def check_user():
name = request.form.get('name', '')
password = request.form.get('password', '')
user = User.get_by_name(name) or User.get_by_email(name)
if not (user and user.check_password(password)):
return jsonify({'message': 'no'}), 403
return jsonify({'message': 'yes'}), 200
def init_global_vars():
g.user = None
if 'id' in session:
g.user = User.get(session['id'])
g.redir = request.args.get('redirect', '')
g.start = request.args.get('start', type=int, default=0)
g.limit = request.args.get('limit', type=int, default=20)
def sudo():
user_id = request.form['user_id']
user = User.get(user_id)
if not user:
return jsonify({'message': 'not found'}), 404
user.sudo()
return jsonify({'message': 'ok'}), 200
def get_user(user_id):
u = User.get(user_id)
if not u:
return {}, 404
user = request.oauth.user
private = bool(user.privilege) or user.id == user_id
return u.to_dict(private=private), 200
def send_emails():
with app.app_context():
users, total = User.list_users()
for u in users:
if u.id:
if not u.send_doc_email():
print '!!! sending doc email error !!!'
else:
print 'uid error'
print 'all emails have been sent.'
def delete_user():
user_id = request.form['user_id']
user = User.get(user_id)
if not user:
return jsonify({'message': 'not found'}), 404
pubkey = RSAKey.get_by_user_id(user_id)
if pubkey:
pubkey.delete()
user.delete()
return jsonify({'message': 'ok'}), 200
def login():
if request.method == 'GET':
if not g.user:
return render_template('/login.html')
return redirect(url_for('ui.index'))
name = request.form['name']
password = request.form['password']
if not (name and password):
flash(u'你有些忘记填了', 'error')
return render_template('/login.html')
u = User.get_by_name(name) or User.get_by_email(name)
if not (u and u.check_password(password)):
flash(u'密码错了, 或者你就不存在啊', 'error')
return render_template('/login.html')
login_user(u)
redir = request.values.get('redirect', url_for('ui.index'))
return redirect(redir)
def register():
if request.method == 'GET':
return render_template('/register.html')
name = request.form['name']
email = request.form['email']
password = request.form['password']
real_name = request.form['real_name']
if not (name and email and password and real_name):
flash(u'你有些忘记填了', 'error')
return render_template('/register.html')
u = User.create(name, email, password, real_name)
if not u:
flash(u'已经存在, 登录去吧', 'error')
return render_template('/register.html')
return redirect(url_for('admin.index'))
def forget_password():
if request.method == 'GET':
return render_template('/forget_password.html', email='')
email = request.form['email']
user = User.get_by_email(email)
if not user:
flash(u'没这个人啊', 'error')
return render_template('/forget_password.html', email='')
message = Message(
subject=u'重置内网 OPENID 密码',
sender=MAIL_USERNAME,
recipients=[email]
)
message.html = render_template('/email/reset_password.html', user=user)
mail.send(message)
return render_template('/forget_password.html', email=email)
def edit(uid):
u = User.get(uid)
if not u:
abort(403)
if request.method == 'GET':
return render_template('/admin_edit.html', user=u)
name = request.form['name']
email = request.form['email']
password = request.form['password']
real_name = request.form['real_name']
if not (name and email and real_name):
flash(u'你有些忘记填了', 'error')
return render_template('/admin_edit.html', user=u.id)
u.edit(name, email, password, real_name)
return redirect(url_for('admin.index'))
def reset_password(token):
user = User.get_by_token(token)
if not user:
flash(u'没有这个人啊', 'error')
return render_template('/reset_password.html', token=token)
if request.method == 'GET':
return render_template('/reset_password.html', token=token)
password = request.form['password']
confirm_password = request.form['confirm_password']
if password != confirm_password:
flash(u'两次输入不对, 你是鱼么这么快就忘记了', 'error')
return render_template('/reset_password.html', token=token)
user.set_password(password)
user.refresh_token()
login_user(user)
return redirect(url_for('ui.index'))
def index():
admin = request.args.get('admin')
users, total = User.list_users(admin=admin, start=g.start, limit=g.limit)
return render_template('/admin.html', users=users,
total=total, endpoint='admin.index', admin=admin)
def get_token():
name = request.form['name']
user = User.get_by_name(name)
if user:
return user.token, 200
return '', 400
def get_users():
users, _ = User.list_users(g.start, g.limit)
private = bool(request.oauth.user.privilege)
return [u.to_dict(private=private) for u in users if u], 200
