def password(): "Set the password for a user account, and login user." if utils.http_GET(): return flask.render_template( "user/password.html", username=flask.request.args.get("username")) elif utils.http_POST(): try: try: username = flask.request.form.get("username") or "" if not username: raise ValueError user = get_user(username=username) if user is None: raise ValueError if am_admin_and_not_self(user): pass # No check for current password. else: password = flask.request.form.get("current_password") or "" if not check_password_hash(user["password"], password): raise ValueError except ValueError: raise ValueError("No such user or wrong password.") password = flask.request.form.get("password") if password != flask.request.form.get("confirm_password"): raise ValueError("Wrong password entered; confirm failed.") except ValueError as error: return utils.error(error, flask.url_for(".password")) with UserSaver(user) as saver: saver.set_password(password) utils.get_logger().info(f"password user {user['username']}") if not flask.g.current_user: do_login(username, password) return flask.redirect(flask.url_for("home"))
def edit(username): "Edit the user display. Or delete the user." user = get_user(username=username) if user is None: return utils.error("No such user.") if not am_admin_or_self(user): return utils.error("Access not allowed.") if utils.http_GET(): deletable = am_admin_and_not_self(user) and user["blobs_count"] == 0 return flask.render_template("user/edit.html", user=user, change_role=am_admin_and_not_self(user), deletable=deletable) elif utils.http_POST(): with UserSaver(user) as saver: if flask.g.am_admin: email = flask.request.form.get("email") if email != user["email"]: saver.set_email(email) try: quota = flask.request.form.get('quota') or None if quota: quota = int(quota) if quota < 0: raise ValueError except (ValueError, TypeError): pass else: saver.set_quota(quota) if am_admin_and_not_self(user): saver.set_role(flask.request.form.get("role")) if flask.request.form.get("accesskey"): saver.set_accesskey() return flask.redirect( flask.url_for(".display", username=user["username"])) elif utils.http_DELETE(): if user["blobs_count"] != 0: return utils.error("Cannot delete non-empty user account.") with flask.g.db: flask.g.db.execute("DELETE FROM logs WHERE iuid=?", (user["iuid"], )) flask.g.db.execute( "DELETE FROM users " " WHERE username=? COLLATE NOCASE", (username, )) utils.flash_message(f"Deleted user {username}.") utils.get_logger().info(f"deleted user {username}") if flask.g.am_admin: return flask.redirect(flask.url_for(".all")) else: return flask.redirect(flask.url_for("home"))
def rename(filename): data = get_blob_data(filename) if not data: return utils.error("No such blob.") if not allow_update(data): return utils.error("You may not rename the blob.") if utils.http_GET(): return flask.render_template("blob/rename.html", data=data) elif utils.http_POST(): try: with BlobSaver(data) as saver: saver.rename(flask.request.form.get("filename")) except ValueError as error: return utils.error(error) return flask.redirect( flask.url_for("blob.info", filename=saver["filename"]))
def upload(): "Upload a new blob." if utils.http_GET(): return flask.render_template("blob/upload.html") elif utils.http_POST(): infile = flask.request.files.get("file") if not infile: return utils.error("No file provided.") if get_blob_data(infile.filename): return utils.error("Blob already exists; do update instead.") try: with BlobSaver() as saver: saver["filename"] = infile.filename saver["description"] = flask.request.form.get("description") saver["username"] = flask.g.current_user["username"] saver.set_content(infile.read()) except ValueError as error: return utils.error(error) return flask.redirect( flask.url_for("blob.info", filename=saver["filename"]))
def update(filename): "Update the content and/or the description of a blob." data = get_blob_data(filename) if not data: return utils.error("No such blob.") if not allow_update(data): return utils.error("You may not update the blob.") if utils.http_GET(): return flask.render_template("blob/update.html", data=data) elif utils.http_POST(): try: with BlobSaver(data) as saver: saver["description"] = flask.request.form.get("description") infile = flask.request.files.get("file") if infile: saver.set_content(infile.read()) except ValueError as error: return utils.error(error) return flask.redirect( flask.url_for("blob.info", filename=saver["filename"]))
def register(): "Register a new user account." if utils.http_GET(): return flask.render_template("user/register.html") elif utils.http_POST(): try: with UserSaver() as saver: saver.set_username(flask.request.form.get("username")) saver.set_email(flask.request.form.get("email")) saver.set_role(constants.USER) saver.set_quota(flask.current_app.config["DEFAULT_QUOTA"]) password = flask.request.form.get("password") confirm = flask.request.form.get("confirm_password") if password != confirm: raise ValueError("Password confirmation failed.") saver.set_password(password) saver.set_status(constants.ENABLED) user = saver.doc except ValueError as error: return utils.error(error) utils.get_logger().info(f"registered user {user['username']}") return flask.redirect(flask.url_for("home"))
def copy(filename): data = get_blob_data(filename) if not data: return utils.error("No such blob.") if utils.http_GET(): return flask.render_template("blob/copy.html", data=data) elif utils.http_POST(): filepath = os.path.join(flask.current_app.config['STORAGE_DIRPATH'], data["filename"]) try: with open(filepath, "rb") as infile: content = infile.read() with BlobSaver() as saver: saver["filename"] = flask.request.form.get("filename") saver["description"] = flask.request.form.get("description") saver["username"] = flask.g.current_user["username"] saver.set_content(content) except ValueError as error: return utils.error(error) return flask.redirect( flask.url_for("blob.info", filename=saver["filename"]))
def login(): """Login to a user account. Creates the admin user specified in the settings.json, if not done. """ if utils.http_GET(): return flask.render_template("user/login.html", next=flask.request.args.get("next")) elif utils.http_POST(): username = flask.request.form.get("username") password = flask.request.form.get("password") try: if username and password: do_login(username, password) else: raise ValueError try: next = flask.request.form["next"] except KeyError: return flask.redirect(flask.url_for("home")) else: return flask.redirect(next) except ValueError: return utils.error( "Invalid user or password, or account disabled.")