def change_password():
form = ChangePassword()
if form.validate_on_submit():
exist_stmt_auth = "SELECT EXISTS(SELECT * FROM author WHERE Email=%s)"
cursor = db.connection.cursor()
cursor.execute(exist_stmt_auth, [form.email.data])
exists = cursor.fetchall()
exists = int(exists[0][0])
if not exists:
return render_template("change_password.html",
form=form,
message="Email not found!")
else:
print("****************")
print("EMAIL =", form.email.data, "PASSWORD ="******"****************")
reset_pswd = "UPDATE author SET Password=%s WHERE Email=%s"
cursor = db.connection.cursor()
cursor.execute(reset_pswd, [form.password.data, form.email.data])
db.connection.commit()
_ = cursor.fetchall()
return render_template("change_password.html",
form=form,
message="Password changed successfully!")
return render_template("change_password.html", form=form)
def change_password(id):
if user_in_session():
error = None
user = User.query.filter_by(id=int(id)).first()
form = ChangePassword()
if form.validate_on_submit() and request.method == 'POST':
password_user = sha256((form.password_user.data).encode())
if validate_password(user.username, password_user.hexdigest()):
new_password = sha256((form.new_password.data).encode())
confirm_new_password = sha256((form.confirm_new_password.data).encode())
if new_password.hexdigest() == confirm_new_password.hexdigest():
user.password = new_password.hexdigest()
db.session.add(user)
db.session.commit()
flash('Your password has been changed successfuly!')
return redirect(url_for('profile'))
else:
error = 'New passwords no match!'
else:
error = 'Incorrect actual password'
return render_template('auth/session-started/change_password.html', form=form, error=error)
else:
abort(404)
def change_password():
form = ChangePassword()
if form.validate_on_submit():
data_obj = User.query.filter_by(id=current_user.id).first()
data_obj.password = form.password.data
db.session.merge(data_obj)
logout_user()
return redirect(url_for("auth.login_page"))
return render_template("user_control/change_password.html", form=form)
def user(user_id):
user = User.query.filter_by(id = user_id).first()
kicks = Kicks.query.all()
form = ChangePassword()
account = EditAccountInfo(obj=user)
tix_per_kick = []
tix_count = []
all_tix = Tickets.query.filter_by(user_id = user_id).all()
for t in all_tix:
print t.kicks_id, t.num_tickets
kick = Kicks.query.filter_by(id = t.kicks_id).first()
print kick.shoe_name
obj = {'kick': kick, 'num_tickets': t.num_tickets, 'date': t.date}
tix_count.append(obj)
#updates password
if form.validate_on_submit():
if check_password_hash(user.password, form.old.data):
if form.new.data == form.confirm_new.data:
user.password = generate_password_hash(form.new.data)
db.session.add(user)
db.session.commit()
flash('Password was updated')
else:
flash('Make sure the new password matches')
else:
flash('Wrong password')
#edit account info
if account.validate_on_submit():
print 'account was updated'
user.firstname = account.firstname.data
user.lastname = account.lastname.data
user.email = account.email.data
user.address_street = account.address_street.data
user.address_city = account.address_city.data
user.address_state = account.address_state.data
user.address_zipcode = account.address_zipcode.data
user.address_country = 'USA'
#Commits changes
db.session.add(user)
db.session.commit()
flash('Info updated!')
else:
print account.errors
print g.user.id
print user_id
if int(g.user.id) == int(user_id):
return render_template('account.html',
user = user,
form = form,
tix = tix_count,
edit_form = account)
else:
return render_template('unauthorized.html')
def changePassword():
form = ChangePassword()
if form.validate_on_submit():
user = User.query.filter_by(username=current_user.username).first()
print(check_password_hash(user.password, form.old.data))
if check_password_hash(user.password, form.old.data):
user.password = generate_password_hash(form.new.data,
method='sha256')
db.session.add(user)
db.session.commit()
flash('Password successfully changed.')
return redirect(url_for('logout'))
flash('Invalid password.')
return render_template('change_password.html', form=form)
def changepassword():
form = ChangePassword()
user = users.find_one({'username': current_user.get_id()})
if form.validate_on_submit():
users.update_one(user, {
'$set': {
'password': generate_password_hash(form.password.data)
}
})
flash('Password Changed', 'info')
return redirect(url_for('index'))
return render_template('changepassword.html',
title="Change Password",
form=form)
def change_password(token):
""" produces form for changing password"""
user = User.query.filter(User.reset_token == token).first()
if user:
form = ChangePassword()
if form.validate_on_submit():
pwd = form.password.data
user.update_password(pwd)
user.reset_token = None
db.session.commit()
flash("You have successfully changed your password", 'success')
return redirect('/login')
return render_template('change_password.html', form=form)
def change_password(request):
if request.method=="POST":
form=ChangePassword(request.POST)
if form.is_valid():
register_user=User.objects.get(username=request.user.username)
register_user.set_password(str(form.cleaned_data['password']))
register_user.save()
return HttpResponseRedirect('/foodline/login/')
else:
state="please enter a new password"
return render_to_response('reset.html',locals())
else:
form=ChangePassword()
state="Enter a New Password"
return render_to_response('reset.html',locals())
def my_account(request, action=None, conn=None, **kwargs):
template = "webadmin/myaccount.html"
experimenter, defaultGroup, otherGroups, isLdapUser, hasAvatar = prepare_experimenter(
conn)
try:
defaultGroupId = defaultGroup.id
except:
defaultGroupId = None
ownedGroups = ownedGroupsInitial(conn)
password_form = ChangePassword()
form = None
if action == "save":
if request.method != 'POST':
return HttpResponseRedirect(
reverse(viewname="wamyaccount", args=["edit"]))
else:
email_check = conn.checkEmail(request.REQUEST.get('email'),
experimenter.email)
form = MyAccountForm(data=request.POST.copy(),
initial={'groups': otherGroups},
email_check=email_check)
if form.is_valid():
firstName = form.cleaned_data['first_name']
middleName = form.cleaned_data['middle_name']
lastName = form.cleaned_data['last_name']
email = form.cleaned_data['email']
institution = form.cleaned_data['institution']
defaultGroupId = form.cleaned_data['default_group']
conn.updateMyAccount(experimenter, firstName, lastName, email,
defaultGroupId, middleName, institution)
return HttpResponseRedirect(reverse("wamyaccount"))
else:
form = MyAccountForm(
initial={
'omename': experimenter.omeName,
'first_name': experimenter.firstName,
'middle_name': experimenter.middleName,
'last_name': experimenter.lastName,
'email': experimenter.email,
'institution': experimenter.institution,
'default_group': defaultGroupId,
'groups': otherGroups
})
photo_size = conn.getExperimenterPhotoSize()
context = {
'form': form,
'ldapAuth': isLdapUser,
'experimenter': experimenter,
'ownedGroups': ownedGroups,
'password_form': password_form
}
context['template'] = template
return context
def change_password():
username = current_user.username
user = User.query.filter_by(username=username).first()
form = ChangePassword()
if form.validate_on_submit():
old_password = form.old_password.data
new_password = form.new_password.data
confirm_password = form.confirm_password.data
if (user and (check_password_hash(user.password, old_password) and
(new_password == confirm_password))):
update_password(user_id=user.id,
password=generate_password_hash(new_password))
return redirect(f"/user/{username}")
return render_template("change_password.html", form=form)
def manage_password(request, account_id, conn=None, **kwargs):
template = "omero_signup/password.html"
error = None
if request.method == 'POST':
password_form = ChangePassword(data=request.POST.copy())
if not password_form.is_valid():
error = password_form.errors
else:
old_password = password_form.cleaned_data['old_password']
password = password_form.cleaned_data['password']
if conn.isAdmin():
account = get_object_or_404(models.Account, pk=account_id)
account.password = password
account.save()
context = {'error': error, 'password_form': password_form, 'account_id': account_id}
context['template'] = template
return context
def change_password(request, username=None):
form = ChangePassword(request.POST or None)
message = None
if request.method == 'POST':
if form.is_valid():
if authenticate(username=request.user.username,
password=form.cleaned_data['current_password']):
request.user.set_password(form.cleaned_data['new_password'])
request.user.save()
#https://docs.djangoproject.com/en/1.7/topics/auth/default/#session-invalidation-on-password-change
update_session_auth_hash(request, request.user)
message = "Password actualizada"
else:
message = "No es la password actual"
else:
message = form.errors.as_data().itervalues().next()[0].message
context = {'form': form, 'message': message}
return render(request, 'clients/settings_password.html', context)
def reset_password(email):
try:
user = mongo.db.users
form = ChangePassword()
if form.validate_on_submit():
new_password = request.form['change_password']
hashed_password = bcrypt.generate_password_hash(
new_password).decode('utf-8')
findquery = {"email": email}
newquery = {"$set": {'password': hashed_password}}
status = user.update_one(findquery, newquery)
return "<h1>Successfully Changed</h1>"
else:
return render_template('reset_password.html',
form=form,
email=email)
except Exception:
return dumps({'status': 'error', 'message': str(Exception)})
def settings():
latest_messages = current_user.contacts_latest_messages()
password_form = ChangePassword()
wrong_password = False
if password_form.validate_on_submit():
if current_user.verify_password(password_form.old_password.data):
current_user.change_password(password_form.new_password.data)
db.session.commit()
flash(u"Nouveau mot de passe enregistré")
return redirect(url_for('auth.logout'))
else:
wrong_password = True
return render_template('prof/settings.html',
user=current_user.serialize(),
password_form=password_form,
wrong_password=wrong_password,
latest_messages=latest_messages)
def change_pass():
if 'email' in session:
return redirect(url_for('home'))
form = ChangePassword()
if request.method == 'POST':
if form.validate() is False:
return render_template('changepassword.html', form=form)
else:
user = db_session.query(User).filter_by(
email=form.email.data).first()
if user is not None:
ps_hash = bcrypt.generate_password_hash(form.password.data)
user.password = ps_hash
db_session.commit()
return redirect(url_for('login'))
else:
flash('User not in database.')
return render_template('changepassword.html', form=form)
elif request.method == 'GET':
return render_template('changepassword.html', form=form)
def change_pwd():
form = ChangePassword()
if form.validate_on_submit():
if form.curpwd.data==base64.b64decode(app.config['PASSWORD']):
if form.password1.data==form.password2.data:
s = 'USERNAME = "******"\nPASSWORD = "******"'.format(base64.b64encode(form.username.data), base64.b64encode(form.password1.data))
with open('auth.py', 'w') as f:
f.write(s)
if form.username.data!=base64.b64decode(app.config['USERNAME']):
flash('New username have been saved.')
app.config['USERNAME']=base64.b64encode(form.username.data)
if form.curpwd.data!=form.password1.data:
flash('Password was changed succesfully.')
app.config['PASSWORD']=base64.b64encode(form.password1.data)
logout_user()
else:
flash('Introduced a different passwords', 'error')
else:
flash('Entered an incorrect current password.', 'error')
return redirect(url_for('change_pwd'))
return render_template("password.html",
title = 'Change password', form = form, username=base64.b64decode(app.config['USERNAME']))
def changepass():
if (not session.get('logged-in')):
flash('LOGIN TO CONTINUE', 'danger')
return redirect(url_for('logout'))
form=ChangePassword()
if request.method=='POST':
if form.is_submitted():
oldp=form.oldpassword.data
dict1=dataret(session['email'])
if pbkdf2_sha256.verify(oldp,dict1['passwordd']):
cursor=mysql.connection.cursor()
newpassworda=pbkdf2_sha256.hash(form.password.data)
cursor.execute(f" UPDATE userinfo set passwordd = '{newpassworda}' where email='{session['email']}' ")
conn.commit()
flash('Update successfull', 'success')
return redirect(url_for('userhome'))
else:
flash('Enter Correct old password', 'danger')
return redirect(url_for('changepass'))
return render_template('newpass.html',form=form,title="Change Password")
def manage_password(request, eid, conn=None, **kwargs):
template = "webadmin/password.html"
error = None
if request.method == 'POST':
password_form = ChangePassword(data=request.POST.copy())
if not password_form.is_valid():
error = password_form.errors
else:
old_password = password_form.cleaned_data['old_password']
password = password_form.cleaned_data['password']
# if we're trying to change our own password...
if conn.getEventContext().userId == int(eid):
try:
conn.changeMyPassword(password, old_password)
except Exception, x:
error = x.message # E.g. old_password not valid
elif conn.isAdmin():
exp = conn.getObject("Experimenter", eid)
try:
conn.changeUserPassword(exp.omeName, password, old_password)
except Exception, x:
error = x.message
def manage_password(request, eid, conn=None, **kwargs):
template = "webadmin/password.html"
error = None
if request.method == 'POST':
password_form = ChangePassword(data=request.POST.copy())
if not password_form.is_valid():
error = password_form.errors
else:
old_password = password_form.cleaned_data['old_password']
password = password_form.cleaned_data['password']
# if we're trying to change our own password...
if conn.getEventContext().userId == int(eid):
try:
conn.changeMyPassword(password, old_password)
except Exception, x:
error = x.message # E.g. old_password not valid
elif conn.isAdmin():
exp = conn.getObject("Experimenter", eid)
try:
conn.changeUserPassword(exp.omeName, password, old_password)
except Exception, x:
error = x.message
def manage_password(request, eid, **kwargs):
experimenters = True
template = "webadmin/password.html"
conn = None
try:
conn = kwargs["conn"]
except:
logger.error(traceback.format_exc())
info = {'today': _("Today is %(tday)s") % {'tday': datetime.date.today()}, 'experimenters':experimenters}
eventContext = {'userName':conn.getEventContext().userName, 'isAdmin':conn.getEventContext().isAdmin, 'version': request.session.get('version')}
error = None
if request.method != 'POST':
password_form = ChangePassword()
else:
password_form = ChangePassword(data=request.POST.copy())
if password_form.is_valid():
old_password = password_form.cleaned_data['old_password']
password = password_form.cleaned_data['password']
if conn.isAdmin():
exp = conn.getExperimenter(eid)
try:
conn.changeUserPassword(exp.omeName, password, old_password)
except Exception, x:
error = x.message
else:
request.session['password'] = password
return HttpResponseRedirect(reverse(viewname="wamanageexperimenterid", args=["edit", eid]))
else:
try:
conn.changeMyPassword(password, old_password)
except Exception, x:
error = x.message
else:
def change_password():
change_pw_form = ChangePassword()
if request.method == "POST":
if not check_password_hash(current_user.password,
change_pw_form.current_password.data):
flash("Current password does not match. Please try again.")
return redirect(url_for('change_password'))
elif not change_pw_form.new_password.data == change_pw_form.confirm_new_password.data:
flash("Passwords do not match. Please try again.")
return redirect(url_for('change_password'))
else:
flash("Password changed successfully.")
return redirect(url_for('edit_profile'))
new_password = change_pw_form.new_password.data
current_user.password = generate_password_hash(
new_password, method='pbkdf2:sha256', salt_length=8)
db.session.commit()
return render_template("change-password.html",
current_user=current_user,
form=change_pw_form)
def manage_experimenter(request, action, eid=None, conn=None, **kwargs):
template = "webadmin/experimenter_form.html"
groups = list(conn.getObjects("ExperimenterGroup"))
groups.sort(key=lambda x: x.getName().lower())
if action == 'new':
form = ExperimenterForm(
initial={
'with_password': True,
'active': True,
'groups': otherGroupsInitialList(groups)
})
context = {'form': form}
elif action == 'create':
if request.method != 'POST':
return HttpResponseRedirect(
reverse(viewname="wamanageexperimenterid", args=["new"]))
else:
name_check = conn.checkOmeName(request.REQUEST.get('omename'))
email_check = conn.checkEmail(request.REQUEST.get('email'))
initial = {
'with_password': True,
'groups': otherGroupsInitialList(groups)
}
form = ExperimenterForm(initial=initial,
data=request.REQUEST.copy(),
name_check=name_check,
email_check=email_check)
if form.is_valid():
logger.debug("Create experimenter form:" +
str(form.cleaned_data))
omename = form.cleaned_data['omename']
firstName = form.cleaned_data['first_name']
middleName = form.cleaned_data['middle_name']
lastName = form.cleaned_data['last_name']
email = form.cleaned_data['email']
institution = form.cleaned_data['institution']
admin = toBoolean(form.cleaned_data['administrator'])
active = toBoolean(form.cleaned_data['active'])
defaultGroup = form.cleaned_data['default_group']
otherGroups = form.cleaned_data['other_groups']
password = form.cleaned_data['password']
# default group
# if default group was not selected take first from the list.
if defaultGroup is None:
defaultGroup = otherGroups[0]
for g in groups:
if long(defaultGroup) == g.id:
dGroup = g
break
listOfOtherGroups = set()
# rest of groups
for g in groups:
for og in otherGroups:
# remove defaultGroup from otherGroups if contains
if long(og) == long(dGroup.id):
pass
elif long(og) == g.id:
listOfOtherGroups.add(g)
conn.createExperimenter(omename, firstName, lastName, email,
admin, active, dGroup,
listOfOtherGroups, password,
middleName, institution)
return HttpResponseRedirect(reverse("waexperimenters"))
context = {'form': form}
elif action == 'edit':
experimenter, defaultGroup, otherGroups, isLdapUser, hasAvatar = prepare_experimenter(
conn, eid)
try:
defaultGroupId = defaultGroup.id
except:
defaultGroupId = None
initial = {
'omename': experimenter.omeName,
'first_name': experimenter.firstName,
'middle_name': experimenter.middleName,
'last_name': experimenter.lastName,
'email': experimenter.email,
'institution': experimenter.institution,
'administrator': experimenter.isAdmin(),
'active': experimenter.isActive(),
'default_group': defaultGroupId,
'other_groups': [g.id for g in otherGroups],
'groups': otherGroupsInitialList(groups)
}
experimenter_is_me = (conn.getEventContext().userId == long(eid))
form = ExperimenterForm(experimenter_is_me=experimenter_is_me,
initial=initial)
password_form = ChangePassword()
context = {
'form': form,
'eid': eid,
'ldapAuth': isLdapUser,
'password_form': password_form
}
elif action == 'save':
experimenter, defaultGroup, otherGroups, isLdapUser, hasAvatar = prepare_experimenter(
conn, eid)
if request.method != 'POST':
return HttpResponseRedirect(
reverse(viewname="wamanageexperimenterid",
args=["edit", experimenter.id]))
else:
name_check = conn.checkOmeName(request.REQUEST.get('omename'),
experimenter.omeName)
email_check = conn.checkEmail(request.REQUEST.get('email'),
experimenter.email)
initial = {
'active': True,
'groups': otherGroupsInitialList(groups)
}
form = ExperimenterForm(initial=initial,
data=request.POST.copy(),
name_check=name_check,
email_check=email_check)
if form.is_valid():
logger.debug("Update experimenter form:" +
str(form.cleaned_data))
omename = form.cleaned_data['omename']
firstName = form.cleaned_data['first_name']
middleName = form.cleaned_data['middle_name']
lastName = form.cleaned_data['last_name']
email = form.cleaned_data['email']
institution = form.cleaned_data['institution']
admin = toBoolean(form.cleaned_data['administrator'])
active = toBoolean(form.cleaned_data['active'])
if experimenter.getId() == conn.getUserId():
active = True # don't allow user to disable themselves!
defaultGroup = form.cleaned_data['default_group']
otherGroups = form.cleaned_data['other_groups']
# default group
# if default group was not selected take first from the list.
if defaultGroup is None:
defaultGroup = otherGroups[0]
for g in groups:
if long(defaultGroup) == g.id:
dGroup = g
break
listOfOtherGroups = set()
# rest of groups
for g in groups:
for og in otherGroups:
# remove defaultGroup from otherGroups if contains
if long(og) == long(dGroup.id):
pass
elif long(og) == g.id:
listOfOtherGroups.add(g)
conn.updateExperimenter(experimenter, omename, firstName,
lastName, email, admin, active, dGroup,
listOfOtherGroups, middleName,
institution)
return HttpResponseRedirect(reverse("waexperimenters"))
context = {'form': form, 'eid': eid, 'ldapAuth': isLdapUser}
#elif action == "delete":
# conn.deleteExperimenter()
# return HttpResponseRedirect(reverse("waexperimenters"))
else:
return HttpResponseRedirect(reverse("waexperimenters"))
context['template'] = template
return context
def manage_experimenter(request, action, eid=None, conn=None, **kwargs):
template = "webadmin/experimenter_form.html"
groups = list(conn.getObjects("ExperimenterGroup"))
groups.sort(key=lambda x: x.getName().lower())
user_privileges = conn.get_privileges_for_form(
conn.getCurrentAdminPrivileges())
can_modify_user = '******' in user_privileges
if action == 'new':
form = ExperimenterForm(can_modify_user=can_modify_user,
user_privileges=user_privileges,
initial={
'with_password': True,
'active': True,
'groups': otherGroupsInitialList(groups)
})
admin_groups = [
conn.getAdminService().getSecurityRoles().systemGroupId
]
context = {
'form': form,
'admin_groups': admin_groups,
'can_modify_user': can_modify_user
}
elif action == 'create':
if request.method != 'POST':
return HttpResponseRedirect(
reverse(viewname="wamanageexperimenterid", args=["new"]))
else:
name_check = conn.checkOmeName(request.POST.get('omename'))
email_check = conn.checkEmail(request.POST.get('email'))
my_groups = getSelectedGroups(conn,
request.POST.getlist('other_groups'))
initial = {
'with_password': True,
'my_groups': my_groups,
'groups': otherGroupsInitialList(groups)
}
# This form may be returned to user if invalid
# Needs user_privileges & can_modify_user for this
form = ExperimenterForm(can_modify_user=can_modify_user,
user_privileges=user_privileges,
initial=initial,
data=request.POST.copy(),
name_check=name_check,
email_check=email_check)
if form.is_valid():
logger.debug("Create experimenter form:" +
str(form.cleaned_data))
omename = form.cleaned_data['omename']
firstName = form.cleaned_data['first_name']
middleName = form.cleaned_data['middle_name']
lastName = form.cleaned_data['last_name']
email = form.cleaned_data['email']
institution = form.cleaned_data['institution']
role = form.cleaned_data['role']
admin = role in ('administrator', 'restricted_administrator')
active = form.cleaned_data['active']
defaultGroup = form.cleaned_data['default_group']
otherGroups = form.cleaned_data['other_groups']
password = form.cleaned_data['password']
# default group
# if default group was not selected take first from the list.
if defaultGroup is None:
defaultGroup = otherGroups[0]
privileges = conn.get_privileges_from_form(form)
if privileges is not None:
# Only process privileges that we have permission to set
privileges = [
p for p in privileges
if p in conn.getCurrentAdminPrivileges()
]
# Create a User, Restricted-Admin or Admin, based on privileges
conn.createExperimenter(omename, firstName, lastName, email,
admin, active, defaultGroup,
otherGroups, password, privileges,
middleName, institution)
return HttpResponseRedirect(reverse("waexperimenters"))
# Handle invalid form
context = {'form': form, 'can_modify_user': can_modify_user}
elif action == 'edit':
experimenter, defaultGroup, otherGroups, isLdapUser, hasAvatar = \
prepare_experimenter(conn, eid)
try:
defaultGroupId = defaultGroup.id
except:
defaultGroupId = None
initial = {
'omename': experimenter.omeName,
'first_name': experimenter.firstName,
'middle_name': experimenter.middleName,
'last_name': experimenter.lastName,
'email': experimenter.email,
'institution': experimenter.institution,
'active': experimenter.isActive(),
'default_group': defaultGroupId,
'my_groups': otherGroups,
'other_groups': [g.id for g in otherGroups],
'groups': otherGroupsInitialList(groups)
}
# Load 'AdminPrivilege' roles for 'initial'
privileges = conn.getAdminPrivileges(experimenter.id)
for p in conn.get_privileges_for_form(privileges):
initial[p] = True
role = 'user'
if experimenter.isAdmin():
if 'ReadSession' in privileges:
role = 'administrator'
else:
role = 'restricted_administrator'
initial['role'] = role
root_id = [conn.getAdminService().getSecurityRoles().rootId]
user_id = conn.getUserId()
experimenter_root = long(eid) == root_id
experimenter_me = long(eid) == user_id
form = ExperimenterForm(can_modify_user=can_modify_user,
user_privileges=user_privileges,
experimenter_me=experimenter_me,
experimenter_root=experimenter_root,
initial=initial)
password_form = ChangePassword()
admin_groups = [
conn.getAdminService().getSecurityRoles().systemGroupId
]
context = {
'form': form,
'eid': eid,
'ldapAuth': isLdapUser,
'can_modify_user': can_modify_user,
'password_form': password_form,
'admin_groups': admin_groups
}
elif action == 'save':
experimenter, defaultGroup, otherGroups, isLdapUser, hasAvatar = \
prepare_experimenter(conn, eid)
if request.method != 'POST':
return HttpResponseRedirect(
reverse(viewname="wamanageexperimenterid",
args=["edit", experimenter.id]))
else:
name_check = conn.checkOmeName(request.POST.get('omename'),
experimenter.omeName)
email_check = conn.checkEmail(request.POST.get('email'),
experimenter.email)
my_groups = getSelectedGroups(conn,
request.POST.getlist('other_groups'))
initial = {
'my_groups': my_groups,
'groups': otherGroupsInitialList(groups)
}
form = ExperimenterForm(can_modify_user=can_modify_user,
user_privileges=user_privileges,
initial=initial,
data=request.POST.copy(),
name_check=name_check,
email_check=email_check)
if form.is_valid():
logger.debug("Update experimenter form:" +
str(form.cleaned_data))
omename = form.cleaned_data['omename']
firstName = form.cleaned_data['first_name']
middleName = form.cleaned_data['middle_name']
lastName = form.cleaned_data['last_name']
email = form.cleaned_data['email']
institution = form.cleaned_data['institution']
role = form.cleaned_data['role']
admin = role in ('administrator', 'restricted_administrator')
active = form.cleaned_data['active']
rootId = conn.getAdminService().getSecurityRoles().rootId
# User can't disable themselves or 'root'
if experimenter.getId() in [conn.getUserId(), rootId]:
# disabled checkbox not in POST: do it manually
active = True
defaultGroup = form.cleaned_data['default_group']
otherGroups = form.cleaned_data['other_groups']
# default group
# if default group was not selected take first from the list.
if defaultGroup is None:
defaultGroup = otherGroups[0]
for g in groups:
if long(defaultGroup) == g.id:
dGroup = g
break
listOfOtherGroups = set()
# rest of groups
for g in groups:
for og in otherGroups:
# remove defaultGroup from otherGroups if contains
if long(og) == long(dGroup.id):
pass
elif long(og) == g.id:
listOfOtherGroups.add(g)
# Update 'AdminPrivilege' config roles for user
privileges = conn.get_privileges_from_form(form)
if privileges is None:
privileges = []
# Only process privileges that we have permission to set
to_add = []
to_remove = []
for p in conn.getCurrentAdminPrivileges():
if p in privileges:
to_add.append(p)
else:
to_remove.append(p)
conn.updateAdminPrivileges(experimenter.id, to_add, to_remove)
conn.updateExperimenter(experimenter, omename, firstName,
lastName, email, admin, active, dGroup,
listOfOtherGroups, middleName,
institution)
return HttpResponseRedirect(reverse("waexperimenters"))
context = {
'form': form,
'eid': eid,
'ldapAuth': isLdapUser,
'can_modify_user': can_modify_user
}
else:
return HttpResponseRedirect(reverse("waexperimenters"))
context['template'] = template
return context
def userAdmin(request, userId2):
WEB_FILES, LIVE_SITE, totalNumberOfGames, sendBackUrl, startOffset, \
user, userId, message, topHits, topRated = initialVars(request)
#log(request, 'USERADMINPAGE', 'just landed', sendBackUrl)
# need to convert to strings otherwise methods are unhappy.
# (should look into why this is.... TODO)
userId = str(userId)
userId2 = str(userId2)
# set sendBackUrl to their userPage if they logout
sendBackUrl = "/user/" + userId
# This will see if the user who's page is queried exists.
try:
userAdmin = User.objects.get(id__exact=userId)
except ObjectDoesNotExist:
request.session['message'] = "Something is amiss with your session.\
Please log in again!"
return HttpResponseRedirect('/')
if user == None:
request.session['message'] = "Something is amiss with your session.\
Please log in again."
return HttpResponseRedirect('/')
elif user != userAdmin:
request.session['message'] = "You aren't allowed on that page!"
return HttpResponseRedirect('/')
elif int(userId) != int(userId2):
# just another paranoid check
request.session['message'] = "You aren't allowed on that page!"
return HttpResponseRedirect('/')
if request.method == 'GET':
# forms to change password and description
try:
userDescription = UserProfile.objects.get(user=user)
except ObjectDoesNotExist:
userDescription = None
passwordForm = ChangePassword(initial={'username': user.username})
descriptionForm = UserDescription(initial={
'userId': userId,
'description': userDescription
})
elif request.method == 'POST':
whichform = request.POST.get('descriptionName', '')
if whichform:
# Form is description form
descriptionForm = UserDescription(request.POST)
if descriptionForm.is_valid():
userFromProfile = descriptionForm.cleaned_data['userId']
description = descriptionForm.cleaned_data['description']
try:
userDescription = UserProfile.objects.get(user=user)
except ObjectDoesNotExist:
userDescription = None
if userDescription == None:
userDescription = UserProfile(user=user, description=description)
else:
userDescription.description = description
userDescription.save()
#log(request, 'USERADMINPAGE', 'modified description', sendBackUrl)
message = "The description has been changed. Perhaps to something\
more meaningful. Perhaps to less. Tough to say."
else:
# need to reload to User Admin Page with all variables
message = "Dude, something went wrong. Why you trying to hack our\
system?"
#log(request, 'USERADMINPAGEERROR', 'failed to modify description', sendBackUrl)
# passwordForm = ChangePassword(initial={'username': user.username})
# return render_to_response('useradmin.html' , locals())
passwordForm = ChangePassword(initial={'username': user.username})
return render_to_response('useradmin.html' , locals())
else:
# Password form is submitted, POST
# First reinitialize the description form.
try:
userDescription = UserProfile.objects.get(user=user)
except ObjectDoesNotExist:
userDescription = None
descriptionForm = UserDescription(initial={
'userId': userId,
'description': userDescription
})
passwordForm = ChangePassword(request.POST)
if passwordForm.is_valid():
username = passwordForm.cleaned_data['username']
passwordOld = passwordForm.cleaned_data['passwordOld']
passwordNew1 = passwordForm.cleaned_data['passwordNew1']
passwordNew2 = passwordForm.cleaned_data['passwordNew2']
else:
# need to reload to User Admin Page with all variables
#log(request, 'USERADMINPAGEERROR', 'Password Form not valid', sendBackUrl)
return render_to_response('useradmin.html' , locals())
if passwordNew1 != passwordNew2:
#log(request, 'USERADMINPAGEERROR', 'Passwords do not match', sendBackUrl)
message = "Passwords do not match!"
return render_to_response('useradmin.html' , locals())
try:
#Check username from hidden field against user.username from session
if user.username != username:
message = "User Names don't match. Something Funny's going on."
return render_to_response('useradmin.html' , locals())
# get user again based upon username just to be sure.
u = User.objects.get(username__exact=username)
if u:
verifyOldPassword = u.check_password(passwordOld)
if verifyOldPassword:
u.set_password(passwordNew1)
u.save()
#log(request, 'USERADMINPAGE', 'Successfully Changed passwords', sendBackUrl)
else:
message = "Old Password did not match!"
#log(request, 'USERADMINPAGEERROR', 'Old Password did not match', sendBackUrl)
return render_to_response('useradmin.html' , locals())
request.session['message'] = "Password has been changed. Now go do something productive!"
return HttpResponseRedirect("/useradmin/" + userId)
#return render_to_response('useradmin.html' , locals())
else: # No user id?! Just return the user to the home page.
return HttpResponseRedirect('/')
except:
# TODO log that there was an invalid POST
#log(request, 'USERADMINPAGEERROR', 'invalid form POST', sendBackUrl)
return HttpResponseRedirect('/')
return render_to_response('useradmin.html', locals())
def userAdmin(request, userId2):
WEB_FILES, LIVE_SITE, totalNumberOfGames, sendBackUrl, startOffset, \
user, userId, message, topHits, topRated = initialVars(request)
#log(request, 'USERADMINPAGE', 'just landed', sendBackUrl)
# need to convert to strings otherwise methods are unhappy.
# (should look into why this is.... TODO)
userId = str(userId)
userId2 = str(userId2)
# set sendBackUrl to their userPage if they logout
sendBackUrl = "/user/" + userId
# This will see if the user who's page is queried exists.
try:
userAdmin = User.objects.get(id__exact=userId)
except ObjectDoesNotExist:
request.session['message'] = "Something is amiss with your session.\
Please log in again!"
return HttpResponseRedirect('/')
if user == None:
request.session['message'] = "Something is amiss with your session.\
Please log in again."
return HttpResponseRedirect('/')
elif user != userAdmin:
request.session['message'] = "You aren't allowed on that page!"
return HttpResponseRedirect('/')
elif int(userId) != int(userId2):
# just another paranoid check
request.session['message'] = "You aren't allowed on that page!"
return HttpResponseRedirect('/')
if request.method == 'GET':
# forms to change password and description
try:
userDescription = UserProfile.objects.get(user=user)
except ObjectDoesNotExist:
userDescription = None
passwordForm = ChangePassword(initial={'username': user.username})
descriptionForm = UserDescription(initial={
'userId': userId,
'description': userDescription
})
elif request.method == 'POST':
whichform = request.POST.get('descriptionName', '')
if whichform:
# Form is description form
descriptionForm = UserDescription(request.POST)
if descriptionForm.is_valid():
userFromProfile = descriptionForm.cleaned_data['userId']
description = descriptionForm.cleaned_data['description']
try:
userDescription = UserProfile.objects.get(user=user)
except ObjectDoesNotExist:
userDescription = None
if userDescription == None:
userDescription = UserProfile(user=user,
description=description)
else:
userDescription.description = description
userDescription.save()
#log(request, 'USERADMINPAGE', 'modified description', sendBackUrl)
message = "The description has been changed. Perhaps to something\
more meaningful. Perhaps to less. Tough to say."
else:
# need to reload to User Admin Page with all variables
message = "Dude, something went wrong. Why you trying to hack our\
system?"
#log(request, 'USERADMINPAGEERROR', 'failed to modify description', sendBackUrl)
# passwordForm = ChangePassword(initial={'username': user.username})
# return render_to_response('useradmin.html' , locals())
passwordForm = ChangePassword(initial={'username': user.username})
return render_to_response('useradmin.html', locals())
else:
# Password form is submitted, POST
# First reinitialize the description form.
try:
userDescription = UserProfile.objects.get(user=user)
except ObjectDoesNotExist:
userDescription = None
descriptionForm = UserDescription(initial={
'userId': userId,
'description': userDescription
})
passwordForm = ChangePassword(request.POST)
if passwordForm.is_valid():
username = passwordForm.cleaned_data['username']
passwordOld = passwordForm.cleaned_data['passwordOld']
passwordNew1 = passwordForm.cleaned_data['passwordNew1']
passwordNew2 = passwordForm.cleaned_data['passwordNew2']
else:
# need to reload to User Admin Page with all variables
#log(request, 'USERADMINPAGEERROR', 'Password Form not valid', sendBackUrl)
return render_to_response('useradmin.html', locals())
if passwordNew1 != passwordNew2:
#log(request, 'USERADMINPAGEERROR', 'Passwords do not match', sendBackUrl)
message = "Passwords do not match!"
return render_to_response('useradmin.html', locals())
try:
#Check username from hidden field against user.username from session
if user.username != username:
message = "User Names don't match. Something Funny's going on."
return render_to_response('useradmin.html', locals())
# get user again based upon username just to be sure.
u = User.objects.get(username__exact=username)
if u:
verifyOldPassword = u.check_password(passwordOld)
if verifyOldPassword:
u.set_password(passwordNew1)
u.save()
#log(request, 'USERADMINPAGE', 'Successfully Changed passwords', sendBackUrl)
else:
message = "Old Password did not match!"
#log(request, 'USERADMINPAGEERROR', 'Old Password did not match', sendBackUrl)
return render_to_response('useradmin.html', locals())
request.session[
'message'] = "Password has been changed. Now go do something productive!"
return HttpResponseRedirect("/useradmin/" + userId)
#return render_to_response('useradmin.html' , locals())
else: # No user id?! Just return the user to the home page.
return HttpResponseRedirect('/')
except:
# TODO log that there was an invalid POST
#log(request, 'USERADMINPAGEERROR', 'invalid form POST', sendBackUrl)
return HttpResponseRedirect('/')
return render_to_response('useradmin.html', locals())
