def lost_password(request): """ Presents lost password page - sends password reset link to specified email address. This link is valid only for 10 minutes """ form = forms.LostPasswordForm(request.POST, csrf_context=request) if request.method == 'POST' and form.validate(): user = User.by_email(form.email.data) if user: user.regenerate_security_code() user.security_code_date = datetime.datetime.utcnow() email_vars = { 'user': user, 'request': request, 'email_title': "AppEnlight :: New password request" } UserService.send_email( request, recipients=[user.email], variables=email_vars, template='/email_templates/lost_password.jinja2') msg = 'Password reset email had been sent. ' \ 'Please check your mailbox for further instructions.' request.session.flash(_(msg)) return HTTPFound(location=request.route_url('lost_password')) return {"form": form}
def user_resource_permission_create(request): """ Set new permissions for user for a resource """ resource = request.context.resource user_name = request.unsafe_json_body.get('user_name') user = User.by_user_name(user_name) if not user: user = User.by_email(user_name) if not user: return False for perm_name in request.unsafe_json_body.get('permissions', []): permission = UserResourcePermission.by_resource_user_and_perm( user.id, perm_name, resource.resource_id) if not permission: permission = UserResourcePermission(perm_name=perm_name, user_id=user.id) resource.user_permissions.append(permission) DBSession.flush() perms = [ p.perm_name for p in resource.perms_for_user(user) if p.type == 'user' ] result = {'user_name': user.user_name, 'permissions': list(set(perms))} return result
def search_users(request): """ Returns a list of users for autocomplete """ user = request.user items_returned = [] like_condition = request.params.get('user_name', '') + '%' # first append used if email is passed found_user = User.by_email(request.params.get('user_name', '')) if found_user: name = '{} {}'.format(found_user.first_name, found_user.last_name) items_returned.append({'user': found_user.user_name, 'name': name}) for found_user in User.user_names_like(like_condition).limit(20): name = '{} {}'.format(found_user.first_name, found_user.last_name) items_returned.append({'user': found_user.user_name, 'name': name}) return items_returned
def groups_users_add(request): """ Get list of permissions assigned to specific resources """ group = GroupService.by_id(request.matchdict.get('group_id')) user = User.by_user_name(request.unsafe_json_body.get('user_name')) if not user: user = User.by_email(request.unsafe_json_body.get('user_name')) if not group or not user: return HTTPNotFound() if user not in group.users: group.users.append(user) group.member_count = group.users_dynamic.count() props = [ 'user_name', 'id', 'first_name', 'last_name', 'email', 'last_login_date', 'status' ] u_dict = user.get_dict(include_keys=props) u_dict['gravatar_url'] = user.gravatar_url(s=20) return u_dict
def unique_email_validator(form, field): user = User.by_email(field.data) if user: raise wtforms.ValidationError('This email already exists in system')
def found_username_email_validator(form, field): user = User.by_email(field.data) if not user: raise wtforms.ValidationError('Email is incorrect')