Exemplo n.º 1
0
    def POST_login(self, i):
        # make sure the username is valid
        if not forms.vlogin.valid(i.username):
            return self.error("account_user_notfound", i)

        # Try to find account with exact username, failing which try for case variations.
        account = accounts.find(username=i.username) or accounts.find(lusername=i.username)

        if not account:
            return self.error("account_user_notfound", i)

        if i.redirect == "/account/login" or i.redirect == "":
            i.redirect = "/"

        status = account.login(i.password)
        if status == 'ok':
            expires = (i.remember and 3600*24*7) or ""
            web.setcookie(config.login_cookie_name, web.ctx.conn.get_auth_token(), expires=expires)
            raise web.seeother(i.redirect)
        elif status == "account_not_verified":
            return render_template("account/not_verified", username=account.username, password=i.password, email=account.email)
        elif status == "account_not_found":
            return self.error("account_user_notfound", i)
        elif status == "account_blocked":
            return self.error("account_blocked", i)
        else:
            return self.error("account_incorrect_password", i)
Exemplo n.º 2
0
 def GET(self, key):
     account = accounts.find(username = key) or accounts.find(email = key)
     if account:
         if "@" in key:
             raise web.seeother("/admin/people/" + account.username)
         else:
             return render_template('admin/people/view', account)
     else:
         raise web.notfound()
Exemplo n.º 3
0
 def POST(self, key):
     user = accounts.find(username = key)
     if not user:
         raise web.notfound()
         
     i = web.input(action=None, tag=None, bot=None)
     if i.action == "update_email":
         return self.POST_update_email(user, i)
     elif i.action == "update_password":
         return self.POST_update_password(user, i)
     elif i.action == "resend_link":
         return self.POST_resend_link(user)
     elif i.action == "activate_account":
         return self.POST_activate_account(user)
     elif i.action == "send_password_reset_email":
         return self.POST_send_password_reset_email(user)
     elif i.action == "block_account":
         return self.POST_block_account(user)
     elif i.action == "block_account_and_revert":
         return self.POST_block_account_and_revert(user)
     elif i.action == "unblock_account":
         return self.POST_unblock_account(user)
     elif i.action == "add_tag":
         return self.POST_add_tag(user, i.tag)
     elif i.action == "remove_tag":
         return self.POST_remove_tag(user, i.tag)
     elif i.action == "set_bot_flag":
         return self.POST_set_bot_flag(user, i.bot)
     elif i.action == "su":
         return self.POST_su(user)
     else:
         raise web.seeother(web.ctx.path)
Exemplo n.º 4
0
def create_edition_from_amazon_metadata(isbn):
    """Fetches amazon metadata by isbn from affiliates API, attempts to
    create OL edition from metadata, and returns the resulting edition key
    `/key/OL..M` if successful or None otherwise
    """
    md = get_amazon_metadata(isbn)
    if md:
        # Save token of currently logged in user (or no-user)
        account = accounts.get_current_user()
        auth_token = account.generate_login_code() if account else ''

        try:
            # Temporarily behave (act) as ImportBot for import
            tmp_account = accounts.find(username='******')
            web.ctx.conn.set_auth_token(tmp_account.generate_login_code())
            reply = load(clean_amazon_metadata_for_load(md),
                         account=tmp_account)
        except Exception as e:
            web.ctx.conn.set_auth_token(auth_token)
            raise e

        # Return auth token to original user or no-user
        web.ctx.conn.set_auth_token(auth_token)

        if reply and reply.get('success'):
            return reply['edition']['key']
Exemplo n.º 5
0
 def GET(self):
     i = web.input(email=None)
     
     if i.email:
         account = accounts.find(email=i.email)
         if account:
             raise web.seeother("/admin/people/" + account.username)
     return render_template("admin/people/index", email=i.email)
Exemplo n.º 6
0
 def update_email(self, username, email):
     if accounts.find(email=email):
         title = _("Email address is already used.")
         message = _("Your email address couldn't be updated. The specified email address is already used.")
     else:
         logger.info("updated email of %s to %s", username, email)
         accounts.update_account(username=username, email=email, status="active")
         title = _("Email verification successful.")
         message = _('Your email address has been successfully verified and updated in your account.')
     return render.message(title, message)
Exemplo n.º 7
0
    def POST(self):
        i = web.input(email='')

        f = forms.ForgotPassword()

        if not f.validates(i):
            return render['account/password/forgot'](f)

        account = accounts.find(email=i.email)
        
        send_forgot_password_email(account.username, i.email)
        return render['account/password/sent'](i.email)
Exemplo n.º 8
0
 def POST(self, code=None):
     """Called to regenerate account verification code.
     """
     i = web.input(email=None)
     account = accounts.find(email=i.email)
     if not account:
         return render_template("account/verify/failed", email=i.email)
     elif account['status'] != "pending":
         return render['account/verify/activated'](account)
     else:
         account.send_verification_email()
         title = _("Hi %(user)s", user=account.displayname)
         message = _("We've sent the verification email to %(email)s. You'll need to read that and click on the verification link to verify your email.", email=account.email)
         return render.message(title, message)
Exemplo n.º 9
0
    def GET(self, code):
        docs = web.ctx.site.store.values(type="account-link", name="code", value=code)
        if docs:
            doc = docs[0]

            account = accounts.find(username = doc['username'])
            if account:
                if account['status'] != "pending":
                    return render['account/verify/activated'](account)
            account.activate()
            user = web.ctx.site.get("/people/" + doc['username']) #TBD
            return render['account/verify/success'](account)
        else:
            return render['account/verify/failed']()
Exemplo n.º 10
0
 def update_email(self, username, email):
     if accounts.find(email=email):
         title = _("Email address is already used.")
         message = _(
             "Your email address couldn't be updated. The specified email address is already used."
         )
     else:
         logger.info("updated email of %s to %s", username, email)
         accounts.update_account(username=username,
                                 email=email,
                                 status="active")
         title = _("Email verification successful.")
         message = _(
             'Your email address has been successfully verified and updated in your account.'
         )
     return render.message(title, message)
Exemplo n.º 11
0
    def POST(self):
        i = web.input(email='')

        f = forms.ForgotPassword()

        if not f.validates(i):
            return render['account/password/forgot'](f)

        account = accounts.find(email=i.email)

        if account.is_blocked():
            f.note = utils.get_error("account_blocked")
            return render_template('account/password/forgot', f)

        send_forgot_password_email(account.username, i.email)
        return render['account/password/sent'](i.email)
Exemplo n.º 12
0
    def POST(self):
        i = web.input(email='')

        f = forms.ForgotPassword()

        if not f.validates(i):
            return render['account/password/forgot'](f)

        account = accounts.find(email=i.email)

        if account.is_blocked():
            f.note = utils.get_error("account_blocked")
            return render_template('account/password/forgot', f)

        send_forgot_password_email(account.username, i.email)
        return render['account/password/sent'](i.email)
Exemplo n.º 13
0
 def POST(self, code=None):
     """Called to regenerate account verification code.
     """
     i = web.input(email=None)
     account = accounts.find(email=i.email)
     if not account:
         return render_template("account/verify/failed", email=i.email)
     elif account['status'] != "pending":
         return render['account/verify/activated'](account)
     else:
         account.send_verification_email()
         title = _("Hi %(user)s", user=account.displayname)
         message = _(
             "We've sent the verification email to %(email)s. You'll need to read that and click on the verification link to verify your email.",
             email=account.email)
         return render.message(title, message)
Exemplo n.º 14
0
    def GET(self, code):
        docs = web.ctx.site.store.values(type="account-link",
                                         name="code",
                                         value=code)
        if docs:
            doc = docs[0]

            account = accounts.find(username=doc['username'])
            if account:
                if account['status'] != "pending":
                    return render['account/verify/activated'](account)
            account.activate()
            user = web.ctx.site.get("/people/" + doc['username'])  #TBD
            return render['account/verify/success'](account)
        else:
            return render['account/verify/failed']()
Exemplo n.º 15
0
 def GET(self, username):
     account = accounts.find(username=username)
     if not account:
         raise web.notfound()
     else:
         return render_template("admin/people/edits", account)
Exemplo n.º 16
0
def find_account(username=None, lusername=None, email=None):
    return accounts.find(username=username, lusername=lusername, email=email)
Exemplo n.º 17
0
 def try_login(self, username, password):
     account = accounts.find(username=username)
     return account and account.verify_password(password)
Exemplo n.º 18
0
class account_login(delegate.page):
    """Account login.

    Login can fail because of the following reasons:

    * account_not_found: Error message is displayed.
    * account_bad_password: Error message is displayed with a link to reset password.
    * account_not_verified: Error page is dispalyed with button to "resend verification email".
    """
    path = "/account/login"

    def GET(self):
        referer = web.ctx.env.get('HTTP_REFERER', '/')
        i = web.input(redirect=referer)
        f = forms.Login()
        f['redirect'].value = i.redirect
        return render.login(f)

    def POST(self):
        i = web.input(email='',
                      connect=None,
                      remember=False,
                      redirect='/',
                      action="login")

        if i.action == "resend_verification_email":
            return self.POST_resend_verification_email(i)
        else:
            return self.POST_login(i)

    def error(self, name, i):
        f = forms.Login()
        f.fill(i)
        f.note = utils.get_error(name)
        return render.login(f)

    def error_check(self, audit, i):
        if 'error' in audit:
            error = audit['error']
            if error == "account_not_verified":
                return render_template("account/not_verified",
                                       username=account.username,
                                       password=i.password,
                                       email=account.email)
            elif error == "account_not_found":
                return self.error("account_user_notfound", i)
            elif error == "account_blocked":
                return self.error("account_blocked", i)
            else:
                return self.error(audit['error'], i)
        if not audit['link']:
            # This needs to be overriden w/ `test`
            return self.error("accounts_not_connected", i)
        return None

    def POST_login(self, i):
        i = web.input(username="", password="", remember=False, redirect='')

        audit = audit_accounts(i.username, i.password)
        errors = self.error_check(audit, i)
        if errors:
            return errors

        blacklist = [
            "/account/login", "/account/password", "/account/email",
            "/account/create"
        ]
        if i.redirect == "" or any([path in i.redirect for path in blacklist]):
            i.redirect = "/"
        expires = (i.remember and 3600 * 24 * 7) or ""

        web.setcookie(config.login_cookie_name,
                      web.ctx.conn.get_auth_token(),
                      expires=expires)
        raise web.seeother(i.redirect)

    def POST_resend_verification_email(self, i):
        try:
            accounts.login(i.username, i.password)
        except ClientException, e:
            code = e.get_data().get("code")
            if code != "account_not_verified":
                return self.error("account_incorrect_password", i)

        account = accounts.find(username=i.username)
        account.send_verification_email()

        title = _("Hi %(user)s", user=account.displayname)
        message = _(
            "We've sent the verification email to %(email)s. You'll need to read that and click on the verification link to verify your email.",
            email=account.email)
        return render.message(title, message)
Exemplo n.º 19
0
 def get_account(self):
     username = self.get_username()
     return accounts.find(username=username)
Exemplo n.º 20
0
 def get_account(self):
     username = self.get_username()
     return accounts.find(username=username)
Exemplo n.º 21
0
class account_login(delegate.page):
    """Account login.

    Login can fail because of the following reasons:

    * account_not_found: Error message is displayed.
    * account_bad_password: Error message is displayed with a link to reset password.
    * account_not_verified: Error page is dispalyed with button to "resend verification email".
    """
    path = "/account/login"

    def GET(self):
        referer = web.ctx.env.get('HTTP_REFERER', '/')
        i = web.input(redirect=referer)
        f = forms.Login()
        f['redirect'].value = i.redirect
        return render.login(f)

    def POST(self):
        i = web.input(remember=False, redirect='/', action="login")

        if i.action == "resend_verification_email":
            return self.POST_resend_verification_email(i)
        else:
            return self.POST_login(i)

    def error(self, name, i):
        f = forms.Login()
        f.fill(i)
        f.note = utils.get_error(name)
        return render.login(f)

    def POST_login(self, i):
        # make sure the username is valid
        if not forms.vlogin.valid(i.username):
            return self.error("account_user_notfound", i)

        # Try to find account with exact username, failing which try for case variations.
        account = accounts.find(username=i.username) or accounts.find(
            lusername=i.username)

        if not account:
            return self.error("account_user_notfound", i)

        if i.redirect == "/account/login" or i.redirect == "":
            i.redirect = "/"

        status = account.login(i.password)
        if status == 'ok':
            expires = (i.remember and 3600 * 24 * 7) or ""
            web.setcookie(config.login_cookie_name,
                          web.ctx.conn.get_auth_token(),
                          expires=expires)
            raise web.seeother(i.redirect)
        elif status == "account_not_verified":
            return render_template("account/not_verified",
                                   username=account.username,
                                   password=i.password,
                                   email=account.email)
        elif status == "account_not_found":
            return self.error("account_user_notfound", i)
        elif status == "account_blocked":
            return self.error("account_blocked", i)
        else:
            return self.error("account_incorrect_password", i)

    def POST_resend_verification_email(self, i):
        try:
            accounts.login(i.username, i.password)
        except ClientException, e:
            code = e.get_data().get("code")
            if code != "account_not_verified":
                return self.error("account_incorrect_password", i)

        account = accounts.find(username=i.username)
        account.send_verification_email()

        title = _("Hi %(user)s", user=account.displayname)
        message = _(
            "We've sent the verification email to %(email)s. You'll need to read that and click on the verification link to verify your email.",
            email=account.email)
        return render.message(title, message)
Exemplo n.º 22
0
 def GET(self, username):
     account = accounts.find(username=username)
     if not account:
         raise web.notfound()
     else:
         return render_template("admin/people/edits", account)
Exemplo n.º 23
0
 def try_login(self, username, password):
     account = accounts.find(username=username)
     return account and account.verify_password(password)
Exemplo n.º 24
0
def find_account(username=None, lusername=None, email=None):
    return accounts.find(username=username, lusername=lusername, email=email)