def post_login( mongodb ):
if helper.get_user( mongodb ):
redirect( "/" )
username = request.forms.get('username')
password = request.forms.get('password')
errors = []
user = mongodb['users'].find_one( { 'name': username } )
#Show same error for both: username does not exist AND incorrect password
if not user or user['password'] != bcrypt.hashpw( password, user['password'] ):
errors.append( "badpass" )
if len( errors ) > 0:
return helper.template( 'user/login', errors=errors, form=request.forms, errorMap=loginErrors )
session_key = binascii.hexlify( os.urandom( 32 ) )
mongodb['users'].update(
{ "name": username },
{
"$set": { "session_key": session_key }
}
)
helper.c_set( "session_key", session_key )
redirect( "/" )
def admin(mongodb):
user = helper.get_user(mongodb)
if not user or "admin" not in user.get("roles", []):
redirect("/")
return helper.template("admin/admin", user=user)
def profile( mongodb ): user = helper.get_user( mongodb ) if not user: redirect( "/" ) return helper.template( 'user/profile', user=user )
def admin_users(mongodb, search="", index=0, count=10):
user = helper.get_user(mongodb)
if not user or "admin" not in user.get("roles", []):
redirect("/")
if len(search) == 0:
users = mongodb["users"].find().skip(index).limit(count)
else:
users = mongodb["users"].find({"name": search}).skip(index).limit(count)
return helper.template("admin/admin", user=user, main=template("admin/users", users=users))
def templates( mongodb, search="", index=0, count=10 ):
user = helper.get_user( mongodb )
if not user:
redirect("/")
if len( search ) == 0:
templates = mongodb['templates'].find( { "owner": user['_id'] }).skip( index ).limit( count )
else:
templates = mongodb['templates'].find( { "owner": user['_id'], "name": { "$regex": search } } ).skip( index ).limit( count )
return helper.template( 'templates/templates', user=user, templates=templates )
def post_signup( mongodb ):
if helper.get_user( mongodb ):
redirect( "/" )
username = request.forms.get('username')
password1 = request.forms.get('password1')
password2 = request.forms.get('password2')
email = request.forms.get('email')
errors = []
if len( username ) == 0:
errors.append( "usernameblank" )
if len( password1 ) == 0:
errors.append( "password1blank" )
if len( password2 ) == 0:
errors.append( "password2blank" )
if options.email_required and len( email ) == 0:
errors.append( "emailblank" )
if mongodb['users'].find( { "name": username } ).count() > 0:
errors.append( "nametaken" )
if password1 != password2:
errors.append( "nomatch" )
if len( errors ) > 0:
return helper.template( 'user/signup', errors=errors, form=request.forms, errorMap=signupErrors )
salt = bcrypt.gensalt()
hash = bcrypt.hashpw( password1, salt )
user_obj = {
'name': username,
'password': hash
}
mongodb['users'].insert( user_obj )
if email and len(email) > 0:
helper.add_email( mongodb, username, email )
helper.send_verification_email( mongodb, username, email )
redirect( "/login" )
def editor( mongodb, filename=None ):
user = helper.get_user( mongodb )
if not user:
redirect( '/' )
if filename:
template = mongodb['templates'].find_one( { "owner": user['_id'], "name": filename } )
else:
template = helper.new_template( user )
return helper.template(
"templates/editor",
user=user,
template=template,
js=['markdown','codemirror.min','jquery.ba-dotimeout.min', 'render','plugins/basic'],
css=['codemirror','document']
)
def editor( mongodb, template_name=None, document_name=None ):
user = helper.get_user( mongodb )
if not user:
redirect("/")
if template_name:
template = mongodb['templates'].find_one( { "owner": user['_id'], "name": template_name } )
if not template:
redirect( "/documents" )
document = { "raw": template['raw'], "name": "", "form": {} }
elif document_name:
document = mongodb['document'].find_one( { "owner": user['_id'], "name": document_name } )
if not document:
redirect( "/documents" )
else:
redirect( "/documents" )
return helper.template( 'documents/editor', user=user, document=document, js=['jquery.ba-dotimeout.min','markdown','render','plugins/basic'] )
def home( mongodb ):
return helper.template('home', user=helper.get_user(mongodb) )
def login( mongodb ):
if helper.get_user( mongodb ):
redirect( "/" )
return helper.template('user/login')
def signup( mongodb ): if helper.get_user( mongodb ): redirect( "/" ) return helper.template( 'user/signup' )