def new_password(self): """Create a new password .. tip:: Unlike change password this does not demand the old password. And hence this method will check in the session for a parameter called allow_new_password which has to be True. This acts as a security against attempts to POST to this method and changing password. The allow_new_password flag is popped on successful saving This is intended to be used when a user requests for a password reset. """ form = NewPasswordForm(request.form) if request.method == "POST" and form.validate(): if not session.get("allow_new_password", False): current_app.logger.debug("New password not allowed in session") abort(403) self.write(request.nereid_user.id, {"password": form.password.data}) session.pop("allow_new_password") flash(_("Your password has been successfully changed! " "Please login again")) session.pop("user") return redirect(url_for("nereid.website.login")) return render_template("new-password.jinja", password_form=form)
def get_linkedin_oauth_client(self, site=None, scope='r_basicprofile,r_emailaddress', token='linkedin_oauth_token'): """Returns a instance of WebCollect :param site: Browserecord of the website, If not specified, it will be guessed from the request context """ if site is None: site = request.nereid_website if not all([site.linkedin_api_key, site.linkedin_api_secret]): current_app.logger.error("LinkedIn api settings are missing") flash(_("LinkedIn login is not available at the moment")) return None oauth = OAuth() linkedin = oauth.remote_app('linkedin', base_url='https://api.linkedin.com', request_token_url='/uas/oauth/requestToken', access_token_url='/uas/oauth/accessToken', authorize_url='/uas/oauth/authenticate', consumer_key=site.linkedin_api_key, consumer_secret=site.linkedin_api_secret, request_token_params={'scope': scope} ) linkedin.tokengetter_func = lambda *a: session.get(token) return linkedin
def new_password(cls): """Create a new password .. tip:: Unlike change password this does not demand the old password. And hence this method will check in the session for a parameter called allow_new_password which has to be True. This acts as a security against attempts to POST to this method and changing password. The allow_new_password flag is popped on successful saving This is intended to be used when a user requests for a password reset. """ form = NewPasswordForm(request.form) if request.method == 'POST' and form.validate(): if not session.get('allow_new_password', False): current_app.logger.debug('New password not allowed in session') abort(403) cls.write( [request.nereid_user], {'password': form.password.data} ) session.pop('allow_new_password') flash(_( 'Your password has been successfully changed! ' 'Please login again')) session.pop('user') return redirect(url_for('nereid.website.login')) return render_template('new-password.jinja', password_form=form)
def get_github_oauth_client(self, site=None, scope='', token='github_oauth_token'): """Returns a instance of LinkedIn OAuth :param site: Browserecord of the website, If not specified, it will be guessed from the request context """ if site is None: site = request.nereid_website if not all([site.github_id, site.github_secret]): current_app.logger.error("Github api settings are missing") flash(_("Github login is not available at the moment")) return None oauth = OAuth() github = oauth.remote_app('github', base_url='https://github.com', request_token_url=None, access_token_url='/login/oauth/access_token', authorize_url='/login/oauth/authorize', consumer_key=site.github_id, consumer_secret=site.github_secret, request_token_params={'scope': scope}, access_token_method="POST", ) github.tokengetter_func = lambda *a: session.get(token) return github
def get_linkedin_oauth_client(self, scope='r_basicprofile,r_emailaddress', token='linkedin_oauth_token'): """Returns a instance of WebCollect :param scope: Scope of information to be fetched from linkedin :param token: Token for authentication """ if not all([self.linkedin_api_key, self.linkedin_api_secret]): current_app.logger.error("LinkedIn api settings are missing") flash(_("LinkedIn login is not available at the moment")) return None oauth = OAuth() linkedin = oauth.remote_app( 'linkedin', base_url='https://api.linkedin.com', request_token_url='/uas/oauth/requestToken', access_token_url='/uas/oauth/accessToken', authorize_url='/uas/oauth/authenticate', consumer_key=self.linkedin_api_key, consumer_secret=self.linkedin_api_secret, request_token_params={'scope': scope}) linkedin.tokengetter_func = lambda *a: session.get(token) return linkedin
def get_github_oauth_client(self, site=None, scope='', token='github_oauth_token'): """Returns a instance of LinkedIn OAuth :param site: Browserecord of the website, If not specified, it will be guessed from the request context """ if site is None: site = request.nereid_website if not all([site.github_id, site.github_secret]): current_app.logger.error("Github api settings are missing") flash(_("Github login is not available at the moment")) return None oauth = OAuth() github = oauth.remote_app( 'github', base_url='https://github.com', request_token_url=None, access_token_url='/login/oauth/access_token', authorize_url='/login/oauth/authorize', consumer_key=site.github_id, consumer_secret=site.github_secret, request_token_params={'scope': scope}, access_token_method="POST", ) github.tokengetter_func = lambda *a: session.get(token) return github
def get_facebook_oauth_client(self, site=None): """Returns a instance of WebCollect :param site: Browserecord of the website, If not specified, it will be guessed from the request context """ if site is None: site = request.nereid_website if not all([site.facebook_app_id, site.facebook_app_secret]): current_app.logger.error("Facebook api settings are missing") flash(_("Facebook login is not available at the moment")) return None oauth = OAuth() facebook = oauth.remote_app( 'facebook', base_url='https://graph.facebook.com/', request_token_url=None, access_token_url='/oauth/access_token', authorize_url='https://www.facebook.com/dialog/oauth', consumer_key=site.facebook_app_id, consumer_secret=site.facebook_app_secret, request_token_params={'scope': 'email'}) facebook.tokengetter_func = lambda *a: session.get( 'facebook_oauth_token') return facebook
def new_password(cls): """Create a new password .. tip:: Unlike change password this does not demand the old password. And hence this method will check in the session for a parameter called allow_new_password which has to be True. This acts as a security against attempts to POST to this method and changing password. The allow_new_password flag is popped on successful saving This is intended to be used when a user requests for a password reset. """ form = NewPasswordForm(request.form) if request.method == 'POST' and form.validate(): if not session.get('allow_new_password', False): current_app.logger.debug('New password not allowed in session') abort(403) cls.write([request.nereid_user], {'password': form.password.data}) session.pop('allow_new_password') flash( _('Your password has been successfully changed! ' 'Please login again')) session.pop('user') return redirect(url_for('nereid.website.login')) return render_template('new-password.jinja', password_form=form)
def get_linkedin_oauth_client( self, scope='r_basicprofile,r_emailaddress', token='linkedin_oauth_token' ): """Returns a instance of WebCollect :param scope: Scope of information to be fetched from linkedin :param token: Token for authentication """ if not all([self.linkedin_api_key, self.linkedin_api_secret]): current_app.logger.error("LinkedIn api settings are missing") flash(_("LinkedIn login is not available at the moment")) return None oauth = OAuth() linkedin = oauth.remote_app( 'linkedin', base_url='https://api.linkedin.com', request_token_url='/uas/oauth/requestToken', access_token_url='/uas/oauth/accessToken', authorize_url='/uas/oauth/authenticate', consumer_key=self.linkedin_api_key, consumer_secret=self.linkedin_api_secret, request_token_params={'scope': scope} ) linkedin.tokengetter_func = lambda *a: session.get(token) return linkedin
def get_google_oauth_client(self): """ Returns a instance of WebCollect """ if not all([self.google_app_id, self.google_app_secret]): current_app.logger.error("Google api settings are missing") flash(_("Google login is not available at the moment")) return None oauth = OAuth() google = oauth.remote_app( 'google', base_url='https://www.google.com/accounts/', request_token_url=None, access_token_url='https://accounts.google.com/o/oauth2/token', access_token_method='POST', authorize_url='https://accounts.google.com/o/oauth2/auth', consumer_key=self.google_app_id, consumer_secret=self.google_app_secret, request_token_params={ 'response_type': 'code', 'scope': 'email', }, access_token_params={'grant_type': 'authorization_code'} ) google.tokengetter_func = lambda *a: session.get('google_oauth_token') return google
def get_facebook_oauth_client(self, site=None): """Returns a instance of WebCollect :param site: Browserecord of the website, If not specified, it will be guessed from the request context """ if site is None: site = request.nereid_website if not all([site.facebook_app_id, site.facebook_app_secret]): current_app.logger.error("Facebook api settings are missing") flash(_("Facebook login is not available at the moment")) return None oauth = OAuth() facebook = oauth.remote_app('facebook', base_url='https://graph.facebook.com/', request_token_url=None, access_token_url='/oauth/access_token', authorize_url='https://www.facebook.com/dialog/oauth', consumer_key=site.facebook_app_id, consumer_secret=site.facebook_app_secret, request_token_params={'scope': 'email'} ) facebook.tokengetter_func = lambda *a: session.get( 'facebook_oauth_token' ) return facebook
def get_linkedin_oauth_client(self, site=None, scope='r_basicprofile,r_emailaddress', token='linkedin_oauth_token'): """Returns a instance of WebCollect :param site: Browserecord of the website, If not specified, it will be guessed from the request context """ if site is None: site = request.nereid_website if not all([site.linkedin_api_key, site.linkedin_api_secret]): current_app.logger.error("LinkedIn api settings are missing") flash(_("LinkedIn login is not available at the moment")) return None oauth = OAuth() linkedin = oauth.remote_app( 'linkedin', base_url='https://api.linkedin.com', request_token_url='/uas/oauth/requestToken', access_token_url='/uas/oauth/accessToken', authorize_url='/uas/oauth/authenticate', consumer_key=site.linkedin_api_key, consumer_secret=site.linkedin_api_secret, request_token_params={'scope': scope}) linkedin.tokengetter_func = lambda *a: session.get(token) return linkedin
def recent_products(self): """ GET --- Return a list of recently visited products in JSON POST ---- Add the product to the recent list manually. This method is required if the product page is cached, or is served by a Caching Middleware like Varnish which may clear the session before sending the request to Nereid. Just as with GET the response is the AJAX of recent products """ if request.method == 'POST': self._add_to_recent_list(request.form.get('product_id', type=int)) fields = request.args.getlist('fields') if fields: allowed_fields = [ f for f in fields if f in self.json_allowed_fields ] else: allowed_fields = self.json_allowed_fields[:] products = [] if 'sale_price' in allowed_fields: allowed_fields.remove('sale_price') if hasattr(session, 'sid'): product_ids = session.get('recent-products', []) products = self.read(product_ids, allowed_fields) for product in products: product['sale_price'] = format_currency( self.sale_price(product['id']), request.nereid_currency.code ) return jsonify( products = products )
def get_github_oauth_client(self, scope='', token='github_oauth_token'): """Returns a instance of Github OAuth """ if not all([self.github_id, self.github_secret]): current_app.logger.error("Github api settings are missing") flash(_("Github login is not available at the moment")) return None oauth = OAuth() github = oauth.remote_app('github', base_url='https://github.com', request_token_url=None, access_token_url='/login/oauth/access_token', authorize_url='/login/oauth/authorize', consumer_key=self.github_id, consumer_secret=self.github_secret, request_token_params={'scope': scope}, access_token_method="POST", ) github.tokengetter_func = lambda *a: session.get(token) return github
def recent_products(cls): """ GET --- Return a list of recently visited products in JSON POST ---- Add the product to the recent list manually. This method is required if the product page is cached, or is served by a Caching Middleware like Varnish which may clear the session before sending the request to Nereid. Just as with GET the response is the AJAX of recent products """ if request.method == 'POST': cls._add_to_recent_list(request.form.get('product_id', type=int)) fields = set(request.args.getlist('fields')) or cls.json_allowed_fields fields = fields & cls.json_allowed_fields if 'sale_price' in fields: fields.remove('sale_price') response = [] if hasattr(session, 'sid'): products = cls.browse(session.get('recent-products', [])) for product in products: product_val = {} for field in fields: product_val[field] = getattr(product, field) product_val['sale_price'] = format_currency( product.sale_price(), current_locale.currency.code ) response.append(product_val) return jsonify(products=response)
def recent_products(cls): """ GET --- Return a list of recently visited products in JSON POST ---- Add the product to the recent list manually. This method is required if the product page is cached, or is served by a Caching Middleware like Varnish which may clear the session before sending the request to Nereid. Just as with GET the response is the AJAX of recent products """ if request.method == 'POST': cls._add_to_recent_list(request.form.get('product_id', type=int)) fields = set(request.args.getlist('fields')) or cls.json_allowed_fields fields = fields & cls.json_allowed_fields if 'sale_price' in fields: fields.remove('sale_price') response = [] if hasattr(session, 'sid'): products = cls.browse(session.get('recent-products', [])) for product in products: product_val = {} for field in fields: product_val[field] = getattr(product, field) product_val['sale_price'] = format_currency( product.sale_price(), request.nereid_currency.code ) response.append(product_val) return jsonify(products=response)
def get_facebook_oauth_client(self): """ Returns a instance of WebCollect """ if not all([self.facebook_app_id, self.facebook_app_secret]): current_app.logger.error("Facebook api settings are missing") flash(_("Facebook login is not available at the moment")) return None oauth = OAuth() facebook = oauth.remote_app( "facebook", base_url="https://graph.facebook.com/", request_token_url=None, access_token_url="/oauth/access_token", authorize_url="https://www.facebook.com/dialog/oauth", consumer_key=self.facebook_app_id, consumer_secret=self.facebook_app_secret, request_token_params={"scope": "email"}, ) facebook.tokengetter_func = lambda *a: session.get("facebook_oauth_token") return facebook
def get_facebook_oauth_client(self): """ Returns a instance of WebCollect """ if not all([self.facebook_app_id, self.facebook_app_secret]): current_app.logger.error("Facebook api settings are missing") flash(_("Facebook login is not available at the moment")) return None oauth = OAuth() facebook = oauth.remote_app( 'facebook', base_url='https://graph.facebook.com/', request_token_url=None, access_token_url='/oauth/access_token', authorize_url='https://www.facebook.com/dialog/oauth', consumer_key=self.facebook_app_id, consumer_secret=self.facebook_app_secret, request_token_params={'scope': 'email'}) facebook.tokengetter_func = lambda *a: session.get( 'facebook_oauth_token') return facebook
def open_cart(cls, create_order=False): """Logic of this cart functionality is inspired by amazon. Most e-commerce systems handle cart in a different way and it is important to know how the cart behaves under different circumstances. :param create_order: If `True` Create a sale order and attach if one does not already exist. :return: The Active record for the shopping cart of the user The method is guaranteed to return a cart but the cart may not have a sale order. For methods like add to cart which definitely need a sale order pass :attr: create_order = True so that an order is also assured. """ Sale = Pool().get("sale.sale") NereidUser = Pool().get("nereid.user") # request.nereid_user is not used here this method is used by the # signal handlers immediately after a user logs in (but before being # redirected). This causes the cached property of nereid_user to remain # in old value through out the request, which will not have ended when # this method is called. user = NereidUser(session.get("user", request.nereid_website.guest_user.id)) # for a registered user there is only one cart, session is immaterial if "user" in session: carts = cls.search( [("sessionid", "=", False), ("user", "=", user.id), ("website", "=", request.nereid_website.id)] ) else: carts = cls.search( [("sessionid", "=", session.sid), ("user", "=", user.id), ("website", "=", request.nereid_website.id)], limit=1, ) if not carts: # Create a cart since it definitely does not exists carts = [ cls.create( { "user": user.id, "website": request.nereid_website.id, "sessionid": session.sid if "user" not in session else None, } ) ] cart, = carts if cart.sale: cart.sanitise_state(user) # Check if the order needs to be created if create_order and not cart.sale: # Try any abandoned carts that may exist if user is registered sale_orders = ( Sale.search( [ ("state", "=", "draft"), ("is_cart", "=", True), ("website", "=", request.nereid_website.id), ("party", "=", user.party.id), ("currency", "=", request.nereid_currency.id), ], limit=1, ) if "user" in session else None ) cls.write([cart], {"sale": sale_orders[0].id if sale_orders else cls.create_draft_sale(user).id}) return cls(cart.id)
def sign_in(cls): ''' Step 1: Sign In or Register GET ~~~ Renders a sign-in or register page. If guest checkout is enabled, then an option to continue as guest is also permitted, in which case the email is a required field. POST ~~~~ For guest checkout, this sign in would create a new party with the name as the current session_id and move the shopping cart's sale to the new user's ownership Designer notes: The registration or login must contact the corresponding handlers. Login and Registraion handlers are designed to handle a `next` parameter where the user would be redirected to if the operation was successful. The next url is provided in the context OTOH, if the user desires to checkout as guest, the user is required to fill in the email and submit the form, which posts the email to this handler. ''' NereidCart = Pool().get('nereid.cart') NereidUser = Pool().get('nereid.user') Party = Pool().get('party.party') if not current_user.is_anonymous: form = cls.sign_in_form( email=current_user.email, checkout_mode='account', ) else: # Guest user form = cls.sign_in_form( email=session.get('email'), checkout_mode='guest', ) if form.validate_on_submit(): if form.checkout_mode.data == 'guest': if not cls.allowed_as_guest(form.email.data): return render_template( 'checkout/signin-email-in-use.jinja', email=form.email.data) cart = NereidCart.open_cart() party_name = unicode( _('Guest with email: %(email)s', email=form.email.data)) if cart.sale.party == current_website.guest_user.party: # Create a party with the email as email, and session as # name, but attach the session to it. party, = Party.create([{ 'name': party_name, 'nereid_session': session.sid, 'addresses': [], 'contact_mechanisms': [('create', [{ 'type': 'email', 'value': form.email.data, }])] }]) cart.sale.party = party # TODO: Avoid this if the user comes to sign-in twice. cart.sale.shipment_address = None cart.sale.invoice_address = None cart.sale.save() else: # Perhaps the email changed ? party = cart.sale.party party.name = party_name # contact_mechanism of email type will always be there for # Guest user contact_mechanism = filter(lambda c: c.type == 'email', party.contact_mechanisms)[0] contact_mechanism.value = form.email.data contact_mechanism.save() party.email = form.email.data party.save() return redirect(url_for('nereid.checkout.shipping_address')) else: # The user wants to use existing email to login user = NereidUser.authenticate(form.email.data, form.password.data) if user: # FIXME: Remove remember_me login_user(user, remember=form.remember.data) return redirect( url_for('nereid.checkout.shipping_address')) else: failed_login.send() if not current_user.is_anonymous: # Registered user with a fresh login can directly proceed to # step 2, which is filling the shipping address # # if this is a recent sign-in by a registred user # automatically proceed to the shipping_address step return redirect(url_for('nereid.checkout.shipping_address')) return render_template( 'checkout/signin.jinja', form=form, next=url_for('nereid.checkout.shipping_address'))
def sign_in(cls): ''' Step 1: Sign In or Register GET ~~~ Renders a sign-in or register page. If guest checkout is enabled, then an option to continue as guest is also permitted, in which case the email is a required field. POST ~~~~ For guest checkout, this sign in would create a new party with the name as the current session_id and move the shopping cart's sale to the new user's ownership Designer notes: The registration or login must contact the corresponding handlers. Login and Registraion handlers are designed to handle a `next` parameter where the user would be redirected to if the operation was successful. The next url is provided in the context OTOH, if the user desires to checkout as guest, the user is required to fill in the email and submit the form, which posts the email to this handler. ''' NereidCart = Pool().get('nereid.cart') NereidUser = Pool().get('nereid.user') Party = Pool().get('party.party') if not current_user.is_anonymous(): form = cls.sign_in_form( email=current_user.email, checkout_mode='account', ) else: # Guest user form = cls.sign_in_form( email=session.get('email'), checkout_mode='guest', ) if form.validate_on_submit(): if form.checkout_mode.data == 'guest': if not cls.allowed_as_guest(form.email.data): return render_template( 'checkout/signin-email-in-use.jinja', email=form.email.data ) cart = NereidCart.open_cart() party_name = unicode(_( 'Guest with email: %(email)s', email=form.email.data )) if cart.sale.party == request.nereid_website.guest_user.party: # Create a party with the email as email, and session as # name, but attach the session to it. party, = Party.create([{ 'name': party_name, 'nereid_session': session.sid, 'addresses': [], 'contact_mechanisms': [('create', [{ 'type': 'email', 'value': form.email.data, }])] }]) cart.sale.party = party # TODO: Avoid this if the user comes to sign-in twice. cart.sale.shipment_address = None cart.sale.invoice_address = None cart.sale.save() else: # Perhaps the email changed ? party = cart.sale.party party.name = party_name # contact_mechanism of email type will always be there for # Guest user contact_mechanism = filter( lambda c: c.type == 'email', party.contact_mechanisms )[0] contact_mechanism.value = form.email.data contact_mechanism.save() party.email = form.email.data party.save() return redirect( url_for('nereid.checkout.shipping_address') ) else: # The user wants to use existing email to login user = NereidUser.authenticate( form.email.data, form.password.data ) if user: # FIXME: Remove remember_me login_user(user, remember=form.remember.data) return redirect( url_for('nereid.checkout.shipping_address') ) else: failed_login.send() if not current_user.is_anonymous(): # Registered user with a fresh login can directly proceed to # step 2, which is filling the shipping address # # if this is a recent sign-in by a registred user # automatically proceed to the shipping_address step return redirect(url_for('nereid.checkout.shipping_address')) return render_template( 'checkout/signin.jinja', form=form, next=url_for('nereid.checkout.shipping_address') )