vmbuilder/console
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions
console/SWSCloudCore/views/account/__init__.py

421 lines
17 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# coding: utf-8
from flask import Blueprint, g, render_template, session, redirect, url_for, request
from sshpubkeys import SSHKey
from SWSCloudCore.controllers.billing import ControllerBilling
from SWSCloudCore.controllers.common import ControllerMessagesEmail
from SWSCloudCore.controllers.common import special_match
from SWSCloudCore.controllers.users import ControllerAPI
from SWSCloudCore.controllers.users import ControllerSSHKey
from SWSCloudCore.controllers.users import ControllerUsers
from SWSCloudCore.controllers.users import ControllerUsersDetails
from SWSCloudCore.controllers.users import ControllerUsersRecoveryCodes
from SWSCloudCore import models
viewAccount = Blueprint('account', __name__, url_prefix='/account')
@viewAccount.route('/', methods=['GET', 'POST'])
def index():
# check session
if not ControllerUsers().check_session():
return redirect(url_for("account.logout"))
# auth user
if not ControllerUsers().auth(session['email'], session['password']):
return redirect(url_for("account.logout"))
cud = ControllerUsersDetails(session['user_id'])
user = cud.details_get()
# проверяем, есть ли запись в таблице usersdetails, чтобы небыло ошибок
if not cud.details_exists():
# если нет, то делаем запись в таблицу, чтобы небыло ошибок
cud.details_create()
# извлекаем из базы детали пользователя
user_details = cud.details_get()
return render_template(
'default/id/index.html',
user=user,
user_details=user_details
)
@viewAccount.route('/edit', methods=['GET', 'POST'])
def edit():
# check session
if not ControllerUsers().check_session():
return redirect(url_for("account.logout"))
# auth user
if not ControllerUsers().auth(session['email'], session['password']):
return redirect(url_for("account.logout"))
cud = ControllerUsersDetails(session['user_id'])
user = cud.details_get()
if not cud.details_exists():
cud.details_create()
if request.method == "POST":
if not request.form['zipcode'].isdigit():
g.errors['items'].append(u'Индекс должен содержать только цифры')
g.errors['total'] += 1
if g.errors['total'] == 0:
cud.details_update(
fname=request.form['fname'],
lname=request.form['lname'],
address=request.form['address'],
city=request.form['city'],
country=request.form['country'],
state=request.form['state'],
zipcode=request.form['zipcode']
)
return redirect(url_for('account.edit'))
# get user details
user_details = cud.details_get()
return render_template('default/id/edit.html', user=user, user_details=user_details)
@viewAccount.route('/settings', methods=['GET', 'POST'])
def settings():
# check session
if not ControllerUsers().check_session():
return redirect(url_for("account.logout"))
# auth user
if not ControllerUsers().auth(session['email'], session['password']):
return redirect(url_for("account.logout"))
# get user data
user = ControllerUsers(session['user_id']).get()
return render_template('default/id/index.html', user_details=user)
@viewAccount.route('/billing', methods=['GET', 'POST'])
def billing():
# check session
if not ControllerUsers().check_session():
return redirect(url_for("account.logout"))
# auth user
if not ControllerUsers().auth(session['email'], session['password']):
return redirect(url_for("account.logout"))
user_id = session['user_id']
if models.UsersBalance.select().where(models.UsersBalance.user == user_id).count() == 0:
models.UsersBalance.create(user=user_id, balance=10)
user_balance = models.UsersBalance.select().where(models.UsersBalance.user == user_id).limit(1)[0].balance
user_details = models.Users.select().where(models.Users.id == session['user_id']).limit(1)[0]
# выгрузка истории платежей
history = dict()
history['total'] = models.UsersBalanceTransactions.select().\
where(models.UsersBalanceTransactions.user == user_id).count()
history['items'] = models.UsersBalanceTransactions.select().\
where(models.UsersBalanceTransactions.user == user_id)
return render_template(
'default/id/balance.html',
user_details=user_details,
user_balance=user_balance,
history=history
)
@viewAccount.route('/registration', methods=['GET', 'POST'])
def registration():
# check session
if ControllerUsers().check_session():
return redirect(url_for("containers.index"))
if request.method == 'POST':
check_password = False
if request.form['password'] == request.form['password2']:
check_password = True
if not special_match(request.form['email'], r"^[A-Za-z0-9\.\+_-]+@[A-Za-z0-9\._-]+\.[a-zA-Z]*$")\
or len(request.form['password']) < 5\
or not check_password:
g.errors['items'].append('Invalid registration data.')
g.errors['total'] += 1
if g.errors['total'] == 0:
# count user with email and password
if models.Users.select().where(models.Users.email == request.form['email']).count():
g.errors['items'].append('Invalid registration. User already exists.')
g.errors['total'] += 1
else:
if ControllerUsers().registration(request.form['email'], request.form['password']):
user_id = ControllerUsers().get_id_by_email(request.form['email'])
ControllerUsersDetails(user_id).details_create()
ControllerBilling().create(user_id, g.settings['bonus'])
# ControllerU
# send mail message with recovery code
message = u"""
Е-почта: %s
Пароль: %s
""" % (request.form['email'], request.form['password'])
subject = u'GoCloud.ru: Успешная регистрация'
lead = u"""
Поздравляем с успешной зарегистрацией.
"""
callout = u"""
Для входа в личный кабинет воспользуйтесь
<a href="https://gocloud.ru/account/login">страницей авторизации</a>.
"""
email = ControllerMessagesEmail()
email.send(title=subject, to=request.form['email'], lead=lead, message=message, callout=callout)
# redirect to login page
return redirect(url_for('account.login'))
else:
g.errors['items'].append('Invalid registration. Try again.')
g.errors['total'] += 1
return render_template('default/id/registration.html')
@viewAccount.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'POST':
# validation entered data
if not special_match(request.form['email'], r"^[A-Za-z0-9\.\+_-]+@[A-Za-z0-9\._-]+\.[a-zA-Z]*$")\
or len(request.form['password']) < 5:
g.errors['items'].append('Invalid registration data.')
g.errors['total'] += 1
if g.errors['total'] == 0:
# try auth only active users (with status code 1)
if ControllerUsers().auth(request.form['email'], request.form['password'], 1):
# get user_id
user_id = ControllerUsers().get_id_by_email(request.form['email'])
# save user data to session
session['user_id'] = user_id
session['email'] = request.form['email']
session['password'] = request.form['password']
# redirect to rules list
return redirect(url_for('containers.index'))
else:
g.errors['items'].append('Invalid login. Please try again.')
g.errors['total'] += 1
return render_template("default/id/login.html")
@viewAccount.route('/logout')
def logout():
session.pop('user_id', None)
session.pop('email', None)
session.pop('password', None)
return redirect(url_for('account.login'))
@viewAccount.route("/password_reset", methods=['GET', 'POST'])
def password_reset():
if request.method == "POST":
# check exists email
if ControllerUsers().user_exists_by_email(request.form['email']):
# get user_id by email
user_id = str(ControllerUsers().user_id_by_email(request.form['email']))
# create recovery code
recovery_code = ControllerUsersRecoveryCodes().code_generate()
# remove old recovery codes for user
ControllerUsersRecoveryCodes().delete(user_id)
# write new recovery code to database
ControllerUsersRecoveryCodes().create(user_id, recovery_code)
# send mail message with recovery code
subject = u'GoCloud.ru: Код восстановления доступа'
message = u'Код восстановления: %s' % recovery_code
lead = u"""
Данный код необходимо ввести на странице подтверждения
<a href="https://gocloud.ru/account/password_reset_step2">сброса пароля</a>.
"""
callout = u'Если вы не хотите сбрасывать пароль, то просто проигнорируйте (или удалите) данное письмо.'
# controllers.Mail().send(request.form['email'], subject, message)
email = ControllerMessagesEmail()
email.send(title=subject, to=request.form['email'], lead=lead, message=message, callout=callout)
# redirect to step 2
return redirect(url_for('account.password_reset_step2'))
else:
g.errors['items'].append(u'Произошла ошибка. Введите корректный адрес е.почты.')
g.errors['total'] += 1
return render_template('default/id/password_reset_step1.html')
@viewAccount.route("/password_reset_step2", methods=['GET', 'POST'])
def password_reset_step2():
if request.method == "POST":
# check exists email
if ControllerUsers().user_exists_by_email(request.form['email']):
# get user_id by email
user_id = ControllerUsers().user_id_by_email(request.form['email'])
recovery_code = request.form['recovery_code']
# check valid recovery codes
if ControllerUsersRecoveryCodes().check(user_id, recovery_code):
# remove old recovery codes for user
ControllerUsersRecoveryCodes().delete(user_id)
# generate new password
new_password = ControllerUsers().generate_password()
# save password
ControllerUsers().update(user_id, password=new_password)
# send mail message with new password
message = u"""Новый пароль: %s""" % new_password
subject = u"""GoCloud.ru: Новый пароль"""
lead = u"""
Пароль для доступа в <a href="https://gocloud.ru/account/login">личный кабинет</a> был сброшен.
"""
callout = u"""Запомните новый пароль и удалите данное сообщение."""
# controllers.Mail().send(request.form['email'], subject, message)
email = ControllerMessagesEmail()
email.send(title=subject, to=request.form['email'], lead=lead, message=message, callout=callout)
# redirect to login page
return redirect(url_for('account.login'))
# redirect to step 2
g.errors['items'].append(u'Ошибочный код')
g.errors['total'] += 1
return redirect(url_for('account.password_reset_step2'))
else:
g.errors['items'].append(u'Произошла ошибка. Введите корректный адрес е.почты.')
g.errors['total'] += 1
return render_template('default/id/password_reset_step2.html')
@viewAccount.route("/password_update", methods=['GET', 'POST'])
def password_update():
"""
Обновление пароля из личного кабинета с уведомлением владельца по ел.почте
:return:
"""
# check session
if not ControllerUsers().check_session():
return redirect(url_for("account.logout"))
# auth user
if not ControllerUsers().auth(session['email'], session['password']):
return redirect(url_for("account.logout"))
if request.method == "POST":
# Проверка старого пароля
check_old = ControllerUsers().auth(session['email'], request.form['old_password'])
if check_old and request.form['new_password'] == request.form['new_password_confirm']:
# Обновляем пароль
ControllerUsers().update(session['user_id'], password=request.form['new_password'])
# send mail message with recovery code
lead = u"""
Пароль для достуна в личный кабинет был успешно изменён.
"""
message = u"""Пароль: %s""" % request.form['new_password']
callout = u"""
"""
subject = u'GoCloud.ru: Смена пароля'
email = ControllerMessagesEmail()
email.send(
title=subject,
to=session['email'],
lead=lead,
message=message,
callout=callout
)
return redirect(url_for('account.password_update'))
return render_template('default/id/password_update.html')
@viewAccount.route('/sshkey', methods=['GET', 'POST'])
def sshkey():
# check session
if not ControllerUsers().check_session():
return redirect(url_for("account.logout"))
# auth user
if not ControllerUsers().auth(session['email'], session['password']):
return redirect(url_for("account.logout"))
controllersshkey = ControllerSSHKey(session['user_id'])
if request.method == "POST":
try:
ssh = SSHKey(request.form['sshkey'])
except Exception as e:
g.errors['items'].append(u"Не корректный ssh-ключ.")
g.errors['total'] += 1
else:
print(ssh.bits)
print(ssh.hash())
controllersshkey.set(request.form['sshkey'])
sshkey = {
"exists": controllersshkey.check(),
"sshkey": controllersshkey.get()
}
return render_template('default/id/sshkey.html', sshkey=sshkey)
@viewAccount.route('/sshkey_delete', methods=['POST'])
def sshkey_delete():
# check session
if not ControllerUsers().check_session():
return redirect(url_for("account.logout"))
# auth user
if not ControllerUsers().auth(session['email'], session['password']):
return redirect(url_for("account.logout"))
controllersshkey = ControllerSSHKey(session['user_id'])
controllersshkey.delete()
return redirect(url_for('account.sshkey'))
@viewAccount.route('/api', methods=['GET', 'POST'])
def api():
# check session
if not ControllerUsers().check_session():
return redirect(url_for("account.logout"))
# auth user
if not ControllerUsers().auth(session['email'], session['password']):
return redirect(url_for("account.logout"))
#
if not ControllerAPI().check(session['user_id']):
ControllerAPI().set(session['user_id'], '', '', 0)
#
user_secret = ControllerAPI().get(session['user_id'])[0]
return render_template(
'default/id/api.html',
user_secret=user_secret
)
@viewAccount.route('/api_update', methods=['POST'])
def api_update():
# check session
if not ControllerUsers().check_session():
return redirect(url_for("account.logout"))
# auth user
if not ControllerUsers().auth(session['email'], session['password']):
return redirect(url_for("account.logout"))
#
ControllerAPI().set(
session['user_id'],
request.form['secret'],
request.form['acl'],
request.form['status']
)
#
return redirect(url_for('account.api'))
Reference in a new issue View git blame Copy permalink