def clean_inputs(event):
request = event.request
safe_post = {}
safe_params = {}
safe_get = {}
if request.POST:
p = request.POST
for i in p.items():
# i[0] is field name, i[1] is actual object
# do NOT do anything to FieldStorage (POST'd files)
# attempting to add them to this variable results in
# pickling error, cgi.FieldStorage does not define
# __getstate__ apparently.
# access any posted files directly via request.POST
if isinstance(i[1], cgi.FieldStorage):
continue
if i[0] != 'body' and i[0] != 'description' and i[0] != 'description-textarea':
safe_i = general.strip_all_html(i[1])
safe_post[i[0]] = safe_i
else:
safe_post[i[0]] = i[1]
if request.GET:
get = request.GET
for i in get.items():
safe_i = general.strip_all_html(i[1])
safe_get[i[0]] = safe_i
request.session['safe_get'] = safe_get
request.session['safe_post'] = safe_post
request.session['safe_params'] = dict(safe_get.items() + safe_post.items())
return 0
def login(request):
#@FIXME: this uses a request handling method with success with which I was experimenting
# it is not used elsewhere and is a pain to read and write
# success = False causes a page to stop drawing and "error out"
# some error conditions therefore don't set success to false because it's more convenient
# to draw the rest of the page.
#
# someone should adapt this to be less success-centric and read less branchy.
s = request.session
success = True
# check for facebook login, provided by Facebook's JS SDK
try:
fb_cookie = fb.extract_from_cookie(request)
try:
u = users.get_user_by_name(fb_cookie['local_username'])
except sqlalchemy.orm.exc.NoResultFound:
u = fb.create_local_user(fb_cookie['info'],
fb_cookie['local_username'],
request=request)
try:
users.login_user(request, u, None, bypass_password=True)
except LoginAdapterExc:
pass
except LoginAdapterExc:
pass
if 'logout' in request.session['safe_params']:
if 'logged_in' in s:
del s['logged_in']
del s['users.id']
if 'u_fbgraph' in s:
del s['u_fbgraph']
del s['u_fbinfo']
if 'u_twit' in s:
del s['u_twit']
s['message'] = "You have been logged out, thanks."
success = True
else:
s['message'] = "You are not logged in."
success = True
else:
logged_in = False
if 'logged_in' in s:
s['message'] = "You are already logged in."
logged_in = True
else:
if 'message' not in s:
if 'last_login_status' in s:
s['message'] = s['last_login_status']
del s['last_login_status']
else:
s['message'] = "Please log in."
p = request.session['safe_post']
prm = request.session['safe_params']
username = None
if 'username' in prm:
username = general.strip_all_html(prm['username'])
if p:
dbsession = DBSession()
if request.session['safe_get']['act'] == 'register':
if logged_in:
try:
u = users.get_user_by_id(s['users.id'])
if u.temporary:
users.create_user(temp_to_perm=True,
extant_id=s['users.id'],
username=username,
password=p['password'],
email=p['email'],
origination='site')
s['message'] = "Your anonymous profile has been converted, thanks."
else:
s['message'] = "You can't register while you're logged in."
except sqlalchemy.exc.IntegrityError:
s['message'] = "This username is already registered, sorry."
dbsession.rollback()
else:
try:
users.create_user(username=username,
password=p['password'],
email=p['email'],
origination='site')
s['message'] = "Successfully registered."
success = True
except sqlalchemy.exc.IntegrityError:
s['message'] = "This username is already registered, sorry."
success = False
dbsession.rollback()
elif request.session['safe_get']['act'] == 'update_pw':
if p['new_password'] != p['new_password_confirm']:
s['message'] = 'New password doesn\'t match confirmation, please try again.'
else:
u = None
if s['logged_in_admin']:
if 'user_id' in prm:
u = users.get_user_by_id(prm['user_id'])
if u == None:
u = users.get_user_by_id(s['users.id'])
if u.verify_pw(p['old_password']) or s['logged_in_admin']:
u.password = u.hash_pw(p['new_password'])
dbsession.add(u)
s['message'] = 'Password updated.'
success = True
else:
s['message'] = 'Old password invalid.'
elif request.session['safe_get']['act'] == 'forgot_pass':
user = users.get_user_by_email(p['email'])
if not user:
s['message'] = "That email isn't registered"
else:
s['message'] = "Check your mail for a confirmation message."
users.send_lost_password_verify_email(request, user)
else:
try:
u = users.get_user_by_name(username)
try:
users.login_user(request, u, p['password'])
s['message'] = "Good, logged in"
success = True
return HTTPFound(request.route_url('post'))
except LoginAdapterExc:
s['message'] = "Incorrect password."
success = False
except sqlalchemy.orm.exc.NoResultFound:
s['message'] = "Sorry, I don't know you."
success = False
return {
'success': success,
}
def submit(request):
s = request.session
p = request.session['safe_post']
r = request
qs = s['safe_get']
s['message'] = "Post a story."
dbsession = DBSession()
stories = None
sections = section_queries.get_sections()
new_url_text = ''
new_title_text = ''
route_name = r.matched_route.name
if route_name == 'new_page':
# require admin to load a new page form
if 'logged_in_admin' not in s or s['logged_in_admin'] == False:
return HTTPNotFound()
#if uses came in with a share button, redirect to existing discussion if there is one
if 'from' in qs and qs['from'] == 'button':
existing_post = submission.get_story_by_url_oldest(qs['url'])
if existing_post:
return HTTPFound(r.route_url('full', sub_id=existing_post.id))
new_url_text = qs['url']
if 'title' in qs:
new_title_text = qs['title']
if 'logged_in' not in s:
s['message'] = 'Sorry, you must <a href="{0}">log in</a> before you can share a link.'.format(
r.route_url('login'))
return {'stories': [], 'success': False, 'code': 'ENOLOGIN'}
if p and 'title' in p:
if 'logged_in' not in s:
s['message'] = 'Sorry, please log in first'
return {'stories': [], 'success': False, 'code': 'ENOLOGIN'}
if 'section_id' not in p or p['section_id'] == '':
return {'stories': [], 'success': False, 'code': 'ENOSECTION'}
if 'url' in p and p['url'] != '' and p['url'] is not None:
p['url'] = general.strip_all_html(p['url'])
if not re.match(r'http[s]*:\/\/', p['url']):
p['url'] = 'http://' + p['url']
else:
# set to None so that NULL goes into the database
p['url'] = None
if route_name == 'new_page':
render_type = p['render_type']
slug = p['slug']
# if we can find this slug already, kill submission here.
try:
s = dbsession.query(Submission).filter(
Submission.slug == slug).one()
s['message'] = 'This slug is already taken.'
success = False
except sqlalchemy.orm.exc.NoResultFound:
pass
else:
slug = ''
render_type = 'story_md'
if 'section_id' in p:
sub = Submission(p['title'][:100],
p['description'],
p['url'],
s['users.id'],
section=p['section_id'])
else:
sub = Submission(p['title'][:100], p['description'], p['url'],
s['users.id'])
sub.render_type = render_type
# slug octet no longer derived from story's actual id
if slug == '':
slug = u"{title}-{uuid_first_octet}".format(
title=slugify.slugify(unicode(p['title'][:100])),
uuid_first_octet=str(general.gen_uuid())[:8])
sub.slug = slug
dbsession.add(sub)
dbsession.flush()
# add notify
if general.check_notify_default(s['users.id'], r):
notify_queries.create_notify(s['users.id'], sub.id, s['users.id'])
v = Vote(sub.id, s['users.id'], 1, "submission", None)
v.direction = 1
dbsession.add(v)
s['message'] = "Added."
try:
if request.registry.solr_conn:
# we flush here to ensure we have a vaild id object when added to solr
# we use this if statement so that the exception will be raised before
# dbsession is flushed, hence avoiding an unnecessary flush if the site
# is not using solr.
dbsession.flush()
request.registry.solr_conn.add({
'id': sub.id,
'title': sub.title,
'description': sub.description
})
request.registry.solr_conn.commit()
except AttributeError:
#solr is not configured for this connection
pass
return HTTPFound(r.route_url('home'))
return {
'stories': stories,
'success': True,
'code': 0,
'new_url_text': new_url_text,
'new_title_text': new_title_text,
'sections': sections
}
def submit(request):
s = request.session
p = request.session['safe_post']
r = request
qs = s['safe_get']
s['message'] = "Post a story."
dbsession = DBSession()
stories = None
sections = section_queries.get_sections()
new_url_text = ''
new_title_text = ''
route_name = r.matched_route.name
if route_name == 'new_page':
# require admin to load a new page form
if 'logged_in_admin' not in s or s['logged_in_admin'] == False:
return HTTPNotFound()
#if uses came in with a share button, redirect to existing discussion if there is one
if 'from' in qs and qs['from'] == 'button':
existing_post = submission.get_story_by_url_oldest(qs['url'])
if existing_post:
return HTTPFound(r.route_url('full', sub_id=existing_post.id))
new_url_text = qs['url']
if 'title' in qs:
new_title_text = qs['title']
if 'logged_in' not in s:
s['message'] = 'Sorry, you must <a href="{0}">log in</a> before you can share a link.'.format(r.route_url('login'))
return {'stories': [], 'success': False, 'code': 'ENOLOGIN'}
if p and 'title' in p:
if 'logged_in' not in s:
s['message'] = 'Sorry, please log in first'
return {'stories': [], 'success': False, 'code': 'ENOLOGIN'}
if 'section_id' not in p or p['section_id'] == '':
return {'stories': [], 'success': False, 'code': 'ENOSECTION'}
if 'url' in p and p['url'] != '' and p['url'] is not None:
p['url'] = general.strip_all_html(p['url'])
if not re.match(r'http[s]*:\/\/', p['url']):
p['url'] = 'http://' + p['url']
else:
# set to None so that NULL goes into the database
p['url'] = None
if route_name == 'new_page':
render_type = p['render_type']
slug = p['slug']
# if we can find this slug already, kill submission here.
try:
s = dbsession.query(Submission).filter(Submission.slug == slug).one()
s['message'] = 'This slug is already taken.'
success = False
except sqlalchemy.orm.exc.NoResultFound:
pass
else:
slug = ''
render_type = 'story_md'
if 'section_id' in p:
sub = Submission(p['title'][:100], p['description'], p['url'], s['users.id'], section = p['section_id'])
else:
sub = Submission(p['title'][:100], p['description'], p['url'], s['users.id'])
sub.render_type = render_type
# slug octet no longer derived from story's actual id
if slug == '':
slug = u"{title}-{uuid_first_octet}".format(
title = slugify.slugify(unicode(p['title'][:100])),
uuid_first_octet = str(general.gen_uuid())[:8])
sub.slug = slug
dbsession.add(sub)
dbsession.flush()
# add notify
if general.check_notify_default(s['users.id'], r):
notify_queries.create_notify(s['users.id'], sub.id, s['users.id'])
v = Vote(sub.id, s['users.id'], 1, "submission", None)
v.direction = 1
dbsession.add(v)
s['message'] = "Added."
try:
if request.registry.solr_conn:
# we flush here to ensure we have a vaild id object when added to solr
# we use this if statement so that the exception will be raised before
# dbsession is flushed, hence avoiding an unnecessary flush if the site
# is not using solr.
dbsession.flush()
request.registry.solr_conn.add({'id': sub.id, 'title': sub.title, 'description': sub.description})
request.registry.solr_conn.commit()
except AttributeError:
#solr is not configured for this connection
pass
return HTTPFound(r.route_url('home'))
return {'stories': stories, 'success': True, 'code': 0,
'new_url_text': new_url_text, 'new_title_text': new_title_text,
'sections': sections}
