canaille-globuzma/canaille/account.py

204 lines
6.1 KiB
Python
Raw Normal View History

2020-10-29 11:59:18 +00:00
import base64
2020-10-22 15:37:01 +00:00
import email.message
import hashlib
2020-10-29 12:43:53 +00:00
import logging
2020-10-22 15:37:01 +00:00
import smtplib
2020-10-29 11:59:18 +00:00
import urllib.request
2020-10-22 15:37:01 +00:00
2020-10-20 09:44:45 +00:00
from flask import Blueprint, request, flash, url_for, current_app
from flask import render_template, redirect
2020-10-22 15:37:01 +00:00
from flask_babel import gettext as _
2020-08-19 14:20:57 +00:00
2020-10-22 15:37:01 +00:00
from .forms import LoginForm, ProfileForm, PasswordResetForm, ForgottenPasswordForm
2020-10-20 09:44:45 +00:00
from .flaskutils import current_user, user_needed
2020-08-19 14:20:57 +00:00
from .models import User
2020-08-14 11:18:08 +00:00
2020-08-16 17:39:14 +00:00
bp = Blueprint(__name__, "home")
2020-08-14 11:18:08 +00:00
2020-08-19 14:20:57 +00:00
@bp.route("/")
def index():
if not current_user():
2020-10-21 12:04:40 +00:00
return redirect(url_for("canaille.account.login"))
return redirect(url_for("canaille.account.profile"))
2020-08-19 14:20:57 +00:00
@bp.route("/login", methods=("GET", "POST"))
def login():
form = LoginForm(request.form or None)
2020-08-14 13:26:14 +00:00
2020-08-19 14:20:57 +00:00
if request.form:
2020-08-21 08:23:39 +00:00
if not form.validate() or not User.authenticate(
form.login.data, form.password.data, True
):
2020-10-22 15:37:01 +00:00
flash(_("Login failed, please check your information"), "error")
2020-08-19 14:20:57 +00:00
return render_template("login.html", form=form)
2020-08-17 07:45:35 +00:00
2020-10-21 12:04:40 +00:00
return redirect(url_for("canaille.account.index"))
2020-08-17 07:45:35 +00:00
2020-08-19 14:20:57 +00:00
return render_template("login.html", form=form)
2020-08-14 11:18:08 +00:00
2020-08-16 17:39:14 +00:00
@bp.route("/logout")
2020-08-14 13:26:14 +00:00
def logout():
2020-08-21 08:23:39 +00:00
if current_user():
current_user().logout()
2020-08-16 17:39:14 +00:00
return redirect("/")
2020-10-20 09:44:45 +00:00
@bp.route("/profile", methods=("GET", "POST"))
@user_needed()
def profile(user):
claims = current_app.config["JWT"]["MAPPING"]
data = {
k.lower(): getattr(user, v)[0]
if getattr(user, v) and isinstance(getattr(user, v), list)
else getattr(user, v) or ""
for k, v in claims.items()
}
form = ProfileForm(request.form or None, data=data)
2020-10-30 19:22:31 +00:00
form.sub.render_kw["readonly"] = "true"
2020-10-21 08:26:31 +00:00
2020-10-20 09:44:45 +00:00
if request.form:
if not form.validate():
2020-10-22 15:37:01 +00:00
flash(_("Profile edition failed."), "error")
2020-10-20 09:44:45 +00:00
else:
for attribute in form:
model_attribute_name = claims.get(attribute.name.upper())
if not model_attribute_name or not hasattr(user, model_attribute_name):
continue
user[model_attribute_name] = [attribute.data]
2020-10-21 08:26:31 +00:00
if not form.password1.data or user.set_password(form.password1.data):
2020-10-22 15:37:01 +00:00
flash(_("Profile updated successfuly."), "success")
2020-10-21 08:26:31 +00:00
2020-10-20 09:44:45 +00:00
user.save()
2020-10-21 10:14:35 +00:00
return render_template("profile.html", form=form, menuitem="profile")
2020-10-22 15:37:01 +00:00
def profile_hash(user, password):
return hashlib.sha256(
current_app.config["SECRET_KEY"].encode("utf-8")
+ user.encode("utf-8")
+ password.encode("utf-8")
).hexdigest()
@bp.route("/reset", methods=["GET", "POST"])
def forgotten():
form = ForgottenPasswordForm(request.form)
if not request.form:
return render_template("forgotten-password.html", form=form)
if not form.validate():
flash(_("Could not send the password reset link."), "error")
return render_template("forgotten-password.html", form=form)
user = User.get(form.login.data)
if not user:
flash(
_("A password reset link has been sent at your email address."), "success"
)
return render_template("forgotten-password.html", form=form)
recipient = user.mail
base_url = url_for("canaille.account.index", _external=True)
reset_url = url_for(
2020-10-22 15:37:01 +00:00
"canaille.account.reset",
2020-10-29 08:37:19 +00:00
uid=user.uid[0],
2020-10-22 15:37:01 +00:00
hash=profile_hash(user.uid[0], user.userPassword[0]),
_external=True,
)
2020-10-29 11:59:18 +00:00
logo = None
logo_extension = None
if current_app.config.get("LOGO"):
logo_extension = current_app.config["LOGO"].split(".")[-1]
try:
with urllib.request.urlopen(current_app.config.get("LOGO")) as f:
logo = base64.b64encode(f.read()).decode("utf-8")
except (urllib.error.HTTPError, urllib.error.URLError):
pass
2020-10-22 15:37:01 +00:00
subject = _("Password reset on {website_name}").format(
website_name=current_app.config.get("NAME", reset_url)
)
text_body = render_template(
"mail/reset.txt",
site_name=current_app.config.get("NAME", reset_url),
site_url=base_url,
reset_url=reset_url,
)
html_body = render_template(
"mail/reset.html",
site_name=current_app.config.get("NAME", reset_url),
site_url=base_url,
reset_url=reset_url,
2020-10-29 11:59:18 +00:00
logo=logo,
logo_extension=logo_extension,
2020-10-22 15:37:01 +00:00
)
msg = email.message.EmailMessage()
msg.set_content(text_body)
msg.add_alternative(html_body, subtype="html")
2020-10-22 15:37:01 +00:00
msg["Subject"] = subject
msg["From"] = current_app.config["SMTP"]["FROM_ADDR"]
msg["To"] = recipient
success = True
try:
with smtplib.SMTP(
host=current_app.config["SMTP"]["HOST"],
port=current_app.config["SMTP"]["PORT"],
) as smtp:
if current_app.config["SMTP"].get("TLS"):
smtp.starttls()
if current_app.config["SMTP"].get("LOGIN"):
smtp.login(
user=current_app.config["SMTP"]["LOGIN"],
password=current_app.config["SMTP"].get("PASSWORD"),
)
smtp.send_message(msg)
except smtplib.SMTPRecipientsRefused:
pass
except OSError:
flash(_("Could not reset your password"), "error")
2020-10-29 12:43:53 +00:00
logging.exception("Could not send password reset email")
2020-10-22 15:37:01 +00:00
success = False
if success:
flash(
_("A password reset link has been sent at your email address."), "success"
)
return render_template("forgotten-password.html", form=form)
@bp.route("/reset/<uid>/<hash>", methods=["GET", "POST"])
def reset(uid, hash):
form = PasswordResetForm(request.form)
user = User.get(uid)
if not user or hash != profile_hash(user.uid[0], user.userPassword[0]):
flash(
_("The password reset link that brought you here was invalid."),
"error",
)
return redirect(url_for("canaille.account.index"))
if request.form and form.validate():
user.set_password(form.password.data)
user.login()
flash(_("Your password has been updated successfuly"), "success")
return redirect(url_for("canaille.account.profile", user_id=uid))
return render_template("reset-password.html", form=form, uid=uid, hash=hash)