def ban_user(user):
"""Bans a user if it was not already banned. This also sends the
user an email that he was banned.
"""
if user.is_banned:
return
user.is_banned = True
send_email(_(u'User account banned'),
render_template('mails/user_banned.txt', user=user),
user.email)
session.commit()
def ban_user(user):
"""Bans a user if it was not already banned. This also sends the
user an email that he was banned.
"""
if user.is_banned:
return
user.is_banned = True
send_email(_(u'User account banned'),
render_template('mails/user_banned.txt', user=user),
user.email)
session.commit()
def reset_password(self, request, user):
if settings.REGISTRATION_REQUIRES_ACTIVATION:
user.is_active = False
confirmation_url = url_for('core.activate_user', email=user.email,
key=user.activation_key, _external=True)
send_email(_(u'Registration Confirmation'),
render_template('mails/activate_user.txt', user=user,
confirmation_url=confirmation_url),
user.email)
request.flash(_(u'A mail was sent to %s with a link to finish the '
u'registration.') % user.email)
else:
request.flash(_(u'You\'re registered. You can login now.'))
def reset_password(request, email=None, key=None):
"""Resets the password if possible."""
auth = get_auth_system()
if not auth.can_reset_password:
raise NotFound()
form = ResetPasswordForm()
new_password = None
# if the user is logged in, he goes straight back to the overview
# page. Why would a user that is logged in (and does not anywhere
# see a link to that page) reset the password? Of course that does
# not give us anything security wise because he just has to logout.
if request.is_logged_in:
return redirect(url_for('kb.overview'))
# we came back from the link in the mail, try to reset the password
if email is not None:
for user in User.query.filter_by(email=email).all():
if user.password_reset_key == key:
break
else:
request.flash(_(u'The password-reset key expired or the link '
u'was invalid.'),
error=True)
return redirect(url_for('core.reset_password'))
new_password = user.set_random_password()
session.commit()
# otherwise validate the form
elif request.method == 'POST' and form.validate(request.form):
user = form.user
reset_url = url_for('core.reset_password',
email=user.email,
key=user.password_reset_key,
_external=True)
send_email(
_(u'Reset Password'),
render_template('mails/reset_password.txt',
user=user,
reset_url=reset_url), user.email)
request.flash(
_(u'A mail with a link to reset the password '
u'was sent to “%s”') % user.email)
return redirect(url_for('kb.overview'))
return render_template('core/reset_password.html',
form=form.as_widget(),
new_password=new_password)
def reset_password(self, request, user):
if settings.REGISTRATION_REQUIRES_ACTIVATION:
user.is_active = False
confirmation_url = url_for('core.activate_user',
email=user.email,
key=user.activation_key,
_external=True)
send_email(
_(u'Registration Confirmation'),
render_template('mails/activate_user.txt',
user=user,
confirmation_url=confirmation_url), user.email)
request.flash(
_(u'A mail was sent to %s with a link to finish the '
u'registration.') % user.email)
else:
request.flash(_(u'You\'re registered. You can login now.'))
def unban_user(user):
"""Unbans the user. What this actually does is sending the user
an email with a link to reactivate his account. For reactivation
he has to give himself a new password.
"""
if not user.is_banned:
return
if settings.REQUIRE_NEW_PASSWORD_ON_UNBAN:
user.is_active = False
user.is_banned = False
reset_url = url_for('core.reset_password', email=user.email,
key=user.password_reset_key, _external=True)
send_email(_(u'Your ban was lifted'),
render_template('mails/user_unbanned.txt', user=user,
reset_url=reset_url), user.email)
session.commit()
def unban_user(user):
"""Unbans the user. What this actually does is sending the user
an email with a link to reactivate his account. For reactivation
he has to give himself a new password.
"""
if not user.is_banned:
return
if settings.REQUIRE_NEW_PASSWORD_ON_UNBAN:
user.is_active = False
user.is_banned = False
reset_url = url_for('core.reset_password', email=user.email,
key=user.password_reset_key, _external=True)
send_email(_(u'Your ban was lifted'),
render_template('mails/user_unbanned.txt', user=user,
reset_url=reset_url), user.email)
session.commit()
def reset_password(request, email=None, key=None):
"""Resets the password if possible."""
auth = get_auth_system()
if not auth.can_reset_password:
raise NotFound()
form = ResetPasswordForm()
new_password = None
# if the user is logged in, he goes straight back to the overview
# page. Why would a user that is logged in (and does not anywhere
# see a link to that page) reset the password? Of course that does
# not give us anything security wise because he just has to logout.
if request.is_logged_in:
return redirect(url_for('kb.overview'))
# we came back from the link in the mail, try to reset the password
if email is not None:
for user in User.query.filter_by(email=email).all():
if user.password_reset_key == key:
break
else:
request.flash(_(u'The password-reset key expired or the link '
u'was invalid.'), error=True)
return redirect(url_for('core.reset_password'))
new_password = user.set_random_password()
session.commit()
# otherwise validate the form
elif request.method == 'POST' and form.validate(request.form):
user = form.user
reset_url = url_for('core.reset_password', email=user.email,
key=user.password_reset_key, _external=True)
send_email(_(u'Reset Password'),
render_template('mails/reset_password.txt', user=user,
reset_url=reset_url), user.email)
request.flash(_(u'A mail with a link to reset the password '
u'was sent to “%s”') % user.email)
return redirect(url_for('kb.overview'))
return render_template('core/reset_password.html', form=form.as_widget(),
new_password=new_password)
