Пример #1
0
    def _prepare(self, id):
        # FIXME 403 error for invalid key is a non helpful page
        context = {
            u'model': model,
            u'session': model.Session,
            u'user': id,
            u'keep_email': True
        }

        try:
            logic.check_access(u'user_reset', context)
        except logic.NotAuthorized:
            base.abort(403, _(u'Unauthorized to reset password.'))

        try:
            user_dict = logic.get_action(u'user_show')(context, {u'id': id})
        except logic.NotFound:
            base.abort(404, _(u'User not found'))
        user_obj = context[u'user_obj']
        g.reset_key = request.params.get(u'key')
        if not mailer.verify_reset_link(user_obj, g.reset_key):
            msg = _(u'Invalid reset key. Please try again.')
            h.flash_error(msg)
            base.abort(403, msg)
        return context, user_dict
Пример #2
0
    def _prepare(self, id):
        # FIXME 403 error for invalid key is a non helpful page
        context = {
            u'model': model,
            u'session': model.Session,
            u'user': id,
            u'keep_email': True
        }

        try:
            logic.check_access(u'user_reset', context)
        except logic.NotAuthorized:
            base.abort(403, _(u'Unauthorized to reset password.'))

        try:
            user_dict = logic.get_action(u'user_show')(context, {u'id': id})
        except logic.NotFound:
            base.abort(404, _(u'User not found'))
        user_obj = context[u'user_obj']
        g.reset_key = request.params.get(u'key')
        if not mailer.verify_reset_link(user_obj, g.reset_key):
            msg = _(u'Invalid reset key. Please try again.')
            h.flash_error(msg)
            base.abort(403, msg)
        return context, user_dict
Пример #3
0
    def perform_reset(self, id):
        # FIXME 403 error for invalid key is a non helpful page
        context = {
            'model': model,
            'session': model.Session,
            'user': id,
            'keep_email': True
        }

        try:
            check_access('user_reset', context)
        except NotAuthorized:
            abort(403, _('Unauthorized to reset password.'))

        try:
            data_dict = {'id': id}
            user_dict = get_action('user_show')(context, data_dict)

            user_obj = context['user_obj']
        except NotFound as e:
            abort(404, _('User not found'))

        c.reset_key = request.params.get('key')
        if not mailer.verify_reset_link(user_obj, c.reset_key):
            h.flash_error(_('Invalid reset key. Please try again.'))
            abort(403)

        if request.method == 'POST':
            try:
                context['reset_password'] = True
                user_state = user_dict['state']
                new_password = self._get_form_password()
                user_dict['password'] = new_password
                username = request.params.get('name')
                if (username is not None and username != ''):
                    user_dict['name'] = username
                user_dict['reset_key'] = c.reset_key
                user_dict['state'] = model.State.ACTIVE
                user = get_action('user_update')(context, user_dict)
                mailer.create_reset_key(user_obj)

                h.flash_success(_("Your password has been reset."))
                h.redirect_to('/')
            except NotAuthorized:
                h.flash_error(_('Unauthorized to edit user %s') % id)
            except NotFound as e:
                h.flash_error(_('User not found'))
            except DataError:
                h.flash_error(_(u'Integrity Error'))
            except ValidationError as e:
                h.flash_error(u'%r' % e.error_dict)
            except ValueError as ve:
                h.flash_error(unicode(ve))
            user_dict['state'] = user_state

        c.user_dict = user_dict
        return render('user/perform_reset.html')
Пример #4
0
    def perform_reset(self, id):
        # FIXME 403 error for invalid key is a non helpful page
        context = {'model': model, 'session': model.Session,
                   'user': id,
                   'keep_email': True}

        try:
            check_access('user_reset', context)
        except NotAuthorized:
            abort(403, _('Unauthorized to reset password.'))

        try:
            data_dict = {'id': id}
            user_dict = get_action('user_show')(context, data_dict)

            user_obj = context['user_obj']
        except NotFound as e:
            abort(404, _('User not found'))

        c.reset_key = request.params.get('key')
        if not mailer.verify_reset_link(user_obj, c.reset_key):
            h.flash_error(_('Invalid reset key. Please try again.'))
            abort(403)

        if request.method == 'POST':
            try:
                context['reset_password'] = True
                user_state = user_dict['state']
                new_password = self._get_form_password()
                user_dict['password'] = new_password
                username = request.params.get('name')
                if (username is not None and username != ''):
                    user_dict['name'] = username
                user_dict['reset_key'] = c.reset_key
                user_dict['state'] = model.State.ACTIVE
                user = get_action('user_update')(context, user_dict)
                mailer.create_reset_key(user_obj)

                h.flash_success(_("Your password has been reset."))
                h.redirect_to('/')
            except NotAuthorized:
                h.flash_error(_('Unauthorized to edit user %s') % id)
            except NotFound as e:
                h.flash_error(_('User not found'))
            except DataError:
                h.flash_error(_(u'Integrity Error'))
            except ValidationError as e:
                h.flash_error(u'%r' % e.error_dict)
            except ValueError as ve:
                h.flash_error(unicode(ve))
            user_dict['state'] = user_state

        c.user_dict = user_dict
        return render('user/perform_reset.html')
Пример #5
0
 def perform_reset(self, id):
     user = model.User.get(id)
     if user is None:
         abort(404)
     c.reset_key = request.params.get('key')
     if not mailer.verify_reset_link(user, c.reset_key):
         h.flash_error(_('Invalid reset key. Please try again.'))
         abort(403)
     if request.method == 'POST':
         try:
             user.password = self._get_form_password()
             model.Session.add(user)
             model.Session.commit()
             h.flash_success(_("Your password has been reset."))
             redirect('/')
         except ValueError, ve:
             h.flash_error(unicode(ve))
Пример #6
0
 def perform_reset(self, id):
     user = model.User.get(id)
     if user is None:
         abort(404)
     c.reset_key = request.params.get('key')
     if not mailer.verify_reset_link(user, c.reset_key):
         h.flash_error(_('Invalid reset key. Please try again.'))
         abort(403)
     if request.method == 'POST':
         try:
             user.password = self._get_form_password()
             model.Session.add(user)
             model.Session.commit()
             h.flash_success(_("Your password has been reset."))
             redirect('/')
         except ValueError, ve:
             h.flash_error(unicode(ve))
Пример #7
0
    def password_reset(self, user_id):
        context = {
            'model': model,
            'session': model.Session,
            'user': user_id,
            'keep_email': True
        }
        try:
            check_access('user_reset', context)
        except NotAuthorized:
            return h.redirect_to('home')

        try:
            logic.get_action('user_show')(context, {'id': user_id})
            user_obj = context['user_obj']
        except logic.NotFound:
            return base.render('user/expired_key.html')

        c.reset_key = request.params.get('key')
        if not ckan_mailer.verify_reset_link(user_obj, c.reset_key):
            # Invalid reset key.
            return base.render('user/expired_key.html')

        if request.method == 'POST':
            user_data = {
                'id': user_obj.id,
                'password': request.params.get('password')
            }
            if request.params.get('email', None) is not None:
                user_data['email'] = request.params.get('email')
            user_updated = self._edit_user(user_data)
            ckan_mailer.create_reset_key(user_obj)
            response.headers['Content-Type'] = self.json_content_type
            json_response = {
                'success': user_updated,
                'redirect_url': h.url_for('/ingresar')
            }
            return h.json.dumps(json_response, for_json=True)
        return base.render('user/perform_reset.html',
                           extra_vars={'user': user_obj})
Пример #8
0
        try:
            check_access('user_reset', context)
        except NotAuthorized:
            abort(401, _('Unauthorized to reset password.'))

        try:
            data_dict = {'id': id}
            user_dict = get_action('user_show')(context, data_dict)

            user_obj = context['user_obj']
        except NotFound, e:
            abort(404, _('User not found'))

        c.reset_key = request.params.get('key')
        if not mailer.verify_reset_link(user_obj, c.reset_key):
            h.flash_error(_('Invalid reset key. Please try again.'))
            abort(403)

        if request.method == 'POST':
            try:
                context['reset_password'] = True
                new_password = self._get_form_password()
                user_dict['password'] = new_password
                user_dict['reset_key'] = c.reset_key
                user_dict['state'] = model.State.ACTIVE
                user = get_action('user_update')(context, user_dict)
                mailer.create_reset_key(user_obj)

                h.flash_success(_("Your password has been reset."))
                h.redirect_to('/')
Пример #9
0
        try:
            check_access('user_reset', context)
        except NotAuthorized:
            abort(401, _('Unauthorized to reset password.'))

        try:
            data_dict = {'id': id}
            user_dict = get_action('user_show')(context, data_dict)

            user_obj = context['user_obj']
        except NotFound, e:
            abort(404, _('User not found'))

        c.reset_key = request.params.get('key')
        if not mailer.verify_reset_link(user_obj, c.reset_key):
            h.flash_error(_('Invalid reset key. Please try again.'))
            abort(403)

        if request.method == 'POST':
            try:
                context['reset_password'] = True
                new_password = self._get_form_password()
                user_dict['password'] = new_password
                user_dict['reset_key'] = c.reset_key
                user_dict['state'] = model.State.ACTIVE
                user = get_action('user_update')(context, user_dict)

                h.flash_success(_("Your password has been reset."))
                h.redirect_to('/')
            except NotAuthorized:
Пример #10
0
def _login(context, data_dict):
    if toolkit.c.user:
        # Don't offer the reset form if already logged in
        log.warning("User already logged in")
        raise toolkit.NotAuthorized('user already logged in, logout first')

    # Check if parameters are present
    try:
        user_id = data_dict.get('id')
        if not user_id:
            email = data_dict['email'].lower()
            # Check email is valid
            if not util.check_email(email):
                raise toolkit.ValidationError({'email': 'invalid email'})
            # get the user id
            user_id = util.get_user_id(email)
            if not user_id:
                raise toolkit.ValidationError({
                    'email':
                    'email does not correspond to a registered user'
                })
    except KeyError:
        raise toolkit.ValidationError({'email': 'missing email'})
    try:
        orig_key = data_dict['key']
    except KeyError:
        raise toolkit.ValidationError({'key': 'missing token'})

    if len(orig_key) <= 32 and not orig_key.startswith("b'"):
        key = "b'{0}'".format(orig_key)
    else:
        key = orig_key
    log.debug('login: {0} ({1}) => {2}'.format(user_id, orig_key, key))

    # get whether to return context (UI) or just a message (API)
    return_context = data_dict.get('return_context', False)

    try:
        data_dict = {'id': user_id}
        user_dict = logic.get_action('user_show')(context, data_dict)
        user_obj = context['user_obj']
        email = user_dict.get('email', user_obj.email)
    except logic.NotFound:
        raise logic.NotFound('"%s" matched several users' % user_id)
    except toolkit.NotAuthorized:
        raise toolkit.NotAuthorized('Exception (Not Authorized) email = ' +
                                    str(email) + 'id = ' + str(user_id))
    if not user_obj or not mailer.verify_reset_link(user_obj, key):
        raise toolkit.ValidationError({'key': 'token provided is not valid'})

    flask.session['ckanext-passwordless-user'] = user_dict['name']

    # remove token
    mailer.create_reset_key(user_obj)

    # log the user in programmatically
    try:
        _set_repoze_user_only(user_dict['name'])
    except TypeError as e:
        log.warning("Exception at login: {0}".format(e))

    # delete attempts from Redis
    log.debug("Redis: reset attempts for {0}".format(email))
    redis_conn = connect_to_redis()
    redis_conn.delete(email)

    # make sure the master API key exists
    apikey = util.renew_master_token(user_dict['name'])

    # return message or context
    if return_context:
        return context
    else:
        user_obj = context.get('user_obj', None)
        result_json = {
            'user': {
                'email': user_obj.email,
                'id': user_obj.id,
                'name': user_obj.name,
                'apikey': apikey,
                'fullname': user_obj.fullname
            },
            'message': "login success"
        }
        return result_json
Пример #11
0
class GDPRUserController(UserController):
    new_user_form = 'user/register.html'
    edit_user_form = 'user/gdpr_edit_user_form.html'

    def _save_new(self, context):
        context['schema'] = schema.user_new_form_schema()
        return UserController._save_new(self, context)

    def edit_me(self, locale=None):
        if not c.user:
            h.redirect_to(locale=locale,
                          controller='user',
                          action='login',
                          id=None)
        user_ref = c.userobj.get_reference_preferred_for_uri()
        h.redirect_to(locale=locale,
                      controller='ckanext.gdpr.controller:GDPRUserController',
                      action='edit',
                      id=user_ref)

    def perform_reset(self, id):
        # FIXME 403 error for invalid key is a non helpful page
        context = {
            'model': model,
            'session': model.Session,
            'user': id,
            'keep_email': True
        }

        try:
            logic.check_access('user_reset', context)
        except logic.NotAuthorized:
            abort(403, _('Unauthorized to reset password.'))

        try:
            data_dict = {'id': id}
            user_dict = logic.get_action('user_show')(context, data_dict)

            user_obj = context['user_obj']
        except logic.NotFound, e:
            abort(404, _('User not found'))

        c.reset_key = request.params.get('key')
        if not mailer.verify_reset_link(user_obj, c.reset_key):
            h.flash_error(_('Invalid reset key. Please try again.'))
            abort(403)

        if request.method == 'POST':
            try:
                context['reset_password'] = True
                new_password = self._get_form_password()
                user_dict['password'] = new_password
                user_dict['reset_key'] = c.reset_key
                user_dict['state'] = model.State.ACTIVE

                # Include policies into user dict
                for key in request.params:
                    if key.startswith('policy-'):
                        user_dict[key] = request.params.getone(key)

                user = logic.get_action('user_update')(context, user_dict)
                mailer.create_reset_key(user_obj)

                h.flash_success(_("Your password has been reset."))
                h.redirect_to('/')
            except logic.NotAuthorized:
                h.flash_error(_('Unauthorized to edit user %s') % id)
            except logic.NotFound, e:
                h.flash_error(_('User not found'))
            except dictization_functions.DataError:
                h.flash_error(_(u'Integrity Error'))