# coding: utf-8
from sshpubkeys import SSHKey
from flask import render_template, session, redirect, url_for, request
from flask import g
from flask import Blueprint
from app import models
from app.cloud.controllers.common import special_match
from app.cloud.controllers.common import ControllerMessagesEmail
from app.cloud.controllers.users import ControllerUsers
from app.cloud.controllers.users import ControllerAPI
from app.cloud.controllers.users import ControllerSSHKey
from app.cloud.controllers.users import ControllerUsersDetails
from app.cloud.controllers.users import ControllerUsersRecoveryCodes
from app.cloud.controllers.billing import ControllerBilling
viewAccount = Blueprint('account', __name__, url_prefix='/account')
@viewAccount.route('/', methods=['GET', 'POST'])
def index():
# check session
if not ControllerUsers().check_session():
return redirect(url_for("account.logout"))
# auth user
if not ControllerUsers().auth(session['email'], session['password']):
return redirect(url_for("account.logout"))
cud = ControllerUsersDetails(session['user_id'])
user = cud.details_get()
# проверяем, есть ли запись в таблице usersdetails, чтобы небыло ошибок
if not cud.details_exists():
# если нет, то делаем запись в таблицу, чтобы небыло ошибок
cud.details_create()
# извлекаем из базы детали пользователя
user_details = cud.details_get()
return render_template(
'default/id/index.html',
user=user,
user_details=user_details
)
@viewAccount.route('/edit', methods=['GET', 'POST'])
def edit():
# check session
if not ControllerUsers().check_session():
return redirect(url_for("account.logout"))
# auth user
if not ControllerUsers().auth(session['email'], session['password']):
return redirect(url_for("account.logout"))
cud = ControllerUsersDetails(session['user_id'])
user = cud.details_get()
if not cud.details_exists():
cud.details_create()
if request.method == "POST":
if not request.form['zipcode'].isdigit():
g.errors['items'].append(u'Индекс должен содержать только цифры')
g.errors['total'] += 1
if g.errors['total'] == 0:
cud.details_update(
fname=request.form['fname'],
lname=request.form['lname'],
address=request.form['address'],
city=request.form['city'],
country=request.form['country'],
state=request.form['state'],
zipcode=request.form['zipcode']
)
return redirect(url_for('account.edit'))
# get user details
user_details = cud.details_get()
return render_template('default/id/edit.html', user=user, user_details=user_details)
@viewAccount.route('/settings', methods=['GET', 'POST'])
def settings():
# check session
if not ControllerUsers().check_session():
return redirect(url_for("account.logout"))
# auth user
if not ControllerUsers().auth(session['email'], session['password']):
return redirect(url_for("account.logout"))
# get user data
user = ControllerUsers(session['user_id']).get()
return render_template('default/id/index.html', user_details=user)
@viewAccount.route('/billing', methods=['GET', 'POST'])
def billing():
# check session
if not ControllerUsers().check_session():
return redirect(url_for("account.logout"))
# auth user
if not ControllerUsers().auth(session['email'], session['password']):
return redirect(url_for("account.logout"))
user_id = session['user_id']
if models.UsersBalance.select().where(models.UsersBalance.user == user_id).count() == 0:
models.UsersBalance.create(user=user_id, balance=10)
user_balance = models.UsersBalance.select().where(models.UsersBalance.user == user_id).limit(1)[0].balance
user_details = models.Users.select().where(models.Users.id == session['user_id']).limit(1)[0]
# выгрузка истории платежей
history = dict()
history['total'] = models.UsersBalanceTransactions.select().\
where(models.UsersBalanceTransactions.user == user_id).count()
history['items'] = models.UsersBalanceTransactions.select().\
where(models.UsersBalanceTransactions.user == user_id)
return render_template(
'default/id/balance.html',
user_details=user_details,
user_balance=user_balance,
history=history
)
@viewAccount.route('/registration', methods=['GET', 'POST'])
def registration():
# check session
if ControllerUsers().check_session():
return redirect(url_for("containers.index"))
if request.method == 'POST':
check_password = False
if request.form['password'] == request.form['password2']:
check_password = True
if not special_match(request.form['email'], r"^[A-Za-z0-9\.\+_-]+@[A-Za-z0-9\._-]+\.[a-zA-Z]*$")\
or len(request.form['password']) < 5\
or not check_password:
g.errors['items'].append('Invalid registration data.')
g.errors['total'] += 1
if g.errors['total'] == 0:
# count user with email and password
if models.Users.select().where(models.Users.email == request.form['email']).count():
g.errors['items'].append('Invalid registration. User already exists.')
g.errors['total'] += 1
else:
if ControllerUsers().registration(request.form['email'], request.form['password']):
user_id = ControllerUsers().get_id_by_email(request.form['email'])
ControllerUsersDetails(user_id).details_create()
ControllerBilling().create(user_id, g.settings['bonus'])
# ControllerU
# send mail message with recovery code
message = u"""
Е-почта: %s
Пароль: %s
""" % (request.form['email'], request.form['password'])
subject = u'GoCloud.ru: Успешная регистрация'
lead = u"""
Поздравляем с успешной зарегистрацией.
"""
callout = u"""
Для входа в личный кабинет воспользуйтесь
страницей авторизации.
"""
email = ControllerMessagesEmail()
email.send(title=subject, to=request.form['email'], lead=lead, message=message, callout=callout)
# redirect to login page
return redirect(url_for('account.login'))
else:
g.errors['items'].append('Invalid registration. Try again.')
g.errors['total'] += 1
return render_template('default/id/registration.html')
@viewAccount.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'POST':
# validation entered data
if not special_match(request.form['email'], r"^[A-Za-z0-9\.\+_-]+@[A-Za-z0-9\._-]+\.[a-zA-Z]*$")\
or len(request.form['password']) < 5:
g.errors['items'].append('Invalid registration data.')
g.errors['total'] += 1
if g.errors['total'] == 0:
# try auth only active users (with status code 1)
if ControllerUsers().auth(request.form['email'], request.form['password'], 1):
# get user_id
user_id = ControllerUsers().get_id_by_email(request.form['email'])
# save user data to session
session['user_id'] = user_id
session['email'] = request.form['email']
session['password'] = request.form['password']
# redirect to rules list
return redirect(url_for('containers.index'))
else:
g.errors['items'].append('Invalid login. Please try again.')
g.errors['total'] += 1
return render_template("default/id/login.html")
@viewAccount.route('/logout')
def logout():
session.pop('user_id', None)
session.pop('email', None)
session.pop('password', None)
return redirect(url_for('account.login'))
@viewAccount.route("/password_reset", methods=['GET', 'POST'])
def password_reset():
if request.method == "POST":
# check exists email
if ControllerUsers().user_exists_by_email(request.form['email']):
# get user_id by email
user_id = str(ControllerUsers().user_id_by_email(request.form['email']))
# create recovery code
recovery_code = ControllerUsersRecoveryCodes().code_generate()
# remove old recovery codes for user
ControllerUsersRecoveryCodes().delete(user_id)
# write new recovery code to database
ControllerUsersRecoveryCodes().create(user_id, recovery_code)
# send mail message with recovery code
subject = u'GoCloud.ru: Код восстановления доступа'
message = u'Код восстановления: %s' % recovery_code
lead = u"""
Данный код необходимо ввести на странице подтверждения
сброса пароля.
"""
callout = u'Если вы не хотите сбрасывать пароль, то просто проигнорируйте (или удалите) данное письмо.'
# controllers.Mail().send(request.form['email'], subject, message)
email = ControllerMessagesEmail()
email.send(title=subject, to=request.form['email'], lead=lead, message=message, callout=callout)
# redirect to step 2
return redirect(url_for('account.password_reset_step2'))
else:
g.errors['items'].append(u'Произошла ошибка. Введите корректный адрес е.почты.')
g.errors['total'] += 1
return render_template('default/id/password_reset_step1.html')
@viewAccount.route("/password_reset_step2", methods=['GET', 'POST'])
def password_reset_step2():
if request.method == "POST":
# check exists email
if ControllerUsers().user_exists_by_email(request.form['email']):
# get user_id by email
user_id = ControllerUsers().user_id_by_email(request.form['email'])
recovery_code = request.form['recovery_code']
# check valid recovery codes
if ControllerUsersRecoveryCodes().check(user_id, recovery_code):
# remove old recovery codes for user
ControllerUsersRecoveryCodes().delete(user_id)
# generate new password
new_password = ControllerUsers().generate_password()
# save password
ControllerUsers().update(user_id, password=new_password)
# send mail message with new password
message = u"""Новый пароль: %s""" % new_password
subject = u"""GoCloud.ru: Новый пароль"""
lead = u"""
Пароль для доступа в a< href="https://gocloud.ru/account/login">личный кабинет был сброшен.
"""
callout = u"""Запомните новый пароль и удалите данное сообщение."""
# controllers.Mail().send(request.form['email'], subject, message)
email = ControllerMessagesEmail()
email.send(title=subject, to=session['email'], lead=lead, message=message, callout=callout)
# redirect to login page
return redirect(url_for('account.login'))
# redirect to step 2
g.errors['items'].append(u'Ошибочный код')
g.errors['total'] += 1
return redirect(url_for('account.password_reset_step2'))
else:
g.errors['items'].append(u'Произошла ошибка. Введите корректный адрес е.почты.')
g.errors['total'] += 1
return render_template('default/id/password_reset_step2.html')
@viewAccount.route("/password_update", methods=['GET', 'POST'])
def password_update():
"""
Обновление пароля из личного кабинета с уведомлением владельца по ел.почте
:return:
"""
# check session
if not ControllerUsers().check_session():
return redirect(url_for("account.logout"))
# auth user
if not ControllerUsers().auth(session['email'], session['password']):
return redirect(url_for("account.logout"))
if request.method == "POST":
# Проверка старого пароля
check_old = ControllerUsers().auth(session['email'], request.form['old_password'])
if check_old and request.form['new_password'] == request.form['new_password_confirm']:
# Обновляем пароль
ControllerUsers().update(session['user_id'], password=request.form['new_password'])
# send mail message with recovery code
lead = u"""
Пароль для достуна в личный кабинет был успешно изменён.
"""
message = u"""Пароль: %s""" % request.form['new_password']
callout = u"""
"""
subject = u'GoCloud.ru: Смена пароля'
email = ControllerMessagesEmail()
email.send(
title=subject,
to=session['email'],
lead=lead,
message=message,
callout=callout
)
return redirect(url_for('account.password_update'))
return render_template('default/id/password_update.html')
@viewAccount.route('/sshkey', methods=['GET', 'POST'])
def sshkey():
# check session
if not ControllerUsers().check_session():
return redirect(url_for("account.logout"))
# auth user
if not ControllerUsers().auth(session['email'], session['password']):
return redirect(url_for("account.logout"))
controllersshkey = ControllerSSHKey(session['user_id'])
if request.method == "POST":
try:
ssh = SSHKey(request.form['sshkey'])
except Exception as e:
g.errors['items'].append(u"Не корректный ssh-ключ.")
g.errors['total'] += 1
else:
print(ssh.bits)
print(ssh.hash())
controllersshkey.set(request.form['sshkey'])
sshkey = {
"exists": controllersshkey.check(),
"sshkey": controllersshkey.get()
}
return render_template('default/id/sshkey.html', sshkey=sshkey)
@viewAccount.route('/sshkey_delete', methods=['POST'])
def sshkey_delete():
# check session
if not ControllerUsers().check_session():
return redirect(url_for("account.logout"))
# auth user
if not ControllerUsers().auth(session['email'], session['password']):
return redirect(url_for("account.logout"))
controllersshkey = ControllerSSHKey(session['user_id'])
controllersshkey.delete()
return redirect(url_for('account.sshkey'))
@viewAccount.route('/api', methods=['GET', 'POST'])
def api():
# check session
if not ControllerUsers().check_session():
return redirect(url_for("account.logout"))
# auth user
if not ControllerUsers().auth(session['email'], session['password']):
return redirect(url_for("account.logout"))
#
if not ControllerAPI().check(session['user_id']):
ControllerAPI().set(session['user_id'], '', [''], 0)
#
user_secret = ControllerAPI().get(session['user_id'])[0]
return render_template(
'default/id/api.html',
user_secret=user_secret
)
@viewAccount.route('/api_update', methods=['POST'])
def api_update():
# check session
if not ControllerUsers().check_session():
return redirect(url_for("account.logout"))
# auth user
if not ControllerUsers().auth(session['email'], session['password']):
return redirect(url_for("account.logout"))
#
ControllerAPI().set(
session['user_id'],
request.form['secret'],
request.form['acl'],
request.form['status']
)
#
return redirect(url_for('account.api'))