def setup_change_pass_submit():
""" Set a new password """
user_id = session['user_id']
user = Users2.get_user(user_id)
if "newpass" not in request.form or "confirm" not in request.form:
flash("Please provide your new password")
return redirect(url_for("setup_change_pass"))
newpass = request.form['newpass']
confirm = request.form['confirm']
if len(newpass) < 7:
flash("Password is too short, please try something longer.")
return redirect(url_for("setup_change_pass"))
if not newpass == confirm:
flash("Passwords do not match")
return redirect(url_for("setup_change_pass"))
Users2.set_password(user_id=user_id, clearpass=newpass)
audit(1, user_id,
user_id,
"Setup", "%s reset password for %s." % (user['uname'], user['uname']))
flash("Password changed")
return redirect(url_for("setup_myprofile"))
def setup_change_pass_submit():
""" Set a new password """
user_id = session['user_id']
user = Users2.get_user(user_id)
if "newpass" not in request.form or "confirm" not in request.form:
flash("Please provide your new password")
return redirect(url_for("setup_change_pass"))
newpass = request.form['newpass']
confirm = request.form['confirm']
if len(newpass) < 7:
flash("Password is too short, please try something longer.")
return redirect(url_for("setup_change_pass"))
if not newpass == confirm:
flash("Passwords do not match")
return redirect(url_for("setup_change_pass"))
Users2.set_password(user_id=user_id, clearpass=newpass)
audit(1, user_id, user_id, "Setup",
"%s reset password for %s." % (user['uname'], user['uname']))
flash("Password changed")
return redirect(url_for("setup_myprofile"))
def login_email_passreset(code):
""" They've clicked on a password reset link.
Log them in (might as well) and send them to the password reset page."""
# This will also confirm their email if they haven't.
# Doesn't seem to be any harm in doing that
if len(code) > 20:
abort(404)
uid = Users.verify_confirm_code(code)
if not uid:
abort(404)
Users.set_confirm(uid)
Users.set_confirm_code(uid, "")
user = Users2.get_user(uid)
session['username'] = user['uname']
session['user_id'] = uid
session['user_givenname'] = user['givenname']
session['user_familyname'] = user['familyname']
session['user_fullname'] = user['fullname']
session['user_authtype'] = "local"
audit(1, uid, uid, "UserAuth",
"%s logged in using password reset email" % (session['username'], ))
flash("Please change your password")
return redirect(url_for("setup_change_pass"))
def login_email_passreset(code):
""" They've clicked on a password reset link.
Log them in (might as well) and send them to the password reset page."""
# This will also confirm their email if they haven't.
# Doesn't seem to be any harm in doing that
if len(code) > 20:
abort(404)
uid = Users.verify_confirm_code(code)
if not uid:
abort(404)
Users.set_confirm(uid)
Users.set_confirm_code(uid, "")
user = Users2.get_user(uid)
session['username'] = user['uname']
session['user_id'] = uid
session['user_givenname'] = user['givenname']
session['user_familyname'] = user['familyname']
session['user_fullname'] = user['fullname']
session['user_authtype'] = "local"
audit(1, uid, uid, "UserAuth",
"%s logged in using password reset email" % (session['username'],))
flash("Please change your password")
return redirect(url_for("setup_change_pass"))
def login_local_submit():
""" They've entered some credentials on the local login screen.
Check them, then set up the session or redirect back with an error.
"""
if 'username' not in request.form or 'password' not in request.form:
L.info("Failed Login")
flash("Incorrect name or password.")
return redirect(url_for("login_local"))
username = sanitize_username(request.form['username'])
password = request.form['password']
user_id = Users2.verify_pass(username, password)
if not user_id:
L.info("Failed Login for %s" % username)
flash("Incorrect name or password.")
return redirect(url_for("login_local"))
user = Users2.get_user(user_id)
if not user['confirmed']:
flash("""Your account is not yet confirmed. You should have received
an email with instructions in it to do so.""")
return redirect(url_for("login_local"))
session['username'] = username
session['user_id'] = user_id
session['user_givenname'] = user['givenname']
session['user_familyname'] = user['familyname']
session['user_fullname'] = user['fullname']
session['user_authtype'] = "local"
audit(1, user_id, user_id, "UserAuth",
"%s successfully logged in locally" % (session['username'],))
if 'redirect' in session:
L.info("Following redirect for %s" % username)
target = OaConfig.parentURL + session['redirect']
del session['redirect']
return redirect(target)
L.info("Successful Login for %s" % username)
return redirect(url_for("main_top"
""))
def login_webauth_submit():
""" The web server should have verified their credentials and
provide it in env['REMOTE_USER']
Check them, then set up the session or redirect back with an error.
If we haven't seen them before, check with our user account feed(s)
to see if we can find them.
"""
if 'REMOTE_USER' not in request.environ:
L.error(
"REMOTE_USER not provided by web server and 'webauth' is being attempted."
)
return redirect(url_for("login_webauth_error"))
username = request.environ['REMOTE_USER']
if '@' in username and OaConfig.webauth_ignore_domain:
username = username.split('@')[0]
user_id = Users2.uid_by_uname(username)
if not user_id:
Users2.create(username, '', '', '', 1, '', '', None, 'unknown', '',
True)
user_id = Users2.uid_by_uname(username)
user = Users2.get_user(user_id)
session['username'] = username
session['user_id'] = user_id
session['user_givenname'] = user['givenname']
session['user_familyname'] = user['familyname']
session['user_fullname'] = user['fullname']
session['user_authtype'] = "httpauth"
audit(1, user_id, user_id, "UserAuth",
"%s successfully logged in via webauth" % session['username'])
if 'redirect' in session:
target = OaConfig.parentURL + session['redirect']
del session['redirect']
return redirect(target)
return redirect(url_for("main_top"))
def login_local_submit():
""" They've entered some credentials on the local login screen.
Check them, then set up the session or redirect back with an error.
"""
if 'username' not in request.form or 'password' not in request.form:
L.info("Failed Login")
flash("Incorrect name or password.")
return redirect(url_for("login_local"))
username = sanitize_username(request.form['username'])
password = request.form['password']
user_id = Users2.verify_pass(username, password)
if not user_id:
L.info("Failed Login for %s" % username)
flash("Incorrect name or password.")
return redirect(url_for("login_local"))
user = Users2.get_user(user_id)
if not user['confirmed']:
flash("""Your account is not yet confirmed. You should have received
an email with instructions in it to do so.""")
return redirect(url_for("login_local"))
session['username'] = username
session['user_id'] = user_id
session['user_givenname'] = user['givenname']
session['user_familyname'] = user['familyname']
session['user_fullname'] = user['fullname']
session['user_authtype'] = "local"
audit(1, user_id, user_id, "UserAuth",
"%s successfully logged in locally" % (session['username'], ))
if 'redirect' in session:
L.info("Following redirect for %s" % username)
target = OaConfig.parentURL + session['redirect']
del session['redirect']
return redirect(target)
L.info("Successful Login for %s" % username)
return redirect(url_for("main_top" ""))
def login_webauth_submit():
""" The web server should have verified their credentials and
provide it in env['REMOTE_USER']
Check them, then set up the session or redirect back with an error.
If we haven't seen them before, check with our user account feed(s)
to see if we can find them.
"""
if 'REMOTE_USER' not in request.environ:
L.error("REMOTE_USER not provided by web server and 'webauth' is being attempted.")
return redirect(url_for("login_webauth_error"))
username = request.environ['REMOTE_USER']
if '@' in username and OaConfig.webauth_ignore_domain:
username = username.split('@')[0]
user_id = Users2.uid_by_uname(username)
if not user_id:
Users2.create(username, '', '', '', 1, '', '', None, 'unknown', '', True)
user_id = Users2.uid_by_uname(username)
user = Users2.get_user(user_id)
session['username'] = username
session['user_id'] = user_id
session['user_givenname'] = user['givenname']
session['user_familyname'] = user['familyname']
session['user_fullname'] = user['fullname']
session['user_authtype'] = "httpauth"
audit(1, user_id, user_id, "UserAuth",
"%s successfully logged in via webauth" % session['username'])
if 'redirect' in session:
target = OaConfig.parentURL + session['redirect']
del session['redirect']
return redirect(target)
return redirect(url_for("main_top"))
def save_perms(request, cid, user_id):
""" Save permission changes
"""
permlist = get_course_perms(cid)
perms = {}
users = {}
for perm in permlist:
u = Users2.get_user(perm[0])
uname = u['uname']
if not uname in users:
users[uname] = {}
users[uname]['fullname'] = u['fullname']
if not uname in perms:
perms[uname] = []
perms[uname].append(int(perm[1]))
form = request.form
if form: # we received a form submission, work out changes and save them
fields = [field for field in form.keys() if field[:5] == "perm_"]
newperms = {}
for field in fields:
uname = field.split('_')[1]
perm = int(field.split('_')[2])
if not uname in newperms:
newperms[uname] = []
newperms[uname].append(perm)
for uname in users:
uid = Users2.uid_by_uname(uname)
for perm in [2, 5, 10, 14, 11, 8, 9, 15]:
if uname in newperms and perm in newperms[uname]:
if not perm in perms[uname]:
add_perm(uid, cid, perm)
audit(
1,
user_id,
uid,
"CourseAdmin",
"%s given %s permission by %s" % (uname, get_perm_short(perm), user_id,)
)
else:
if uname in perms and perm in perms[uname]:
delete_perm(uid, cid, perm)
audit(
1,
user_id,
uid,
"CourseAdmin",
"%s had %s permission revoked by %s" % (uname, get_perm_short(perm), user_id,)
)
for uname in newperms:
uid = Users2.uid_by_uname(uname)
if not uname in perms:
# We've added a user
for perm in [2, 5, 10, 14, 11, 8, 9, 15]:
if perm in newperms[uname]:
add_perm(uid, cid, perm)
audit(
1,
user_id,
uid,
"CourseAdmin",
"%s given %s permission by %s" % (uname, get_perm_short(perm), user_id,)
)
if "adduser" in form:
newuname = form['adduser']
newuid = Users2.uid_by_uname(newuname)
if newuid:
add_perm(newuid, cid, 10)
audit(
1,
user_id,
newuid,
"CourseAdmin",
"%s given '%s' permission by %s" % (newuname, get_perm_short(10), user_id,)
)
return
def save_perms(request, cid, user_id):
""" Save permission changes
"""
permlist = get_course_perms(cid)
perms = {}
users = {}
for perm in permlist:
u = Users2.get_user(perm[0])
uname = u['uname']
if uname not in users:
users[uname] = {}
users[uname]['fullname'] = u['fullname']
if uname not in perms:
perms[uname] = []
perms[uname].append(int(perm[1]))
form = request.form
if form: # we received a form submission, work out changes and save them
fields = [field for field in form.keys() if field[:5] == "perm_"]
newperms = {}
for field in fields:
uname = field.split('_')[1]
perm = int(field.split('_')[2])
if uname not in newperms:
newperms[uname] = []
newperms[uname].append(perm)
for uname in users:
uid = Users2.uid_by_uname(uname)
for perm in [2, 5, 10, 14, 11, 8, 9, 15]:
if uname in newperms and perm in newperms[uname]:
if perm not in perms[uname]:
add_perm(uid, cid, perm)
audit(
1, user_id, uid, "CourseAdmin",
"%s given %s permission by %s" % (
uname,
get_perm_short(perm),
user_id,
))
else:
if uname in perms and perm in perms[uname]:
delete_perm(uid, cid, perm)
audit(
1, user_id, uid, "CourseAdmin",
"%s had %s permission revoked by %s" % (
uname,
get_perm_short(perm),
user_id,
))
for uname in newperms:
uid = Users2.uid_by_uname(uname)
if uname not in perms:
# We've added a user
for perm in [2, 5, 10, 14, 11, 8, 9, 15]:
if perm in newperms[uname]:
add_perm(uid, cid, perm)
audit(
1, user_id, uid, "CourseAdmin",
"%s given %s permission by %s" % (
uname,
get_perm_short(perm),
user_id,
))
if "adduser" in form:
newuname = form['adduser']
newuid = Users2.uid_by_uname(newuname)
if newuid:
add_perm(newuid, cid, 10)
audit(
1, user_id, newuid, "CourseAdmin",
"%s given '%s' permission by %s" % (
newuname,
get_perm_short(10),
user_id,
))
return
