def page_view(request): page_id = request.matchdict['page_id'] page = request.context.page if not page: ## TODO: setup notfound view raise NotFound("No such page {0}".format(page_id)) logged_in = authenticated_userid(request) api = get_template('ravel:templates/main.pt') commentschema = Comment() commentform = Form(commentschema, action=route_url('comment_add', request, page_id=page_id), buttons=('submit',), use_ajax=True) commentform['comment'].widget = widget.TextAreaWidget(rows=10, cols=60) print page.get('comments', None) return { 'api' : api, 'description' : page['description'], 'edit_url' : route_url('page_edit', request, page_id=page_id), 'logged_in' : logged_in, 'title' : page['title'], 'body' : page['body'], 'commentform' : commentform.render(), 'comments' : page.get('comments', None) }
def tag_articles(request): _ = request.translate tag = request.matchdict['tag'] page_size = int(get_config('elements_on_page')) start_page = 0 if 'start' in request.GET: try: start_page = int(request.GET['start']) except ValueError: start_page = 0 user = request.user dbsession = DBSession() q = dbsession.query(Article).join(Tag).options(joinedload('tags')).options(joinedload('user')).order_by(Article.published.desc()) if not user.has_role('editor'): q = q.filter(Article.is_draft==False) c = {} c['articles'] = q.filter(Tag.tag == tag)[(start_page * page_size):(start_page+1) * page_size + 1] c['prev_page'] = None if len(c['articles']) > page_size: c['prev_page'] = route_url('blog_tag_articles', request, tag=tag, _query=[('start', start_page+1)]) c['articles'].pop() c['next_page'] = None if start_page > 0: c['next_page'] = route_url('blog_tag_articles', request, tag=tag, _query=[('start', start_page-1)]) c['page_title'] = _(u'Articles labeled with tag “{0}”'.format(tag)) return c
def edit_page(request): """Edit a given page.""" session = DBSession() matchdict = request.matchdict page = session.query(Page).join(User).filter(Page.id == matchdict["page_id"]).order_by(desc(Page.modified_time)).one() if 'submitted' in request.params: fs = FieldSet(page, data=request.params) # TODO # add validation # Not sure why this is necessary...shouldn't I just be able to pass the session to FieldSet and have it sync? page.title = fs.title.value page.content = fs.content.value page.modified_time = time.time() page.location = fs.location.value session.add(page) return HTTPFound(location = route_url("view_page", request, page_location = page.location)) elif 'delete' in request.params: session.delete(page) return HTTPFound(location = route_url("edit_pages", request)) edit_blog_post_url = route_url("edit_page", request, page_id = page.id) fs = FieldSet(page) fs.configure(options=[fs.content.textarea(size=(45, 10))], exclude = [fs["modified_time"], fs["created_time"], fs["user"]]) form = fs.render() # TODO # Figure out how to delete using checkboxes return dict(title = "Edit '%s'" % page.title, save_name = save_name, delete_name = delete_name, form = form)
def user_chirps(request): dbsession = DBSession() userid = authenticated_userid(request) user = dbsession.query(User).filter_by(userid=userid).first() matchdict = request.matchdict other_userid = matchdict.get('userid') other_user = dbsession.query(User).filter_by(userid=other_userid).first() url = route_url('users', request, userid=other_userid) if other_user is None: return HTTPNotFound(location=url) chirps = dbsession.query(Chirp).filter(Chirp.author==other_user) chirps = chirps.order_by(Chirp.timestamp.desc()).limit(30) follows = dbsession.query(Follower).filter(Follower.follower==other_user.id) follows = follows.order_by(Follower.follows.asc()).limit(10) followers = dbsession.query(Follower).filter(Follower.follows==other_user.id) followers = followers.order_by(Follower.follower.asc()).limit(10) followed = dbsession.query(Follower).filter(Follower.follower==user.id) followed = followed.filter(Follower.follows==other_user.id).first() follow_url = route_url('follow', request, userid=other_userid) unfollow_url = route_url('unfollow', request, userid=other_userid) return {'app_url': request.application_url, 'static_url': request.static_url, 'userid': userid, 'chirps': chirps, 'user_chirps': True, 'user': other_user, 'original_user': user, 'elapsed': get_elapsed, 'follows': follows, 'followers': followers, 'followed': followed, 'follow_url': follow_url, 'unfollow_url': unfollow_url }
def confirm_login(request): """Renders a login form for a user that needs to login in order to authenticate an active OpenID authentication request. """ if 'form.submitted' in request.POST: if request.POST.get('csrf_token') != request.session.get_csrf_token(): raise Forbidden login = request.POST.get('login', '') password = request.POST.get('password', '') user = DBSession().query(User).filter_by(username=login).first() if user is not None and user.check_password(password): headers = remember(request, user.username) return HTTPFound( location=route_url('openid_confirm_login_success', request), headers=headers) else: request.session.flash(_(u'Failed to log in, please try again.')) options = { 'title': _(u'Log in to authenticate OpenID request'), 'login_name': request.params.get('login', ''), 'action_url': route_url('openid_confirm_login', request), #'reset_url': route_url('reset_password', request), 'csrf_token': request.session.get_csrf_token(), } return render_to_response('templates/openid_confirm_login.pt', options, request)
def register(self): if not Validate.bool(self.settings('allow_local_registration','false')): return HTTPFound(location=route_url('menu', self.request)) self.response['email'] = '' if 'form.submitted' in self.request.params: self.response['email'] = Validate.sanatize(self.request.params['email']) password = Validate.sanatize(self.request.params['password']) repassword = Validate.sanatize(self.request.params['re.password']) if Users.by({'email':self.response['email']}).first(): self.response['message'] = "Email already in use" return self.template('register.pt') if not Validate.email(self.response['email']): self.response['message'] = "Not a valid email address" return self.template('register.pt') if not Validate.password(password): self.response['message'] = "Improper password." return self.template('register.pt') if repassword != password: self.response['message'] = "Passwords do not match." return self.template('register.pt') # Below is good Users.registerLocalUser(self.response['email'], password) return HTTPFound(location=route_url('login', self.request)) return self.template('register.pt')
def get_tools(request, client, value=False): if value: tools_dicts = [{ "label": "Description", "value": client.entity()["description"], "url": route_url("entity", request, **request.matchdict), }] else: tools_dicts = [{ "label": "Description", "url": route_url("entity", request, **request.matchdict), }] for tool_name in TOOLS: tool_value = getattr(client, tool_name)() if tool_value and tool_value["objects"]: if value: tools_dicts.append({ "label": tool_name, "value": tool_value, "url": route_url(tool_name, request, **request.matchdict), }) else: tools_dicts.append({ "label": tool_name, "url": route_url(tool_name, request, **request.matchdict), }) return tools_dicts
def register(self): if not Validate.bool(self.settings("allow_local_registration", "false")): return HTTPFound(location=route_url("menu", self.request)) self.response["email"] = "" if "form.submitted" in self.request.params: self.response["email"] = Validate.sanatize(self.request.params["email"]) password = Validate.sanatize(self.request.params["password"]) repassword = Validate.sanatize(self.request.params["re.password"]) if Users.by({"email": self.response["email"]}).first(): self.notify("Email already in use!", warn=True) return self.template("register.pt") if not Validate.email(self.response["email"]): self.notify("Not a valid email address!", warn=True) return self.template("register.pt") if not Validate.password(password): self.notify("Improper password!", warn=True) return self.template("register.pt") if repassword != password: self.notify("Passwords do not match!", warn=True) return self.template("register.pt") # Below is good Users.registerLocalUser(self.response["email"], password) return HTTPFound(location=route_url("login", self.request)) return self.template("register.pt")
def yadis(request): """Serves the YADIS XRDS documents to facilitate service discovery.""" OPENID_AX = 'http://openid.net/srv/ax/1.0' if request.matchdict.get('local_id', '').strip(): session = DBSession() account = session.query(User).filter(User.username == request.matchdict['local_id']).first() if account is None: raise NotFound() # User specific XRDS document options = { 'service_types': [discover.OPENID_2_0_TYPE, OPENID_AX, sreg.ns_uri], 'local_id': identity_url(request, request.matchdict['local_id']), 'uri': route_url('openid_endpoint', request), } else: # Server XRDS document options = { 'service_types': [discover.OPENID_IDP_2_0_TYPE, OPENID_AX, sreg.ns_uri], 'uri': route_url('openid_endpoint', request), } response = render_to_response('templates/openid_yadis.pt', options, request) response.content_type = 'application/xrds+xml' return response
def save_address(request): username = request.params["username"] try: login(username, request.params["password"]) except: request.session.flash("Error: Invalid Fedora Credentials") return HTTPFound(route_url("accept", request)) app = DBSession.query(Application).filter_by(username=username).first() if not app: request.session.flash("Error: You did not submit an application.") return HTTPFound(route_url("accept", request)) if not app.approved: request.session.flash("Error: Your application has not been approved.") return HTTPFound(route_url("accept", request)) app.address = request.params["address"] mailer = get_mailer(request) admins = request.registry.settings["admin_email"].split() sender = request.registry.settings["email_from"] body = ( "Real Name: %s\nUsername: %s\nCountry: %s\n Hardware: %s\n" + "Shield: %s\nDate Submitted: %s\nAddress: %s" ) % (app.realname, app.username, app.country, app.hardware, app.shield, app.date, app.address) message = Message( subject="[Fedora Summer of Open Hardware] Address " "submitted for %s" % username, sender=sender, recipients=admins, body=body, ) DBSession.commit() mailer.send_immediately(message, fail_silently=False) request.session.flash("Your address has been submitted.") return HTTPFound(request.application_url)
def feedback(project, request): session = DBSession() item_id = request.matchdict.get('item_id',None) items = project.get_items_for_user(request.user) pending_items = [i for i in items if not i.submitted] completed_items = [i for i in items if i.submitted] if item_id: item = project.get_item_for_user(request.user, item_id) elif pending_items: item = pending_items[0] else: item = None if item is not None: item = project.get_item(item.id) feedback = session.query(FeedbackRecord).filter(FeedbackRecord.user==request.user).filter(FeedbackRecord.item==item).first() else: feedback = None item_controller = FormController(project.item_form) feedback_controller = FormController(project.feedback_form) if request.method == 'POST' and item: feedback_controller.validate_from_request(request) if feedback_controller.errors: request.session.flash('There was a problem with your feedback', 'errors') else: if not feedback: feedback = FeedbackRecord(project, request.user, item) session.add(feedback) feedback.update_submitted() feedback_controller.populate_record_from_request(feedback, request) request.session.flash('Feedback on %s submitted' % item.title, 'messages') # Once feedback is submitted, load the next # record from the top of the list if request.params.get('submit','') == 'save_and_next': return HTTPFound( location=route_url('project:feedback', request, project_id=project.id) ) else: return HTTPFound( location=route_url('project:feedback:item', request, project_id=project.id, item_id=item.id) ) return dict( pending_items=pending_items, completed_items=completed_items, item=item, item_values=item_controller.render_values(request, item), form_widgets=feedback_controller.render_widgets(request, feedback), project=project, responsive_layout=True, )
def login(request): logged_in = authenticated_userid(request) if logged_in: return HTTPFound(location=route_url("home", request)) session = DBSession() schema = schemas.Login() result = {"_csrf_": request.session.get_csrf_token()} errors = [] if request.POST: if not validate_csrf(request): return HTTPUnauthorized("Not authorized") try: form_result = schema.to_python(request.params) user = ( session.query(User) .filter(and_(User.email == form_result["email"], User.password == func.sha1(form_result["password"]))) .first() ) if user: headers = remember_me_header(request, user.email) return HTTPFound(location=route_url("home", request), headers=headers) else: errors.append("form") except validators.Invalid, e: errors = e.error_dict
def login(request): """Renders a login form and logs in a user if given the correct credentials. """ session = DBSession() username = u'' log = logging.getLogger('nuorisovaalitadmin') if 'form.submitted' in request.POST: username = request.POST['username'] if request.session.get_csrf_token() != request.POST.get('csrf_token'): log.warn('CSRF attempt at {0}.'.format(request.url)) raise Forbidden(u'CSRF attempt detected.') else: user = session.query(User).filter_by(username=username).first() password = request.POST['password'] if user is not None and user.check_password(password): headers = remember(request, user.username) request.session.flash(u'Olet kirjautunut sisään.') log.info('Successful login for "{0}".'.format(user.username)) return HTTPFound(location=request.application_url, headers=headers) log.warn('Failed login attempt for {0}'.format(request.POST.get('username').encode('utf-8'))) request.session.flash(u'Kirjautuminen epäonnistui') request.add_response_callback(disable_caching) return { 'title': u'Kirjaudu sisään', 'action_url': route_url('login', request), 'username': username, 'reset_url': route_url('reset_password', request), 'csrf_token': request.session.get_csrf_token(), }
def record_first(project, request): if project.items: return HTTPFound( location=route_url("project:record", request, project_id=project.id, record_id=project.items[0].id) ) else: return HTTPFound(location=route_url("project:record:add", request, project_id=project.id))
def accessibility_view(self): category = self._secure_get_category(int(self.request.matchdict['id'])) if self.request.params.get('nojs','0') != '1': if not self.request.user.needs_accessibility: return HTTPFound(location=route_url('category', self.request)) id = self.request.user.current_test test = Tests.by(id).first() results = TestsResults.by({'tests_id':id}, sort='id asc').all() if 'form.submit' in self.request.params: for key, value in self.request.params.iteritems(): key_type, sep, rid = key.rpartition(".") if key_type == 'question': result = TestsResults.by(rid).first() passed = TestManager.check_answer_byid(result.question_sets_id, int(value)) result.correctly_answered = passed if not passed: result.wrong_attempts = test.max_wrong_answer_allowed result.attempted = True result.duration = self._accessibility_duration_calculator(self.request.params['st'], len(results), test.question_time_allowed) final = self._test_calculator(test,results,result) transaction.commit() return HTTPFound(location=route_url('score', self.request, id=id)) else: self.response['time_started'] = int(time.time()) self.response['test'] = test self.response['results'] = [] for result in results: self.response['results'].append({'question_set': result, 'answer': result.get_answers()}) return self.template('playing-accessibility.pt')
def upload_file(request): # ``filename`` contains the name of the file in string format. # # WARNING: this example does not deal with the fact that IE sends an # absolute file *path* as the filename. This example is naive; it # trusts user input. provider = request.POST['media-site'] #provider = request.matchdict.get('provider', 'youtube') service = get_service(request, provider) if service is None: return HTTPFound(route_url('login', request, provider=provider)) log.debug('Uploading file: provider=%s' % provider) # we have to ASCII-encode the string. if we use the utf-8 encoding the # flickrapi library crashes at file upload. filename = request.POST['filepath'].filename.encode('ascii') log.debug('filename: ' + filename); # 'filepath' contains the actual file data which needs to be # stored somewhere. input_file = request.POST['filepath'].file out_filepath = get_file_from_user(filename, input_file) log.debug('Output filepath: %s' % out_filepath) # get media metadata. pub_metadata = service.create_pub_metadata(request) # upload the media file to the selected media sites. service.publish(out_filepath, pub_metadata) log.debug('Uploading succeeded.') return HTTPFound(route_url('list_media', request, provider=provider))
def save_new_user(request): login = request.POST['login'] email = request.POST['email'] if len(login) == 0 or len(email) == 0: return Response('Bad input', content_type='text/plain', status_int=500) try: exists = DBSession.query(User).filter(or_(User.login == login, User.email == email)).count() if exists > 0: existing_user = DBSession.query(User).filter(User.login == login).first() return HTTPFound(location=route_url('show_user', request, id=existing_user.id)) user = User(login, email) user.first_name = request.POST['first_name'] user.last_name = request.POST['last_name'] user.user_name = request.POST['user_name'] user.password = request.POST['password'] user.gender = request.POST['gender'] user.created_date = datetime.datetime.now() user.last_login_date = datetime.datetime.now() DBSession.add(user) DBSession.flush() return HTTPFound(location=route_url('show_user', request, id=user.id)) except DBAPIError: return Response(conn_err_msg, content_type='text/plain', status_int=500)
def admin_login(self, context, request): """ Logs the admin user in. """ login_url = route_url("admin-login", request) referrer = request.url if referrer == login_url: referrer = "/admin/" came_from = request.params.get("came_from", referrer) message = "" # See if the login form was submitted if "auth_key" in request.params: auth_key = request.params["auth_key"] if self.check_admin_auth_key(auth_key): headers = remember(request, "admin") return HTTPFound(location=came_from, headers=headers) message = "Incorrect password." # Credentials not submitted or incorrect, render login page filename = os.path.join(os.path.dirname(__file__), "admin", "login.html") lookup_path = os.path.join(os.path.dirname(__file__), "admin", "include") lookup = TemplateLookup(directories=[lookup_path]) template = Template(filename=filename, lookup=lookup) kwargs = { "message": message, "url": route_url("admin-login", request), "came_from": came_from, "user": "", "loggedin": False, } body = template.render(**kwargs) return Response(body=body)
def render(self): user = User.by_id(self.session, int(self.request.matchdict['user_id'])) if self.user.has_no_role: # can only see own requests if user.id != self.user.id: return HTTPFound(location=route_url('list_request', self.request)) if self.user.is_manager: # can only see own requests and managed user requests if ((user.id != self.user.id) and (user.manager_id != self.user.id)): return HTTPFound(location=route_url('list_request', self.request)) today = datetime.now() year = int(self.request.params.get('year', today.year)) start = datetime(2014, 5, 1) years = [item for item in reversed(range(start.year, today.year + 1))] pool_history = User.get_rtt_history(self.session, user, year) return {'user': user, 'year': year, 'years': years, 'pool_history': pool_history}
def activate(request): """ """ user_id = request.matchdict.get('user_id') user = AuthUser.get_by_id(user_id) submitted_hmac = request.matchdict.get('hmac') current_time = time.time() time_key = int(base64.b64decode(submitted_hmac[10:])) if current_time < time_key: hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \ apex_settings('auth_secret'), time_key), \ user.email).hexdigest()[0:10] if hmac_key == submitted_hmac[0:10]: user.active = 'Y' DBSession.merge(user) DBSession.flush() flash(_('Account activated. Please log in.')) activated_route = apex_settings('activated_route') if not activated_route: activated_route = 'apex_login' return HTTPFound(location=route_url(activated_route, request)) flash(_('Invalid request, please try again')) return HTTPFound(location=route_url(apex_settings('came_from_route'), \ request))
def edit_blog_post(request): session = DBSession() matchdict = request.matchdict post = session.query(Post).filter(Post.id == matchdict["post_id"]).one() if 'submitted' in request.params: fs = FieldSet(post, data=request.params) # TODO # Not sure why this is necessary...shouldn't I just be able to pass the session to FieldSet and have it sync? post.title = fs.title.value post.content = fs.content.value post.modified_time = time.time() session.add(post) return HTTPFound(location = route_url("view_blog_post", request, post_id = post.id)) if 'delete' in request.params: session.delete(post) return HTTPFound(location = route_url("edit_blog", request)) edit_blog_post_url = route_url("edit_blog_post", request, post_id = post.id) fs = FieldSet(post) fs.configure(options=[fs.content.textarea(size=(45, 10))], exclude = [fs["modified_time"], fs["created_time"], fs["user"]]) form = fs.render() return dict(form = form, title = post.title, edit_blog_post_url = edit_blog_post_url)
def final_bet(request): player = request.authenticated_userid final_tip = Final.get_player_tip(player) if final_tip: request.session.flash(u'You already entered a final tip.') return HTTPFound(location=route_url('view_final_tip', request, player=player)) final_tip = Final(player) form = Form(request, schema=FinalBetSchema, obj=final_tip) if 'form.submitted' in request.POST and form.validate(): # verify, that the tip was entered on time if FINAL_DEADLINE < datetime.now(): return HTTPFound(location=route_url('too_late', request)) final_tip.d_team1 = form.data['d_team1'] final_tip.d_team2 = form.data['d_team2'] final_tip.d_score1 = form.data['d_score1'] final_tip.d_score2 = form.data['d_score2'] DBSession.add(final_tip) return HTTPFound(location=route_url('view_final_tip', request, player=player)) teams = [(team.d_id,team.d_name) for team in Team.get_all()] return { 'tip': final_tip, 'form': FormRenderer(form), 'teams': teams, 'navigation': navigation_view(request) }
def record(project, request): form_controller = FormController(project.item_form) record_id = request.matchdict.get("record_id", None) if record_id is not None: record = project.get_item(record_id) else: record = None if record and not record.reviewed: record.reviewed = True if request.method == "POST": title = request.params.get("title", "").strip() submit = request.params.get("submit", "") if not title and submit.find("finish") >= 0: return HTTPFound(location=route_url("project:feedback_form", request, project_id=project.id)) elif not title: request.session.flash("%s Name or Title is required!" % project.item_name, "errors") elif title: form_controller = FormController(project.item_form) form_controller.validate_from_request(request) if form_controller.errors: request.session.flash("There was a problem with your submission", "errors") else: request.session.flash("%s saved!" % title, "messages") if record is None: record = ItemRecord(project, title) record.title = title form_controller.populate_record_from_request(record, request) session = DBSession() session.add(record) session.flush() if submit.find("add") >= 0: route = "project:record:add" elif submit.find("finish") >= 0: route = "project:feedback_form" else: route = "project:record" return HTTPFound(location=route_url(route, request, project_id=project.id, record_id=record.id)) return dict( project=project, menu=project_menu(project, request, "records"), form_widgets=form_controller.render_widgets(request, record), record=record, )
def front_page(request): return { 'title': _(u'Nuorisovaalit 2011 - Tunnistautuminen'), #'login_url': route_url('login', request), #'logout_url': route_url('logout', request), 'openid_endpoint': route_url('openid_endpoint', request), 'xrds_location': route_url('yadis_server', request), }
def resources(request): resources_url = route_url('resources', request, **request.matchdict) toc_url = route_url('toc', request, **request.matchdict) return { 'project': 'mobileyutzu', 'resources': resources_url, 'toc': toc_url, }
def signup(request): user = request.user if user and not user.is_temporary(): raise StandardError, "You may not signup while logged in" came_from = request.params.get('came_from', request.referer) login_url = route_url('auth:login', request) signup_url = route_url('auth:signup', request) home_url = route_url('home', request) if came_from in [login_url, signup_url, home_url]: came_from = route_url('project:list', request) name = request.params.get('name','') email = request.params.get('email','') password = request.params.get('password','') password_confirm = request.params.get('password_confirm','') if request.method == 'POST': if not (name and email and password and password_confirm): request.session.flash('Oops! Please complete all fields', 'signup_errors') elif get_user(email=email): request.session.flash('The e-mail address %s is already in use' % email, 'signup_errors') elif password != password_confirm: request.session.flash('Your passwords did not match', 'signup_errors') else: if user and user.is_temporary(): # user is logged in with a temporary account # update the account information to transfer the current # project user.set_name(name) user.set_email(email) user.set_password(password) location = came_from else: user = User(email, name, password) location = came_from session = DBSession() session.add(user) session.flush() headers = remember(request, user.id) return HTTPFound( location=location, headers=headers ) return dict( name=name, email=email, came_from=came_from )
def check(match): word = match.group(1) exists = session.query(Page).filter_by(name=word).all() if exists: view_url = route_url('view_page', request, pagename=word) return '<a href="%s">%s</a>' % (view_url, word) else: add_url = route_url('add_page', request, pagename=word) return '<a href="%s">%s</a>' % (add_url, word)
def project(project, request): if project.has_role(request.user, 'owner') or project.has_role(request.user, 'administrator'): return HTTPFound( location=route_url('project:records', request, project_id=project.id) ) else : return HTTPFound( location=route_url('project:feedback', request, project_id=project.id) )
def __init__(self, request): super(ForgotPasswordController, self).__init__(request) self.forgot_password_redirect_view = route_url( self.settings.get('horus.forgot_password_redirect', 'index'), request) self.reset_password_redirect_view = route_url( self.settings.get('horus.reset_password_redirect', 'index'), request)
def openid_response(request): """Processes the response of the OpenID provider and upon successful response authenticates the user. In order for a user to be authenticated the following criteria must be met: * the OpenID provider has responded with a positive assertation. * the verified OpenID identity must match an existing :py:attr:`nuorisovaalit.models.Voter.openid` record. In case the above criteria are not met the user is presented with an error page. :param request: The currently active request. :type request: :py:class:`pyramid.request.Request` """ log = logging.getLogger('nuorisovaalit') mode = request.params.get('openid.mode', None) if mode == 'id_res': # We received a positive authentication response. consumer = make_consumer(request) response = consumer.complete(request.params, request.url) if response.status == SUCCESS: identity = response.identity_url.rstrip('/') session = DBSession() user = session.query(Voter).filter(Voter.openid == identity).first() if user is None: log.warn('Failed to authenticate "{0}": unknown user.'.format(identity)) return openid_failure(request) log.info('Authenticated "{0}".'.format(identity)) if user.has_voted(): url = route_url('vote-finish', request) request.session['vote_registered'] = 'yes' log.info('User "{0}" has already voted.'.format(identity)) else: url = route_url('select', request) headers = remember(request, identity) return HTTPFound(location=url, headers=headers) else: log.warn('Failed to authenticate "{0}".'.format(response.identity_url)) return openid_failure(request) elif mode == 'cancel': # We received an explicit negative authentication response. log.info('OpenID authentication canceled.') return openid_canceled(request) else: log.warn('Unknown OpenID response mode: {0}.'.format(mode)) return openid_failure(request)
def test_read_view(self): user = self.user_add() self.profile_add(user) request = testing.DummyRequest() name = route_url('sa_read', request, table="user", id="1") response = self.testapp.get(name) self.failUnlessEqual(response.status, '200 OK') name = route_url('sa_read', request, table="profile", id="1") response = self.testapp.get(name) self.failUnlessEqual(response.status, '200 OK')
def home_view(request): if request.session.get('admin'): return HTTPFound(location=route_url('app', request)) password = request.POST.get('password', None) if password != ADMIN_PASSWORD: return {'page': 'home'} else: request.session['admin'] = True return HTTPFound(location=route_url('app', request)) return {'page': 'home'}
def add_page(request): name = request.matchdict['pagename'] if 'form.submitted' in request.params: session = DBSession() body = request.params['body'] page = Page(name, body) session.add(page) return HTTPFound( location=route_url('view_page', request, pagename=name)) save_url = route_url('add_page', request, pagename=name) page = Page('', '') return dict(page=page, save_url=save_url)
def apex_callback(request): """ apex_callback(request): no return value, called with route_url('apex_callback', request) This is the URL that Velruse returns an OpenID request to """ redir = request.GET.get('came_from', \ route_url(apex_settings('came_from_route'), request)) headers = [] if 'token' in request.POST: auth = apexid_from_token(request.POST['token']) if auth: user = AuthUser.get_by_login(auth['id']) if not user: auth_info = auth['profile']['accounts'][0] id = AuthID() DBSession.add(id) user = AuthUser( login=auth_info['userid'], provider=auth_info['domain'], ) if auth['profile'].has_key('verifiedEmail'): user.email = auth['profile']['verifiedEmail'] id.users.append(user) if apex_settings('default_user_group'): for name in apex_settings('default_user_group'). \ split(','): group = DBSession.query(AuthGroup). \ filter(AuthGroup.name==name.strip()).one() id.groups.append(group) if apex_settings('create_openid_after'): openid_after = get_module( apex_settings('create_openid_after')) openid_after().after_signup(user) DBSession.flush() if apex_settings('openid_required'): openid_required = False for required in apex_settings('openid_required').split(','): if not getattr(user, required): openid_required = True if openid_required: request.session['id'] = id.id request.session['userid'] = user.id return HTTPFound(location='%s?came_from=%s' % \ (route_url('apex_openid_required', request), \ request.GET.get('came_from', \ route_url(apex_settings('came_from_route'), request)))) headers = apex_remember(request, user) redir = request.GET.get('came_from', \ route_url(apex_settings('came_from_route'), request)) flash(_('Successfully Logged in, welcome!'), 'success') return HTTPFound(location=redir, headers=headers)
def view_subject_list(request): """ Show a list of all subjects for which there are notes available. """ session = DBSession() subjects = session.query(Subject).all() # Link back to home page homelink = route_url('home', request) # Pairs of (Subject Name, URL), used to construct subject links in template link_info = [] for s in subjects: # URLs generated by route_url relative to the last request url = route_url('subject_index', request, subjectcode=s.code) link_info.append((s.name, url)) return dict(link_info=link_info, homelink=homelink)
def edit_page(request): name = request.matchdict['pagename'] session = DBSession() page = session.query(Page).filter_by(name=name).one() if 'form.submitted' in request.params: page.data = request.params['body'] session.add(page) return HTTPFound( location=route_url('view_page', request, pagename=name)) return dict( page=page, save_url=route_url('edit_page', request, pagename=name), )
def check(match): """ Checks if a given page exists and returns a link to it. If the page does not exist it returns a link to add the page. """ word = match.group(1) exists = session.query(Page).filter_by(name=word).all() if exists: result = (route_url('viewPage', request, pagename=word), word) else: result = (route_url('addPage', request, pagename=word), word) return '<a href="%s">%s</a>' % result
def add_article(request): if 'form.submitted' in request.POST: with transaction.manager: article = Article(title=request.POST['title'], body=request.POST['body']) DBSession.add(article) return HTTPFound(location=route_url('article_list', request)) else: return render_to_response( 'templates/add_article.pt', {'back_url': route_url('article_list', request)}, request=request)
def render(self): if 'submit' in self.request.params: email = self.request.params.get('email', '') user = User.by_email(self.session, email) if user: passhash = uuid.uuid4().hex date_end = datetime.now() + relativedelta(seconds=86400) # create hash entry in database with a TTL of 1 day entry = PasswordRecovery(user_id=user.id, hash=passhash, date_end=date_end) self.session.add(entry) self.session.flush() # call celery send mail task directly from celery.registry import tasks from celery.task import subtask req_task = tasks['worker_mail'] settings = self.request.registry.settings sender = 'pyvac@localhost' if 'pyvac.password.sender.mail' in settings: sender = settings['pyvac.password.sender.mail'] data = { 'sender': sender, 'target': user.email, 'subject': 'Password Recovery', 'content': """Hello, we send you this mail because you requested a password reset, to proceed please click the link below: %s Reminder, your login is: %s """ % (route_url('change_password', self.request, passhash=passhash), user.login) } subtask(req_task).delay(data=data) msg = 'Mail sent to %s for password recovery.' % user.email self.request.session.flash('info;%s' % msg) return HTTPFound(location=route_url('login', self.request)) return {}
def __init__(self, request): super(AuthController, self).__init__(request) schema = request.registry.getUtility(ISULoginSchema) self.schema = schema().bind(request=self.request) form = request.registry.getUtility(ISULoginForm) self.login_redirect_view = route_url( self.settings.get('su.login_redirect', 'index'), request) self.logout_redirect_view = route_url( self.settings.get('su.logout_redirect', 'index'), request) self.form = form(self.schema)
def idea_vote(request): post_data = request.POST target = post_data.get('target') session = DBSession() idea = Idea.get_by_id(target) voter_username = authenticated_userid(request) voter = User.get_by_username(voter_username) if post_data.get('form.vote_hit'): idea.hits += 1 idea.author.hits += 1 voter.delivered_hits += 1 elif post_data.get('form.vote_miss'): idea.misses += 1 idea.author.misses += 1 voter.delivered_misses += 1 idea.voted_users.append(voter) session.flush() redirect_url = route_url('idea', request, idea_id=idea.idea_id) response = HTTPMovedPermanently(location=redirect_url) return response
def render(self): # synchronise user groups/roles User.sync_ldap_info(self.session) ldap = LdapCache() users_entity = {} for chapter, members in ldap.list_chapters().iteritems(): for member in members: users_entity.setdefault(member, []).append(chapter) # keep only managed users for managers # use all users for admin overviews = {} if self.user.is_admin or self.user.has_feature( 'chapter_overview_full'): # noqa for _, target_chapter in self.chapter_leaders.items(): chapter_stats = self.get_chapter_stats(target_chapter, users_entity) # noqa overviews.update({target_chapter: chapter_stats}) elif self.user.is_manager: # retrieve logged chapter leader target_chapter = self.chapter_leaders[self.user.login] chapter_stats = self.get_chapter_stats(target_chapter, users_entity) # noqa overviews = {target_chapter: chapter_stats} else: return HTTPFound(location=route_url('home', self.request)) return {'users_entity': users_entity, 'overviews': overviews}
def render(self): # keep only managed users for managers # use all users for admin overviews = {} extra_managers = [] # check if admin user is also a manager if User.managed_users(self.session, self.user): extra_managers = [self.user] if self.user.is_admin or self.user.has_feature('squad_overview_full'): for manager in extra_managers + User.by_role( self.session, 'manager'): # noqa # retrieve logged leader squad users_entity = User.managed_users(self.session, manager) target_manager = manager.login.replace('.', '_') manager_stats = self.get_manager_stats(users_entity) if not manager_stats: continue overviews.update({target_manager: manager_stats}) elif self.user.is_manager: # retrieve logged leader squad users_entity = User.managed_users(self.session, self.user) target_manager = self.user.login.replace('.', '_') manager_stats = self.get_manager_stats(users_entity) if manager_stats: overviews = {target_manager: manager_stats} else: return HTTPFound(location=route_url('home', self.request)) return {'users_entity': users_entity, 'overviews': overviews}
def author_delete(request): author = request.db.query(M.Author).get(request.matchdict.get('id')) if not author: raise HTTPNotFound request.db.delete(author) request.db.flush() return HTTPFound(location=route_url('author', request))
def render_page(self, section, redirpath, values=None): if self.endpath is None: return HTTPFound(location=route_url('subsections', self.request, action=section, endpath='/'.join(redirpath))) self.c.active_footer_nav = '-'.join( [self.request.matchdict.get('action')] + list(self.endpath)) for ext in ('.mako', '.rst'): tmpl_path = ('templates/pages/%s/%s%s' % (section, '/'.join(self.endpath), ext)) values = values or {} if pkg_resources.resource_exists('pylonshq', tmpl_path): if ext == '.mako': return render_to_response('pylonshq:%s' % tmpl_path, values, self.request) else: self.c.pagename = ' : '.join([ item.replace('-', ' ').title() for item in self.endpath ]) content = pkg_resources.resource_string( 'pylonshq', tmpl_path) body = publish_parts(content, writer_name='html')['html_body'] values = {'body': body} return render_to_response('pylonshq:templates/rst.mako', values, self.request) raise NotFound()
def login(request): """Handle login request""" login_url = route_url('login', request) referrer = request.url if referrer == login_url: # never use the login form itself as came_from referrer = '/' came_from = request.params.get('came_from', referrer) message = '' login = '' password = '' if 'form.submitted' in request.params: login = request.params['login'] password = request.params['password'] if USERS.get(login) == password: headers = remember(request, login) return HTTPFound(location=came_from, headers=headers) message = 'Failed login' return dict( message=message, url=request.application_url + '/login', came_from=came_from, login=login, password=password, )
def forbidden_view(request): # do not allow a user to login if they are already logged in if authenticated_userid(request): return Forbidden() loc = route_url('login', request, _query=(('next', request.path), )) return HTTPFound(location=loc)
def document_delete(request): document = request.db.query(M.Document).get(request.matchdict.get('id')) if not document: raise HTTPNotFound request.db.delete(document) request.db.flush() return HTTPFound(location=route_url('document', request))
def forbidden(request): """ forbidden(request) No return value Called when user hits a resource that requires a permission and the user doesn't have the required permission. Will prompt for login. request.environ['repoze.bfg.message'] contains our forbidden error in case of a csrf problem. Proper solution is probably an error page that can be customized. bfg.routes.route and repoze.bfg.message are scheduled to be deprecated, however, corresponding objects are not present in the request to be able to determine why the Forbidden exception was called. **THIS WILL BREAK EVENTUALLY** **THIS DID BREAK WITH Pyramid 1.2a3** """ if request.environ.has_key('bfg.routes.route'): flash(_('Not logged in, please log in'), 'error') return HTTPFound( location='%s?came_from=%s' % (route_url('apex_login', request), current_route_url(request))) else: return Response(request.environ.get('repoze.bfg.message', \ 'Unknown error message'))
def job_edit(request): id = request.matchdict['job'] session = DBSession() job = session.query(Job).get(id) licenses = session.query(License).all() if 'form.submitted' in request.params: job.title = request.params['title'] job.short_description = request.params['short_description'] job.description = request.params['description'] job.workflow = request.params['workflow'] josm_preset = request.params['josm_preset'] josm_preset = josm_preset.value.decode( 'UTF-8') if josm_preset != '' else '' job.josm_preset = josm_preset job.is_private = request.params.get('is_private') == 'on' job.imagery = request.params['imagery'] job.task_extra = request.params['task_extra'] if request.params['license_id'] != "": license_id = int(request.params['license_id']) license = session.query(License).get(license_id) job.license = license session.add(job) return HTTPFound(location=route_url('job', request, job=job.id)) return dict(job=job, licenses=licenses)
def route_url(self, route_name, *elements, **kw): """ Return the URL for the route named ``route_name``, using ``*elements`` and ``**kw`` as modifiers. This is a convenience method. The result of calling :meth:`pyramid.request.Request.route_url` is the same as calling :func:`pyramid.url.route_url` with an explicit ``request`` parameter. The :meth:`pyramid.request.Request.route_url` method calls the :func:`pyramid.url.route_url` function using the Request object as the ``request`` argument. The ``route_name``, ``*elements`` and ``*kw`` arguments passed to :meth:`pyramid.request.Request.route_url` are passed through to :func:`pyramid.url.route_url` unchanged and its result is returned. This call to :meth:`pyramid.request.Request.route_url`:: request.route_url('route_name') Is completely equivalent to calling :func:`pyramid.url.route_url` like this:: from pyramid.url import route_url route_url('route_name', request) """ return route_url(route_name, self, *elements, **kw)
def spend_view(request): if not request.session.get('admin'): return HTTPFound(location=route_url('home', request)) today = datetime.date.today() period_id = request.GET.get('period', None) if period_id: dbsession = DBSession() expenses = dbsession.query(Expense).\ filter(Expense.period_id==int(period_id)).\ filter(Expense.date==today).all() period = Period.get_by_id(period_id) expenses_sum = period.get_expenses(today) return {'expenses': expenses, 'expenses_sum': expenses_sum} return HTTPFound(location=route_url('app', request))
def author_update(request): author = request.db.query(M.Author).get(request.matchdict.get('id')) if not author: raise HTTPNotFound author.name = request.params.get('name') return HTTPFound( location=route_url('author_instance', request, id=author.id))
def user_add(request): form = Form(request, schema=RegistrationSchema) if 'form.submitted' in request.POST and form.validate(): session = DBSession() username = form.data['username'] user = User(username=username, password=form.data['password'], name=form.data['name'], email=form.data['email']) session.add(user) headers = remember(request, username) redirect_url = route_url('main', request) return HTTPFound(location=redirect_url, headers=headers) login_form = login_form_view(request) return { 'form': FormRenderer(form), 'toolbar': toolbar_view(request), 'cloud': cloud_view(request), 'latest': latest_view(request), 'login_form': login_form, }
def user_regmail(request, user_id, email, hmac): message_class = EmailMessageText() message_text = getattr(message_class, 'activate')() message_body = message_text['body'].replace( '%_url_%', route_url('email_activate', request, user_id=user_id, hmac=hmac)) send_email(request, email, message_text['subject'], message_body)
def forbidden_view(request): loc = route_url('login', request, _query=(('next', request.path),)) # tries to refresh the token refresh_token = request.session.get('refresh_token') if refresh_token: print 'refreshing token' payload = {} payload['refresh_token'] = refresh_token payload['client_id'] = request.registry.settings.get('alfresco.consumer_key') payload['client_secret'] = request.registry.settings.get('alfresco.consumer_secret') payload['grant_type'] = 'refresh_token' r = requests.post('https://api.alfresco.com/auth/oauth/versions/2/token', data=payload) if r.status_code != 200: headers = forget(request) request.session.invalidate() return HTTPFound(location=loc, headers=headers) else: request.session['access_token'] = r.json()['access_token'] request.session['refresh_token'] = r.json()['refresh_token'] return HTTPFound(location=request.path) elif authenticated_userid(request): headers = forget(request) return HTTPFound(location=loc, headers=headers) return HTTPFound(location=loc)
def pypi_simple_package(req): channel = req.matchdict.get('channel', 'default') index = req.matchdict.get('index', 'default') package = req.matchdict.get('package', None) if not package: return Response('{"status":"error","package not found"}', content_type='application/json', status_code=404) package = pypi_normalize_package_name(package) indexobj = fetch_index_from_names(channel, index) if not indexobj: return dict(lines=[]) lines = [] relics = DBSession.query(Relic).filter_by(index_id=indexobj.uid) matched = [] for relic in relics: rparts = split_pypi_name(relic.name) normname = pypi_normalize_package_name(rparts[0]) if package == normname: matched.append((relic.name, normname)) matched.sort(key=lambda x: x[1]) for relic in matched: packageurl = route_url('get_relic', req, channel=channel, index=index, relic_name=relic[0]) lines.append("<a href='{0}' rel='internal'>{1}</a><br/>".format( packageurl, relic[0])) return dict(lines=lines)