示例#1
0
    def set_new_password(self, password):
        """This method sets a new password for the User
        A new salt is also generated

        This cannot be rolled back
        """

        salt = generate_randomkey(256)
        hash = SHA.new(salt + password).hexdigest()

        self.__UserModel.salt = salt
        self.__UserModel.hash = hash

        self.__UserModel.put()
    def set_new_password(self, password):
        """This method sets a new password for the User
        A new salt is also generated

        This cannot be rolled back
        """

        salt = generate_randomkey(256)
        hash = SHA.new(salt + password).hexdigest()

        self.__UserModel.salt = salt
        self.__UserModel.hash = hash

        self.__UserModel.put()
示例#3
0
def reset_password():
    """
    This view allows a user that has forgetten their password
    to request a new one via their case email account
    """
    from application.generate_keys import generate_randomkey
    from google.appengine.api import mail

    form = forms.ResetPasswordForm(request.form)

    if request.method == 'POST' and form.validate():
        try:
            user = accounts.find_users(1, cwruid=('=', form.cwruid.data))[0]

            new_password = generate_randomkey(16)

            user.set_new_password(new_password)

            body = """
Hi %s,

Somebody requested a new password for you. You can now use

%s

when logging in.  If you did not request this password change
please contact the webmasters immediately.

Thanks,
The APO Website
"""
            body %= (user.fname, new_password)

            mail.send_mail(sender="APO Website <*****@*****.**>",
                           to="%s %s <*****@*****.**>" %
                           (user.fname, user.lname, user.cwruid),
                           subject='Your new password',
                           body=body)

        except IndexError:
            pass

        flash(
            'If an account with the specified cwru id exists then it should\
              receive an email with a new password shortly', 'success')

        form = forms.ResetPasswordForm()

    return render_template('accounts/reset_password.html',
                           reset_password_form=form)
示例#4
0
def reset_password():
    """
    This view allows a user that has forgetten their password
    to request a new one via their case email account
    """
    from application.generate_keys import generate_randomkey
    from google.appengine.api import mail
    
    form = forms.ResetPasswordForm(request.form)

    if request.method == 'POST' and form.validate():
        try:
            user = accounts.find_users(1, cwruid=('=', form.cwruid.data))[0]

            new_password = generate_randomkey(16)

            user.set_new_password(new_password)

            body = """
Hi %s,

Somebody requested a new password for you. You can now use

%s

when logging in.  If you did not request this password change
please contact the webmasters immediately.

Thanks,
The APO Website
"""
            body %= (user.fname, new_password)
            
            mail.send_mail(sender="APO Website <*****@*****.**>",
                           to="%s %s <*****@*****.**>" % (user.fname, user.lname, user.cwruid),
                           subject='Your new password',
                           body=body)
            
        except IndexError:
            pass

        flash('If an account with the specified cwru id exists then it should\
              receive an email with a new password shortly', 'success')

        form = forms.ResetPasswordForm()
        
    return render_template('accounts/reset_password.html',
                            reset_password_form=form)
示例#5
0
def fb_admin_get_user_access():
    """
    Main admin view for Facebook settings
    """

    login_url = "https://www.facebook.com/dialog/oauth"
    access_url = "https://graph.facebook.com/oauth/access_token"

    if "code" not in request.args:
        login_params = {}
        login_params["client_id"] = FACEBOOK_APP_ID
        login_params["redirect_uri"] = request.base_url
        login_params["state"] = generate_randomkey(32)
        login_params[
            "scope"
        ] = "manage_pages,user_groups,publish_actions,publish_stream,user_videos,user_photos,photo_upload,read_stream"

        resp = make_response(redirect(login_url + "?" + urllib.urlencode(login_params)))
        resp.set_cookie("state", login_params["state"])
        return resp

    if "state" in request.args and request.cookies["state"] == request.args["state"]:
        if "error" in request.args:
            return str(request.args)
        else:
            # get an access token
            access_params = {}
            access_params["client_id"] = FACEBOOK_APP_ID
            access_params["redirect_uri"] = request.base_url
            access_params["client_secret"] = FACEBOOK_APP_SECRET
            access_params["code"] = request.args["code"]

            response = urlfetch.fetch(access_url + "?" + urllib.urlencode(access_params))

            response_data = urlparse.parse_qs(response.content)

            # get an extended access token
            extension_params = {}
            extension_params["grant_type"] = "fb_exchange_token"
            extension_params["client_id"] = FACEBOOK_APP_ID
            extension_params["client_secret"] = FACEBOOK_APP_SECRET
            extension_params["fb_exchange_token"] = response_data["access_token"][0]

            response = urlfetch.fetch(access_url + "?" + urllib.urlencode(extension_params))

            response_data = urlparse.parse_qs(response.content)

            access_token = response_data["access_token"][0]
            try:
                expires = int(response_data["expires"][0])
            except KeyError:
                expires = 60 * 24 * 60 * 60
            expiration_date = dt.datetime.now() + dt.timedelta(0, expires)

            response = urlfetch.fetch("https://graph.facebook.com/me?access_token=" + access_token)

            response_data = json.loads(response.content)

            username = response_data["username"]

            fb_admin_del_user_access(username)

            token = models.UserAccessTokenModel(
                username=username, access_token=access_token, expiration=expiration_date, user_id=response_data["id"]
            )

            token.put()

            return redirect(url_for("fb_admin_get_assoc_tokens"))

    else:
        return str(request.arg)
示例#6
0
def create_user():
    """
    View for creating a user
    """

    from application.generate_keys import generate_randomkey
    
    form = forms.CreateUserForm(request.form)

    form.family.choices = get_family_choices()
    
    form.roles.choices = get_role_choices()

    if request.method == 'POST':
        if form.validate():
            # create the user with information specified in form
            fname = form.fname.data
            lname = form.lname.data
            cwruid = form.cwruid.data

            # generate a new temporary password
            password = generate_randomkey(16)

            # get optional attributes
            optional_attr = {}
            if form.mname.data != '':
                optional_attr['mname'] = form.mname.data
                
            if form.family.data != 'none':
                # look up family instance
                query = models.FamilyModel.all()
                query.filter('name =', form.family.data)
                families = query.fetch(1)
                if len(families) != 1:
                    form.family.errors.append(u'Family %s does not exist' % form.family.data)
                    return render_template('members/create.html',
                                           create_user_form=form)
                optional_attr['family'] = families[0].key()
                
            if form.big.data != '':
                # look up big instance
                users = find_users(cwruid=('=', form.big.data))
                if len(users) != 1:
                    form.big.errors.append(u'User %s does not exist' % form.big.data)
                    return render_template('members/create.html',
                                           create_user_form=form)
                optional_attr['big'] = users[0].key()
                
            if form.avatar.data != '':
                optional_attr['avatar'] = form.avatar.data
            
            try:
                new_user = accounts.create_user(fname, lname, cwruid, password, **optional_attr)
                if new_user is None:
                    raise AttributeError('Something went wrong with user creation')

                # add the case email address to the user
                email = models.EmailModel(user=new_user.key(),
                                          email='*****@*****.**' % new_user.cwruid,
                                          name='Case Email')
                email.put()

                # add the roles to the user
                for role in form.roles.data:
                    query = RoleModel.all()
                    query.filter('name =', role)

                    if query.count() != 1:
                        flash('Role %s does not exist' % role, 'error')
                        continue

                    desired_role = query.fetch(1)[0]

                    new_urole = UserRoleModel(user=new_user.key(), role=desired_role.key())
                    new_urole.put()
                    
                flash('User created successfully', 'success')

                form = None
                form = forms.CreateUserForm()
                form.family.choices = get_family_choices()
                form.roles.choices = get_role_choices()

                send_new_user_mail(fname, lname, cwruid, password)
            except AttributeError, e:
                flash(str(e), 'error')
示例#7
0
def fb_admin_get_user_access():
    """
    Main admin view for Facebook settings
    """

    login_url = 'https://www.facebook.com/dialog/oauth'
    access_url = 'https://graph.facebook.com/oauth/access_token'

    if 'code' not in request.args:
        login_params = {}
        login_params['client_id'] = FACEBOOK_APP_ID
        login_params['redirect_uri'] = request.base_url
        login_params['state'] = generate_randomkey(32)
        login_params[
            'scope'] = 'manage_pages,user_groups,publish_actions,publish_stream,user_videos,user_photos,photo_upload,read_stream'

        resp = make_response(
            redirect(login_url + '?' + urllib.urlencode(login_params)))
        resp.set_cookie('state', login_params['state'])
        return resp

    if 'state' in request.args and request.cookies['state'] == request.args[
            'state']:
        if 'error' in request.args:
            return str(request.args)
        else:
            # get an access token
            access_params = {}
            access_params['client_id'] = FACEBOOK_APP_ID
            access_params['redirect_uri'] = request.base_url
            access_params['client_secret'] = FACEBOOK_APP_SECRET
            access_params['code'] = request.args['code']

            response = urlfetch.fetch(access_url + '?' +
                                      urllib.urlencode(access_params))

            response_data = urlparse.parse_qs(response.content)

            # get an extended access token
            extension_params = {}
            extension_params['grant_type'] = 'fb_exchange_token'
            extension_params['client_id'] = FACEBOOK_APP_ID
            extension_params['client_secret'] = FACEBOOK_APP_SECRET
            extension_params['fb_exchange_token'] = response_data[
                'access_token'][0]

            response = urlfetch.fetch(access_url + '?' +
                                      urllib.urlencode(extension_params))

            response_data = urlparse.parse_qs(response.content)

            access_token = response_data['access_token'][0]
            try:
                expires = int(response_data['expires'][0])
            except KeyError:
                expires = 60 * 24 * 60 * 60
            expiration_date = dt.datetime.now() + dt.timedelta(0, expires)

            response = urlfetch.fetch(
                'https://graph.facebook.com/me?access_token=' + access_token)

            response_data = json.loads(response.content)

            username = response_data['username']

            fb_admin_del_user_access(username)

            token = models.UserAccessTokenModel(username=username,
                                                access_token=access_token,
                                                expiration=expiration_date,
                                                user_id=response_data['id'])

            token.put()

            return redirect(url_for('fb_admin_get_assoc_tokens'))

    else:
        return str(request.arg)
示例#8
0
def create_user(fname, lname, cwruid, password, **kwargs):
    """This method is a factory method for User accounts.
    It takes in the required fields of fname, lname,
    and cwruid. It queries the database to make sure that the
    cwruid is unique. If it is not an AttributeError exception
    is raised with the message stating that the cwruid is not
    unique. It then generates a string of salt using the
    secure random number generator in the Crypto module. The
    provided password is then hashed with the salt. All of this
    information is added to an instance of a UserModel class
    from the application.accounts.models module.

    If any optional arguments are supplied through the kwargs
    dictionary they are checked against the attributes of the
    UserModel class. If the argument matches an attribute
    in the UserModel and the attribute is modifiable
    outside of the accounts module and the value is valid
    for that attribute it is added to the UserModel instance
    created during the initial steps. If these conditions are
    not met an AttributeError exception is raised with the
    message specifying the argument that caused the problem.

    Finally the entire UserModel instance is saved to the
    datastore via the UserModel's put method. This UserModel
    is then stored inside of a new instance of the
    application.accounts.accounts.User class.

    If everything was successful the User instance is
    returned. Otherwise None is returned
    """

    query = UserModel.all()
    query.filter('cwruid =', cwruid)

    # If there is already a user in the database
    # with the same cwruID
    if(query.count() > 0):
        raise AttributeError('CWRU ID %s already exists. ' % cwruid +
                             'CWRU ID must be unique')
    
    salt = generate_randomkey(256)
    hasher = SHA.new(salt + password)
    
    user_model = UserModel(fname=fname,
                          lname=lname,
                          cwruid=cwruid,
                          salt=salt,
                          hash=hasher.hexdigest())

    for key in kwargs:
        # the values in non_modifiable_attr
        # should not be modified by information
        # from outside of this function
        if key in User.non_modifiable_attr:
            raise AttributeError
        try:
            if hasattr(user_model, key):
                user_model.__setattr__(key, kwargs[key])
        except BadValueError:
            raise AttributeError("%s has invalid type" % key)

    user_model.put()

    new_user = User()
    new_user._User__UserModel = user_model # pylint: disable=C0103,W0201
    return new_user
示例#9
0
def create_user():
    """
    View for creating a user
    """

    from application.generate_keys import generate_randomkey

    form = forms.CreateUserForm(request.form)

    form.family.choices = get_family_choices()

    form.roles.choices = get_role_choices()

    if request.method == 'POST':
        if form.validate():
            # create the user with information specified in form
            fname = form.fname.data
            lname = form.lname.data
            cwruid = form.cwruid.data

            # generate a new temporary password
            password = generate_randomkey(16)

            # get optional attributes
            optional_attr = {}
            if form.mname.data != '':
                optional_attr['mname'] = form.mname.data

            if form.family.data != 'none':
                # look up family instance
                query = models.FamilyModel.all()
                query.filter('name =', form.family.data)
                families = query.fetch(1)
                if len(families) != 1:
                    form.family.errors.append(u'Family %s does not exist' %
                                              form.family.data)
                    return render_template('members/create.html',
                                           create_user_form=form)
                optional_attr['family'] = families[0].key()

            if form.big.data != '':
                # look up big instance
                users = find_users(cwruid=('=', form.big.data))
                if len(users) != 1:
                    form.big.errors.append(u'User %s does not exist' %
                                           form.big.data)
                    return render_template('members/create.html',
                                           create_user_form=form)
                optional_attr['big'] = users[0].key()

            if form.avatar.data != '':
                optional_attr['avatar'] = form.avatar.data

            try:
                new_user = accounts.create_user(fname, lname, cwruid, password,
                                                **optional_attr)
                if new_user is None:
                    raise AttributeError(
                        'Something went wrong with user creation')

                # add the case email address to the user
                email = models.EmailModel(user=new_user.key(),
                                          email='*****@*****.**' %
                                          new_user.cwruid,
                                          name='Case Email')
                email.put()

                # add the roles to the user
                for role in form.roles.data:
                    query = RoleModel.all()
                    query.filter('name =', role)

                    if query.count() != 1:
                        flash('Role %s does not exist' % role, 'error')
                        continue

                    desired_role = query.fetch(1)[0]

                    new_urole = UserRoleModel(user=new_user.key(),
                                              role=desired_role.key())
                    new_urole.put()

                flash('User created successfully', 'success')

                form = None
                form = forms.CreateUserForm()
                form.family.choices = get_family_choices()
                form.roles.choices = get_role_choices()

                send_new_user_mail(fname, lname, cwruid, password)
            except AttributeError, e:
                flash(str(e), 'error')
示例#10
0
def create_user(fname, lname, cwruid, password, **kwargs):
    """This method is a factory method for User accounts.
    It takes in the required fields of fname, lname,
    and cwruid. It queries the database to make sure that the
    cwruid is unique. If it is not an AttributeError exception
    is raised with the message stating that the cwruid is not
    unique. It then generates a string of salt using the
    secure random number generator in the Crypto module. The
    provided password is then hashed with the salt. All of this
    information is added to an instance of a UserModel class
    from the application.accounts.models module.

    If any optional arguments are supplied through the kwargs
    dictionary they are checked against the attributes of the
    UserModel class. If the argument matches an attribute
    in the UserModel and the attribute is modifiable
    outside of the accounts module and the value is valid
    for that attribute it is added to the UserModel instance
    created during the initial steps. If these conditions are
    not met an AttributeError exception is raised with the
    message specifying the argument that caused the problem.

    Finally the entire UserModel instance is saved to the
    datastore via the UserModel's put method. This UserModel
    is then stored inside of a new instance of the
    application.accounts.accounts.User class.

    If everything was successful the User instance is
    returned. Otherwise None is returned
    """

    query = UserModel.all()
    query.filter('cwruid =', cwruid)

    # If there is already a user in the database
    # with the same cwruID
    if (query.count() > 0):
        raise AttributeError('CWRU ID %s already exists. ' % cwruid +
                             'CWRU ID must be unique')

    salt = generate_randomkey(256)
    hasher = SHA.new(salt + password)

    user_model = UserModel(fname=fname,
                           lname=lname,
                           cwruid=cwruid,
                           salt=salt,
                           hash=hasher.hexdigest())

    for key in kwargs:
        # the values in non_modifiable_attr
        # should not be modified by information
        # from outside of this function
        if key in User.non_modifiable_attr:
            raise AttributeError
        try:
            if hasattr(user_model, key):
                user_model.__setattr__(key, kwargs[key])
        except BadValueError:
            raise AttributeError("%s has invalid type" % key)

    user_model.put()

    new_user = User()
    new_user._User__UserModel = user_model  # pylint: disable=C0103,W0201
    return new_user