def login():
username = ''
password = ''
next_url = ''
login_error = ''
next_url_default = internal_url_for('browse')
if request.method == 'POST':
try:
# Get parameters
username = request.form.get('username', '')
password = request.form.get('password', '')
next_url = request.form.get('next', '')
if not password:
login_error = 'You must enter your password'
if not username:
login_error = 'You must enter your username'
if not login_error:
# Log in
user = authenticate_user(username, password, data_engine, logger)
if user is not None:
if user.status == User.STATUS_ACTIVE:
# Success
log_in(user)
return redirect(next_url or next_url_default)
else:
login_error = 'Sorry, your account is disabled.'
else:
login_error = '''Sorry, your username and password were not recognised.
Please try again.'''
# Slow down scripted attacks
logger.warn('Incorrect login for username ' + username)
sleep(1)
except Exception as e:
if not log_security_error(e, request):
logger.error('Error performing login: '******'DEBUG']:
raise
login_error = 'Sorry, an error occurred. Please try again later.'
else:
# If already logged in, go to the default page
if logged_in():
next_url = request.args.get('next', '')
return redirect(next_url or next_url_default)
# Not logged in, or unsuccessful login
return render_template(
'login.html',
username=username,
next=next_url,
err_msg=login_error
)
def details():
# Get parameters
src = request.args.get('src', '')
reset = request.args.get('reset', None)
src_path = ''
try:
# Check parameters
if src == '':
raise ValueError('No filename was specified.')
if reset is not None:
reset = parse_boolean(reset)
file_disk_info = None
file_image_info = None
file_geo_info = None
db_img = None
db_history = None
db_image_stats = None
(src_path, src_filename) = os.path.split(src)
# Require view permission or file admin
permissions_engine.ensure_folder_permitted(
src_path,
FolderPermission.ACCESS_VIEW,
get_session_user()
)
# Get file info from disk
file_disk_info = get_file_info(src)
if file_disk_info:
# Get EXIF info
file_image_info = image_engine.get_image_properties(src, True)
# Get geo location if we have the relevant profile fields
file_geo_info = get_exif_geo_position(file_image_info)
# Reset image if requested, then remove the reset from the URL
if reset and file_disk_info:
image_engine.reset_image(ImageAttrs(src))
return redirect(internal_url_for('details', src=src))
# Get database info
db_session = data_engine.db_get_session()
db_commit = False
try:
db_img = auto_sync_file(src, data_engine, task_engine, _db_session=db_session)
if db_img:
# Trigger lazy load of history
db_history = db_img.history
# Get stats
stats_day = data_engine.summarise_image_stats(
datetime.utcnow() - timedelta(days=1),
datetime.utcnow(),
db_img.id,
_db_session=db_session
)
stats_month = data_engine.summarise_image_stats(
datetime.utcnow() - timedelta(days=30),
datetime.utcnow(),
db_img.id,
_db_session=db_session
)
stats_day = stats_day[0] if len(stats_day) > 0 else \
(0, 0, 0, 0, 0, 0, 0, 0)
stats_month = stats_month[0] if len(stats_month) > 0 else \
(0, 0, 0, 0, 0, 0, 0, 0)
db_image_stats = {
'day': {
'requests': stats_day[1],
'views': stats_day[2],
'cached_views': stats_day[3],
'downloads': stats_day[4],
'bytes': stats_day[5],
'seconds': stats_day[6],
'max_seconds': stats_day[7]
},
'month': {
'requests': stats_month[1],
'views': stats_month[2],
'cached_views': stats_month[3],
'downloads': stats_month[4],
'bytes': stats_month[5],
'seconds': stats_month[6],
'max_seconds': stats_month[7]
}
}
db_commit = True
finally:
try:
if db_commit:
db_session.commit()
else:
db_session.rollback()
finally:
db_session.close()
return render_template(
'details.html',
src=src,
path=src_path,
filename=src_filename,
file_info=file_disk_info,
image_info=file_image_info,
geo_info=file_geo_info,
db_info=db_img,
db_history=db_history,
db_stats=db_image_stats,
STATUS_ACTIVE=Image.STATUS_ACTIVE,
ACTION_DELETED=ImageHistory.ACTION_DELETED,
ACTION_CREATED=ImageHistory.ACTION_CREATED,
ACTION_REPLACED=ImageHistory.ACTION_REPLACED,
ACTION_EDITED=ImageHistory.ACTION_EDITED,
ACTION_MOVED=ImageHistory.ACTION_MOVED,
pathsep=os.path.sep,
timezone=get_timezone_code()
)
except Exception as e:
log_security_error(e, request)
if app.config['DEBUG']:
raise
return render_template(
'details.html',
src=src,
path=src_path,
err_msg='This file cannot be viewed: ' + str(e)
)
def logout():
log_out()
return redirect(internal_url_for('login'))