def POST(self): # Reads the email in the HTTP request parameters email = web.input(email=None).email # Check if the user exists and is active user = User.get_user(email) if user is None or not user.active: raise http.Forbidden("Utilisateur inconnu") # Checks if there is already an active password token matching this email current_password_token = PasswordToken.get_password_token(email) if current_password_token is not None: formatted_creation_dt = formatting.format_date( dates.change_timezone(current_password_token.creation_dt), "%d/%m/%y %H:%M") raise http.Forbidden(u"Demande similaire déjà effectuée le %s" % formatted_creation_dt) # Creates a new password token valid for 2 days password_token = PasswordToken( validity=2, user=user, token=PasswordToken.generate_random_token(16)) config.orm.add(password_token) # Registers an email notification http.register_hook( lambda: notify_via_email(password_token, Events.NEW)) return u"Instructions en cours d'envoi à %s" % email
def POST(self): # Reads the HTTP request parameters http_input = web.input(poll_id=None, poll_user_choices=[]) poll_id = http_input.poll_id poll_user_choices = http_input.poll_user_choices # Loads the poll if poll_id is None: raise web.notfound() poll = Poll.get(int(poll_id), joined_attrs=["choices", "votes_by_user"]) if poll is None: raise web.notfound() # Passes the user's choices to the model try: # Parses the choice numbers & makes sure they're valid poll_user_choices = map(int, poll_user_choices) if any(i not in range(len(poll.choices)) for i in poll_user_choices): raise ValueError( u"Un des entiers passes a la methode /poll/vote n'est pas compris dans l'intervalle %s" % range(len(poll.choices))) # Determines if it's the first vote ever in the poll someone_already_voted = poll.has_votes # Determines if it's the first vote for the user user_already_voted = config.session_manager.user in poll.choices_by_user # Actual vote action for the user poll_vote = poll.vote(config.session_manager.user, [poll.choices[i] for i in poll_user_choices]) # Registers an email notification http.register_hook(lambda: notify_via_email( poll_vote, Events.MODIFIED if user_already_voted else Events.NEW)) return dict(data=config.views.poll_votes( poll, highlight_user=config.session_manager.user if someone_already_voted else None), partial=someone_already_voted) except ValueError as exception: raise http.Forbidden(exception)
def GET(self): # Reads the token in the HTTP request parameters token = web.input(token=None).token # Checks if the token is valid user_token = UserToken.get_token(token) if user_token is None or user_token.expired: raise http.Forbidden() # The fieldset is not bound to any specific instance : the token is passed because it contains the email user_fieldset = user_forms.NewUserFieldSet(user_token) return config.views.layout(config.views.creation_form(user_fieldset))
def GET(self): # Reads the token in the HTTP request parameters token = web.input(token=None).token # Checks if the token is valid password_token = PasswordToken.get_token(token) if password_token is None or password_token.expired: raise http.Forbidden() # The fieldset is bound to the user associated with the token password_fieldset = user_forms.NewPasswordFieldSet().bind( password_token.user) return config.views.layout( config.views.creation_form(password_fieldset))
def wrapped_controller(*args): """ The method which replaces the actual controller """ # Loads the session (if it exists) & reads the user stored in the session backend user = config.session_manager.user if user is None: # If the requested path is not the site's index, keep # track of it to redirect the user after successful login path = web.ctx.path requested_path_parameter = "?next=%s" % path if path != "/" else "" raise web.seeother("/login%s" % requested_path_parameter) elif not user.check_level(base_level): # Checks if the user has sufficient access : use cases include administration pages, and scenarios where the user was disabled # In this case, the user will get 403 errors as long as its session is valid raise http.Forbidden() # Everything is fine, the controller method can be executed return controller(*args)
def POST(self): # Reads the token in the HTTP request parameters token = web.input(token=None).token # Checks if the token is valid user_token = UserToken.get_token(token) if user_token is None or user_token.expired: raise http.Forbidden() # The fieldset is bound to the form data & the session : the token is passed because it contains the level user_fieldset = user_forms.NewUserFieldSet(user_token).bind( data=web.input(), session=config.orm) # Synchronizes the fieldset & registers a delayed login of the user (because the user id is not available yet) if user_fieldset.validate(): user_fieldset.sync() http.register_hook( lambda: session.login_workflow(user_fieldset.model)) raise web.seeother("/") else: return config.views.layout( config.views.creation_form(user_fieldset))
def POST(self): # Reads the token in the HTTP request parameters token = web.input(token=None).token # Checks if the token is valid password_token = PasswordToken.get_token(token) if password_token is None or password_token.expired: raise http.Forbidden() # The fieldset is bound to the form data & the user associated with the token : the token itself is passed because it should expire when successfully used password_fieldset = user_forms.NewPasswordFieldSet( password_token).bind(password_token.user, data=web.input()) # Synchronizes the fieldset & registers a delayed login of the user (we could do it now but it's better to isolate the login process) if password_fieldset.validate(): password_fieldset.sync() http.register_hook( lambda: session.login_workflow(password_fieldset.model)) raise web.seeother("/") else: return config.views.layout( config.views.creation_form(password_fieldset))