def validate_user(self, field):
if field.data:
self.connection_user = AccountUser.query.filter_by(id=field.data, active=True).first()
if not self.connection_user or self.connection_user.id == self.account_user.id:
raise wtforms.ValidationError(_('Invalid user id.'))
if not self.connection_user.contactable and not self._get_reverse_connection():
raise wtforms.ValidationError(_('User not contactable.'))
def _valid(form, value):
if value.data:
delta = (datetime.today().date() - value.data).days / 365.0
if delta > 150:
raise wtf.ValidationError(_("Looks like you're unreasonably old!"))
elif delta < 0:
raise wtf.ValidationError(_("Looks like you're born in the future!"))
elif delta < 13:
raise wtf.ValidationError(_("Rockpack is not available for under 13's yet."))
def _valid(form, field):
if not field.data:
return
if field.data != User.sanitise_username(field.data):
raise wtf.ValidationError(_('Username can only contain alphanumerics.'))
exists = username_exists(field.data)
if exists == 'reserved':
raise wtf.ValidationError(_('"%s" is reserved.') % field.data)
elif exists:
raise wtf.ValidationError(_('"%s" already taken.') % field.data)
naughty_word_validator(form, field)
def validate(self):
success = super(ExternalLoginForm, self).validate()
if success:
auth_handler = get_auth_handler(self.external_system.data)
if not auth_handler:
self._errors = dict(external_system=[_('Unsupported system.')])
success = False
else:
self.user_data = auth_handler.verify(self.external_token.data)
if not self.user_data:
self._errors = dict(external_token=[_('Invalid token.')])
success = False
return success
def label(self):
labels = self.tags and [t[6:] for t in self.tags.split(",") if t.startswith("label-")]
if labels:
label = labels[0].replace("-", " ")
return label.capitalize() if label.islower() else label
elif not self.original_channel_owner:
return _("Latest")
def validate_copy_video(self, field):
if field.data:
field.data = Video.query.get(self.copy_video.data)
if (not field.data or
field.data.status == 'uploading' or
(field.data.account_id != self.account_id and not
current_user.has_collaborator_permission(field.data.id, 'download'))):
raise wtforms.ValidationError(_('Invalid video id.'))
def validate_meta(form, value):
if value.data:
try:
if isinstance(value.data, basestring):
value.data = json.loads(value.data)
assert type(value.data) is dict
except:
raise wtf.ValidationError(_('Invalid account metadata.'))
def validate(self):
success = super(LoginForm, self).validate()
if success:
self.user = AccountUser.get_from_credentials(self.username.data, self.password.data)
if not self.user:
self._errors = dict(username=[_('The username or password you entered is incorrect.')])
success = False
return success
def naughty_word_validator(form, value):
if not value.data:
return
words = PUNCTUATION_RE.split(value.data)
if len(words) == 1 and not words[0].upper() == words[0]:
words = CAPITALIZED_SUBWORDS_RE.findall(words[0][:1].upper() + words[0][1:])
for word in words:
if word and word.lower() in NAUGHTY_WORDS:
raise ValidationError(_('Mind your language!'))
def twitter_auth_callback():
callback_function = request.args.get('callback', '')
if not CALLBACK_JS_FUNCTION_RE.match(callback_function):
callback_function = 'console.log'
verifier = request.args.get('oauth_verifier')
token = request.args.get('oauth_token')
secret = session.pop('twitter_req_secret', None)
result = dict(error=None)
if verifier and secret and token == session.pop('twitter_req_token', 'none'):
oauth = OAuth1(
current_app.config['TWITTER_CONSUMER_KEY'],
current_app.config['TWITTER_CONSUMER_SECRET'],
token,
secret,
verifier=verifier,
)
response = requests.post(twitter.ACCESS_TOKEN_URL, auth=oauth)
if response.ok:
token_data = parse_qs(response.content)
token = token_data['oauth_token'][0] + ':' + token_data['oauth_token_secret'][0]
result['credentials'] = dict(
external_system='twitter',
external_token=token,
metadata=dict(screen_name=token_data['screen_name'][0]),
)
else:
try:
result['error'] =\
ElementTree.fromstring(response.content).find('error').text
except SyntaxError:
result['error'] = _('Unknown')
else:
if request.args.get('denied'):
result['error'] = _('Access not granted')
else:
result['error'] = _('Invalid token')
return render_template('auth_callback.html',
result=result, callback_function=callback_function)
def save(self):
user = AccountUser.query.join(
AccountUserAuthToken,
(AccountUserAuthToken.account_user_id == AccountUser.id) &
(AccountUserAuthToken.external_system == self.external_system.data) &
(AccountUserAuthToken.external_uid == str(self.user_data['id']))
).first()
if user:
# User already registered
return user
else:
# Try to register a new user
if not self.username.data:
abort(400, error='registration_required',
form_errors=dict(username=[_('This field is required.')]))
if not self.location.data or self.location.data == 'None':
abort(400, error='invalid_request',
form_errors=dict(location=[_('This field is required.')]))
try:
user = register_user(self.user_data['name'], self.username.data,
None, self.location.data)
except IntegrityError as e:
if '(username)' in e.message:
abort(400, error='invalid_request',
form_errors=dict(username=[_('Username already registered.')]))
raise
else:
self.account_id = user.account_id
self._update_user(user)
user.auth_tokens = [
AccountUserAuthToken(
external_system=self.external_system.data,
external_uid=str(self.user_data['id']),
external_token=self.external_token.data,
meta=json.dumps(self.metadata.data),
)
]
return user
def update_token(cls, user, eu):
"""Updates an existing token (or creates a new one) and returns the token object"""
if eu.system not in EXTERNAL_SYSTEM_NAMES:
raise exceptions.InvalidExternalSystem('{} is not a valid name'.format(eu.system))
try:
token = cls.query.filter_by(external_uid=eu.id, external_system=eu.system).one()
token._existing = True
except exc.NoResultFound:
if user.id and ExternalToken.query.filter_by(user=user.id, external_system=eu.system).count():
abort(400, message=_('User already associated with account'))
token = cls(external_system=eu.system, external_uid=eu.id).add()
token.user_rel = user
else:
if not user.id:
# This can happen if two registration requests with the same external token
# come in at the same time and the first has been committed when we get here.
raise TokenExistsException()
if token.user != user.id:
app.logger.error('Token owner %s does not match update user: %s', token.user, user.id)
abort(400, message=_('External account mismatch'))
token.external_token = eu.token
token.expires = eu.expires
token.permissions = eu.permissions
token.meta = eu.meta
# Fetch a long-lived token if we don't have an expiry,
# or we haven't long to go until it does expire
expiry_delta = timedelta(days=app.config.get('EXTERNAL_TOKEN_EXPIRY_THRESHOLD_DAYS', 1))
if expiry_delta and (not token.expires or datetime.now() + expiry_delta > token.expires):
new_eu = eu.get_new_token()
token.external_token = new_eu.token
token.expires = new_eu.expires
return token
def process_image(field, data=None):
if not data:
if request.mimetype.startswith('image/'):
# PIL needs to seek on the data and request.stream doesn't have that
data = StringIO(request.data)
elif request.mimetype.startswith('multipart/form-data'):
data = request.files['image']
else:
abort(400, message=_('No image data'))
cfgkey = field.class_.__table__.columns.get(field.key).type.cfgkey
try:
return resize_and_upload(data, cfgkey)
except IOError, e:
abort(400, message=e.message or str(e))
def validate_profile(self, field):
if field.data:
self.profile_user = AccountUser.query.filter_by(id=field.data, active=True).first()
if not self.profile_user or self.profile_user.id == self.account_user.id:
raise wtforms.ValidationError(_('Invalid profile id.'))
def _valid(form, field):
if field.data not in GENDERS:
raise wtf.ValidationError(_('Invalid gender.'))
def validate_external_system(form, value):
if value.data not in models.EXTERNAL_SYSTEM_NAMES:
raise wtf.ValidationError(_('External system invalid.'))
def validate_token_expires(form, value):
if value.data:
try:
value.data = datetime.strptime(value.data[:19], '%Y-%m-%dT%H:%M:%S')
except ValueError:
raise wtf.ValidationError(_('Invalid expiry date.'))
def _registered(form, field):
if field.data:
field.data = field.data.lower()
if User.query.filter_by(email=field.data).count():
raise wtf.ValidationError(_('Email address already registered.'))
def _exists(form, field):
if field.data:
field.data = field.data.lower()
user = AccountUser.query.filter(func.lower(AccountUser.username) == field.data)
if user.value(func.count()):
raise wtforms.ValidationError(_('Username already registered.'))
