2023-03-17 23:38:56 +00:00
|
|
|
import datetime
|
2021-12-12 14:55:00 +00:00
|
|
|
import io
|
2022-01-01 10:56:48 +00:00
|
|
|
from dataclasses import astuple
|
|
|
|
from dataclasses import dataclass
|
|
|
|
from typing import List
|
2021-12-20 22:57:27 +00:00
|
|
|
|
2023-03-16 22:16:55 +00:00
|
|
|
import pkg_resources
|
2021-12-01 11:19:28 +00:00
|
|
|
import wtforms
|
2023-04-09 13:52:55 +00:00
|
|
|
from canaille.app import b64_to_obj
|
|
|
|
from canaille.app import default_fields
|
|
|
|
from canaille.app import login_placeholder
|
|
|
|
from canaille.app import obj_to_b64
|
|
|
|
from canaille.app import profile_hash
|
|
|
|
from canaille.app.flask import current_user
|
|
|
|
from canaille.app.flask import permissions_needed
|
|
|
|
from canaille.app.flask import render_htmx_template
|
|
|
|
from canaille.app.flask import request_is_htmx
|
|
|
|
from canaille.app.flask import smtp_needed
|
|
|
|
from canaille.app.flask import user_needed
|
|
|
|
from canaille.app.forms import TableForm
|
2021-12-20 22:57:27 +00:00
|
|
|
from flask import abort
|
|
|
|
from flask import Blueprint
|
|
|
|
from flask import current_app
|
|
|
|
from flask import flash
|
|
|
|
from flask import redirect
|
|
|
|
from flask import request
|
|
|
|
from flask import send_file
|
|
|
|
from flask import session
|
|
|
|
from flask import url_for
|
2020-10-22 15:37:01 +00:00
|
|
|
from flask_babel import gettext as _
|
2023-03-01 14:30:07 +00:00
|
|
|
from flask_babel import refresh
|
2021-10-28 13:24:34 +00:00
|
|
|
from flask_themer import render_template
|
2021-12-20 22:57:27 +00:00
|
|
|
from werkzeug.datastructures import CombinedMultiDict
|
|
|
|
from werkzeug.datastructures import FileStorage
|
|
|
|
|
2022-12-20 23:20:20 +00:00
|
|
|
from .forms import FirstLoginForm
|
2021-12-20 22:57:27 +00:00
|
|
|
from .forms import ForgottenPasswordForm
|
|
|
|
from .forms import InvitationForm
|
|
|
|
from .forms import LoginForm
|
|
|
|
from .forms import PasswordForm
|
|
|
|
from .forms import PasswordResetForm
|
|
|
|
from .forms import profile_form
|
|
|
|
from .mails import send_invitation_mail
|
|
|
|
from .mails import send_password_initialization_mail
|
|
|
|
from .mails import send_password_reset_mail
|
2021-12-22 15:09:03 +00:00
|
|
|
from .models import Group
|
2020-08-19 14:20:57 +00:00
|
|
|
from .models import User
|
2020-08-14 11:18:08 +00:00
|
|
|
|
|
|
|
|
2021-05-24 15:43:15 +00:00
|
|
|
bp = Blueprint("account", __name__)
|
2020-08-14 11:18:08 +00:00
|
|
|
|
|
|
|
|
2022-12-29 01:18:41 +00:00
|
|
|
@bp.context_processor
|
|
|
|
def global_processor():
|
|
|
|
return {
|
|
|
|
"has_password_recovery": current_app.config.get(
|
|
|
|
"ENABLE_PASSWORD_RECOVERY", True
|
|
|
|
),
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-08-19 14:20:57 +00:00
|
|
|
@bp.route("/")
|
|
|
|
def index():
|
2022-04-05 15:16:09 +00:00
|
|
|
user = current_user()
|
|
|
|
|
|
|
|
if not user:
|
2021-05-24 15:43:15 +00:00
|
|
|
return redirect(url_for("account.login"))
|
2022-04-05 15:16:09 +00:00
|
|
|
|
|
|
|
if user.can_edit_self or user.can_manage_users:
|
|
|
|
return redirect(
|
2023-02-05 17:57:18 +00:00
|
|
|
url_for("account.profile_edition", username=current_user().user_name[0])
|
2022-04-05 15:16:09 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
if user.can_use_oidc:
|
|
|
|
return redirect(url_for("oidc.consents.consents"))
|
|
|
|
|
|
|
|
return redirect(url_for("account.about"))
|
2020-08-19 14:20:57 +00:00
|
|
|
|
|
|
|
|
2020-11-13 09:45:01 +00:00
|
|
|
@bp.route("/about")
|
|
|
|
def about():
|
2023-03-16 22:16:55 +00:00
|
|
|
try:
|
|
|
|
version = pkg_resources.get_distribution("canaille").version
|
|
|
|
except pkg_resources.DistributionNotFound: # pragma: no cover
|
|
|
|
version = "git"
|
2020-11-13 09:45:01 +00:00
|
|
|
return render_template("about.html", version=version)
|
|
|
|
|
|
|
|
|
2020-08-19 14:20:57 +00:00
|
|
|
@bp.route("/login", methods=("GET", "POST"))
|
|
|
|
def login():
|
2021-12-06 22:17:08 +00:00
|
|
|
if current_user():
|
2021-12-08 17:06:50 +00:00
|
|
|
return redirect(
|
2023-02-05 17:57:18 +00:00
|
|
|
url_for("account.profile_edition", username=current_user().user_name[0])
|
2021-12-08 17:06:50 +00:00
|
|
|
)
|
2021-12-06 22:17:08 +00:00
|
|
|
|
2020-08-19 14:20:57 +00:00
|
|
|
form = LoginForm(request.form or None)
|
2021-12-07 18:30:13 +00:00
|
|
|
form["login"].render_kw["placeholder"] = login_placeholder()
|
2020-08-14 13:26:14 +00:00
|
|
|
|
2020-08-19 14:20:57 +00:00
|
|
|
if request.form:
|
2023-04-07 19:24:09 +00:00
|
|
|
user = User.get_from_login(form.login.data)
|
2020-11-16 14:39:58 +00:00
|
|
|
if user and not user.has_password():
|
2023-02-05 17:57:18 +00:00
|
|
|
return redirect(url_for("account.firstlogin", user_name=user.user_name[0]))
|
2020-11-16 14:39:58 +00:00
|
|
|
|
2021-01-23 21:30:43 +00:00
|
|
|
if not form.validate():
|
|
|
|
User.logout()
|
|
|
|
flash(_("Login failed, please check your information"), "error")
|
|
|
|
return render_template("login.html", form=form)
|
|
|
|
|
|
|
|
session["attempt_login"] = form.login.data
|
2021-05-24 15:43:15 +00:00
|
|
|
return redirect(url_for("account.password"))
|
2021-01-23 21:30:43 +00:00
|
|
|
|
|
|
|
return render_template("login.html", form=form)
|
|
|
|
|
|
|
|
|
|
|
|
@bp.route("/password", methods=("GET", "POST"))
|
|
|
|
def password():
|
|
|
|
if "attempt_login" not in session:
|
2021-05-24 15:43:15 +00:00
|
|
|
return redirect(url_for("account.login"))
|
2021-01-23 21:30:43 +00:00
|
|
|
|
|
|
|
form = PasswordForm(request.form or None)
|
|
|
|
|
|
|
|
if request.form:
|
2023-04-07 19:24:09 +00:00
|
|
|
user = User.get_from_login(session["attempt_login"])
|
2021-01-23 21:30:43 +00:00
|
|
|
if user and not user.has_password():
|
2023-02-05 17:57:18 +00:00
|
|
|
return redirect(url_for("account.firstlogin", user_name=user.user_name[0]))
|
2021-01-23 21:30:43 +00:00
|
|
|
|
2020-08-21 08:23:39 +00:00
|
|
|
if not form.validate() or not User.authenticate(
|
2021-01-23 21:30:43 +00:00
|
|
|
session["attempt_login"], form.password.data, True
|
2020-08-21 08:23:39 +00:00
|
|
|
):
|
2020-12-29 08:31:46 +00:00
|
|
|
User.logout()
|
2020-10-22 15:37:01 +00:00
|
|
|
flash(_("Login failed, please check your information"), "error")
|
2021-01-23 21:30:43 +00:00
|
|
|
return render_template(
|
|
|
|
"password.html", form=form, username=session["attempt_login"]
|
|
|
|
)
|
2020-08-17 07:45:35 +00:00
|
|
|
|
2021-01-23 21:30:43 +00:00
|
|
|
del session["attempt_login"]
|
2023-04-07 20:45:42 +00:00
|
|
|
flash(
|
|
|
|
_("Connection successful. Welcome %(user)s", user=user.formatted_name[0]),
|
|
|
|
"success",
|
|
|
|
)
|
2021-05-24 15:43:15 +00:00
|
|
|
return redirect(url_for("account.index"))
|
2020-08-17 07:45:35 +00:00
|
|
|
|
2021-01-23 21:30:43 +00:00
|
|
|
return render_template(
|
|
|
|
"password.html", form=form, username=session["attempt_login"]
|
|
|
|
)
|
2020-08-14 11:18:08 +00:00
|
|
|
|
2020-08-16 17:39:14 +00:00
|
|
|
|
|
|
|
@bp.route("/logout")
|
2020-08-14 13:26:14 +00:00
|
|
|
def logout():
|
2020-10-31 17:22:24 +00:00
|
|
|
user = current_user()
|
|
|
|
if user:
|
|
|
|
flash(
|
2023-04-07 20:45:42 +00:00
|
|
|
_(
|
|
|
|
"You have been disconnected. See you next time %(user)s",
|
|
|
|
user=user.formatted_name[0],
|
|
|
|
),
|
2020-11-01 10:33:56 +00:00
|
|
|
"success",
|
2020-10-31 17:22:24 +00:00
|
|
|
)
|
|
|
|
user.logout()
|
2020-08-16 17:39:14 +00:00
|
|
|
return redirect("/")
|
2020-10-20 09:44:45 +00:00
|
|
|
|
|
|
|
|
2023-02-05 17:57:18 +00:00
|
|
|
@bp.route("/firstlogin/<user_name>", methods=("GET", "POST"))
|
|
|
|
def firstlogin(user_name):
|
2023-04-07 19:24:09 +00:00
|
|
|
user = User.get_from_login(user_name)
|
2022-04-04 15:49:50 +00:00
|
|
|
if not user or user.has_password():
|
|
|
|
abort(404)
|
2020-11-16 14:39:58 +00:00
|
|
|
|
2022-12-20 23:20:20 +00:00
|
|
|
form = FirstLoginForm(request.form or None)
|
2020-11-16 14:39:58 +00:00
|
|
|
if not request.form:
|
2023-02-05 17:57:18 +00:00
|
|
|
return render_template("firstlogin.html", form=form, user_name=user_name)
|
2020-11-16 14:39:58 +00:00
|
|
|
|
2023-03-28 18:30:29 +00:00
|
|
|
form.validate()
|
2023-02-05 17:57:18 +00:00
|
|
|
|
2021-01-06 16:19:44 +00:00
|
|
|
if send_password_initialization_mail(user):
|
|
|
|
flash(
|
|
|
|
_(
|
2023-01-15 08:28:52 +00:00
|
|
|
"A password initialization link has been sent at your email address. You should receive it within a few minutes."
|
2021-01-06 16:19:44 +00:00
|
|
|
),
|
|
|
|
"success",
|
|
|
|
)
|
|
|
|
else:
|
|
|
|
flash(_("Could not send the password initialization email"), "error")
|
|
|
|
|
2023-02-05 17:57:18 +00:00
|
|
|
return render_template("firstlogin.html", form=form, user_name=user_name)
|
2021-01-06 16:19:44 +00:00
|
|
|
|
|
|
|
|
2023-02-25 17:11:19 +00:00
|
|
|
@bp.route("/users", methods=["GET", "POST"])
|
2021-12-02 17:23:14 +00:00
|
|
|
@permissions_needed("manage_users")
|
2020-11-01 10:33:56 +00:00
|
|
|
def users(user):
|
2023-03-12 18:04:39 +00:00
|
|
|
table_form = TableForm(User, fields=user.read | user.write, formdata=request.form)
|
2023-02-25 17:11:19 +00:00
|
|
|
if request.form and not table_form.validate():
|
|
|
|
abort(404)
|
|
|
|
|
2023-03-09 16:41:26 +00:00
|
|
|
return render_htmx_template(
|
2023-02-25 17:11:19 +00:00
|
|
|
"users.html",
|
|
|
|
menuitem="users",
|
|
|
|
table_form=table_form,
|
|
|
|
)
|
2020-11-01 10:33:56 +00:00
|
|
|
|
|
|
|
|
2022-01-01 10:56:48 +00:00
|
|
|
@dataclass
|
|
|
|
class Invitation:
|
|
|
|
creation_date_isoformat: str
|
2023-02-05 17:57:18 +00:00
|
|
|
user_name: str
|
|
|
|
user_name_editable: bool
|
|
|
|
email: str
|
2022-01-01 10:56:48 +00:00
|
|
|
groups: List[str]
|
|
|
|
|
|
|
|
@property
|
|
|
|
def creation_date(self):
|
2023-03-17 23:38:56 +00:00
|
|
|
return datetime.datetime.fromisoformat(self.creation_date_isoformat)
|
2022-01-01 10:56:48 +00:00
|
|
|
|
|
|
|
def has_expired(self):
|
|
|
|
DEFAULT_INVITATION_DURATION = 2 * 24 * 60 * 60
|
2023-03-17 23:38:56 +00:00
|
|
|
return datetime.datetime.now(
|
|
|
|
datetime.timezone.utc
|
|
|
|
) - self.creation_date > datetime.timedelta(
|
2022-01-01 10:56:48 +00:00
|
|
|
seconds=current_app.config.get(
|
|
|
|
"INVITATION_EXPIRATION", DEFAULT_INVITATION_DURATION
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
def b64(self):
|
|
|
|
return obj_to_b64(astuple(self))
|
|
|
|
|
|
|
|
def profile_hash(self):
|
|
|
|
return profile_hash(*astuple(self))
|
|
|
|
|
|
|
|
|
2021-12-01 11:19:28 +00:00
|
|
|
@bp.route("/invite", methods=["GET", "POST"])
|
2021-12-07 15:39:18 +00:00
|
|
|
@smtp_needed()
|
2021-12-02 17:23:14 +00:00
|
|
|
@permissions_needed("manage_users")
|
2021-12-01 11:19:28 +00:00
|
|
|
def user_invitation(user):
|
|
|
|
form = InvitationForm(request.form or None)
|
|
|
|
|
2023-02-05 17:57:18 +00:00
|
|
|
email_sent = None
|
2021-12-01 11:19:28 +00:00
|
|
|
registration_url = None
|
2021-12-07 17:32:37 +00:00
|
|
|
form_validated = False
|
2021-12-01 11:19:28 +00:00
|
|
|
if request.form and form.validate():
|
2021-12-07 17:32:37 +00:00
|
|
|
form_validated = True
|
2022-01-01 10:56:48 +00:00
|
|
|
invitation = Invitation(
|
2023-03-17 23:38:56 +00:00
|
|
|
datetime.datetime.now(datetime.timezone.utc).isoformat(),
|
2023-02-05 17:57:18 +00:00
|
|
|
form.user_name.data,
|
|
|
|
form.user_name_editable.data,
|
|
|
|
form.email.data,
|
2022-01-01 10:56:48 +00:00
|
|
|
form.groups.data,
|
|
|
|
)
|
2021-12-01 11:19:28 +00:00
|
|
|
registration_url = url_for(
|
|
|
|
"account.registration",
|
2022-01-01 10:56:48 +00:00
|
|
|
data=invitation.b64(),
|
|
|
|
hash=invitation.profile_hash(),
|
2021-12-01 11:19:28 +00:00
|
|
|
_external=True,
|
|
|
|
)
|
|
|
|
|
2021-12-07 17:47:18 +00:00
|
|
|
if request.form["action"] == "send":
|
2023-02-05 17:57:18 +00:00
|
|
|
email_sent = send_invitation_mail(form.email.data, registration_url)
|
2021-12-01 11:19:28 +00:00
|
|
|
|
|
|
|
return render_template(
|
|
|
|
"invite.html",
|
|
|
|
form=form,
|
|
|
|
menuitems="users",
|
2021-12-07 17:32:37 +00:00
|
|
|
form_validated=form_validated,
|
2023-02-05 17:57:18 +00:00
|
|
|
email_sent=email_sent,
|
2021-12-01 11:19:28 +00:00
|
|
|
registration_url=registration_url,
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
@bp.route("/register/<data>/<hash>", methods=["GET", "POST"])
|
|
|
|
def registration(data, hash):
|
|
|
|
try:
|
2022-01-01 10:56:48 +00:00
|
|
|
invitation = Invitation(*b64_to_obj(data))
|
2021-12-01 11:19:28 +00:00
|
|
|
except:
|
|
|
|
flash(
|
|
|
|
_("The invitation link that brought you here was invalid."),
|
|
|
|
"error",
|
|
|
|
)
|
|
|
|
return redirect(url_for("account.index"))
|
|
|
|
|
2022-01-01 10:56:48 +00:00
|
|
|
if invitation.has_expired():
|
|
|
|
flash(
|
|
|
|
_("The invitation link that brought you here has expired."),
|
|
|
|
"error",
|
|
|
|
)
|
|
|
|
return redirect(url_for("account.index"))
|
|
|
|
|
2023-04-07 19:24:09 +00:00
|
|
|
if User.get_from_login(invitation.user_name):
|
2021-12-01 11:19:28 +00:00
|
|
|
flash(
|
|
|
|
_("Your account has already been created."),
|
|
|
|
"error",
|
|
|
|
)
|
|
|
|
return redirect(url_for("account.index"))
|
2020-12-31 17:16:35 +00:00
|
|
|
|
2021-12-01 11:19:28 +00:00
|
|
|
if current_user():
|
2021-12-01 11:50:00 +00:00
|
|
|
flash(
|
|
|
|
_("You are already logged in, you cannot create an account."),
|
|
|
|
"error",
|
|
|
|
)
|
2021-12-01 11:19:28 +00:00
|
|
|
return redirect(url_for("account.index"))
|
2020-11-01 10:33:56 +00:00
|
|
|
|
2022-01-01 10:56:48 +00:00
|
|
|
if hash != invitation.profile_hash():
|
2021-12-01 11:19:28 +00:00
|
|
|
flash(
|
|
|
|
_("The invitation link that brought you here was invalid."),
|
|
|
|
"error",
|
|
|
|
)
|
|
|
|
return redirect(url_for("account.index"))
|
2020-11-01 10:33:56 +00:00
|
|
|
|
2023-02-05 17:57:18 +00:00
|
|
|
data = {
|
|
|
|
"user_name": invitation.user_name,
|
|
|
|
"email": invitation.email,
|
|
|
|
"groups": invitation.groups,
|
|
|
|
}
|
2020-11-01 10:33:56 +00:00
|
|
|
|
2021-12-08 09:00:36 +00:00
|
|
|
readable_fields, writable_fields = default_fields()
|
2021-12-02 17:23:14 +00:00
|
|
|
|
|
|
|
form = profile_form(writable_fields, readable_fields)
|
2022-03-04 17:13:57 +00:00
|
|
|
if "groups" not in form and invitation.groups:
|
|
|
|
form["groups"] = wtforms.SelectMultipleField(
|
|
|
|
_("Groups"),
|
2023-02-05 18:39:52 +00:00
|
|
|
choices=[(group.id, group.display_name) for group in Group.query()],
|
2022-03-04 17:13:57 +00:00
|
|
|
render_kw={"readonly": "true"},
|
|
|
|
)
|
2021-12-01 11:19:28 +00:00
|
|
|
form.process(CombinedMultiDict((request.files, request.form)) or None, data=data)
|
|
|
|
|
2023-02-05 17:57:18 +00:00
|
|
|
if "readonly" in form["user_name"].render_kw and invitation.user_name_editable:
|
|
|
|
del form["user_name"].render_kw["readonly"]
|
2022-01-01 17:41:04 +00:00
|
|
|
|
2021-12-01 11:19:28 +00:00
|
|
|
form["password1"].validators = [
|
|
|
|
wtforms.validators.DataRequired(),
|
|
|
|
wtforms.validators.Length(min=8),
|
|
|
|
]
|
|
|
|
form["password2"].validators = [
|
|
|
|
wtforms.validators.DataRequired(),
|
|
|
|
wtforms.validators.Length(min=8),
|
|
|
|
]
|
|
|
|
form["password1"].flags.required = True
|
|
|
|
form["password2"].flags.required = True
|
|
|
|
|
|
|
|
if request.form:
|
|
|
|
if not form.validate():
|
|
|
|
flash(_("User account creation failed."), "error")
|
|
|
|
|
|
|
|
else:
|
|
|
|
user = profile_create(current_app, form)
|
|
|
|
user.login()
|
2023-03-16 15:25:14 +00:00
|
|
|
flash(_("Your account has been created successfuly."), "success")
|
2023-02-05 17:57:18 +00:00
|
|
|
return redirect(
|
|
|
|
url_for("account.profile_edition", username=user.user_name[0])
|
|
|
|
)
|
2020-11-01 10:33:56 +00:00
|
|
|
|
|
|
|
return render_template(
|
2023-03-16 17:39:28 +00:00
|
|
|
"profile_add.html",
|
|
|
|
form=form,
|
|
|
|
menuitem="users",
|
|
|
|
edited_user=None,
|
|
|
|
self_deletion=False,
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
@bp.route("/profile", methods=("GET", "POST"))
|
|
|
|
@permissions_needed("manage_users")
|
|
|
|
def profile_creation(user):
|
|
|
|
form = profile_form(user.write, user.read)
|
|
|
|
form.process(CombinedMultiDict((request.files, request.form)) or None)
|
|
|
|
|
|
|
|
for field in form:
|
|
|
|
if field.render_kw and "readonly" in field.render_kw:
|
|
|
|
del field.render_kw["readonly"]
|
|
|
|
|
|
|
|
if request.form:
|
|
|
|
if not form.validate():
|
|
|
|
flash(_("User account creation failed."), "error")
|
|
|
|
|
|
|
|
else:
|
|
|
|
user = profile_create(current_app, form)
|
2023-02-05 17:57:18 +00:00
|
|
|
return redirect(
|
|
|
|
url_for("account.profile_edition", username=user.user_name[0])
|
|
|
|
)
|
2023-03-16 17:39:28 +00:00
|
|
|
|
|
|
|
return render_template(
|
|
|
|
"profile_add.html",
|
2021-01-01 15:42:13 +00:00
|
|
|
form=form,
|
|
|
|
menuitem="users",
|
|
|
|
edited_user=None,
|
|
|
|
self_deletion=False,
|
2020-11-01 10:33:56 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
2021-12-01 11:19:28 +00:00
|
|
|
def profile_create(current_app, form):
|
2022-12-28 23:29:26 +00:00
|
|
|
user = User()
|
2021-12-01 11:19:28 +00:00
|
|
|
for attribute in form:
|
2023-02-05 17:57:18 +00:00
|
|
|
if attribute.name in user.attribute_table:
|
2021-12-01 11:19:28 +00:00
|
|
|
if isinstance(attribute.data, FileStorage):
|
|
|
|
data = attribute.data.stream.read()
|
|
|
|
else:
|
|
|
|
data = attribute.data
|
|
|
|
|
2023-01-22 19:08:25 +00:00
|
|
|
user[attribute.name] = data
|
2021-12-01 11:19:28 +00:00
|
|
|
|
2023-02-05 17:57:18 +00:00
|
|
|
if "photo" in form and form["photo_delete"].data:
|
|
|
|
user["photo"] = None
|
2021-12-08 17:06:50 +00:00
|
|
|
|
2023-02-05 17:57:18 +00:00
|
|
|
user.formatted_name = [f"{user.given_name[0]} {user.family_name[0]}".strip()]
|
2021-12-01 12:22:21 +00:00
|
|
|
user.save()
|
|
|
|
|
2022-12-24 01:52:05 +00:00
|
|
|
if form["password1"].data:
|
|
|
|
user.set_password(form["password1"].data)
|
2023-04-17 16:09:52 +00:00
|
|
|
user.save()
|
2022-12-24 01:52:05 +00:00
|
|
|
|
|
|
|
flash(_("User account creation succeed."), "success")
|
2021-12-01 11:19:28 +00:00
|
|
|
|
|
|
|
return user
|
|
|
|
|
|
|
|
|
2020-11-01 10:33:56 +00:00
|
|
|
@bp.route("/profile/<username>", methods=("GET", "POST"))
|
2020-10-20 09:44:45 +00:00
|
|
|
@user_needed()
|
2020-11-01 10:33:56 +00:00
|
|
|
def profile_edition(user, username):
|
2023-03-16 17:39:28 +00:00
|
|
|
editor = user
|
|
|
|
if not user.can_manage_users and not (
|
2023-02-05 17:57:18 +00:00
|
|
|
user.can_edit_self and username == user.user_name[0]
|
2023-03-16 17:39:28 +00:00
|
|
|
):
|
|
|
|
abort(403)
|
|
|
|
|
2023-02-05 17:57:18 +00:00
|
|
|
menuitem = "profile" if username == editor.user_name[0] else "users"
|
2023-03-16 17:39:28 +00:00
|
|
|
fields = editor.read | editor.write
|
2023-02-05 17:57:18 +00:00
|
|
|
if username != editor.user_name[0]:
|
2023-04-07 19:24:09 +00:00
|
|
|
user = User.get_from_login(username)
|
2023-03-16 17:39:28 +00:00
|
|
|
else:
|
|
|
|
user = editor
|
|
|
|
|
|
|
|
if not user:
|
|
|
|
abort(404)
|
|
|
|
|
|
|
|
available_fields = {
|
2023-02-05 17:57:18 +00:00
|
|
|
"formatted_name",
|
2023-03-16 17:39:28 +00:00
|
|
|
"title",
|
2023-02-05 17:57:18 +00:00
|
|
|
"given_name",
|
|
|
|
"family_name",
|
|
|
|
"display_name",
|
|
|
|
"email",
|
|
|
|
"phone_number",
|
|
|
|
"formatted_address",
|
2023-03-16 17:39:28 +00:00
|
|
|
"street",
|
2023-02-05 17:57:18 +00:00
|
|
|
"postal_code",
|
|
|
|
"locality",
|
|
|
|
"region",
|
|
|
|
"photo",
|
|
|
|
"photo_delete",
|
|
|
|
"employee_number",
|
|
|
|
"department",
|
|
|
|
"profile_url",
|
|
|
|
"preferred_language",
|
|
|
|
"organization",
|
2023-03-16 17:39:28 +00:00
|
|
|
}
|
|
|
|
data = {
|
|
|
|
k: getattr(user, k)[0]
|
|
|
|
if getattr(user, k) and isinstance(getattr(user, k), list)
|
|
|
|
else getattr(user, k) or ""
|
|
|
|
for k in fields
|
|
|
|
if hasattr(user, k) and k in available_fields
|
|
|
|
}
|
|
|
|
|
2023-03-27 21:16:32 +00:00
|
|
|
form = profile_form(
|
|
|
|
editor.write & available_fields, editor.read & available_fields, user
|
|
|
|
)
|
2023-03-16 17:39:28 +00:00
|
|
|
form.process(CombinedMultiDict((request.files, request.form)) or None, data=data)
|
|
|
|
|
|
|
|
if request.form:
|
|
|
|
if not form.validate():
|
|
|
|
flash(_("Profile edition failed."), "error")
|
|
|
|
|
|
|
|
else:
|
|
|
|
for attribute in form:
|
|
|
|
if (
|
2023-02-05 17:57:18 +00:00
|
|
|
attribute.name in user.attribute_table
|
2023-03-16 17:39:28 +00:00
|
|
|
and attribute.name in editor.write
|
|
|
|
):
|
|
|
|
if isinstance(attribute.data, FileStorage):
|
|
|
|
data = attribute.data.stream.read()
|
|
|
|
else:
|
|
|
|
data = attribute.data
|
|
|
|
|
|
|
|
user[attribute.name] = data
|
|
|
|
|
2023-02-05 17:57:18 +00:00
|
|
|
if "photo" in form and form["photo_delete"].data:
|
|
|
|
user["photo"] = None
|
2023-03-16 17:39:28 +00:00
|
|
|
|
2023-02-05 17:57:18 +00:00
|
|
|
if "preferred_language" in request.form:
|
2023-03-16 17:39:28 +00:00
|
|
|
# Refresh the babel cache in case the lang is updated
|
|
|
|
refresh()
|
|
|
|
|
2023-02-05 17:57:18 +00:00
|
|
|
if form["preferred_language"].data == "auto":
|
|
|
|
user.preferred_language = None
|
2023-03-16 17:39:28 +00:00
|
|
|
|
|
|
|
user.save()
|
|
|
|
flash(_("Profile updated successfuly."), "success")
|
|
|
|
return redirect(url_for("account.profile_edition", username=username))
|
|
|
|
|
|
|
|
return render_template(
|
|
|
|
"profile_edit.html",
|
|
|
|
form=form,
|
|
|
|
menuitem=menuitem,
|
|
|
|
edited_user=user,
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
@bp.route("/profile/<username>/settings", methods=("GET", "POST"))
|
|
|
|
@user_needed()
|
|
|
|
def profile_settings(user, username):
|
2022-04-05 15:16:09 +00:00
|
|
|
if not user.can_manage_users and not (
|
2023-02-05 17:57:18 +00:00
|
|
|
user.can_edit_self and username == user.user_name[0]
|
2022-04-05 15:16:09 +00:00
|
|
|
):
|
2022-04-04 15:49:50 +00:00
|
|
|
abort(403)
|
2020-11-01 10:33:56 +00:00
|
|
|
|
2023-04-07 19:24:09 +00:00
|
|
|
edited_user = User.get_from_login(username)
|
2023-03-22 07:52:00 +00:00
|
|
|
if not edited_user:
|
|
|
|
abort(404)
|
|
|
|
|
2023-03-30 21:14:39 +00:00
|
|
|
if (
|
|
|
|
request.method == "GET"
|
|
|
|
or request.form.get("action") == "edit"
|
|
|
|
or request_is_htmx()
|
|
|
|
):
|
2023-03-22 07:52:00 +00:00
|
|
|
return profile_settings_edit(user, edited_user)
|
2020-11-01 10:33:56 +00:00
|
|
|
|
|
|
|
if request.form.get("action") == "delete":
|
2023-03-22 07:52:00 +00:00
|
|
|
return profile_delete(user, edited_user)
|
2020-11-01 10:33:56 +00:00
|
|
|
|
2021-01-06 16:19:44 +00:00
|
|
|
if request.form.get("action") == "password-initialization-mail":
|
2023-05-05 08:53:48 +00:00
|
|
|
if send_password_initialization_mail(edited_user):
|
2021-01-06 16:19:44 +00:00
|
|
|
flash(
|
|
|
|
_(
|
2023-01-15 08:28:52 +00:00
|
|
|
"A password initialization link has been sent at the user email address. It should be received within a few minutes."
|
2021-01-06 16:19:44 +00:00
|
|
|
),
|
|
|
|
"success",
|
|
|
|
)
|
|
|
|
else:
|
|
|
|
flash(_("Could not send the password initialization email"), "error")
|
|
|
|
|
2023-03-22 07:52:00 +00:00
|
|
|
return profile_settings_edit(user, edited_user)
|
2021-01-06 16:19:44 +00:00
|
|
|
|
2021-01-22 17:26:53 +00:00
|
|
|
if request.form.get("action") == "password-reset-mail":
|
2023-05-05 08:53:48 +00:00
|
|
|
if send_password_reset_mail(edited_user):
|
2021-01-22 17:26:53 +00:00
|
|
|
flash(
|
|
|
|
_(
|
2023-01-15 08:28:52 +00:00
|
|
|
"A password reset link has been sent at the user email address. It should be received within a few minutes."
|
2021-01-22 17:26:53 +00:00
|
|
|
),
|
|
|
|
"success",
|
|
|
|
)
|
|
|
|
else:
|
|
|
|
flash(_("Could not send the password reset email"), "error")
|
|
|
|
|
2023-03-22 07:52:00 +00:00
|
|
|
return profile_settings_edit(user, edited_user)
|
2021-01-22 17:26:53 +00:00
|
|
|
|
2020-11-01 10:33:56 +00:00
|
|
|
abort(400)
|
2020-10-31 16:41:24 +00:00
|
|
|
|
2020-11-01 10:33:56 +00:00
|
|
|
|
2023-03-22 07:52:00 +00:00
|
|
|
def profile_settings_edit(editor, edited_user):
|
|
|
|
menuitem = "profile" if editor.id == editor.id else "users"
|
2021-12-02 17:23:14 +00:00
|
|
|
fields = editor.read | editor.write
|
2022-04-04 15:49:50 +00:00
|
|
|
|
2023-02-05 17:57:18 +00:00
|
|
|
available_fields = {"password", "groups", "user_name"}
|
2020-10-20 09:44:45 +00:00
|
|
|
data = {
|
2023-03-16 17:39:28 +00:00
|
|
|
k: getattr(edited_user, k)[0]
|
|
|
|
if getattr(edited_user, k) and isinstance(getattr(edited_user, k), list)
|
|
|
|
else getattr(edited_user, k) or ""
|
2020-11-26 14:29:14 +00:00
|
|
|
for k in fields
|
2023-03-16 17:39:28 +00:00
|
|
|
if hasattr(edited_user, k) and k in available_fields
|
2020-10-20 09:44:45 +00:00
|
|
|
}
|
2021-07-01 09:36:35 +00:00
|
|
|
|
2021-06-03 13:00:11 +00:00
|
|
|
if "groups" in fields:
|
2023-03-16 17:39:28 +00:00
|
|
|
data["groups"] = [g.id for g in edited_user.groups]
|
2021-07-01 09:36:35 +00:00
|
|
|
|
2023-03-27 21:16:32 +00:00
|
|
|
form = profile_form(
|
|
|
|
editor.write & available_fields, editor.read & available_fields, edited_user
|
|
|
|
)
|
2020-12-31 17:16:35 +00:00
|
|
|
form.process(CombinedMultiDict((request.files, request.form)) or None, data=data)
|
2020-10-21 08:26:31 +00:00
|
|
|
|
2023-03-30 21:14:39 +00:00
|
|
|
if request.form and request.form.get("action") == "edit" or request_is_htmx():
|
2020-10-20 09:44:45 +00:00
|
|
|
if not form.validate():
|
2020-10-22 15:37:01 +00:00
|
|
|
flash(_("Profile edition failed."), "error")
|
2020-10-20 09:44:45 +00:00
|
|
|
|
|
|
|
else:
|
|
|
|
for attribute in form:
|
2023-03-16 17:39:28 +00:00
|
|
|
if attribute.name == "groups" and "groups" in editor.write:
|
2023-04-07 22:31:22 +00:00
|
|
|
edited_user.groups = attribute.data
|
2021-12-08 17:06:50 +00:00
|
|
|
|
2021-01-06 16:19:44 +00:00
|
|
|
if (
|
2022-12-24 01:52:05 +00:00
|
|
|
"password1" in request.form
|
|
|
|
and form["password1"].data
|
|
|
|
and request.form["action"] == "edit"
|
|
|
|
):
|
2023-03-16 17:39:28 +00:00
|
|
|
edited_user.set_password(form["password1"].data)
|
2021-12-02 17:23:14 +00:00
|
|
|
|
2023-03-16 17:39:28 +00:00
|
|
|
edited_user.save()
|
2023-03-01 14:30:07 +00:00
|
|
|
flash(_("Profile updated successfuly."), "success")
|
2023-03-22 07:52:00 +00:00
|
|
|
return redirect(
|
2023-02-05 17:57:18 +00:00
|
|
|
url_for("account.profile_edition", username=edited_user.user_name[0])
|
2023-03-22 07:52:00 +00:00
|
|
|
)
|
2020-10-20 09:44:45 +00:00
|
|
|
|
2020-11-01 10:33:56 +00:00
|
|
|
return render_template(
|
2023-03-16 17:39:28 +00:00
|
|
|
"profile_settings.html",
|
2021-01-01 15:42:13 +00:00
|
|
|
form=form,
|
|
|
|
menuitem=menuitem,
|
2023-03-16 17:39:28 +00:00
|
|
|
edited_user=edited_user,
|
|
|
|
self_deletion=edited_user.can_delete_account,
|
2020-11-01 10:33:56 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
2023-03-22 07:52:00 +00:00
|
|
|
def profile_delete(user, edited_user):
|
|
|
|
self_deletion = user.id == edited_user.id
|
2020-11-01 10:33:56 +00:00
|
|
|
if self_deletion:
|
|
|
|
user.logout()
|
2022-04-04 15:49:50 +00:00
|
|
|
|
2023-03-22 07:52:00 +00:00
|
|
|
flash(
|
2023-04-07 20:45:42 +00:00
|
|
|
_(
|
|
|
|
"The user %(user)s has been sucessfuly deleted",
|
|
|
|
user=edited_user.formatted_name[0],
|
|
|
|
),
|
2023-03-22 07:52:00 +00:00
|
|
|
"success",
|
|
|
|
)
|
|
|
|
edited_user.delete()
|
2020-11-01 10:33:56 +00:00
|
|
|
|
|
|
|
if self_deletion:
|
2021-05-24 15:43:15 +00:00
|
|
|
return redirect(url_for("account.index"))
|
|
|
|
return redirect(url_for("account.users"))
|
2020-10-22 15:37:01 +00:00
|
|
|
|
|
|
|
|
2021-12-01 10:47:11 +00:00
|
|
|
@bp.route("/impersonate/<username>")
|
2021-12-02 17:23:14 +00:00
|
|
|
@permissions_needed("impersonate_users")
|
2021-12-01 10:47:11 +00:00
|
|
|
def impersonate(user, username):
|
2023-04-07 19:24:09 +00:00
|
|
|
puppet = User.get_from_login(username)
|
2022-04-04 15:49:50 +00:00
|
|
|
if not puppet:
|
|
|
|
abort(404)
|
|
|
|
|
|
|
|
puppet.login()
|
2023-03-21 21:01:32 +00:00
|
|
|
|
|
|
|
flash(_("Connection successful. Welcome %(user)s", user=puppet.name), "success")
|
2021-12-01 10:47:11 +00:00
|
|
|
return redirect(url_for("account.index"))
|
|
|
|
|
|
|
|
|
2020-10-22 15:37:01 +00:00
|
|
|
@bp.route("/reset", methods=["GET", "POST"])
|
2021-12-07 15:39:18 +00:00
|
|
|
@smtp_needed()
|
2020-10-22 15:37:01 +00:00
|
|
|
def forgotten():
|
2022-04-05 07:49:45 +00:00
|
|
|
if not current_app.config.get("ENABLE_PASSWORD_RECOVERY", True):
|
|
|
|
abort(404)
|
|
|
|
|
2020-10-22 15:37:01 +00:00
|
|
|
form = ForgottenPasswordForm(request.form)
|
|
|
|
if not request.form:
|
|
|
|
return render_template("forgotten-password.html", form=form)
|
|
|
|
|
|
|
|
if not form.validate():
|
|
|
|
flash(_("Could not send the password reset link."), "error")
|
|
|
|
return render_template("forgotten-password.html", form=form)
|
|
|
|
|
2023-04-07 19:24:09 +00:00
|
|
|
user = User.get_from_login(form.login.data)
|
2022-04-05 15:16:09 +00:00
|
|
|
success_message = _(
|
2023-01-15 08:28:52 +00:00
|
|
|
"A password reset link has been sent at your email address. You should receive it within a few minutes."
|
2022-04-05 15:16:09 +00:00
|
|
|
)
|
|
|
|
if current_app.config.get("HIDE_INVALID_LOGINS", True) and (
|
|
|
|
not user or not user.can_edit_self
|
|
|
|
):
|
|
|
|
flash(success_message, "success")
|
|
|
|
return render_template("forgotten-password.html", form=form)
|
2020-10-22 15:37:01 +00:00
|
|
|
|
2022-04-05 15:16:09 +00:00
|
|
|
if not user.can_edit_self:
|
2020-10-22 15:37:01 +00:00
|
|
|
flash(
|
2020-11-23 16:03:03 +00:00
|
|
|
_(
|
2022-04-05 15:16:09 +00:00
|
|
|
"The user '%(user)s' does not have permissions to update their password. "
|
|
|
|
"We cannot send a password reset email.",
|
2023-04-07 20:45:42 +00:00
|
|
|
user=user.formatted_name[0],
|
2020-11-23 16:03:03 +00:00
|
|
|
),
|
2023-03-09 17:10:01 +00:00
|
|
|
"error",
|
2020-10-22 15:37:01 +00:00
|
|
|
)
|
|
|
|
return render_template("forgotten-password.html", form=form)
|
|
|
|
|
2021-01-22 17:26:53 +00:00
|
|
|
success = send_password_reset_mail(user)
|
2020-10-22 15:37:01 +00:00
|
|
|
|
|
|
|
if success:
|
2022-04-05 15:16:09 +00:00
|
|
|
flash(success_message, "success")
|
|
|
|
else:
|
2020-10-22 15:37:01 +00:00
|
|
|
flash(
|
2022-04-05 15:16:09 +00:00
|
|
|
_("We encountered an issue while we sent the password recovery email."),
|
|
|
|
"error",
|
2020-10-22 15:37:01 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
return render_template("forgotten-password.html", form=form)
|
|
|
|
|
|
|
|
|
2023-02-05 17:57:18 +00:00
|
|
|
@bp.route("/reset/<user_name>/<hash>", methods=["GET", "POST"])
|
|
|
|
def reset(user_name, hash):
|
2022-04-05 07:49:45 +00:00
|
|
|
if not current_app.config.get("ENABLE_PASSWORD_RECOVERY", True):
|
|
|
|
abort(404)
|
|
|
|
|
2020-10-22 15:37:01 +00:00
|
|
|
form = PasswordResetForm(request.form)
|
2023-04-07 19:24:09 +00:00
|
|
|
user = User.get_from_login(user_name)
|
2020-10-22 15:37:01 +00:00
|
|
|
|
2020-11-16 14:39:58 +00:00
|
|
|
if not user or hash != profile_hash(
|
2023-02-05 17:57:18 +00:00
|
|
|
user.user_name[0],
|
|
|
|
user.email[0],
|
|
|
|
user.password[0] if user.has_password() else "",
|
2020-11-16 14:39:58 +00:00
|
|
|
):
|
2020-10-22 15:37:01 +00:00
|
|
|
flash(
|
2021-10-29 12:20:06 +00:00
|
|
|
_("The password reset link that brought you here was invalid."),
|
|
|
|
"error",
|
2020-10-22 15:37:01 +00:00
|
|
|
)
|
2021-05-24 15:43:15 +00:00
|
|
|
return redirect(url_for("account.index"))
|
2020-10-22 15:37:01 +00:00
|
|
|
|
|
|
|
if request.form and form.validate():
|
|
|
|
user.set_password(form.password.data)
|
|
|
|
user.login()
|
|
|
|
|
|
|
|
flash(_("Your password has been updated successfuly"), "success")
|
2023-02-05 17:57:18 +00:00
|
|
|
return redirect(url_for("account.profile_edition", username=user_name))
|
2020-10-22 15:37:01 +00:00
|
|
|
|
2023-02-05 17:57:18 +00:00
|
|
|
return render_template(
|
|
|
|
"reset-password.html", form=form, user_name=user_name, hash=hash
|
|
|
|
)
|
2021-12-12 14:55:00 +00:00
|
|
|
|
|
|
|
|
2023-02-05 17:57:18 +00:00
|
|
|
@bp.route("/profile/<user_name>/<field>")
|
|
|
|
def photo(user_name, field):
|
|
|
|
if field.lower() != "photo":
|
2021-12-12 14:55:00 +00:00
|
|
|
abort(404)
|
|
|
|
|
2023-04-07 19:24:09 +00:00
|
|
|
user = User.get_from_login(user_name)
|
2022-12-22 16:12:24 +00:00
|
|
|
if not user:
|
|
|
|
abort(404)
|
|
|
|
|
2023-03-17 23:51:09 +00:00
|
|
|
etag = None
|
2023-02-05 17:57:18 +00:00
|
|
|
if request.if_modified_since and request.if_modified_since >= user.last_modified:
|
2023-03-17 23:51:09 +00:00
|
|
|
return "", 304
|
|
|
|
|
2023-02-05 17:57:18 +00:00
|
|
|
etag = profile_hash(user_name, user.last_modified.isoformat())
|
2023-03-17 23:51:09 +00:00
|
|
|
if request.if_none_match and etag in request.if_none_match:
|
|
|
|
return "", 304
|
|
|
|
|
2022-12-22 16:12:24 +00:00
|
|
|
photos = getattr(user, field)
|
|
|
|
if not photos:
|
|
|
|
abort(404)
|
|
|
|
|
|
|
|
stream = io.BytesIO(photos[0])
|
2023-03-17 23:51:09 +00:00
|
|
|
return send_file(
|
2023-02-05 17:57:18 +00:00
|
|
|
stream, mimetype="image/jpeg", last_modified=user.last_modified, etag=etag
|
2023-03-17 23:51:09 +00:00
|
|
|
)
|