1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
# -*- coding: utf-8 -*-
import flaskext_compat
flaskext_compat.activate()
import account
import ldap
import os
from flask import flash, Flask, g, redirect, request, session, url_for
from utils import templated, login_required, encrypt_password, decrypt_password, login_user, logout_user
from forms import RegisterForm, LoginForm, SettingsForm
app = Flask(__name__)
app.config.from_object('default_settings')
if 'SPLINE_ACCOUNT_WEB_SETTINGS' in os.environ:
app.config.from_envvar('SPLINE_ACCOUNT_WEB_SETTINGS')
@app.before_request
def ldap_connect():
g.ldap = account.AccountService(account.LDAP_HOST, account.LDAP_BASE_DN,
account.LDAP_ADMIN_USER, account.LDAP_ADMIN_PASS, account.SERVICES)
g.user = None
if 'username' in session and 'password' in session:
try:
g.user = g.ldap.auth(session['username'], decrypt_password(session['password']))
except ldap.INVALID_CREDENTIALS:
# we had crap in the session, delete it
logout_user()
@app.route('/', methods=['GET', 'POST'])
@templated('index.html')
def index():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
if login_user(form.username.data, form.password.data):
flash(u'Erfolgreich eingeloggt (als %s)' % session['username'])
return redirect(url_for('settings'))
else:
flash(u'Ungültiger Benutzername und/oder Passwort', 'error')
return {'form': form}
@app.route('/register', methods=['GET', 'POST'])
@templated('register.html')
def register():
form = RegisterForm(request.form)
if request.method == 'POST' and form.validate():
username = form.username.data
mail = form.mail.data
password = form.password.data
user = Account(form.username.data, form.mail.data, password=form.password.data)
service.register(user)
# populate request context and session
assert login_user(user.username, user.password)
flash(u'Benutzer erfolgreich angelegt.')
redirect(url_for('settings'))
return {'form': form}
@app.route('/settings', methods=['GET', 'POST'])
@templated('settings.html')
@login_required
def settings():
form = SettingsForm(request.form, mail=g.user.mail)
if request.method == 'POST' and form.validate():
changed = []
if form.mail.data and form.mail.data != g.user.mail:
g.user.change_email(form.mail.data)
changed.append(u'E-Mail-Adresse')
if form.password.data:
g.user.change_password(form.password.data)
changed.append(u'Passwort')
session['password'] = encrypt_password(form.password.data)
if changed:
g.ldap.update(g.user)
flash(u'%s geändert' % u' und '.join(changed))
return redirect(url_for('settings'))
else:
flash(u'Nichts geändert')
return {'form': form}
@app.route('/logout')
def logout():
logout_user()
return redirect(url_for('index'))
@app.route('/debug')
def debug():
raise Exception()
if __name__ == '__main__':
app.run(debug=True)
# wir brauchen:
# registrieren
# login
# passwort ändern (master-passwort, einzelne)
# email ändern
# später:
# account löschen
# openid-provider (ggf mehr Details: Realname, Zeitzone, ...)
|