def lost_password(request):
"""
Presents lost password page - sends password reset link to
specified email address.
This link is valid only for 10 minutes
"""
form = forms.LostPasswordForm(request.POST, csrf_context=request)
if request.method == "POST" and form.validate():
user = UserService.by_email(form.email.data)
if user:
UserService.regenerate_security_code(user)
user.security_code_date = datetime.datetime.utcnow()
email_vars = {
"user": user,
"request": request,
"email_title": "AppEnlight :: New password request",
}
UserService.send_email(
request,
recipients=[user.email],
variables=email_vars,
template="/email_templates/lost_password.jinja2",
)
msg = (
"Password reset email had been sent. "
"Please check your mailbox for further instructions."
)
request.session.flash(_(msg))
return HTTPFound(location=request.route_url("lost_password"))
return {"form": form}
def assign_users(request):
"""
Assigns specific report group to user for review - send email notification
"""
report_group = request.context.report_group
application = request.context.resource
currently_assigned = [u.user_name for u in report_group.assigned_users]
new_assigns = request.unsafe_json_body
# first unassign old users
for user_name in new_assigns["unassigned"]:
if user_name in currently_assigned:
user = UserService.by_user_name(user_name)
report_group.assigned_users.remove(user)
comment = ReportComment(owner_id=request.user.id,
report_time=report_group.first_timestamp)
comment.body = "Unassigned group from @%s" % user_name
report_group.comments.append(comment)
# assign new users
for user_name in new_assigns["assigned"]:
if user_name not in currently_assigned:
user = UserService.by_user_name(user_name)
if user in report_group.assigned_users:
report_group.assigned_users.remove(user)
DBSession.flush()
assignment = ReportAssignment(
owner_id=user.id,
report_time=report_group.first_timestamp,
group_id=report_group.id,
)
DBSession.add(assignment)
comment = ReportComment(owner_id=request.user.id,
report_time=report_group.first_timestamp)
comment.body = "Assigned report_group to @%s" % user_name
report_group.comments.append(comment)
email_vars = {
"user": user,
"request": request,
"application": application,
"report_group": report_group,
"email_title": "AppEnlight :: Assigned Report",
}
UserService.send_email(
request,
recipients=[user.email],
variables=email_vars,
template="/email_templates/assigned_report.jinja2",
)
return True
def comment_create(request):
"""
Creates user comments for report group, sends email notifications
of said comments
"""
report_group = request.context.report_group
application = request.context.resource
form = forms.CommentForm(MultiDict(request.unsafe_json_body),
csrf_context=request)
if request.method == "POST" and form.validate():
comment = ReportComment(owner_id=request.user.id,
report_time=report_group.first_timestamp)
form.populate_obj(comment)
report_group.comments.append(comment)
perm_list = ResourceService.users_for_perm(application, "view")
uids_to_notify = []
users_to_notify = []
for perm in perm_list:
user = perm.user
if ("@{}".format(user.user_name) in comment.body
and user.id not in uids_to_notify):
uids_to_notify.append(user.id)
users_to_notify.append(user)
commenters = ReportGroupService.users_commenting(
report_group, exclude_user_id=request.user.id)
for user in commenters:
if user.id not in uids_to_notify:
uids_to_notify.append(user.id)
users_to_notify.append(user)
for user in users_to_notify:
email_vars = {
"user": user,
"commenting_user": request.user,
"request": request,
"application": application,
"report_group": report_group,
"comment": comment,
"email_title": "AppEnlight :: New comment",
}
UserService.send_email(
request,
recipients=[user.email],
variables=email_vars,
template="/email_templates/new_comment_report.jinja2",
)
request.session.flash(_("Your comment was created"))
return comment.get_dict()
else:
return form.errors
def alert_channels_POST(request):
"""
Creates a new email alert channel for user, sends a validation email
"""
user = request.user
form = forms.EmailChannelCreateForm(MultiDict(request.unsafe_json_body),
csrf_context=request)
if not form.validate():
return HTTPUnprocessableEntity(body=form.errors_json)
email = form.email.data.strip()
channel = EmailAlertChannel()
channel.channel_name = "email"
channel.channel_value = email
security_code = generate_random_string(10)
channel.channel_json_conf = {"security_code": security_code}
user.alert_channels.append(channel)
email_vars = {
"user": user,
"email": email,
"request": request,
"security_code": security_code,
"email_title": "AppEnlight :: "
"Please authorize your email",
}
UserService.send_email(
request,
recipients=[email],
variables=email_vars,
template="/email_templates/authorize_email.jinja2",
)
request.session.flash(_("Your alert channel was " "added to the system."))
request.session.flash(
_("You need to authorize your email channel, a message was "
"sent containing necessary information."),
"warning",
)
DBSession.flush()
channel.get_dict()
def register(request):
"""
Render register page with form
Also handles oAuth flow for registration
"""
login_url = request.route_url("ziggurat.routes.sign_in")
if request.query_string:
query_string = "?%s" % request.query_string
else:
query_string = ""
referrer = "%s%s" % (request.path, query_string)
if referrer in [login_url, "/register", "/register?sign_in=1"]:
referrer = "/" # never use the login form itself as came_from
sign_in_form = forms.SignInForm(
came_from=request.params.get("came_from", referrer), csrf_context=request
)
# populate form from oAuth session data returned by authomatic
social_data = request.session.get("zigg.social_auth")
if request.method != "POST" and social_data:
log.debug(social_data)
user_name = social_data["user"].get("user_name", "").split("@")[0]
form_data = {"user_name": user_name, "email": social_data["user"].get("email")}
form_data["user_password"] = str(uuid.uuid4())
form = forms.UserRegisterForm(MultiDict(form_data), csrf_context=request)
form.user_password.widget.hide_value = False
else:
form = forms.UserRegisterForm(request.POST, csrf_context=request)
if request.method == "POST" and form.validate():
log.info("registering user")
# insert new user here
if request.registry.settings["appenlight.disable_registration"]:
request.session.flash(_("Registration is currently disabled."))
return HTTPFound(location=request.route_url("/"))
new_user = User()
DBSession.add(new_user)
form.populate_obj(new_user)
UserService.regenerate_security_code(new_user)
new_user.status = 1
UserService.set_password(new_user, new_user.user_password)
new_user.registration_ip = request.environ.get("REMOTE_ADDR")
if social_data:
handle_social_data(request, new_user, social_data)
email_vars = {
"user": new_user,
"request": request,
"email_title": "AppEnlight :: Start information",
}
UserService.send_email(
request,
recipients=[new_user.email],
variables=email_vars,
template="/email_templates/registered.jinja2",
)
request.session.flash(_("You have successfully registered."))
DBSession.flush()
headers = security.remember(request, new_user.id)
return HTTPFound(location=request.route_url("/"), headers=headers)
settings = request.registry.settings
social_plugins = {}
if settings.get("authomatic.pr.twitter.key", ""):
social_plugins["twitter"] = True
if settings.get("authomatic.pr.google.key", ""):
social_plugins["google"] = True
if settings.get("authomatic.pr.github.key", ""):
social_plugins["github"] = True
if settings.get("authomatic.pr.bitbucket.key", ""):
social_plugins["bitbucket"] = True
return {
"form": form,
"sign_in_form": sign_in_form,
"social_plugins": social_plugins,
}
