def change_user_password(id):
# Permissions check
if id != request.user['user_id'] and not request.user['can_create_users']:
raise KeyError("You must be an admin to change other users' passwords")
# Parsing form data
new_password = request.form['new_password']
try:
old_password = request.form['old_password']
except KeyError:
old_password = None
# TODO: Fetching user by ID is silly if all we're using it for is a key
# in change_password()...
user = users.get_user_by_id(id)
name = user['user_name']
# old_password = None tells change_password() to ignore the old
# password check. As a result, it should only be None if the user
# has administrative privileges, or an attack surface for account
# hijacking exists.
if old_password is None and not request.user['can_create_users']:
raise ValueError("old_password is None, and you are not an admin.")
users.change_password(name, new_password, old_password)
return redirect(url_for('user_details', id=id))
def change_user_password(id):
# Permissions check
if id != request.user['user_id'] and not request.user['can_create_users']:
raise KeyError("You must be an admin to change other users' passwords")
# Parsing form data
new_password = request.form['new_password']
try:
old_password = request.form['old_password']
except KeyError:
old_password = None
# TODO: Fetching user by ID is silly if all we're using it for is a key
# in change_password()...
user = users.get_user_by_id(id)
name = user['user_name']
# old_password = None tells change_password() to ignore the old
# password check. As a result, it should only be None if the user
# has administrative privileges, or an attack surface for account
# hijacking exists.
if old_password is None and not request.user['can_create_users']:
raise ValueError("old_password is None, and you are not an admin.")
users.change_password(name, new_password, old_password)
return redirect(url_for('user_details', id=id))
def show(product_id):
product = helpers.get_by(glob.products, product_id)
if product is None :
return 'No such product', 400
p = copy.deepcopy(product)
iduser = p['user_id']
user = users.get_user_by_id(int(iduser))
p['user'] = user
return jsonify( { 'product' : p } )
def get(self,path="/"):
user_id_cv = self.request.cookies.get(str('user_id'))
user_id = None
if user_id_cv:
user_id = utils.check_secure_val(user_id_cv)
username = None
if user_id:
user = users.get_user_by_id(user_id)
if user:
username = user.login_name
if username: #if valid user logged in
wpages = get_page_history(path)
self.show_history_page(username,wpages,path)
else:
self.redirect("/login")
def find_diff(u_id: str) -> Tuple[List[SkywardClass], List[SkywardClass]]:
user_obj = users.get_user_by_id(u_id)
mongo_grades_pkl = user_obj["grades"]
mongo_grades = loads(mongo_grades_pkl)
sky_data = user_obj["sky_data"]
service = user_obj["service"]
if sky_data == {}:
raise SessionError("Session was destroyed.")
try:
curr_grades = SkywardAPI.from_session_data(service,
sky_data).get_grades()
users.update_user(u_id, {"grades": dumps(curr_grades)})
changed_grades = [] # type: List[SkywardClass]
removed_grades = [] # type: List[SkywardClass]
for curr_class, old_class in zip(curr_grades, mongo_grades):
changed_grades.append(curr_class - old_class)
removed_grades.append(old_class - curr_class)
return (changed_grades, removed_grades)
except SessionError:
raise SessionError("Session was destroyed.")
def get(self,path="/"):
user_id_cv = self.request.cookies.get(str('user_id'))
user_id = None
if user_id_cv:
user_id = utils.check_secure_val(user_id_cv)
username = None
if user_id:
user = users.get_user_by_id(user_id)
if user:
username = user.login_name
if username: #if valid user logged in
ver = self.request.get('v')
if ver:
page = get_page_by_id(ver)
else:
page = get_page(path,True)
self.show_edit_page(username,page)
else:
self.redirect("/login")
def get(self,path="/"):
user_id_cv = self.request.cookies.get(str('user_id'))
user_id = None
if user_id_cv:
user_id = utils.check_secure_val(user_id_cv)
username = None
if user_id: #user logged in
user = users.get_user_by_id(user_id)
if user:
username = user.login_name
## Check if page referred by the path exists
ver = self.request.get('v')
if ver:
page = get_page_by_id(ver)
else:
page = get_page(path)
if page:
self.show_wiki_page(page,username)
else:
self.redirect("/_edit"+path)
def user_details(id):
user = users.get_user_by_id(id)
return render_template('user_details.html', user=user)
def load_user(uid):
return users.get_user_by_id(get_db(), uid.encode('utf-8'))
def do_GET(self):
self._set_headers(200)
response = {}
parsed = self.parse_url(self.path)
if len(parsed) == 2:
( resource, id ) = parsed
if resource == "users":
if id is not None:
response = get_user_by_id(id)
else:
response = get_all_users()
if resource == "categories":
if id is not None:
pass
else:
response = get_all_categories()
elif resource == "tags":
if id is not None:
pass
else:
response = get_all_tags()
elif resource == "posts":
if id is not None:
response = get_post_by_id(id)
else:
response = get_all_posts()
elif resource == "comments":
if id is not None:
pass
else:
response = get_all_comments()
elif resource == "subscriptions":
if id is not None:
response = get_subscribed_posts_by_id(id)
else:
pass
elif resource == "reactions":
if id is not None:
pass
else:
response = get_all_reactions()
elif resource == "postreactions":
if id is not None:
response = get_postreactions_by_id(id)
else:
pass
# Response from parse_url() is a tuple with 3
# items in it, which means the request was for
# `/resource?parameter=value`
elif len(parsed) == 3:
( resource, key, value ) = parsed
if key == "user_id" and resource == "posts":
response = get_posts_by_user_id(value)
elif key.lower() == "isadmin" and resource == "users":
response = get_users_by_profile_type(value)
elif key == "category_id" and resource == "posts":
response = get_posts_by_category_id(value)
elif key == "tag_id" and resource == "posts":
response = get_posts_by_tag_id(value)
elif key == "q" and resource == "posts":
response = get_posts_by_title_search(value)
self.wfile.write(response.encode())
def user_details(id):
user = users.get_user_by_id(id)
return render_template('user_details.html', user=user)
def singleUser(id):
return users.get_user_by_id(cursor, conn, request, id)
