def login():
if not current_user.is_anonymous():
return redirect(url_for('index'))
session = Session()
if session.query(User).filter(User.is_admin).count() == 0:
return redirect(url_for('setup'))
if request.method == 'GET':
return render_template('login.html', form=LoginForm())
form = LoginForm(request.form)
if form.validate_on_submit():
session = Session()
user = session.query(User).filter(
User.needs_activation == False).filter(
User.username == form.username.data).first()
if user and user.check_password(form.password.data):
if login_user(user, remember=True):
return redirect(request.args.get("next") or url_for("index"))
else:
flash('Unknown error', 'danger')
else:
flash('Invalid username/password.', 'danger')
else:
flash('The form contains one or more errors', 'danger')
return render_template('login.html', form=form)
def delete_user(id):
session = Session()
user = get_or_404(session.query(User), id)
session.delete(user)
session.commit()
flash("User deleted", 'info')
return redirect(url_for('administrate_users'))
def confirm(confirmation_token):
username = get_username_from_confirmation_token(app, confirmation_token)
if not username:
flash('Invalid confirmation link', 'danger')
return redirect(url_for('login'))
session = Session()
user = session.query(User).filter(User.username == username).first()
if not user.needs_activation:
flash('Account already confirmed', 'warning')
return redirect(url_for('login'))
if request.method == 'POST':
form = SelectPasswordForm(request.form)
else:
flash("Please create a password to confirm your account.", 'info')
form = SelectPasswordForm()
if form.validate_on_submit():
user.change_password(form.password.data)
user.needs_activation = False
session.commit()
flash("Account confirmed. You may now login.", 'success')
return redirect(url_for('login'))
return render_template('user/select_password.html', form=form)
def free_mailbox(mailbox_id):
session = Session()
mailbox = session.query(Mailbox).options(
joinedload('user')).filter(Mailbox.id == mailbox_id).first()
username = mailbox.user.username
mailbox.user = None
session.commit()
flash('%s removed from mailbox %d' % (username, mailbox.id), 'success')
return redirect(url_for('administrate_mailboxes'))
def administrate_mailboxes():
session = Session()
if request.method == 'POST':
form = AssignMailboxForm(request.form)
if form.validate_on_submit():
user = session.query(User).get(form.user.data)
mailbox = session.query(Mailbox).get(form.mailbox.data)
user.mailbox = mailbox
session.commit()
flash('Mailbox %d assigned to %s' % (mailbox.id, user.username),
'success')
mailboxes = session.query(Mailbox).options(joinedload('user')).all()
users = session.query(User).filter(User.is_admin == False).filter(
User.mailbox == None).filter(User.needs_activation == False).all()
return render_template('admin/mailboxes.html',
mailboxes=mailboxes,
users=users,
form=AssignMailboxForm())
def put(self, mailbox_id):
args = self.parser.parse_args()
new_rfid = args.rfid
has_mail = args.has_mail
session = Session()
mailbox = get_or_404(session.query(MailboxModel), mailbox_id)
if new_rfid:
if not new_rfid in [key.rfid for key in mailbox.keys]:
key = MailboxKey()
key.mailbox = mailbox
key.rfid = new_rfid
if has_mail != None:
mailbox.has_mail = has_mail
session.commit()
return mailbox
def recover_account(recovery_token):
username = get_username_from_recovery_token(app, recovery_token)
if not username:
flash('Invalid recovery token.', 'danger')
return redirect(url_for('login'))
if request.method == 'POST':
form = SelectPasswordForm(request.form)
else:
form = SelectPasswordForm()
if form.validate_on_submit():
session = Session()
user = session.query(User).filter(User.username == username).first()
user.change_password(form.password.data)
flash('Password reset. You may now login.', 'success')
return redirect(url_for('login'))
return render_template('/user/select_password.html', form=form)
def account_recovery():
if request.method == 'POST':
form = AccountRecoveryForm(request.form)
else:
form = AccountRecoveryForm()
if form.validate_on_submit():
session = Session()
status = False
#There may be multiple accounts associated with this email.
for user in session.query(User).filter(
User.email == form.email.data).all():
if user.is_active():
status = send_account_recovery_mail(app, user)
if status:
flash(
'Account recovery instructions has been sent to %s' %
user.email, 'success')
else:
flash('Unable to send confirmation to %s' % user.email, 'danger')
return render_template('user/reset_password.html', form=form)
def setup():
session = Session()
if session.query(User).filter(User.is_admin).count() > 0:
return redirect(url_for('index'))
if request.method == 'POST':
form = CreateAdministratorForm(request.form)
else:
form = CreateAdministratorForm()
if form.validate_on_submit():
session = Session()
user = User(username=form.username.data, password=form.password.data)
user.email = form.email.data
user.is_admin = True
user.needs_password_reset = False
user.needs_activation = False
session.add(user)
session.commit()
flash('Administrator user created. You may now log in.', 'success')
return redirect(url_for('login'))
else:
flash('Please create an administrator user to get started.', 'info')
return render_template('admin/setup.html', form=form)
def validate_email(self, field):
session = Session()
if session.query(User).filter(User.email == field.data).count() == 0:
raise ValidationError('Could not find an account with that email.')
def validate_user(self, field):
session = Session()
if session.query(Mailbox).filter(User.id == field.data).count() == 0:
raise ValidationError('Mailbox id out of range.')
def validate_username(self, field):
session = Session()
if session.query(User).filter(User.username == field.data).count() > 0:
raise ValidationError('Username must be unique')
def administrate_users():
session = Session()
users = session.query(User).filter(User.is_admin == False)
return render_template('admin/users.html', users=users)
def load_user(user_id):
session = Session()
return session.query(User).get(user_id)
def get_list(self):
session = Session()
return session.query(MailboxModel).all()
def get_single(self, mailbox_id):
session = Session()
return get_or_404(session.query(MailboxModel), mailbox_id)