def common_design_update(request, nick):
view = api.actor_get(api.ROOT, nick)
if request.POST:
try:
validate.nonce(request, 'update_design')
color = request.POST.get('bg_color')
repeat = request.POST.get('bg_repeat', 'no-repeat')
if not repeat:
repeat = ''
img = request.FILES.get('bg_image')
img_url = None
if img:
img_url = api.background_upload(request.user, nick, img.read())
api.background_set_actor(request.user, nick, img_url, color,
repeat)
return util.RedirectFlash(view.url() + '/settings/design',
'design updated')
except:
exception.handle_exception(request)
if request.GET and 'restore' in request.GET:
api.background_clear_actor(request.user, nick)
return util.RedirectFlash(view.url() + '/settings/design',
'design updated')
return None
def install_rootuser(request):
# requires an admin
user = users.get_current_user()
if not user:
return http.HttpResponseRedirect(users.create_login_url('/install'))
else:
if not users.is_current_user_admin():
return http.HttpResponseRedirect('/')
try:
root_user = api.actor_get(api.ROOT, settings.ROOT_NICK)
except:
root_user = None
if request.POST:
try:
logging.warning('Making root user: %s', settings.ROOT_NICK)
validate.nonce(request, 'create_root')
root_user = api.user_create_root(api.ROOT)
return util.RedirectFlash('/install', 'Root user created')
except:
exception.handle_exception(request)
redirect_to = '/'
c = template.RequestContext(request, locals())
t = loader.get_template('install/templates/rootuser.html')
return http.HttpResponse(t.render(c))
def common_design_update(request, nick):
view = api.actor_get(api.ROOT, nick)
if request.POST:
try:
validate.nonce(request, 'update_design')
color = request.POST.get('bg_color')
repeat = request.POST.get('bg_repeat', 'no-repeat')
if not repeat:
repeat = ''
img = request.FILES.get('bg_image')
img_url = None
if img:
img_url = api.background_upload(request.user,
nick,
img.read())
api.background_set_actor(request.user,
nick,
img_url,
color,
repeat)
return util.RedirectFlash(view.url() + '/settings/design',
'design updated')
except:
exception.handle_exception(request)
if request.GET and 'restore' in request.GET:
api.background_clear_actor(request.user, nick)
return util.RedirectFlash(view.url() + '/settings/design',
'design updated')
return None
def common_design_update(request, success="/", nick=None):
if not nick:
nick = request.user.nick
view = api.actor_get(api.ROOT, nick)
if request.POST:
try:
validate.nonce(request, 'update_design')
color = request.POST.get('bg_color')
repeat = request.POST.get('bg_repeat', 'no-repeat')
if not repeat:
repeat = ''
img = request.FILES.get('bg_image')
img_url = None
if img:
img_url = api.background_upload(request.user,
nick,
img.read())
api.background_set_actor(request.user,
nick,
img_url,
color,
repeat)
return util.RedirectFlash(success,
'Thiết lập về màu nền/ảnh nền đã được cập nhật lại.')
except:
exception.handle_exception(request)
if request.GET and 'restore' in request.GET:
api.background_clear_actor(request.user, nick)
return util.RedirectFlash(success,
'Thiết lập ảnh nền/màu nền đã được khôi phục về trạng thái mặc định.')
return None
def install_rootuser(request):
# requires an admin
user = users.get_current_user()
if not user:
return http.HttpResponseRedirect(users.create_login_url('/install'))
else:
if not users.is_current_user_admin():
return http.HttpResponseRedirect('/')
try:
root_user = api.actor_get(api.ROOT, settings.ROOT_NICK)
except:
root_user = None
if request.POST:
try:
logging.warning('Making root user: %s', settings.ROOT_NICK)
validate.nonce(request, 'create_root')
root_user = api.user_create_root(api.ROOT)
return util.RedirectFlash('/install', 'Root user created')
except:
exception.handle_exception(request)
redirect_to = '/'
c = template.RequestContext(request, locals())
t = loader.get_template('install/templates/rootuser.html')
return http.HttpResponse(t.render(c))
def call_api_from_request(request, api_call):
"""Call an API function 'api_call' if it's present in the request parameters.
The first parameter to the API call is always the logged-in user.
The rest of the parameters may come in two forms:
api_call_name=first_param& ... rest of params
or
api_call_name=& ... rest of params
rest_of_params is always turned into Python keyword arguments.
If the api_call_name has a value, that is turned into Python positional
params.
RETURNS:
(False, None) if it isn't or the call throws an exception,
(True, return value from call) otherwise.
"""
# TODO(termie): make this only accept POST once we update javascript
# to turn the links into POSTs
for request_dict in (request.POST, request.GET):
if api_call in request_dict:
# debug
logging.info(">>> CALL: %s", str(api_call))
# end debug
call = getattr(api, api_call)
try:
validate.nonce(request, api_call)
confirm_msg = messages.confirmation(api_call)
# debug
# logging.info(">>> MESSAGE : %s", str(confirm_msg))
# end debug
if not confirm_msg is None:
validate.confirm_dangerous(
request, messages.confirmation(api_call))
kwparams = util.query_dict_to_keywords(request_dict)
# debug
logging.info(">>> KWPARAMS: %s", str(kwparams))
# end debug
if '' in kwparams:
del kwparams['']
first_param = kwparams.pop(api_call, '')
params = list()
if len(first_param):
params = (first_param,)
validate.nonce(request, api_call)
kwparams.pop('_nonce')
kwparams.pop('confirm', None)
kwparams.pop('redirect_to', None)
# debug
logging.info("##### CALL: %s", str((params, kwparams)))
# end debug
return (True, call(request.user, *params, **kwparams))
except:
exception.handle_exception(request)
return (False, None)
def api_authorize(request):
"""
checks on the request token provided or ask the user enter one
allows the user to authorize this
if consumer style is web and a callback is provided redirect to it
otherwise suggest that the user notify their application that authorization
has completed
"""
redirect = urllib.quote(request.get_full_path())
view = user.get_user_from_cookie_or_legacy_auth(request)
if view is None:
logging.info("Redirect: %s " % redirect)
return http.HttpResponseRedirect("/login?redirect_to=%s" % redirect)
oauth_token = request.REQUEST.get('oauth_token', None)
if not oauth_token:
# please enter token page
pass
oauth_token_ref = api.oauth_get_request_token(api.ROOT, oauth_token)
if not oauth_token_ref:
raise Exception("bad token")
oauth_consumer_ref = api.oauth_get_consumer(api.ROOT,
oauth_token_ref.consumer)
if not oauth_consumer_ref:
raise Exception("bad consumer")
if "active" != oauth_consumer_ref.status:
raise Exception("inactive consumer")
perms = request.REQUEST.get('perms', 'read')
if request.POST:
# we posted to this page to authorize
# TODO verify nonce
validate.nonce(request, "authorize_token")
api.oauth_authorize_request_token(api.ROOT, oauth_token_ref.key_,
actor=request.user.nick, perms=perms)
oauth_callback = request.POST.get("oauth_callback", None)
if oauth_consumer_ref.type == "web":
if oauth_callback:
return http.HttpResponseRedirect(oauth_callback)
elif oauth_consumer_ref.callback_url is not None:
return http.HttpResponseRedirect(oauth_consumer_ref.callback_url)
c = template.RequestContext(request, locals())
t = loader.get_template('api/templates/authorized.html')
return http.HttpResponse(t.render(c))
perms_pretty = {'read': 'view',
'write': 'view and update',
'delete': 'view, update and delete'}[perms]
c = template.RequestContext(request, locals())
t = loader.get_template('api/templates/authorize.html')
return http.HttpResponse(t.render(c))
def test_good_nonces(self):
fake_user = '******'
action = 'some_action'
nonce = util.create_nonce(fake_user, action)
params = {'_nonce': nonce}
validate.nonce(test_util.FakeRequest(user=fake_user, post=params),
action)
validate.nonce(test_util.FakeRequest(user=fake_user, get=params),
action)
def api_authorize(request):
"""
checks on the request token provided or ask the user enter one
allows the user to authorize this
if consumer style is web and a callback is provided redirect to it
otherwise suggest that the user notify their application that authorization
has completed
"""
oauth_token = request.REQUEST.get('oauth_token', None)
if not oauth_token:
# please enter token page
pass
oauth_token_ref = api.oauth_get_request_token(api.ROOT, oauth_token)
if not oauth_token_ref:
raise Exception("bad token")
oauth_consumer_ref = api.oauth_get_consumer(api.ROOT,
oauth_token_ref.consumer)
if not oauth_consumer_ref:
raise Exception("bad consumer")
if "active" != oauth_consumer_ref.status:
raise Exception("inactive consumer")
perms = request.REQUEST.get('perms', 'read')
if request.POST:
# we posted to this page to authorize
# TODO verify nonce
validate.nonce(request, "authorize_token")
api.oauth_authorize_request_token(api.ROOT,
oauth_token_ref.key_,
actor=request.user.nick,
perms=perms)
oauth_callback = request.POST.get("oauth_callback", None)
if oauth_callback and oauth_consumer_ref.type == "web":
return http.HttpResponseRedirect(oauth_callback)
c = template.RequestContext(request, locals())
t = loader.get_template('api/templates/authorized.html')
return http.HttpResponse(t.render(c))
perms_pretty = {
'read': 'view',
'write': 'view and update',
'delete': 'view, update and delete'
}[perms]
c = template.RequestContext(request, locals())
t = loader.get_template('api/templates/authorize.html')
return http.HttpResponse(t.render(c))
def test_good_nonces(self):
fake_user = '******'
action = 'some_action'
nonce = util.create_nonce(fake_user, action)
params = {'_nonce': nonce}
validate.nonce(test_util.FakeRequest(
user=fake_user,
post=params),
action)
validate.nonce(test_util.FakeRequest(
user=fake_user,
get=params),
action)
def install(request):
try:
root_user = api.actor_get(api.ROOT, settings.ROOT_NICK)
if root_user:
return util.RedirectFlash('/', 'Already Installed')
except:
root_user = None
post_name = util.get_metadata('POST_NAME')
default_channel = util.get_metadata('DEFAULT_CHANNEL')
if request.POST:
site_name = request.POST.get('site_name', None)
tagline = request.POST.get('tagline', None)
post_name = request.POST.get('post_name', None)
root_mail = request.POST.get('root_mail', None)
password = request.POST.get('password', None)
confirm = request.POST.get('confirm', None)
default_channel = request.POST.get('default_channel', None)
try:
logging.info('saving values')
validate.nonce(request, 'install')
validate.email(root_mail)
validate.password(password)
validate.password_and_confirm(password, confirm)
channel = clean.channel(default_channel)
admin_helper.validate_and_save_sitesettings(site_name, tagline, post_name)
root_user = api.user_create_root(api.ROOT, password=password)
api.email_associate(api.ROOT, root_user.nick, root_mail)
channel_ref = api.channel_create(api.ROOT, nick=api.ROOT.nick, channel=channel, tags=[],
type='', description='Support Channel')
util.set_metadata('DEFAULT_CHANNEL', default_channel)
logging.info('Installed and Redirecting to front')
return util.RedirectFlash('/', 'Installed Successfully')
except:
exception.handle_exception(request)
redirect_to = '/'
c = template.RequestContext(request, locals())
return render_to_response('administration/templates/install.html', c)
def test_slightly_old_nonces(self):
fake_user = '******'
action = 'some_action'
nonce = util.create_nonce(fake_user, action, offset=-1)
validate.nonce(
test_util.FakeRequest(user=fake_user, post={'_nonce': nonce}),
action)
old_nonce = util.create_nonce(fake_user, action, offset=-2)
def _old_nonce():
validate.nonce(
test_util.FakeRequest(user=fake_user,
post={'_nonce': old_nonce}), action)
self.assertRaises(exception.ValidationError, _old_nonce)
def test_slightly_old_nonces(self):
fake_user = '******'
action = 'some_action'
nonce = util.create_nonce(fake_user, action, offset= -1)
validate.nonce(test_util.FakeRequest(
user=fake_user,
post={'_nonce': nonce}),
action)
old_nonce = util.create_nonce(fake_user, action, offset= -2)
def _old_nonce():
validate.nonce(test_util.FakeRequest(
user=fake_user,
post={'_nonce': old_nonce}),
action)
self.assertRaises(exception.ValidationError, _old_nonce)
def call_api_from_request(request, api_call):
"""Call an API function 'api_call' if it's present in the request parameters.
The first parameter to the API call is always the logged-in user.
The rest of the parameters may come in two forms:
api_call_name=first_param& ... rest of params
or
api_call_name=& ... rest of params
rest_of_params is always turned into Python keyword arguments.
If the api_call_name has a value, that is turned into Python positional
params.
RETURNS:
(False, None) if it isn't or the call throws an exception,
(True, return value from call) otherwise.
"""
# TODO(termie): make this only accept POST once we update javascript
# to turn the links into POSTs
for request_dict in (request.POST, request.GET):
if api_call in request_dict:
call = getattr(api, api_call)
try:
validate.nonce(request, api_call)
confirm_msg = messages.confirmation(api_call)
if not confirm_msg is None:
validate.confirm_dangerous(request,
messages.confirmation(api_call))
kwparams = util.query_dict_to_keywords(request_dict)
if '' in kwparams:
del kwparams['']
first_param = kwparams.pop(api_call, '')
params = list()
if len(first_param):
params = (first_param, )
validate.nonce(request, api_call)
kwparams.pop('_nonce')
kwparams.pop('confirm', None)
kwparams.pop('redirect_to', None)
return (True, call(request.user, *params, **kwparams))
except:
exception.handle_exception(request)
return (False, None)
def api_authorize(request):
"""
checks on the request token provided or ask the user enter one
allows the user to authorize this
if consumer style is web and a callback is provided redirect to it
otherwise suggest that the user notify their application that authorization
has completed
"""
oauth_token = request.REQUEST.get("oauth_token", None)
if not oauth_token:
# please enter token page
pass
oauth_token_ref = api.oauth_get_request_token(api.ROOT, oauth_token)
if not oauth_token_ref:
raise Exception("bad token")
oauth_consumer_ref = api.oauth_get_consumer(api.ROOT, oauth_token_ref.consumer)
if not oauth_consumer_ref:
raise Exception("bad consumer")
if "active" != oauth_consumer_ref.status:
raise Exception("inactive consumer")
perms = request.REQUEST.get("perms", "read")
if request.POST:
# we posted to this page to authorize
# TODO verify nonce
validate.nonce(request, "authorize_token")
api.oauth_authorize_request_token(api.ROOT, oauth_token_ref.key_, actor=request.user.nick, perms=perms)
oauth_callback = request.POST.get("oauth_callback", None)
if oauth_callback and oauth_consumer_ref.type == "web":
return http.HttpResponseRedirect(oauth_callback)
c = template.RequestContext(request, locals())
t = loader.get_template("api/templates/authorized.html")
return http.HttpResponse(t.render(c))
perms_pretty = {"read": "view", "write": "view and update", "delete": "view, update and delete"}[perms]
c = template.RequestContext(request, locals())
t = loader.get_template("api/templates/authorize.html")
return http.HttpResponse(t.render(c))
def common_confirm(request):
message = request.REQUEST['message']
redirect_to = request.REQUEST['redirect_to']
try:
validate.nonce(request, message + redirect_to)
parts = urlparse.urlparse(redirect_to)
action_url = parts[2]
query_dict = cgi.parse_qs(parts[4], keep_blank_values=True)
query_dict = dict([(k, v[0]) for k, v in query_dict.iteritems()])
except:
message = None
exception.handle_exception(request)
c = template.RequestContext(request, locals())
t = loader.get_template('common/templates/confirm.html')
return http.HttpResponse(t.render(c))
def common_confirm(request):
message = request.REQUEST['message']
redirect_to = request.REQUEST['redirect_to']
try:
validate.nonce(request, message + redirect_to)
parts = urlparse.urlparse(redirect_to)
action_url = parts[2]
query_dict = cgi.parse_qs(parts[4], keep_blank_values=True)
query_dict = dict([(k, v[0]) for k, v in query_dict.iteritems()])
except:
message = None
exception.handle_exception(request)
c = template.RequestContext(request, locals())
t = loader.get_template('common/templates/confirm.html')
return http.HttpResponse(t.render(c))
def admin_site(request):
page = 'site'
title = 'Site Settings'
site_name = util.get_metadata('SITE_NAME')
tagline = util.get_metadata('TAGLINE')
post_name = util.get_metadata('POST_NAME')
if request.POST:
site_name = request.POST.get('site_name', None)
tagline = request.POST.get('tagline', None)
post_name = request.POST.get('post_name', None)
site_description = request.POST.get('site_description', None)
try:
validate.nonce(request, 'site')
admin_helper.validate_and_save_sitesettings(site_name, tagline, post_name, site_description)
except exception.ValidationError:
exception.handle_exception(request)
c = template.RequestContext(request, locals())
return render_to_response('administration/templates/site.html', c)
def admin_channel(request):
page = 'channel'
title = 'Channels Settings'
enable_channels = util.get_metadata('ENABLE_CHANNELS')
enable_channel_types = util.get_metadata('ENABLE_CHANNEL_TYPES')
if request.POST:
enable_channels = request.POST.get('enable_channels', False)
enable_channel_types = request.POST.get('enable_channel_types', False)
try:
validate.nonce(request, 'admin_channel')
validate.bool_checkbox(enable_channels)
validate.bool_checkbox(enable_channel_types)
util.set_metadata('ENABLE_CHANNELS', str(enable_channels), 0, {'type':'bool'})
util.set_metadata('ENABLE_CHANNEL_TYPES', str(enable_channel_types), 0, {'type':'bool'})
except exception.ValidationError:
exception.handle_exception(request)
c = template.RequestContext(request, locals())
return render_to_response('administration/templates/channel.html', c)
def common_photo_upload(request, success="/", nick=None):
if not nick:
nick = request.user.nick
if request.FILES:
try:
# we're going to handle a file upload, wee
validate.nonce(request, 'change_photo')
img = request.FILES.get('imgfile')
if not img:
raise exception.ValidationError('imgfile must be set')
validate.avatar_photo_size(img)
img_url = api.avatar_upload(request.user,
nick,
img.read())
api.avatar_set_actor(request.user, nick, img_url)
return util.RedirectFlash(success, "Avatar uploaded")
except:
exception.handle_exception(request)
elif 'avatar' in request.POST:
try:
validate.nonce(request, 'change_photo')
avatar_path = request.POST.get('avatar')
if not avatar_path:
raise exception.ValidationError('avatar must be set')
rv = api.avatar_set_actor(request.user, nick, avatar_path)
if not rv:
raise exception.ValidationError('failed to set avatar')
return util.RedirectFlash(success, "Avatar changed")
except:
exception.handle_exception(request)
if 'delete' in request.REQUEST:
try:
validate.nonce(request, 'delete_photo')
validate.confirm_dangerous(request, 'Delete your photo?')
rv = api.avatar_clear_actor(request.user, nick)
return util.RedirectFlash(success, "Avatar deleted")
except:
exception.handle_exception(request)
def common_photo_upload(request, success="/", nick=None):
if not nick:
nick = request.user.nick
if request.FILES:
try:
# we're going to handle a file upload, wee
validate.nonce(request, 'change_photo')
img = request.FILES.get('imgfile')
if not img:
raise exception.ValidationError('imgfile must be set')
validate.avatar_photo_size(img)
img_url = api.avatar_upload(request.user, nick, img.read())
api.avatar_set_actor(request.user, nick, img_url)
return util.RedirectFlash(success, "Avatar uploaded")
except:
exception.handle_exception(request)
elif 'avatar' in request.POST:
try:
validate.nonce(request, 'change_photo')
avatar_path = request.POST.get('avatar')
if not avatar_path:
raise exception.ValidationError('avatar must be set')
rv = api.avatar_set_actor(request.user, nick, avatar_path)
if not rv:
raise exception.ValidationError('failed to set avatar')
return util.RedirectFlash(success, "Avatar changed")
except:
exception.handle_exception(request)
if 'delete' in request.REQUEST:
try:
validate.nonce(request, 'delete_photo')
validate.confirm_dangerous(request, 'Delete your photo?')
rv = api.avatar_clear_actor(request.user, nick)
return util.RedirectFlash(success, "Avatar deleted")
except:
exception.handle_exception(request)
def _old_nonce():
validate.nonce(
test_util.FakeRequest(user=fake_user,
post={'_nonce': old_nonce}), action)
def join_welcome_contacts(request):
"""
if we have an access token for this user attempt to fetch the contacts
else if we have a request token attempt to get an access token
if we have neither
if we are trying to authorize, grab a request token and redirect to authorize page
else
show the page
"""
redirect_to = request.REQUEST.get('redirect_to', '/')
next = '/welcome/done'
# these are for the find more contacts bits
start_index = int(request.REQUEST.get('index', 1))
max = 100
token = request.REQUEST.get('token')
contacts_more = int(request.REQUEST.get('contacts_more', 0))
# this won't be seen unless contacts_more is positive,
# so no worries about the possible negative value
contacts_so_far = contacts_more - 1
try:
if not settings.GOOGLE_CONTACTS_IMPORT_ENABLED:
raise exception.FeatureDisabledError('Google Contacts import is currently disabled')
if 'lookup_remote_contacts' in request.POST:
validate.nonce(request, 'lookup_remote_contacts')
next_url = util.qsa(util.here(request),
{'redirect_to': redirect_to,
'upgrade_auth_token': '',
'_nonce': util.create_nonce(request.user,
'upgrade_auth_token'),
}
)
auth_url = google_contacts.auth_sub_url(next_url)
return http.HttpResponseRedirect(auth_url)
elif 'actor_add_contacts' in request.POST:
validate.nonce(request, 'actor_add_contacts')
targets = request.POST.getlist('targets')
owner = request.POST.get('owner', '')
rv = api.actor_add_contacts(request.user, owner, targets)
next_url = util.qsa(util.here(request),
{'redirect_to': redirect_to,
'contacts_more': contacts_more,
'index': start_index,
'token': token,
}
)
return util.RedirectFlash(next_url, 'Contacts added.')
elif 'upgrade_auth_token' in request.GET:
validate.nonce(request, 'upgrade_auth_token')
auth_token = google_contacts.auth_sub_token_from_request(request)
session_token = google_contacts.upgrade_to_session_token(auth_token)
next_url = util.qsa(util.here(request),
{'redirect_to': redirect_to,
'fetch_contacts': '',
'token': session_token.get_token_string(),
'_nonce': util.create_nonce(request.user,
'fetch_contacts'),
}
)
return http.HttpResponseRedirect(next_url)
elif 'fetch_contacts' in request.REQUEST:
validate.nonce(request, 'fetch_contacts')
# start_index and max are gathered above
session_token = google_contacts.auth_sub_token_from_request(request)
# check for the "My Contacts" group, otherwise, fetch it
my_contacts = memcache.client.get('%s/my_contacts' % token)
if not my_contacts:
my_contacts = google_contacts.get_system_group(session_token,
'Contacts')
memcache.client.set('%s/my_contacts' % token, my_contacts)
rv, more = google_contacts.get_contacts_emails(session_token,
group=my_contacts,
index=start_index,
max=max)
contacts = []
for name, email in rv:
logging.info('looking up "%s" %s', name, email)
contacts.append(api.actor_lookup_email(request.user, email))
contacts = [x for x in contacts if x]
# for the template
contacts_found = True
contacts_more = more
contacts_so_far = contacts_more - 1
token = session_token.get_token_string()
contacts_emails = rv
# if no contacts were found and more are available, try some more
if not contacts and contacts_more:
next_url = util.qsa(util.here(request),
{'fetch_contacts': '',
'contacts_more': contacts_more,
'index': contacts_more,
'token': token,
'_nonce': util.create_nonce(request.user,
'fetch_contacts'),
'redirect_to': redirect_to,
}
)
# TODO(termie): this can take a really long time, probably not really
# viable until we can do it with javascript
#return util.MetaRefresh(next_url, message='Still working...', second=1)
#return http.HttpResponseRedirect(next_url)
except:
exception.handle_exception(request)
# set the progress
welcome_photo = True
welcome_mobile = True
view = request.user
page = 'contacts'
area = 'welcome'
c = template.RequestContext(request, locals())
t = loader.get_template('join/templates/welcome_%s.html' % page)
return http.HttpResponse(t.render(c))
def _old_nonce():
validate.nonce(test_util.FakeRequest(
user=fake_user,
post={'_nonce': old_nonce}),
action)
def actor_settings(request, nick, page="index"):
""" just a static page that links to the rest"""
nick = clean.nick(nick)
view = api.actor_lookup_nick(api.ROOT, nick)
if not api.actor_owns_actor(request.user, view):
raise exception.ApiOwnerRequired(
"Operation not allowed: %s does not own %s" % (request.user and request.user.nick or "(nobody)", view.nick)
)
handled = common_views.handle_view_action(
request,
{
"activation_activate_mobile": view.url("/settings/mobile"),
"activation_request_email": view.url("/settings/email"),
"activation_request_mobile": view.url("/settings/mobile"),
"settings_change_notify": view.url("/settings/notifications"),
"settings_change_privacy": request.path,
"settings_update_account": view.url("/settings/profile"),
"actor_remove": "/logout",
#'oauth_remove_consumer': request.path,
#'oauth_remove_access_token': request.path
},
)
if handled:
return handled
# TODO(tyler/termie): This conflicts with the global settings import.
# Also, this seems fishy. Do none of the settings.* items work in templates?
import settings
# TODO(tyler): Merge this into handle_view_action, if possible
if "password" in request.POST:
try:
validate.nonce(request, "change_password")
password = request.POST.get("password", "")
confirm = request.POST.get("confirm", "")
validate.password_and_confirm(password, confirm, field="password")
api.settings_change_password(request.user, view.nick, password)
response = util.RedirectFlash(view.url() + "/settings/password", "Password updated")
request.user.password = util.hash_password(request.user.nick, password)
# TODO(mikie): change when cookie-auth is changed
user.set_user_cookie(response, request.user)
return response
except:
exception.handle_exception(request)
if page == "feeds":
try:
if not settings.FEEDS_ENABLED:
raise exception.DisabledFeatureError("Feeds are currently disabled")
except:
exception.handle_exception(request)
if page == "photo":
redirect_to = view.url() + "/settings/photo"
handled = common_views.common_photo_upload(request, redirect_to)
if handled:
return handled
area = "settings"
full_page = page.capitalize()
if page == "mobile":
full_page = "Mobile Number"
mobile = api.mobile_get_actor(request.user, view.nick)
sms_notify = view.extra.get("sms_notify", False)
elif page == "im":
full_page = "IM Address"
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get("im_notify", False)
elif page == "index":
email = api.email_get_actor(request.user, view.nick)
email_notify = view.extra.get("email_notify", False)
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get("im_notify", False)
elif page == "feeds":
full_page = "Web Feeds"
elif page == "email":
full_page = "Email Address"
email_notify = view.extra.get("email_notify", False)
# check if we already have an email
email = api.email_get_actor(request.user, view.nick)
# otherwise look for an unconfirmed one
if not email:
unconfirmeds = api.activation_get_actor_email(api.ROOT, view.nick)
if unconfirmeds:
unconfirmed_email = unconfirmeds[0].content
elif page == "design":
redirect_to = view.url() + "/settings/design"
handled = common_views.common_design_update(request, redirect_to, view.nick)
if handled:
return handled
full_page = "Look and Feel"
elif page == "notifications":
email = api.email_get_actor(request.user, view.nick)
email_notify = view.extra.get("email_notify", False)
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get("im_notify", False)
mobile = api.mobile_get_actor(request.user, request.user.nick)
sms_notify = view.extra.get("sms_notify", False)
sms_confirm = sms_notify and not view.extra.get("sms_confirmed", False)
# TODO(termie): remove this once we can actually receive sms
sms_confirm = False
elif page == "profile":
# check if we already have an email
email = api.email_get_actor(request.user, view.nick)
# otherwise look for an unconfirmed one
if not email:
unconfirmeds = api.activation_get_actor_email(api.ROOT, view.nick)
if unconfirmeds:
unconfirmed_email = unconfirmeds[0].content
elif page == "photo":
avatars = display.DEFAULT_AVATARS
small_photos = api.image_get_all_keys(request.user, view.nick, size="f")
# TODO(tyler): Fix this avatar nonsense!
own_photos = [
{"path": small_photo.key().name(), "name": small_photo.key().name()[len("images/") : -len("_f.jpg")]}
for small_photo in small_photos
]
elif page == "privacy":
PRIVACY_PUBLIC = api.PRIVACY_PUBLIC
PRIVACY_CONTACTS = api.PRIVACY_CONTACTS
elif page == "jsbadge":
full_page = "Javascript Badges"
elif page == "badge":
badges = [
{
"id": "badge-stream",
"width": "200",
"height": "300",
"src": "/themes/%s/badge.swf" % settings.DEFAULT_THEME,
"title": "Stream",
},
{
"id": "badge-map",
"width": "200",
"height": "255",
"src": "/themes/%s/badge-map.swf" % settings.DEFAULT_THEME,
"title": "Map",
},
{
"id": "badge-simple",
"width": "200",
"height": "200",
"src": "/themes/%s/badge-simple.swf" % settings.DEFAULT_THEME,
"title": "Simple",
},
]
elif page in ["password", "delete"]:
# Catch for remaining pages before we generate a 404.
pass
else:
return common_views.common_404(request)
# rendering
c = template.RequestContext(request, locals())
t = loader.get_template("actor/templates/settings_%s.html" % page)
return http.HttpResponse(t.render(c))
def _notany_nonce():
validate.nonce(test_util.FakeRequest(
user=None,
post={'_nonce': notany_nonce},
),
action)
def _madeup_nonce():
validate.nonce(
test_util.FakeRequest(user=fake_user, post={'_nonce': 'TEST'}),
action)
def _notme_nonce():
validate.nonce(test_util.FakeRequest(
user='******',
post={'_nonce': notme_nonce}),
action)
def _madeup_nonce():
validate.nonce(test_util.FakeRequest(
user=fake_user,
post={'_nonce': 'TEST'}),
action)
def _notme_nonce():
validate.nonce(
test_util.FakeRequest(user='******',
post={'_nonce': notme_nonce}), action)
def _notany_nonce():
validate.nonce(
test_util.FakeRequest(
user=None,
post={'_nonce': notany_nonce},
), action)
def actor_settings(request, nick, page='index'):
""" just a static page that links to the rest"""
nick = clean.nick(nick)
view = api.actor_lookup_nick(api.ROOT, nick)
if not api.actor_owns_actor(request.user, view):
raise exception.ApiOwnerRequired(
'Operation not allowed: %s does not own %s'
% (request.user and request.user.nick or '(nobody)', view.nick))
handled = common_views.handle_view_action(
request,
{
'activation_activate_mobile': view.url('/settings/mobile'),
'activation_request_email': view.url('/settings/email'),
'activation_request_mobile': view.url('/settings/mobile'),
'settings_change_notify': view.url('/settings/notifications'),
'settings_change_privacy': request.path,
'settings_update_account': view.url('/settings/profile'),
'actor_remove': '/logout',
#'oauth_remove_consumer': request.path,
#'oauth_remove_access_token': request.path
}
)
if handled:
return handled
# TODO(tyler/termie): This conflicts with the global settings import.
# Also, this seems fishy. Do none of the settings.* items work in templates?
import settings
# TODO(tyler): Merge this into handle_view_action, if possible
if 'password' in request.POST:
try:
validate.nonce(request, 'change_password')
password = request.POST.get('password', '')
confirm = request.POST.get('confirm', '')
validate.password_and_confirm(password, confirm, field = 'password')
api.settings_change_password(request.user, view.nick, password)
response = util.RedirectFlash(view.url() + '/settings/password',
'Password updated')
request.user.password = util.hash_password(request.user.nick, password)
# TODO(mikie): change when cookie-auth is changed
user.set_user_cookie(response, request.user)
return response
except:
exception.handle_exception(request)
if page == 'feeds':
try:
if not settings.FEEDS_ENABLED:
raise exception.DisabledFeatureError('Feeds are currently disabled')
except:
exception.handle_exception(request)
if page == 'photo':
redirect_to = view.url() + '/settings/photo'
handled = common_views.common_photo_upload(request, redirect_to)
if handled:
return handled
area = 'settings'
full_page = page.capitalize()
if page == 'mobile':
full_page = 'Mobile Number'
mobile = api.mobile_get_actor(request.user, view.nick)
sms_notify = view.extra.get('sms_notify', False)
elif page == 'im':
full_page = 'IM Address'
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get('im_notify', False)
elif page == 'index':
email = api.email_get_actor(request.user, view.nick)
email_notify = view.extra.get('email_notify', False)
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get('im_notify', False)
elif page == 'feeds':
full_page = 'Web Feeds'
elif page == 'email':
full_page = 'Email Address'
email_notify = view.extra.get('email_notify', False)
# check if we already have an email
email = api.email_get_actor(request.user, view.nick)
# otherwise look for an unconfirmed one
if not email:
unconfirmeds = api.activation_get_actor_email(api.ROOT, view.nick)
if unconfirmeds:
unconfirmed_email = unconfirmeds[0].content
elif page == 'design':
handled = common_views.common_design_update(request, view.nick)
if handled:
return handled
full_page = 'Look and Feel'
elif page == 'notifications':
email = api.email_get_actor(request.user, view.nick)
email_notify = view.extra.get('email_notify', False)
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get('im_notify', False)
mobile = api.mobile_get_actor(request.user, request.user.nick)
sms_notify = view.extra.get('sms_notify', False)
sms_confirm = sms_notify and not view.extra.get('sms_confirmed', False)
# TODO(termie): remove this once we can actually receive sms
sms_confirm = False
elif page == 'profile':
# check if we already have an email
email = api.email_get_actor(request.user, view.nick)
# otherwise look for an unconfirmed one
if not email:
unconfirmeds = api.activation_get_actor_email(api.ROOT, view.nick)
if unconfirmeds:
unconfirmed_email = unconfirmeds[0].content
elif page == 'photo':
avatars = display.DEFAULT_AVATARS
small_photos = api.image_get_all_keys(request.user, view.nick, size='f')
# TODO(tyler): Fix this avatar nonsense!
own_photos = [{
'path' : small_photo.key().name(),
'name' : small_photo.key().name()[len('image/'):-len('_f.jpg')],
} for small_photo in small_photos
]
elif page == 'privacy':
PRIVACY_PUBLIC = api.PRIVACY_PUBLIC
PRIVACY_CONTACTS = api.PRIVACY_CONTACTS
elif page == 'jsbadge':
full_page = 'Javascript Badges'
elif page == 'badge':
badges = [{'id': 'badge-stream',
'width': '200',
'height': '300',
'src': '/themes/%s/badge.swf' % settings.DEFAULT_THEME,
'title': 'Stream',
},
{'id': 'badge-map',
'width': '200',
'height': '255',
'src': '/themes/%s/badge-map.swf' % settings.DEFAULT_THEME,
'title': 'Map',
},
{'id': 'badge-simple',
'width': '200',
'height': '200',
'src': '/themes/%s/badge-simple.swf' % settings.DEFAULT_THEME,
'title': 'Simple',
},
]
elif page in ['password', 'delete']:
# Catch for remaining pages before we generate a 404.
pass
else:
return common_views.common_404(request)
# rendering
c = template.RequestContext(request, locals())
t = loader.get_template('actor/templates/settings_%s.html' % page)
return http.HttpResponse(t.render(c))
def actor_settings(request, nick, page='index'):
""" just a static page that links to the rest"""
nick = clean.nick(nick)
view = api.actor_lookup_nick(api.ROOT, nick)
if not api.actor_owns_actor(request.user, view):
raise exception.ApiOwnerRequired(
'Operation not allowed: %s does not own %s' %
(request.user and request.user.nick or '(nobody)', view.nick))
handled = common_views.handle_view_action(
request,
{
'activation_activate_mobile': view.url('/settings/mobile'),
'activation_request_email': view.url('/settings/email'),
'activation_request_mobile': view.url('/settings/mobile'),
'settings_change_notify': view.url('/settings/notifications'),
'settings_change_privacy': request.path,
'settings_update_account': view.url('/settings/profile'),
'actor_remove': '/logout',
#'oauth_remove_consumer': request.path,
#'oauth_remove_access_token': request.path
})
if handled:
return handled
# TODO(tyler/termie): This conflicts with the global settings import.
# Also, this seems fishy. Do none of the settings.* items work in templates?
import settings
# TODO(tyler): Merge this into handle_view_action, if possible
if 'password' in request.POST:
try:
validate.nonce(request, 'change_password')
password = request.POST.get('password', '')
confirm = request.POST.get('confirm', '')
validate.password_and_confirm(password, confirm, field='password')
api.settings_change_password(request.user, view.nick, password)
response = util.RedirectFlash(view.url() + '/settings/password',
'Password updated')
request.user.password = util.hash_password(request.user.nick,
password)
# TODO(mikie): change when cookie-auth is changed
user.set_user_cookie(response, request.user)
return response
except:
exception.handle_exception(request)
if page == 'feeds':
try:
if not settings.FEEDS_ENABLED:
raise exception.DisabledFeatureError(
'Feeds are currently disabled')
except:
exception.handle_exception(request)
if page == 'photo':
redirect_to = view.url() + '/settings/photo'
handled = common_views.common_photo_upload(request, redirect_to)
if handled:
return handled
area = 'settings'
full_page = page.capitalize()
if page == 'mobile':
full_page = 'Mobile Number'
mobile = api.mobile_get_actor(request.user, view.nick)
sms_notify = view.extra.get('sms_notify', False)
elif page == 'im':
full_page = 'IM Address'
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get('im_notify', False)
elif page == 'index':
email = api.email_get_actor(request.user, view.nick)
email_notify = view.extra.get('email_notify', False)
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get('im_notify', False)
elif page == 'feeds':
full_page = 'Web Feeds'
elif page == 'email':
full_page = 'Email Address'
email_notify = view.extra.get('email_notify', False)
# check if we already have an email
email = api.email_get_actor(request.user, view.nick)
# otherwise look for an unconfirmed one
if not email:
unconfirmeds = api.activation_get_actor_email(api.ROOT, view.nick)
if unconfirmeds:
unconfirmed_email = unconfirmeds[0].content
elif page == 'design':
handled = common_views.common_design_update(request, view.nick)
if handled:
return handled
full_page = 'Look and Feel'
elif page == 'notifications':
email = api.email_get_actor(request.user, view.nick)
email_notify = view.extra.get('email_notify', False)
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get('im_notify', False)
mobile = api.mobile_get_actor(request.user, request.user.nick)
sms_notify = view.extra.get('sms_notify', False)
sms_confirm = sms_notify and not view.extra.get('sms_confirmed', False)
# TODO(termie): remove this once we can actually receive sms
sms_confirm = False
elif page == 'profile':
# check if we already have an email
email = api.email_get_actor(request.user, view.nick)
# otherwise look for an unconfirmed one
if not email:
unconfirmeds = api.activation_get_actor_email(api.ROOT, view.nick)
if unconfirmeds:
unconfirmed_email = unconfirmeds[0].content
elif page == 'photo':
avatars = display.DEFAULT_AVATARS
small_photos = api.image_get_all_keys(request.user,
view.nick,
size='f')
# TODO(tyler): Fix this avatar nonsense!
own_photos = [{
'path':
small_photo.key().name(),
'name':
small_photo.key().name()[len('image/'):-len('_f.jpg')],
} for small_photo in small_photos]
elif page == 'privacy':
PRIVACY_PUBLIC = api.PRIVACY_PUBLIC
PRIVACY_CONTACTS = api.PRIVACY_CONTACTS
elif page in ['password', 'delete']:
# Catch for remaining pages before we generate a 404.
pass
else:
return common_views.common_404(request)
# rendering
c = template.RequestContext(request, locals())
t = loader.get_template('actor/templates/settings_%s.html' % page)
return http.HttpResponse(t.render(c))
def join_welcome_contacts(request):
"""
if we have an access token for this user attempt to fetch the contacts
else if we have a request token attempt to get an access token
if we have neither
if we are trying to authorize, grab a request token and redirect to authorize page
else
show the page
"""
redirect_to = get_clean_redirect(request)
next = '/welcome/done'
# these are for the find more contacts bits
start_index = int(request.REQUEST.get('index', 1))
max = 100
token = request.REQUEST.get('token')
contacts_more = int(request.REQUEST.get('contacts_more', 0))
# this won't be seen unless contacts_more is positive,
# so no worries about the possible negative value
contacts_so_far = contacts_more - 1
try:
if not settings.GOOGLE_CONTACTS_IMPORT_ENABLED:
raise exception.FeatureDisabledError(
'Google Contacts import is currently disabled')
if 'lookup_remote_contacts' in request.POST:
validate.nonce(request, 'lookup_remote_contacts')
next_url = util.qsa(
util.here(request), {
'redirect_to':
redirect_to,
'upgrade_auth_token':
'',
'_nonce':
util.create_nonce(request.user, 'upgrade_auth_token'),
})
auth_url = google_contacts.auth_sub_url(next_url)
return http.HttpResponseRedirect(auth_url)
elif 'actor_add_contacts' in request.POST:
validate.nonce(request, 'actor_add_contacts')
targets = request.POST.getlist('targets')
owner = request.POST.get('owner', '')
rv = api.actor_add_contacts(request.user, owner, targets)
next_url = util.qsa(
util.here(request), {
'redirect_to': redirect_to,
'contacts_more': contacts_more,
'index': start_index,
'token': token,
})
return util.RedirectFlash(next_url, 'Contacts added.')
elif 'upgrade_auth_token' in request.GET:
validate.nonce(request, 'upgrade_auth_token')
auth_token = google_contacts.auth_sub_token_from_request(request)
session_token = google_contacts.upgrade_to_session_token(
auth_token)
next_url = util.qsa(
util.here(request), {
'redirect_to': redirect_to,
'fetch_contacts': '',
'token': session_token.get_token_string(),
'_nonce': util.create_nonce(request.user,
'fetch_contacts'),
})
return http.HttpResponseRedirect(next_url)
elif 'fetch_contacts' in request.REQUEST:
validate.nonce(request, 'fetch_contacts')
# start_index and max are gathered above
session_token = google_contacts.auth_sub_token_from_request(
request)
# check for the "My Contacts" group, otherwise, fetch it
my_contacts = memcache.client.get('%s/my_contacts' % token)
if not my_contacts:
my_contacts = google_contacts.get_system_group(
session_token, 'Contacts')
memcache.client.set('%s/my_contacts' % token, my_contacts)
rv, more = google_contacts.get_contacts_emails(session_token,
group=my_contacts,
index=start_index,
max=max)
contacts = []
for name, email in rv:
logging.info('looking up "%s" %s', name, email)
contacts.append(api.actor_lookup_email(request.user, email))
contacts = [x for x in contacts if x]
# for the template
contacts_found = True
contacts_more = more
contacts_so_far = contacts_more - 1
token = session_token.get_token_string()
contacts_emails = rv
# if no contacts were found and more are available, try some more
if not contacts and contacts_more:
next_url = util.qsa(
util.here(request), {
'fetch_contacts': '',
'contacts_more': contacts_more,
'index': contacts_more,
'token': token,
'_nonce': util.create_nonce(request.user,
'fetch_contacts'),
'redirect_to': redirect_to,
})
# TODO(termie): this can take a really long time, probably not really
# viable until we can do it with javascript
#return util.MetaRefresh(next_url, message='Still working...', second=1)
#return http.HttpResponseRedirect(next_url)
except:
exception.handle_exception(request)
# set the progress
welcome_photo = True
welcome_mobile = True
view = request.user
page = 'contacts'
area = 'welcome'
c = template.RequestContext(request, locals())
t = loader.get_template('join/templates/welcome_%s.html' % page)
return http.HttpResponse(t.render(c))
