def post(self): """Login to a account account. Set a secure cookie. Log failed login attempt and disable account if too many recent. """ try: email = self.get_argument("email") password = self.get_argument("password") except tornado.web.MissingArgumentError: self.set_error_flash("Missing email or password argument.") self.see_other("login") return try: account = self.get_account(email) if utils.hashed_password(password) != account.get("password"): raise KeyError except KeyError: self.set_error_flash("No such account or invalid password.") self.see_other("login") else: self.set_secure_cookie( constants.USER_COOKIE, account["email"], expires_days=settings["LOGIN_MAX_AGE_DAYS"], ) with AccountSaver(doc=account, rqh=self) as saver: saver["login"] = utils.timestamp() # Set last login timestamp. self.redirect(self.reverse_url("home"))
def create_admin(db, email, password): with AccountSaver(db=db) as saver: saver.set_email(email) saver['owner'] = email saver.set_password(password) saver['role'] = constants.ADMIN saver['labels'] = [] print("Created 'admin' role account", email)
def create_curator(db, email, labels): with AccountSaver(db=db) as saver: saver.set_email(email) saver['owner'] = email saver['role'] = constants.CURATOR saver['labels'] = labels print("Created 'curator' role account", email) print('NOTE: No email sent!')
def set_password(db, email): account = utils.get_account(db, email) password = getpass.getpass('Password > ') if not password: raise ValueError('Error: no password provided') if password != getpass.getpass('Password again > '): raise ValueError('Error: passwords did not match') with AccountSaver(doc=account, db=db) as saver: saver.set_password(password) print("Set password for", email)
def admin(email, password): "Create a user account having the admin role." db = utils.get_db() try: with AccountSaver(db=db) as saver: saver.set_email(email) saver["owner"] = email if not password: password = click.prompt("Password", hide_input=True, confirmation_prompt=True) saver.set_password(password) saver["role"] = constants.ADMIN saver["labels"] = [] except ValueError as error: raise click.ClickException(str(error)) click.echo(f"Created 'admin' role account {email}")
def password(email, password): "Set the password for the given account." db = utils.get_db() try: user = utils.get_account(db, email) except KeyError as error: raise click.ClickException(str(error)) try: with AccountSaver(doc=user, db=db) as saver: if not password: password = click.prompt("Password", hide_input=True, confirmation_prompt=True) saver.set_password(password) except ValueError as error: raise click.ClickException(str(error)) click.echo(f"Password set for account {email}")
def post(self, identifier): self.check_admin() try: label = self.get_label(identifier) except KeyError as error: self.see_other("labels", error=str(error)) return old_value = label["value"] new_value = self.get_argument("value") try: with LabelSaver(label, rqh=self) as saver: saver.check_revision() saver.set_value(new_value) saver.set_secondary(self.get_argument("secondary", None)) saver["href"] = self.get_argument("href", None) saver["description"] = self.get_argument("description", None) if settings["TEMPORAL_LABELS"]: saver["started"] = self.get_argument("started", "") or None saver["ended"] = self.get_argument("ended", "") or None except SaverError: self.set_error_flash(constants.REV_ERROR) self.see_other("label", label["value"]) return except ValueError as error: self.set_error_flash(str(error)) self.see_other("label_edit", old_value) return if new_value != old_value: for account in self.get_docs("account", "label", key=old_value.lower()): with AccountSaver(account, rqh=self) as saver: labels = set(account["labels"]) labels.discard(old_value) labels.discard(old_value.lower()) labels.add(new_value) saver["labels"] = sorted(labels) for publication in Subset(self.db, label=old_value): if old_value in publication["labels"]: with PublicationSaver(publication, rqh=self) as saver: labels = publication["labels"].copy() labels[new_value] = labels.pop(old_value) saver["labels"] = labels self.see_other("label", label["value"])
def delete(self, identifier): self.check_admin() try: label = self.get_label(identifier) except KeyError as error: self.see_other("labels", error=str(error)) return value = label["value"] # Do it in this order; safer if interrupted. publications = list(Subset(self.db, label=label["value"])) for publication in publications: with PublicationSaver(publication, rqh=self) as saver: labels = publication["labels"].copy() labels.pop(value, None) labels.pop(value.lower(), None) saver["labels"] = labels for account in self.get_docs("account", "label", key=value.lower()): with AccountSaver(account, rqh=self) as saver: labels = set(account["labels"]) labels.discard(value) saver["labels"] = sorted(labels) self.delete_entity(label) self.see_other("labels")
def post(self, identifier): self.check_admin() try: label = self.get_label(identifier) except KeyError as error: self.see_other("labels", error=str(error)) return try: merge = self.get_label(self.get_argument("merge")) except tornado.web.MissingArgumentError: self.set_error_flash("no merge label provided") self.see_other("labels") return except KeyError as error: self.set_error_flash(str(error)) self.see_other("labels") return old_label = label["value"] new_label = merge["value"] self.delete_entity(label) for account in self.get_docs("account", "label", key=old_label.lower()): with AccountSaver(account, rqh=self) as saver: labels = set(account["labels"]) labels.discard(old_label) labels.discard(old_label.lower()) labels.add(new_label) saver["labels"] = sorted(labels) for publication in Subset(self.db, label=old_label): with PublicationSaver(publication, rqh=self) as saver: labels = publication["labels"].copy() qual = labels.pop(old_label, None) or labels.pop( old_label.lower(), None) labels[new_label] = labels.get(new_label) or qual saver["labels"] = labels self.see_other("label", new_label)