def _prepare(self, id): # FIXME 403 error for invalid key is a non helpful page context = { u'model': model, u'session': model.Session, u'user': id, u'keep_email': True } try: logic.check_access(u'user_reset', context) except logic.NotAuthorized: base.abort(403, _(u'Unauthorized to reset password.')) try: user_dict = logic.get_action(u'user_show')(context, {u'id': id}) except logic.NotFound: base.abort(404, _(u'User not found')) user_obj = context[u'user_obj'] g.reset_key = request.params.get(u'key') if not mailer.verify_reset_link(user_obj, g.reset_key): msg = _(u'Invalid reset key. Please try again.') h.flash_error(msg) base.abort(403, msg) return context, user_dict
def perform_reset(self, id): # FIXME 403 error for invalid key is a non helpful page context = { 'model': model, 'session': model.Session, 'user': id, 'keep_email': True } try: check_access('user_reset', context) except NotAuthorized: abort(403, _('Unauthorized to reset password.')) try: data_dict = {'id': id} user_dict = get_action('user_show')(context, data_dict) user_obj = context['user_obj'] except NotFound as e: abort(404, _('User not found')) c.reset_key = request.params.get('key') if not mailer.verify_reset_link(user_obj, c.reset_key): h.flash_error(_('Invalid reset key. Please try again.')) abort(403) if request.method == 'POST': try: context['reset_password'] = True user_state = user_dict['state'] new_password = self._get_form_password() user_dict['password'] = new_password username = request.params.get('name') if (username is not None and username != ''): user_dict['name'] = username user_dict['reset_key'] = c.reset_key user_dict['state'] = model.State.ACTIVE user = get_action('user_update')(context, user_dict) mailer.create_reset_key(user_obj) h.flash_success(_("Your password has been reset.")) h.redirect_to('/') except NotAuthorized: h.flash_error(_('Unauthorized to edit user %s') % id) except NotFound as e: h.flash_error(_('User not found')) except DataError: h.flash_error(_(u'Integrity Error')) except ValidationError as e: h.flash_error(u'%r' % e.error_dict) except ValueError as ve: h.flash_error(unicode(ve)) user_dict['state'] = user_state c.user_dict = user_dict return render('user/perform_reset.html')
def perform_reset(self, id): # FIXME 403 error for invalid key is a non helpful page context = {'model': model, 'session': model.Session, 'user': id, 'keep_email': True} try: check_access('user_reset', context) except NotAuthorized: abort(403, _('Unauthorized to reset password.')) try: data_dict = {'id': id} user_dict = get_action('user_show')(context, data_dict) user_obj = context['user_obj'] except NotFound as e: abort(404, _('User not found')) c.reset_key = request.params.get('key') if not mailer.verify_reset_link(user_obj, c.reset_key): h.flash_error(_('Invalid reset key. Please try again.')) abort(403) if request.method == 'POST': try: context['reset_password'] = True user_state = user_dict['state'] new_password = self._get_form_password() user_dict['password'] = new_password username = request.params.get('name') if (username is not None and username != ''): user_dict['name'] = username user_dict['reset_key'] = c.reset_key user_dict['state'] = model.State.ACTIVE user = get_action('user_update')(context, user_dict) mailer.create_reset_key(user_obj) h.flash_success(_("Your password has been reset.")) h.redirect_to('/') except NotAuthorized: h.flash_error(_('Unauthorized to edit user %s') % id) except NotFound as e: h.flash_error(_('User not found')) except DataError: h.flash_error(_(u'Integrity Error')) except ValidationError as e: h.flash_error(u'%r' % e.error_dict) except ValueError as ve: h.flash_error(unicode(ve)) user_dict['state'] = user_state c.user_dict = user_dict return render('user/perform_reset.html')
def perform_reset(self, id): user = model.User.get(id) if user is None: abort(404) c.reset_key = request.params.get('key') if not mailer.verify_reset_link(user, c.reset_key): h.flash_error(_('Invalid reset key. Please try again.')) abort(403) if request.method == 'POST': try: user.password = self._get_form_password() model.Session.add(user) model.Session.commit() h.flash_success(_("Your password has been reset.")) redirect('/') except ValueError, ve: h.flash_error(unicode(ve))
def password_reset(self, user_id): context = { 'model': model, 'session': model.Session, 'user': user_id, 'keep_email': True } try: check_access('user_reset', context) except NotAuthorized: return h.redirect_to('home') try: logic.get_action('user_show')(context, {'id': user_id}) user_obj = context['user_obj'] except logic.NotFound: return base.render('user/expired_key.html') c.reset_key = request.params.get('key') if not ckan_mailer.verify_reset_link(user_obj, c.reset_key): # Invalid reset key. return base.render('user/expired_key.html') if request.method == 'POST': user_data = { 'id': user_obj.id, 'password': request.params.get('password') } if request.params.get('email', None) is not None: user_data['email'] = request.params.get('email') user_updated = self._edit_user(user_data) ckan_mailer.create_reset_key(user_obj) response.headers['Content-Type'] = self.json_content_type json_response = { 'success': user_updated, 'redirect_url': h.url_for('/ingresar') } return h.json.dumps(json_response, for_json=True) return base.render('user/perform_reset.html', extra_vars={'user': user_obj})
try: check_access('user_reset', context) except NotAuthorized: abort(401, _('Unauthorized to reset password.')) try: data_dict = {'id': id} user_dict = get_action('user_show')(context, data_dict) user_obj = context['user_obj'] except NotFound, e: abort(404, _('User not found')) c.reset_key = request.params.get('key') if not mailer.verify_reset_link(user_obj, c.reset_key): h.flash_error(_('Invalid reset key. Please try again.')) abort(403) if request.method == 'POST': try: context['reset_password'] = True new_password = self._get_form_password() user_dict['password'] = new_password user_dict['reset_key'] = c.reset_key user_dict['state'] = model.State.ACTIVE user = get_action('user_update')(context, user_dict) mailer.create_reset_key(user_obj) h.flash_success(_("Your password has been reset.")) h.redirect_to('/')
try: check_access('user_reset', context) except NotAuthorized: abort(401, _('Unauthorized to reset password.')) try: data_dict = {'id': id} user_dict = get_action('user_show')(context, data_dict) user_obj = context['user_obj'] except NotFound, e: abort(404, _('User not found')) c.reset_key = request.params.get('key') if not mailer.verify_reset_link(user_obj, c.reset_key): h.flash_error(_('Invalid reset key. Please try again.')) abort(403) if request.method == 'POST': try: context['reset_password'] = True new_password = self._get_form_password() user_dict['password'] = new_password user_dict['reset_key'] = c.reset_key user_dict['state'] = model.State.ACTIVE user = get_action('user_update')(context, user_dict) h.flash_success(_("Your password has been reset.")) h.redirect_to('/') except NotAuthorized:
def _login(context, data_dict): if toolkit.c.user: # Don't offer the reset form if already logged in log.warning("User already logged in") raise toolkit.NotAuthorized('user already logged in, logout first') # Check if parameters are present try: user_id = data_dict.get('id') if not user_id: email = data_dict['email'].lower() # Check email is valid if not util.check_email(email): raise toolkit.ValidationError({'email': 'invalid email'}) # get the user id user_id = util.get_user_id(email) if not user_id: raise toolkit.ValidationError({ 'email': 'email does not correspond to a registered user' }) except KeyError: raise toolkit.ValidationError({'email': 'missing email'}) try: orig_key = data_dict['key'] except KeyError: raise toolkit.ValidationError({'key': 'missing token'}) if len(orig_key) <= 32 and not orig_key.startswith("b'"): key = "b'{0}'".format(orig_key) else: key = orig_key log.debug('login: {0} ({1}) => {2}'.format(user_id, orig_key, key)) # get whether to return context (UI) or just a message (API) return_context = data_dict.get('return_context', False) try: data_dict = {'id': user_id} user_dict = logic.get_action('user_show')(context, data_dict) user_obj = context['user_obj'] email = user_dict.get('email', user_obj.email) except logic.NotFound: raise logic.NotFound('"%s" matched several users' % user_id) except toolkit.NotAuthorized: raise toolkit.NotAuthorized('Exception (Not Authorized) email = ' + str(email) + 'id = ' + str(user_id)) if not user_obj or not mailer.verify_reset_link(user_obj, key): raise toolkit.ValidationError({'key': 'token provided is not valid'}) flask.session['ckanext-passwordless-user'] = user_dict['name'] # remove token mailer.create_reset_key(user_obj) # log the user in programmatically try: _set_repoze_user_only(user_dict['name']) except TypeError as e: log.warning("Exception at login: {0}".format(e)) # delete attempts from Redis log.debug("Redis: reset attempts for {0}".format(email)) redis_conn = connect_to_redis() redis_conn.delete(email) # make sure the master API key exists apikey = util.renew_master_token(user_dict['name']) # return message or context if return_context: return context else: user_obj = context.get('user_obj', None) result_json = { 'user': { 'email': user_obj.email, 'id': user_obj.id, 'name': user_obj.name, 'apikey': apikey, 'fullname': user_obj.fullname }, 'message': "login success" } return result_json
class GDPRUserController(UserController): new_user_form = 'user/register.html' edit_user_form = 'user/gdpr_edit_user_form.html' def _save_new(self, context): context['schema'] = schema.user_new_form_schema() return UserController._save_new(self, context) def edit_me(self, locale=None): if not c.user: h.redirect_to(locale=locale, controller='user', action='login', id=None) user_ref = c.userobj.get_reference_preferred_for_uri() h.redirect_to(locale=locale, controller='ckanext.gdpr.controller:GDPRUserController', action='edit', id=user_ref) def perform_reset(self, id): # FIXME 403 error for invalid key is a non helpful page context = { 'model': model, 'session': model.Session, 'user': id, 'keep_email': True } try: logic.check_access('user_reset', context) except logic.NotAuthorized: abort(403, _('Unauthorized to reset password.')) try: data_dict = {'id': id} user_dict = logic.get_action('user_show')(context, data_dict) user_obj = context['user_obj'] except logic.NotFound, e: abort(404, _('User not found')) c.reset_key = request.params.get('key') if not mailer.verify_reset_link(user_obj, c.reset_key): h.flash_error(_('Invalid reset key. Please try again.')) abort(403) if request.method == 'POST': try: context['reset_password'] = True new_password = self._get_form_password() user_dict['password'] = new_password user_dict['reset_key'] = c.reset_key user_dict['state'] = model.State.ACTIVE # Include policies into user dict for key in request.params: if key.startswith('policy-'): user_dict[key] = request.params.getone(key) user = logic.get_action('user_update')(context, user_dict) mailer.create_reset_key(user_obj) h.flash_success(_("Your password has been reset.")) h.redirect_to('/') except logic.NotAuthorized: h.flash_error(_('Unauthorized to edit user %s') % id) except logic.NotFound, e: h.flash_error(_('User not found')) except dictization_functions.DataError: h.flash_error(_(u'Integrity Error'))