示例#1
0
文件: login.py 项目: btbytes/lastuser
def reset_email(userid, secret):
    logout_internal()
    user = User.query.filter_by(userid=userid).first()
    if not user:
        abort(404)
    resetreq = PasswordResetRequest.query.filter_by(user=user, reset_code=secret).first()
    if not resetreq:
        return render_message(title="Invalid reset link",
            message=Markup("The reset link you clicked on is invalid."))
    if resetreq.created_at < datetime.utcnow() - timedelta(days=1):
        # Reset code has expired (> 24 hours). Delete it
        db.session.delete(resetreq)
        db.session.commit()
        return render_message(title="Expired reset link",
            message=Markup("The reset link you clicked on has expired."))

    # Reset code is valid. Now ask user to choose a new password
    form = PasswordResetForm()
    if form.validate_on_submit():
        user.password = form.password.data
        db.session.delete(resetreq)
        db.session.commit()
        return render_message(title="Password reset complete", message=Markup(
            'Your password has been reset. You may now <a href="%s">login</a> with your new password.' % escape(url_for('login'))))
    return render_form(form=form, title="Reset password", formid='reset', submit="Reset password",
        message=Markup('Hello, <strong>%s</strong>. You may now choose a new password.' % user.fullname),
        ajax=True)
示例#2
0
def client_edit(key):
    client = Client.query.filter_by(key=key).first_or_404()
    if not client.owner_is(g.user):
        abort(403)

    form = RegisterClientForm(obj=client)
    form.edit_obj = client
    form.client_owner.choices = available_client_owners()
    if request.method == 'GET':
        if client.user:
            form.client_owner.data = client.user.userid
        else:
            form.client_owner.data = client.org.userid

    if form.validate_on_submit():
        if client.user != form.user or client.org != form.org:
            # Ownership has changed. Remove existing permission assignments
            for perm in UserClientPermissions.query.filter_by(client=client).all():
                db.session.delete(perm)
            for perm in TeamClientPermissions.query.filter_by(client=client).all():
                db.session.delete(perm)
            flash("This application’s owner has changed, so all previously assigned permissions "
                "have been revoked", "warning")
        form.populate_obj(client)
        client.user = form.user
        client.org = form.org
        db.session.commit()
        return render_redirect(url_for('client_info', key=client.key), code=303)

    return render_form(form=form, title="Edit application", formid="client_edit",
        submit="Save changes", ajax=True)
示例#3
0
def resource_action_edit(key, idr, ida):
    client = Client.query.filter_by(key=key).first()
    if not client:
        abort(404)
    if client.user != g.user:
        abort(403)
    resource = Resource.query.get(idr)
    if not resource:
        abort(404)
    action = ResourceAction.query.get(ida)
    if not action:
        abort(404)
    form = ResourceActionForm()
    form.edit_id = None
    form.edit_resource = resource
    if request.method == 'GET':
        form.name.data = action.name
        form.title.data = action.title
        form.description.data = action.description
    if form.validate_on_submit():
        form.populate_obj(action)
        db.session.commit()
        flash("Your action has been edited", "info")
        return render_redirect(url_for('client_info', key=key), code=303)
    return render_form(form=form, title="Edit action", formid="action_edit", submit="Save changes", ajax=True)
示例#4
0
def add_email():
    form = NewEmailAddressForm()
    if form.validate_on_submit():
        useremail = UserEmailClaim(user=g.user, email=form.email.data)
        db.session.add(useremail)
        db.session.commit()
        send_email_verify_link(useremail)
        flash("We sent you an email to confirm your address.", "info")
        return render_redirect(url_for("profile"), code=303)
    return render_form(form=form, title="Add an email address", formid="email_add", submit="Add email", ajax=True)
示例#5
0
def add_phone():
    form = NewPhoneForm()
    if form.validate_on_submit():
        userphone = UserPhoneClaim(user=g.user, phone=form.phone.data)
        db.session.add(userphone)
        send_phone_verify_code(userphone)
        db.session.commit()
        flash("We sent a verification code to your phone number.", "info")
        return render_redirect(url_for("verify_phone", number=userphone.phone), code=303)
    return render_form(form=form, title="Add a phone number", formid="phone_add", submit="Add phone", ajax=True)
示例#6
0
文件: org.py 项目: rtnpro/lastuser
def org_edit(name):
    org = Organization.query.filter_by(name=name).first_or_404()
    if g.user not in org.owners.users:
        abort(403)
    form = OrganizationForm(obj=org)
    form.edit_obj = org
    if form.validate_on_submit():
        form.populate_obj(org)
        db.session.commit()
        return render_redirect(url_for('org_info', name=org.name), code=303)
    return render_form(form=form, title="New Organization", formid="org_edit", submit="Save", ajax=False)
示例#7
0
def change_password():
    if g.user.pw_hash is None:
        form = PasswordResetForm()
    else:
        form = PasswordChangeForm()
    if form.validate_on_submit():
        g.user.password = form.password.data
        db.session.commit()
        flash("Your new password has been saved.", category="info")
        return render_redirect(url_for("profile"), code=303)
    return render_form(form=form, title="Change password", formid="changepassword", submit="Change password", ajax=True)
示例#8
0
文件: org.py 项目: rtnpro/lastuser
def org_new():
    form = OrganizationForm()
    form.edit_obj = None
    if form.validate_on_submit():
        org = Organization()
        form.populate_obj(org)
        org.owners.users.append(g.user)
        db.session.add(org)
        db.session.commit()
        return render_redirect(url_for('org_info', name=org.name), code=303)
    return render_form(form=form, title="New Organization", formid="org_new", submit="Create", ajax=False)
示例#9
0
文件: org.py 项目: rtnpro/lastuser
def team_new(name):
    org = Organization.query.filter_by(name=name).first_or_404()
    if g.user not in org.owners.users:
        abort(403)
    form = TeamForm()
    if form.validate_on_submit():
        team = Team(org=org)
        form.populate_obj(team)
        db.session.add(team)
        db.session.commit()
        return render_redirect(url_for('org_info', name=org.name), code=303)
    return render_form(form=form, title=u"Create new team", formid='team_new', submit="Create", ajax=False)
示例#10
0
文件: org.py 项目: rtnpro/lastuser
def team_edit(name, userid):
    org = Organization.query.filter_by(name=name).first_or_404()
    if g.user not in org.owners.users:
        abort(403)
    team = Team.query.filter_by(org=org, userid=userid).first_or_404()
    form = TeamForm(obj=team)
    form.edit_obj = team
    if form.validate_on_submit():
        form.populate_obj(team)
        db.session.commit()
        return render_redirect(url_for('org_info', name=org.name), code=303)
    return render_form(form=form, title=u"Edit team: %s" % team.title, formid='team_edit', submit="Save", ajax=False)
示例#11
0
def permission_new():
    form = PermissionForm()
    if form.validate_on_submit():
        perm = Permission(user=g.user)
        form.populate_obj(perm)
        perm.allusers = False
        db.session.add(perm)
        db.session.commit()
        flash("Your new permission has been defined", "info")
        return render_redirect(url_for('permission_list'), code=303)
    return render_form(form=form, title="Define a new permission", formid="perm_new",
        submit="Define new permission", ajax=True)
示例#12
0
def client_new():
    form = RegisterClientForm()

    if form.validate_on_submit():
        client = Client()
        form.populate_obj(client)
        client.user = g.user
        client.trusted = False
        db.session.add(client)
        db.session.commit()
        return render_redirect(url_for('client_info', key=client.key), code=303)

    return render_form(form=form, title="Register a new client application",
        formid="client_new", submit="Register application", ajax=True)
示例#13
0
def profile_edit():
    form = ProfileForm(obj=g.user)
    form.edit_obj = g.user
    if form.validate_on_submit():
        form.populate_obj(g.user)
        db.session.commit()

        next_url = get_next_url()
        if next_url is not None:
            return render_redirect(next_url)
        else:
            flash("Your profile was successfully edited.", category="info")
            return render_redirect(url_for("profile"), code=303)
    return render_form(form, title="Edit profile", formid="profile_edit", submit="Save changes", ajax=True)
示例#14
0
def resource_new(key):
    client = Client.query.filter_by(key=key).first_or_404()
    if not client.owner_is(g.user):
        abort(403)
    form = ResourceForm()
    form.edit_id = None
    if form.validate_on_submit():
        resource = Resource(client=client)
        form.populate_obj(resource)
        db.session.add(resource)
        db.session.commit()
        flash("Your new resource has been saved", "info")
        return render_redirect(url_for('client_info', key=key), code=303)
    return render_form(form=form, title="Define a resource", formid="resource_new", submit="Define resource", ajax=True)
示例#15
0
文件: login.py 项目: btbytes/lastuser
def register():
    form = RegisterForm()
    if form.validate_on_submit():
        user = register_internal(None, form.fullname.data, form.password.data)
        user.username = form.username.data or None
        useremail = UserEmailClaim(user=user, email=form.email.data)
        db.session.add(useremail)
        db.session.commit()
        send_email_verify_link(useremail)
        login_internal(user)
        flash("You are now one of us. Welcome aboard!", category='info')
        if 'next' in request.args:
            return redirect(request.args['next'], code=303)
        else:
            return redirect(url_for('index'), code=303)
    return render_form(form=form, title='Register an account', formid='register', submit='Register')
示例#16
0
文件: login.py 项目: lifeeth/lastuser
def reset():
    # User wants to reset password
    # Ask for username or email, verify it, and send a reset code
    form = PasswordResetRequestForm()
    if form.validate_on_submit():
        username = form.username.data
        user = form.user
        if "@" in username and not username.startswith("@"):
            # They provided an email address. Send reset email to that address
            email = username
        else:
            # Send to their existing address
            # User.email is a UserEmail object
            email = unicode(user.email)
        if not email:
            # They don't have an email address. Maybe they logged in via Twitter
            # and set a local username and password, but no email. Could happen.
            return render_message(
                title="Reset password",
                message=Markup(
                    """
            We do not have an email address for your account and therefore cannot
            email you a reset link. Please contact
            <a href="mailto:%s">%s</a> for assistance.
            """
                    % (escape(app.config["SITE_SUPPORT_EMAIL"]), escape(app.config["SITE_SUPPORT_EMAIL"]))
                ),
            )
        resetreq = PasswordResetRequest(user=user)
        db.session.add(resetreq)
        send_password_reset_link(email=email, user=user, secret=resetreq.reset_code)
        db.session.commit()
        return render_message(
            title="Reset password",
            message=Markup(
                u"""
            You were sent an email at <code>%s</code> with a link to reset your password.
            Please check your email. If it doesn’t arrive in a few minutes,
            it may have landed in your spam or junk folder.
            The reset link is valid for 24 hours.
            """
                % escape(email)
            ),
        )

    return render_form(form=form, title="Reset password", submit="Send reset code", ajax=True)
示例#17
0
def permission_edit(id):
    perm = Permission.query.get(id)
    if not perm:
        abort(404)
    form = PermissionForm()
    form.edit_id = id
    if request.method == 'GET':
        form.name.data = perm.name
        form.title.data = perm.title
        form.description.data = perm.description
    if form.validate_on_submit():
        form.populate_obj(perm)
        db.session.commit()
        flash("Your permission has been saved", "info")
        return render_redirect(url_for('permission_list'), code=303)
    return render_form(form=form, title="Edit permission", formid="perm_edit",
        submit="Save changes", ajax=True)
示例#18
0
def permission_new():
    form = PermissionForm()
    form.context.choices = available_client_owners()
    if request.method == 'GET':
        form.context.data = g.user.userid
    if form.validate_on_submit():
        perm = Permission()
        form.populate_obj(perm)
        perm.user = form.user
        perm.org = form.org
        perm.allusers = False
        db.session.add(perm)
        db.session.commit()
        flash("Your new permission has been defined", "info")
        return render_redirect(url_for('permission_list'), code=303)
    return render_form(form=form, title="Define a new permission", formid="perm_new",
        submit="Define new permission", ajax=True)
示例#19
0
文件: login.py 项目: lifeeth/lastuser
def register():
    form = RegisterForm()
    if form.validate_on_submit():
        user = register_internal(None, form.fullname.data, form.password.data)
        if form.username.data:
            user.username = form.username.data
        useremail = UserEmailClaim(user=user, email=form.email.data)
        db.session.add(useremail)
        db.session.commit()
        send_email_verify_link(useremail)
        login_internal(user)
        flash("You are now one of us. Welcome aboard!", category="info")
        if "next" in request.args:
            return redirect(request.args["next"], code=303)
        else:
            return redirect(url_for("index"), code=303)
    return render_form(form=form, title="Register an account", formid="register", submit="Register")
示例#20
0
def permission_user_new(key):
    client = Client.query.filter_by(key=key).first()
    if not client:
        abort(404)
    if client.user != g.user:
        abort(403)
    available_perms = Permission.query.filter(db.or_(Permission.allusers == True, Permission.user == g.user)).order_by('name').all()
    form = UserPermissionAssignForm()
    form.perms.choices = [(ap.name, u"%s – %s" % (ap.name, ap.title)) for ap in available_perms]
    if form.validate_on_submit():
        form.perms.data.sort()
        perms = u' '.join(form.perms.data)
        permassign = UserClientPermissions(user=form.user, client=client, permissions=perms)
        db.session.add(permassign)
        db.session.commit()
        flash("Permissions have been assigned to user %s" % form.user.displayname(), "info")
        return render_redirect(url_for('client_info', key=key), code=303)
    return render_form(form=form, title="Assign permissions", formid="perm_assign", submit="Assign permissions", ajax=True)
示例#21
0
def verify_phone(number):
    phoneclaim = UserPhoneClaim.query.filter_by(phone=number).first_or_404()
    if phoneclaim.user != g.user:
        abort(403)
    form = VerifyPhoneForm()
    form.phoneclaim = phoneclaim
    if form.validate_on_submit():
        if not g.user.phones:
            primary = True
        else:
            primary = False
        userphone = UserPhone(user=g.user, phone=phoneclaim.phone, gets_text=True, primary=primary)
        db.session.add(userphone)
        db.session.delete(phoneclaim)
        db.session.commit()
        flash("Your phone number has been verified.", "info")
        return render_redirect(url_for("profile"), code=303)
    return render_form(form=form, title="Verify phone number", formid="phone_verify", submit="Verify", ajax=True)
示例#22
0
def client_new():
    form = RegisterClientForm()
    form.client_owner.choices = available_client_owners()
    if request.method == 'GET':
        form.client_owner.data = g.user.userid

    if form.validate_on_submit():
        client = Client()
        form.populate_obj(client)
        client.user = form.user
        client.org = form.org
        client.trusted = False
        db.session.add(client)
        db.session.commit()
        return render_redirect(url_for('client_info', key=client.key), code=303)

    return render_form(form=form, title="Register a new client application",
        formid="client_new", submit="Register application", ajax=True)
示例#23
0
def resource_action_new(key, idr):
    client = Client.query.filter_by(key=key).first_or_404()
    if not client.owner_is(g.user):
        abort(403)
    resource = Resource.query.get_or_404(idr)
    if resource.client != client:
        abort(403)
    form = ResourceActionForm()
    form.edit_id = None
    form.edit_resource = resource
    if form.validate_on_submit():
        action = ResourceAction(resource=resource)
        form.populate_obj(action)
        db.session.add(action)
        db.session.commit()
        flash("Your new action has been saved", "info")
        return render_redirect(url_for('client_info', key=key), code=303)
    return render_form(form=form, title="Define an action", formid="action_new", submit="Define action", ajax=True)
示例#24
0
def permission_user_new(key):
    client = Client.query.filter_by(key=key).first_or_404()
    if not client.owner_is(g.user):
        abort(403)
    if client.user:
        available_perms = Permission.query.filter(db.or_(
            Permission.allusers == True,
            Permission.user == g.user)).order_by('name').all()
        form = UserPermissionAssignForm()
    elif client.org:
        available_perms = Permission.query.filter(db.or_(
            Permission.allusers == True,
            Permission.org == client.org)).order_by('name').all()
        form = TeamPermissionAssignForm()
        form.org = client.org
        form.team_id.choices = [(team.userid, team.title) for team in client.org.teams]
    else:
        abort(403)  # This should never happen. Clients always have an owner.
    form.perms.choices = [(ap.name, u"%s – %s" % (ap.name, ap.title)) for ap in available_perms]
    if form.validate_on_submit():
        perms = set()
        if client.user:
            permassign = UserClientPermissions.query.filter_by(user=form.user, client=client).first()
            if permassign:
                perms.update(permassign.permissions.split(u' '))
            else:
                permassign = UserClientPermissions(user=form.user, client=client)
                db.session.add(permassign)
        else:
            permassign = TeamClientPermissions.query.filter_by(team=form.team, client=client).first()
            if permassign:
                perms.update(permassign.permissions.split(u' '))
            else:
                permassign = TeamClientPermissions(team=form.team, client=client)
                db.session.add(permassign)
        perms.update(form.perms.data)
        permassign.permissions = u' '.join(sorted(perms))
        db.session.commit()
        if client.user:
            flash("Permissions have been assigned to user %s" % form.user.pickername, "info")
        else:
            flash("Permissions have been assigned to team '%s'" % permassign.team.pickername, "info")
        return render_redirect(url_for('client_info', key=key), code=303)
    return render_form(form=form, title="Assign permissions", formid="perm_assign", submit="Assign permissions", ajax=True)
示例#25
0
def profile_edit():
    form = ProfileForm()
    if request.method == 'GET':
        form.fullname.data = g.user.fullname
        form.username.data = g.user.username
        form.description.data = g.user.description
    elif form.validate_on_submit():
        g.user.fullname = form.fullname.data
        g.user.username = form.username.data or None
        g.user.description = form.description.data
        db.session.commit()

        next_url = get_next_url()
        if(next_url is not None):
            return render_redirect(next_url)
        else:
            flash("Your profile was successfully edited.", category='info')
            return render_redirect(url_for('profile'), code=303)
    return render_form(form, title="Edit profile", formid="profile_edit", submit="Save changes", ajax=True)
示例#26
0
def resource_edit(key, idr):
    client = Client.query.filter_by(key=key).first_or_404()
    if not client.owner_is(g.user):
        abort(403)
    resource = Resource.query.get_or_404(idr)
    if resource.client != client:
        abort(403)
    form = ResourceForm()
    form.edit_id = idr
    if request.method == 'GET':
        form.name.data = resource.name
        form.title.data = resource.title
        form.description.data = resource.description
        form.siteresource.data = resource.siteresource
    if form.validate_on_submit():
        form.populate_obj(resource)
        db.session.commit()
        flash("Your resource has been edited", "info")
        return render_redirect(url_for('client_info', key=key), code=303)
    return render_form(form=form, title="Edit resource", formid="resource_edit", submit="Save changes", ajax=True)
示例#27
0
def permission_user_edit(key, userid):
    client = Client.query.filter_by(key=key).first_or_404()
    if not client.owner_is(g.user):
        abort(403)
    if client.user:
        user = User.query.filter_by(userid=userid).first_or_404()
        available_perms = Permission.query.filter(db.or_(
            Permission.allusers == True,
            Permission.user == g.user)).order_by('name').all()
        permassign = UserClientPermissions.query.filter_by(user=user, client=client).first_or_404()
    elif client.org:
        team = Team.query.filter_by(userid=userid).first_or_404()
        available_perms = Permission.query.filter(db.or_(
            Permission.allusers == True,
            Permission.org == client.org)).order_by('name').all()
        permassign = TeamClientPermissions.query.filter_by(team=team, client=client).first_or_404()
    form = PermissionEditForm()
    form.perms.choices = [(ap.name, u"%s – %s" % (ap.name, ap.title)) for ap in available_perms]
    if request.method == 'GET':
        if permassign:
            form.perms.data = permassign.permissions.split(u' ')
    if form.validate_on_submit():
        form.perms.data.sort()
        perms = u' '.join(form.perms.data)
        if not perms:
            db.session.delete(permassign)
        else:
            permassign.permissions = perms
        db.session.commit()
        if perms:
            if client.user:
                flash("Permissions have been updated for user %s" % user.pickername, "info")
            else:
                flash("Permissions have been updated for team '%s'" % team.title, "info")
        else:
            if client.user:
                flash("All permissions have been revoked for user %s" % user.pickername, "info")
            else:
                flash("All permissions have been revoked for team '%s'" % team.title, "info")
        return render_redirect(url_for('client_info', key=key), code=303)
    return render_form(form=form, title="Edit permissions", formid="perm_edit", submit="Save changes", ajax=True)
示例#28
0
def permission_edit(id):
    perm = Permission.query.get_or_404(id)
    if not perm.owner_is(g.user):
        abort(403)
    form = PermissionForm(obj=perm)
    form.context.choices = available_client_owners()
    form.edit_obj = perm
    if request.method == 'GET':
        if perm.user:
            form.context.data = perm.user.userid
        else:
            form.context.data = perm.org.userid
    if form.validate_on_submit():
        form.populate_obj(perm)
        perm.user = form.user
        perm.org = form.org
        db.session.commit()
        flash("Your permission has been saved", "info")
        return render_redirect(url_for('permission_list'), code=303)
    return render_form(form=form, title="Edit permission", formid="perm_edit",
        submit="Save changes", ajax=True)
示例#29
0
def permission_user_edit(key, userid):
    client = Client.query.filter_by(key=key).first()
    if not client:
        abort(404)
    if client.user != g.user:
        abort(403)
    user = User.query.filter_by(userid=userid).first()
    if not user:
        abort(404)
    available_perms = Permission.query.filter(Permission.allusers == True or Permission.user == g.user).order_by('name').all()
    permassign = UserClientPermissions.query.filter_by(user=user, client=client).first()
    form = UserPermissionEditForm()
    form.perms.choices = [(ap.name, u"%s – %s" % (ap.name, ap.title)) for ap in available_perms]
    if request.method == 'GET':
        if permassign:
            form.perms.data = permassign.permissions.split(u' ')
    if form.validate_on_submit():
        form.perms.data.sort()
        perms = u' '.join(form.perms.data)
        if not perms:
            # No permissions specified. Delete this assignment
            if permassign:
                db.session.delete(permassign)
        elif not permassign:
            permassign = UserClientPermissions(user=user, client=client)
            permassign.permissions = perms
            db.session.add(permassign)
        else:
            permassign.permissions = perms
        db.session.commit()
        if perms:
            flash("Permissions have been updated for user %s" % user.displayname(), "info")
        else:
            flash("All permissions have been revoked for user %s" % user.displayname(), "info")
        return render_redirect(url_for('client_info', key=key), code=303)
    return render_form(form=form, title="Edit permissions", formid="perm_edit", submit="Save changes", ajax=True)
示例#30
0
def client_edit(key):
    client = Client.query.filter_by(key=key).first()
    if not client:
        abort(404)
    if client.user != g.user:
        abort(403)
    form = RegisterClientForm()
    if request.method == 'GET':
        form.title.data = client.title
        form.description.data = client.description
        form.owner.data = client.owner
        form.website.data = client.website
        form.redirect_uri.data = client.redirect_uri
        form.notification_uri.data = client.notification_uri
        form.resource_uri.data = client.resource_uri
        form.allow_any_login.data = client.allow_any_login

    if form.validate_on_submit():
        form.populate_obj(client)
        db.session.commit()
        return render_redirect(url_for('client_info', key=client.key), code=303)

    return render_form(form=form, title="Edit application", formid="client_edit",
        submit="Save changes", ajax=True)