flash('API key could not be added', 'error') # When form is displayed after an empty submission, show an error. if form.errors.get('acls'): flask.flash('You must select at least one permission.', 'error') return flask.render_template( 'add_token.html', select='settings', form=form, acls=acls, )
def remove_user_sshkey(keyid): """ Removes an SSH key from the user. """ if admin_session_timedout(): if flask.request.method == "POST": flask.flash("Action canceled, try it again", "error") return flask.redirect( flask.url_for("auth_login", next=flask.request.url) ) form = pagure.forms.ConfirmationForm() if form.validate_on_submit(): user = _get_user(username=flask.g.fas_user.username) found = False for key in user.sshkeys: if key.id == keyid: flask.g.session.delete(key) found = True break if not found: flask.flash("SSH key does not exist in user.", "error") return flask.redirect( flask.url_for("ui_ns.user_settings") + "#nav-ssh-tab" ) try: flask.g.session.commit() pagure.lib.query.create_user_ssh_keys_on_disk( user, pagure_config.get("GITOLITE_KEYDIR", None) ) pagure.lib.tasks.gitolite_post_compile_only.delay() flask.flash("SSH key removed") except SQLAlchemyError as err: # pragma: no cover flask.g.session.rollback() _log.exception(err) flask.flash("SSH key could not be removed", "error") return flask.redirect( flask.url_for("ui_ns.user_settings") + "#nav-ssh-tab" )
def remove_user_email(): """ Remove the specified email from the logged in user. """ if admin_session_timedout(): return flask.redirect( flask.url_for("auth_login", next=flask.request.url) ) user = _get_user(username=flask.g.fas_user.username) if len(user.emails) == 1: flask.flash("You must always have at least one email", "error") return flask.redirect(flask.url_for("ui_ns.user_settings")) form = pagure.forms.UserEmailForm() if form.validate_on_submit(): email = form.email.data useremails = [mail.email for mail in user.emails] if email not in useremails: flask.flash( "You do not have the email: %s, nothing to remove" % email, "error", ) return flask.redirect(flask.url_for("ui_ns.user_settings")) for mail in user.emails: if mail.email == email: user.emails.remove(mail) break try: flask.g.session.commit() flask.flash("Email removed") except SQLAlchemyError as err: # pragma: no cover flask.g.session.rollback() _log.exception(err) flask.flash("Email could not be removed", "error") return flask.redirect(flask.url_for("ui_ns.user_settings"))
def renew_api_user_token(token_id): """ Renew a user token (ie: not project specific). """ if admin_session_timedout(): flask.flash("Action canceled, try it again", "error") url = flask.url_for(".user_settings") return flask.redirect(flask.url_for("auth_login", next=url)) token = pagure.lib.query.get_api_token(flask.g.session, token_id) if not token or token.user.username != flask.g.fas_user.username: flask.abort(404, description="Token not found") form = pagure.forms.ConfirmationForm() if form.validate_on_submit(): acls = [acl.name for acl in token.acls] try: pagure.lib.query.add_token_to_user( flask.g.session, project=None, description=token.description or None, acls=acls, username=flask.g.fas_user.username, expiration_date=datetime.date.today() + datetime.timedelta(days=(30 * 6)), ) flask.g.session.commit() flask.flash("Token created") return flask.redirect( flask.url_for("ui_ns.user_settings") + "#nav-api-tab" ) except SQLAlchemyError as err: # pragma: no cover flask.g.session.rollback() _log.exception(err) flask.flash("API token could not be renewed", "error") return flask.redirect( flask.url_for("ui_ns.user_settings") + "#nav-api-tab" )
def user_settings(): """ Update the user settings. """ if admin_session_timedout(): return flask.redirect( flask.url_for('auth_login', next=flask.request.url)) user = _get_user(username=flask.g.fas_user.username) form = pagure.forms.UserSettingsForm() if form.validate_on_submit() and pagure_config.get('LOCAL_SSH_KEY', True): ssh_key = form.ssh_key.data try: message = 'Nothing to update' if user.public_ssh_key != ssh_key: pagure.lib.update_user_ssh( flask.g.session, user=user, ssh_key=ssh_key, keydir=pagure_config.get('GITOLITE_KEYDIR', None), ) flask.g.session.commit() message = 'Public ssh key updated' flask.flash(message) return flask.redirect(flask.url_for('ui_ns.user_settings')) except SQLAlchemyError as err: # pragma: no cover flask.g.session.rollback() flask.flash(str(err), 'error') elif flask.request.method == 'GET': form.ssh_key.data = user.public_ssh_key return flask.render_template( 'user_settings.html', user=user, form=form, )