def pwrecover(self, authtoken=None, skey=None, *args, **kwargs): if authtoken: data = securitykey.validate(authtoken) if data and isinstance(data, dict) and "userKey" in data.keys( ) and "password" in data.keys(): skel = self.userModule.editSkel() assert skel.fromDB(data["userKey"]) skel["password"] = data["password"] skel.toDB() return self.userModule.render.view( skel, self.passwordRecoverySuccessTemplate) else: return self.userModule.render.view( None, self.passwordRecoveryInvalidTokenTemplate) else: skel = self.lostPasswordSkel() if len(kwargs) == 0 or not skel.fromClient( kwargs) or not securitykey.validate(skey): return self.userModule.render.passwdRecover( skel, tpl=self.passwordRecoveryTemplate) user = self.userModule.viewSkel().all().filter( "name.idx =", skel["name"].lower()).get() if not user or user[ "status"] < 10: # Unknown user or locked account skel.errors["name"] = _("Unknown user") return self.userModule.render.passwdRecover( skel, tpl=self.passwordRecoveryTemplate) try: if user["changedate"] > (datetime.datetime.now() - datetime.timedelta(days=1)): # This user probably has already requested a password reset # within the last 24 hrss return self.userModule.render.view( skel, self.passwordRecoveryAlreadySendTemplate) except AttributeError: #Some newly generated user-objects dont have such a changedate yet pass user["changedate"] = datetime.datetime.now() db.Put(user) userSkel = self.userModule.viewSkel().ensureIsCloned() assert userSkel.fromDB(user.key()) userSkel.skey = baseBone(descr="Skey") userSkel["skey"] = securitykey.create(60 * 60 * 24, userKey=str(user.key()), password=skel["password"]) utils.sendEMail([userSkel["name"]], self.userModule.passwordRecoveryMail, userSkel) return self.userModule.render.view( {}, self.passwordRecoveryInstuctionsSendTemplate)
def edit(self, skel, tpl=None, params=None, **kwargs): """ Renders a page for modifying an entry. The template must construct the HTML-form on itself; the required information are passed via skel.structure, skel.value and skel.errors. A jinja2-macro, which builds such kind of forms, is shipped with the server. Any data in \*\*kwargs is passed unmodified to the template. :param skel: Skeleton of the entry which should be modified. :type skel: server.db.skeleton.Skeleton :param tpl: Name of a different template, which should be used instead of the default one. :type tpl: str :param params: Optional data that will be passed unmodified to the template :type params: object :return: Returns the emitted HTML response. :rtype: str """ if not tpl and "editTemplate" in dir(self.parent): tpl = self.parent.editTemplate tpl = tpl or self.editTemplate template = self.getEnv().get_template(self.getTemplateFileName(tpl)) skel = skel.clone() # Fixme! skeybone = baseBone(descr="SecurityKey", readOnly=True, visible=False) skel.skey = skeybone skel["skey"] = securitykey.create() if "nomissing" in request.current.get().kwargs and request.current.get( ).kwargs["nomissing"] == "1": if isinstance(skel, BaseSkeleton): super(BaseSkeleton, skel).__setattr__("errors", {}) return template.render(skel={ "structure": self.renderSkelStructure(skel), "errors": skel.errors, "value": self.collectSkelData(skel) }, params=params, **kwargs)
def add(self, *args, **kwargs): """ Allows guests to register a new account if self.registrationEnabled is set to true .. seealso:: :func:`addSkel`, :func:`onItemAdded`, :func:`canAdd` :returns: The rendered, added object of the entry, eventually with error hints. :raises: :exc:`server.errors.Unauthorized`, if the current user does not have the required permissions. :raises: :exc:`server.errors.PreconditionFailed`, if the *skey* could not be verified. """ if "skey" in kwargs: skey = kwargs["skey"] else: skey = "" if not self.canAdd(): raise errors.Unauthorized() skel = self.addSkel() if (len(kwargs) == 0 # no data supplied or skey == "" # no skey supplied or not request.current.get(). isPostRequest # bail out if not using POST-method or not skel.fromClient( kwargs) # failure on reading into the bones or ("bounce" in list(kwargs.keys()) and kwargs["bounce"] == "1")): # review before adding # render the skeleton in the version it could as far as it could be read. return self.userModule.render.add(skel) if not securitykey.validate(skey): raise errors.PreconditionFailed() skel.toDB() if self.registrationEmailVerificationRequired and str( skel["status"]) == "1": # The user will have to verify his email-address. Create an skey and send it to his address skey = securitykey.create(duration=60 * 60 * 24 * 7, userKey=str(skel["key"]), name=skel["name"]) skel.skey = baseBone(descr="Skey") skel["skey"] = skey utils.sendEMail([skel["name"]], self.userModule.verifyEmailAddressMail, skel) self.userModule.onItemAdded( skel) # Call onItemAdded on our parent user module return self.userModule.render.addItemSuccess(skel)
def getSecurityKey(render, **kwargs): """ Jinja2 global: Creates a new ViUR security key. """ return securitykey.create(**kwargs)
def genSkey(*args, **kwargs): return json.dumps(securitykey.create())
def genSkey(*args, **kwargs): return ("<securityKey>%s</securityKey>" % securitykey.create())