diff options
| author | Alexander Sulfrian <alexander@sulfrian.net> | 2016-01-23 13:04:35 +0100 |
|---|---|---|
| committer | Alexander Sulfrian <alexander@sulfrian.net> | 2016-01-25 01:56:13 +0100 |
| commit | 899947bd00df10cca15aca1b3c14125b38b35ecf (patch) | |
| tree | cbe0cd8023efa657b478476a70f83d2f5cb5509b /app.py | |
| parent | bd20d0ff1c7a582f3c53d30bfc387139c419ef35 (diff) | |
| download | web-899947bd00df10cca15aca1b3c14125b38b35ecf.tar.gz web-899947bd00df10cca15aca1b3c14125b38b35ecf.tar.bz2 web-899947bd00df10cca15aca1b3c14125b38b35ecf.zip | |
Moved everything into a package
Diffstat (limited to 'app.py')
| -rw-r--r-- | app.py | 301 |
1 files changed, 0 insertions, 301 deletions
@@ -1,301 +0,0 @@ -# -*- coding: utf-8 -*- - -import account -import ldap -import os -from copy import deepcopy -from flask import flash, Flask, g, redirect, request, session -from utils import * -from uuid import uuid4 - -from views import admin - -app = Flask(__name__) -app.register_blueprint(admin.bp, url_prefix='/admin') -app.config.from_object('default_settings') -if 'SPLINE_ACCOUNT_WEB_SETTINGS' in os.environ: - app.config.from_envvar('SPLINE_ACCOUNT_WEB_SETTINGS') - -app.all_services = account.SERVICES #TODO: take that from our json file or so -app.username_blacklist = list() - -@app.before_request -def session_permanent(): - if app.config.get('PERMANENT_SESSION_LIFETIME'): - session.permanent = True - else: - session.permanent = False - -@app.before_request -def ldap_connect(): - g.ldap = account.AccountService(app.config['LDAP_HOST'], app.config['LDAP_BASE_DN'], - app.config['LDAP_ADMIN_USER'], app.config['LDAP_ADMIN_PASS'], app.all_services) - -@app.before_request -def initialize_user(): - g.user = None - - if 'username' in session and 'password' in session: - username = ensure_utf8(session['username']) - password = ensure_utf8(decrypt_password(session['password'])) - try: - g.user = g.ldap.auth(username, password) - except ldap.INVALID_CREDENTIALS: - # we had crap in the session, delete it - logout_user() - -@app.before_first_request -def read_blacklist(): - if app.config.get('USERNAME_BLACKLIST_FILE'): - with open(app.config['USERNAME_BLACKLIST_FILE']) as f: - app.username_blacklist = f.read().split('\n') - -@app.context_processor -def template_default_context(): - return { - 'app': app - } - - -@app.route('/', methods=['GET', 'POST']) -@templated('index.html') -def index(): - if not g.user: - form = LoginForm(request.form, csrf_enabled=False) - if request.method == 'POST' and form.validate(): - if login_user(form.username.data, form.password.data): - flash(u'Erfolgreich eingeloggt', 'success') - return redirect(url_for('settings')) - else: - flash(u'Ungültiger Benutzername und/oder Passwort', 'error') - else: - return redirect(url_for('settings')) - - return {'form': form} - - -@app.route('/register', methods=['GET', 'POST']) -@templated('register.html') -@logout_required -def register(): - form = RegisterForm(request.form, csrf_enabled=False) - if request.method == 'POST' and form.validate(): - send_register_confirmation_mail(form.username.data, form.mail.data) - - flash(u'Es wurde eine E-Mail an die angegebene Adresse geschickt, ' - u'um diese zu überprüfen. Bitte folge den Anweisungen in der ' - u'E-Mail.', 'success') - - return redirect(url_for('index')) - - return {'form': form} - - -@app.route('/register/<token>', methods=['GET', 'POST']) -@templated('register_complete.html') -@logout_required -def register_complete(token): - #TODO: check for double uids and mail - username, mail = http_verify_confirmation('register', token.encode('ascii'), timeout=3*24*60*60) - - try: - g.ldap.get_by_uid(username) - g.ldap.get_by_mail(mail) - except account.NoSuchUserError: - pass - else: - flash(u'Du hast den Benutzer bereits angelegt! Du kannst dich jetzt einfach einloggen:') - return redirect(url_for('index')) - - form = RegisterCompleteForm(request.form, csrf_enabled=False) - if request.method == 'POST' and form.validate(): - password = form.password.data - - user = account.Account(username, mail, password=form.password.data) - g.ldap.register(user) - - # populate request context and session - assert login_user(user.uid, user.password) - - if app.config.get('MAIL_REGISTER_NOTIFY'): - send_mail( - app.config['MAIL_REGISTER_NOTIFY'], - u'[accounts] Neuer Benutzer %s erstellt' % username, - u'Benutzername: %s\nE-Mail: %s\n\nSpammer? Deaktivieren: ' - u'%s\n' % (username, mail, - url_for('admin_disable_account', uid=username, _external=True)) - ) - - flash(u'Benutzer erfolgreich angelegt.', 'success') - return redirect(url_for('settings')) - - return { - 'form': form, - 'token': token, - 'username': username, - 'mail': mail, - } - - -@app.route('/lost_password', methods=['GET', 'POST']) -@templated('lost_password.html') -@logout_required -def lost_password(): - form = LostPasswordForm(request.form, csrf_enabled=False) - if request.method == 'POST' and form.validate(): - #TODO: make the link only usable once (e.g include a hash of the old pw) - # atm the only thing we do is make the link valid for only little time - confirm_token = make_confirmation('lost_password', (form.user.uid,)) - confirm_link = url_for('lost_password_complete', token=confirm_token, _external=True) - - body = render_template('mail/lost_password.txt', username=form.user.uid, - link=confirm_link) - - send_mail(form.user.attributes['mail'], u'Passwort vergessen', body, - sender=app.config.get('MAIL_CONFIRM_SENDER')) - - flash(u'Wir haben dir eine E-Mail mit einem Link zum Passwort ändern ' - u'geschickt. Bitte folge den Anweisungen in der E-Mail.', 'success') - - return redirect(url_for('index')) - - return {'form': form} - - -@app.route('/lost_password/<token>', methods=['GET', 'POST']) -@templated('lost_password_complete.html') -@logout_required -def lost_password_complete(token): - username, = http_verify_confirmation('lost_password', token.encode('ascii'), timeout=4*60*60) - - form = RegisterCompleteForm(request.form, csrf_enabled=False) - if request.method == 'POST' and form.validate(): - user = g.ldap.get_by_uid(username) - user.change_password(form.password.data) - g.ldap.update(user, as_admin=True) - - session['username'] = username - session['password'] = encrypt_password(form.password.data) - flash(u'Passwort geändert.', 'success') - - return redirect(url_for('settings')) - - return { - 'form': form, - 'token': token, - 'username': username, - } - - -@app.route('/settings', methods=['GET', 'POST']) -@templated('settings.html') -@login_required -def settings(): - form = SettingsForm(request.form, mail=g.user.attributes['mail']) - if request.method == 'POST' and form.validate(): - changed = False - - if request.form.get('submit_services'): - for service in app.all_services: - field = form.get_servicedelete(service.id) - if(field.data): - g.user.reset_password(service.id) - changed = True - - elif request.form.get('submit_main'): - if form.mail.data and form.mail.data != g.user.attributes['mail']: - confirm_token = make_confirmation('change_mail', (g.user.uid, form.mail.data)) - confirm_link = url_for('change_mail', token=confirm_token, _external=True) - - body = render_template('mail/change_mail.txt', username=g.user.uid, - mail=form.mail.data, link=confirm_link) - - send_mail(form.mail.data, u'E-Mail-Adresse bestätigen', body, - sender=app.config.get('MAIL_CONFIRM_SENDER')) - - flash(u'Es wurde eine E-Mail an die angegebene Adresse geschickt, ' - u'um diese zu überprüfen. Bitte folge den Anweisungen in der ' - u'E-Mail.', 'success') - changed = True - - if form.password.data: - g.user.change_password(form.password.data, form.old_password.data) - session['password'] = encrypt_password(form.password.data) - - flash(u'Passwort geändert', 'success') - changed = True - - for service in app.all_services: - field = form.get_servicepassword(service.id) - if field.data: - changed = True - g.user.change_password(field.data, None, service.id) - - if changed: - g.ldap.update(g.user, as_admin=True) #XXX: as_admin wieder wegmachen sobald ACLs richtig gesetzt sind - return redirect(url_for('settings')) - else: - flash(u'Nichts geändert.') - - - services = deepcopy(app.all_services) - for s in services: - s.changed = s.id in g.user.services - - return { - 'form': form, - 'services': services, - } - -@app.route('/settings/change_mail/<token>') -@login_required -def change_mail(token): - username, mail = http_verify_confirmation('change_mail', token.encode('ascii'), timeout=3*24*60*60) - - if g.user.uid != username: - raise Forbidden(u'Bitte logge dich als der Benutzer ein, dessen E-Mail-Adresse du ändern willst.') - - results = g.ldap.find_by_mail(mail) - for user in results: - if user.uid != g.user.uid: - raise Forbidden(u'Diese E-Mail-Adresse wird schon von einem anderen account benutzt!') - - g.user.change_email(mail) - g.ldap.update(g.user) - - flash(u'E-Mail-Adresse geändert.', 'success') - return redirect(url_for('settings')) - - -@app.route('/logout') -def logout(): - logout_user() - flash(u'Erfolgreich ausgeloggt.', 'success') - return redirect(url_for('index')) - - -@app.route('/about') -@templated('about.html') -def about(): - return {} - - -@app.errorhandler(403) -@app.errorhandler(404) -def errorhandler(e): - return render_template('error.html', error=e), e.code - - -@app.route('/debug') -def debug(): - raise Exception() - - -# we need the app to exist before initializing the forms -from forms import RegisterForm, RegisterCompleteForm, LoginForm, SettingsForm,\ - LostPasswordForm, AdminCreateAccountForm,\ - AdminDisableAccountForm - - -if __name__ == '__main__': - app.run() |