2020-10-22 15:37:01 +00:00
|
|
|
import hashlib
|
2020-11-13 09:45:01 +00:00
|
|
|
import pkg_resources
|
2020-10-22 15:37:01 +00:00
|
|
|
|
2020-10-31 16:41:24 +00:00
|
|
|
from flask import (
|
|
|
|
Blueprint,
|
|
|
|
request,
|
|
|
|
flash,
|
|
|
|
url_for,
|
|
|
|
current_app,
|
|
|
|
abort,
|
|
|
|
render_template,
|
|
|
|
redirect,
|
|
|
|
)
|
2020-10-22 15:37:01 +00:00
|
|
|
from flask_babel import gettext as _
|
2020-12-31 17:16:35 +00:00
|
|
|
from werkzeug.datastructures import CombinedMultiDict, FileStorage
|
2020-11-01 10:33:56 +00:00
|
|
|
from .forms import (
|
|
|
|
LoginForm,
|
|
|
|
PasswordResetForm,
|
|
|
|
ForgottenPasswordForm,
|
2020-11-26 14:29:14 +00:00
|
|
|
profile_form,
|
2020-11-01 10:33:56 +00:00
|
|
|
)
|
2020-12-10 16:42:58 +00:00
|
|
|
from .apputils import logo, send_email
|
2020-12-11 10:52:37 +00:00
|
|
|
from .flaskutils import current_user, user_needed, moderator_needed, admin_needed
|
2020-08-19 14:20:57 +00:00
|
|
|
from .models import User
|
2020-08-14 11:18:08 +00:00
|
|
|
|
|
|
|
|
2020-08-16 17:39:14 +00:00
|
|
|
bp = Blueprint(__name__, "home")
|
2020-08-14 11:18:08 +00:00
|
|
|
|
|
|
|
|
2020-08-19 14:20:57 +00:00
|
|
|
@bp.route("/")
|
|
|
|
def index():
|
|
|
|
if not current_user():
|
2020-10-21 12:04:40 +00:00
|
|
|
return redirect(url_for("canaille.account.login"))
|
2020-11-01 10:33:56 +00:00
|
|
|
return redirect(
|
|
|
|
url_for("canaille.account.profile_edition", username=current_user().uid[0])
|
|
|
|
)
|
2020-08-19 14:20:57 +00:00
|
|
|
|
|
|
|
|
2020-11-13 09:45:01 +00:00
|
|
|
@bp.route("/about")
|
|
|
|
def about():
|
2020-11-16 14:45:02 +00:00
|
|
|
try:
|
|
|
|
version = pkg_resources.get_distribution("canaille").version
|
|
|
|
except pkg_resources.DistributionNotFound:
|
|
|
|
version = "git"
|
2020-11-13 09:45:01 +00:00
|
|
|
return render_template("about.html", version=version)
|
|
|
|
|
|
|
|
|
2020-08-19 14:20:57 +00:00
|
|
|
@bp.route("/login", methods=("GET", "POST"))
|
|
|
|
def login():
|
|
|
|
form = LoginForm(request.form or None)
|
2020-08-14 13:26:14 +00:00
|
|
|
|
2020-08-19 14:20:57 +00:00
|
|
|
if request.form:
|
2020-11-16 14:39:58 +00:00
|
|
|
user = User.get(form.login.data)
|
|
|
|
if user and not user.has_password():
|
|
|
|
return redirect(url_for("canaille.account.firstlogin", uid=user.uid[0]))
|
|
|
|
|
2020-08-21 08:23:39 +00:00
|
|
|
if not form.validate() or not User.authenticate(
|
|
|
|
form.login.data, form.password.data, True
|
|
|
|
):
|
2020-12-29 08:31:46 +00:00
|
|
|
User.logout()
|
2020-10-22 15:37:01 +00:00
|
|
|
flash(_("Login failed, please check your information"), "error")
|
2020-08-19 14:20:57 +00:00
|
|
|
return render_template("login.html", form=form)
|
2020-08-17 07:45:35 +00:00
|
|
|
|
2020-11-01 10:33:56 +00:00
|
|
|
flash(_("Connection successful. Welcome %(user)s", user=user.name), "success")
|
2020-10-21 12:04:40 +00:00
|
|
|
return redirect(url_for("canaille.account.index"))
|
2020-08-17 07:45:35 +00:00
|
|
|
|
2020-08-19 14:20:57 +00:00
|
|
|
return render_template("login.html", form=form)
|
2020-08-14 11:18:08 +00:00
|
|
|
|
2020-08-16 17:39:14 +00:00
|
|
|
|
|
|
|
@bp.route("/logout")
|
2020-08-14 13:26:14 +00:00
|
|
|
def logout():
|
2020-10-31 17:22:24 +00:00
|
|
|
user = current_user()
|
|
|
|
if user:
|
|
|
|
flash(
|
2020-11-01 10:33:56 +00:00
|
|
|
_("You have been disconnected. See you next time %(user)s", user=user.name),
|
|
|
|
"success",
|
2020-10-31 17:22:24 +00:00
|
|
|
)
|
|
|
|
user.logout()
|
2020-08-16 17:39:14 +00:00
|
|
|
return redirect("/")
|
2020-10-20 09:44:45 +00:00
|
|
|
|
|
|
|
|
2020-11-16 14:39:58 +00:00
|
|
|
@bp.route("/firstlogin/<uid>", methods=("GET", "POST"))
|
|
|
|
def firstlogin(uid):
|
|
|
|
user = User.get(uid)
|
|
|
|
user and not user.has_password() or abort(404)
|
|
|
|
|
|
|
|
form = ForgottenPasswordForm(request.form or None, data={"login": uid})
|
|
|
|
if not request.form:
|
|
|
|
return render_template("firstlogin.html", form=form, uid=uid)
|
|
|
|
|
|
|
|
if not form.validate():
|
|
|
|
flash(_("Could not send the password initialization link."), "error")
|
|
|
|
return render_template("firstlogin.html", form=form, uid=uid)
|
|
|
|
|
|
|
|
base_url = url_for("canaille.account.index", _external=True)
|
|
|
|
reset_url = url_for(
|
|
|
|
"canaille.account.reset",
|
|
|
|
uid=user.uid[0],
|
|
|
|
hash=profile_hash(
|
|
|
|
user.uid[0], user.userPassword[0] if user.has_password() else ""
|
|
|
|
),
|
|
|
|
_external=True,
|
|
|
|
)
|
2020-12-10 16:42:58 +00:00
|
|
|
logo_cid, logo_filename, logo_raw = logo()
|
2020-11-16 14:39:58 +00:00
|
|
|
|
|
|
|
subject = _("Password initialization on {website_name}").format(
|
|
|
|
website_name=current_app.config.get("NAME", reset_url)
|
|
|
|
)
|
|
|
|
text_body = render_template(
|
|
|
|
"mail/firstlogin.txt",
|
|
|
|
site_name=current_app.config.get("NAME", reset_url),
|
|
|
|
site_url=base_url,
|
|
|
|
reset_url=reset_url,
|
|
|
|
)
|
|
|
|
html_body = render_template(
|
|
|
|
"mail/firstlogin.html",
|
|
|
|
site_name=current_app.config.get("NAME", reset_url),
|
|
|
|
site_url=base_url,
|
|
|
|
reset_url=reset_url,
|
2020-12-10 16:42:58 +00:00
|
|
|
logo="cid:{}".format(logo_cid[1:-1]) if logo_cid else None,
|
2020-11-16 14:39:58 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
success = send_email(
|
|
|
|
subject=subject,
|
|
|
|
recipient=user.mail,
|
|
|
|
text=text_body,
|
|
|
|
html=html_body,
|
2020-12-10 16:42:58 +00:00
|
|
|
attachements=[(logo_cid, logo_filename, logo_raw)] if logo_filename else None,
|
2020-11-16 14:39:58 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
if success:
|
|
|
|
flash(
|
2020-11-23 16:03:03 +00:00
|
|
|
_(
|
|
|
|
"A password initialization link has been sent at your email address. You should receive it within 10 minutes."
|
|
|
|
),
|
2020-11-16 14:39:58 +00:00
|
|
|
"success",
|
|
|
|
)
|
|
|
|
else:
|
|
|
|
flash(_("Could not send the password initialization email"), "error")
|
|
|
|
|
|
|
|
return render_template("firstlogin.html", form=form, uid=uid)
|
|
|
|
|
|
|
|
|
2020-11-01 10:33:56 +00:00
|
|
|
@bp.route("/users")
|
2020-11-02 11:13:03 +00:00
|
|
|
@moderator_needed()
|
2020-11-01 10:33:56 +00:00
|
|
|
def users(user):
|
|
|
|
users = User.filter(objectClass=current_app.config["LDAP"]["USER_CLASS"])
|
|
|
|
return render_template("users.html", users=users, menuitem="users")
|
|
|
|
|
|
|
|
|
|
|
|
@bp.route("/profile", methods=("GET", "POST"))
|
2020-11-02 11:13:03 +00:00
|
|
|
@moderator_needed()
|
2020-11-01 10:33:56 +00:00
|
|
|
def profile_creation(user):
|
2020-11-26 14:29:14 +00:00
|
|
|
form = profile_form(current_app.config["LDAP"]["FIELDS"])
|
2020-12-31 17:16:35 +00:00
|
|
|
form.process(CombinedMultiDict((request.files, request.form)) or None)
|
2020-11-01 10:33:56 +00:00
|
|
|
try:
|
2020-11-26 14:29:14 +00:00
|
|
|
if "uid" in form:
|
|
|
|
del form["uid"].render_kw["readonly"]
|
2020-11-01 10:33:56 +00:00
|
|
|
except KeyError:
|
|
|
|
pass
|
|
|
|
|
|
|
|
if request.form:
|
|
|
|
if not form.validate():
|
|
|
|
flash(_("User creation failed."), "error")
|
|
|
|
|
|
|
|
else:
|
|
|
|
user = User(objectClass=current_app.config["LDAP"]["USER_CLASS"])
|
|
|
|
for attribute in form:
|
2020-11-26 14:29:14 +00:00
|
|
|
if attribute.name in user.may + user.must:
|
2020-12-31 17:16:35 +00:00
|
|
|
if isinstance(attribute.data, FileStorage):
|
|
|
|
data = attribute.data.stream.read()
|
|
|
|
else:
|
|
|
|
data = attribute.data
|
|
|
|
|
2020-11-26 14:29:14 +00:00
|
|
|
if user.attr_type_by_name()[attribute.name].single_value:
|
2020-12-31 17:16:35 +00:00
|
|
|
user[attribute.name] = data
|
2020-11-26 14:29:14 +00:00
|
|
|
else:
|
2020-12-31 17:16:35 +00:00
|
|
|
user[attribute.name] = [data]
|
2020-11-01 10:33:56 +00:00
|
|
|
|
2020-11-26 14:29:14 +00:00
|
|
|
if not form["password1"].data or user.set_password(form["password1"].data):
|
|
|
|
flash(_("Profile updated successfuly."), "success")
|
2020-11-01 10:33:56 +00:00
|
|
|
|
|
|
|
user.cn = [f"{user.givenName[0]} {user.sn[0]}"]
|
|
|
|
user.save()
|
|
|
|
|
|
|
|
flash(_("User creation succeed."), "success")
|
|
|
|
|
|
|
|
return redirect(
|
|
|
|
url_for("canaille.account.profile_edition", username=user.uid[0])
|
|
|
|
)
|
|
|
|
|
|
|
|
return render_template(
|
|
|
|
"profile.html", form=form, menuitem="users", edited_user=None
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2020-12-11 10:52:37 +00:00
|
|
|
@bp.route("/impersonate/<username>")
|
|
|
|
@admin_needed()
|
|
|
|
def impersonate(user, username):
|
|
|
|
u = User.get(username) or abort(404)
|
|
|
|
u.login()
|
|
|
|
return redirect(url_for("canaille.account.index"))
|
|
|
|
|
|
|
|
|
2020-11-01 10:33:56 +00:00
|
|
|
@bp.route("/profile/<username>", methods=("GET", "POST"))
|
2020-10-20 09:44:45 +00:00
|
|
|
@user_needed()
|
2020-11-01 10:33:56 +00:00
|
|
|
def profile_edition(user, username):
|
2020-11-02 11:13:03 +00:00
|
|
|
user.moderator or username == user.uid[0] or abort(403)
|
2020-11-01 10:33:56 +00:00
|
|
|
|
|
|
|
if request.method == "GET" or request.form.get("action") == "edit":
|
|
|
|
return profile_edit(user, username)
|
|
|
|
|
|
|
|
if request.form.get("action") == "delete":
|
|
|
|
return profile_delete(user, username)
|
|
|
|
|
|
|
|
abort(400)
|
2020-10-31 16:41:24 +00:00
|
|
|
|
2020-11-01 10:33:56 +00:00
|
|
|
|
|
|
|
def profile_edit(user, username):
|
|
|
|
menuitem = "profile" if username == user.uid[0] else "users"
|
2020-11-26 14:29:14 +00:00
|
|
|
fields = current_app.config["LDAP"]["FIELDS"]
|
2020-11-01 10:33:56 +00:00
|
|
|
if username != user.uid[0]:
|
|
|
|
user = User.get(username) or abort(404)
|
|
|
|
|
2020-10-20 09:44:45 +00:00
|
|
|
data = {
|
2020-11-26 14:29:14 +00:00
|
|
|
k: getattr(user, k)[0]
|
|
|
|
if getattr(user, k) and isinstance(getattr(user, k), list)
|
|
|
|
else getattr(user, k) or ""
|
|
|
|
for k in fields
|
|
|
|
if hasattr(user, k)
|
2020-10-20 09:44:45 +00:00
|
|
|
}
|
2020-11-26 14:29:14 +00:00
|
|
|
form = profile_form(fields)
|
2020-12-31 17:16:35 +00:00
|
|
|
form.process(CombinedMultiDict((request.files, request.form)) or None, data=data)
|
2020-11-26 14:29:14 +00:00
|
|
|
form["uid"].render_kw["readonly"] = "true"
|
2020-10-21 08:26:31 +00:00
|
|
|
|
2020-10-20 09:44:45 +00:00
|
|
|
if request.form:
|
|
|
|
if not form.validate():
|
2020-10-22 15:37:01 +00:00
|
|
|
flash(_("Profile edition failed."), "error")
|
2020-10-20 09:44:45 +00:00
|
|
|
|
|
|
|
else:
|
|
|
|
for attribute in form:
|
2020-11-26 14:29:14 +00:00
|
|
|
if attribute.name in user.may + user.must:
|
2020-12-31 17:16:35 +00:00
|
|
|
if isinstance(attribute.data, FileStorage):
|
|
|
|
data = attribute.data.stream.read()
|
|
|
|
else:
|
|
|
|
data = attribute.data
|
|
|
|
|
2020-11-26 14:29:14 +00:00
|
|
|
if user.attr_type_by_name()[attribute.name].single_value:
|
2020-12-31 17:16:35 +00:00
|
|
|
user[attribute.name] = data
|
2020-11-26 14:29:14 +00:00
|
|
|
else:
|
2020-12-31 17:16:35 +00:00
|
|
|
user[attribute.name] = [data]
|
2020-10-20 09:44:45 +00:00
|
|
|
|
2020-11-26 14:29:14 +00:00
|
|
|
if not form["password1"].data or user.set_password(form["password1"].data):
|
2020-10-22 15:37:01 +00:00
|
|
|
flash(_("Profile updated successfuly."), "success")
|
2020-10-21 08:26:31 +00:00
|
|
|
|
2020-10-20 09:44:45 +00:00
|
|
|
user.save()
|
|
|
|
|
2020-11-01 10:33:56 +00:00
|
|
|
return render_template(
|
|
|
|
"profile.html", form=form, menuitem=menuitem, edited_user=user
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
def profile_delete(user, username):
|
|
|
|
self_deletion = username == user.uid[0]
|
|
|
|
if self_deletion:
|
|
|
|
user.logout()
|
|
|
|
else:
|
|
|
|
user = User.get(username) or abort(404)
|
|
|
|
|
|
|
|
flash(_("The user %(user)s has been sucessfuly deleted", user=user.name), "success")
|
|
|
|
user.delete()
|
|
|
|
|
|
|
|
if self_deletion:
|
|
|
|
return redirect(url_for("canaille.account.index"))
|
|
|
|
return redirect(url_for("canaille.account.users"))
|
2020-10-22 15:37:01 +00:00
|
|
|
|
|
|
|
|
|
|
|
def profile_hash(user, password):
|
|
|
|
return hashlib.sha256(
|
|
|
|
current_app.config["SECRET_KEY"].encode("utf-8")
|
|
|
|
+ user.encode("utf-8")
|
|
|
|
+ password.encode("utf-8")
|
|
|
|
).hexdigest()
|
|
|
|
|
|
|
|
|
|
|
|
@bp.route("/reset", methods=["GET", "POST"])
|
|
|
|
def forgotten():
|
|
|
|
form = ForgottenPasswordForm(request.form)
|
|
|
|
if not request.form:
|
|
|
|
return render_template("forgotten-password.html", form=form)
|
|
|
|
|
|
|
|
if not form.validate():
|
|
|
|
flash(_("Could not send the password reset link."), "error")
|
|
|
|
return render_template("forgotten-password.html", form=form)
|
|
|
|
|
|
|
|
user = User.get(form.login.data)
|
|
|
|
|
|
|
|
if not user:
|
|
|
|
flash(
|
2020-11-23 16:03:03 +00:00
|
|
|
_(
|
|
|
|
"A password reset link has been sent at your email address. You should receive it within 10 minutes."
|
|
|
|
),
|
|
|
|
"success",
|
2020-10-22 15:37:01 +00:00
|
|
|
)
|
|
|
|
return render_template("forgotten-password.html", form=form)
|
|
|
|
|
2020-10-29 12:20:27 +00:00
|
|
|
base_url = url_for("canaille.account.index", _external=True)
|
|
|
|
reset_url = url_for(
|
2020-10-22 15:37:01 +00:00
|
|
|
"canaille.account.reset",
|
2020-10-29 08:37:19 +00:00
|
|
|
uid=user.uid[0],
|
2020-11-16 14:39:58 +00:00
|
|
|
hash=profile_hash(
|
|
|
|
user.uid[0], user.userPassword[0] if user.has_password() else ""
|
|
|
|
),
|
2020-10-29 12:20:27 +00:00
|
|
|
_external=True,
|
|
|
|
)
|
2020-12-10 16:42:58 +00:00
|
|
|
logo_cid, logo_filename, logo_raw = logo()
|
2020-10-29 11:59:18 +00:00
|
|
|
|
2020-10-22 15:37:01 +00:00
|
|
|
subject = _("Password reset on {website_name}").format(
|
2020-10-29 11:00:19 +00:00
|
|
|
website_name=current_app.config.get("NAME", reset_url)
|
|
|
|
)
|
|
|
|
text_body = render_template(
|
|
|
|
"mail/reset.txt",
|
|
|
|
site_name=current_app.config.get("NAME", reset_url),
|
2020-10-29 12:20:27 +00:00
|
|
|
site_url=base_url,
|
2020-10-29 11:00:19 +00:00
|
|
|
reset_url=reset_url,
|
|
|
|
)
|
|
|
|
html_body = render_template(
|
|
|
|
"mail/reset.html",
|
|
|
|
site_name=current_app.config.get("NAME", reset_url),
|
2020-10-29 12:20:27 +00:00
|
|
|
site_url=base_url,
|
2020-10-29 11:00:19 +00:00
|
|
|
reset_url=reset_url,
|
2020-12-10 16:42:58 +00:00
|
|
|
logo="cid:{}".format(logo_cid[1:-1]) if logo_cid else None,
|
2020-10-22 15:37:01 +00:00
|
|
|
)
|
|
|
|
|
2020-11-16 13:48:27 +00:00
|
|
|
success = send_email(
|
|
|
|
subject=subject,
|
2020-11-16 14:39:58 +00:00
|
|
|
recipient=user.mail,
|
2020-11-16 13:48:27 +00:00
|
|
|
text=text_body,
|
|
|
|
html=html_body,
|
2020-12-10 16:42:58 +00:00
|
|
|
attachements=[(logo_cid, logo_filename, logo_raw)] if logo_filename else None,
|
2020-11-16 13:48:27 +00:00
|
|
|
)
|
2020-10-22 15:37:01 +00:00
|
|
|
|
|
|
|
if success:
|
|
|
|
flash(
|
2020-11-23 16:03:03 +00:00
|
|
|
_(
|
|
|
|
"A password reset link has been sent at your email address. You should receive it within 10 minutes."
|
|
|
|
),
|
|
|
|
"success",
|
2020-10-22 15:37:01 +00:00
|
|
|
)
|
2020-11-16 13:48:27 +00:00
|
|
|
else:
|
|
|
|
flash(_("Could not reset your password"), "error")
|
2020-10-22 15:37:01 +00:00
|
|
|
|
|
|
|
return render_template("forgotten-password.html", form=form)
|
|
|
|
|
|
|
|
|
|
|
|
@bp.route("/reset/<uid>/<hash>", methods=["GET", "POST"])
|
|
|
|
def reset(uid, hash):
|
|
|
|
form = PasswordResetForm(request.form)
|
|
|
|
user = User.get(uid)
|
|
|
|
|
2020-11-16 14:39:58 +00:00
|
|
|
if not user or hash != profile_hash(
|
|
|
|
user.uid[0], user.userPassword[0] if user.has_password() else ""
|
|
|
|
):
|
2020-10-22 15:37:01 +00:00
|
|
|
flash(
|
|
|
|
_("The password reset link that brought you here was invalid."),
|
|
|
|
"error",
|
|
|
|
)
|
|
|
|
return redirect(url_for("canaille.account.index"))
|
|
|
|
|
|
|
|
if request.form and form.validate():
|
|
|
|
user.set_password(form.password.data)
|
|
|
|
user.login()
|
|
|
|
|
|
|
|
flash(_("Your password has been updated successfuly"), "success")
|
2020-11-01 10:33:56 +00:00
|
|
|
return redirect(url_for("canaille.account.profile_edition", username=uid))
|
2020-10-22 15:37:01 +00:00
|
|
|
|
|
|
|
return render_template("reset-password.html", form=form, uid=uid, hash=hash)
|