def POST(self, USERNAME, PASSWORD, LOGIN_BUTTON="", url=""): if LOGIN_BUTTON: if user_exists(USERNAME): if potential_attack(USERNAME): deactivate_user(USERNAME) logger.security("user account deactivated") elif user.login(USERNAME, PASSWORD): username = user.username user_id = user.id msg = '<a href="/users/%(user_id)s">%(username)s</a> logged in' % locals() logger.info("user %s successfully logged in" % USERNAME) logger.activity("session", msg) return redirect_to("/") else: logger.security("unknown username (%s)" % USERNAME) logger.security("failed login attempt", USERNAME) error("invalid username or password") else: # API call if user.login(USERNAME, PASSWORD): return "OK" else: return "FAIL"
def insert(cls, form): values = form.evaluate() username = values['USERNAME'].lower() password = gen_password() values['FIRSTNAME'] = values['FIRST_NAME'] values['LASTNAME'] = values['LAST_NAME'] values['LOGINID'] = username values['PASSWORD'] = '' values['DTUPD'] = values['DTADD'] = datetime.datetime.now() values['STATUS'] = 'A' users = db.table('dz_users', 'USERID') id = users.insert(values) db('delete from dz_members where userid=%s', id) # make sure new users have no memberships add_user(values['LOGINID'], 'users') new_user = ZoomUser(username) new_user.set_password(password) msg = '<a href="/users/%s">%s</a> added new user <a href="/users/%s">%s</a>' logger.activity( 'users', msg % (user.id, user.username, new_user.id, new_user.username)) audit('created user account', new_user.username) if values['SEND_INVITATION'] == True: recipients = [values['EMAIL']] tpl = load('welcome.md') t = dict( first_name=values['FIRST_NAME'], username=username, password=password, site_name=site_name(), site_url=site_url(), admin_email='*****@*****.**', owner_name=owner_name(), ) body = markdown(viewfill(tpl, t.get)) subject = 'Welcome - ' + site_name() send(recipients, subject, body) message('invitation sent')
def insert(cls, form): values = form.evaluate() username = values['USERNAME'].lower() password = gen_password() values['FIRSTNAME'] = values['FIRST_NAME'] values['LASTNAME'] = values['LAST_NAME'] values['LOGINID'] = username values['PASSWORD'] = '' values['DTUPD'] = values['DTADD'] = datetime.datetime.now() values['STATUS'] = 'A' users = db.table('dz_users','USERID') id = users.insert(values) db('delete from dz_members where userid=%s', id) # make sure new users have no memberships add_user(values['LOGINID'], 'users') new_user = ZoomUser(username) new_user.set_password(password) msg = '<a href="/users/%s">%s</a> added new user <a href="/users/%s">%s</a>' logger.activity('users', msg % (user.id, user.username, new_user.id, new_user.username)) audit('created user account', new_user.username) if values['SEND_INVITATION'] == True: recipients = [values['EMAIL']] tpl = load('welcome.md') t = dict( first_name = values['FIRST_NAME'], username = username, password = password, site_name = site_name(), site_url = site_url(), admin_email = '*****@*****.**', owner_name = owner_name(), ) body = markdown(viewfill(tpl, t.get)) subject = 'Welcome - ' + site_name() send(recipients, subject, body) message('invitation sent')
def login_button(self): if login_form.validate(data): values = login_form.evaluate() username = values['USERNAME'] password = values['PASSWORD'] remember_me = values['REMEMBER_ME'] as_api = os.environ.get('HTTP_ACCEPT','') == 'application/json' if user_exists(username): if potential_attack(username): deactivate_user(username) logger.security('user account (%s) deactivated' % username) elif user.login(username, password, remember_me): if as_api: logger.info('user %s successfully logged in via api' % username) return '{}' else: username = user.username user_id = user.id msg = '<a href="/users/%(user_id)s">%(username)s</a> logged in' % locals() logger.activity('session', msg) logger.info('user %s successfully logged in' % username) referrer = data.get('referrer') if referrer: return redirect_to(referrer) return redirect_to('/'+user.default_app) else: logger.security('unknown username (%s)' % username) logger.security('failed login attempt', username) if as_api: return '{"message": "invalid username or password"}' else: error('invalid username or password')
def delete(self): msg = '<a href="/users/%s">%s</a> deleted user %s' logger.activity('users', msg % (user.id, user.username, self.username)) audit('delete user account', self.username, '') return Users.delete(self.id)