252 lines
7.8 KiB
Python
252 lines
7.8 KiB
Python
# -*- coding: utf8 -*-
|
|
from pyramid.response import Response
|
|
from pyramid.renderers import render, get_renderer
|
|
from pyramid.view import (
|
|
view_config,
|
|
forbidden_view_config,
|
|
)
|
|
from pyramid.security import (
|
|
remember,
|
|
forget,
|
|
)
|
|
from pyramid.httpexceptions import (
|
|
HTTPFound,
|
|
HTTPNotFound,
|
|
HTTPForbidden,
|
|
)
|
|
from pyramid_mailer import get_mailer
|
|
from pyramid_mailer.message import Message, Attachment
|
|
from datetime import *
|
|
import hashlib
|
|
from sqlalchemy.exc import DBAPIError
|
|
from ..security import groupfinder
|
|
from user_agents import parse
|
|
|
|
import json
|
|
|
|
from ..models.default import *
|
|
from ..models.agenda import *
|
|
|
|
def to_decimal(x):
|
|
import decimal
|
|
return decimal.Decimal(str(x))
|
|
|
|
def to_euro(x):
|
|
"""Takes a float and returns a string"""
|
|
#if x == 0:
|
|
# return ""
|
|
#else:
|
|
return ("%.2f €" % x).replace('.', ',')
|
|
|
|
def to_euroz(x):
|
|
"""Takes a float and returns a string"""
|
|
if x == 0:
|
|
return ""
|
|
else:
|
|
return ("%.2f €" % x).replace('.', ',')
|
|
|
|
def to_decz(x):
|
|
"""Takes a decimal and returns a string"""
|
|
if x == 0:
|
|
return ""
|
|
else:
|
|
return ("%.2f" % x).replace('.', ',')
|
|
|
|
|
|
def to_sha1(message):
|
|
return hashlib.sha1(message.encode('utf-8')).hexdigest()
|
|
|
|
def to_int(x):
|
|
try:
|
|
number = int(x.replace(',', '.'))
|
|
return number
|
|
except ValueError:
|
|
return 0
|
|
|
|
def to_percent(x):
|
|
"""Takes a float and returns a string"""
|
|
return ("%.2f " % x).replace('.', ',') + "%"
|
|
|
|
|
|
@view_config(route_name='home', renderer='../templates/default/home.pt', permission='view')
|
|
def home(request):
|
|
logged_in = request.authenticated_userid.upper()
|
|
|
|
return {
|
|
'page_title': 'Bienvenue',
|
|
'project': 'mondumas',
|
|
'logged_in': logged_in,
|
|
}
|
|
|
|
@view_config(route_name='envoyer_mdp', renderer='../templates/default/envoyer_mdp.pt')
|
|
def envoyer_mdp(request):
|
|
url = request.route_url('envoyer_mdp')
|
|
message = ''
|
|
|
|
if 'form.submitted' in request.params:
|
|
login = request.params['login']
|
|
member = get_member_by_id(request, login)
|
|
if member:
|
|
# Fabrication du corps du email_passwordMessage
|
|
lien = update_membre_mdp_oublie(request, login)
|
|
body = """
|
|
|
|
Le lien suivant vous dirigera vers une page où vous pourrez ré-initialiser votre mot de passe d'accès à « gestion.entreprise-dumas.com » :
|
|
|
|
|
|
%s
|
|
|
|
(Ce lien est valide pendant 168 heures.)
|
|
|
|
|
|
""" % (request.route_url('redefinir_mdp', lien=lien))
|
|
envoyerMail(request, member.email, "Demande de ré-initialisation du mot de passe", body)
|
|
request.session.flash("Votre demande de ré-initialisation de mot de passe vous a été envoyée à %s." % member.email)
|
|
return HTTPFound(location=request.route_url('login'))
|
|
else:
|
|
message = "Le mot de passe fourni est incorrect."
|
|
return {
|
|
'page_title': "Changer mon mot de passe",
|
|
'url': url,
|
|
'message': message,
|
|
}
|
|
|
|
@view_config(route_name='changer_mdp', renderer='../templates/default/changer_mdp.pt', permission='view')
|
|
def changer_mdp(request):
|
|
url = request.route_url('changer_mdp')
|
|
logged_in = request.authenticated_userid
|
|
message = ''
|
|
|
|
member = get_member_by_id(request, logged_in)
|
|
if member:
|
|
if 'form.submitted' in request.params:
|
|
old_password = request.params['old_password']
|
|
new_password = request.params['new_password1']
|
|
if member.mdp == to_sha1(password):
|
|
update_membre_mdp(request, logged_in, new_password)
|
|
request.session.flash("Votre mot de passe a été mis à jour avec succès.")
|
|
return HTTPFound(location=request.route_url('home'))
|
|
else:
|
|
message = "Le mot de passe actuel n'est pas correct."
|
|
|
|
return {
|
|
'page_title': "Changer mon mot de passe",
|
|
'url': url,
|
|
'member': member,
|
|
'message': message,
|
|
}
|
|
|
|
@view_config(route_name='redefinir_mdp', renderer='../templates/default/redefinir_mdp.pt')
|
|
@view_config(route_name='init_mdp', renderer='../templates/default/redefinir_mdp.pt')
|
|
def redefinir_mdp(request):
|
|
if request.matched_route.name == 'redefinir_mdp':
|
|
lien = request.matchdict["lien"]
|
|
url = request.route_url('redefinir_mdp', lien=lien)
|
|
# tester si le champ "motdepasse_oublie" est encore valide
|
|
membre = get_member_by_mdp_oublie(request, lien)
|
|
else:
|
|
user = request.matchdict["user"]
|
|
lien = request.matchdict["lien"]
|
|
url = request.route_url('init_mdp', user=user, lien=lien)
|
|
# tester valeur OK ?
|
|
if lien == date.today().strftime('%d%m%Y'):
|
|
# oui, lire le membre
|
|
membre = get_member_by_id(request, user)
|
|
else:
|
|
membre = None
|
|
|
|
if membre:
|
|
if 'form.submitted' in request.params:
|
|
login = request.params["login"]
|
|
mdp = request.params["new_password1"]
|
|
if login == membre.CD_UTI:
|
|
update_membre_mdp(request, login, mdp)
|
|
request.session.flash("Votre mot de passe a été modifié avec succès.", 'success')
|
|
return HTTPFound(location=request.route_url('login'))
|
|
else:
|
|
request.session.flash("Identifiant incorrect.", 'danger')
|
|
return HTTPFound(location=request.route_url('login'))
|
|
else:
|
|
request.session.flash("Le lien n'est plus valable.", 'warning')
|
|
return HTTPFound(location=request.route_url('login'))
|
|
|
|
return {
|
|
'page_title': "Définissez votre mot de passe",
|
|
'url': url,
|
|
}
|
|
|
|
|
|
@view_config(route_name='login', renderer='../templates/default/login.pt', permission='view')
|
|
@forbidden_view_config(renderer='../templates/default/login.pt')
|
|
def login(request):
|
|
|
|
current_route_path = request.current_route_path()
|
|
login = ''
|
|
login_url = request.route_url('login')
|
|
|
|
referrer = request.url
|
|
if referrer == login_url:
|
|
referrer = '/' # never use the login form itself as came_from
|
|
|
|
came_from = request.params.get('came_from', referrer)
|
|
password = ''
|
|
message = ''
|
|
if 'form.submitted' in request.params:
|
|
login = request.params['login']
|
|
password = request.params['password']
|
|
record = get_member_by_id(request, login)
|
|
if record :
|
|
# mot de passe hash valide ?
|
|
if record.mdp == to_sha1(password) and record.actif == 1:
|
|
# get user agent string from request
|
|
ua_string = request.user_agent
|
|
user_agent = parse(ua_string)
|
|
update_last_connection(request, login, str(user_agent))
|
|
|
|
# force le commit car il ne se fait pas automatiquement après l'update
|
|
transaction.commit()
|
|
|
|
headers = remember(request, login)
|
|
return HTTPFound(location=came_from, headers=headers)
|
|
|
|
message = "Email et mot de passe invalides. La connexion a échoué."
|
|
|
|
return {
|
|
'page_title': "",
|
|
'url': login_url,
|
|
'came_from': came_from,
|
|
'login': login,
|
|
'message': message,
|
|
}
|
|
|
|
|
|
@view_config(route_name='logout')
|
|
def logout(request):
|
|
request.session.invalidate()
|
|
headers = forget(request)
|
|
request.session.flash("Vous avez bien été déconnecté.")
|
|
return HTTPFound(location=request.route_url('login', login=''),
|
|
headers=headers)
|
|
|
|
|
|
|
|
def envoyerMail(request, destinataire, objet, corps):
|
|
body = """
|
|
|
|
%s
|
|
|
|
Cordialement,
|
|
gestion.entreprise-dumas.com
|
|
|
|
""" % (corps)
|
|
|
|
message = Message(subject="[Ent. Dumas] %s" % objet,
|
|
sender=request.registry.settings['mondumas.admin_email'],
|
|
body=body)
|
|
message.add_recipient(destinataire)
|
|
mailer = get_mailer(request)
|
|
|
|
mailer.send_immediately(message)
|
|
|
|
|