def get(self):
user = users.get_current_user()
if not user:
self.redirect(
users.create_login_url('/modules/admin'), normalize=False)
return
if not self.can_view():
login_url = users.create_login_url('/modules/admin')
node_list = safe_dom.NodeList().append(
safe_dom.Element('p').add_text(
'The current user has insufficient rights ' +
'to access this page.'))
paragraph = safe_dom.Element('p').add_text('Go to the ')
paragraph.append(safe_dom.A(href=login_url).add_text('Login page'))
paragraph.add_text(
' to log in as an administrator, or go back to the ')
paragraph.append(safe_dom.A(href='/').add_text('Home page'))
paragraph.add_text('.')
node_list.append(paragraph)
self.response.write(node_list.sanitized)
return
super(WelcomeHandler, self).get()
def get(self):
user = users.get_current_user()
if not user:
self.redirect(
users.create_login_url('/modules/admin'), normalize=False)
return
if not self.can_view():
login_url = users.create_login_url('/modules/admin')
node_list = safe_dom.NodeList().append(
safe_dom.Element('p').add_text(
'The current user has insufficient rights ' +
'to access this page.'))
paragraph = safe_dom.Element('p').add_text('Go to the ')
paragraph.append(safe_dom.A(href=login_url).add_text('Login page'))
paragraph.add_text(
' to log in as an administrator, or go back to the ')
paragraph.append(safe_dom.A(href='/').add_text('Home page'))
paragraph.add_text('.')
node_list.append(paragraph)
self.response.write(node_list.sanitized)
self.response.set_status(403)
return
super(WelcomeHandler, self).get()
def test_create_login_url_no_dest_url(self):
self.runtime_config.enabled = True
gitkit.Runtime.set_current_runtime_config(self.runtime_config)
self.assertEquals(
'http://localhost:80/modules/gitkit/widget?mode=select',
users.create_login_url())
def personalize_page_and_get_user(self):
"""If the user exists, add personalized fields to the navbar."""
user = self.get_user()
PageInitializerService.get().initialize(self.template_value)
if hasattr(self, 'app_context'):
self.template_value['can_register'] = self.app_context.get_environ(
)['reg_form']['can_register']
if user:
email = user.email()
self.template_value['email_no_domain_name'] = (
email[:email.find('@')] if '@' in email else email)
self.template_value['email'] = email
self.template_value['logoutUrl'] = (
users.create_logout_url(self.request.uri))
self.template_value['transient_student'] = False
# configure page events
self.template_value['record_tag_events'] = (
CAN_PERSIST_TAG_EVENTS.value)
self.template_value['record_page_events'] = (
CAN_PERSIST_PAGE_EVENTS.value)
self.template_value['record_events'] = (
CAN_PERSIST_ACTIVITY_EVENTS.value)
self.template_value['event_xsrf_token'] = (
XsrfTokenManager.create_xsrf_token('event-post'))
else:
self.template_value['loginUrl'] = users.create_login_url(
self.request.uri)
self.template_value['transient_student'] = True
return None
return user
def post(self):
"""Handles POST requests."""
user = self.personalize_page_and_get_user()
if not user:
self.redirect(
users.create_login_url(self.request.uri), normalize=False)
return
if not self.assert_xsrf_token_or_fail(self.request, 'register-post'):
return
can_register = self.app_context.get_environ(
)['reg_form']['can_register']
if not can_register:
self.redirect('/course#registration_closed')
return
if 'name_from_profile' in self.request.POST.keys():
profile = StudentProfileDAO.get_profile_by_user_id(user.user_id())
name = profile.nick_name
else:
name = self.request.get('form01')
Student.add_new_student_for_current_user(
name, transforms.dumps(self.request.POST.items()), self,
labels=self.request.get('labels'))
# Render registration confirmation page
self.redirect('/course#registration_confirmation')
def personalize_page_and_get_enrolled(
self, supports_transient_student=False):
"""If the user is enrolled, add personalized fields to the navbar."""
user = self.personalize_page_and_get_user()
if user is None:
student = TRANSIENT_STUDENT
else:
student = Student.get_enrolled_student_by_user(user)
if not student:
self.template_value['transient_student'] = True
student = TRANSIENT_STUDENT
if student.is_transient:
if supports_transient_student and (
self.app_context.get_environ()['course']['browsable']):
return TRANSIENT_STUDENT
elif user is None:
self.redirect(
users.create_login_url(self.request.uri), normalize=False
)
return None
else:
self.redirect('/preview')
return None
# Patch Student models which (for legacy reasons) do not have a user_id
# attribute set.
if not student.user_id:
student.user_id = user.user_id()
student.put()
return student
def get(self):
email = self.request.get('email')
if email:
signature = self.request.get('s')
if signature != _get_signature(self, email):
self.error(401)
return
else:
# If no email and signature is provided, unsubscribe will prompt
# for login. NOTE: This is only intended to support access by users
# who are known to have already registered with Course Builder. In
# general subscription management should use the encoded email and
# signature as this places the minimum burden on the user when
# unsubscribing (ie no need for Google account, no need for login).
user = self.get_user()
if user is None:
self.redirect(users.create_login_url(self.request.uri))
return
email = user.email()
action = self.request.get('action')
if action == self.RESUBSCRIBE_ACTION:
set_subscribed(email, True)
template_file = 'resubscribe.html'
else:
set_subscribed(email, False)
template_file = 'unsubscribe.html'
self.template_value['resubscribe_url'] = get_resubscribe_url(
self, email)
self.template_value['navbar'] = {}
self.template_value['email'] = email
template = self.get_template(template_file, [TEMPLATES_DIR])
self.response.out.write(template.render(self.template_value))
def test_create_login_url_no_dest_url(self):
self.runtime_config.enabled = True
gitkit.Runtime.set_current_runtime_config(self.runtime_config)
self.assertEquals(
'http://localhost:80/modules/gitkit/widget?mode=select',
users.create_login_url())
def get(self):
email = self.request.get('email')
if email:
signature = self.request.get('s')
if signature != _get_signature(self, email):
self.error(401)
return
else:
# If no email and signature is provided, unsubscribe will prompt
# for login. NOTE: This is only intended to support access by users
# who are known to have already registered with Course Builder. In
# general subscription management should use the encoded email and
# signature as this places the minimum burden on the user when
# unsubscribing (ie no need for Google account, no need for login).
user = self.get_user()
if user is None:
self.redirect(users.create_login_url(self.request.uri))
return
email = user.email()
action = self.request.get('action')
if action == self.RESUBSCRIBE_ACTION:
set_subscribed(email, True)
template_file = 'resubscribe.html'
else:
set_subscribed(email, False)
template_file = 'unsubscribe.html'
self.template_value[
'resubscribe_url'] = get_resubscribe_url(self, email)
self.template_value['navbar'] = {}
self.template_value['email'] = email
template = self.get_template(template_file, [TEMPLATES_DIR])
self.response.out.write(template.render(self.template_value))
def personalize_page_and_get_user(self):
"""If the user exists, add personalized fields to the navbar."""
user = self.get_user()
PageInitializerService.get().initialize(self.template_value)
if hasattr(self, "app_context"):
self.template_value["can_register"] = self.app_context.get_environ()["reg_form"]["can_register"]
if user:
email = user.email()
self.template_value["email_no_domain_name"] = email[: email.find("@")] if "@" in email else email
self.template_value["email"] = email
self.template_value["logoutUrl"] = users.create_logout_url(self.request.uri)
self.template_value["transient_student"] = False
# configure page events
self.template_value["record_tag_events"] = CAN_PERSIST_TAG_EVENTS.value
self.template_value["record_page_events"] = CAN_PERSIST_PAGE_EVENTS.value
self.template_value["record_events"] = CAN_PERSIST_ACTIVITY_EVENTS.value
self.template_value["event_xsrf_token"] = XsrfTokenManager.create_xsrf_token("event-post")
else:
self.template_value["loginUrl"] = users.create_login_url(self.request.uri)
self.template_value["transient_student"] = True
return None
return user
def get(self):
"""Handles GET request."""
user = self.personalize_page_and_get_user()
if not user:
self.redirect(users.create_login_url(self.request.uri), normalize=False)
return
student = Student.get_enrolled_student_by_user(user)
if student:
self.redirect("/course")
return
can_register = self.app_context.get_environ()["reg_form"]["can_register"]
if not can_register:
self.redirect("/course#registration_closed")
return
# pre-fill nick name from the profile if available
self.template_value["current_name"] = ""
profile = StudentProfileDAO.get_profile_by_user_id(user.user_id())
if profile and profile.nick_name:
self.template_value["current_name"] = profile.nick_name
self.template_value["navbar"] = {}
self.template_value["transient_student"] = True
self.template_value["register_xsrf_token"] = XsrfTokenManager.create_xsrf_token("register-post")
alternate_content = []
for hook in self.PREVENT_REGISTRATION_HOOKS:
alternate_content.extend(hook(self.app_context, user.user_id()))
self.template_value["alternate_content"] = alternate_content
self.render("register.html")
def get(self):
"""Handles GET request."""
user = self.personalize_page_and_get_user()
if not user:
self.redirect(
users.create_login_url(self.request.uri), normalize=False)
return
student = Student.get_enrolled_student_by_email(user.email())
if student:
self.redirect('/course')
return
can_register = self.app_context.get_environ(
)['reg_form']['can_register']
if not can_register:
self.redirect('/course#registration_closed')
return
# pre-fill nick name from the profile if available
self.template_value['current_name'] = ''
profile = StudentProfileDAO.get_profile_by_user_id(user.user_id())
if profile and profile.nick_name:
self.template_value['current_name'] = profile.nick_name
self.template_value['navbar'] = {}
self.template_value['transient_student'] = True
self.template_value['register_xsrf_token'] = (
XsrfTokenManager.create_xsrf_token('register-post'))
self.render('register.html')
def test_create_login_url_with_dest_url(self):
self.runtime_config.enabled = True
gitkit.Runtime.set_current_runtime_config(self.runtime_config)
self.assertEquals(
('http://localhost:80/modules/gitkit/widget?'
'signInSuccessUrl=http%3A%2F%2Ffoo%3Fbar%3Db+az&mode=select'),
users.create_login_url(dest_url='http://foo?bar=b az'))
def test_create_login_url_falls_back_to_gae_if_not_enabled(self):
self.runtime_config.enabled = False
gitkit.Runtime.set_current_runtime_config(self.runtime_config)
gitkit.Runtime.set_current_token('token')
self.assertEquals(('https://www.google.com/accounts/Login?'
'continue=http%3A//localhost/'),
users.create_login_url())
def test_create_login_url_with_dest_url(self):
self.runtime_config.enabled = True
gitkit.Runtime.set_current_runtime_config(self.runtime_config)
self.assertEquals(
('http://localhost:80/modules/gitkit/widget?'
'signInSuccessUrl=http%3A%2F%2Ffoo%3Fbar%3Db+az&mode=select'),
users.create_login_url(dest_url='http://foo?bar=b az'))
def get(self):
user = users.get_current_user()
if not user:
self.redirect(users.create_login_url('/admin/welcome'),
normalize=False)
return
if not self.can_view():
return
super(WelcomeHandler, self).get()
def get(self):
user = users.get_current_user()
if not user:
self.redirect(
users.create_login_url('/admin/welcome'), normalize=False)
return
if not self.can_view():
return
super(WelcomeHandler, self).get()
def test_create_login_url_falls_back_to_gae_if_not_enabled(self):
self.runtime_config.enabled = False
gitkit.Runtime.set_current_runtime_config(self.runtime_config)
gitkit.Runtime.set_current_token('token')
self.assertEquals(
('https://www.google.com/accounts/Login?'
'continue=http%3A//localhost/'),
users.create_login_url())
def test_create_login_url_delegates_to_gae_users_service(self):
users_result = users.create_login_url(
dest_url=self.destination_url, _auth_domain='is_ignored',
federated_identity='federated_identity')
gae_users_result = gae_users.create_login_url(
dest_url=self.destination_url, _auth_domain='is_ignored',
federated_identity='federated_identity')
self.assert_service_results_equal_and_not_none(
users_result, gae_users_result)
def get(self):
action = self.request.get('action')
if action:
destination = '%s?action=%s' % (self.URL, action)
else:
destination = self.URL
user = users.get_current_user()
if not user:
self.redirect(users.create_login_url(destination), normalize=False)
return
if not can_view_admin_action(action):
if appengine_config.PRODUCTION_MODE:
self.error(403)
else:
self.redirect(
users.create_login_url(destination), normalize=False)
return
if action not in self._custom_get_actions:
config.Registry.get_overrides(force_update=True)
super(GlobalAdminHandler, self).get()
return
result = self._custom_get_actions[action].handler(self)
if result is None:
return
# The following code handles pages for actions that do not write out
# their responses.
template_values = {
'page_title': self.format_title(self.get_nav_title(action)),
}
if isinstance(result, dict):
template_values.update(result)
else:
template_values['main_content'] = result
self.render_page(template_values)
return
def get(self):
action = self.request.get('action')
if action:
destination = '%s?action=%s' % (self.URL, action)
else:
destination = self.URL
user = users.get_current_user()
if not user:
self.redirect(users.create_login_url(destination), normalize=False)
return
if not can_view_admin_action(action):
if appengine_config.PRODUCTION_MODE:
self.error(403)
else:
self.redirect(
users.create_login_url(destination), normalize=False)
return
if action not in self._custom_get_actions:
config.Registry.get_overrides(force_update=True)
super(GlobalAdminHandler, self).get()
return
result = self._custom_get_actions[action].handler(self)
if result is None:
return
# The following code handles pages for actions that do not write out
# their responses.
template_values = {
'page_title': self.format_title(self.get_nav_title(action)),
}
if isinstance(result, dict):
template_values.update(result)
else:
template_values['main_content'] = result
self.render_page(template_values)
return
def get(self):
action = self.request.get('action')
if action:
destination = '%s?action=%s' % (self.URL, action)
else:
destination = self.URL
user = users.get_current_user()
login_url = users.create_login_url(destination)
if not user:
self.redirect(login_url, normalize=False)
return
if not can_view_admin_action(action):
node_list = safe_dom.NodeList().append(
safe_dom.Element('p').add_text(
'The current user has insufficient rights ' +
'to access this page.'))
paragraph = safe_dom.Element('p').add_text('Go to the ')
paragraph.append(safe_dom.A(href=login_url).add_text('Login page'))
paragraph.add_text(
' to log in as an administrator, or go back to the ')
paragraph.append(safe_dom.A(href='/').add_text('Home page'))
paragraph.add_text('.')
node_list.append(paragraph)
self.response.write(node_list.sanitized)
self.response.set_status(403)
return
if action not in self._custom_get_actions:
config.Registry.get_overrides(force_update=True)
super(GlobalAdminHandler, self).get()
return
result = self._custom_get_actions[action].handler(self)
if result is None:
return
# The following code handles pages for actions that do not write out
# their responses.
template_values = {
'page_title': self.format_title(self.get_nav_title(action)),
}
if isinstance(result, dict):
template_values.update(result)
else:
template_values['main_content'] = result
self.render_page(template_values)
return
def test_create_login_url_delegates_to_gae_users_service(self):
users_result = users.create_login_url(
dest_url=self.destination_url,
_auth_domain='is_ignored',
federated_identity='federated_identity')
gae_users_result = gae_users.create_login_url(
dest_url=self.destination_url,
_auth_domain='is_ignored',
federated_identity='federated_identity')
self.assert_service_results_equal_and_not_none(users_result,
gae_users_result)
def get(self):
continue_url = str(self.request.get('continue'))
if not continue_url:
self.error(400, 'Missing required continue parameter')
return
if users.get_current_user():
self.redirect(continue_url)
else:
self.redirect(users.create_login_url('%s?%s' % (
_ENSURE_SESSION_URL,
urllib.urlencode({'continue': continue_url}))))
def get(self):
continue_url = str(self.request.get('continue'))
if not continue_url:
self.error(400, 'Missing required continue parameter')
return
if users.get_current_user():
self.redirect(continue_url)
else:
self.redirect(users.create_login_url('%s?%s' % (
_ENSURE_SESSION_URL,
urllib.urlencode({'continue': continue_url}))))
def initialize_page_and_get_user(self):
"""Add basic fields to template and return user."""
self.template_values['course_info'] = Courses.COURSE_TEMPLATE_DICT
self.template_values['course_info']['course'] = {
'locale': self.get_locale_for_user()}
user = users.get_current_user()
if not user:
self.template_values['loginUrl'] = users.create_login_url('/')
else:
self.template_values['email'] = user.email()
self.template_values['is_super_admin'] = Roles.is_super_admin()
self.template_values['logoutUrl'] = users.create_logout_url('/')
return user
def initialize_page_and_get_user(self):
"""Add basic fields to template and return user."""
self.template_values['course_info'] = Courses.COURSE_TEMPLATE_DICT
self.template_values['course_info']['course'] = {
'locale': self.get_locale_for_user()
}
user = users.get_current_user()
if not user:
self.template_values['loginUrl'] = users.create_login_url('/')
else:
self.template_values['email'] = user.email()
self.template_values['is_super_admin'] = Roles.is_super_admin()
self.template_values['logoutUrl'] = users.create_logout_url('/')
return user
def get(self):
tab = self.request.get('tab')
if tab:
destination = '%s?tab=%s' % (self.LINK_URL, tab)
else:
destination = self.LINK_URL
user = users.get_current_user()
if not user:
self.redirect(users.create_login_url(destination), normalize=False)
return
if not self.can_view(self.ACTION):
if appengine_config.PRODUCTION_MODE:
self.error(403)
else:
self.redirect(users.create_login_url(destination),
normalize=False)
return
# Force reload of properties. It's expensive, but admin deserves it!
config.Registry.get_overrides(force_update=True)
super(GlobalAdminHandler, self).get()
def get(self):
tab = self.request.get('tab')
if tab:
destination = '%s?tab=%s' % (self.LINK_URL, tab)
else:
destination = self.LINK_URL
user = users.get_current_user()
if not user:
self.redirect(users.create_login_url(destination), normalize=False)
return
if not self.can_view(self.ACTION):
if appengine_config.PRODUCTION_MODE:
self.error(403)
else:
self.redirect(
users.create_login_url(destination), normalize=False)
return
# Force reload of properties. It's expensive, but admin deserves it!
config.Registry.get_overrides(force_update=True)
super(GlobalAdminHandler, self).get()
def __init__(self, request, response): # pylint: disable=super-init-not-called
self.initialize(request, response)
# Check to see if the current user is admin
self.is_admin = users.is_current_user_admin()
# Store the original namespace, before setting the course specific one.
self.old_namespace = namespace_manager.get_namespace()
# Set the active namespace to the course domain namespace
try:
sites.set_path_info(self.request.path, self.request.server_name)
except AttributeError as e:
logging.error(e)
namespace = namespace_manager.get_namespace()
if namespace:
self.app_context = sites.get_course_for_current_request()
self.is_admin = roles.Roles.is_course_admin(self.app_context)
is_public = self.app_context.now_available
if self.is_admin is False and is_public is False:
# if course is private, and user has not logged in, redirect to login
# else if user is logged in and not admin, 404
if not users.get_current_user():
self.redirect(users.create_login_url(self.request.path))
else:
self.abort(404)
# Set the current user with their preferences
self.student = StudentSvc.get_current_student()
if self.student:
self.student.prefs = StudentSvc.get_current_user_preferences()
if self.current_user:
self._xsrf_token = xsrf.GenerateToken(_GetXsrfKey(),
self.current_user.email())
self.response.set_cookie('XSRF-TOKEN', self._xsrf_token, httponly=False)
else:
self._xsrf_token = None
self._RawWrite = self.response.out.write
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
# Set the active locale
self.locale_key = LocaleSvc.get_locale_key('en_GB')
def get(self):
email = self.request.get('email')
if email:
signature = self.request.get('s')
if signature != _get_signature(self, email):
self.error(401)
return
else:
# If no email and signature is provided, unsubscribe will prompt
# for login. NOTE: This is only intended to support access by users
# who are known to have already registered with Course Builder. In
# general subscription management should use the encoded email and
# signature as this places the minimum burden on the user when
# unsubscribing (ie no need for Google account, no need for login).
user = self.get_user()
if user is None:
self.redirect(users.create_login_url(self.request.uri))
return
email = user.email()
action = self.request.get('action')
if action == self.RESUBSCRIBE_ACTION:
set_subscribed(email, True)
template_file = 'resubscribe.html'
else:
set_subscribed(email, False)
template_file = 'unsubscribe.html'
self.template_value['resubscribe_url'] = get_resubscribe_url(
self, email)
self.template_value['navbar'] = {}
self.template_value['email'] = email
# Suppress use of Google Analytics on sub/unsub pages; URL may
# contain unencrypted user email. We want to prevent GA from
# indadvertently collecting personally identifiable information
# as part of its usual trawling through URL parameters.
self.template_value['suppress_analytics'] = 'True'
template = self.get_template(template_file, [TEMPLATES_DIR])
self.response.out.write(template.render(self.template_value))
def get(self):
email = self.request.get('email')
if email:
signature = self.request.get('s')
if signature != _get_signature(self, email):
self.error(401)
return
else:
# If no email and signature is provided, unsubscribe will prompt
# for login. NOTE: This is only intended to support access by users
# who are known to have already registered with Course Builder. In
# general subscription management should use the encoded email and
# signature as this places the minimum burden on the user when
# unsubscribing (ie no need for Google account, no need for login).
user = self.get_user()
if user is None:
self.redirect(users.create_login_url(self.request.uri))
return
email = user.email()
action = self.request.get('action')
if action == self.RESUBSCRIBE_ACTION:
set_subscribed(email, True)
template_file = 'resubscribe.html'
else:
set_subscribed(email, False)
template_file = 'unsubscribe.html'
self.template_value[
'resubscribe_url'] = get_resubscribe_url(self, email)
self.template_value['navbar'] = {}
self.template_value['email'] = email
# Suppress use of Google Analytics on sub/unsub pages; URL may
# contain unencrypted user email. We want to prevent GA from
# indadvertently collecting personally identifiable information
# as part of its usual trawling through URL parameters.
self.template_value['suppress_analytics'] = 'True'
template = self.get_template(template_file, [TEMPLATES_DIR])
self.response.out.write(template.render(self.template_value))
def personalize_page_and_get_enrolled(self, supports_transient_student=False):
"""If the user is enrolled, add personalized fields to the navbar."""
user = self.personalize_page_and_get_user()
if user is None:
student = TRANSIENT_STUDENT
else:
student = Student.get_enrolled_student_by_user(user)
if not student:
self.template_value["transient_student"] = True
student = TRANSIENT_STUDENT
if student.is_transient:
if supports_transient_student and (self.app_context.get_environ()["course"]["browsable"]):
return TRANSIENT_STUDENT
elif user is None:
self.redirect(users.create_login_url(self.request.uri), normalize=False)
return None
else:
self.redirect("/preview")
return None
return student
def get_login_url(self, return_url):
query = {fields.LAUNCH_PRESENTATION_RETURN_URL: return_url}
return users.create_login_url(
dest_url='%s?%s' % (_urljoin(self.get_base_url(), _REDIRECT_URL),
urllib.urlencode(query)))
def _get_absolute_sign_in_url(self):
return users.create_login_url(self.request.host_url + _FINISH_AUTH_URL)
def resolve_login_url(self, args, info):
return users.create_login_url(dest_url=args['dest_url'])
def resolve_login_url(self, args, info):
return users.create_login_url(dest_url=args['dest_url'])
def test_create_login_url_falls_back_to_gae_if_no_runtime_config(self):
self.assertEquals(('https://www.google.com/accounts/Login?'
'continue=http%3A//localhost/'),
users.create_login_url())
def _get_absolute_sign_in_url(self):
return users.create_login_url(
self.request.host_url + _FINISH_AUTH_URL)
def test_create_login_url_falls_back_to_gae_if_no_runtime_config(self):
self.assertEquals(
('https://www.google.com/accounts/Login?'
'continue=http%3A//localhost/'),
users.create_login_url())
