def _get_description(self, group):
desc = _(u"Standard description for workspace links")
if group in ("Gasthoerer", "Studierende"):
desc = _(u"Students and guests description")
if group == "Alumni":
desc = _(u"Alumni description")
if group == "prophil":
desc = _(u"Prophil description")
if group == "Lehrende":
desc = _(u"Lectures description")
return desc
def _get_description(self, group):
desc = _(u'Standard description for workspace links')
if group in ('Gasthoerer', 'Studierende'):
desc = _(u'Students and guests description')
if group == 'Alumni':
desc = _(u'Alumni description')
if group == 'prophil':
desc = _(u'Prophil description')
if group == 'Lehrende':
desc = _(u'Lectures description')
return desc
def __call__(self):
# Send request email
if self.send_request_email():
# Redirect back to insufficient privilege page.
msg = _(u'Request sent.')
msg_type = 'info'
else:
msg = _(u'Unable to send request.')
msg_type = 'error'
IStatusMessage(self.request).addStatusMessage(msg, type=msg_type)
redirect_url = self.request.get('came_from')
return self.request.response.redirect(redirect_url)
def build_and_send(self, data):
addresses = self.get_addresses(data)
subject = _(u"Invitation to join the HfPH relaunch")
mail_tpl = self._build_mail(data)
mail_plain = create_plaintext_message(mail_tpl)
msg = prepare_email_message(mail_tpl, mail_plain)
send_mail(msg, addresses, subject)
IStatusMessage(self.request).addStatusMessage(
_(u"User invitation email has been sent successfully."),
type='info')
portal_url = api.portal.get().absolute_url()
next_url = '{0}/ws/'.format(portal_url)
return self.request.response.redirect(next_url)
def _handle_reset(self, data):
password = str(data.get('password'))
confirm = str(data.get('confirm'))
if len(password) < 8:
errors = {}
error = {}
error['active'] = True
error['msg'] = _(u"This field is required")
errors['password'] = error
self.errors = errors
IStatusMessage(self.request).addStatusMessage(
_(u"Passwords must consist of at least 8 characters"),
"error")
return self.request.response.redirect(self.context.absolute_url())
if confirm != password:
IStatusMessage(self.request).addStatusMessage(
_(u"The entered password and confirmation do not match."),
"error")
return self.request.response.redirect(self.context.absolute_url())
username = str(self.key)
member = api.user.get(username=username)
login_name = member.getProperty('email')
member.setSecurityProfile(password=password)
update_props = {'enabled': True, 'confirmed': True}
member.setMemberProperties(mapping=update_props)
acl = api.portal.get_tool(name='acl_users')
authenticated = acl.authenticate(login_name,
password,
self.request)
if authenticated:
acl.updateCredentials(self.request,
self.request.response,
login_name,
password)
login_time = member.getProperty('login_time', '2000/01/01')
base_url = '{0}/ws/{1}'.format(api.portal.get().absolute_url(),
username)
if not isinstance(login_time, DateTime):
login_time = DateTime(login_time)
initial_login = login_time == DateTime('2000/01/01')
if initial_login:
mtool = api.portal.get_tool(name='portal_membership')
mtool.createMemberarea(member_id=username)
next_url = '{0}?welcome_msg=1'.format(base_url)
else:
next_url = base_url
IStatusMessage(self.request).addStatusMessage(
_(u"You are now logged in."), "info")
self.request.response.redirect(next_url)
def applyChanges(self, data):
context = aq_inner(self.context)
registration = api.portal.get_tool(name="portal_registration")
pas = api.portal.get_tool(name="acl_users")
generator = getUtility(IUUIDGenerator)
properties = dict(fullname=data["fullname"], token=django_random.get_random_string(length=12))
existing = api.user.get(username=data["email"])
if not existing:
user_id = generator()
user_email = data["email"]
password = django_random.get_random_string(8)
properties["workspace"] = user_id
properties["email"] = user_email
registration.addMember(user_id, password)
pas.updateLoginName(user_id, user_email)
user = api.user.get(username=user_id)
user.setMemberProperties(mapping=properties)
else:
user = existing
user_id = user.getId()
for group in data["groups"]:
api.group.add_user(groupname=group, username=user_id)
IStatusMessage(self.request).addStatusMessage(
_(u"A new user acount has successfully been created"), type="info"
)
next_url = context.absolute_url()
return self.request.response.redirect(next_url)
def worklist(self):
context = aq_inner(self.context)
userinfo = self.user_info()
user_worklist = userinfo['worklist']
removable = []
worklist = []
for item_uid in user_worklist:
try:
item = api.content.get(UID=item_uid)
info = {}
info['uid'] = item_uid
info['title'] = item.Title()
if ILecture.providedBy(item):
next_url = '{0}/@@lecture-factory/{1}'.format(
context.absolute_url(), item_uid)
info['url'] = next_url
else:
info['url'] = item.absolute_url()
info['path'] = self.breadcrumbs(item)
worklist.append(info)
except:
removable.append(item_uid)
if len(removable):
removed = self._autoclean_worklist(removable)
msg = _(u"Removed {0} broken assignments from worklist".format(
removed))
api.portal.show_message(message=msg, request=self.request)
return worklist
def render(self):
idx = self.build_and_send()
IStatusMessage(self.request).addStatusMessage(
_(u"{0} invitation emails successfully sent.".format(idx)),
type='info')
url = '{0}/ws'.format(api.portal.get().absolute_url())
return self.request.response.redirect(url)
def update(self):
self.has_users = len(self.member_records()) > 0
unwanted = ('_authenticator', 'form.button.Submit')
required = ('title')
if 'form.button.Submit' in self.request:
authenticator = getMultiAdapter((self.context, self.request),
name=u"authenticator")
if not authenticator.verify():
raise Unauthorized
form = self.request.form
form_data = {}
form_errors = {}
error_idx = 0
for value in form:
if value not in unwanted:
form_data[value] = safe_unicode(form[value])
if not form[value] and value in required:
error = {}
error['active'] = True
error['msg'] = _(u"This field is required")
form_errors[value] = error
error_idx += 1
else:
error = {}
error['active'] = False
error['msg'] = form[value]
form_errors[value] = error
if error_idx > 0:
self.errors = form_errors
else:
self._search_records(form)
def update(self):
context = aq_inner(self.context)
self.requested_user_id = self.request.get('userid', None)
self.errors = {}
unwanted = ('_authenticator', 'form.button.Submit')
required = ('title')
if 'form.button.Submit' in self.request:
authenticator = getMultiAdapter((context, self.request),
name=u"authenticator")
if not authenticator.verify():
raise Unauthorized
form = self.request.form
form_data = {}
form_errors = {}
errorIdx = 0
for value in form:
if value not in unwanted:
form_data[value] = safe_unicode(form[value])
if not form[value] and value in required:
error = {}
error['active'] = True
error['msg'] = _(u"This field is required")
form_errors[value] = error
errorIdx += 1
else:
error = {}
error['active'] = False
error['msg'] = form[value]
form_errors[value] = error
if errorIdx > 0:
self.errors = form_errors
else:
self.build_and_send(form)
def update(self):
self.key = self.traverse_subpath[0]
self.token = self.traverse_subpath[1]
self.has_valid_token(self.token)
self.errors = {}
self.can_set_password = self.has_valid_token(self.token)
unwanted = ('_authenticator', 'form.button.Submit')
required = ('title')
if 'form.button.Submit' in self.request:
authenticator = getMultiAdapter((self.context, self.request),
name=u"authenticator")
if not authenticator.verify():
raise Unauthorized
form = self.request.form
form_data = {}
form_errors = {}
errorIdx = 0
for value in form:
if value not in unwanted:
form_data[value] = safe_unicode(form[value])
if not form[value] and value in required:
error = {}
error['active'] = True
error['msg'] = _(u"This field is required")
form_errors[value] = error
errorIdx += 1
else:
error = {}
error['active'] = False
error['msg'] = form[value]
form_errors[value] = error
if errorIdx > 0:
self.errors = form_errors
else:
self._handle_reset(form)
def handleLogin(self, action):
data, errors = self.extractData()
if errors:
self.status = self.formErrorsMessage
return
membership_tool = getToolByName(self.context, 'portal_membership')
if membership_tool.isAnonymousUser():
self.request.response.expireCookie('__ac', path='/')
email_login = getToolByName(self.context, 'portal_properties') \
.site_properties.getProperty('use_email_as_login')
if email_login:
IStatusMessage(self.request).addStatusMessage(
_(u'Login failed. Both email address and password are case'
u' sensitive, check that caps lock is not enabled.'),
'error')
else:
IStatusMessage(self.request).addStatusMessage(
_(u'Login failed. Both login name and password are case '
u'sensitive, check that caps lock is not enabled.'),
'error')
return
member = membership_tool.getAuthenticatedMember()
login_time = member.getProperty('login_time', '2000/01/01')
if not isinstance(login_time, DateTime):
login_time = DateTime(login_time)
initial_login = login_time == DateTime('2000/01/01')
if initial_login:
# TODO: Redirect if this is initial login
pass
must_change_password = member.getProperty('must_change_password', 0)
if must_change_password:
# TODO: This user needs to change his password
pass
membership_tool.loginUser(self.request)
IStatusMessage(self.request).addStatusMessage(
_(u"You are now logged in."), "info")
if data['came_from']:
came_from = data['came_from']
else:
came_from = self.context.portal_url()
self.request.response.redirect(came_from)
def render(self):
portal_url = api.portal.get().absolute_url()
in_debug_mode = api.env.debug_mode()
actual_url = self.request.get('ACTUAL_URL')
if not in_debug_mode and not actual_url.startswith('https://'):
msg = _(u"The Discourse SSO endpoint can only be accessed via "
u"SSL since we do not support transfer of authentication "
u"tokens via unencrypted connections.")
api.portal.show_message(msg, self.request, type='info')
error_page = '{0}/@@discourse-sso-error'.format(portal_url)
return self.request.response.redirect(error_page)
discourse_url = self.get_stored_records(token='discourse_url')
sso_secret = self.get_stored_records(token='discourse_sso_secret')
if not discourse_url or not sso_secret:
msg = _(u"The Discourse SSO endpoint has not been configured yet")
api.portal.show_message(msg, self.request, type='info')
error_page = '{0}/@@discourse-sso-error'.format(portal_url)
return self.request.response.redirect(error_page)
payload = self.request.get('sso')
signature = self.request.get('sig')
if payload is None:
msg = _(u"Required parameters for SSO credential verification are "
u"missing in the request")
api.portal.show_message(msg, self.request, type='error')
error_page = '{0}/@@discourse-sso-error'.format(portal_url)
return self.request.response.redirect(error_page)
discourse_url = self.get_stored_records(token='discourse_url')
sso_secret = self.get_stored_records(token='discourse_sso_secret')
if api.user.is_anonymous():
url = '{0}/@@discourse-signin?sso={1}&sig={2}'.format(portal_url,
payload,
signature)
return self.request.response.redirect(url)
try:
nonce = self.sso_validate(payload,
signature,
sso_secret)
except DiscourseError as e:
return 'HTTP400 Error {}'.format(e) # Todo: implement handler
user = api.user.get_current()
url = self.sso_redirect_url(nonce,
sso_secret,
user.getProperty('email'),
user.getId(),
user.getProperty('fullname'))
return self.request.response.redirect(discourse_url + url)
def build_and_send(self):
addresses = self.get_addresses()
subject = _(u"Invitation to join the HfPH relaunch")
mail_tpl = self._build_mail()
mail_plain = create_plaintext_message(mail_tpl)
msg = prepare_email_message(mail_tpl, mail_plain)
send_mail(msg, addresses, subject)
return 'Done'
def render(self):
new_records = self.get_importable_records()
IStatusMessage(self.request).addStatusMessage(
_(u"External records stored for import"),
type='info')
here_url = self.context.absolute_url()
next_url = '{0}/@@user-manager?imported_records={1}'.format(
here_url, len(new_records))
return self.request.response.redirect(next_url)
def applyChanges(self, data):
context = aq_inner(self.context)
pwtool = api.portal.get_tool(name='portal_password_reset')
try:
pwtool.verifyKey(self.key)
except InvalidRequestError:
IStatusMessage(self.request).addStatusMessage(
_(u"This password request reset is invalid"),
type='info')
except ExpiredRequestError:
IStatusMessage(self.request).addStatusMessage(
_(u"This password request reset is invalid"),
type='info')
IStatusMessage(self.request).addStatusMessage(
_(u"A new password has been set"),
type='info')
next_url = context.absolute_url()
return self.request.response.redirect(next_url)
def _start_password_reset(self, userid):
user = self.get_user(userid)
subject = _(u"Invitation to join the HfPH portal")
mail_tpl = self._compose_message(userid, message_type='invitation')
mail_plain = create_plaintext_message(mail_tpl)
msg = prepare_email_message(mail_tpl, mail_plain)
recipients = list()
recipients.append(user.getProperty('email'))
send_mail(msg, recipients, subject)
return userid
def reset_user(self, userid):
user = self.get_user(userid)
subject = _(u"Please change your account information for HfPH")
mail_tpl = self._compose_message(userid, message_type='password')
mail_plain = create_plaintext_message(mail_tpl)
msg = prepare_email_message(mail_tpl, mail_plain)
recipients = list()
recipients.append(user.getProperty('email'))
send_mail(msg, recipients, subject)
return userid
def has_valid_token(self, token):
token = self.traverse_subpath[1]
user = api.user.get(userid=str(self.key))
try:
stored_token = user.getProperty('token', None)
except AttributeError:
IStatusMessage(self.request).addStatusMessage(
_(u"No matching user account found"),
type='error')
portal_url = api.portal.get().absolute_url()
error_url = '{0}/@@useraccount-error'.format(portal_url)
return self.request.response.redirect(error_url)
if stored_token is None:
IStatusMessage(self.request).addStatusMessage(
_(u"No stored access token found"),
type='error')
portal_url = api.portal.get().absolute_url()
error_url = '{0}/@@useraccount-error'.format(portal_url)
return self.request.response.redirect(error_url)
return self.is_equal(stored_token, token)
def user_info(self):
context = aq_inner(self.context)
info = {}
userid = context.getId()
user = api.user.get(username=userid)
info['fullname'] = user.getProperty('fullname', '') or userid
info['email'] = user.getProperty('email', _(u"No email provided"))
info['login_time'] = user.getProperty('last_login_time', '')
info['enabled'] = user.getProperty('enabled', '')
info['confirmed'] = user.getProperty('confirmed', '')
info['worklist'] = user.getProperty('worklist', list())
return info
def user_info(self):
context = aq_inner(self.context)
info = {}
userid = context.getId()
user = api.user.get(username=userid)
info["fullname"] = user.getProperty("fullname", "") or userid
info["email"] = user.getProperty("email", _(u"No email provided"))
info["login_time"] = user.getProperty("last_login_time", "")
info["enabled"] = user.getProperty("enabled", "")
info["confirmed"] = user.getProperty("confirmed", "")
info["worklist"] = user.getProperty("worklist", list())
return info
def handleLogin(self, action):
data, errors = self.extractData()
if errors:
self.status = self.formErrorsMessage
return
membership_tool = api.portal.get_tool(name='portal_membership')
if membership_tool.isAnonymousUser():
self.request.response.expireCookie('__ac', path='/')
email_login = api.portal.get_tool(name='portal_properties') \
.site_properties.getProperty('use_email_as_login')
if email_login:
api.portal.show_message(
_(u'Login failed. Both email address and password are case'
u' sensitive, check that caps lock is not enabled.'),
self.request,
type='error')
else:
api.portal.show_message(
_(u'Login failed. Both login name and password are case '
u'sensitive, check that caps lock is not enabled.'),
self.request,
type='error')
return
member = membership_tool.getAuthenticatedMember()
login_time = member.getProperty('login_time', '2000/01/01')
if not isinstance(login_time, DateTime):
login_time = DateTime(login_time)
membership_tool.loginUser(self.request)
api.portal.show_message(
_(u"You are now logged in."), self.request, type="info")
url = '{0}/@@discourse-sso?sso={1}&sig={2}'.format(
self.context.portal_url(), data['sso'], data['sig'])
self.request.response.redirect(url)
def build_and_send(self):
addresses = self.get_addresses()
idx = 0
for addr in addresses:
user = api.user.get(username=addr.getId())
confirmed = user.getProperty('confirmed', None)
if confirmed is False:
userid = user.getId()
subject = _(u"Einladung zur neuen hfph.de Seite")
mail_tpl = self._compose_invitation_message(userid)
mail_plain = create_plaintext_message(mail_tpl)
msg = prepare_email_message(mail_tpl, mail_plain)
recipients = list()
recipients.append(addr.getProperty('email'))
send_mail(msg, recipients, subject)
idx += 1
return idx
def render(self):
context = aq_inner(self.context)
authenticator = getMultiAdapter((context, self.request),
name=u"authenticator")
if not authenticator.verify():
raise Unauthorized
user_id = self.request.get('user-id', None)
tool = getUtility(IHPHMemberTool)
if tool.can_manage_users(context):
tool.remove_user(user_id)
base_url = '{0}/@@user-management'.format(context.absolute_url())
next_url = '{0}?_authenticator={1}'.format(
base_url,
authenticator.token()
)
api.portal.show_message(
message=_(u"User account successfully removed form portal"),
request=self.request)
return self.request.response.redirect(next_url)
def render(self):
context = aq_inner(self.context)
authenticator = getMultiAdapter((context, self.request),
name=u"authenticator")
if not authenticator.verify():
raise Unauthorized
user_id = self.request.get('user-id', None)
tool = getUtility(IHPHMemberTool)
if tool.can_manage_users(context):
tool.update_user(user_id, {
'enabled': False
})
base_url = '{0}/@@user-manager-details?user-id={1}'.format(
context.absolute_url(),
user_id
)
next_url = '{0}&_authenticator={1}'.format(
base_url,
authenticator.token()
)
api.portal.show_message(
message=_(u"User was successfully disabled."),
request=self.request)
return self.request.response.redirect(next_url)
def handleCancel(self, action):
context = aq_inner(self.context)
IStatusMessage(self.request).addStatusMessage(_(u"Process has been cancelled."), type="info")
return self.request.response.redirect(context.absolute_url())