def recovery_password(request): """Display password recovery form or do the password change """ _ = get_localizer(request) settings = request.registry.settings user_model = UserModel(request.db_session) user_name = request.params['user_name'] code = request.params['code'] user = user_model.get_by_name(user_name) if user is None: return HTTPNotFound(_('No such user %s') % user_name) user_id = user.user_id # generate verification auth_secret_key = settings['auth_secret_key'] valid_code = user_model.get_recovery_code(auth_secret_key, user_id) if code != valid_code: return HTTPForbidden(_('Bad password recovery link')) factory = FormFactory(_) RecoveryPasswordForm = factory.make_recovery_password_form() form = RecoveryPasswordForm(request.params, user_name=user_name, code=code) invalid_msg = _(u'Invalid password recovery link') redirect_url = request.route_url('front.home') user = user_model.get_by_name(user_name) if user is None: request.add_flash(invalid_msg, 'error') raise HTTPFound(location=redirect_url) user_id = user.user_id if request.method == 'POST' and form.validate(): new_password = request.POST['new_password'] with transaction.manager: user_model.update_password(user_id, new_password) msg = _(u'Your password has been updated') request.add_flash(msg, 'success') raise HTTPFound(location=redirect_url) return dict(form=form)
def activate(request): _ = get_localizer(request) settings = request.registry.settings user_model = UserModel(request.db_session) code = request.matchdict['code'] user_name = request.matchdict['user_name'] user = user_model.get_by_name(user_name) auth_secret_key = settings['auth_secret_key'] valid_code = user_model.get_verification_code( user_id=user.user_id, verify_type='create_user', secret=auth_secret_key ) if valid_code != code: msg = _(u"Invalid activation link", mapping=dict(user_name=user_name)) return HTTPForbidden(msg) if not user.verified: with transaction.manager: user_model.update_user(user.user_id, verified=True) msg = _(u"User ${user_name} is activated", mapping=dict(user_name=user_name)) request.add_flash(msg, 'success') return dict()
def user_create(request): _ = get_localizer(request) user_model = UserModel(request.db_session) group_model = GroupModel(request.db_session) factory = FormFactory(_) UserCreateForm = factory.make_user_create_form() form = UserCreateForm(request.params) groups = group_model.get_list() form.groups.choices = [ (str(g.group_id), '%s - %s' % (g.group_name, g.display_name)) for g in groups ] if request.method == 'POST': check_csrf_token(request) validate_result = form.validate() user_name = request.params['user_name'] display_name = request.params['display_name'] password = request.params['password'] email = request.params['email'] groups = request.params.getall('groups') by_name = user_model.get_by_name(user_name) if by_name is not None: msg = _(u'Username %s already exists') % user_name form.user_name.errors.append(msg) validate_result = False by_email = user_model.get_by_email(email) if by_email is not None: msg = _(u'Email %s already exists') % email form.email.errors.append(msg) validate_result = False if validate_result: with transaction.manager: user_id = user_model.create( user_name=user_name, display_name=display_name, password=password, email=email, ) user_model.update_groups(user_id, map(int, groups)) msg = _(u"User ${user_name} has been created", mapping=dict(user_name=user_name)) request.add_flash(msg, 'success') return HTTPFound(location=request.route_url('admin.user_list')) return dict(form=form)
def test_activate(self): from ez2pay.models.user import UserModel res = self.testapp.get('/register', status=200) csrf_token = self.get_csrf_token(res) res = self.assert_register_success(dict( csrf_token=csrf_token, user_name='tester2', email='*****@*****.**', email_confirm='*****@*****.**', password='******', terms_of_service='1', )) mailer = res.request.environ['pyramid_mailer.dummy_mailer'] self.assertEqual(len(mailer.outbox), 1) self.assertIn('activation', mailer.outbox[0].subject) mail = mailer.outbox[0] # find activation link from BeautifulSoup import BeautifulSoup soup = BeautifulSoup(mail.html) links = soup.findAll('a') activate_link = None for link in links: if 'activate' in link['href']: activate_link = link['href'] break self.assertNotEqual(activate_link, None) code = activate_link.split('/')[-1] self.testapp.get('/activate/tester2/badcode', status=403) self.testapp.get('/activate/tester2/' + code + 'x', status=403) self.testapp.get('/activate/tester2/' + code[:-1] + 'x', status=403) model = UserModel(self.testapp.session) user = model.get_by_name('tester2') self.assertEqual(user.verified, False) self.testapp.get('/activate/tester2/' + code, status=200) user = model.get_by_name('tester2') self.assertEqual(user.verified, True)
def assert_register_success(self, params): from ez2pay.models.user import UserModel res = self.testapp.post('/register', params, status=302) model = UserModel(self.testapp.session) user = model.get_by_name(params['user_name']) self.assertNotEqual(user, None) self.assertEqual(user.user_name, params['user_name']) self.assertEqual(user.email, params['email']) self.assertEqual(user.email, params['email_confirm']) self.assertEqual(user.verified, False) self.assertNotEqual(user.password, params['password']) self.assertNotIn(params['password'], user.password) return res
def user_edit(request): _ = get_localizer(request) user_model = UserModel(request.db_session) group_model = GroupModel(request.db_session) user_name = request.matchdict['user_name'] user = user_model.get_by_name(user_name) if user is None: msg = _(u'User %s does not exists') % user_name return HTTPNotFound(msg) user_groups = [str(g.group_id) for g in user.groups] factory = FormFactory(_) UserEditForm = factory.make_user_edit_form() form = UserEditForm( request.params, display_name=user.display_name, email=user.email, groups=user_groups ) groups = group_model.get_list() form.groups.choices = [ (str(g.group_id), '%s - %s' % (g.group_name, g.display_name), ) for g in groups ] if request.method == 'POST': check_csrf_token(request) validate_result = form.validate() display_name = request.params['display_name'] password = request.params['password'] email = request.params['email'] groups = request.params.getall('groups') by_email = user_model.get_by_email(email) if by_email is not None and email != user.email: msg = _(u'Email %s already exists') % email form.email.errors.append(msg) validate_result = False if validate_result: with transaction.manager: user_model.update_user( user_id=user.user_id, display_name=display_name, email=email, ) if password: user_model.update_password(user.user_id, password) user_model.update_groups(user.user_id, map(int, groups)) msg = _(u"User ${user_name} has been updated", mapping=dict(user_name=user_name)) request.add_flash(msg, 'success') url = request.route_url('admin.user_edit', user_name=user.user_name) return HTTPFound(location=url) return dict(form=form, user=user)
def register(request): _ = get_localizer(request) settings = request.registry.settings user_model = UserModel(request.db_session) factory = FormFactory(_) RegisterForm = factory.make_register_form() form = RegisterForm(request.params) if request.method == 'POST': check_csrf_token(request) validate_result = form.validate() user_name = request.params['user_name'] password = request.params['password'] email = request.params['email'] black_domain = set(settings.get('email_black_domain_list', [])) domain = email.split('@')[-1].lower() if domain in black_domain: msg = _(u'Invalid email address') form.email.errors.append(msg) validate_result = False by_name = user_model.get_by_name(user_name) if by_name is not None: msg = _(u'Username %s already exists') % user_name form.user_name.errors.append(msg) validate_result = False by_email = user_model.get_by_email(email) if by_email is not None: msg = _(u'Email %s already exists') % email form.email.errors.append(msg) validate_result = False if validate_result: with transaction.manager: user_id = user_model.create( user_name=user_name, display_name=user_name, password=password, email=email, ) auth_secret_key = settings['auth_secret_key'] code = user_model.get_verification_code( user_id=user_id, verify_type='create_user', secret=auth_secret_key ) link = request.route_url( 'account.activate', user_name=user_name, code=code ) params = dict(link=link, user_name=user_name) html = render_mail( request, 'ez2pay:templates/mails/register_link.genshi', params ) subject = _('ez2pay account activation') send_mail( request=request, subject=subject, to_addresses=[email], format='html', body=html ) msg = _(u"User ${user_name} has been registered", mapping=dict(user_name=user_name)) request.add_flash(msg, 'success') return HTTPFound(location=request.route_url('account.check_mailbox')) return dict(form=form)