def post(self):
user = util.get_current_user()
if user is None:
self.redirect(util.create_login_url(self.request.uri))
return
user_data = UserData.get_or_insert_for(user)
coach_email = self.request_string("coach", default="")
if coach_email:
coach_user = users.User(coach_email)
coach_user_data = UserData.get_for(coach_user)
if coach_user_data:
if coach_email not in user_data.coaches and coach_email.lower(
) not in user_data.coaches:
user_data.coaches.append(coach_email)
user_data.put()
self.redirect("/coaches")
return
self.redirect("/coaches?invalid_coach=1")
def get(self):
current_email = self.request.get(
'curremail') #email that is currently used
new_email = self.request.get(
'newemail') #email the user wants to change to
swap = self.request.get('swap') #Are we changing emails?
currdata = UserData.get_from_user_input_email(current_email)
newdata = UserData.get_from_user_input_email(new_email)
if swap and currdata: #are we swapping? make sure account exists
currdata.current_user = users.User(new_email)
currdata.user_email = new_email
if newdata: #delete old account
currdata.user_id = newdata.user_id
newdata.delete()
currdata.put()
template_values = {
'App': App,
'curremail': current_email,
'newemail': new_email,
'currdata': currdata,
'newdata': newdata,
"properties": UserData.properties()
}
self.render_jinja2_template('devemailpanel.html', template_values)
def get(self):
coach = UserData.current()
if coach:
user_override = self.request_user_data("coach_email")
if user_override and user_override.are_students_visible_to(coach):
# Only allow looking at a student list other than your own
# if you are a dev, admin, or coworker.
coach = user_override
student_lists = StudentList.get_for_coach(coach.key())
student_lists_list = [{
'key': 'allstudents',
'name': 'כל התלמידים'.decode("utf8"),
}];
for student_list in student_lists:
student_lists_list.append({
'key': str(student_list.key()),
'name': student_list.name,
})
list_id, _ = get_last_student_list(self, student_lists, coach==UserData.current())
current_list = None
for student_list in student_lists_list:
if student_list['key'] == list_id:
current_list = student_list
selected_graph_type = self.request_string("selected_graph_type") or ClassProgressReportGraph.GRAPH_TYPE
if selected_graph_type == 'progressreport' or selected_graph_type == 'goals': # TomY This is temporary until all the graphs are API calls
initial_graph_url = "/api/v1/user/students/%s?coach_email=%s&%s" % (selected_graph_type, urllib.quote(coach.email), urllib.unquote(self.request_string("graph_query_params", default="")))
else:
initial_graph_url = "/profile/graph/%s?coach_email=%s&%s" % (selected_graph_type, urllib.quote(coach.email), urllib.unquote(self.request_string("graph_query_params", default="")))
initial_graph_url += 'list_id=%s' % list_id
exercises = models.Exercise.get_all_use_cache()
exercises.sort(key=lambda ex: ex.display_name)
template_values = {
'user_data_coach': coach,
'coach_email': coach.email,
'list_id': list_id,
'student_list': current_list,
'student_lists': student_lists_list,
'student_lists_json': json.dumps(student_lists_list),
'coach_nickname': coach.nickname,
'selected_graph_type': selected_graph_type,
'initial_graph_url': initial_graph_url,
'exercises': exercises,
'is_profile_empty': not coach.has_students(),
'selected_nav_link': 'coach',
"view": self.request_string("view", default=""),
'stats_charts_class': 'coach-view',
}
self.render_jinja2_template('viewclassprofile.html', template_values)
else:
self.redirect(util.create_login_url(self.request.uri))
def get(self):
student = UserData.current() or UserData.pre_phantom()
user_override = self.request_student_user_data(legacy=True)
if user_override and user_override.key_email != student.key_email:
if not user_override.is_visible_to(student):
# If current user isn't an admin or student's coach, they can't
# look at anything other than their own profile.
self.redirect("/profile")
return
else:
# Allow access to this student's profile
student = user_override
user_badges = util_badges.get_user_badges(student)
selected_graph_type = (self.request_string("selected_graph_type") or
ActivityGraph.GRAPH_TYPE)
# TODO: deal with this one-off hackery. Some graphs use the API
# to fetch data, instead of the /profile/graph methods.
if selected_graph_type == "exerciseprogress":
initial_graph_url = ("/api/v1/user/exercises?email=%s" %
urllib.quote(student.email))
elif selected_graph_type == "goals":
initial_graph_url = ("/api/v1/user/goals?email=%s" %
urllib.quote(student.email))
else:
initial_graph_url = "/profile/graph/%s?student_email=%s&%s" % (
selected_graph_type,
urllib.quote(student.email),
urllib.unquote(self.request_string("graph_query_params",
default="")))
tz_offset = self.request_int("tz_offset", default=0)
template_values = {
'student_email': student.email,
'student_nickname': student.nickname,
'selected_graph_type': selected_graph_type,
'initial_graph_url': initial_graph_url,
'tz_offset': tz_offset,
'student_points': student.points,
'count_videos': models.Setting.count_videos(),
'count_videos_completed': student.get_videos_completed(),
'count_exercises': models.Exercise.get_count(),
'count_exercises_proficient': len(student.all_proficient_exercises),
'badge_collections': user_badges['badge_collections'],
'user_badges_bronze': user_badges['bronze_badges'],
'user_badges_silver': user_badges['silver_badges'],
'user_badges_gold': user_badges['gold_badges'],
'user_badges_platinum': user_badges['platinum_badges'],
'user_badges_diamond': user_badges['diamond_badges'],
'user_badges_master': user_badges['user_badges_master'],
'user_badges': [user_badges['bronze_badges'], user_badges['silver_badges'], user_badges['gold_badges'], user_badges['platinum_badges'], user_badges['diamond_badges'],user_badges['user_badges_master']],
'user_data_student': student,
"show_badge_frequencies": self.request_bool("show_badge_frequencies", default=False),
"view": self.request_string("view", default=""),
}
self.render_jinja2_template('viewprofile.html', template_values)
def get(self):
coach = UserData.current()
if coach:
user_override = self.request_user_data("coach_email")
if user_override and user_override.are_students_visible_to(coach):
# Only allow looking at a student list other than your own
# if you are a dev, admin, or coworker.
coach = user_override
student_lists = StudentList.get_for_coach(coach.key())
student_lists_list = [{
'key': 'allstudents',
'name': 'All students',
}]
for student_list in student_lists:
student_lists_list.append({
'key': str(student_list.key()),
'name': student_list.name,
})
list_id, _ = get_last_student_list(self, student_lists,
coach == UserData.current())
current_list = None
for student_list in student_lists_list:
if student_list['key'] == list_id:
current_list = student_list
selected_graph_type = self.request_string(
"selected_graph_type") or ClassProgressReportGraph.GRAPH_TYPE
initial_graph_url = "/profile/graph/%s?coach_email=%s&%s" % (
selected_graph_type, urllib.quote(coach.email),
urllib.unquote(
self.request_string("graph_query_params", default="")))
initial_graph_url += 'list_id=%s' % list_id
template_values = {
'user_data_coach': coach,
'coach_email': coach.email,
'list_id': list_id,
'student_list': current_list,
'student_lists': student_lists_list,
'student_lists_json': simplejson.dumps(student_lists_list),
'coach_nickname': coach.nickname,
'selected_graph_type': selected_graph_type,
'initial_graph_url': initial_graph_url,
'exercises': models.Exercise.get_all_use_cache(),
'is_profile_empty': not coach.has_students(),
'selected_nav_link': 'coach',
"view": self.request_string("view", default=""),
}
self.render_jinja2_template('viewclassprofile.html',
template_values)
else:
self.redirect(util.create_login_url(self.request.uri))
def setUp(self):
self.sel = WebDriver()
# Create a user and an org
self.user = UserData.createUser('a', 'b','c@1', 'pw')
theOrg = OrgData.createOrg("theOrg")
self.user.org = theOrg
self.user.save()
self.user = UserData.createUser('d', 'e','f@1', 'pw')
self.user.org = theOrg
self.user.save()
def get(self):
student = UserData.current() or UserData.pre_phantom()
user_override = self.request_user_data("student_email")
if user_override and user_override.key_email != student.key_email:
if not user_override.is_visible_to(student):
# If current user isn't an admin or student's coach, they can't look at anything other than their own profile.
self.redirect("/profile?k")
return
else:
# Allow access to this student's profile
student = user_override
user_badges = util_badges.get_user_badges(student)
selected_graph_type = self.request_string("selected_graph_type") or ActivityGraph.GRAPH_TYPE
initial_graph_url = "/profile/graph/%s?student_email=%s&%s" % (
selected_graph_type,
urllib.quote(student.email),
urllib.unquote(self.request_string("graph_query_params", default="")),
)
tz_offset = self.request_int("tz_offset", default=0)
template_values = {
"student_nickname": student.nickname,
"selected_graph_type": selected_graph_type,
"initial_graph_url": initial_graph_url,
"tz_offset": tz_offset,
"student_points": student.points,
"count_videos": models.Setting.count_videos(),
"count_videos_completed": student.get_videos_completed(),
"count_exercises": models.Exercise.get_count(),
"count_exercises_proficient": len(student.all_proficient_exercises),
"badge_collections": user_badges["badge_collections"],
"user_badges_bronze": user_badges["bronze_badges"],
"user_badges_silver": user_badges["silver_badges"],
"user_badges_gold": user_badges["gold_badges"],
"user_badges_platinum": user_badges["platinum_badges"],
"user_badges_diamond": user_badges["diamond_badges"],
"user_badges_master": user_badges["user_badges_master"],
"user_badges": [
user_badges["bronze_badges"],
user_badges["silver_badges"],
user_badges["gold_badges"],
user_badges["platinum_badges"],
user_badges["diamond_badges"],
user_badges["user_badges_master"],
],
"user_data_student": student,
"show_badge_frequencies": self.request_bool("show_badge_frequencies", default=False),
"view": self.request_string("view", default=""),
}
self.render_jinja2_template("viewprofile.html", template_values)
def get(self):
user = users.get_current_user()
day_time = datetime.today() - timedelta(1)
query = UserData.gql("WHERE user = :1", user)
thisUser = query.get()
if thisUser is None:
thisUser = UserData(user=user, lastemail=day_time, Number_Tiles=0)
thisUser.put()
N_tiles = 0
else:
N_tiles = thisUser.Number_Tiles
self.response.write(N_tiles)
def get_profile_target_user_data(self):
student = UserData.current() or UserData.pre_phantom()
if student:
user_override = self.request_user_data("student_email")
if user_override and user_override.key_email != student.key_email:
if not user_override.is_visible_to(student):
# If current user isn't an admin or student's coach, they can't look at anything other than their own profile.
student = None
else:
# Allow access to this student's profile
student = user_override
return student
def get_profile_target_user_data(self):
student = UserData.current() or UserData.pre_phantom()
if student:
user_override = self.request_user_data("student_email")
if user_override and user_override.key_email != student.key_email:
if not user_override.is_visible_to(student):
# If current user isn't an admin or student's coach, they can't look at anything other than their own profile.
student = None
else:
# Allow access to this student's profile
student = user_override
return student
def myPage(request):
utype = request.GET.get('usertype')
uname = request.GET.get('uname')
key = request.GET.get('key')
ctx = {}
if utype == None:
return redirect('/?msg="Error! Please Try again!"')
elif utype.lower() == 'new':
try:
usr = UserData(username=uname, user_key=key)
usr.save()
ctx['user'] = usr.username
except:
return redirect(
'/?msg="Username Taken! Please use a different one!"')
elif utype.lower() == 'old':
users = UserData.objects.filter(username=uname, user_key=key)
if len(users) > 0:
usr = users[0]
ctx['user'] = usr.username
game_data = GameData.objects.filter(user=usr)
ctx['data'] = {}
if len(game_data) > 0:
ctx['data']['played'] = len(game_data)
ctx['data']['table'] = []
for gx in game_data:
new_data = {}
new_data['id'] = gx.id
new_data['game_id'] = gx.game_id
new_data['score'] = gx.game_score
ctx['data']['table'].append(new_data)
else:
ctx['data']['played'] = 0
else:
return redirect('/?msg="You take me for a fool?"')
else:
return redirect('/?msg="What are you trying to do user?"')
return render(request, 'yourpage.html', ctx)
def get(self):
coach = UserData.current()
if coach:
user_override = self.request_user_data("coach_email")
if user_override and user_override.are_students_visible_to(coach):
# Only allow looking at a student list other than your own
# if you are a dev, admin, or coworker.
coach = user_override
student_lists = StudentList.get_for_coach(coach.key())
student_lists_list = [{"key": "allstudents", "name": "All students"}]
for student_list in student_lists:
student_lists_list.append({"key": str(student_list.key()), "name": student_list.name})
list_id, _ = get_last_student_list(self, student_lists, coach == UserData.current())
current_list = None
for student_list in student_lists_list:
if student_list["key"] == list_id:
current_list = student_list
selected_graph_type = self.request_string("selected_graph_type") or ClassProgressReportGraph.GRAPH_TYPE
initial_graph_url = "/profile/graph/%s?coach_email=%s&%s" % (
selected_graph_type,
urllib.quote(coach.email),
urllib.unquote(self.request_string("graph_query_params", default="")),
)
initial_graph_url += "list_id=%s" % list_id
template_values = {
"user_data_coach": coach,
"coach_email": coach.email,
"list_id": list_id,
"student_list": current_list,
"student_lists": student_lists_list,
"student_lists_json": simplejson.dumps(student_lists_list),
"coach_nickname": coach.nickname,
"selected_graph_type": selected_graph_type,
"initial_graph_url": initial_graph_url,
"exercises": models.Exercise.get_all_use_cache(),
"is_profile_empty": not coach.has_students(),
"selected_nav_link": "coach",
"view": self.request_string("view", default=""),
}
self.render_jinja2_template("viewclassprofile.html", template_values)
else:
self.redirect(util.create_login_url(self.request.uri))
def login():
login_form = LoginForm()
username = session.get('username')
context = {
'login_form': login_form,
'username': username
}
if current_user is True:
return redirect(url_for('dashboard'))
if login_form.validate_on_submit():
username = login_form.username.data
password = login_form.password.data
user_doc = get_user(username)
if user_doc.to_dict() is not None:
password_from_db = user_doc.to_dict()['password']
if password == password_from_db:
user_data = UserData(username, password)
user = UserModel(user_data)
login_user(user)
flash('Login success')
return redirect(url_for('dashboard'))
else:
flash('Information does not match')
else:
flash('User does not exist')
return render_template('login.html', **context)
def can_control_gandalf():
"""CUSTOMIZE can_control_gandalf however you want to specify
whether or not the currently-logged-in user has access
to Gandalf dashboard."
"""
user_data = UserData.current(bust_cache=True)
return users.is_current_user_admin() or (user_data and user_data.developer)
def authenticated_response(self):
user_data = UserData.current()
user_email = user_data.user_email
template_values = {
"authenticated": True,
"user_email": user_email,
}
sio = StringIO.StringIO()
sw = csv.writer(sio)
properties = [p for p in SummerStudent().properties()]
sw.writerow(properties)
for student in SummerStudent.all().fetch(5000):
try:
row = []
for p in properties:
v = getattr(student, p)
if isinstance(v, basestring):
v = v.encode("utf-8")
row.append(v)
sw.writerow(row)
except Exception, e:
logging.error("Unable to write row for student %s" %
student.email)
def post(self):
template_values = {}
user_data = UserData.current()
status_file = StringIO.StringIO(self.request_string('status_file'))
reader = csv.reader(status_file)
student_list = []
for line in reader:
student_email = line[0]
student_status = line[1]
student_comment = line[2]
student = SummerStudent.all().filter('email =',
student_email).get()
if student is None:
logging.error("Student %s not found" % student_email)
continue
student.application_status = student_status
student.comment = student_comment
if student_status == "Accepted":
student.accepted = True
student_list.append(student)
db.put(student_list)
self.response.out.write("OK")
self.response.set_status(200)
def can_control_gandalf():
"""CUSTOMIZE can_control_gandalf however you want to specify
whether or not the currently-logged-in user has access
to Gandalf dashboard."
"""
user_data = UserData.current(bust_cache=True)
return users.is_current_user_admin() or (user_data and user_data.developer)
def post(self):
format = self.request.get('format','html')
try:
user_upload = UserData.create(self.get_uploads()[0])
except IndexError:
self.error(404)
self.redirect('/i/%s?format=%s' % (user_upload.key().name(),format))
def render_login_outer(self):
"""Render the login page.
Note that part of the contents of this page is hosted on an iframe
and rendered by this same RequestHandler (render_login_form)
"""
cont = self.request_continue_url()
direct = self.request_bool('direct', default=False)
user_data = UserData.current()
if user_data and not user_data.is_phantom:
# Don't let users see the login page if they're already logged in.
# This avoids dangerous edge cases in which users have conflicting
# Google/FB cookies, and google.appengine.api.users.get_current_user
# returns a different user than the actual person logged in.
self.redirect(cont)
return
template_values = {
'continue': cont,
'direct': direct,
'google_url': users.create_login_url(cont),
}
self.render_jinja2_template('login.html', template_values)
def post(self):
"""Handle a POST from the login form.
This happens when the user attempts to login with an identifier (email
or username) and password.
"""
cont = self.request_continue_url()
# Authenticate via username or email + password
identifier = self.request_string('identifier')
password = self.request_string('password')
if not identifier or not password:
errors = {}
if not identifier: errors['noemail'] = True
if not password: errors['nopassword'] = True
self.render_json({'errors': errors})
return
user_data = UserData.get_from_username_or_email(identifier.strip())
if not user_data or not user_data.validate_password(password):
errors = {}
errors['badlogin'] = True
# TODO(benkomalo): IP-based throttling of failed logins?
self.render_json({'errors': errors})
return
# Successful login
Login.return_login_json(self, user_data, cont)
def post(self):
template_values = {}
user_data = UserData.current()
status_file = StringIO.StringIO(self.request_string("status_file"))
reader = csv.reader(status_file)
student_list = []
for line in reader:
student_email = line[0]
student_status = line[1]
student_comment = line[2]
student = SummerStudent.all().filter("email =", student_email).get()
if student is None:
logging.error("Student %s not found" % student_email)
continue
student.application_status = student_status
student.comment = student_comment
if student_status == "Accepted":
student.accepted = True
student_list.append(student)
db.put(student_list)
self.response.out.write("OK")
self.response.set_status(200)
def post(self):
x = int(self.request.get('x'))
y = int(self.request.get('y'))
currentdaytime = datetime.today()
query = Claim.gql("WHERE x = :1 AND y = :2", x, y)
Claim_itterator = query.iter(produce_cursors=True)
for claim in Claim_itterator:
query2 = UserData.gql("WHERE user = :1", claim.user)
thisUser = query2.get()
if thisUser.lastemail < currentdaytime - timedelta(1):
message = mail.EmailMessage()
message.sender = ("http://infinitegraffitiwall.appspot.com/ " +
"Tile Claim Service <*****@*****.**>")
message.to = claim.user.email()
message.subject = ("A Tile that you have claimed " +
"has been changed today.")
message.body = ("""
A Tile that you have claimed has been changed today.
Tile coordinates """ + str(x) + "," + str(y) + """.
Link to location: http://infinitegraffitiwall.appspot.com/@""" +
str(x) + "," + str(y))
message.send()
thisUser.lastemail = currentdaytime
thisUser.put()
def get(self):
user_data = UserData.current()
if user_data:
user_data_override = self.request_user_data("coach_email")
if user_util.is_current_user_developer() and user_data_override:
user_data = user_data_override
invalid_student = self.request_bool("invalid_student",
default=False)
coach_requests = [
x.student_requested_data.email
for x in CoachRequest.get_for_coach(user_data)
if x.student_requested_data
]
student_lists_models = StudentList.get_for_coach(user_data.key())
student_lists_list = []
for student_list in student_lists_models:
student_lists_list.append({
'key': str(student_list.key()),
'name': student_list.name,
})
student_lists_dict = dict(
(g['key'], g) for g in student_lists_list)
students_data = user_data.get_students_data()
students = map(
lambda s: {
'key':
str(s.key()),
'email':
s.email,
'nickname':
s.nickname,
'student_lists': [
l for l in [
student_lists_dict.get(str(list_id))
for list_id in s.student_lists
] if l
],
}, students_data)
students.sort(key=lambda s: s['nickname'])
template_values = {
"students": students,
"students_json": json.dumps(students),
"student_lists": student_lists_list,
"student_lists_json": json.dumps(student_lists_list),
"invalid_student": invalid_student,
"coach_requests": coach_requests,
"coach_requests_json": json.dumps(coach_requests),
'selected_nav_link': 'coach'
}
self.render_jinja2_template('viewstudentlists.html',
template_values)
else:
self.redirect(util.create_login_url(self.request.uri))
def setUp(self):
testOrg = OrgData(orgName='Test org',
status=1)
testOrg.pk = 9
testOrg.save()
self.testUser = UserData.createUser('Test', 'Tester',
'*****@*****.**', 'pw')
self.testUser.org = testOrg
self.testUser.apiKey = 'TESTAPIKEY8'
self.testUser.save()
self.hierarchy = '{"numLevels":1,"levels":{"0":{"timeout":30,\
"users":[' + str(self.testUser.pk) + ']}}}'
testContactMethod = ContactMethodData(user=self.testUser,
contactType='email',
contactData='*****@*****.**',
priority=0)
testContactMethod.pk = 7
testContactMethod.save()
self.client = Client()
log = self.client.login(username='******',
password='******')
s = self.client.session
s['swag'] = 41
s.save()
def test_APILogin(self):
self.testUserL = UserData.createUser('Test', 'Tester',
'*****@*****.**', 'pw')
self.testUserL.apiKey = 'TESTAPIKEY9'
self.testUserL.save()
testContactMethod = ContactMethodData(user=self.testUserL,
contactType='email',
contactData='*****@*****.**',
priority=0)
testContactMethod.pk = 11
testContactMethod.save()
userPCMDict = self.testUserL.toUserPCM().toDict()
postData = json.dumps({'username':'******',
'password':'******'})
response = self.client.post(APP_URL + '/API/login',
postData, content_type = "application/json")
responses = {'userPCM': userPCMDict,
'error': None}
self.assertEqual(responses, json.loads(response.content))
def render_template(self, template_name, template_values):
template_values['App'] = App
template_values['None'] = None
template_values['points'] = None
template_values['username'] = ""
user = util.get_current_user()
if user is not None:
template_values['username'] = user.nickname()
user_data = UserData.get_for(user)
template_values['user_data'] = user_data
template_values['points'] = user_data.points if user_data else 0
if not template_values.has_key('continue'):
template_values['continue'] = self.request.uri
# Always insert a post-login request before our continue url
template_values['continue'] = util.create_post_login_url(template_values['continue'])
template_values['login_url'] = ('%s&direct=1' % util.create_login_url(template_values['continue']))
template_values['logout_url'] = util.create_logout_url(self.request.uri)
template_values['is_mobile'] = self.is_mobile()
path = os.path.join(os.path.dirname(__file__), template_name)
self.response.out.write(template.render(path, template_values))
def post(self):
custom_badge_name = self.request_string("name", default="")
custom_badges = CustomBadge.all()
custom_badge_awarded = None
emails_awarded = []
for custom_badge in custom_badges:
if custom_badge.name == custom_badge_name:
custom_badge_awarded = custom_badge
if custom_badge_awarded:
# Award badges and show successful email addresses
emails_newlines = self.request_string("emails", default="")
emails = emails_newlines.split()
emails = map(lambda email: email.strip(), emails)
for email in emails:
user_data = UserData.get_from_user_input_email(email)
if user_data:
if not custom_badge_awarded.is_already_owned_by(user_data):
custom_badge_awarded.award_to(user_data)
user_data.put()
emails_awarded.append(email)
template_values = {
"custom_badges": CustomBadge.all(),
"custom_badge_awarded": custom_badge_awarded,
"emails_awarded": emails_awarded
}
self.render_jinja2_template("badges/award_custom_badge.html", template_values)
def new_user(user_id):
try:
if request.method == 'GET':
user = UserData.query.get(user_id)
ret = {
"id": user.id,
"pseudo": user.pseudo,
"age": user.age,
"gender": user.gender
}
return jsonify(ret)
if request.method == 'POST':
content = request.get_json(force=True)
pseudo = str(content.get("pseudo"))
age = int(content.get("age"))
gen = str(content.get("grade"))
user = UserData(pseudo=pseudo, age=age, gender=gen)
db.session.add(user) # so this works :)
db.session.flush()
ret = {"user_id": user.id}
db.session.commit()
return jsonify(ret)
else:
ret = {'status': 'ok'}
return jsonify(ret)
except sqlalchemy.exc.IntegrityError: # if it already exists then smth
ret = {'status': 'not ok'}
return jsonify(ret)
ret = {'status': 'ok'}
return jsonify(ret)
def basic_auth_required(self, include_viewers=False):
# scheme = os.environ.get('wsgi.url_scheme')
# if scheme != 'https':
# # Basic auth should be done via https only
# return False
auth = os.environ.get("HTTP_AUTHORIZATION", None)
auth_msg = 'Basic realm="%s on AppEngine"' % self.reponame
if not auth:
# lacking auth info
self.response.headers["WWW-Authenticate"] = auth_msg
return False
(basic, _, auth) = auth.partition(" ")
if basic != "Basic":
# Mechanism is not Basic.
self.response.headers["WWW-Authenticate"] = auth_msg
return False
(username, _, password) = base64.b64decode(auth).partition(":")
if username.find("@") < 0:
username += "@gmail.com"
userdata = UserData.get_by_key_name("user_" + username)
if not userdata or str(userdata.passphrase) != str(password):
# passphrase mismatch.
self.response.headers["WWW-Authenticate"] = auth_msg
return False
if not self.repo.check_user_perm(userdata.key(), include_viewers):
# Userdata mismatch.
self.response.headers["WWW-Authenticate"] = auth_msg
return False
# Otherwise, valid user.
logging.info("%s pushed into %s." % (username, self.reponame))
return True
def get(self):
user_data = UserData.current()
if not user_data:
self.redirect(util.create_login_url(self.request.uri))
return
accept_coach = self.request_bool("accept", default = False)
user_data_coach = self.request_user_data("coach_email")
user_data_student = self.request_user_data('student_email')
if bool(user_data_coach) == bool(user_data_student):
raise Exception('must provide coach_email xor student_email')
if user_data_coach:
user_data_student = user_data
elif user_data_student:
user_data_coach = user_data
if user_data_coach and not user_data_student.is_coached_by(user_data_coach):
coach_request = CoachRequest.get_for(user_data_coach, user_data_student)
if coach_request:
coach_request.delete()
if user_data.key_email == user_data_student.key_email and accept_coach:
user_data_student.coaches.append(user_data_coach.key_email)
user_data_student.put()
if not self.is_ajax_request():
self.redirect("/coaches")
def post(self):
self.error_message = {}
mandatory_fields = ['first_name', 'email', 'phone_number', 'dob']
for field in mandatory_fields:
if field not in request.json:
self.error_message[field] = 'This field is required'
if self.error_message:
response = jsonify(self.error_message)
response.status_code = status.HTTP_400_BAD_REQUEST
return response
try:
first_name = request.json['first_name']
last_name = request.json.get('last_name', None)
email = request.json['email']
phone_number = request.json['phone_number']
dob = request.json['dob']
new_entry = UserData(first_name, last_name, email, phone_number,
dob)
db.session.add(new_entry)
db.session.commit()
response = user_schema.jsonify(new_entry)
response.status_code = status.HTTP_201_CREATED
return response
except exc.IntegrityError as e:
self.error_message["message"] = str(e.orig)
response = jsonify(self.error_message)
response.status_code = status.HTTP_400_BAD_REQUEST
return response
except Exception as e:
self.error_message["message"] = "Something went wrong"
response = jsonify(self.error_message)
response.status_code = status.HTTP_501_NOT_IMPLEMENTED
return response
def post(self):
"""Handle a POST from the login form.
This happens when the user attempts to login with an identifier (email
or username) and password.
"""
cont = self.request_continue_url()
# Authenticate via username or email + password
identifier = self.request_string('identifier')
password = self.request_string('password')
if not identifier or not password:
errors = {}
if not identifier: errors['noemail'] = True
if not password: errors['nopassword'] = True
self.render_json({'errors': errors})
return
user_data = UserData.get_from_username_or_email(identifier.strip())
if not user_data or not user_data.validate_password(password):
errors = {}
errors['badlogin'] = True
# TODO(benkomalo): IP-based throttling of failed logins?
self.render_json({'errors': errors})
return
# Successful login
Login.return_login_json(self, user_data, cont)
def get(self,site_key):
# Get the file by the provided key name
user_data = UserData.get_by_key_name(site_key)
if not user_data:
return self.error(404)
blob_info = user_data.blob_info
# Figure out hostname so we can give 'full links'
host_name = '/'.join([k for k in self.request.url.split('/')[:3]])
# Build the response
resp = {
'name':blob_info.filename,
'creation':blob_info.creation.strftime("%Y-%m-%d %H:%M:%S"),
'download_url':'%s/%s' % (host_name,site_key),
'url':'%s/%s' % (host_name,site_key),
'type':blob_info.content_type,
'size':blob_info.size,
'size_in_kb':(blob_info.size)/1024,
'info_url':'%s/i/%s' % (host_name,site_key),
'thumbnail_url': get_serving_url(blob_info) if blob_info.content_type in IMAGE_MIMETYPES else ''
}
if self.request.get('format') == 'json':
# If the requested format is json render to json
return self.response.out.write(json.dumps(resp))
else:
# Otherwise render to html
self.response.out.write(template.render('templates/viewer.html', resp))
def _consume_auth_token(self):
"""Check to see if a valid auth token is specified as a param
in the request, so it can be converted into a cookie
and used as the identifier for the current and future requests.
"""
auth_stamp = self.request_string("auth")
if auth_stamp:
# If an auth stamp is provided, it means they logged in using
# a password via HTTPS, and it has redirected here to postlogin
# to set the auth cookie from that token. We can't rely on
# UserData.current() yet since no cookies have yet been set.
token = AuthToken.for_value(auth_stamp)
if not token:
logging.error("Invalid authentication token specified")
else:
user_data = UserData.get_from_user_id(token.user_id)
if not user_data or not token.is_valid(user_data):
logging.error("Invalid authentication token specified")
else:
# Good auth stamp - set the cookie for the user, which
# will also set it for this request.
auth.cookies.set_auth_cookie(self, user_data, token)
return True
return False
def render_login_outer(self):
"""Render the login page.
Note that part of the contents of this page is hosted on an iframe
and rendered by this same RequestHandler (render_login_form)
"""
cont = self.request_continue_url()
direct = self.request_bool('direct', default=False)
user_data = UserData.current()
if user_data and not user_data.is_phantom:
# Don't let users see the login page if they're already logged in.
# This avoids dangerous edge cases in which users have conflicting
# Google/FB cookies, and google.appengine.api.users.get_current_user
# returns a different user than the actual person logged in.
self.redirect(cont)
return
template_values = {
'continue': cont,
'direct': direct,
'google_url': users.create_login_url(cont),
}
self.render_jinja2_template('login.html', template_values)
def _consume_auth_token(self):
"""Check to see if a valid auth token is specified as a param
in the request, so it can be converted into a cookie
and used as the identifier for the current and future requests.
"""
auth_stamp = self.request_string("auth")
if auth_stamp:
# If an auth stamp is provided, it means they logged in using
# a password via HTTPS, and it has redirected here to postlogin
# to set the auth cookie from that token. We can't rely on
# UserData.current() yet since no cookies have yet been set.
token = AuthToken.for_value(auth_stamp)
if not token:
logging.error("Invalid authentication token specified")
else:
user_data = UserData.get_from_user_id(token.user_id)
if not user_data or not token.is_valid(user_data):
logging.error("Invalid authentication token specified")
else:
# Good auth stamp - set the cookie for the user, which
# will also set it for this request.
auth.cookies.set_auth_cookie(self, user_data, token)
return True
return False
def get(self):
user_data = UserData.current()
if not user_data:
self.redirect(util.create_login_url(self.request.uri))
return
accept_coach = self.request_bool("accept", default = False)
user_data_coach = self.request_user_data("coach_email")
user_data_student = self.request_user_data('student_email')
if bool(user_data_coach) == bool(user_data_student):
raise Exception('must provide coach_email xor student_email')
if user_data_coach:
user_data_student = user_data
elif user_data_student:
user_data_coach = user_data
if user_data_coach and not user_data_student.is_coached_by(user_data_coach):
coach_request = CoachRequest.get_for(user_data_coach, user_data_student)
if coach_request:
coach_request.delete()
if user_data.key_email == user_data_student.key_email and accept_coach:
user_data_student.coaches.append(user_data_coach.key_email)
user_data_student.put()
if not self.is_ajax_request():
self.redirect("/coaches")
def addwakesleeptime():
if request.method == 'POST':
startdate = request.form.get("startdate")
enddate = request.form.get("enddate")
phonenumber = request.form.get("phonenumber")
carrier = request.form.get("carrier")
uniqueidentifier = request.form.get('uniqueidentifier')
waketime = request.form.get('waketime')
sleeptime = request.form.get('sleeptime')
try:
user = UserData.query.filter_by(
uniqueidentifier=uniqueidentifier).first()
print(user)
if (user is not None):
user.waketime = waketime
user.sleeptime = sleeptime
db.session.commit()
return render_template("addwakesleep.html")
except Exception as e:
return (str(e))
try:
user = UserData(startdate=startdate,
phonenumber=phonenumber,
carriersettings=carrier,
uniqueidentifier=uniqueidentifier,
waketime=waketime,
sleeptime=sleeptime)
db.session.add(user)
db.session.commit()
except Exception as e:
print(str(e))
return (str(e))
return render_template("addwakesleep.html")
async def guild_check(self, guild: Guild):
settings = await get_guild_settings(guild)
if settings.sync_twitch_followers:
streamername: str = settings.twitch_account_name
followerrole: Optional[Role] = utils.get(guild.roles, name=settings.follower_role_name)
if followerrole is None:
return
for member in guild.members:
# The following would work if discord allowed bots to check linked accounts.
#
# profile = await member.profile()
# for acc in profile.connected_accounts:
# if acc["type"] == "twitch":
# following = await self.bot.loop.run_in_executor(executor, is_following, streamername, acc["id"])
#
# if following and followerrole not in member.roles:
# await member.add_roles(followerrole)
# elif not following and followerrole in member.roles:
# await member.remove_roles(followerrole)
query = UserData.filter(user_id=str(member.id))
if await query.count() < 1:
continue
else:
following = await self.bot.loop.run_in_executor(
executor, is_following, streamername, (await query.first()).twitch_account_id
)
if following and followerrole not in member.roles:
await member.add_roles(followerrole)
elif not following and followerrole in member.roles:
await member.remove_roles(followerrole)
def get_user_data(self):
from models import UserData
user_id = None
email = None
if self.uses_google():
user_id, email = get_google_user_id_and_email_from_oauth_map(self)
elif self.uses_facebook():
user_id = get_facebook_user_id_from_oauth_map(self)
email = user_id
user_data = UserData.get_from_user_id(user_id) or \
UserData.get_from_db_key_email(email) or \
UserData.insert_for(user_id, email)
return user_data
def get_user_data(self):
from models import UserData
user_id = None
email = None
if self.uses_google():
user_id, email = get_google_user_id_and_email_from_oauth_map(self)
elif self.uses_facebook():
user_id = get_facebook_user_id_from_oauth_map(self)
email = user_id
user_data = UserData.get_from_user_id(user_id) or \
UserData.get_from_db_key_email(email) or \
UserData.insert_for(user_id, email)
return user_data
def post(self):
user = util.get_current_user()
if user:
expanded = self.request_bool("expanded")
user_data = UserData.get_or_insert_for(user)
user_data.expanded_all_exercises = expanded
user_data.put()
def post(self):
user_data = UserData.current()
if user_data:
expanded = self.request_bool("expanded")
user_data.expanded_all_exercises = expanded
user_data.put()
def post(self):
params = self.request.params
if not 'domain' in params:
self.abort(404)
domain = get_domain_or_404(params['domain'])
if 'from' in params and 'firstvisit' in params:
if params['from'] == 'inside' and params['firstvisit'] == 'true':
# maybe use a transaction for these two independent database
# operations? maybe not: it doesn't really matter if an entity of
# UserData could be put while Domain failed or vice versa.
domain.increment_counter()
UserData.add(self.request, params['domain'])
# explicit request to have content-type application/json
self.response.headers['Content-Type'] = 'application/json'
self.response.write(domain.get_json())
def post(self):
user = util.get_current_user()
if user:
expanded = self.request_bool("expanded")
user_data = UserData.get_or_insert_for(user)
user_data.expanded_all_exercises = expanded
user_data.put()
def test_userdata_add(self):
remote_addr = '127.0.0.1'
http_user_agent = 'foo agent'
domain = 'foobar'
referer = None
class Request(object): pass
request = Request()
request.headers = {'HTTP_USER_AGENT': http_user_agent}
request.referer = referer
os.environ['REMOTE_ADDR'] = remote_addr
UserData.add(request, domain)
user_data = UserData.query(UserData.domain==domain).get()
self.assertEqual(user_data.remote_addr, remote_addr)
self.assertEqual(user_data.http_user_agent, http_user_agent)
self.assertEqual(user_data.referer, referer)
def post(self):
user_data = UserData.current()
if user_data:
expanded = self.request_bool("expanded")
user_data.expanded_all_exercises = expanded
user_data.put()
def setUp(self):
self.sel = WebDriver()
# Create a user and an org
self.user = UserData.createUser('firstName', 'lastName','*****@*****.**', 'pw')
self.user.org = OrgData.createOrg("theOrg")
self.user.save()
def signup(request):
u = request.user
if u.is_authenticated():
return HttpResponseRedirect(reverse('xodia:personal_home'))
else:
for exist_user in User.objects.all():
if request.POST['uname'] == exist_user.username:
return render(request, 'xodia/alreadyuname.html')
u = User.objects.create_user(username=request.POST['uname'],
first_name=request.POST['fname'],
last_name=request.POST['lname'])
u.email = request.POST['email']
u.set_password(request.POST['password'])
u.save()
ud = UserData(user=u)
if 'dp' in request.FILES:
ud.profilepic = request.FILES['dp']
else:
ud.profilepic = path.join(mysite.settings.BASE_DIR,
'static/xodia/dps/images_004.png')
#ud.profilepic = '/home/lite/xodia_web_engine/mysite/xodia/static/xodia/dps/11070092_1026956053989421_6069066535809089795_o.jpg'
ud.mobno = request.POST['mobno']
ud.save()
print 'Before'
u.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, u)
print 'After'
return HttpResponseRedirect(reverse('xodia:personal_home'))
def get(self):
developers = UserData.all()
developers.filter('developer = ', True).fetch(1000)
template_values = {
"developers": developers,
"selected_id": "devs",
}
self.render_jinja2_template('devpanel/devs.html', template_values)
def get(self):
user = util.get_current_user()
if user:
user_data = UserData.get_or_insert_for(user)
invalid_coach = self.request_bool("invalid_coach", default = False)
self.render_template('viewcoaches.html', { 'coaches': user_data.coaches, 'invalid_coach': invalid_coach })
else:
self.redirect(util.create_login_url(self.request.uri))
def post(self):
coach_data = UserData.current()
if not coach_data:
return
student_list = util_profile.get_list(coach_data, self)
student_list.delete()
if not self.is_ajax_request():
self.redirect_to('/students')
def post(self):
user = util.get_current_user()
if user:
lat = self.request_float("lat")
lng = self.request_float("lng")
zoom = self.request_int("zoom")
user_data = UserData.get_or_insert_for(user)
user_data.map_coords = serializeMapCoords(lat, lng, zoom)
user_data.put()
def do_request(self, student, coach, redirect_to):
if not UserData.current():
self.redirect(util.create_login_url(self.request.uri))
return
if student and coach:
self.remove_student_from_coach(student, coach)
if not self.is_ajax_request():
self.redirect(redirect_to)
def test_userdata_add(self):
remote_addr = '127.0.0.1'
http_user_agent = 'foo agent'
domain = 'foobar'
referer = None
class Request(object):
pass
request = Request()
request.headers = {'HTTP_USER_AGENT': http_user_agent}
request.referer = referer
os.environ['REMOTE_ADDR'] = remote_addr
UserData.add(request, domain)
user_data = UserData.query(UserData.domain == domain).get()
self.assertEqual(user_data.remote_addr, remote_addr)
self.assertEqual(user_data.http_user_agent, http_user_agent)
self.assertEqual(user_data.referer, referer)
def post(self):
coach_data = UserData.current()
if not coach_data:
return
student_list = util_profile.get_list(coach_data, self)
student_list.delete()
if not self.is_ajax_request():
self.redirect_to('/students')
def post(self):
# You have to be logged in to vote
user_data = UserData.current()
if not user_data:
return
vote_type = self.request_int("vote_type", default=FeedbackVote.ABSTAIN)
if vote_type == FeedbackVote.UP and not Privileges.can_up_vote(
user_data):
self.render_json({
"error":
Privileges.need_points_desc(Privileges.UP_VOTE_THRESHOLD,
"up vote")
})
return
elif vote_type == FeedbackVote.DOWN and not Privileges.can_down_vote(
user_data):
self.render_json({
"error":
Privileges.need_points_desc(Privileges.DOWN_VOTE_THRESHOLD,
"down vote")
})
return
entity_key = self.request_string("entity_key", default="")
if entity_key:
entity = db.get(entity_key)
if entity and entity.authored_by(user_data):
self.render_json(
{"error": "You cannot vote for your own posts."})
return
if vote_type != FeedbackVote.ABSTAIN:
limiter = VoteRateLimiter(user_data)
if not limiter.increment():
self.render_json({"error": limiter.denied_desc()})
return
# We kick off a taskqueue item to perform the actual vote insertion
# so we don't have to worry about fast writes to the entity group
# causing contention problems for the HR datastore, because
# the taskqueue will just retry w/ exponential backoff.
taskqueue.add(url='/admin/discussion/finishvoteentity',
queue_name='voting-queue',
params={
"email":
user_data.email,
"vote_type":
self.request_int("vote_type",
default=FeedbackVote.ABSTAIN),
"entity_key":
entity_key
})
