def create_or_login(resp):
"""This is called when login with OpenID succeeded and it's not
necessary to figure out if this is the users's first login or not.
This function has to redirect otherwise the user will be presented
with a terrible URL which we certainly don't want.
"""
session["openid"] = resp.identity_url
user = User.get_with_first("openid", resp.identity_url)
# not a new user
if user is not None:
flash("Logged in successfully.", "success")
login_user(user)
else:
# Create new user
user = User(
openid=resp.identity_url,
datasets=[],
is_active=True,
is_authenticated=True,
is_anonymous=False,
confirmed_on=datetime.datetime.now(),
)
user.save()
login_user(user)
flash(
"Success!, Since this is your first login, a local profile was "
"created for you which is now you active user"
"for you",
"success",
)
return redirect(oid.get_next_url())
def approve_auth(token):
data = confirm_token(token)
if data is False:
flash("Confirmation failed, either it is invalid or expired.",
"danger")
return redirect(url_for("projects.projects"))
if "email" not in data:
flash("Confirmation failed, required email is not present", "danger")
return redirect(url_for("projects.projects"))
user = User.get_with_first("email", data["email"])
if user is not None:
flash("That email has already been registered")
return redirect(url_for("projects.projects"))
else:
# Setup
user = User(
email=data["email"],
password=hashpw(os.urandom(24), gensalt()),
projects=[],
is_active=False,
is_authenticated=False,
is_anonymous=False,
confirmed_on=datetime.datetime.now(),
)
user.save()
token = generate_confirmation_token(data=data["email"])
reset_url = url_for("projects.reset_password",
token=token,
_external=True)
html = render_template(
"projects/email/reset_password.html",
email=data["email"],
reset_password_url=reset_url,
)
msg = Message(
subject="{} Projects Account approval".format(
config.get("PROJECTS", "title")),
html=html,
recipients=[data["email"]],
sender=app.config["MAIL_USERNAME"],
)
mail.send(msg)
flash(
"The account {} has been approved and created".format(
data["email"]),
"success",
)
return redirect(url_for("projects.projects"))
def login():
"""Does the login via OpenID. Has to call into `oid.try_login`
to start the OpenID machinery.
"""
if current_user.is_authenticated:
flash("Your already logged in", "success")
return redirect(oid.get_next_url())
form = LoginForm(request.form)
if form.validate_on_submit():
# Debug mode, allow dummy auth
if app.debug and form.auth_provider.data == "https://openid.ku.dk":
user = User.get_with_first("openid", app.config["DEBUG_USER"])
if user:
login_user(user)
flash("Logged in as the debug user", "success")
return redirect(url_for("projects.projects"))
else:
flash("No such user could be found", "warning")
return redirect(url_for("projects.projects"))
logged_in = None
try:
logged_in = oid.try_login(form.auth_provider.data)
except Exception as err:
app.logger.debug("Failed to login {}".format(err))
return redirect(url_for("login"))
return logged_in
return render_template("fair/login.html",
form=form,
next=oid.get_next_url())
def get(self, request):
details = request.session['partial_pipeline']['kwargs']['details']
skills_options = []
member = None
try:
member = Member.objects.select_related('skills').get(name=details["first_name"]+' '+details["last_name"])
except:
pass
for sgroup in SkillGroup.objects.select_related('skills').all():
skills_options.append({
"text": sgroup.name,
"id": -1,
"group": sgroup.name,
})
for skill in sgroup.skills.all():
skills_options.append({
"text": skill.name,
"id": skill.id,
"group": sgroup.name,
})
uid = request.session['partial_pipeline']['kwargs']['uid']
return {
'details': details,
'uid': uid,
'avatar': User.get_facebook_avatar(uid),
'skills': Skill.objects.all(),
'skills_options': skills_options,
'member': member,
'usecase': request.params.get('usecase', 'now'),
}
def get(self, request):
details = request.session['partial_pipeline']['kwargs']['details']
skills_options = []
member = None
try:
member = Member.objects.select_related('skills').get(
name=details["first_name"] + ' ' + details["last_name"])
except:
pass
for sgroup in SkillGroup.objects.select_related('skills').all():
skills_options.append({
"text": sgroup.name,
"id": -1,
"group": sgroup.name,
})
for skill in sgroup.skills.all():
skills_options.append({
"text": skill.name,
"id": skill.id,
"group": sgroup.name,
})
uid = request.session['partial_pipeline']['kwargs']['uid']
return {
'details': details,
'uid': uid,
'avatar': User.get_facebook_avatar(uid),
'skills': Skill.objects.all(),
'skills_options': skills_options,
'member': member,
'usecase': request.params.get('usecase', 'now'),
}
def setUp(self):
app.config["TESTING"] = True
app.config["DEBUG"] = True
folders = {}
folders["DATA_FOLDER"] = app.config["DATA_FOLDER"] = os.path.join(
os.getcwd(), "tests/data"
)
folders["UPLOAD_FOLDER"] = app.config["UPLOAD_FOLDER"] = os.path.join(
os.getcwd(), "tests/images"
)
app.config["WTF_CSRF_ENABLED"] = True
# Create required folders for the application if they don't exist
for _, folder in folders.items():
try:
os.makedirs(folder)
print("Created: " + folder)
except FileExistsError:
pass
# Override default DB setting ->use a testing db instead of the default
app.config["DB"] = os.path.join(app.config["DATA_FOLDER"], "fair_test")
self.username = "******"
self.password = "******"
user = User.get_with_first("email", self.username)
hashed_pw = hashpw(bytes(self.password, "utf-8"), gensalt())
if user is None:
user = User(
email=self.username,
password=hashed_pw,
projects=[],
is_active=True,
is_authenticated=True,
is_anonymous=False,
confirmed_on=datetime.datetime.now(),
)
user.save()
self.user = user
self.client = app.test_client()
# Setup valid token
self.csrf_token = None
with self.client as client:
resp = client.get("/index")
assert resp.status_code == 200
self.csrf_token = g.csrf_token
def request_auth():
form = AuthRequestForm(request.form)
if form.validate_on_submit():
# Send confirmation token
user = User.get_with_first("email", form.email.data)
if user is None:
data = form.data
# Remove csrf_token
del data["csrf_token"]
subject = "{} requests {} access".format(
form.email.data, config.get("PROJECTS", "title"))
token = generate_confirmation_token(data=form.data)
confirm_url = url_for("projects.approve_auth",
token=token,
_external=True)
html = render_template(
"projects/email/activate_user.html",
email=form.data,
confirm_url=confirm_url,
)
msg = Message(
subject=subject,
html=html,
recipients=[app.config["ADMINS_EMAIL"]],
sender=app.config["MAIL_USERNAME"],
)
try:
mail.send(msg)
except TimeoutError:
return jsonify(
data={
"danger":
"Timed out before request could be sent"
" to an admin for approval"
})
return jsonify(
data={
"success":
"Request successfully submitted"
", awaiting admin approval"
})
else:
response = jsonify(
data={"danger": "That email has already been granted access"})
response.status_code = 400
return response
response = jsonify(
data={
"danger":
", ".join([
"{} - {}".format(attr, r_msg)
for attr, errors in form.errors.items() for r_msg in errors
])
})
response.status_code = 400
return response
def login():
form = LoginForm(request.form)
if form.validate_on_submit():
valid_user = User.valid_user(form.email.data, form.password.data)
if valid_user is not None:
flash("Logged in successfully.", "success")
login_user(valid_user)
return redirect(url_for("projects.projects"))
else:
flash("Invalid Credentials", "danger")
return render_template("projects/login.html", form=form)
def request_password_reset():
form = PasswordResetRequestForm(request.form)
if form.validate_on_submit():
user = User.get_with_first("email", form.email.data)
if user is None:
response = jsonify(data={"danger": "That user does not exist"})
response.status_code = 400
return response
else:
email = user.email
token = generate_confirmation_token(data=email)
reset_url = url_for("projects.reset_password",
token=token,
_external=True)
html = render_template(
"projects/email/reset_password.html",
email=email,
reset_password_url=reset_url,
)
msg = Message(
subject="{} Reset Password".format(
config.get("PROJECTS", "title")),
html=html,
recipients=[email],
sender=app.config["MAIL_USERNAME"],
)
mail.send(msg)
return jsonify(
data={
"success":
"A password reset link has been sent to {}".format(email)
})
response = jsonify(
data={
"danger":
", ".join([
"{} - {}".format(attr, r_msg)
for attr, errors in form.errors.items() for r_msg in errors
])
})
response.status_code = 400
return response
def reset_password(token):
email = confirm_token(token)
if email is False:
flash(
"Attempted password reset failed,"
" the request is either invalid or expired",
"danger",
)
return redirect(url_for("projects.login"))
form = PasswordResetForm(request.form)
if form.validate_on_submit():
user = User.get_with_first("email", email)
user.is_active = True
user.is_authenticated = True
user.is_anonymous = False
user.email = email
user.password = hashpw(bytes(form.password.data, "utf-8"), gensalt())
user.save()
flash("Your password has now been updated", "success")
return redirect(url_for("projects.projects"))
return render_template("projects/reset_password_form.html",
form=form,
email=email)
dest="ip",
type=str,
default="127.0.0.1",
help="The interface the webserver should listen on",
)
parser.add_argument(
"--port",
dest="port",
type=int,
default=8080,
help="The port the webserver should listen on",
)
args = parser.parse_args()
if __name__ == "__main__":
# Implement test user
if args.debug:
user = User.get_with_first("email", "*****@*****.**")
if user is None:
user = User(
email="*****@*****.**",
password=hashpw(bytes("test", "utf-8"), gensalt()),
projects=[],
is_active=True,
is_authenticated=True,
is_anonymous=False,
confirmed_on=datetime.datetime.now(),
)
user.save()
app.run(host=args.ip, port=args.port, debug=args.debug)
def load_user(user_id):
user = User.get(user_id)
return user
def contact(request):
message = ''
# if this is a POST request we need to process the form data
if request.method == 'POST':
signup_form = SignupForm(request.POST, prefix="signup")
signdown_form = SigndownForm(request.POST, prefix="signdown")
if signup_form.is_valid():
# Get data from form
first_name = signup_form.cleaned_data['first_name']
last_name = signup_form.cleaned_data['last_name']
comp_id = signup_form.cleaned_data['comp_id']
major = signup_form.cleaned_data['major']
degree_program = signup_form.cleaned_data['degree_program']
graduation_year = signup_form.cleaned_data['graduation_year']
email_domain = "@virginia.edu"
email = comp_id + email_domain
user_exists_with_comp_id = User.objects.filter(
comp_id=comp_id).exists()
if user_exists_with_comp_id:
message = "There's already a person registered with that computing ID!"
# else no one exists with that - that's all we need!
else:
person = User(first_name=first_name,
last_name=last_name,
comp_id=comp_id,
email=email,
major=major,
degree_program=degree_program,
graduation_year=graduation_year,
need_added_to_email=True)
person.save()
message = """
You will be added to our mailing list as soon as possible.
If you suspect you have not been added after some time, try emailing us.
Thank you for your interest!
"""
# Signdown form currently unavailable - it's hard.
#elif signdown_form.is_valid():
#comp_id = signdown_form.cleaned_data['comp_id']
#try:
#person_to_delete = User.objects.get(comp_id=comp_id)
# Need to send a confirmation email - but... tricky without users
#person_to_delete.need_removed_from_email = True
#message = "User with computing id " + comp_id + " will be removed shortly!"
#except ObjectDoesNotExist:
#message = """
#User not in our database.
#If you are sure that you are on our mailing list,
#try emailing us and we will remove you.
#We apologize for the inconvenience.
#"""
signup_form = SignupForm(prefix="signup")
#signdown_form = SigndownForm(prefix="signdown")
return render(
request,
'contact.html',
{
'signup_form': signup_form,
#'signdown_form': signdown_form,
'message': message,
})
type=str,
default="127.0.0.1",
help="The interface the webserver should listen on",
)
parser.add_argument(
"--port",
dest="port",
type=int,
default=8080,
help="The port the webserver should listen on",
)
args = parser.parse_args()
if __name__ == "__main__":
# Implement test user
if args.debug:
app.config["DEBUG_USER"] = "******"
user = User.get_with_first("openid", app.config["DEBUG_USER"])
if user is None:
user = User(
openid="*****@*****.**",
password=hashpw(bytes("test", "utf-8"), gensalt()),
projects=[],
is_active=True,
is_authenticated=True,
is_anonymous=False,
confirmed_on=datetime.datetime.now(),
)
user.save()
app.run(host=args.ip, port=args.port, debug=args.debug)
def create_stub_user():
first_names = ["Amelia", "Ava", "Mia", "Lily", "Olivia", "Ruby", "Seren", "Evie", "Ella", "Grace", "Emily", "Jacob",
"Oliver", "Riley", "Jack", "Alfie", "Harry", "Charlie", "Dylan", "William", "Mason"]
last_names = ["Brown", "Johnson", "Jones", "Khan", "Lewis", "Patel", "Roberts", "Smith", "Taylor", "Thomas",
"Williams"]
u = User()
u.name = choice(first_names)
u.lastName = choice(last_names)
u.email = u.lastName + "*****@*****.**"
u.login = u.name + "50"
u.password = u.name
isFemale = first_names.index(u.name) <= first_names.index("Emily")
u.gender = "Female" if isFemale else "Male"
u.birthdate = __generateRandomDate()
u.registerDate = __generateRandomDate()
u.modifiedDate = __generateRandomDate()
u.lastLoginDate = __generateRandomDate()
u.avatarPath = "stub_imgs/avatar2.jpg"
u.id = 11100 + randint(0, 99)
return u