def _save_edit(self, id, context): try: data_dict = logic.clean_dict( unflatten( logic.tuplize_dict(logic.parse_params(request.params)))) context['message'] = data_dict.get('log_message', '') data_dict['id'] = id if data_dict['password1'] and data_dict['password2']: identity = { 'login': c.user, 'password': data_dict['old_password'] } auth = authenticator.UsernamePasswordAuthenticator() if auth.authenticate(request.environ, identity) != c.user: raise UsernamePasswordError # MOAN: Do I really have to do this here? if 'activity_streams_email_notifications' not in data_dict: data_dict['activity_streams_email_notifications'] = False user = get_action('user_update')(context, data_dict) h.flash_success(_('Profile updated')) h.redirect_to(controller='user', action='read', id=user['name']) except NotAuthorized: abort(401, _('Unauthorized to edit user %s') % id) except NotFound, e: abort(404, _('User not found'))
def user_login(context, data_dict): # Adapted from https://github.com/ckan/ckan/blob/master/ckan/views/user.py#L203-L211 generic_error_message = { u'errors': { u'auth': [_(u'Username or password entered was incorrect')] }, u'error_summary': { _(u'auth'): _(u'Incorrect username or password') } } model = context['model'] user = model.User.get(data_dict['id']) if not user: return generic_error_message user = user.as_dict() if data_dict[u'password']: identity = { u'login': user['name'], u'password': data_dict[u'password'] } auth = authenticator.UsernamePasswordAuthenticator() authUser = auth.authenticate(context, identity) if authUser != user['name']: return generic_error_message else: return user
def post(self, id=None): context, id = self._prepare(id) if not context[u'save']: return self.get(id) if id in (g.userobj.id, g.userobj.name): current_user = True else: current_user = False old_username = g.userobj.name try: data_dict = logic.clean_dict( dictization_functions.unflatten( logic.tuplize_dict(logic.parse_params(request.form)))) except dictization_functions.DataError: base.abort(400, _(u'Integrity Error')) data_dict.setdefault(u'activity_streams_email_notifications', False) context[u'message'] = data_dict.get(u'log_message', u'') data_dict[u'id'] = id email_changed = data_dict[u'email'] != g.userobj.email if (data_dict[u'password1'] and data_dict[u'password2']) or email_changed: identity = { u'login': g.user, u'password': data_dict[u'old_password'] } auth = authenticator.UsernamePasswordAuthenticator() if auth.authenticate(request.environ, identity) != g.user: errors = { u'oldpassword': [_(u'Password entered was incorrect')] } error_summary = {_(u'Old Password'): _(u'incorrect password')} return self.get(id, data_dict, errors, error_summary) try: user = logic.get_action(u'user_update')(context, data_dict) except logic.NotAuthorized: base.abort(403, _(u'Unauthorized to edit user %s') % id) except logic.NotFound: base.abort(404, _(u'User not found')) except logic.ValidationError as e: errors = e.error_dict error_summary = e.error_summary return self.get(id, data_dict, errors, error_summary) h.flash_success(_(u'Profile updated')) resp = h.redirect_to(u'user.read', id=user[u'name']) if current_user and data_dict[u'name'] != old_username: # Changing currently logged in user's name. # Update repoze.who cookie to match set_repoze_user(data_dict[u'name'], resp) return resp
def _save_edit(self, id, context): try: if id in (c.userobj.id, c.userobj.name): current_user = True else: current_user = False old_username = c.userobj.name data_dict = logic.clean_dict( unflatten( logic.tuplize_dict(logic.parse_params(request.params)))) context['message'] = data_dict.get('log_message', '') data_dict['id'] = id email_changed = data_dict['email'] != c.userobj.email if (data_dict['password1'] and data_dict['password2']) \ or email_changed: identity = { 'login': c.user, 'password': data_dict['old_password'] } auth = authenticator.UsernamePasswordAuthenticator() if auth.authenticate(request.environ, identity) != c.user: raise UsernamePasswordError # MOAN: Do I really have to do this here? if 'activity_streams_email_notifications' not in data_dict: data_dict['activity_streams_email_notifications'] = False user = get_action('user_update')(context, data_dict) h.flash_success(_('Profile updated')) if current_user and data_dict['name'] != old_username: # Changing currently logged in user's name. # Update repoze.who cookie to match set_repoze_user(data_dict['name']) h.redirect_to(controller='user', action='read', id=user['name']) except NotAuthorized: abort(403, _('Unauthorized to edit user %s') % id) except NotFound as e: abort(404, _('User not found')) except DataError: abort(400, _(u'Integrity Error')) except ValidationError as e: errors = e.error_dict error_summary = e.error_summary return self.edit(id, data_dict, errors, error_summary) except UsernamePasswordError: errors = {'oldpassword': [_('Password entered was incorrect')]} error_summary = {_('Old Password'): _('incorrect password')} return self.edit(id, data_dict, errors, error_summary)
def _save_edit(self, id, context): try: data_dict = logic.clean_dict( unflatten( logic.tuplize_dict(logic.parse_params(request.params)))) context['message'] = data_dict.get('log_message', '') data_dict['id'] = id if data_dict['password1'] and data_dict['password2']: identity = { 'login': c.user, 'password': data_dict['old_password'] } auth = authenticator.UsernamePasswordAuthenticator() if auth.authenticate(request.environ, identity) != c.user: raise UsernamePasswordError # MOAN: Do I really have to do this here? if 'activity_streams_email_notifications' not in data_dict: data_dict['activity_streams_email_notifications'] = False #HO Change to implement a pattern form passwords if data_dict['password2']: if plugin.search_password(data_dict['password2']): print("Password matched") else: print("It didn't") abort( 400, _('Password does not match the required pattern, needs at least one lower case, one upper case, a number and one of ' + plugin.special_chars)) print("checking password fits regex" + data_dict['password2']) #End of HO Change user = get_action('user_update')(context, data_dict) h.flash_success(_('Profile updated')) h.redirect_to(controller='user', action='read', id=user['name']) except NotAuthorized: abort(401, _('Unauthorized to edit user %s') % id) except NotFound, e: abort(404, _('User not found'))
def setup_class(cls): auth = authenticator.UsernamePasswordAuthenticator() cls.authenticate = auth.authenticate
def post(self, id=None): context, id = self._prepare(id) if not context[u'save']: return self.get(id) # checks if user id match with the current logged user if id in (g.userobj.id, g.userobj.name): current_user = True else: current_user = False # we save the username for later use.. in case the current # logged in user change his username old_username = g.userobj.name try: data_dict = logic.clean_dict( dictization_functions.unflatten( logic.tuplize_dict(logic.parse_params(request.form)))) data_dict.update( logic.clean_dict( dictization_functions.unflatten( logic.tuplize_dict(logic.parse_params( request.files))))) except dictization_functions.DataError: base.abort(400, _(u'Integrity Error')) data_dict.setdefault(u'activity_streams_email_notifications', False) context[u'message'] = data_dict.get(u'log_message', u'') data_dict[u'id'] = id # we need this comparison when sysadmin edits a user, # this will return True # and we can utilize it for later use. email_changed = data_dict[u'email'] != g.userobj.email # common users can edit their own profiles without providing # password, but if they want to change # their old password with new one... old password must be provided.. # so we are checking here if password1 # and password2 are filled so we can enter the validation process. # when sysadmins edits a user he MUST provide sysadmin password. # We are recognizing sysadmin user # by email_changed variable.. this returns True # and we are entering the validation. if (data_dict[u'password1'] and data_dict[u'password2']) or email_changed: # getting the identity for current logged user identity = { u'login': g.user, u'password': data_dict[u'old_password'] } auth = authenticator.UsernamePasswordAuthenticator() # we are checking if the identity is not the # same with the current logged user if so raise error. if auth.authenticate(request.environ, identity) != g.user: errors = { u'oldpassword': [_(u'Password entered was incorrect')] } error_summary = {_(u'Old Password'): _(u'incorrect password')}\ if not g.userobj.sysadmin \ else {_(u'Sysadmin Password'): _(u'incorrect password')} return self.get(id, data_dict, errors, error_summary) try: user = logic.get_action(u'user_update')(context, data_dict) except logic.NotAuthorized: base.abort(403, _(u'Unauthorized to edit user %s') % id) except logic.NotFound: base.abort(404, _(u'User not found')) except logic.ValidationError as e: errors = e.error_dict error_summary = e.error_summary return self.get(id, data_dict, errors, error_summary) h.flash_success(_(u'Profile updated')) resp = h.redirect_to(u'user.read', id=user[u'name']) if current_user and data_dict[u'name'] != old_username: # Changing currently logged in user's name. # Update repoze.who cookie to match set_repoze_user(data_dict[u'name'], resp) return resp
def post(self, id=None): context, id = self._prepare(id) if not context[u'save']: return self.get(id) if id in (g.userobj.id, g.userobj.name): current_user = True else: current_user = False old_username = g.userobj.name try: data_dict = logic.clean_dict( dictization_functions.unflatten( logic.tuplize_dict(logic.parse_params(request.form)))) except dictization_functions.DataError: base.abort(400, _(u'Integrity Error')) data_dict.setdefault(u'activity_streams_email_notifications', False) context[u'message'] = data_dict.get(u'log_message', u'') data_dict[u'id'] = id email_changed = data_dict[u'email'] != g.userobj.email if (data_dict[u'password1'] and data_dict[u'password2']) or email_changed: identity = { u'login': g.user, u'password': data_dict[u'old_password'] } auth = authenticator.UsernamePasswordAuthenticator() if auth.authenticate(request.environ, identity) != g.user: errors = { u'oldpassword': [_(u'Password entered was incorrect')] } error_summary = {_(u'Old Password'): _(u'incorrect password')} return self.get(id, data_dict, errors, error_summary) try: data_dict['fullname'] = data_dict.get( 'firstname') + u' ' + data_dict.get('lastname') user = logic.get_action(u'user_update')(context, data_dict) if user: ue_data_dict = { 'user_id': user.get('id'), 'extras': [ { 'key': user_model.HDX_FIRST_NAME, 'new_value': data_dict.get('firstname', '') }, { 'key': user_model.HDX_LAST_NAME, 'new_value': data_dict.get('lastname', '') }, ] } logic.get_action('user_extra_update')(context, ue_data_dict) except logic.NotAuthorized: base.abort(403, _(u'Unauthorized to edit user %s') % id) except logic.NotFound, ex: base.abort(404, _(u'User not found'))