def new_comment(photo_id):
photo = Photo.query.get_or_404(photo_id)
page = request.args.get('page', 1, type=int)
form = CommentForm()
if form.validate_on_submit():
body = form.body.data
author = current_user._get_current_object()
comment = Comment(body=body, author=author, photo=photo)
replied_id = request.args.get('reply')
if replied_id:
comment.replied = Comment.query.get_or_404(replied_id)
push_comment_notification(photo_id=photo.id,
receiver=comment.replied.author)
db.session.add(comment)
db.session.commit()
flash('Comment published.', 'success')
if current_user != photo.author:
push_comment_notification(photo_id,
receiver=photo.author,
page=page)
flash_error(form)
return redirect(url_for('.show_photo', photo_id=photo_id, page=page))
def upload_avatar():
form = UploadAvatarForm()
if form.validate_on_submit():
image = form.image.data
filename = avatars.save_avatar(image)
current_user.avatar_raw = filename
db.session.commit()
flash('Image uploaded, please corp.', 'success')
flash_error(form)
return redirect(url_for('.change_avatar'))
def edit_description(photo_id):
photo = Photo.query.get_or_404(photo_id)
if current_user != photo.author:
abort(403)
form = DescriptionForm()
if form.validate_on_submit():
photo.description = form.description.data
db.session.commit()
flash('Description updated.', 'success')
flash_error(form)
return redirect(url_for('.show_photo', photo_id=photo_id))
def crop_avatar():
form = CropAvatarForm()
if form.validate_on_submit():
x = form.x.data
y = form.y.data
w = form.w.data
h = form.h.data
filenames = avatars.crop_avatar(current_user.avatar_raw, x, y, w, h)
current_user.avatar_s = filenames[0]
current_user.avatar_m = filenames[1]
current_user.avatar_l = filenames[2]
db.session.commit()
flash('Avatar updated.', 'success')
flash_error(form)
return redirect(url_for('.change_avatar'))
def render_login_local():
""" Render the login page with username/pass
@see #index()
@see #render_login_shib()
"""
if current_user.is_authenticated():
return redirect(get_role_landing_page())
uuid = session['uuid']
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
email = form.email.data.strip(
) if form.email.data else "*****@*****.**"
password = form.password.data.strip() if form.password.data else ""
app.logger.debug("{} password: {}".format(email, password))
app.logger.debug("Checking email: {}".format(email))
user = UserEntity.query.filter_by(email=email).first()
if user:
app.logger.debug("Found user object: {}".format(user))
else:
utils.flash_error("No such email: {}".format(email))
LogEntity.login(uuid, "No such email: {}".format(email))
return redirect(url_for('index'))
# if utils.is_valid_auth(app.config['SECRET_KEY'], auth.uathSalt,
# password, auth.uathPassword):
if '' == user.password_hash:
app.logger.info('Log login event for: {}'.format(user))
LogEntity.login(uuid, 'Successful login via email/password')
login_user(user, remember=False, force=False)
# Tell Flask-Principal that the identity has changed
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get_id()))
return redirect(get_role_landing_page())
else:
app.logger.info('Incorrect pass for: {}'.format(user))
LogEntity.login_error(uuid, 'Incorrect pass for: {}'.format(user))
# When sending a GET request render the login form
return render_template('index.html', form=form,
next_page=request.args.get('next'))
def render_login_local():
""" Render the login page with username/pass
@see #index()
@see #render_login_shib()
"""
if current_user.is_authenticated():
return redirect(get_role_landing_page())
uuid = session['uuid']
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
email = form.email.data.strip(
) if form.email.data else ""
password = form.password.data.strip() if form.password.data else ""
app.logger.debug("{} password: {}".format(email, password))
app.logger.debug("Checking email: {}".format(email))
user = UserEntity.query.filter_by(email=email).first()
if user:
app.logger.debug("Found user object: {}".format(user))
else:
utils.flash_error("No such email: {}".format(email))
LogEntity.login(uuid, "No such email: {}".format(email))
return redirect(url_for('index'))
# if utils.is_valid_auth(app.config['SECRET_KEY'], auth.uathSalt,
# password, auth.uathPassword):
if '' == user.password_hash:
app.logger.info('Log login event for: {}'.format(user))
LogEntity.login(uuid, 'Successful login via email/password')
login_user(user, remember=False, force=False)
# Tell Flask-Principal that the identity has changed
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get_id()))
return redirect(get_role_landing_page())
else:
app.logger.info('Incorrect pass for: {}'.format(user))
LogEntity.login_error(uuid, 'Incorrect pass for: {}'.format(user))
# When sending a GET request render the login form
return render_template('index.html', form=form,
next_page=request.args.get('next'))
def new_tag(photo_id):
photo = Photo.query.get_or_404(photo_id)
if current_user != photo.author:
abort(403)
form = TagForm()
if form.validate_on_submit():
for name in form.tag.data.split():
tag = Tag.query.filter_by(name=name).first()
if tag is None:
tag = Tag(name=name)
db.session.add(tag)
db.session.commit()
if tag not in photo.tags:
photo.tags.append(tag)
db.session.commit()
flash('Tag added.', 'success')
flash_error(form)
return redirect(url_for('.show_photo', photo_id=photo_id))
def shibb_return():
"""
Read the Shibboleth headers returned by the IdP after
the user entered the username/password.
If the `eduPersonPrincipalName` (aka Eppn) for the user matches the
usrEmail of an active user then let the user in,
otherwise let them see the login page.
@see #shibb_redirect()
"""
if current_user.is_authenticated():
# next_page = request.args.get('next') or get_role_landing_page()
return redirect(get_role_landing_page())
# fresh login...
uuid = session['uuid']
email = request.headers['Mail']
glid = request.headers['Glid'] # Gatorlink ID
app.logger.debug("Checking if email: {} is registered for glid: {}"
.format(email, glid))
user = UserEntity.query.filter_by(email=email).first()
if not user:
utils.flash_error("No such user: {}".format(email))
LogEntity.login_error(uuid,
"Shibboleth user is not registered for this app")
return redirect(url_for('index'))
if not user.is_active():
utils.flash_error("Inactive user: {}".format(email))
LogEntity.login_error(uuid, 'Inactive user tried to login')
return redirect(url_for('index'))
if user.is_expired():
utils.flash_error("User account for {} expired on {}"
.format(email, user.access_expires_at))
LogEntity.login_error(uuid, 'Expired user tried to login')
return redirect(url_for('index'))
# Log it
app.logger.info('Successful login via Shibboleth for: {}'.format(user))
LogEntity.login(uuid, 'Successful login via Shibboleth')
login_user(user, remember=False, force=False)
# Tell Flask-Principal that the identity has changed
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get_id()))
next_page = get_role_landing_page()
return redirect(next_page)
def shibb_return():
"""
Read the Shibboleth headers returned by the IdP after
the user entered the username/password.
If the `eduPersonPrincipalName` (aka Eppn) for the user matches the
usrEmail of an active user then let the user in,
otherwise let them see the login page.
@see #shibb_redirect()
"""
if current_user.is_authenticated():
# next_page = request.args.get('next') or get_role_landing_page()
return redirect(get_role_landing_page())
# fresh login...
uuid = session['uuid']
email = request.headers['Mail']
glid = request.headers['Glid'] # Gatorlink ID
app.logger.debug("Checking if email: {} is registered for glid: {}"
.format(email, glid))
user = UserEntity.query.filter_by(email=email).first()
if not user:
utils.flash_error("No such user: {}".format(email))
LogEntity.login_error(uuid,
"Shibboleth user is not registered for this app")
return redirect(url_for('index'))
if not user.is_active():
utils.flash_error("Inactive user: {}".format(email))
LogEntity.login_error(uuid, 'Inactive user tried to login')
return redirect(url_for('index'))
if user.is_expired():
utils.flash_error("User account for {} expired on {}"
.format(email, user.access_expires_at))
LogEntity.login_error(uuid, 'Expired user tried to login')
return redirect(url_for('index'))
# Log it
app.logger.info('Successful login via Shibboleth for: {}'.format(user))
LogEntity.login(uuid, 'Successful login via Shibboleth')
login_user(user, remember=False, force=False)
# Tell Flask-Principal that the identity has changed
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get_id()))
next_page = get_role_landing_page()
return redirect(next_page)
