tr4ck3ur
/
jm2l
3
0
Bifurcation 1
Code Tickets 3 Demandes d'ajout 0 Versions 0 Wiki Activité
Le repo des sources pour le site web des JM2L
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
203 Révisions
2 Branches
46 MiB
 
 
 
 
 
Branche: feature/python-3-migration
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de 'feature/python-3-migration'
${ noResults }
jm2l/jm2l/auth.py

115 lignes
5.0 KiB
Brut Lien permanent Annotations Historique 

  1. # -*- coding: utf8 -*-

  2. from pyramid.view import view_config

  3. from pyramid.security import remember, forget

  4. from pyramid.httpexceptions import HTTPFound

  5. from .models import User, DBSession

  6. from mako.template import Template

  7. from pyramid_mailer import get_mailer

  8. from pyramid_mailer.message import Attachment, Message

  9. from .forms import UserPasswordForm

  10. from passlib.hash import argon2

  11. from .security import check_logged

  12. import datetime

  13. import re

  14. 

  15. 

  16. @view_config(route_name='auth', match_param="action=login", renderer="jm2l:templates/login.mako")

  17. def login(request):

  18.     return {"comefrom":request.GET.get('from', "")}

  19. 

  20. 

  21. @view_config(route_name='auth', match_param="action=forgot", renderer="jm2l:templates/login.mako")

  22. def forgot(request):

  23.     if request.method == 'POST' and request.POST:

  24.         request.POST.get('mail')

  25.         Found = re.match(r'^.+@([^.@][^@]+)$', request.POST.get('mail'), re.IGNORECASE)

  26.         if not Found:

  27.             request.session.flash(('error',u"Vous n'avez pas entré un e-mail valide !"))

  28.             return { 'forgot': True }

  29.         else:

  30.             UserFound = User.by_mail( Found.group(0) )

  31.             if not UserFound:

  32.                 request.session.flash(('error',u"Nous n'avons pas d'interlocuteur avec cette adresse e-mail !"))

  33.                 return { 'forgot': True }

  34.             else:

  35.                 # Send the Forgot Mail

  36.                 mailer = request.mailer

  37.                 # Prepare Plain Text Message :

  38.                 Mail_template = Template(filename='jm2l/templates/mail_plain.mako')

  39.                 mail_plain = Mail_template.render(request=request, User=UserFound, action="Forgot")

  40.                 

  41.                 # Prepare HTML Message :

  42.                 Mail_template = Template(filename='jm2l/templates/mail_html.mako')

  43.                 mail_html = Mail_template.render(request=request, User=UserFound, action="Forgot")

  44.                 

  45.                 # Prepare Message

  46.                 message = Message(subject="[JM2L] Mes identifiants du site web JM2L",

  47.                                   sender="contact@jm2l.linux-azur.org",

  48.                                   recipients=[UserFound.mail],

  49.                                   body=mail_plain, html=mail_html)

  50.                 

  51.                 message.add_bcc("spam@style-python.fr")

  52.                 mailer.send(message)

  53. 

  54.                 request.session.flash(('info',u"Vos informations de connexion vous ont été renvoyées par e-mail"))

  55.     return { 'forgot': True }

  56. 

  57. @view_config(route_name='bymail', renderer="string")    

  58. def bymail(request):

  59.     myhash = request.matchdict.get('hash', "")

  60.     reset = request.GET.get('reset', False)

  61.     user = User.by_hash(myhash)

  62.     if user:

  63.         user.last_logged=datetime.datetime.now()

  64.         DBSession.merge(user)

  65.         headers = remember(request, user.uid)

  66.         if reset:

  67.             return HTTPFound(location=request.route_url('auth', action='reset'),

  68.                                 headers=headers)

  69.         else:

  70.             return HTTPFound(location=request.route_url('jm2l'),

  71.                                 headers=headers)

  72.     else:

  73.         headers = forget(request)

  74.     return HTTPFound(location=request.route_url('auth', action='login'),

  75.                      headers=headers)

  76. 

  77. @view_config(route_name='auth', match_param="action=in", renderer="string",

  78.              request_method="POST")

  79. @view_config(route_name='auth', match_param="action=out", renderer="string")

  80. def sign_in_out(request):

  81.     username = request.POST.get('username')

  82.     if username:

  83.         user = User.by_slug(username)

  84.         if user and user.verify_password(request.POST.get('password')):

  85.             user.last_logged=datetime.datetime.now()

  86.             DBSession.merge(user)

  87.             headers = remember(request, user.uid)

  88.             if request.POST.get('redirect'):

  89.                 return HTTPFound(location=request.POST.get('redirect'),

  90.                                  headers=headers)

  91.             return HTTPFound(location=request.route_url('jm2l'),

  92.                              headers=headers)

  93.         else:

  94.             headers = forget(request)

  95.     else:

  96.         headers = forget(request)

  97.     if request.matchdict.get('action')=='in':

  98.         request.session.flash(('error',u'Vous avez entré un mauvais couple identifiant/password !'))

  99.         return HTTPFound(location="/sign/login",

  100.                          headers=headers)

  101.     return HTTPFound(location=request.route_url('home', year=''),

  102.                      headers=headers)

  103. 

  104. 

  105. @view_config(route_name='auth', match_param="action=reset", renderer="jm2l:templates/reset_password.mako")

  106. def reset_password(request):

  107.     check_logged(request)

  108.     form = UserPasswordForm(request.POST, request.user, meta={'csrf_context': request.session})

  109.     if request.method == 'POST' and form.validate():

  110.         request.user.password = argon2.using(rounds=4).hash(form.password.data)

  111.         DBSession.merge(request.user)

  112.         headers = remember(request, request.user.uid)

  113.         return HTTPFound(location=request.route_url('jm2l'),

  114.                          headers=headers)

  115.     return { 'password_form': form }