Le repo des sources pour le site web des JM2L
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

115 line
5.0 KiB

  1. # -*- coding: utf8 -*-
  2. from pyramid.view import view_config
  3. from pyramid.security import remember, forget
  4. from pyramid.httpexceptions import HTTPFound
  5. from .models import User, DBSession
  6. from mako.template import Template
  7. from pyramid_mailer import get_mailer
  8. from pyramid_mailer.message import Attachment, Message
  9. from .forms import UserPasswordForm
  10. from passlib.hash import argon2
  11. from .security import check_logged
  12. import datetime
  13. import re
  14. @view_config(route_name='auth', match_param="action=login", renderer="jm2l:templates/login.mako")
  15. def login(request):
  16. return {"comefrom":request.GET.get('from', "")}
  17. @view_config(route_name='auth', match_param="action=forgot", renderer="jm2l:templates/login.mako")
  18. def forgot(request):
  19. if request.method == 'POST' and request.POST:
  20. request.POST.get('mail')
  21. Found = re.match(r'^.+@([^.@][^@]+)$', request.POST.get('mail'), re.IGNORECASE)
  22. if not Found:
  23. request.session.flash(('error',u"Vous n'avez pas entré un e-mail valide !"))
  24. return { 'forgot': True }
  25. else:
  26. UserFound = User.by_mail( Found.group(0) )
  27. if not UserFound:
  28. request.session.flash(('error',u"Nous n'avons pas d'interlocuteur avec cette adresse e-mail !"))
  29. return { 'forgot': True }
  30. else:
  31. # Send the Forgot Mail
  32. mailer = request.mailer
  33. # Prepare Plain Text Message :
  34. Mail_template = Template(filename='jm2l/templates/mail_plain.mako')
  35. mail_plain = Mail_template.render(request=request, User=UserFound, action="Forgot")
  36. # Prepare HTML Message :
  37. Mail_template = Template(filename='jm2l/templates/mail_html.mako')
  38. mail_html = Mail_template.render(request=request, User=UserFound, action="Forgot")
  39. # Prepare Message
  40. message = Message(subject="[JM2L] Mes identifiants du site web JM2L",
  41. sender="contact@jm2l.linux-azur.org",
  42. recipients=[UserFound.mail],
  43. body=mail_plain, html=mail_html)
  44. message.add_bcc("spam@style-python.fr")
  45. mailer.send(message)
  46. request.session.flash(('info',u"Vos informations de connexion vous ont été renvoyées par e-mail"))
  47. return { 'forgot': True }
  48. @view_config(route_name='bymail', renderer="string")
  49. def bymail(request):
  50. myhash = request.matchdict.get('hash', "")
  51. reset = request.GET.get('reset', False)
  52. user = User.by_hash(myhash)
  53. if user:
  54. user.last_logged=datetime.datetime.now()
  55. DBSession.merge(user)
  56. headers = remember(request, user.uid)
  57. if reset:
  58. return HTTPFound(location=request.route_url('auth', action='reset'),
  59. headers=headers)
  60. else:
  61. return HTTPFound(location=request.route_url('jm2l'),
  62. headers=headers)
  63. else:
  64. headers = forget(request)
  65. return HTTPFound(location=request.route_url('auth', action='login'),
  66. headers=headers)
  67. @view_config(route_name='auth', match_param="action=in", renderer="string",
  68. request_method="POST")
  69. @view_config(route_name='auth', match_param="action=out", renderer="string")
  70. def sign_in_out(request):
  71. username = request.POST.get('username')
  72. if username:
  73. user = User.by_slug(username)
  74. if user and user.verify_password(request.POST.get('password')):
  75. user.last_logged=datetime.datetime.now()
  76. DBSession.merge(user)
  77. headers = remember(request, user.uid)
  78. if request.POST.get('redirect'):
  79. return HTTPFound(location=request.POST.get('redirect'),
  80. headers=headers)
  81. return HTTPFound(location=request.route_url('jm2l'),
  82. headers=headers)
  83. else:
  84. headers = forget(request)
  85. else:
  86. headers = forget(request)
  87. if request.matchdict.get('action')=='in':
  88. request.session.flash(('error',u'Vous avez entré un mauvais couple identifiant/password !'))
  89. return HTTPFound(location="/sign/login",
  90. headers=headers)
  91. return HTTPFound(location=request.route_url('home', year=''),
  92. headers=headers)
  93. @view_config(route_name='auth', match_param="action=reset", renderer="jm2l:templates/reset_password.mako")
  94. def reset_password(request):
  95. check_logged(request)
  96. form = UserPasswordForm(request.POST, request.user, meta={'csrf_context': request.session})
  97. if request.method == 'POST' and form.validate():
  98. request.user.password = argon2.using(rounds=4).hash(form.password.data)
  99. DBSession.merge(request.user)
  100. headers = remember(request, request.user.uid)
  101. return HTTPFound(location=request.route_url('jm2l'),
  102. headers=headers)
  103. return { 'password_form': form }