def create_model(self, form):
if form.auth_data.data == '':
form.auth_data.errors.append(lazy_gettext("This field is required."))
return False
form.auth_data.data = create_salted_password(form.auth_data.data)
model = super(UsersView, self).create_model(form)
model.creation_date = datetime.datetime.now()
return model
def update_model(self, form, model):
old_auth_data = model.auth_data
if form.auth_data.data != '':
form.auth_data.data = create_salted_password(form.auth_data.data)
return_value = super(UsersView, self).update_model(form, model)
if form.auth_data.data == '':
model.auth_data = old_auth_data
self.session.add(model)
self.session.commit()
return return_value
def update_model(self, form, model):
old_auth_data = model.auth_data
if form.auth_data.data != '':
form.auth_data.data = create_salted_password(form.auth_data.data)
return_value = super(UsersView, self).update_model(form, model)
if form.auth_data.data == '':
model.auth_data = old_auth_data
self.session.add(model)
self.session.commit()
return return_value
def create_model(self, form):
if form.auth_data.data == '':
form.auth_data.errors.append(
lazy_gettext("This field is required."))
return False
form.auth_data.data = create_salted_password(form.auth_data.data)
model = super(UsersView, self).create_model(form)
model.creation_date = datetime.datetime.now()
return model
def create_user(login, name, password):
"""
Creates a new user and adds it to the DB.
"""
password = create_salted_password("password")
user = User(login, name, password, "*****@*****.**", None, None,
datetime.datetime.now(), datetime.datetime.now(), "userpass", password)
db.session.add(user)
db.session.commit()
return user
def create_user(login, name, password):
"""
Creates a new user and adds it to the DB.
"""
password = create_salted_password("password")
user = User(login, name, password, "*****@*****.**", None, None,
datetime.datetime.now(), datetime.datetime.now(), "userpass",
password)
db.session.add(user)
db.session.commit()
return user
def index(self):
"""
index(self)
This method will be invoked for the Profile Edit view. This view is used for both viewing and updating
the user profile. It exposes both GET and POST, for viewing and updating respectively.
"""
# This will be passed as a template parameter to let us change the password.
# (And display the appropriate form field).
change_password = True
user = current_user()
if user is None:
return redirect("login")
# If it is a POST request to edit the form, then request.form will not be None
# Otherwise we will simply load the form data from the DB
if len(request.form):
form = ProfileEditForm(request.form, csrf_enabled=True)
else:
# It was a GET request (just viewing).
form = ProfileEditForm(csrf_enabled=True)
form.name.data = user.name
form.login.data = user.login
form.email.data = user.email
form.organization.data = user.organization
form.role.data = user.role
form.creation_date.data = user.creation_date
form.last_access_date.data = user.last_access_date
form.auth_system.data = user.auth_system
form.password.data = user.auth_data
# If the method is POST we assume that we want to update and not just view
if request.method == "POST" and form.validate_on_submit():
# It was a POST request, the data (which has been modified) will be contained in
# the request. For security reasons, we manually modify the user for these
# settings which should actually be modifiable.
user.email = form.email.data
user.organization = form.organization.data
user.role = form.role.data
user.auth_type = form.auth_system.data # Probably in the release we shouldn't let users modify the auth this way
if len(form.password.data) > 0:
new_password_data = create_salted_password(form.password.data)
user.auth_data = new_password_data
db.session.add(user)
db.session.commit()
flash("Changes saved", "success")
return self.render("user/profile-edit.html",
user=user,
form=form,
change_password=change_password)
def index(self):
"""
index(self)
This method will be invoked for the Profile Edit view. This view is used for both viewing and updating
the user profile. It exposes both GET and POST, for viewing and updating respectively.
"""
# This will be passed as a template parameter to let us change the password.
# (And display the appropriate form field).
change_password = True
user = current_user()
if user is None:
return redirect("login")
# If it is a POST request to edit the form, then request.form will not be None
# Otherwise we will simply load the form data from the DB
if len(request.form):
form = ProfileEditForm(request.form, csrf_enabled=True)
else:
# It was a GET request (just viewing).
form = ProfileEditForm(csrf_enabled=True)
form.name.data = user.name
form.login.data = user.login
form.email.data = user.email
form.organization.data = user.organization
form.role.data = user.role
form.creation_date.data = user.creation_date
form.last_access_date.data = user.last_access_date
form.auth_system.data = user.auth_system
form.password.data = user.auth_data
# If the method is POST we assume that we want to update and not just view
if request.method == "POST" and form.validate_on_submit():
# It was a POST request, the data (which has been modified) will be contained in
# the request. For security reasons, we manually modify the user for these
# settings which should actually be modifiable.
user.email = form.email.data
user.organization = form.organization.data
user.role = form.role.data
user.auth_type = form.auth_system.data # Probably in the release we shouldn't let users modify the auth this way
if len(form.password.data) > 0:
new_password_data = create_salted_password(form.password.data)
user.auth_data = new_password_data
db.session.add(user)
db.session.commit()
flash("Changes saved", "success")
return self.render("user/profile-edit.html", user=user, form=form, change_password=change_password)
