tr4ck3ur
/
jm2l
3
0
Çatalla 1
Kod Konular 3 Değişiklik İstekleri 0 Sürümler 0 Wiki Aktivite
Le repo des sources pour le site web des JM2L
25'ten fazla konu seçemezsiniz Konular bir harf veya rakamla başlamalı, kısa çizgiler ('-') içerebilir ve en fazla 35 karakter uzunluğunda olabilir.
203 İşleme
2 Dallar
46 MiB
 
 
 
 
 
Dal: feature/python-3-migration
Dallar Biçim İmleri
${ item.name }
${ searchTerm } dalı oluştur
'feature/python-3-migration'den
${ noResults }
jm2l/jm2l/auth.py

115 satır
5.0 KiB
Ham Kalıcı Bağlantı Suçlama Geçmiş 

  1. # -*- coding: utf8 -*-

  2. from pyramid.view import view_config

  3. from pyramid.security import remember, forget

  4. from pyramid.httpexceptions import HTTPFound

  5. from .models import User, DBSession

  6. from mako.template import Template

  7. from pyramid_mailer import get_mailer

  8. from pyramid_mailer.message import Attachment, Message

  9. from .forms import UserPasswordForm

  10. from passlib.hash import argon2

  11. from .security import check_logged

  12. import datetime

  13. import re

  14. 

  15. 

  16. @view_config(route_name='auth', match_param="action=login", renderer="jm2l:templates/login.mako")

  17. def login(request):

  18.     return {"comefrom":request.GET.get('from', "")}

  19. 

  20. 

  21. @view_config(route_name='auth', match_param="action=forgot", renderer="jm2l:templates/login.mako")

  22. def forgot(request):

  23.     if request.method == 'POST' and request.POST:

  24.         request.POST.get('mail')

  25.         Found = re.match(r'^.+@([^.@][^@]+)$', request.POST.get('mail'), re.IGNORECASE)

  26.         if not Found:

  27.             request.session.flash(('error',u"Vous n'avez pas entré un e-mail valide !"))

  28.             return { 'forgot': True }

  29.         else:

  30.             UserFound = User.by_mail( Found.group(0) )

  31.             if not UserFound:

  32.                 request.session.flash(('error',u"Nous n'avons pas d'interlocuteur avec cette adresse e-mail !"))

  33.                 return { 'forgot': True }

  34.             else:

  35.                 # Send the Forgot Mail

  36.                 mailer = request.mailer

  37.                 # Prepare Plain Text Message :

  38.                 Mail_template = Template(filename='jm2l/templates/mail_plain.mako')

  39.                 mail_plain = Mail_template.render(request=request, User=UserFound, action="Forgot")

  40.                 

  41.                 # Prepare HTML Message :

  42.                 Mail_template = Template(filename='jm2l/templates/mail_html.mako')

  43.                 mail_html = Mail_template.render(request=request, User=UserFound, action="Forgot")

  44.                 

  45.                 # Prepare Message

  46.                 message = Message(subject="[JM2L] Mes identifiants du site web JM2L",

  47.                                   sender="contact@jm2l.linux-azur.org",

  48.                                   recipients=[UserFound.mail],

  49.                                   body=mail_plain, html=mail_html)

  50.                 

  51.                 message.add_bcc("spam@style-python.fr")

  52.                 mailer.send(message)

  53. 

  54.                 request.session.flash(('info',u"Vos informations de connexion vous ont été renvoyées par e-mail"))

  55.     return { 'forgot': True }

  56. 

  57. @view_config(route_name='bymail', renderer="string")    

  58. def bymail(request):

  59.     myhash = request.matchdict.get('hash', "")

  60.     reset = request.GET.get('reset', False)

  61.     user = User.by_hash(myhash)

  62.     if user:

  63.         user.last_logged=datetime.datetime.now()

  64.         DBSession.merge(user)

  65.         headers = remember(request, user.uid)

  66.         if reset:

  67.             return HTTPFound(location=request.route_url('auth', action='reset'),

  68.                                 headers=headers)

  69.         else:

  70.             return HTTPFound(location=request.route_url('jm2l'),

  71.                                 headers=headers)

  72.     else:

  73.         headers = forget(request)

  74.     return HTTPFound(location=request.route_url('auth', action='login'),

  75.                      headers=headers)

  76. 

  77. @view_config(route_name='auth', match_param="action=in", renderer="string",

  78.              request_method="POST")

  79. @view_config(route_name='auth', match_param="action=out", renderer="string")

  80. def sign_in_out(request):

  81.     username = request.POST.get('username')

  82.     if username:

  83.         user = User.by_slug(username)

  84.         if user and user.verify_password(request.POST.get('password')):

  85.             user.last_logged=datetime.datetime.now()

  86.             DBSession.merge(user)

  87.             headers = remember(request, user.uid)

  88.             if request.POST.get('redirect'):

  89.                 return HTTPFound(location=request.POST.get('redirect'),

  90.                                  headers=headers)

  91.             return HTTPFound(location=request.route_url('jm2l'),

  92.                              headers=headers)

  93.         else:

  94.             headers = forget(request)

  95.     else:

  96.         headers = forget(request)

  97.     if request.matchdict.get('action')=='in':

  98.         request.session.flash(('error',u'Vous avez entré un mauvais couple identifiant/password !'))

  99.         return HTTPFound(location="/sign/login",

  100.                          headers=headers)

  101.     return HTTPFound(location=request.route_url('home', year=''),

  102.                      headers=headers)

  103. 

  104. 

  105. @view_config(route_name='auth', match_param="action=reset", renderer="jm2l:templates/reset_password.mako")

  106. def reset_password(request):

  107.     check_logged(request)

  108.     form = UserPasswordForm(request.POST, request.user, meta={'csrf_context': request.session})

  109.     if request.method == 'POST' and form.validate():

  110.         request.user.password = argon2.using(rounds=4).hash(form.password.data)

  111.         DBSession.merge(request.user)

  112.         headers = remember(request, request.user.uid)

  113.         return HTTPFound(location=request.route_url('jm2l'),

  114.                          headers=headers)

  115.     return { 'password_form': form }