diff options
Diffstat (limited to 'accounts/__init__.py')
| -rw-r--r-- | accounts/__init__.py | 253 |
1 files changed, 4 insertions, 249 deletions
diff --git a/accounts/__init__.py b/accounts/__init__.py index a75010b..35c0475 100644 --- a/accounts/__init__.py +++ b/accounts/__init__.py @@ -3,13 +3,14 @@ import account import ldap import os -from copy import deepcopy -from flask import flash, Flask, g, redirect, request, session +from flask import Flask, g, session from utils import * -from views import admin +from views import default, admin + app = Flask(__name__) +app.register_blueprint(default.bp) app.register_blueprint(admin.bp, url_prefix='/admin') app.config.from_object('accounts.default_settings') if 'SPLINE_ACCOUNT_WEB_SETTINGS' in os.environ: @@ -51,249 +52,3 @@ def template_default_context(): return { 'app': app } - - -@app.route('/', methods=['GET', 'POST']) -@templated('index.html') -def index(): - if not g.user: - form = LoginForm(request.form) - if form.validate_on_submit(): - if login_user(form.username.data, form.password.data): - flash(u'Erfolgreich eingeloggt', 'success') - return redirect(url_for('settings')) - else: - flash(u'Ungültiger Benutzername und/oder Passwort', 'error') - else: - return redirect(url_for('settings')) - - return {'form': form} - - -@app.route('/register', methods=['GET', 'POST']) -@templated('register.html') -@logout_required -def register(): - form = RegisterForm(request.form) - if form.validate_on_submit(): - send_register_confirmation_mail(form.username.data, form.mail.data) - - flash(u'Es wurde eine E-Mail an die angegebene Adresse geschickt, ' - u'um diese zu überprüfen. Bitte folge den Anweisungen in der ' - u'E-Mail.', 'success') - - return redirect(url_for('index')) - - return {'form': form} - - -@app.route('/register/<token>', methods=['GET', 'POST']) -@templated('register_complete.html') -@logout_required -def register_complete(token): - #TODO: check for double uids and mail - username, mail = http_verify_confirmation('register', token.encode('ascii'), timeout=3*24*60*60) - - try: - app.user_backend.get_by_uid(username) - app.user_backend.get_by_mail(mail) - except app.user_backend.NoSuchUserError: - pass - else: - flash(u'Du hast den Benutzer bereits angelegt! Du kannst dich jetzt einfach einloggen:') - return redirect(url_for('index')) - - form = RegisterCompleteForm(request.form) - if form.validate_on_submit(): - password = form.password.data - - user = account.Account(username, mail, password=form.password.data) - app.user_backend.register(user) - - # populate request context and session - assert login_user(user.uid, user.password) - - if app.config.get('MAIL_REGISTER_NOTIFY'): - app.mail_backend.send( - app.config['MAIL_REGISTER_NOTIFY'], - u'[accounts] Neuer Benutzer %s erstellt' % username, - u'Benutzername: %s\nE-Mail: %s\n\nSpammer? Deaktivieren: ' - u'%s\n' % (username, mail, - url_for('admin_disable_account', uid=username, _external=True)) - ) - - flash(u'Benutzer erfolgreich angelegt.', 'success') - return redirect(url_for('settings')) - - return { - 'form': form, - 'token': token, - 'username': username, - 'mail': mail, - } - - -@app.route('/lost_password', methods=['GET', 'POST']) -@templated('lost_password.html') -@logout_required -def lost_password(): - form = LostPasswordForm(request.form) - if form.validate_on_submit(): - #TODO: make the link only usable once (e.g include a hash of the old pw) - # atm the only thing we do is make the link valid for only little time - confirm_token = make_confirmation('lost_password', (form.user.uid,)) - confirm_link = url_for('lost_password_complete', token=confirm_token, _external=True) - - body = render_template('mail/lost_password.txt', username=form.user.uid, - link=confirm_link) - - app.mail_backend.send( - form.user.attributes['mail'], u'Passwort vergessen', body, - sender=app.config.get('MAIL_CONFIRM_SENDER')) - - flash(u'Wir haben dir eine E-Mail mit einem Link zum Passwort ändern ' - u'geschickt. Bitte folge den Anweisungen in der E-Mail.', 'success') - - return redirect(url_for('index')) - - return {'form': form} - - -@app.route('/lost_password/<token>', methods=['GET', 'POST']) -@templated('lost_password_complete.html') -@logout_required -def lost_password_complete(token): - username, = http_verify_confirmation('lost_password', token.encode('ascii'), timeout=4*60*60) - - form = RegisterCompleteForm(request.form) - if form.validate_on_submit(): - user = app.user_backend.get_by_uid(username) - user.change_password(form.password.data) - app.user_backend.update(user, as_admin=True) - - session['username'] = username - session['password'] = encrypt_password(form.password.data) - flash(u'Passwort geändert.', 'success') - - return redirect(url_for('settings')) - - return { - 'form': form, - 'token': token, - 'username': username, - } - - -@app.route('/settings', methods=['GET', 'POST']) -@templated('settings.html') -@login_required -def settings(): - form = SettingsForm(request.form, mail=g.user.attributes['mail']) - if form.validate_on_submit(): - changed = False - - if request.form.get('submit_services'): - for service in app.all_services: - field = form.get_servicedelete(service.id) - if(field.data): - g.user.reset_password(service.id) - changed = True - - elif request.form.get('submit_main'): - if form.mail.data and form.mail.data != g.user.attributes['mail']: - confirm_token = make_confirmation('change_mail', (g.user.uid, form.mail.data)) - confirm_link = url_for('change_mail', token=confirm_token, _external=True) - - body = render_template('mail/change_mail.txt', username=g.user.uid, - mail=form.mail.data, link=confirm_link) - - app.mail_backend.send( - form.mail.data, u'E-Mail-Adresse bestätigen', body, - sender=app.config.get('MAIL_CONFIRM_SENDER')) - - flash(u'Es wurde eine E-Mail an die angegebene Adresse geschickt, ' - u'um diese zu überprüfen. Bitte folge den Anweisungen in der ' - u'E-Mail.', 'success') - changed = True - - if form.password.data: - g.user.change_password(form.password.data, form.old_password.data) - session['password'] = encrypt_password(form.password.data) - - flash(u'Passwort geändert', 'success') - changed = True - - for service in app.all_services: - field = form.get_servicepassword(service.id) - if field.data: - changed = True - g.user.change_password(field.data, None, service.id) - - if changed: - app.user_backend.update(g.user, as_admin=True) #XXX: as_admin wieder wegmachen sobald ACLs richtig gesetzt sind - return redirect(url_for('settings')) - else: - flash(u'Nichts geändert.') - - - services = deepcopy(app.all_services) - for s in services: - s.changed = s.id in g.user.services - - return { - 'form': form, - 'services': services, - } - -@app.route('/settings/change_mail/<token>') -@login_required -def change_mail(token): - username, mail = http_verify_confirmation('change_mail', token.encode('ascii'), timeout=3*24*60*60) - - if g.user.uid != username: - raise Forbidden(u'Bitte logge dich als der Benutzer ein, dessen E-Mail-Adresse du ändern willst.') - - results = app.user_backend.find_by_mail(mail) - for user in results: - if user.uid != g.user.uid: - raise Forbidden(u'Diese E-Mail-Adresse wird schon von einem anderen account benutzt!') - - g.user.change_email(mail) - app.user_backend.update(g.user) - - flash(u'E-Mail-Adresse geändert.', 'success') - return redirect(url_for('settings')) - - -@app.route('/logout') -def logout(): - logout_user() - flash(u'Erfolgreich ausgeloggt.', 'success') - return redirect(url_for('index')) - - -@app.route('/about') -@templated('about.html') -def about(): - return {} - - -@app.errorhandler(403) -@app.errorhandler(404) -def errorhandler(e): - return render_template('error.html', error=e), e.code - - -@app.route('/debug') -def debug(): - raise Exception() - - -# we need the app to exist before initializing the forms -from forms import RegisterForm, RegisterCompleteForm, LoginForm, SettingsForm,\ - LostPasswordForm, AdminCreateAccountForm,\ - AdminDisableAccountForm - - -if __name__ == '__main__': - app.run() |