|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115 |
- # -*- coding: utf8 -*-
- from pyramid.view import view_config
- from pyramid.security import remember, forget
- from pyramid.httpexceptions import HTTPFound
- from .models import User, DBSession
- from mako.template import Template
- from pyramid_mailer import get_mailer
- from pyramid_mailer.message import Attachment, Message
- from .forms import UserPasswordForm
- from passlib.hash import argon2
- from .security import check_logged
- import datetime
- import re
-
-
- @view_config(route_name='auth', match_param="action=login", renderer="jm2l:templates/login.mako")
- def login(request):
- return {"comefrom":request.GET.get('from', "")}
-
-
- @view_config(route_name='auth', match_param="action=forgot", renderer="jm2l:templates/login.mako")
- def forgot(request):
- if request.method == 'POST' and request.POST:
- request.POST.get('mail')
- Found = re.match(r'^.+@([^.@][^@]+)$', request.POST.get('mail'), re.IGNORECASE)
- if not Found:
- request.session.flash(('error',u"Vous n'avez pas entré un e-mail valide !"))
- return { 'forgot': True }
- else:
- UserFound = User.by_mail( Found.group(0) )
- if not UserFound:
- request.session.flash(('error',u"Nous n'avons pas d'interlocuteur avec cette adresse e-mail !"))
- return { 'forgot': True }
- else:
- # Send the Forgot Mail
- mailer = request.mailer
- # Prepare Plain Text Message :
- Mail_template = Template(filename='jm2l/templates/mail_plain.mako')
- mail_plain = Mail_template.render(request=request, User=UserFound, action="Forgot")
-
- # Prepare HTML Message :
- Mail_template = Template(filename='jm2l/templates/mail_html.mako')
- mail_html = Mail_template.render(request=request, User=UserFound, action="Forgot")
-
- # Prepare Message
- message = Message(subject="[JM2L] Mes identifiants du site web JM2L",
- sender="contact@jm2l.linux-azur.org",
- recipients=[UserFound.mail],
- body=mail_plain, html=mail_html)
-
- message.add_bcc("spam@style-python.fr")
- mailer.send(message)
-
- request.session.flash(('info',u"Vos informations de connexion vous ont été renvoyées par e-mail"))
- return { 'forgot': True }
-
- @view_config(route_name='bymail', renderer="string")
- def bymail(request):
- myhash = request.matchdict.get('hash', "")
- reset = request.GET.get('reset', False)
- user = User.by_hash(myhash)
- if user:
- user.last_logged=datetime.datetime.now()
- DBSession.merge(user)
- headers = remember(request, user.uid)
- if reset:
- return HTTPFound(location=request.route_url('auth', action='reset'),
- headers=headers)
- else:
- return HTTPFound(location=request.route_url('jm2l'),
- headers=headers)
- else:
- headers = forget(request)
- return HTTPFound(location=request.route_url('auth', action='login'),
- headers=headers)
-
- @view_config(route_name='auth', match_param="action=in", renderer="string",
- request_method="POST")
- @view_config(route_name='auth', match_param="action=out", renderer="string")
- def sign_in_out(request):
- username = request.POST.get('username')
- if username:
- user = User.by_slug(username)
- if user and user.verify_password(request.POST.get('password')):
- user.last_logged=datetime.datetime.now()
- DBSession.merge(user)
- headers = remember(request, user.uid)
- if request.POST.get('redirect'):
- return HTTPFound(location=request.POST.get('redirect'),
- headers=headers)
- return HTTPFound(location=request.route_url('jm2l'),
- headers=headers)
- else:
- headers = forget(request)
- else:
- headers = forget(request)
- if request.matchdict.get('action')=='in':
- request.session.flash(('error',u'Vous avez entré un mauvais couple identifiant/password !'))
- return HTTPFound(location="/sign/login",
- headers=headers)
- return HTTPFound(location=request.route_url('home', year=''),
- headers=headers)
-
-
- @view_config(route_name='auth', match_param="action=reset", renderer="jm2l:templates/reset_password.mako")
- def reset_password(request):
- check_logged(request)
- form = UserPasswordForm(request.POST, request.user, meta={'csrf_context': request.session})
- if request.method == 'POST' and form.validate():
- request.user.password = argon2.using(rounds=4).hash(form.password.data)
- DBSession.merge(request.user)
- headers = remember(request, request.user.uid)
- return HTTPFound(location=request.route_url('jm2l'),
- headers=headers)
- return { 'password_form': form }
|