def __logout(self):
""" Do logout """
if constants.PERSISTENT_LOGIN_NAME in self.request.cookies:
token_cookie = self.request.cookies[constants.PERSISTENT_LOGIN_NAME]
token = LoginToken.get_token_data(token_cookie)
if token is not None:
token.delete()
self.response.delete_cookie(constants.PERSISTENT_LOGIN_NAME, '/')
if self.user_email is not None and self.user_email != '':
user = User.getUser(self.user_email.lower())
if user is not None:
user.logout()
self.ok('/')
def _display_list(self, list_id):
""" Displays the list with the given id
if it belongs to the current user """
try:
current_user = User.getUser(self.user_email)
current_list = ShoppingList.get_by_id(int(list_id), current_user)
if current_list is None:
raise ValueError
self._api_display_list_(current_list)
except (TypeError, ValueError, ProtocolBufferEncodeError) as exc:
logging.error(str(exc))
error_message = self.gettext("There's not such list, sorry.")
self.set_error(constants.STATUS_BAD_REQUEST,
message=error_message, url="/")
def _list_lists(self, api):
""" Lists all shopping lists of current user """
current_user = User.getUser(self.user_email)
query = ShoppingList.all()
query.ancestor(current_user)
if api is not None:
all_lists = query.run()
self._api_list_lists_(all_lists)
else:
template = self.jinja2_env.get_template('ang-base.html')
template_values = {
'user_email': self.user_email
}
self.response.out.write(template.render(template_values))
def put(self, api, list_id):
""" PUT method is used to change item rankings """
try:
current_user = User.getUser(self.user_email)
current_list = ShoppingList.get_by_id(int(list_id), current_user)
items_json = self.request.get('items')
self.response.out.write('Items json: ' + str(items_json)+ '\n')
items_check = json.loads(items_json)
current_list.items = items_json
current_list.put()
self.response.out.write('Ran with success')
except (BadValueError, AttributeError) as exc:
logging.error('Exception: ' + str(exc))
error_message = self.gettext('Error while storing new order.')
self.set_error(constants.STATUS_BAD_REQUEST,
message=error_message,
url="/")
def authenticate_and_call(handler, *args, **kwargs):
""" The decorator itself """
session = get_current_session()
sessionid = session.get(constants.SESSION_ID)
import logging
logging.info('SessionID: ' + str(sessionid))
session_data = SessionData.get_session(sessionid)
if not session_data or not session_data.is_valid():
# if persistent id is given:
cookies = handler.request.cookies
if constants.PERSISTENT_LOGIN_NAME in cookies:
token_data = cookies[constants.PERSISTENT_LOGIN_NAME]
token = LoginToken.get_token_data(token_data)
# if persistent id is correct (email matches id following it):
# peform login
if token is not None:
token.delete()
token.tokenid = LoginToken.generate_id()
token.put()
cookie_value = token.get_cookie_value()
days = constants.PERSISTENT_LOGIN_LIFETIME_DAYS
expiration = datetime.utcnow() + timedelta(days=days)
handler.response.set_cookie(constants.PERSISTENT_LOGIN_NAME,
cookie_value,
expires=expiration,
path="/",
httponly=False,
secure=True)
user = User.getUser(token.user)
user.login(handler.request.remote_addr)
success(handler)
logging.info('User logging in (with persistent token): ' +
str(user.email))
else:
LoginToken.delete_user_tokens(token_data)
error(handler)
logging.info('Someone tried to authenticate with \
invalid token - email pair.')
return
else:
error(handler)
return
else:
success(handler)
logging.info('User logging in: ' + str(handler.user_email))
return func(handler, *args, **kwargs)
def delete(self, api=None, list_id=None, item_id=None):
""" DELETE request handler """
if api is not None:
try:
current_user = User.getUser(self.user_email)
current_list = ShoppingList.get_by_id(int(list_id),
current_user)
current_list.delete_item(item_id)
except (TypeError,
ValueError,
BadKeyError,
BadValueError,
ProtocolBufferEncodeError) as exc:
logging.error('Exception: ' + str(exc))
error_message = self.gettext("There's no such item, sorry.")
self.set_error(constants.STATUS_BAD_REQUEST,
message=error_message,
url="/")
def __send_verification(self, email):
""" Send verification email to recipient """
user = User.getUser(email.lower())
if user is None or user.verified:
self.set_error(constants.STATUS_BAD_REQUEST, message=None, url="/")
return
user.verificationCode = b64encode(CryptoUtil.get_verify_code(), "*$")
template_values = {
'user_email': self.user_email,
'code': user.verificationCode,
'url': constants.VERIFICATION_URL
}
template = self.jinja2_env.get_template('verificationemail.jinja')
message = mail.EmailMessage()
message.sender = constants.SENDER_ADDRESS
message.to = user.email
message.subject = 'Please verify your address'
message.body = template.render(template_values)
message.send()
user.put()
def post(self, api=None, list_id=None):
""" POST request handler """
current_user = User.getUser(self.user_email)
if api is not None:
try:
if list_id is None:
list_name = self.request.get('name', None)
new_list = ShoppingList.create_list(current_user, list_name)
self._api_display_list_(new_list)
except (ValueError) as exc:
self.set_error(constants.STATUS_BAD_REQUEST)
if list_id is not None:
# Add item to list
try:
current_list = ShoppingList.get_by_id(int(list_id),
current_user)
if current_list is None:
raise ValueError
item = current_list.add_item(self.request.get('description', None),
self.request.get('key', None),
int(self.request.get('quantity', 1)))
self.response.out.write(json.dumps(item.to_dict()))
self.response.headers['Content-Type'] = 'application/json'
self.ok('/Lists/'+str(list_id))
except (TypeError,
ValueError,
BadKeyError,
BadValueError,
ProtocolBufferEncodeError) as exc:
logging.error('Exception: ' + str(exc))
error_message = self.gettext("There's not such list, sorry.")
self.set_error(constants.STATUS_BAD_REQUEST,
message=error_message,
url="/")
def __login(self):
""" Validate incoming parameters and log in user if all is ok """
# Validate email and get user from db
email = self.request.get(constants.VAR_NAME_EMAIL)
logging.info('User logging in: ' + str(email))
if not User.isEmailValid(email) or not User.isAlreadyRegistered(email):
logging.error('Email mismatched or not registered')
self.set_error(constants.STATUS_BAD_REQUEST,
self.gettext('LOGIN_ERROR'), url=self.request.url)
return
user = User.getUser(email.lower())
# Calculate password hash
password = self.request.get(constants.VAR_NAME_PASSWORD)
if not User.isPasswordValid(password):
logging.error('Invalid password')
self.set_error(constants.STATUS_BAD_REQUEST,
self.gettext('LOGIN_ERROR'), url=self.request.url)
return
key = CryptoUtil.getKey(password, user.salt)
# Validate password
if not user.password == key:
logging.error('Incorrect password for email')
self.set_error(constants.STATUS_BAD_REQUEST,
self.gettext('LOGIN_ERROR'), url=self.request.url)
return
# Check remember me
remember_string = self.request.get('remember').lower()
remember = remember_string != '' and remember_string != 'false'
if remember:
token_id = LoginToken.generate_id()
token = LoginToken()
token.tokenid = token_id
token.ip = self.request.remote_addr
token.user = email
token.put()
cookie_value = token.get_cookie_value()
delta = timedelta(days=constants.PERSISTENT_LOGIN_LIFETIME_DAYS)
self.response.set_cookie(constants.PERSISTENT_LOGIN_NAME,
cookie_value,
expires=datetime.utcnow() + delta,
path="/", httponly=True, secure=True)
# Log in user
if user.verified:
user.login(self.request.remote_addr)
session = get_current_session()
url = session.pop(constants.VAR_NAME_REDIRECT)
if url is None:
url = "/"
self.ok(url)
else:
logging.error('User unverified')
self.set_error(constants.STATUS_FORBIDDEN,
self.gettext('UNVERIFIED_PRE') +
' <a href=\"/User/Verify">' +
self.gettext('UNVERIFIED_HERE') +
'</a> ' +
self.gettext('UNVERIFIED_POST'),
url=self.request.url)
return
