Mercurial > hg > ltpdarepo
view src/ltpdarepo/views/profile.py @ 260:0ac15efd8c17 default tip
Drop obsolete parameter to bootstrap.py in README.txt
| author | Daniele Nicolodi <daniele.nicolodi@obspm.fr> |
|---|---|
| date | Mon, 29 Sep 2014 15:49:42 +0200 |
| parents | 6b8153a4537e |
| children |
line wrap: on
line source
# Copyright 2011 Daniele Nicolodi <nicolodi@science.unitn.it> # # This software may be used and distributed according to the terms of # the GNU Affero General Public License version 3 or any later version. from flask import Blueprint, g, abort, flash, render_template, request, redirect, url_for, session from werkzeug.exceptions import BadRequest from ltpdarepo.sign import Signer, BadSignature, SignatureExpired from ltpdarepo.security import require, permission from ltpdarepo.user import User, IUser, IPassword, INVALIDPASSWORD app = Blueprint('user', __name__) @app.route('/<username>') @require('user') def view(username): with permission('view', 'user', username): user = User.load(username) if user is None: # not found abort(404) return render_template('user.html', user=user) @app.route('/<username>/edit', methods=('GET', 'POST')) @require('user') def edit(username): with permission('edit', 'user', username): user = User.load(username) if user is None: # not found abort(404) # users can not set admin role for themself form = IUser(obj=user).omit('username', 'admin') if request.method == 'POST' and form.validate(): form.update(user) user.save() flash('User data saved.') return redirect(url_for('user.view', username=username)) return render_template('users/edit.html', username=username, form=form) def _validate_request(request, username): token = request.values.get('token', '') s = Signer() try: value = s.loads(token, maxage=3600*24) except SignatureExpired: raise BadRequest('<p>Token expired.</p>') except BadSignature: raise BadRequest('<p>Invalid token.</p>') if value != username: raise BadRequest('<p>Invalid token.</p>') # check that the user is not active curs = g.db.cursor() curs.execute("""SELECT Password FROM mysql.user WHERE User=%s""", username) if curs.fetchone()[0] != INVALIDPASSWORD: raise BadRequest('<p>User already activated.</p>') @app.route('/<username>/activate', methods=['GET', 'POST']) def activate(username): user = User.load(username) if user is None: # not found abort(404) # validate token _validate_request(request, username) form = IPassword() if request.method == 'POST' and form.validate(): # set password user.passwd(form.password.data) flash('User account activated.') # login if not already logged in if 'username' not in session: session['username'] = username return redirect(url_for('index')) return render_template('users/activate.html', username=username, form=form) @app.route('/<username>/reset', methods=['GET', 'POST']) def reset(username): user = User.load(username) if user is None: # not found abort(404) # validate token _validate_request(request, username) form = IPassword() if request.method == 'POST' and form.validate(): # set password user.passwd(form.password.data) flash('Password set.') # login if not already logged in if 'username' not in session: session['username'] = username return redirect(url_for('index')) return render_template('users/password.html', username=username, form=form) @app.route('/<username>/password', methods=('GET', 'POST')) @require('user') def password(username): with permission('edit', 'user', username): user = User.load(username) if user is None: # not found abort(404) form = IPassword() if request.method == 'POST' and form.validate(): # set password user.passwd(form.password.data) flash('Password set.') return redirect(url_for('user.view', username=username)) return render_template('users/password.html', username=username, form=form) module = app