Exemplo n.º 1
0
def signin(request):
    args = request.args
    
    if request.method == "POST":
        params = request.POST
    else:
        params = request.GET
    
    try:
        name = params.get("name", "")
        password = params.get("password")
        reset_password = params.get("reset_password")
        remember = params.get("remember")
        
        redirect_url = params.get("redirect_url")
        if not redirect_url:
            redirect_url = kiwioptions.SIGNIN_REDIRECT

        args["redirect_url"] = redirect_url
            
        signin_page = kiwioptions.AUTH_BASE_URL + kiwioptions.AUTH_PAGE
        
        if reset_password:
            args["signin_error_message"] = mark_safe("Reset Password is not currently enabled.<br>Please contact <a href=\"mailto:[email protected]\">[email protected]</a> for assistance.")
            return kiwitemplates.render_template_to_response(request, signin_page)
        
        # See if the name and password are correct
        m = kiwioptions.memberTable.get_signin_member(name, password)
        if m:
            save_signin(request, m, remember)
            m.signed_in()
            
            if m.has_temporary_password():
                return kiwitemplates.render_template_to_response(request, "_kiwi_change_password", allowDefaultTemplates=True)
            else:
                return kiwitemplates.render_template_to_response(request, "_kiwi_redirect", allowDefaultTemplates=True)
        
        # Sign in was unsuccessful. Re-render the same page with an error message
        args["signin_error_message"] = "Your signin information is incorrect. Please try again."
    
        return kiwitemplates.render_template_to_response(request, signin_page, args=args)
    
    except Exception, ex:
        args["signin_error_message"] = str(ex)
    
        return kiwitemplates.render_template_to_response(request, signin_page)
Exemplo n.º 2
0
def change_password(request):
    args = request.args
    
    if request.method == "POST":
        params = request.POST
    else:
        params = request.GET
    
    redirect_url = params.get("redirect_url")
    if not redirect_url:
        redirect_url = kiwioptions.SIGNIN_REDIRECT

    args["redirect_url"] = redirect_url
        
    if request.method == "GET":
        return kiwitemplates.render_template_to_response(request, "_kiwi_change_password", allowDefaultTemplates=True)
    
    try:
        errs = ""

        m = args["MEMBER"]
        if not m:
            errs += "<br>You appear you have your browser's cookie functionality turned off. It must be turned on to sign into this site. "
            errs += "Click <a href=\"http://www.google.com/support/accounts/bin/answer.py?answer=61416\">here</a> for assistance in turning cookies back on."

        password = params.get("password")
        password2 = params.get("password2")
        
        minlen = kiwioptions.KIWI_PASSWORD_MINIMUM_LENGTH
        if not password or len(password) < minlen:
            errs += "<br>Password must be at least %d characters." % minlen
        if password != password2:
            errs += "<br>The two password fields must match."

        if errs:
            args["password_error_message"] = mark_safe(errs)
            return kiwitemplates.render_template_to_response(request, "_kiwi_change_password", allowDefaultTemplates=True)

        m.change_password(password)
        return kiwitemplates.render_template_to_response(request, "_kiwi_redirect", allowDefaultTemplates=True)
    
    except Exception, ex:
        args["signin_error_message"] = str(ex)
        return kiwitemplates.render_template_to_response(request, "_kiwi_change_password", allowDefaultTemplates=True)
Exemplo n.º 3
0
def signout(request):
    args = request.args

    delete_auth_cookie(request)

    if request.method == "POST":
        params = request.POST
    else:
        params = request.GET
    
    redirect_url = params.get("redirect_url")
    if not redirect_url:
        redirect_url = kiwioptions.SIGNOUT_REDIRECT

    args["redirect_url"] = redirect_url
    
    return kiwitemplates.render_template_to_response(request, "_kiwi_redirect", allowDefaultTemplates=True)
Exemplo n.º 4
0
def member_admin(request):
    args = request.args
    
    if not args["ADMIN"]:
        if kiwioptions.memberTable.members_exist():
            return kiwitemplates.error404(request)
        
        # If there are no members in the database, the member_admin function works without admin authorization
        # This allows the creation of the first users in the database
        
        args["initial_setup"] = True

        args["MEMBER_NAME"] = "Initial Setup"
        args["MEMBER_DISPLAY_NAME"] = "Initial Setup"
        args["ADMIN"] = True
        
        args["form_response"] = "To set up the first user, create them here, then use the Google App Engine console to make them an administrator."
    
    if request.method == "GET":
        return kiwitemplates.render_template_to_response(request, "_kiwi_member_admin", allowDefaultTemplates=True)
    
    params = request.POST
    
    messages = []
    errors = []

    try:
        action = params.get("action")

        if action == "add":
            lines = params["members_to_add"].replace("\r", "\n").replace("\n\n", "\n").split("\n")
        
            delimiter = params.get("delimiter", ",")
            
            # If the first line is a single character, it is an override delimiter
            if len(lines[0].strip()) == 1:
                delimiter = lines[0][0]
                del lines[0]
                
            messages.append("Delimiter is " + delimiter)
        
            for line in lines:
                if not line.strip():
                    continue

                name = "?"
                try:
                    pieces = line.split(delimiter)
                    while len(pieces) < 4:
                        pieces.append("")
                    
                    name, fullname, email, id = pieces[:5]
                        
                    if not name:
                        errors.append("Missing name in line: %s" % (line))
                        continue
                    
                    if not fullname:
                        fullname = cgi.escape(name)     # BOGUS: Deal with kiwioptions.FULLNAME_IS_HTML?
                        
                    if not email: email = None                      # Empty string isn't allowed for an email address
        
                    password = "******" % random.randint(100000, 999999)
                    
                    errmsg = kiwioptions.memberTable.create_member(id, name, fullname, password, email, active=True, admin=False, temp_password=True) 
                    if errmsg:
                        errors.append("Can't create %s: %s" % (name, errmsg)) 
                    else:
                        messages.append("Added %s, temp password=%s " % (name, password))
                        
                except DeadlineExceededError, ex:
                    errors.append("<b>[Out of time, resubmit starting with %s]</b>" % (name))
                    break
        
                except errors, ex:
                    errors.append("%s got error: %s" % (name, str(ex)))
Exemplo n.º 5
0
                            
                else:
                    errors.append("Unrecognized action: %s" % (action))

    except Exception, ex:
        errors.append("Exception: %s" % (str(ex)))

    response = "<span style='color:red'>Illegal operation</span><br>%s"

    response = "<br>".join(messages)
    if errors:
        response = "<span style='color:red'>%s</span><br>%s" % ("<br>".join(errors), response)
            
    args["form_response"] = mark_safe(response)

    return kiwitemplates.render_template_to_response(request, "_kiwi_member_admin", allowDefaultTemplates=True)

def remember_login(request, flag):
    # This is an admin only feature but it's actually  just hidden.
    # You can implement it as a user feature if you want.
    # BOGUS: Consider whether to change this
    set_remember_login(request, flag)
    return HttpResponse("<h2>The Remember Me option has been turned <b>%s</b> for this browser.</h2>" % ("On" if flag else "Off"))

def clear_cookies(request):
    # BOGUS: Consider whether to expose this publicly
    delete_auth_cookie(request)
    set_remember_login(request, None)
    request.delete_cookie(kiwioptions.SIGNIN_COOKIE_NAME, domain=kiwioptions.AUTH_COOKIE_DOMAIN)
    return HttpResponse("<h2>Cookies Cleared</h2><p><a href=\"/\">Sign In again</a></p>")