def api_token_issue_view(self):
if (
"user_id" not in self.request.session or
self.request.session["user_id"] == None or
self.request.session["user_id"] not in self.request.root.users or
self.request.root.users[self.request.session["user_id"]] == None
):
return {
"error": "No valid authenticated session present, cannot issue token."
}
else:
user = self.request.root.users[self.request.session["user_id"]]
coder = Coding()
token = jwt.encode({
'user_id': user.__name__,
'username': user.username,
'auth_date': str(int(round(time.time() * 1000.0))),
'unique_id': coder.generateUniqueCode()
},
self.request.registry._settings["api.session_secret"],
algorithm='HS512')
user.api_token = token
logging.info("API: Issued authentication token to %s" % user.username)
return {
"token": token
}
def __init__(self):
coding = Coding()
self.__name__ = coding.generateUniqueCode()
self.name = self.description = None
self.cost = 0
self.total_released = 0
self.allocated = PersistentList()
self.exclusive = False
self.unlimited = False
self.locked_down = False
def __init__(self):
coding = Coding()
self.__name__ = self.id_code = coding.generateUniqueCode()
self.owner = None
self.payment = None
self.issue_date = None
self.creation_date = datetime.now()
self.guest_info = None
self.change_enabled = False
self.tick_type = None
self.addons = PersistentMapping()
self.checked_in = False
self.checkin_data = None
self.notes = ""
def setup_two_view(self):
if (PROP.getProperty(self.request, PROP.SITE_SETUP) == True):
return HTTPFound(location=self.request.route_path("welcome"))
elif (PROP.getProperty(self.request, PROP.VERSION) == None):
return HTTPFound(location=self.request.route_path("setup_stageone"))
# Check if the password has already been changed, default is 'password'
admin_usr = self.request.root.users["admin"]
test_password = salt_password("password", admin_usr.password_salt)
if test_password != admin_usr.password:
self.request.session.flash("It looks like someone has already changed the default password on the account, if this wasn't you then contact support!", "info")
return HTTPFound(location=self.request.route_path("setup_stagethree"))
# Get password for admin user and double check
if "password_one" in self.request.POST and "password_two" in self.request.POST:
pwd_1 = self.request.POST["password_one"]
pwd_2 = self.request.POST["password_two"]
if len(pwd_1) < 5:
self.request.session.flash("The passwords entered are too short, they must be of 5 characters or longer.", "error")
return {}
elif pwd_1 != pwd_2:
self.request.session.flash("The passwords entered do not match.", "error")
return {}
# Set the administrator password
admin_usr.password_salt = Coding().generateUniqueCode()
admin_usr.password = salt_password(pwd_1, admin_usr.password_salt)
return HTTPFound(location=self.request.route_path("setup_stagethree"))
return {}
def add_group_view_do(self):
group = None
if "group_id" in self.request.matchdict and self.request.matchdict["group_id"] in self.request.root.groups:
group = self.request.root.groups[self.request.matchdict["group_id"]]
else:
group = Group()
group.__name__ = Coding().generateUniqueCode(withdash=False)
group.__parent__ = self.request.root
# If the group is protected, fetch certain values from its existing configuration
name = self.request.POST["name"] if group.can_delete else group.name
privilege = self.request.POST["privilege"] if group.can_delete else group.privileges[0]
access_code = self.request.POST["access_code"].replace(" ", "")
if len(name.replace(" ","")) < 2:
self.request.session.flash("The name entered is not valid, please try again.", "error")
return {"name": None, "privilege": privilege}
if privilege not in ["basic", "staff", "committee", "admin"]:
self.request.session.flash("The privilege chosen is not valid, please try again.", "error")
return {"name": name, "privilege": None}
if len(access_code) == 0:
access_code = None
else:
access_code = re.sub('[\W_]+', '', access_code)
# Update any values on the object
group.name = name
group.access_code = access_code
group.privileges = [privilege]
group._p_changed = True
# Notify success/failure
if "group_id" in self.request.matchdict and self.request.matchdict["group_id"] in self.request.root.groups:
self.request.session.flash("Group updated successfully!", "info")
else:
# As the group is new - attach it to the root object
self.request.root.groups[group.__name__] = group
self.request.session.flash("Group added successfully!", "info")
return HTTPFound(location=self.request.route_path("admin_accounts"))
def user_password_view(self):
if not "user_id" in self.request.matchdict and not self.request.matchdict["user_id"] in self.request.root.users:
self.request.session.flash("Requested user does not exist!", "error")
return HTTPFound(location=self.request.route_path("admin_accounts"))
user = self.request.root.users[self.request.matchdict["user_id"]]
# Check actually allowed to change password
if user.profile != None and user.profile.raven_user:
self.request.session.flash("This user is authenticated via Raven and therefore does not have a password stored in the system.", "error")
return HTTPFound(location=self.request.route_path("admin_accounts"))
# Act on data being passed from view
if "submit" in self.request.POST:
password_one = self.request.POST["password_one"]
password_two = self.request.POST["password_two"]
if password_one != password_two:
self.request.session.flash("You have not entered the same password twice, please try again.", "error")
return {
"user": user
}
elif len(password_one) < 6:
self.request.session.flash("For security reasons you must enter a password of 6 letters or more.", "error")
return {
"user": user
}
# Generate a new salt, salt the password and store it
user.password_salt = Coding().generateUniqueCode(withdash=False)
user.password = salt_password(password_one, user.password_salt)
self.request.session.flash("%s's password has been successfully changed." % user.username, "info")
return HTTPFound(location=self.request.route_path("admin_accounts"))
return {
"user": user,
}
def set_password_view(self):
# Check agreements
if not self.user.purchase_agreement:
return HTTPFound(location=self.request.route_path("purchase_agreement_act"))
elif not self.user.privacy_agreement:
return HTTPFound(location=self.request.route_path("privacy_policy_act"))
# Check this user is allowed to set/change a password
if self.user.profile == None:
self.request.session.flash("You are not able to change your password as you haven't yet set up your profile", "error")
return HTTPFound(location=self.request.route_path("user_profile"))
elif self.user.profile.raven_user:
self.request.session.flash("You are not able to set a password as you are authenticated via Raven. Please change your password with the Raven service.", "error")
return HTTPFound(location=self.request.route_path("user_profile"))
# Ok all good, deal with any posted data
if "submit" in self.request.POST:
password_one = self.request.POST["password_one"]
password_two = self.request.POST["password_two"]
if password_one != password_two:
self.request.session.flash("You have not entered the same password twice, please try again.", "error")
return {}
elif len(password_one) < 6:
self.request.session.flash("For security reasons you must enter a password of 6 letters or more.", "error")
return {}
# Generate a new salt, salt the password and store it
self.user.password_salt = Coding().generateUniqueCode(withdash=False)
self.user.password = salt_password(password_one, self.user.password_salt)
self.request.session.flash("Your password has been successfully changed.", "info")
return HTTPFound(location=self.request.route_path("user_profile"))
# Otherwise just pass to renderer
return {}
def __init__(self):
self.__name__ = self.ref_code = Coding().generateUniqueCode(
short=True, withdash=False)
self.owner = self.method = None
self.opened_date = datetime.now()
self.tickets = PersistentList()
self.notes = ""
self.history = PersistentList()
def __init__(self, name="", description="", cost=0, total_released=0):
self.__name__ = "TYPE-" + Coding().generateUniqueCode()
self.name = name
self.description = description
self.cost = cost
self.total_released = total_released
self.addons = PersistentMapping()
self.purchase_limit = 0
self.locked_down = False
def __init__(self):
self.name = "New Method"
self.short_name = "New Method"
self.description = ""
self.__name__ = Coding().generateUniqueCode(short=True, withdash=False)
self.settings = PersistentMapping()
self.enabled = False
self.public = True
self.deadlined = False
self.transaction_properties = PersistentMapping()
self.groups = PersistentList()
def __init__(self):
self.__name__ = Coding().generateUniqueCode(short=True, withdash=False)
self.method = None
self.method_properties = PersistentMapping()
self.method_change = False
self.amount_paid = 0
self.processing_charge = 0
self.received = False
self.cashed = False
self.completed = False
self.transfer = False
self.stage_owner = None
self.date = datetime.now()
def __init__(self,
key=Coding().generateUniqueCode(short=True, withdash=False),
name="New Property",
description="",
confidential=False,
percentage=False,
value="-",
parent=None,
monetary=False):
self.__name__ = key
self.name = name
self.description = description
self.confidential = confidential
self.percentage = percentage
self.monetary = monetary
self.long_value = False
self.value = value
self.__parent__ = parent
def signup_view(self):
if not self.public_signup_enabled:
self.request.session.flash(
"Public sign-ups are not currently enabled!", "error")
return HTTPFound(location=self.request.route_path('welcome'))
# If form data submitted
if "submit" in self.request.POST:
email = (self.request.POST["email"] if "email" in self.request.POST
and len(self.request.POST["email"]) > 0 else None)
username = (self.request.POST["username"]
if "username" in self.request.POST
and len(self.request.POST["username"]) > 0 else None)
pwd_one = (self.request.POST["password"]
if "password" in self.request.POST
and len(self.request.POST["password"]) > 0 else None)
pwd_two = (self.request.POST["confirm_password"]
if "confirm_password" in self.request.POST
and len(self.request.POST["confirm_password"]) > 0 else
None)
discount_code = (self.request.POST["discount_code"]
if "discount_code" in self.request.POST
and len(self.request.POST["discount_code"]) > 0
else None)
# Check if all fields filled
if email == None or username == None or pwd_one == None or pwd_two == None:
self.request.session.flash(
"One or more fields was not filled, please try again.",
"error")
return {
"email": email,
"username": username,
"discount_code": discount_code
}
# Now run additional checks
validator = Email()
if not validator(email):
self.request.session.flash(
"Please enter a valid email address.", "error")
return {
"email": email,
"username": username,
"discount_code": discount_code
}
# Username checks
username = username.lower()
if len(username) < 3 or " " in username:
self.request.session.flash(
"Please enter a valid username of more than 3 characters and containing no spaces.",
"error")
return {
"email": email,
"username": username,
"discount_code": discount_code
}
if username in self.request.root.users or (re.match(
r"^[a-zA-Z]+[0-9]+$", username) != None):
self.request.session.flash(
"A user already exists with the username you specified, please try again.",
"error")
return {
"email": email,
"username": username,
"discount_code": discount_code
}
# Password checks
if pwd_one != pwd_two:
self.request.session.flash(
"Your passwords do not appear to match, please try again.",
"error")
return {
"email": email,
"username": username,
"discount_code": discount_code
}
if len(pwd_one) < 5 or (re.match(r"(?=.{6,}).*", pwd_one) == None):
self.request.session.flash(
"Your password is too short or not complex enough, please enter a stronger password.",
"error")
return {
"email": email,
"username": username,
"discount_code": discount_code
}
# Passed all checks - create an account...
group = self.request.root.groups['ungrouped']
# - See if we can find a discount group
if discount_code != None:
found_discount = False
for group_key in self.request.root.groups:
test_group = self.request.root.groups[group_key]
if test_group.access_code != None and len(
test_group.access_code
) > 0 and test_group.access_code == discount_code:
group = test_group
found_discount = True
break
if not found_discount:
self.request.session.flash(
"The discount code entered is not valid, please check it and try again.",
"error")
return {
"email": email,
"username": username,
"discount_code": discount_code
}
# - Now setup user
user = User()
user.username = user.__name__ = username
user.password_salt = Coding().generateUniqueCode()
user.password = salt_password(pwd_one, user.password_salt)
user.profile = UserProfile()
user.profile.__parent__ = user
user.profile.raven_user = False
user.profile.email = email
user.__parent__ = group
group.members.append(user)
self.request.root.users[user.__name__] = user
# ...send an email telling them about their new account...
emailer = GenericEmail(self.request)
emailer.compose_and_send(
"Account Created",
"""Thank you for creating an account on our ticketing system, this email is just to remind you that your username is %s. No further action is required."""
% (user.username), user.__name__)
# ...and finally login
header = remember(self.request, user.__name__)
self.request.session["user_id"] = user.__name__
return HTTPFound(
location=self.request.route_path('user_profile_edit'),
headers=header)
return {"email": None, "username": None, "discount_code": None}
def __init__(self):
self.__name__ = "POOL-" + Coding().generateUniqueCode()
self.tick_type = None
self.tickets = PersistentList()
self.groups = PersistentList()
def user_add_view(self):
if "submit" in self.request.POST:
username = self.request.POST["username"].lower().replace(" ","")
password = self.request.POST["password"]
userprefix = self.request.POST["userprefix"].lower().replace(" ","")
numberusers = int(float(self.request.POST["numberusers"]))
startingpoint = int(float(self.request.POST["startingnumber"]))
group_key = self.request.POST["group"]
single = (self.request.POST["singleuser"] == "single")
# Check username not already in use
error = True
if single:
if username in self.request.root.users:
self.request.session.flash("A user with this username already exists.", "error")
elif group_key not in self.request.root.groups:
self.request.session.flash("The group selected is invalid, please try again.", "error")
elif len(password) < 6:
self.request.session.flash("The password you entered is too short, please enter a longer one.", "error")
elif len(username) < 3:
self.request.session.flash("Please enter a username longer than 2 letters.", "error")
else:
error = False
# Otherwise we're good, create user
group = self.request.root.groups[group_key]
user = User()
user.username = user.__name__ = username
user.password_salt = Coding().generateUniqueCode()
user.password = salt_password(password, user.password_salt)
user.__parent__ = group
group.members.append(user)
self.request.root.users[user.__name__] = user
self.request.session.flash("User %s has been added successfully!" % username, "info")
return HTTPFound(location=self.request.route_path("admin_accounts"))
else:
if len(userprefix) < 2:
self.request.session.flash("Please enter a prefix of 2 or more characters.", "error")
elif numberusers <= 1:
self.request.session.flash("Please enter a number of users greater than 1.", "error")
elif startingpoint < 0:
self.request.session.flash("Please enter a starting point number greater than or equal to 0.", "error")
elif group_key not in self.request.root.groups:
self.request.session.flash("The group selected is invalid, please try again.", "error")
else:
error = False
creds = {}
coding = Coding()
group = self.request.root.groups[group_key]
# Otherwise we're good, create lots of users and passwords
for i in range(numberusers):
password = coding.genRandomString(size=6).lower()
username = ("%s%i%s" % (userprefix, (i + startingpoint), coding.genRandomString(size=2))).lower()
creds[username] = password
# Create the user
newuser = User()
newuser.username = newuser.__name__ = username
newuser.password_salt = coding.generateUniqueCode()
newuser.password = salt_password(password, newuser.password_salt)
newuser.__parent__ = group
group.members.append(newuser)
self.request.root.users[newuser.__name__] = newuser
# Confirm a success
self.request.session.flash("Successfully added %i users to %s!" % (numberusers, group.name), "info")
# - Forward to showing the full list of users that were added
self.request.session["added_users"] = creds
return HTTPFound(location=self.request.route_path("admin_user_add_list"))
# Respond to a thrown error
if error:
return {
"groups": sorted(self.request.root.groups.values(), key=lambda x: x.name),
"username": username, "selgroup": group_key, "single": single,
"userprefix": userprefix, "numberusers": numberusers, "startingnumber": startingpoint,
}
return {
"groups": sorted(self.request.root.groups.values(), key=lambda x: x.name),
"username": None, "selgroup": None, "single": True,
"userprefix": None, "numberusers": 0, "startingnumber": 0,
}
def __init__(self):
self.__name__ = Coding().generateUniqueCode()
self.date = None
self.enacted_by = None
self.overriden = False
self.override_id = None
def db_setup_accounts(self, root):
# Groups & users
root.groups = PersistentMapping()
root.users = PersistentMapping()
# admin
admin = Group()
admin.__name__ = "admin"
admin.__parent__ = root
admin.can_delete = False
admin.name = "Administrators"
admin.privileges = ["admin"]
admin.can_delete = False
admin._p_changed = True
root.groups[admin.__name__] = admin
# committee
committee = Group()
committee.__name__ = "committee"
committee.__parent__ = root
committee.name = "Committee Members"
committee.privileges = ["committee"]
committee.can_delete = False
committee._p_changed = True
root.groups[committee.__name__] = committee
# Raven authentications
raven_grp = Group()
raven_grp.__name__ = "raven"
raven_grp.__parent__ = root
raven_grp.name = "Customers (Raven)"
raven_grp.privileges = ["basic"]
raven_grp.can_delete = False
raven_grp._p_changed = True
root.groups[raven_grp.__name__] = raven_grp
# Alumnus Raven authentications
alumni_raven_grp = Group()
alumni_raven_grp.__name__ = "raven_alumni"
alumni_raven_grp.__parent__ = root
alumni_raven_grp.name = "Customers (Alumni via Raven)"
alumni_raven_grp.privileges = ["basic"]
alumni_raven_grp.can_delete = False
alumni_raven_grp._p_changed = True
root.groups[alumni_raven_grp.__name__] = alumni_raven_grp
# Alumnus authentications
alumni_grp = Group()
alumni_grp.__name__ = "alumni"
alumni_grp.__parent__ = root
alumni_grp.name = "Customers (Alumni)"
alumni_grp.privileges = ["basic"]
alumni_grp.can_delete = False
alumni_grp._p_changed = True
root.groups[alumni_grp.__name__] = alumni_grp
# Ungrouped
ungrouped = Group()
ungrouped.__name__ = "ungrouped"
ungrouped.__parent__ = root
ungrouped.name = "Ungrouped"
ungrouped.privileges = ["basic"]
ungrouped.can_delete = False
ungrouped._p_changed = True
root.groups[ungrouped.__name__] = ungrouped
# Setup an admin user
admin_usr = User()
admin_usr.username = "******"
admin_usr.password_salt = Coding().generateUniqueCode()
admin_usr.password = salt_password("password", admin_usr.password_salt)
admin_usr.__name__ = admin_usr.username
admin_usr.__parent__ = admin
root.users[admin_usr.__name__] = admin_usr
admin.members.append(admin_usr)
admin.members._p_changed = True
admin_usr.privacy_agreement = True
admin_usr.purchase_agreement = True
admin_prof = UserProfile()
admin_usr.profile = admin_prof
admin_prof.__parent__ = admin_usr
admin_prof.title = "Admin"
admin_prof.forename = "Super"
admin_prof.surname = "Administrator"
admin_prof.email = "*****@*****.**"
admin_prof.dob = datetime(year=1990, month=1, day=1)
admin_prof.photo_file = "blank.png"
admin_prof.address = PostalAddress()
admin_prof.address.__parent__ = admin_prof
admin_prof.address.line_one = "Admin Address"
admin_prof.address.line_two = "Admin Address"
admin_prof.address.city = "Cambridge"
admin_prof.address.county = "Cambridgeshire"
admin_prof.address.country = "United Kingdom"
admin_prof.address.postal_code = "CB1 1AA"
admin_prof.phone_number = "01234 567890"
def __init__(self):
self.queue_entry_time = datetime.now()
self.__name__ = self.queue_id = self.last_checkin_time = Coding(
).generateUniqueCode()
def banktransfer_view(self):
# Detect a payment alteration
payment_id = None
payment = None
if "payment_id" in self.request.matchdict:
payment_id = self.request.matchdict["payment_id"]
# Check we can be here
methods = PROP.getProperty(self.request, PROP.PAYMENT_METHODS)
method = [x for x in methods if x.__name__ == "banktransfer" and x.enabled == True]
# - First check queue/active status
if payment_id == None and Queue(self.request).timed_out():
return HTTPFound(self.request.route_path("purchase_timeout"))
# - Now details
elif payment_id == None and not self.details_complete:
self.request.session.flash("You must complete all of your guest's details before continuing.", "error")
return HTTPFound(location=self.request.route_path("order_details"))
# - Check that the payment method is enabled?
elif len(method) <= 0:
self.request.session.flash("There was an error with the payment method you selected, please try again.", "error")
return HTTPFound(location=self.request.route_path("pay_for_tickets"))
# - Now run some checks that this person actually should be able to pay this
elif payment_id != None:
if not payment_id in self.request.root.payments:
self.request.session.flash("The requested payment does not exist.", "error")
return HTTPFound(location=self.request.route_path("user_profile"))
else:
payment = self.request.root.payments[payment_id]
if payment.owner != self.user:
self.request.session.flash("The requested payment could not be found on your account.", "error")
return HTTPFound(location=self.request.route_path("user_profile"))
elif payment.paid:
self.request.session.flash("The requested payment has already been completed, no need to alter the payment.", "error")
return HTTPFound(location=self.request.route_path("user_profile"))
# Get method, processing fee & other parameters
method = method[0]
process_fee = method.settings[PROP.PAYMENT_PROCESSING_FEE].value
org_name = method.get_value(PROP.ORGANISATION_NAME)
account_number = method.get_value(PROP.BANK_ACCOUNT)
sort_code = method.get_value(PROP.BANK_SORT_CODE)
if payment_id == None:
tickets = [x for x in self.user.tickets if x.payment == None]
if len(tickets) == 0:
return HTTPFound(location=self.request.route_path("buy_tickets"))
subtotal = 0
for tick in tickets:
subtotal += tick.total_cost
processing = process_fee
total = subtotal + processing
if "action" in self.request.GET and self.request.GET["action"] == "pay":
if "payment_id" in self.request.session:
ref_code = self.request.session["payment_id"]
payment = Issuer(self.request.root).constructPayment(
user_id=self.user.__name__,
paid=False,
ref_code=ref_code
)
stage = PaymentStage()
stage.__parent__ = payment
stage.method = "banktransfer"
stage.processing_charge = processing
stage.stage_owner = self.user.__name__
payment.history.append(stage)
return HTTPFound(location=self.request.route_path("pay_confirm"))
if not "payment_id" in self.request.session: # NEED TO CHECK FOR UNIQUENESS
self.request.session["payment_id"] = Coding().generateUniqueCode(short=True,withdash=False)
return {
"method": method,
"subtotal": self.format_price(subtotal),
"processing": self.format_price(processing),
"total": self.format_price(total),
"org_name": org_name,
"alteration": False,
"account_number": account_number,
"sort_code": sort_code,
"payment_id": self.request.session["payment_id"],
"payment": None,
"due_date": (datetime.now() + timedelta(days=self.payment_window)).strftime("%d/%m/%Y"),
}
else:
subtotal = payment.amount_remaining
processing = process_fee
total = subtotal + processing
if payment.current_method == "banktransfer":
subtotal = payment.current_stage.amount_remaining
processing = payment.current_stage.processing_charge
total = subtotal + processing
if "action" in self.request.GET and self.request.GET["action"] == "pay":
# Don't bother adding a payment stage if we are already paying this way!
if payment.current_method != "banktransfer":
# Add a new stage to the payment
new_stage = PaymentStage()
new_stage.__parent__ = payment
new_stage.method = "banktransfer"
new_stage.method_change = True
new_stage.processing_charge = processing
new_stage.stage_owner = self.user.__name__
payment.history.append(new_stage)
# Forward on to the correct place
return HTTPFound(location=self.request.route_path("alter_confirm", payment_id=payment_id))
return {
"method": method,
"subtotal": self.format_price(subtotal),
"processing": self.format_price(processing),
"total": self.format_price(total),
"org_name": org_name,
"alteration": True,
"account_number": account_number,
"sort_code": sort_code,
"payment_id": payment_id,
"payment": payment,
"due_date": (datetime.now() + timedelta(days=self.payment_window)).strftime("%d/%m/%Y"),
}
