def wrapped(*args, **kwargs):
if is_authenticated():
if not flask_login.current_user.has_any_roles(*roles):
return abort(403)
else:
return abort(401)
return f(*args, **kwargs)
def setup():
if db._IS_OK_:
try:
app_data.set(APP_DATA_KEY, data, init=True)
except Exception as ex:
logging.fatal("mocha.contrib.app_data has not been setup. Need to run `mocha :dbsync`")
abort(500)
def info(self, id):
page_attr("User Info")
user = models.AuthUser.get(id, include_deleted=True)
if not user:
abort(404, "User doesn't exist")
if current_user.role.level < user.role.level:
abort(403, "Not enough rights to access this user info")
return {
"user": user,
"user_roles_options": self._user_roles_options()
}
def lost_password(self):
if not __options__.get("allow_login"):
abort(403, "Login is not allowed. Contact admin if it's a mistake")
page_attr("Lost Password")
if request.method == "POST":
username = request.form.get("username")
user = models.AuthUser.get_by_username(username)
if user:
user = UserModel(user)
user.send_password_reset(view_class=self)
flash_success("A new password has been sent to '%s'" % user.email)
return redirect(self.login)
else:
flash_error("Invalid login")
return redirect(self.lost_password)
def login(self):
if not __options__.get("allow_login"):
abort(403, "Login is not allowed. Contact admin if it's a mistake")
if request.method == "POST":
username = request.form.get("username", "").strip()
password = request.form.get("password", "").strip()
try:
if not username or not password:
raise mocha_exc.AppError("Email/Username or Password is empty")
user = authenticate(username=username, password=password)
if not user:
raise mocha_exc.AppError("Email or Password is invalid")
create_session(user)
# if user.require_password_change is True:
# flash_info("Password change is required")
# session_set_require_password_change(True)
# return redirect(views.auth.Account.account_settings, edit_password=1)
return redirect(request.form.get("next") or __options__.get("login_view"))
except exceptions.VerifyEmailError as ve:
return redirect(self.login, username=username, v="1")
except (mocha_exc.AppError, exceptions.AuthError) as ae:
flash_error(str(ae))
except Exception as e:
logging.exception(e)
flash_error("Unable to login")
return redirect(self.login, next=request.form.get("next"))
page_attr("Login")
return {
"username": request.args.get("username"),
"login_url_next": request.args.get("next", ""),
"allow_registration": __options__.get("allow_registration"),
"show_verification_message": True if request.args.get("v") == "1" else False
}
def page(self):
recipients = app_data.get(APP_DATA_KEY, "recipients") \
or __options__.get("recipients") \
or config("CONTACT_EMAIL")
if not recipients:
abort(500, "ContactPage missing email recipient")
success_message = app_data.get(APP_DATA_KEY,
"success_message",
__options__.get("success_message"))
return_to = __options__.get("return_to", None)
if return_to:
if "/" not in return_to:
return_to = url_for(return_to)
else:
return_to = url_for(self)
if request.method == "POST":
email = request.form.get("email")
subject = request.form.get("subject")
message = request.form.get("message")
name = request.form.get("name")
try:
if recaptcha.verify():
if not email or not subject or not message:
raise exceptions.AppError("All fields are required")
elif not utils.is_email_valid(email):
raise exceptions.AppError("Invalid email address")
else:
try:
send_mail(to=recipients,
reply_to=email,
mail_from=email,
mail_subject=subject,
mail_message=message,
mail_name=name,
template=__options__.get("template",
"contact-us.txt")
)
flash_data("ContactPage:EmailSent")
except Exception as ex:
logging.exception(ex)
raise exceptions.AppError("Unable to send email")
else:
raise exceptions.AppError("Security code is invalid")
except exceptions.AppError as e:
flash_error(e.message)
return redirect(self)
title = __options__.get("title", _("Contact Us"))
page_attr(title)
fd = get_flash_data()
return {
"title": title,
"email_sent": True if fd and "ContactPage:EmailSent" in fd else False,
"success_message": success_message,
"return_to": return_to
}
def action(self):
id = request.form.get("id")
action = request.form.get("action")
try:
user = models.AuthUser.get(id, include_deleted=True)
if not user:
abort(404, "User doesn't exist or has been deleted!")
if current_user.role.level < user.role.level:
abort(403, "Not enough power level to update this user info")
user = UserModel(user)
if current_user.id != user.id:
if action == "activate":
user.change_status("active")
flash_success("User has been ACTIVATED")
elif action == "deactivate":
user.change_status("suspended")
flash_success("User is now SUSPENDED")
elif action == "delete":
user.change_status("deleted")
user.delete()
flash_success("User has been DELETED")
elif action == "undelete":
user.change_status("suspended")
user.delete(False)
flash_success("User is now RESTORED / Use is now SUSPENDED")
if action == "info":
first_name = request.form.get("first_name")
last_name = request.form.get("last_name")
data = {}
if first_name:
data["first_name"] = first_name
if last_name:
data["last_name"] = last_name
if current_user.id != user.id:
user_role = request.form.get("user_role")
_role = models.AuthUserRole.get(user_role)
if not _role:
raise exceptions.AuthError("Invalid ROLE selected")
data["role"] = _role
if data:
user.update_info(ACTIONS["UPDATE"], **data)
flash_success("User info updated successfully!")
elif action == "change-username":
username = request.form.get("username")
user.change_username(username)
flash_success("Username changed successfully!")
elif action == "change-email":
email = request.form.get("email")
user.change_email(email)
flash_success("Email changed successfully!")
elif action == "change-password":
password = request.form.get("password", "").strip()
password_confirm = request.form.get("password_confirm", "").strip()
if password != password_confirm:
raise exceptions.AuthError("Invalid passwords")
user.change_password(password)
flash_success("Password changed successfully!")
elif action == "email-reset-password":
user.send_password_reset()
flash_success("Password reset was sent to email")
elif action == "email-account-verification":
user.send_verification_email()
flash_success("Email verification was sent")
elif action == "reset-secret-key":
user.reset_secret_key()
flash_success("The account's secret key has been changed")
elif action == "delete-profile-image":
if user.profile_image is not None:
delete_file(user.profile_image)
user.update_info(profile_image=None,
_action=ACTIONS["PROFILE_IMAGE"])
flash_success("Profile Image deleted successfully!")
except exceptions.AuthError as ae:
flash_error(ae.message)
return redirect(self.info, id=id)
def register(self):
""" Registration """
if not __options__.get("allow_registration"):
abort(403, "Registration is not allowed. Contact admin if it's a mistake")
page_attr("Register")
if request.method == "POST":
try:
if not recaptcha.verify():
raise mocha_exc.AppError("Invalid Security code")
email = request.form.get("email", "").strip()
username = request.form.get("username", "").strip()
password = request.form.get("password", "").strip()
password_confirm = request.form.get("password_confirm", "").strip()
first_name = request.form.get("first_name", "").strip()
last_name = request.form.get("last_name", "").strip()
with_oauth = request.form.get("with_oauth") == "1"
oauth_provider = request.form.get("oauth_provider")
oauth_user_id = request.form.get("oauth_user_id")
login_method = None
# Require username and email
if __options__.get("registration_username"):
if "@" in username:
raise exceptions.AuthError(_("Username can't be an email"))
if not utils.is_email_valid(email):
raise exceptions.AuthError(_("Invalid email address"))
login_method = "username"
# Require only email. Email will be used as username and email
elif __options__.get("registration_email"):
if not utils.is_email_valid(username):
raise exceptions.AuthError(_("Invalid email address"))
email = username
login_method = "email"
if not first_name:
raise mocha_exc.AppError(
_("First Name or Name is required"))
elif not password or password != password_confirm:
raise mocha_exc.AppError(_("Passwords don't match"))
if not login_method:
raise exceptions.AuthError(_("Registration is disabled"))
user = create_user(username=username,
password=password,
email=email,
first_name=first_name,
last_name=last_name,
login_method=login_method)
# WITH OAUTH, we can straight up login user
if with_oauth and oauth_provider and oauth_user_id:
user.add_federation(oauth_provider, oauth_user_id)
create_session(user)
return redirect(request.form.get(
"next") or views.auth.Account.account_settings)
if __options__.get("require_email_verification"):
user.send_welcome_email(view_class=self)
flash_success(_("Please check your email. We've sent you a message"))
return redirect(
request.form.get("next") or __options__.get("login_view"))
except (mocha_exc.AppError, exceptions.AuthError) as ex:
flash_error(str(ex))
except Exception as e:
logging.exception(e)
flash_error("Unable to register")
return redirect(self.register, next=request.form.get("next"))
return {
"reg_email": __options__.get("registration_email"),
"reg_username": __options__.get("registration_username"),
"reg_social": __options__.get("registration_social"),
"reg_full_name": __options__.get("registration_full_name"),
"login_url_next": request.args.get("next", ""),
"with_oauth": has_oauth_request(),
"oauth_provider": get_oauth_session().get("provider"),
"oauth_user_id": get_oauth_session().get("user_id"),
"email": get_oauth_session().get("email") or "",
"name": get_oauth_session().get("name") or "",
}
def disable_admin(*a, **kw):
abort(404)
def deco(*a, **kw):
if not __options__.get("allow_register"):
abort(403, "Signup not allowed. Contact admin if it's a mistake")
return f(*a, **kw)
def deco(*a, **kw):
if not __options__.get("allow_login"):
abort(403, "Login not allowed. Contact admin if it's a mistake")
return f(*a, **kw)
def deco(*a, **kw):
if not "Authorization" in request.headers:
abort(401, "Not Authorized")
return func(*a, **kw)
