def display_topic(request, topic):
""" Display the contents of the given topic.
'topic' is a dictionary representation of the topic to be displayed, as
returned by a call to core.api.topics.get().
We return an HttpResponse object containing the web page to display for
the given topic.
"""
eventRecorder.record_event(eventRecorder.EVENT_TYPE_VIEW_TOPIC)
user = User.objects.get(id=topic['user_id'])
if topic['hide_username']:
username = "******" + topic['hidden_url']
else:
username = user.username
if topic.get("name") not in ["", None]:
topic_name = username + "/" + topic['name']
else:
topic_name = username
topics = Topic.objects.filter(user_id=topic['user_id'])
if request.is_secure():
baseURL = "https://" + request.get_host()
else:
baseURL = "http://" + request.get_host()
return render_to_response('topic.html',
{'topic' : topic,
'user' : user,
'baseURL' : baseURL},
context_instance=RequestContext(request))
def taken_mobile():
""" Mark a conversation as having been taken mobile.
"""
raise UnauthorizedException() # Disable for now.
eventRecorder.record_event(eventRecorder.
EVENT_TYPE_TAKE_CONVERSATION_MOBILE)
def start_conversation(user_1_id, user_2_id, topic_id, sender_name=None):
""" Start a conversation between the given two users about the given topic.
The parameters are as follows:
'user_1_id'
'user_2_id'
The record ID of the two users participating in the new
conversation.
'topic_id'
The record ID of the topic this conversation will be about.
'sender_name'
The optional name for the sender of this message.
We create and return a new Conversation object based on the given
parameters. Note that we also send an "introduction" SMS message to
the owner of the topic, telling them that the conversation has started.
"""
# Create the new conversation.
conversation = Conversation()
conversation.user_1_id = user_1_id
conversation.user_2_id = user_2_id
conversation.stopped = False
conversation.topic_id = topic_id
conversation.save()
# Send the owner of the topic an "intro" SMS.
# topic = conversation.topic
# owner = topic.user
# if owner.verified:
# if sender_name in ["", None]:
# sender_name = "Anonymous"
#
# if topic.name in ["", None]:
# msg = settings.SMS_TEXT_NEW_CONVERSATION_ABOUT_DEFAULT_TOPIC \
# % sender_name
# else:
# msg = settings.SMS_TEXT_NEW_CONVERSATION_ABOUT_NAMED_TOPIC \
# % (sender_name, topic.name)
#
# _send_sms(conversation, owner, msg)
# Tell our event recorder that a conversation has been started, so we can
# report on it.
eventRecorder.record_event(eventRecorder.EVENT_TYPE_START_CONVERSATION)
# Finally, return the conversation back to the caller.
return conversation
def welcome(request):
""" Respond to the "/" URL.
We display the welcome page for the application, or redirect the user to
to /web/home if they are logged in.
"""
return render(request, "disabled.html")
if webHelpers.is_logged_in(request):
return redirect("/web/home/")
if request.is_secure():
base_url = "https://" + request.get_host()
else:
base_url = "http://" + request.get_host()
eventRecorder.record_event(eventRecorder.EVENT_TYPE_HOME_PAGE_HIT)
return render(request, "welcome.html",
{"hideBrand" : True,
"base_url" : base_url,
"help_div_class" : "messageme-international-help " +
"modal mm-hidden well"})
def update(session, username=None, password=None, phone_number=None):
""" Update the details of the currently logged-in user.
"""
raise UnauthorizedException() # Disable for now.
logger.debug("in core.api.users.update(" +
"session=%s, username=%s, password=%s, phone_number=%s)" %
(repr(session), repr(username), repr(password),
repr(phone_number)))
if session == None:
raise InvalidParametersException()
sessionHandler.validate(session)
user = sessionHandler.get_user(session)
# Remember if the user had a username or password.
if user.username not in ["", None]:
had_username = True
else:
had_username = False
if user.password_salt not in ["", None]:
had_password = True
else:
had_password = False
# If we're setting a username and password for this user, and we didn't
# have one previously, create a 3taps Identity for this user. Note that
# this may fail, if the username is already in use.
if not had_username and username != None:
if password == None: raise InvalidParametersException()
_check_username(username)
_check_password(password)
# Try creating this user within the 3taps Identity API.
success,response = identity_api.create(username, password)
if not success:
if response.startswith("403 error"):
raise DuplicateUsernameException()
else:
raise InvalidParametersException()
# Check that we don't have a local user with that username.
try:
existing_user = User.objects.get(username__iexact=username)
except User.DoesNotExist:
existing_user = None
if existing_user != None:
raise DuplicateUsernameException()
# Finally, save the updated user details into our database.
salt = response['server_salt']
hash = hashlib.md5(password + salt).hexdigest()
user.uses_identity_api = True
user.username = username
user.identity_api_salt = salt
user.identity_api_hash = hash
user.save()
# If we're changing the username for this user, ask the 3taps Identity API
# to change the username. Note that this may fail, if the new username is
# already in use.
if had_username and username != None and username != user.username:
success,response = identity_api.login(user.username,
pass_hash=user.identity_api_hash)
if not success:
raise UnauthorizedException()
session = response
success,response = identity_api.update(session,
{'username' : username})
if not success:
if response.startswith("403 error"):
raise DuplicateUsernameException()
else:
raise InvalidParametersException()
identity_api.logout(session)
# Check that we don't have a local user with that username.
try:
existing_user = User.objects.get(username__iexact=username)
except User.DoesNotExist:
existing_user = None
if existing_user != None:
raise DuplicateUsernameException()
# Finally, save the updated user details into our database.
user.username = username
user.save()
# If we're changing the password for this user, ask the 3taps Identity API
# to change the password.
if password != None:
if user.username in ["", None]:
# We can't change the password if we don't have a username.
raise InvalidParametersException()
if user.uses_identity_api:
success,response = \
identity_api.login(user.username,
pass_hash=user.identity_api_hash)
else:
success,response = \
identity_api.login(user.username,
password="******")
if not success:
raise UnauthorizedException()
session = response
success,response = identity_api.update(session,
{'username' : username})
if not success:
if response.startswith("403 error"):
raise DuplicateUsernameException()
else:
raise InvalidParametersException()
identity_api.logout(session)
salt = response['server_salt']
hash = hashlib.md5(password + salt).hexdigest()
user.uses_identity_api = True
user.identity_api_salt = salt
user.identity_api_hash = hash
user.save()
# If we've been asked to update the user's phone number, do so.
# NOTE: someone was using this to hack our system, so I've disabled it.
if False: # phone_number != None:
if phone_number == "":
user.phone_number = None # Remove current phone number.
else:
phone_number = utils.format_phone_number(phone_number)
try:
existing_user = User.objects.get(phone_number=phone_number)
except User.DoesNotExist:
existing_user = None
if existing_user != None and user.id != existing_user.id:
raise DuplicatePhoneNumberException()
user.phone_number = phone_number
# If this was an ad hoc user who we're now making permanent, change their
# "ad hoc" status, and create a new default topic for the user.
if user.ad_hoc and (username != None or password != None or
phone_number != None):
user.ad_hoc = False
_create_default_topic(user)
# If we have been given a username and password for this user, record them
# as signing up.
if not had_username and not had_password:
if username not in ["", None] and password not in ["", None]:
eventRecorder.record_event(eventRecorder.EVENT_TYPE_NEW_USER_SIGNUP)
# Finally, save the updated user and return a copy of it back to the
# caller.
user.updated_at = datetime.datetime.utcnow()
user.save()
return user.to_dict()
def create(username=None, password=None, phone_number=None):
""" Create a new User within the system.
"""
raise UnauthorizedException() # Disable for now.
logger.debug("in core.api.users.create(" +
"username=%s, password=%s, phone_number=%s)" %
(repr(username), repr(password), repr(phone_number)))
if username == "": username = None
if password == "": password = None
if phone_number == "": phone_number = None
if username == None and password == None and phone_number == None:
ad_hoc = True
else:
ad_hoc = False
if username != None: _check_username(username)
if password != None: _check_password(password)
if username != None or password != None:
if username == None or password == None:
# username and password must both be set at the same time.
raise InvalidParametersException()
if phone_number != None:
phone_number = utils.format_phone_number(phone_number)
try:
existing_user = User.objects.get(phone_number=phone_number)
except User.DoesNotExist:
existing_user = None
if existing_user != None:
raise DuplicatePhoneNumberException()
if username != None:
# The user is attempting to create a new user with a username and
# password. Try to create the 3taps identity for this new user, and
# raise a DuplicateUsernameException if the user already exists.
success,response = identity_api.create(username, password)
if not success:
if response.startswith("403 error"):
raise DuplicateUsernameException()
else:
raise InvalidParametersException()
user = User()
user.ad_hoc = ad_hoc
user.username = username
if username != None:
salt = response['server_salt']
hash = hashlib.md5(password + salt).hexdigest()
user.uses_identity_api = True
user.identity_api_salt = salt
user.identity_api_hash = hash
else:
user.uses_identity_api = False
user.identity_api_hash = None
user.identity_api_salt = None
user.phone_number = phone_number
user.verification_code = None
user.verified = False
user.created_at = datetime.datetime.utcnow()
user.updated_at = datetime.datetime.utcnow()
user.save()
# If the new user has a username and password, record it as a new user
# signup.
if username != None and password != None:
eventRecorder.record_event(eventRecorder.EVENT_TYPE_NEW_USER_SIGNUP)
# While we're at it, create a default topic for the new user if they're not
# an ad hoc user.
if not ad_hoc:
_create_default_topic(user)
# Finally, return the new user's details to the caller.
return user.to_dict()
def login(user_id=None,
username=None, password=None,
phone_number=None, verification_code=None):
""" Log a user in, creating a new login session.
"""
raise UnauthorizedException() # Disable for now.
logger.debug("in core.api.users.login(" +
"user_id=%s, username=%s, password=%s, phone=%s, code=%s)" %
(repr(user_id), repr(username), repr(password),
repr(phone_number), repr(verification_code)))
if user_id != None:
try:
user = User.objects.get(id=user_id)
except User.DoesNotExist:
raise NoSuchUserException()
if not user.ad_hoc:
raise UnauthorizedException()
elif username != None and password != None:
# Log in using a username and password. Note that we have to use the
# 3taps identity API for this.
try:
user = User.objects.get(username__iexact=username)
except User.DoesNotExist:
# We don't know about this user, but that doesn't mean the user
# doesn't exist. It could be that the user already has an identity
# within the 3taps Identity API, but hasn't used MessageMe before.
# See if the user exists in the identity API.
success,response = identity_api.login(username=username,
password=password)
if success:
identity_api.logout(response)
# Create a MessageMe record for this user.
salt = response['server_salt']
hash = hashlib.md5(password + salt).hexdigest()
user = User()
user.username = username
user.uses_identity_api = True
user.identity_api_salt = salt
user.identity_api_hash = hash
user.phone_number = phone_number
user.verification_code = None
user.verified = False
user.created_at = datetime.datetime.utcnow()
user.updated_at = datetime.datetime.utcnow()
user.save()
eventRecorder.record_event(
eventRecorder.EVENT_TYPE_NEW_USER_SIGNUP)
_create_default_topic(user)
else:
# We don't know about this user, and the 3taps Identity API
# doesn't either -> give up.
raise LoginRejectedException()
if user.uses_identity_api:
# Ask the 3taps Identity API to validate the supplied username and
# password.
salt = user.identity_api_salt
hash = hashlib.md5(password + salt).hexdigest()
success,response = identity_api.login(username=username,
pass_hash=hash)
if success:
identity_api.logout(response)
# Update the password hash, just in case the user changed their
# password.
salt = response['server_salt']
hash = hashlib.md5(password + salt).hexdigest()
user.identity_api_salt = salt
user.identity_api_hash = hash
user.save()
else:
raise LoginRejectedException()
else:
# We haven't yet migrated this user over to the identity API. We
# first check the password against the old password hash to see if
# it matches our private user details.
hash = bcrypt.hashpw(password, user.password_salt)
if hash == user.password_hash:
# We know the user entered the correct password. Try logging
# in with the "mm_temp" password, and if this works update the
# user's details to use the supplied (real) password.
success,response = identity_api.login(username=user.username,
password="******")
if success:
session = response
ignore = identity_api.update(session,
{'password' : password})
identity_api.logout(session)
salt = response['server_salt']
hash = hashlib.md5(password + salt).hexdigest()
user.uses_identity_api = True
user.identity_api_salt = salt
user.identity_api_hash = hash
user.save()
else:
# The user may have updated their password using another
# client of the 3taps Identity API. Try logging in using
# the supplied password.
success,response = \
identity_api.login(username=user.username,
password=password)
if success:
session = response
identity_api.logout(session)
salt = response['server_salt']
hash = hashlib.md5(password + salt).hexdigest()
user.uses_identity_api = True
user.identity_api_salt = salt
user.identity_api_hash = hash
user.save()
else:
# We can't log in -> give up.
raise LoginRejectedException()
else:
# The supplied password doesn't match our local records. All
# we can do is hope the password is accepted by the 3taps
# Identity API, and if so accept the login.
success,response = identity_api.login(username=user.username,
password=password)
if success:
session = response
identity_api.logout(session)
salt = response['server_salt']
hash = hashlib.md5(password + salt).hexdigest()
user.uses_identity_api = True
user.identity_api_salt = salt
user.identity_api_hash = hash
user.save()
else:
# We can't log in -> give up.
raise LoginRejectedException()
elif phone_number != None and verification_code != None:
phone_number = utils.format_phone_number(phone_number)
try:
user = User.objects.get(phone_number=phone_number,
verification_code=verification_code)
except User.DoesNotExist:
raise LoginRejectedException()
user.verified = True
user.save()
elif (user_id == None and username == None and password == None and
phone_number == None and verification_code == None):
# Create a new ad hoc user on-the-fly for this session.
user = User()
user.ad_hoc = True
user.username = None
user.password_salt = None
user.password_hash = None
user.phone_number = None
user.verification_code = None
user.verified = False
user.created_at = datetime.datetime.utcnow()
user.updated_at = datetime.datetime.utcnow()
user.save()
else:
raise InvalidParametersException()
return sessionHandler.create(user)
