def userNameAction(id):
if request.method == 'GET':
try:
user = User.get_user(id, include_points=True)
except DoesNotExist:
abort(404)
return Response(json.dumps(user, cls=Encoder),
mimetype='application/json')
elif request.method == 'PUT':
if not current_user.elder:
abort(403)
data = request.json
data['settings'] = json.dumps(
data['settings']) if 'settings' in data else '{}'
user = User(**data)
user.save()
return jsonify(success=1)
elif request.method == 'DELETE':
if not current_user.elder:
abort(403)
try:
user = User.get(User.id == id)
user.delete_instance()
except DoesNotExist:
abort(404)
return jsonify(success=1)
def eventAction():
data = request.json
data.pop('id', None)
if data['target'] == current_user.id:
abort(403)
target = User()
try:
target = User.get(User.id == data['target'])
except DoesNotExist:
abort(403)
if target.disabled:
abort(403)
data['amount'] = max(min(current_user.max_points, int(data['amount'])), 1)
event = Event(**data)
event.source = current_user.id
event.add()
return jsonify(success=1)
def auth():
session_csrf_token = session.pop('csrf_token', None)
csrf_token = request.args.get('state', None)
code = request.args.get('code')
if not session_csrf_token or not csrf_token:
raise WebException('Missing CSRF token')
if not code:
raise WebException('Missing authorization code')
if csrf_token != session_csrf_token:
raise WebException('CSRF Token Mismatch')
flow = OAuth2WebServerFlow(
client_id=current_app.config['GOOGLE_API_CLIENT_ID'],
client_secret=current_app.config['GOOGLE_API_CLIENT_SECRET'],
scope=current_app.config['GOOGLE_API_SCOPE'],
redirect_uri=current_app.config['SITE_URL'] + '/auth')
credentials = flow.step2_exchange(code)
http = credentials.authorize(httplib2.Http())
id_token = credentials.id_token
if not validate_id_token(id_token):
raise WebException('Invalid ID Token')
(headers,
content) = http.request('https://www.googleapis.com/oauth2/v3/userinfo',
'GET')
if headers['status'] != '200':
raise WebException('Unable to retrieve user info', 500)
try:
userinfo = json.loads(content)
except ValueError:
raise WebException('Unable to parse user info', 500)
email = string.lower(userinfo['email'])
try:
user = User.get(User.email == email)
user.name = userinfo['name']
user.save()
except DoesNotExist:
user = User()
user.name = userinfo['name']
user.email = email
user.api_key = str(uuid4())
user.gravatar = hashlib.md5(email.strip().lower()).hexdigest()
user.url = id_token['sub']
user.save()
if not user:
raise WebException('Unable to upsert user', 500)
login_user(user)
return redirect(url_for('site.index'))
