def del_user(request): """Remove a bad user from the system via the api. For admin use only. Removes all of a user's bookmarks before removing the user. """ mdict = request.matchdict # Submit a username. del_username = mdict.get('username', None) if del_username is None: LOG.error('No username to remove.') request.response.status_int = 400 return _api_response(request, { 'error': 'Bad Request: No username to remove.', }) u = UserMgr.get(username=del_username) if not u: LOG.error('Username not found.') request.response.status_int = 404 return _api_response(request, { 'error': 'User not found.', })
def suspend_acct(request): """Reset a user account to enable them to change their password""" params = request.params user = request.user # we need to get the user from the email email = params.get('email', None) if email is None and hasattr(request, 'json_body'): # try the json body email = request.json_body.get('email', None) if user is None and email is None: request.response.status_int = 406 return _api_response(request, { 'error': "Please submit an email address", }) if user is None and email is not None: user = UserMgr.get(email=email) if user is None: request.response.status_int = 404 return _api_response(request, { 'error': "Please submit a valid address", 'email': email }) # check if we've already gotten an activation for this user if user.activation is not None: request.response.status_int = 406 return _api_response(request, { 'error': """You've already marked your account for reactivation. Please check your email for the reactivation link. Make sure to check your spam folder.""", 'username': user.username, }) # mark them for reactivation user.reactivate("FORGOTTEN") # log it AuthLog.reactivate(user.username) # and then send an email notification # @todo the email side of things settings = request.registry.settings msg = ReactivateMsg(user.email, "Activate your account", settings) msg.send({ 'url': request.route_url( 'reset', username=user.username, reset_key=user.activation.code), 'username': user.username }) return _api_response(request, { 'message': """Your account has been marked for reactivation. Please check your email for instructions to reset your password.""", })
def del_user(request): """Remove a bad user from the system via the api. For admin use only. Removes all of a user's bookmarks before removing the user. """ mdict = request.matchdict # Submit a username. del_username = mdict.get('username', None) if del_username is None: LOG.error('No username to remove.') request.response.status_int = 400 return _api_response(request, { 'error': 'Bad Request: No username to remove.', }) u = UserMgr.get(username=del_username) if not u: LOG.error('Username not found.') request.response.status_int = 404 return _api_response(request, { 'error': 'User not found.', })
def suspend_acct(request): """Reset a user account to enable them to change their password""" params = request.params user = request.user # we need to get the user from the email email = params.get('email', None) if email is None and hasattr(request, 'json_body'): # try the json body email = request.json_body.get('email', None) if user is None and email is None: request.response.status_int = 406 return _api_response(request, { 'error': "Please submit an email address", }) if user is None and email is not None: user = UserMgr.get(email=email) if user is None: request.response.status_int = 404 return _api_response(request, { 'error': "Please submit a valid address", 'email': email }) # check if we've already gotten an activation for this user if user.activation is not None: request.response.status_int = 406 return _api_response(request, { 'error': """You've already marked your account for reactivation. Please check your email for the reactivation link. Make sure to check your spam folder.""", 'username': user.username, }) # mark them for reactivation user.reactivate("FORGOTTEN") # log it AuthLog.reactivate(user.username) # and then send an email notification # @todo the email side of things settings = request.registry.settings msg = ReactivateMsg(user.email, "Activate your account", settings) msg.send({ 'url': request.route_url( 'reset', username=user.username, reset_key=user.activation.code), 'username': user.username }) return _api_response(request, { 'message': """Your account has been marked for reactivation. Please check your email for instructions to reset your password.""", })
def username_exists(username): user = UserMgr.get(username=username) response_dict = {} if user is None: response_dict['exists'] = False else: response_dict['exists'] = True return response_dict
def user(self): # <your database connection, however you get it, the below line # is just an example> # dbconn = self.registry.settings['dbconn'] user_id = unauthenticated_userid(self) if user_id is not None: # this should return None if the user doesn't exist # in the database user = UserMgr.get(user_id=user_id) return user
def account_activate(request): """Reset a user after being suspended :param username: required to know what user we're resetting :param activation: code needed to activate :param password: new password to use for the user """ params = request.params username = params.get('username', None) activation = params.get('code', None) password = params.get('password', None) new_username = params.get('new_username', None) if username is None and activation is None and password is None: # then try to get the same fields out of a json body json_body = request.json_body username = json_body.get('username', None) activation = json_body.get('code', None) password = json_body.get('password', None) new_username = json_body.get('new_username', None) if not UserMgr.acceptable_password(password): request.response.status_int = 406 return _api_response(request, { 'error': "Come on, pick a real password please", }) res = ActivationMgr.activate_user(username, activation, password) if res: # success so respond nicely AuthLog.reactivate(username, success=True, code=activation) # if there's a new username and it's not the same as our current # username, update it if new_username and new_username != username: try: user = UserMgr.get(username=username) user.username = new_username except IntegrityError, exc: request.response.status_int = 500 return _api_response(request, { 'error': 'There was an issue setting your new username', 'exc': str(exc) }) return _api_response(request, { 'message': "Account activated, please log in.", 'username': username, })
def reset(request): """Once deactivated, allow for changing the password via activation key""" rdict = request.matchdict params = request.params message = '' # This is an initial request to show the activation form. username = rdict.get('username', None) activation_key = rdict.get('reset_key', None) user = ActivationMgr.get_user(username, activation_key) if user is None: # just 404 if we don't have an activation code for this user raise HTTPNotFound() if 'code' in params: # This is a posted form with the activation, attempt to unlock the # user's account. username = params.get('username', None) activation = params.get('code', None) password1 = params.get('password1', None) password2 = params.get('password2', None) new_username = params.get('new_username', None) res = ActivationMgr.activate_user(username, activation, password1) if res: # success so respond nicely AuthLog.reactivate(username, success=True, code=activation) # if there's a new username and it's not the same as our current # username, update it if new_username and new_username != username: try: user = UserMgr.get(username=username) user.username = new_username except IntegrityError, exc: message = 'There was an issue setting your new username. Please try again.' else: AuthLog.reactivate(username, success=False, code=activation) message = 'There was an issue attempting to activate this account.' if message is not '': return { 'message': message, 'user': user } else: # log the user out to have them re-login with the new password headers = forget(request) return HTTPFound(location=route_url('login', request), headers=headers)
def account_activate(request): """Reset a user after being suspended :param username: required to know what user we're resetting :param activation: code needed to activate :param password: new password to use for the user """ params = request.params username = params.get('username', None) activation = params.get('code', None) password = params.get('password', None) new_username = params.get('new_username', None) if username is None and activation is None and password is None: # then try to get the same fields out of a json body json_body = request.json_body username = json_body.get('username', None) activation = json_body.get('code', None) password = json_body.get('password', None) new_username = json_body.get('new_username', None) if not UserMgr.acceptable_password(password): request.response.status_int = 406 return _api_response(request, { 'error': "Come on, pick a real password please", }) res = ActivationMgr.activate_user(username, activation, password) if res: # success so respond nicely AuthLog.reactivate(username, success=True, code=activation) # if there's a new username and it's not the same as our current # username, update it if new_username and new_username != username: try: user = UserMgr.get(username=username) user.username = new_username except IntegrityError, exc: request.response.status_int = 500 return _api_response(request, { 'error': 'There was an issue setting your new username', 'exc': str(exc) }) return _api_response(request, { 'message': "Account activated, please log in.", 'username': username, })
def account(request): """Index of account page You can only load your own account page. If you try to view someone else's you'll just end up with your own. """ # if auth fails, it'll raise an HTTPForbidden exception with ReqAuthorize(request): user = UserMgr.get(username=request.user.username) return { 'user': user, 'username': user.username, }
def reset(request): """Once deactivated, allow for changing the password via activation key""" rdict = request.matchdict params = request.params # This is an initial request to show the activation form. username = rdict.get('username', None) activation_key = rdict.get('reset_key', None) user = ActivationMgr.get_user(username, activation_key) if user is None: # just 404 if we don't have an activation code for this user raise HTTPNotFound() if 'code' in params: # This is a posted form with the activation, attempt to unlock the # user's account. username = params.get('username', None) activation = params.get('code', None) password = params.get('new_password', None) new_username = params.get('new_username', None) error = None if not UserMgr.acceptable_password(password): # Set an error message to the template. error = "Come on, pick a real password please." else: res = ActivationMgr.activate_user(username, activation, password) if res: # success so respond nicely AuthLog.reactivate(username, success=True, code=activation) # if there's a new username and it's not the same as our current # username, update it if new_username and new_username != username: try: user = UserMgr.get(username=username) user.username = new_username except IntegrityError, exc: error = 'There was an issue setting your new username' else: AuthLog.reactivate(username, success=False, code=activation) error = 'There was an issue attempting to activate this account.'
def accounts_invites_add(request): """Set the number of invites a user has available. :matchdict username: The user to give these invites to. :matchdict count: The number of invites to give them. """ rdict = request.matchdict username = rdict.get('username', None) count = rdict.get('count', None) if username is not None and count is not None: user = UserMgr.get(username=username) if user: user.invite_ct = count return _api_response(request, dict(user)) else: request.response.status_int = 404 ret = {'error': "Invalid user account."} return _api_response(request, ret) else: request.response.status_int = 400 ret = {'error': "Bad request, missing parameters"} return _api_response(request, ret)
def accounts_invites_add(request): """Set the number of invites a user has available. :matchdict username: The user to give these invites to. :matchdict count: The number of invites to give them. """ rdict = request.matchdict username = rdict.get('username', None) count = rdict.get('count', None) if username is not None and count is not None: user = UserMgr.get(username=username) if user: user.invite_ct = count return _api_response(request, dict(user)) else: request.response.status_int = 404 ret = {'error': "Invalid user account."} return _api_response(request, ret) else: request.response.status_int = 400 ret = {'error': "Bad request, missing parameters"} return _api_response(request, ret)
def invite_user(request): """Invite a new user into the system. :param username: user that is requested we invite someone :param email: email address of the new user """ params = request.params email = params.get('email', None) user = request.user if not email: # try to get it from the json body email = request.json_body.get('email', None) if not email: # if still no email, I give up! request.response.status_int = 406 return _api_response(request, { 'username': user.username, 'error': "Please submit an email address" }) # first see if the user is already in the system exists = UserMgr.get(email=email) if exists: request.response.status_int = 406 return _api_response(request, { 'username': exists.username, 'error': "This user is already a user!" }) new_user = user.invite(email) if new_user: LOG.error(new_user.username) # then this user is able to invite someone # log it AuthLog.reactivate(new_user.username) # and then send an email notification # @todo the email side of things settings = request.registry.settings msg = InvitationMsg(new_user.email, "Enable your account", settings) msg.send( request.route_url( 'reset', username=new_user.username, reset_key=new_user.activation.code)) return _api_response(request, { 'message': 'You have invited: ' + new_user.email }) else: # you have no invites request.response.status_int = 406 return _api_response(request, { 'username': user.username, 'error': "You have no invites left at this time." })
def login(request): """Login the user to the system If not POSTed then show the form If error, display the form with the error message If successful, forward the user to their /recent Note: the came_from stuff we're not using atm. We'll clean out if we keep things this way """ # in case they're already logged-in just send them to their profile page for now if request.user: headers = remember(request, request.user.id, max_age=max_cookie_age) return HTTPFound(location=request.route_url('user_account', username=request.user.username),headers=headers) login_url = route_url('login', request) referrer = request.url if referrer == login_url: referrer = '/' # never use the login form itself as came_from came_from = request.params.get('came_from', referrer) message = '' email = '' password = '' headers = None # import pdb; pdb.set_trace() if 'form.submitted' in request.params: email = request.params['email'] password = request.params['password'] LOG.debug(email) auth = UserMgr.get(email=email) LOG.debug(auth) LOG.debug(UserMgr.get_list()) if auth and auth.validate_password(password) and auth.activated: # We use the Primary Key as our identifier once someone has # authenticated rather than the username. You can change what is # returned as the userid by altering what is passed to remember. headers = remember(request, auth.id, max_age=max_cookie_age) auth.last_login = datetime.utcnow() # log the successful login AuthLog.login(auth.username, True) # we're always going to return a user to their own /recent after a # login # return HTTPFound( # location=request.route_url( # 'user_bmark_recent', # username=auth.username), # headers=headers) return HTTPFound( location=request.route_url( 'user_account', username=auth.username), headers=headers) # log the right level of problem if auth and not auth.validate_password(password): message = "Your login attempt has failed." AuthLog.login(email, False, password=password) elif auth and not auth.activated: message = "User account deactivated. Please check your email." AuthLog.login(email, False, password=password) AuthLog.disabled(email) elif auth is None: message = "Failed login" AuthLog.login(email, False, password=password) # in case they're already logged-in just send them to their profile page for now if request.user: headers = remember(request, request.user.id, max_age=max_cookie_age) return HTTPFound( location=request.route_url( 'user_account', username=request.user.username), headers=headers) return { 'message': message, 'came_from': came_from, 'email': email, 'password': password, }
def forgot_password(request): """Login the user to the system If not POSTed then show the form If error, display the form with the error message If successful, forward the user to their /recent Note: the came_from stuff we're not using atm. We'll clean out if we keep things this way """ # in case they're already logged-in just send them to their profile page for now if request.user: headers = remember(request, request.user.id, max_age=max_cookie_age) return HTTPFound(location=request.route_url('user_account', username=request.user.username),headers=headers) fp_url = route_url('forgot_password', request) referrer = request.url if referrer == fp_url: referrer = '/' # never use the login form itself as came_from came_from = request.params.get('came_from', referrer) # message = '' # login = '' # password = '' # import pdb; pdb.set_trace() if 'form.submitted' in request.params: email = request.params['email'] # password = request.params['password'] LOG.debug(email) user = UserMgr.get(email=email) LOG.debug(user) # LOG.debug(UserMgr.get_list()) settings = request.registry.settings if user: # Add a queue job to send the user a notification email. user.reactivate('forgot_password') tasks.email_forgot_password_user.delay( user.email, "Reset Your Password", settings, request.route_url( 'reset', username=user.username, reset_key=user.activation.code) ) message = 'An email has been sent with instructions for resetting your password. If you do not receive it within an hour or two, check your spam folder.' # # We use the Primary Key as our identifier once someone has # # authenticated rather than the username. You can change what is # # returned as the userid by altering what is passed to remember. # headers = remember(request, auth.id, max_age=60 * 60 * 24 * 30) # auth.last_login = datetime.utcnow() # # # log the successful login # AuthLog.login(login, True) # we're always going to return a user to their own /recent after a # login # return HTTPFound( # location=request.route_url( # 'user_bmark_recent', # username=auth.username), # headers=headers) # return HTTPFound( # location=request.route_url( # 'forgot_password_email_confirmed'), # headers=headers) if not user: message = 'There was an error attempting to find that email.' # log the right level of problem # if auth and not auth.validate_password(password): # message = "Your login attempt has failed." # AuthLog.login(login, False, password=password) # # elif auth and not auth.activated: # message = "User account deactivated. Please check your email." # AuthLog.login(login, False, password=password) # AuthLog.disabled(login) # # elif auth is None: # message = "Failed login" # AuthLog.login(login, False, password=password) return { 'message': message, 'came_from': came_from, }
def is_already_taken(form, field): if not field.data: raise ValidationError('Insert your email') exists = UserMgr.get(email=field.data) if exists: raise ValidationError('The user has already signed up.')
def signup(request): """Process the signup request If there are any errors drop to the same template with the error information. """ message = '' # import pdb; pdb.set_trace() if request.user and request.user.username: print("user logged in") return HTTPFound(location=request.route_url('user_account', username=request.user.username)) else: if request.method == 'POST': email = request.params['email'] # password = request.params['password'] LOG.debug(email) auth = UserMgr.get(email=email) if auth and auth.activated: return { 'email': '', 'message': 'A user with this email already exists.', } else: if auth and auth.activated is not True: message = 'Re-sending another signup to: ' + str(email) + '\nPlease check your email.' else: message = 'Thank you for signing up from: ' + str(email) + '\nPlease check your email.' request.session.flash(message) #return HTTPFound(location=request.route_url('signup_process2')) new_user = UserMgr.signup_user(email, 'signup') print "new_user: "******"Enable your account", settings, request.route_url( 'reset', username=new_user.username, reset_key=new_user.activation.code ) ) # And let the user know they're signed up. return {'message': message, 'email':email, } return {'email': '', 'message': message, }
def invite_user(request): """Invite a new user into the system. :param username: user that is requested we invite someone :param email: email address of the new user """ params = request.params email = params.get('email', None) user = request.user if not email: # try to get it from the json body email = request.json_body.get('email', None) if not email: # if still no email, I give up! request.response.status_int = 406 return _api_response(request, { 'username': user.username, 'error': "Please submit an email address" }) # first see if the user is already in the system exists = UserMgr.get(email=email) if exists: request.response.status_int = 406 return _api_response(request, { 'username': exists.username, 'error': "This user is already a user!" }) new_user = user.invite(email) if new_user: LOG.error(new_user.username) # then this user is able to invite someone # log it AuthLog.reactivate(new_user.username) # and then send an email notification # @todo the email side of things settings = request.registry.settings msg = InvitationMsg(new_user.email, "Enable your account", settings) msg.send( request.route_url( 'reset', username=new_user.username, reset_key=new_user.activation.code)) return _api_response(request, { 'message': 'You have invited: ' + new_user.email }) else: # you have no invites request.response.status_int = 406 return _api_response(request, { 'username': user.username, 'error': "You have no invites left at this time." })