def user_chemail(): form = ChangeEmailForm(request.form) if request.method == 'POST' and form.validate(): old = form.old_email.data new = form.new_email.data pwd = form.password.data if None in [old,new] or old == new: raise ResponseError() if old != g.user.email or not g.user.verify_pass(pwd): raise ResponseError(403, 'Wrong email or password', 'Please provide your original email and current password.') token = g.user.create_reset_token( app.config['SECRET'], app.config['RESET_TIMEOUT'], which='email', extra={'new_email':new} ) if not token: raise ResponseError() # email user g.user.inactivate() delattr(g, 'user') resp = template('email_sent.html') resp = set_auth_cookie(resp, 'null', current_date()) return resp return template('change_email.html', dict(form=form))
def ban(self): '''Ban this user.''' if not self.banned: self.expire_sessions() self.banned = True self.banned_date = current_date() self.save()
def available_items(cls, user, resource): items = cls\ .select( cls.resource_id, )\ .where( cls.user == user, cls.resource == resource, cls.expires >= current_date(), ) return items
def admin_subs(user_id, resource=None, res_id=None): try: user = ApdUser.get(ApdUser.keyfield() == user_id) except ApdUser.NotFound: raise ResponseError(404, 'No such user') if request.method == 'GET': # Return user's subscriptions sub_rows = Subscription.select().where( (Subscription.user == user) & (Subscription.resource << sub_resources) ) subs = {res:{'all':False,'idx':[]} for res in sub_resources} min_id = {res:0 for res in sub_resources} for row in sub_rows: min_id[row.resource] = min(min_id[row.resource], row.resource_id) days_left = max(0, (row.expires - current_date()).days) subs[row.resource]['idx'].append({ 'id' : row.resource_id, 'expires_in' : days_left }) for res in sub_resources: subs[res]['all'] = min_id[res] == -1 return jsonify(subscriptions=subs) elif request.method == 'PUT': # Update user's subscriptions dat = request.get_json(silent=True) if dat: ret = Subscription.change(user, dat['subscriptions'], dat['extend_days']) if ret: return jsonify(updated=ret) else: raise ResponseError() else: raise ResponseError()
def create_session(self, secret, timeout, location): '''Create a new session for this user.''' if not self.is_active: return None currt = current_date() endt = currt + timedelta(seconds=timeout) self.expire_sessions() session = Session.create(user=self, location=location, start_time=currt, end_time=endt) data = {'session': session.id} token = create_token(data, secret, salt='session', timeout=timeout) return token, endt
def change(cls, user, res_idx, days=30): '''Update subscriptions for the given user.''' cdate = current_date() expires_at = cdate + timedelta(days=days) updated = {} with db.atomic(): for res, idx in res_idx.items(): flt = (cls.user == user) & (cls.resource == res) # Delete rows if not in idx dq = cls.delete().where(flt & (cls.resource_id.not_in(idx))) dq.execute() # Select remaining rows sq = cls.select(cls.resource_id).where(flt).tuples() sq = [i[0] for i in sq] # Update expiry time uq = cls.update(expires=expires_at).where(flt).execute() # Insert new rows data_src = [] upd_idx = [] for id in idx: id = int(id) if id not in sq: data_src.append({ 'user': user, 'resource': res, 'resource_id': id, 'expires': expires_at }) upd_idx.append(id) if len(data_src) > 0: cls.insert_many(data_src).execute() updated[res] = upd_idx return updated
def refresh_session(self, secret, timeout): '''Extend the current active session.''' if not (self.active_session and self.is_active): return None currt = current_date() endt = currt + timedelta(seconds=timeout) active_session = self.active_session if currt >= active_session.end_time: return None data = {'session': active_session.id} token = create_token(data, secret, salt='session', timeout=timeout) active_session.end_time = endt active_session.save() return token, endt
def user_chpass(): form = ChangePwdForm(request.form) if request.method == 'POST' and form.validate(): old = form.old_password.data new = form.new_password.data if None in [old,new] or old == new: raise ResponseError() if not g.user.verify_pass(old): raise ResponseError(403, 'Wrong password', 'Please provide your original password.') g.user.set_pass(new) g.user.expire_sessions() delattr(g, 'user') resp = redirect(url_for('user_login')) resp = set_auth_cookie(resp, 'null', current_date()) return resp return template('change_password.html', dict(form=form))
def user_logout(): user = g.get('user', None) if request.method == 'GET': if user: if not user.is_authenticated: raise redirect(url_for('index')) else: return redirect(url_for('index')) return template('logout.html') elif request.method == 'POST': value = request.form.get('confirm') next = request.form.get('next') next = check_url(next) or url_for('index') if value == 'accept': g.user.expire_sessions() delattr(g, 'user') resp = redirect(url_for('index')) resp = set_auth_cookie(resp, 'null', current_date()) return resp else: return redirect(next)
def expire_sessions(self): '''Expire all previous sessions.''' currt = current_date() query = Session.update(active = False, end_time = currt)\ .where((Session.user == self) & (Session.active == True)) query.execute()