Ejemplo n.º 1
0
 def _generate_tagcloud(self):
     retval = {}
     for tag in db.query(Tag).all():
         count = db.query(QuoteToTag).filter_by(tag_id=tag.id).count()
         retval[tag.tag] = count or 1
         retval[tag.tag] = math.log(retval[tag.tag], math.e/2)
     return retval
Ejemplo n.º 2
0
 def _generate_tagcloud(self):
     retval = {}
     for tag in db.query(Tag).all():
         count = db.query(QuoteToTag).filter_by(tag_id=tag.id).count()
         retval[tag.tag] = count or 1
         retval[tag.tag] = math.log(retval[tag.tag], math.e / 2)
     return retval
Ejemplo n.º 3
0
 def report(self, quote_id):
     authorize()
     quote = db.query(Quote).filter(Quote.id == quote_id).first()
     if not quote:
         return {'msg': 'Invalid quote ID.',
                 'status': 'error'}
     if request.environ['REQUEST_METHOD'] == 'POST':
         if self._has_made_too_many_reports():
             # TODO: This should return a HTTP 429! But pylons.controllers.util.abort()
             #       doesn't seem to support it :/
             return {'msg': 'You are reporting quotes too fast. Slow down!',
                     'status': 'error'}
         if db.query(ReportedQuotes).filter_by(user_id=c.user.id).\
             filter_by(quote_id=quote.id).first():
             return {'msg': 'You already reported this quote in the past. Ignored.',
                     'status': 'error'}
         if not quote.status == QSTATUS['approved']:
             return {'msg': 'Quote is not approved, therefore cannot be reported.',
                     'status': 'error'}
         if db.query(ReportedQuotes).filter_by(user_id=c.user.id).\
             filter_by(quote_id=quote.id).first():
             return {'msg': 'You already reported this quote in the past. Ignored.',
                     'status': 'error'}
         c.user.reported_quotes.append(quote)
         quote.status = QSTATUS['reported']
         db.commit()
         
         return {'msg': 'Quote reported.',
                 'status': 'success'}
     else:
         abort(405)
Ejemplo n.º 4
0
    def reset_password(self):
        c.page = 'pw reset'
        c.key = request.params.get('key')
        c.redirect_url = url(controller='account', action='login')
        if request.environ['REQUEST_METHOD'] == 'GET':
            if not c.key:
                return render('/pw_reset/request.mako')
            else:
                reset_token = self._check_valid_pw_reset_key(c.key)
                if not reset_token:
                    h.add_message('Invalid reset token', 'error')
                    return render('/blank.mako')
                return render('/pw_reset/set.mako')
        elif request.environ['REQUEST_METHOD'] == 'POST':
            if not c.key:
                # create a password request key
                email = request.params['email']
                user = db.query(User).filter(User.email == email).first()
                if not user:
                    h.add_message('Invalid email address provided.', 'error')
                    return render('/pw_reset/request.mako')
                already_requested = db.query(PasswordResets).filter(PasswordResets.user_id == user.id).first()
                if already_requested:
                    if already_requested.created < now() - datetime.timedelta(hours=2):
                        db.delete(already_requested)
                    else:
                        h.add_message('A password reset has already been requested for this user.', 'error')
                        return render('/blank.mako')
                pw_reset_key = PasswordResets()
                pw_reset_key.user_id = user.id
                pw_reset_key.key = self._generate_pw_reset_key()
                db.add(pw_reset_key)
                db.commit()

                send_reset_password_email(user.email, pw_reset_key.key)
                h.add_message('Password reset email sent!', 'success')
                return render('/blank.mako')
            else:
                # reset the user's password to what they've submitted
                reset_token = self._check_valid_pw_reset_key(c.key)
                if not reset_token:
                    h.add_message('Invalid reset token', 'error')
                    return render('/blank.mako')
                password = request.params['password']
                password_confirm = request.params['password_confirm']
                valid_password = validate_password(password, password_confirm)
                if not valid_password['status']:
                    h.add_message(valid_password['msg'], 'error')
                    return render('/pw_reset/set.mako')
                user = db.query(User).filter(User.id == reset_token.user_id).first()
                hashed_pass = h.hash_password(password)
                user.password = hashed_pass
                db.delete(reset_token)
                db.commit()

                h.add_message('Password successfully set. You should now be able to login.', 'success')
                return render('/blank.mako')
Ejemplo n.º 5
0
    def tags(self, tag=None, page=1):
        c.page = 'tags'
        if tag is None:
            c.rainbow = False
            if 'rainbow' in request.params:
                c.rainbow = ['', 'label-success', 'label-warning', 
                             'label-important', 'label-info', 'label-inverse']

            c.tags = self._generate_tagcloud()
            return render('/tagcloud.mako')
        else:
            tag_obj = db.query(Tag).filter(Tag.tag == tag).first()
            quotes = db.query(Quote).filter(Quote.tags.contains(tag_obj)).filter(Quote.status == QSTATUS['approved']).all()
            c.paginator = self._create_paginator(quotes, page)
            c.tag_filter = tag
            return render('/browse.mako')
Ejemplo n.º 6
0
    def create(self):
        c.page = 'sign up'
        if request.environ['REQUEST_METHOD'] == 'GET':
            return render('/signup/form.mako')
        elif request.environ['REQUEST_METHOD'] == 'POST':
            username = request.params['username']
            password = request.params['password']
            password_confirm = request.params['password_confirm']
            email = request.params['email']

            validity = validate_signup(username, password, password_confirm,
                                       email)
            if not validity['status']:
                h.add_message(validity['msg'], 'error')
                return render('/signup/form.mako')
            try:
                create_user(username, password, email)
                authenticate(username, password)
                c.logged_in = True
                c.user = db.query(User).filter(
                    User.username == username).first()
                return render('/signup/success.mako')
            except NameError, e:
                h.add_message(e.__str__(), 'error')
                return render('/signup/form.mako')
Ejemplo n.º 7
0
 def _check_valid_pw_reset_key(self, key):
     reset_token = db.query(PasswordResets).filter(PasswordResets.key == key).first()
     if not reset_token:
         return None
     elif reset_token.created < now() - datetime.timedelta(hours=2):
         db.delete(reset_token)
         return None
     return reset_token
Ejemplo n.º 8
0
def create_or_get_tag(tagname):
    tag = db.query(Tag).filter(Tag.tag == tagname).first()
    if not tag:
        tag = Tag()
        tag.tag = tagname
        db.add(tag)
        db.commit()
    return tag
Ejemplo n.º 9
0
def authenticate(username, password):
    user = db.query(User).filter(User.username == username).first()
    if not user:
        return False
    if bcrypt.hashpw(password, config['PASSWORD_SALT']) == user.password:
        set_auth_cookie(user)
        return True
    return False
Ejemplo n.º 10
0
 def view_one(self, ref_id):
     quote = db.query(Quote).filter(Quote.id == ref_id).first()
     if not quote or quote.approved != 1:
         abort(404)
     else:
         c.quote = quote
         c.page = 'browse'
         return render(self._get_template_name())
Ejemplo n.º 11
0
 def unapproved(self, page=1):
     if not h.is_admin():
         h.add_message('You must be an admin to perform that action.', 'error')
         return render('/blank.mako')
     quotes = db.query(Quote).filter(Quote.approved == 0).order_by(Quote.submitted.desc()).all()
     c.paginator = self._create_paginator(quotes, page)
     c.page = 'unapproved'
     return render(self._get_template_name())
Ejemplo n.º 12
0
def create_or_get_tag(tagname):
    tag = db.query(Tag).filter(Tag.tag == tagname).first()
    if not tag:
        tag = Tag()
        tag.tag = tagname
        db.add(tag)
        db.commit()
    return tag
Ejemplo n.º 13
0
 def view_one(self, ref_id):
     quote = db.query(Quote).filter(Quote.id == ref_id).first()
     if not quote or quote.status != QSTATUS['approved']:
         abort(404)
     else:
         c.quote = quote
         c.page = 'browse'
         return render('/browse.mako')
Ejemplo n.º 14
0
 def disapproved(self, page=1):
     authorize()
     quotes = db.query(Quote).filter(
         Quote.status == QSTATUS['disapproved']).order_by(
             Quote.submitted.desc()).all()
     c.paginator = self._create_paginator(quotes, page)
     c.page = 'disapproved'
     return render('/browse.mako')
Ejemplo n.º 15
0
 def view_one(self, ref_id):
     quote = db.query(Quote).filter(Quote.id == ref_id).first()
     if not quote or quote.status != QSTATUS['approved']:
         abort(404)
     else:
         c.quote = quote
         c.page = 'browse'
         return render('/browse.mako')
Ejemplo n.º 16
0
 def reported(self, page=1):
     if not h.is_admin():
         h.add_message('You must be an admin to perform that action.', 'error')
         return render('/blank.mako')
     quotes = db.query(Quote).filter(Quote.status == QSTATUS['reported']).all()
     c.paginator = self._create_paginator(quotes, page)
     c.page = 'reported'
     return render('/browse.mako')
Ejemplo n.º 17
0
 def _check_valid_pw_reset_key(self, key):
     reset_token = db.query(PasswordResets).filter(
         PasswordResets.key == key).first()
     if not reset_token:
         return None
     elif reset_token.created < now() - datetime.timedelta(hours=2):
         db.delete(reset_token)
         return None
     return reset_token
Ejemplo n.º 18
0
 def search(self, keyword='', page=1):
     if request.environ['REQUEST_METHOD'] == 'POST':
         keyword = request.params.get('keyword', '')
         redirect(url(controller='browse', action='search', keyword=keyword))
     query = '%' + keyword + '%'
     quotes = db.query(Quote).filter(Quote.body.like(query)).order_by(Quote.submitted.desc()).all()
     c.paginator = self._create_paginator(quotes, page)
     c.page = 'search: %s' % keyword
     return render(self._get_template_name())
Ejemplo n.º 19
0
 def search(self, term='', page=1):
     if request.environ['REQUEST_METHOD'] == 'POST':
         term = request.params.get('term', '')
         redirect(url(controller='browse', action='search', term=term))
     query = '%' + term + '%'
     quotes = db.query(Quote).filter(Quote.body.like(query)).filter(Quote.status == QSTATUS['approved']).order_by(Quote.submitted.desc()).all()
     c.paginator = self._create_paginator(quotes, page)
     c.page = 'search: %s' % term
     return render('/browse.mako')
Ejemplo n.º 20
0
 def deleted(self, page=1):
     if not h.is_admin():
         h.add_message('You must be an admin to perform that action.',
                       'error')
         return render('/blank.mako')
     quotes = db.query(Quote).filter(
         Quote.status == QSTATUS['deleted']).all()
     c.paginator = self._create_paginator(quotes, page)
     c.page = 'deleted'
     return render('/browse.mako')
Ejemplo n.º 21
0
def authenticate(username, password):
    user = db.query(User).filter(User.username == username).first()
    if not user:
        return False
    elif bcrypt.hashpw(password, config['PASSWORD_SALT']) == user.password:
        set_auth_cookie(user)
        return True
    else:
        clear_cookies()
        return False
Ejemplo n.º 22
0
 def _generate_pw_reset_key(self):
     chars = string.ascii_letters + string.digits
     valid = False
     key = ''
     while not valid:
         key = ''.join(random.choice(chars) for _ in range(26))
         already_exists = db.query(PasswordResets).filter(PasswordResets.key == key).first()
         if not already_exists:
             valid = True
     return key
Ejemplo n.º 23
0
    def vote(self, direction, quote_id):
        authorize()
        quote = db.query(Quote).filter(Quote.id == quote_id).first()
        if request.environ['REQUEST_METHOD'] == 'PUT':
            if not quote:
                return {'msg': 'Invalid quote ID',
                        'status': 'error'}

            already_voted = ''
            for assoc in quote.voters:
                if assoc.user == c.user:
                    already_voted = True
                    # cancel the last vote:
                    if assoc.direction == 'up':
                        quote.rating -= 1
                    elif assoc.direction == 'down':
                        quote.rating += 1
                    db.delete(assoc)
            
            assoc = VoteToUser(direction=direction)
            assoc.user = c.user
            quote.voters.append(assoc)

            if direction == 'up':
                quote.rating += 1
            elif direction == 'down':
                quote.rating -= 1
            else:
                return {'msg': 'Invalid vote direction',
                        'status': 'error'}

            if not already_voted:
                quote.votes += 1
            db.commit()
            return {'status': 'success',
                    'msg': 'Vote cast!'}
        elif request.environ['REQUEST_METHOD'] == 'DELETE':
            for assoc in quote.voters:
                if assoc.user == c.user:
                    db.delete(assoc)
            if direction == 'up':
                quote.rating -= 1
            elif direction == 'down':
                quote.rating += 1
            else:
                return {'msg': 'Invalid vote direction',
                        'status': 'error'}
            
            quote.votes -= 1
            db.commit()
            return {'status': 'success',
                    'msg': 'Vote annulled!!'}

        else:
            abort(405)
Ejemplo n.º 24
0
 def _generate_pw_reset_key(self):
     chars = string.ascii_letters + string.digits
     valid = False
     key = ''
     while not valid:
         key = ''.join(random.choice(chars) for _ in range(26))
         already_exists = db.query(PasswordResets).filter(
             PasswordResets.key == key).first()
         if not already_exists:
             valid = True
     return key
Ejemplo n.º 25
0
    def tags(self, tag=None, page=1):
        c.page = 'tags'
        if tag is None:
            c.rainbow = False
            if 'rainbow' in request.params:
                c.rainbow = [
                    '', 'label-success', 'label-warning', 'label-important',
                    'label-info', 'label-inverse'
                ]

            c.tags = self._generate_tagcloud()
            return render('/tagcloud.mako')
        else:
            tag_obj = db.query(Tag).filter(Tag.tag == tag).first()
            quotes = db.query(Quote).filter(
                Quote.tags.contains(tag_obj)).filter(
                    Quote.status == QSTATUS['approved']).all()
            c.paginator = self._create_paginator(quotes, page)
            c.tag_filter = tag
            return render('/browse.mako')
Ejemplo n.º 26
0
 def search(self, term='', page=1):
     if request.environ['REQUEST_METHOD'] == 'POST':
         term = request.params.get('term', '')
         redirect(url(controller='browse', action='search', term=term))
     query = '%' + term + '%'
     quotes = db.query(Quote).filter(Quote.body.like(query)).filter(
         Quote.status == QSTATUS['approved']).order_by(
             Quote.submitted.desc()).all()
     c.paginator = self._create_paginator(quotes, page)
     c.page = 'search: %s' % term
     return render('/browse.mako')
Ejemplo n.º 27
0
 def _is_deleteable_or_disapprovable(self, quote_id):
     authorize()
     quote = db.query(Quote).filter(Quote.id == quote_id).first()
     if not quote:
         return {'msg': 'Invalid quote ID.',
                 'status': 'error'}
     if not h.quote_is_deleteable(quote):
         return {'msg': 'You do not have permission to delete this quote.',
                 'status': 'error'}
     c.user.deleted_quotes.append(quote)
     return {'status': 'success', 'quote': quote}
Ejemplo n.º 28
0
 def _is_deleteable_or_disapprovable(self, quote_id):
     authorize()
     quote = db.query(Quote).filter(Quote.id == quote_id).first()
     if not quote:
         return {'msg': 'Invalid quote ID.', 'status': 'error'}
     if not h.quote_is_deleteable(quote):
         return {
             'msg': 'You do not have permission to delete this quote.',
             'status': 'error'
         }
     c.user.deleted_quotes.append(quote)
     return {'status': 'success', 'quote': quote}
Ejemplo n.º 29
0
    def report(self, quote_id):
        authorize()
        quote = db.query(Quote).filter(Quote.id == quote_id).first()
        if not quote:
            return {'msg': 'Invalid quote ID.', 'status': 'error'}
        if request.environ['REQUEST_METHOD'] == 'POST':
            if self._has_made_too_many_reports():
                # TODO: This should return a HTTP 429! But pylons.controllers.util.abort()
                #       doesn't seem to support it :/
                return {
                    'msg': 'You are reporting quotes too fast. Slow down!',
                    'status': 'error'
                }
            if db.query(ReportedQuotes).filter_by(user_id=c.user.id).\
                filter_by(quote_id=quote.id).first():
                return {
                    'msg':
                    'You already reported this quote in the past. Ignored.',
                    'status': 'error'
                }
            if not quote.status == QSTATUS['approved']:
                return {
                    'msg':
                    'Quote is not approved, therefore cannot be reported.',
                    'status': 'error'
                }
            if db.query(ReportedQuotes).filter_by(user_id=c.user.id).\
                filter_by(quote_id=quote.id).first():
                return {
                    'msg':
                    'You already reported this quote in the past. Ignored.',
                    'status': 'error'
                }
            c.user.reported_quotes.append(quote)
            quote.status = QSTATUS['reported']
            db.commit()

            return {'msg': 'Quote reported.', 'status': 'success'}
        else:
            abort(405)
Ejemplo n.º 30
0
 def approve(self, quote_id):
     authorize()
     if not h.is_admin():
         abort(401)
     if request.environ['REQUEST_METHOD'] == 'POST':
         quote = db.query(Quote).filter(Quote.id == quote_id).first()
         if not quote:
             return {'msg': 'Invalid quote ID',
                     'status': 'error'}
         quote.approved = 1
         db.commit()
         return {'msg': 'Quote approved',
                 'status': 'success'}
Ejemplo n.º 31
0
 def approve(self, quote_id):
     authorize()
     if not h.is_admin():
         abort(401)
     if request.environ['REQUEST_METHOD'] == 'POST':
         quote = db.query(Quote).filter(Quote.id == quote_id).first()
         if not quote:
             return {'msg': 'Invalid quote ID.', 'status': 'error'}
         quote.status = QSTATUS['approved']
         db.commit()
         return {'msg': 'Quote approved.', 'status': 'success'}
     else:
         abort(405)
Ejemplo n.º 32
0
    def vote(self, quote_id, direction):
        authorize()
        quote = db.query(Quote).filter(Quote.id == quote_id).first()
        if request.environ['REQUEST_METHOD'] == 'POST':
            if not quote:
                return {'msg': 'Invalid quote ID.', 'status': 'error'}

            already_voted = ''
            for assoc in quote.voters:
                if assoc.user == c.user:
                    already_voted = True
                    # cancel the last vote:
                    if assoc.direction == 'up':
                        quote.rating -= 1
                    elif assoc.direction == 'down':
                        quote.rating += 1
                    db.delete(assoc)

            assoc = VoteToUser(direction=direction)
            assoc.user = c.user
            quote.voters.append(assoc)

            if direction == 'up':
                quote.rating += 1
            elif direction == 'down':
                quote.rating -= 1
            else:
                return {'msg': 'Invalid vote direction.', 'status': 'error'}

            if not already_voted:
                quote.votes += 1
            db.commit()
            return {'status': 'success', 'msg': 'Vote cast!'}
        elif request.environ['REQUEST_METHOD'] == 'DELETE':
            for assoc in quote.voters:
                if assoc.user == c.user:
                    db.delete(assoc)
            if direction == 'up':
                quote.rating -= 1
            elif direction == 'down':
                quote.rating += 1
            else:
                return {'msg': 'Invalid vote direction.', 'status': 'error'}

            quote.votes -= 1
            db.commit()
            return {'status': 'success', 'msg': 'Vote annulled!'}
        else:
            abort(405)
Ejemplo n.º 33
0
def create_user(username, password, email):
    conflicts = db.query(User).filter(
        or_(User.email == email, User.username == username)).first()
    if conflicts:
        if conflicts.email == email:
            raise NameError('Sorry! That email already exists in the system.')
        elif conflicts.username == username:
            raise NameError('Sorry! That username is already taken.')

    hashed_pass = h.hash_password(password)
    new_user = User()
    new_user.username = username
    new_user.password = hashed_pass
    new_user.email = email

    db.add(new_user)
    db.commit()
    return True
Ejemplo n.º 34
0
def create_user(username, password, email):
    conflicts = db.query(User).filter(or_(User.email == email,
                                          User.username == username)).first()
    if conflicts:
        if conflicts.email == email:
            raise NameError('Sorry! That email already exists in the system.')
        elif conflicts.username == username:
            raise NameError('Sorry! That username is already taken.')
    
    hashed_pass = h.hash_password(password)
    new_user = User()
    new_user.username = username
    new_user.password = hashed_pass
    new_user.email = email
    
    db.add(new_user)
    db.commit()
    return True
Ejemplo n.º 35
0
 def favourite(self, quote_id):
     authorize()
     quote = db.query(Quote).filter(Quote.id == quote_id).first()
     if not quote:
         return {'msg': 'Invalid quote ID',
                 'status': 'error'}
     if request.environ['REQUEST_METHOD'] == 'PUT':
         c.user.favourites.append(quote)
         db.commit()
         return {'msg': 'Quote favourited',
                 'status': 'success'}
     elif request.environ['REQUEST_METHOD'] == 'DELETE':
         if not quote in c.user.favourites:
             return {'msg': "Can't remove: This quote isn't in your favourites",
                     'status': 'error'}
         c.user.favourites.remove(quote)
         db.commit()
         return {'msg': 'Removed favourite',
                 'status': 'success'}
Ejemplo n.º 36
0
 def _has_made_too_many_reports(self):
     # TODO:
     # This filtering / counting should be done by SQLAlchemy.
     #
     # This is a quick hack to get around problems with between() and filter/filter_by,
     # possibly caused by the fact that ReportedQuotes is a Table() obj and not a class
     #
     reports = db.query(ReportedQuotes).filter_by(user_id=c.user.id).all()
     limit = 5
     limit_time = now() - datetime.timedelta(hours=1)
     i = 0
     found = []
     for report in reports:
         if limit_time < report.time:
             found.append(report)
         if i == limit:
             break
         i += 1
     return len(found) >= limit
Ejemplo n.º 37
0
 def _has_made_too_many_reports(self):
     # TODO:
     # This filtering / counting should be done by SQLAlchemy.
     #
     # This is a quick hack to get around problems with between() and filter/filter_by,
     # possibly caused by the fact that ReportedQuotes is a Table() obj and not a class
     #
     reports = db.query(ReportedQuotes).filter_by(user_id=c.user.id).all()
     limit = 5
     limit_time = now() - datetime.timedelta(hours=1)
     i = 0
     found = []
     for report in reports:
         if limit_time < report.time:
             found.append(report)
         if i == limit:
             break
         i += 1
     return len(found) >= limit
Ejemplo n.º 38
0
 def favourite(self, quote_id):
     authorize()
     quote = db.query(Quote).filter(Quote.id == quote_id).first()
     if not quote:
         return {'msg': 'Invalid quote ID.', 'status': 'error'}
     if request.environ['REQUEST_METHOD'] == 'POST':
         c.user.favourites.append(quote)
         db.commit()
         return {'msg': 'Quote favourited.', 'status': 'success'}
     elif request.environ['REQUEST_METHOD'] == 'DELETE':
         if not quote in c.user.favourites:
             return {
                 'msg':
                 "Can't remove: This quote isn't in your favourites.",
                 'status': 'error'
             }
         c.user.favourites.remove(quote)
         db.commit()
         return {'msg': 'Removed favourite.', 'status': 'success'}
     else:
         abort(405)
Ejemplo n.º 39
0
 def create(self):
     c.page = 'sign up'
     if request.environ['REQUEST_METHOD'] == 'GET':
         return render('/signup/form.mako')
     elif request.environ['REQUEST_METHOD'] == 'POST':
         username = request.params['username']
         password = request.params['password']
         password_confirm = request.params['password_confirm']
         email = request.params['email']
         
         validity = validate_signup(username, password,
                                    password_confirm, email)
         if not validity['status']:
             h.add_message(validity['msg'], 'error')
             return render('/signup/form.mako')
         try:
             create_user(username, password, email)
             authenticate(username, password)
             c.logged_in = True
             c.user = db.query(User).filter(User.username == username).first()
             return render('/signup/success.mako')
         except NameError, e:
             h.add_message(e.__str__(), 'error')
             return render('/signup/form.mako')
Ejemplo n.º 40
0
 def worst(self, page=1):
     quotes = db.query(Quote).order_by(
         Quote.rating).filter(Quote.status == QSTATUS['approved']).all()
     c.paginator = self._create_paginator(quotes, page)
     c.page = 'worst'
     return render('/browse.mako')
Ejemplo n.º 41
0
 def random(self):
     c.quote = db.query(Quote).order_by(sql.func.rand()).filter(
         Quote.status == QSTATUS['approved']).first()
     c.page = 'random'
     return render('/browse.mako')
Ejemplo n.º 42
0
 def disapproved(self, page=1):
     authorize()
     quotes = db.query(Quote).filter(Quote.status == QSTATUS['disapproved']).order_by(Quote.submitted.desc()).all()
     c.paginator = self._create_paginator(quotes, page)
     c.page = 'disapproved'
     return render('/browse.mako')
Ejemplo n.º 43
0
 def main(self, page=1):
     quotes = db.query(Quote).order_by(Quote.submitted.desc()).filter(Quote.approved == 1).all()
     c.paginator = self._create_paginator(quotes, page)
     c.page = 'browse'
     return render(self._get_template_name())
Ejemplo n.º 44
0
 def worst(self, page=1):
     quotes = db.query(Quote).order_by(Quote.score).filter(Quote.approved == 1).all()
     c.paginator = self._create_paginator(quotes, page)
     c.page = 'worst'
     return render(self._get_template_name())
Ejemplo n.º 45
0
 def random(self):
     c.quote = db.query(Quote).order_by(sql.func.rand()).filter(Quote.approved == 1).first()
     c.page = 'random'
     return render(self._get_template_name())
Ejemplo n.º 46
0
 def random(self):
     c.quote = db.query(Quote).order_by(sql.func.rand()).filter(Quote.status == QSTATUS['approved']).first()
     c.page = 'random'
     return render('/browse.mako')
Ejemplo n.º 47
0
 def worst(self, page=1):
     quotes = db.query(Quote).order_by(Quote.rating).filter(Quote.status == QSTATUS['approved']).all()
     c.paginator = self._create_paginator(quotes, page)
     c.page = 'worst'
     return render('/browse.mako')
Ejemplo n.º 48
0
    def reset_password(self):
        c.page = 'pw reset'
        c.key = request.params.get('key')
        c.redirect_url = url(controller='account', action='login')
        if request.environ['REQUEST_METHOD'] == 'GET':
            if not c.key:
                return render('/pw_reset/request.mako')
            else:
                reset_token = self._check_valid_pw_reset_key(c.key)
                if not reset_token:
                    h.add_message('Invalid reset token', 'error')
                    return render('/blank.mako')
                return render('/pw_reset/set.mako')
        elif request.environ['REQUEST_METHOD'] == 'POST':
            if not c.key:
                # create a password request key
                email = request.params['email']
                user = db.query(User).filter(User.email == email).first()
                if not user:
                    h.add_message('Invalid email address provided.', 'error')
                    return render('/pw_reset/request.mako')
                already_requested = db.query(PasswordResets).filter(
                    PasswordResets.user_id == user.id).first()
                if already_requested:
                    if already_requested.created < now() - datetime.timedelta(
                            hours=2):
                        db.delete(already_requested)
                    else:
                        h.add_message(
                            'A password reset has already been requested for this user.',
                            'error')
                        return render('/blank.mako')
                pw_reset_key = PasswordResets()
                pw_reset_key.user_id = user.id
                pw_reset_key.key = self._generate_pw_reset_key()
                db.add(pw_reset_key)
                db.commit()

                send_reset_password_email(user.email, pw_reset_key.key)
                h.add_message('Password reset email sent!', 'success')
                return render('/blank.mako')
            else:
                # reset the user's password to what they've submitted
                reset_token = self._check_valid_pw_reset_key(c.key)
                if not reset_token:
                    h.add_message('Invalid reset token', 'error')
                    return render('/blank.mako')
                password = request.params['password']
                password_confirm = request.params['password_confirm']
                valid_password = validate_password(password, password_confirm)
                if not valid_password['status']:
                    h.add_message(valid_password['msg'], 'error')
                    return render('/pw_reset/set.mako')
                user = db.query(User).filter(
                    User.id == reset_token.user_id).first()
                hashed_pass = h.hash_password(password)
                user.password = hashed_pass
                db.delete(reset_token)
                db.commit()

                h.add_message(
                    'Password successfully set. You should now be able to login.',
                    'success')
                return render('/blank.mako')