def profileUpdate():
profileUpdateForm = forms.profileUpdateForm()
db = get_db()
if profileUpdateForm.validate_on_submit():
#make sure password is correct again
userSecurity = userDAO.userDAO(db)
user = userSecurity.validate_login(session['user'],
profileUpdateForm.oldPassword.data)
if user != None:
additionalInfo = {}
for field in profileUpdateForm:
#its ok to do the password update now because update_user checks for it
if field.name not in [
'csrf_token', 'passwordConf', 'oldPassword'
] and field.data != '':
additionalInfo[field.name] = field.data
userSecurity.update_user(session['user'], additionalInfo)
flash('Information was changed successfully')
return redirect('/')
else:
flash('Incorrect Password Entered')
return render_template('profile.html',
profileUpdateForm=profileUpdateForm)
else:
flash('Form is missing required information')
return render_template('profile.html',
profileUpdateForm=profileUpdateForm)
def forgotPassword():
forgotPasswordForm = forms.forgotPasswordForm()
if forgotPasswordForm.validate_on_submit():
db = get_db()
user = db.users.find_one(
{'_id': forgotPasswordForm.userName.data.lower()})
if (user == None):
statusMessage = {
'heading': 'Failure',
'body':
'Sorry, that user name is not registered on our website.'
}
return render_template('forgotlogininfo.html',
statusMessage=statusMessage)
else:
userSecurity = userDAO.userDAO(db)
unhashedPassword = userSecurity.reset_password(user['_id'])
#mailing.send_forgot_password_mail({'_id':user['_id'],'email':user['email'],'password':unhashedPassword})
statusMessage = {
'heading':
'Success',
'body':
'The new password was sent successfully to your email address.'
}
return render_template('forgotlogininfo.html',
statusMessage=statusMessage)
return render_template('forgotlogininfo.html',
forgotPasswordForm=forgotPasswordForm)
def profile():
db = get_db()
infoToInclude = {
'_id': 0,
'mobilePhone': 1,
'company': 1,
'country': 1,
'street': 1,
'city': 1,
'firstName': 1,
'zip': 1,
'state': 1,
'lastName': 1,
'email': 1,
'officePhone': 1
}
userInfo = db.users.find_one({'_id': session['user']}, infoToInclude)
profileUpdateForm = forms.profileUpdateForm(userInfo)
return render_template('profile.html',
profileUpdateForm=profileUpdateForm,
user=session['user'])
def chatMsg(user, fname, lname, data, room, tStamp):
#
# #msgs.insert({'post':message})
# if message != 'connected':
#
# msgsCol.insert({'user':message['user'], 'msg':message['post']})
#
# emit('update', message, broadcast=True)
db = get_db()
db.msgs.insert({
'room': room,
'user': user,
'fname': fname,
'lname': lname,
'msg': data,
'time': tStamp
})
emit('chatMsg', {
'user': user,
'fname': fname,
'lname': lname,
'data': data,
'room': room,
'time': tStamp
},
broadcast=True)
def forgotUserName():
forgotUserForm = forms.forgotUserForm()
if forgotUserForm.validate_on_submit():
db = get_db()
user = db.users.find_one({'email': forgotUserForm.email.data})
if (user == None):
statusMessage = {
'heading':
'Failure',
'body':
'Sorry, that email address is not registered on our website.'
}
return render_template('forgotlogininfo.html',
statusMessage=statusMessage)
else:
#mailing.send_forgot_username_mail({'_id':user['_id'],'email':user['email']})
statusMessage = {
'heading':
'Success',
'body':
'The user name was sent successfully to your email address.'
}
return render_template('forgotlogininfo.html',
statusMessage=statusMessage)
return render_template('forgotlogininfo.html',
forgotUserForm=forgotUserForm)
def checkUsersOnlineConfirm(user, mode, status, fname, lname, tStamp):
if mode == 'client':
db = get_db()
cur = [
msg
for msg in db.msgs.find({
'room': status,
'msg': {
'$exists': True
}
}, {
'_id': 0
}).sort([('$natural', -1)]).limit(20)
]
emit('checkUsersOnlineConfirm', {
'msgs': cur,
'user': user,
'mode': mode,
'room': status,
'fname': fname,
'lname': lname,
'time': tStamp
},
broadcast=True)
elif mode == 'staff':
emit('checkUsersOnlineConfirm', {
'user': user,
'mode': mode,
'status': status,
'fname': fname,
'lname': lname,
'time': tStamp
},
broadcast=True)
def userDisconnect(user, room, fname, lname, tStamp):
db = get_db()
db.msgs.insert({
'room': room,
'user': user,
'fname': fname,
'lname': lname,
'left': True,
'time': tStamp
})
emit('userDisconnect', {
'ok': 1,
'user': user,
'room': room,
'fname': fname,
'lname': lname,
'time': tStamp
},
broadcast=True)
if room != 'LOCAL':
msgs = [
msg
for msg in db.msgs.find({
'room': room,
'msg': {
'$exists': True
}
}, {
'_id': 0
}).sort([('$natural', 1)])
]
print msgs
if msgs:
mailing.send_create_ticket_email(user, fname, lname, msgs, room)
def verifyregisterAdmin():
registerForm = forms.registerForm()
if registerForm.validate_on_submit():
db = get_db()
#check that the passwords match (and possibly other checks)
#TODO all possible server side checks
if (registerForm.passwordReg.data != registerForm.passwordConf.data):
flash("Error, passwords do not match", 'danger')
return redirect('/register')
#check that username does not already exist
elif (db.users.find({
'_id': registerForm.userNameReg.data
}).count() != 0):
flash("Error, user already exists", 'danger')
return redirect('/register')
else:
#access level idea: 4 = unverified, 3 = limited, 2 = standard, 1 = administrator, 0 = banned
#TODO handle a failure
additionalInfo = {}
#add all of the other form fields to the database
for field in registerForm:
#make sure not to overwrite unsecure values
if field.name not in [
'csrf_token', 'passwordReg', 'passwordConf',
'createLinuxUser', 'userNameReg'
]:
additionalInfo[field.name] = field.data
userSecurity = userDAO.userDAO(db)
#hashing the username makes the confirm url extremely difficult to guess (and look long, as expected)
user = userSecurity.add_user(registerForm.userNameReg.data,
registerForm.passwordReg.data,
registerForm.email.data, 2,
additionalInfo)
header = 'Registration Complete'
body = 'The account has been added to the database successfully.'
return render_template('completepage.html',
header=header,
body=body)
else:
flash("Form is missing required information, please check below",
'info')
return render_template('register.html',
registerForm=registerForm,
registerURL=url_for('verifyregisterAdmin'))
def activate_user_admin_confirm(user_hash_admin):
db = get_db()
db.users.update({'userHashAdmin': user_hash_admin}, {'$set': {'level': 2}})
user = db.users.find_one({'userHashAdmin': user_hash_admin}, {
'firstName': 1,
'email': 1,
'_id': 0
})
#mailing.send_user_activated_mail(user)
flash('user has been activated', 'info')
return redirect('/')
def getlocalmsgs():
#'natural' is a built in mongo to get the insertion order
db = get_db()
cur = [
msg for msg in db.msgs.find({
'room': 'LOCAL',
'msg': {
'$exists': True
}
}, {
'_id': 0
}).sort([('$natural', -1)]).limit(20)
]
#python slice syntax for [::-1] is to reverse the send order.
return jsonify({'msgs': cur[::-1]})
def activate_user_client(user_hash, ):
db = get_db()
found_user = db.users.find_one({'userHash': user_hash})
if 'level' in found_user:
#mailing.send_awaiting_confirm_mail_admin(found_user)
db.users.update({'userHash': user_hash}, {'$set': {'level': 2}})
header = "Success"
body = "<p>The email address has been verified.</p>"
session.clear()
flash("You were logged out automatically")
return render_template('completepage.html', header=header, body=body)
else:
flash('This user already activated', 'info')
return redirect('/')
def activate_user_admin(user_hash_admin):
db = get_db()
confirm = forms.confirmUserForm()
found_user = db.users.find_one({'userHashAdmin': user_hash_admin})
if not found_user:
return abort(404)
else:
if found_user['level'] not in [3, 4]:
flash('user already activated', 'info')
return redirect('/')
else:
return render_template('activateconfirm.html',
confirm=confirm,
user_hash_admin=user_hash_admin,
user=found_user['_id'])
def joined(user, mode, room, fname, lname, tStamp):
#at some point, twisted will be implemented instead of this
#loggedIn.addUser(user)
#print loggedIn.getUsers()
db = get_db()
db.msgs.insert({
'room': room,
'user': user,
'fname': fname,
'lname': lname,
'joined': True,
'time': tStamp
})
emit('joined', {
'user': user,
'mode': mode,
'room': room,
'fname': fname,
'lname': lname,
'time': tStamp
},
broadcast=True)
def resendactivationemail():
#make sure the user is not already verified
if 'level' in session and session['level'] < 4:
header = "User Already Registered"
body = "<p>It seems you are already registered, so no need to re-send the email"
return render_template('completepage.html',
header=header,
body=body,
user=session['user'])
else:
db = get_db()
user = db.users.find_one({'_id': session['user']}, {
'_id': 1,
'userHash': 1,
'email': 1
})
#mailing.send_awaiting_confirm_mail({'_id':user['_id'],'email':user['email'], 'userHash':user['userHash']})
header = "Verification Email Re-sent"
body = "<p>OK. The verification email was sent to the provided email address again."
return render_template('completepage.html',
header=header,
body=body,
user=session['user'])
def verifylogin():
loginForm = forms.loginForm()
if loginForm.validate_on_submit():
db = get_db()
userSecurity = userDAO.userDAO(db)
user = userSecurity.validate_login(loginForm.userName.data.lower(),
loginForm.password.data)
if user == None:
ldap_validated = check_credentials(loginForm.userName.data.lower(),
loginForm.password.data)
if ldap_validated is True:
session['level'] = 2
session['user'] = loginForm.userName.data
realName = get_name_from_username(loginForm.userName.data)
if realName:
session['fname'] = realName[0]
session['lname'] = realName[1]
else:
session['fname'] = loginForm.userName.data
session['lname'] = ''
session['aduser'] = True
elif ldap_validated[1] == 0:
header = "Login Error"
body = """<p>Sorry, this username / password combination was not found in the database</p>
"""
return render_template("completepage.html",
header=header,
body=body,
loginForm=loginForm)
else:
header = "Login Error / Active Directory Error"
body = """<p>Sorry, this username / password combination was not found in the local database</p>
<p>Additionally, the active directory server is not responding to our queries, please contact a system administrator or use a local account.</p>"""
return render_template("completepage.html",
header=header,
body=body,
loginForm=loginForm)
else:
session['level'] = user['level']
session['user'] = user['_id']
session['fname'] = user['firstName']
session['lname'] = user['lastName']
session['aduser'] = False
if 'wantsurl' in request.form:
return redirect(request.form['wantsurl'])
else:
return redirect('/')
header = "Login Error"
body = """<p>Sorry, this username / password combination was not found in the database</p>"""
return render_template("completepage.html",
header=header,
body=body,
loginForm=loginForm)