phuoc/caotek_monaa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tested login.pt

Browse Source
This commit is contained in:
Phuoc
2017-07-22 13:11:01 +02:00
parent 2093b3588f
commit 8b50412a58
26 changed files with 296 additions and 968 deletions
Download Patch File Download Diff File Expand all files Collapse all files

251
caotek_mesavoirs/views/members.py Normal file
View File

@@ -0,0 +1,251 @@
# -*- coding: utf8 -*-
from pyramid.response import Response
from pyramid.renderers import render, get_renderer
from pyramid.view import (
view_config,
forbidden_view_config,
)
from pyramid.security import (
authenticated_userid,
remember,
forget,
)
from pyramid.httpexceptions import (
HTTPFound,
HTTPNotFound,
HTTPForbidden,
)
from pyramid_mailer import get_mailer
from pyramid_mailer.message import Message, Attachment
from datetime import *
import hashlib
from sqlalchemy.exc import DBAPIError
from ..security import groupfinder
import json
from ..models.members import *
@view_config(route_name='envoyer_mdp', renderer='../templates/members/envoyer_mdp.pt')
def envoyer_mdp(request):
url = request.route_url('envoyer_mdp')
message = u''
if 'form.submitted' in request.params:
login = request.params['login']
member = get_member_by_email(request, login)
if member:
# Fabrication du corps du email_passwordMessage
lien = update_membre_mdp_oublie(request, login)
body = u"""
Le lien suivant vous dirigera vers une page où vous pourrez ré-initialiser votre mot de passe d'accès à « gestion.entreprise-dumas.com » :
%s
(Ce lien est valide pendant 168 heures.)
""" % (request.route_url('redefinir_mdp', lien=lien))
envoyerMail(request, member.email, u"Demande de ré-initialisation du mot de passe", body)
request.session.flash(u"Votre demande de ré-initialisation de mot de passe vous a été envoyée à %s." % member.email)
return HTTPFound(location=request.route_url('login'))
else:
message = u"Le mot de passe fourni est incorrect."
return {
'page_title': u"Changer mon mot de passe",
'url': url,
'message': message,
}
@view_config(route_name='changer_mdp', renderer='../templates/members/changer_mdp.pt', permission='view')
def changer_mdp(request):
url = request.route_url('changer_mdp')
logged_in = authenticated_userid(request)
message = ''
member = get_member_by_email(request, logged_in)
if member:
if 'form.submitted' in request.params:
old_password = request.params['old_password']
new_password = request.params['new_password1']
if member.mdp == hashlib.sha1(old_password).hexdigest():
update_membre_mdp(request, logged_in, new_password)
request.session.flash(u"Votre mot de passe a été mis à jour avec succès.")
return HTTPFound(location=request.route_url('home'))
else:
message = u"Le mot de passe actuel n'est pas correct."
return {
'page_title': u"Changer mon mot de passe",
'url': url,
'member': member,
'message': message,
}
@view_config(route_name='redefinir_mdp', renderer='../templates/members/redefinir_mdp.pt')
def redefinir_mdp(request):
lien = request.matchdict["lien"]
url = request.route_url('redefinir_mdp', lien=lien)
# tester si le champ "motdepasse_oublie" est encore valide
membre = get_member_by_mdp_oublie(request, lien)
if membre:
if 'form.submitted' in request.params:
login = request.params["login"]
mdp = request.params["new_password1"]
if login == membre.email:
update_membre_mdp(request, login, mdp)
request.session.flash(u"Votre mot de passe a été modifié avec succès.", 'success')
return HTTPFound(location=request.route_url('login'))
else:
request.session.flash(u"Identifiant incorrect.", 'danger')
return HTTPFound(location=request.route_url('login'))
else:
request.session.flash(u"Le lien n'est plus valable.", 'warning')
return HTTPFound(location=request.route_url('login'))
return {
'page_title': u"Définissez votre mot de passe",
'url': url,
}
@view_config(route_name='login', renderer='../templates/members/login.pt', permission='view')
@forbidden_view_config(renderer='../templates/members/login.pt')
def login(request):
current_route_path = request.current_route_path()
login = ''
login_url = request.route_url('login')
referrer = request.url
if referrer == login_url:
referrer = '/' # never use the login form itself as came_from
came_from = request.params.get('came_from', referrer)
password = u''
message = u''
if 'form.submitted' in request.params:
login = request.params['login']
password = request.params['password']
record = get_member_by_email(request, login)
if record :
# mot de passe hash valide ?
if record.mdp == hashlib.sha1(password).hexdigest():
update_last_connection(request, login)
# force le commit car il ne se fait pas automatiquement après l'update
transaction.commit()
headers = remember(request, login)
return HTTPFound(location=came_from, headers=headers)
message = u"Email et mot de passe invalides. La connexion a échoué."
return {
'page_title': u"",
'url': login_url,
'came_from': came_from,
'login': login,
'message': message,
}
@view_config(route_name='users_list', renderer='../templates/members/users_list.pt', permission='manage')
def users_list(request):
# lire les utilisateurs
items = get_member_by_email(request, '0')
# construire la liste
liste=[]
for item in items:
if item.dern_cnx_le:
der_cnx_le = item.dern_cnx_le.strftime('%d/%m/%Y - %H:%M')
else:
der_cnx_le = ""
if item.expire_le :
expire_le = item.dern_cnx_le.strftime('%d/%m/%Y')
else:
expire_le = ''
d = (item.nom, item.email, item.acces, der_cnx_le, expire_le)
liste.append(d)
return {
'page_title': u'Liste des utilisateurs',
'dt_data': json.dumps(liste),
}
@view_config(route_name='logout')
def logout(request):
request.session.invalidate()
headers = forget(request)
request.session.flash(u"Vous avez bien été déconnecté.")
return HTTPFound(location=request.route_url('login', login=''),
headers=headers)
@view_config(route_name='user_edit', renderer='../templates/members/user_edit.pt', permission='manage')
def user_edit(request):
email = request.matchdict['email']
url = request.route_url('user_edit', email=email)
message = ''
access = ["0 | Production", "5 | Gestion", u"8 | Comptabilité", "9 | Administration"]
if email == '0':
# nouveau
individu = {}
individu['email'] = ''
individu['nom'] = ''
individu['email'] = ''
individu['access'] = '0 | Production'
individu['actif'] = 1
individu['agenda'] = 0
page_title= 'Nouvelle Fiche'
else:
# lire la fiche de l'individu
individu = get_member_by_email(request, email)
if not individu:
request.session.flash(u"Utilisateur non trouvé : %s" % email, 'warning')
return HTTPFound(location=request.route_url('users_list'))
page_title= u"Fiche de %s" %(individu.nom)
if 'form.submitted' in request.params:
new_values = {}
for param, db_value in individu.items():
if param in request.params and request.params[param] != db_value:
new_values[param] = request.params[param]
# actif coché ?
if 'actif' in request.params:
new_values['actif'] = 1
else:
new_values['actif'] = 0
# agenda coché ?
if 'agenda' in request.params:
new_values['agenda'] = 1
else:
new_values['agenda'] = 0
if new_values:
update_membre(request, email, new_values)
request.session.flash(u"La fiche a été mise à jour avec succès.", 'success')
return HTTPFound(location=request.route_url('users_list'))
if 'form.deleted' in request.params:
delete_membre(request, email)
request.session.flash(u"La fiche a été supprimée avec succès.", 'success')
return HTTPFound(location=request.route_url('users_list'))
return {
'page_title': page_title,
'url': url,
'individu': individu,
'access': access,
'message': message,
}