def before_request(): #print "REQUEST_HOST='%s'" % (request.host,) host_name = request.host.lower() # if ':' in host_name: host_name = host_name[:host_name.find(':')] if host_name in Site.domain_to_tag: # This is for DNS resolved versions site_tag = Site.domain_to_tag[host_name] else: # This is for subdomains of the main site : Just strip off the subdomain site_tag = host_name[:host_name.find('.')].lower() #print "REQUEST_HOST_TAG='%s'" % (site_tag,) flask.g.site = Site.query().filter_by(tag=site_tag).first() if flask.g.site is None: print("FAILED TO FIND SITE_TAG : DEFAULTING") # Default if all else fails flask.g.site = Site.query().filter_by(tag=Site.tag_main).first() if 'userid' in session: flask.g.user = User.get(session['userid']) else: flask.g.user = User(flask.g.site.tag, '*****@*****.**', 'Not logged in') # Creates a user with id=None #session.pop('hash') if 'hash' not in session: session['hash'] = ''.join(['%02x' % ord(ch) for ch in urandom(4)]) print("Created session hash '%s'" % (session['hash'], )) flask.g.hash = session['hash'] flask.g.ip = request.remote_addr
def before_request(): #print "REQUEST_HOST='%s'" % (request.host,) host_name = request.host.lower() # if ':' in host_name: host_name = host_name[:host_name.find(':')] if host_name in Site.domain_to_tag: # This is for DNS resolved versions site_tag = Site.domain_to_tag[host_name] else: # This is for subdomains of the main site : Just strip off the subdomain site_tag = host_name[:host_name.find('.')].lower() #print "REQUEST_HOST_TAG='%s'" % (site_tag,) flask.g.site = Site.query().filter_by(tag=site_tag).first() if flask.g.site is None: print "FAILED TO FIND SITE_TAG : DEFAULTING" # Default if all else fails flask.g.site = Site.query().filter_by(tag=Site.tag_main).first() if 'userid' in session: flask.g.user = User.get(session['userid']) else: flask.g.user = User(flask.g.site.tag, '*****@*****.**', 'Not logged in') # Creates a user with id=None #session.pop('hash') if 'hash' not in session: session['hash'] = ''.join([ '%02x' % ord(ch) for ch in urandom(4) ]) print "Created session hash '%s'" % (session['hash'],) flask.g.hash = session['hash'] flask.g.ip = request.remote_addr
def log_the_user_in(): form = request.form user = User.get(name=form['name']) sign = md5_hash(user.id + user.password) app.signed_cookie[user.name] = sign form['sign'] = sign del form['password'] request.set_cookie(form) return redirect('/hello')
def login(): if request.method == 'GET': return render('log_in.html') form = request.form user = User.get(name=form.get('name')) password = md5_hash(form.get('password', ''), salt=form.get('name', '')) if user is None or user.password != password: error = 'UserName or Password Is Incorrect' return render('log_in.html', error=error) return log_the_user_in()
def admin_audit(): criteria = dict() for c in ['proj', 'email', 'action']: criteria[c] = request.form.get(c, None) if criteria[c] == 'EMPTY': criteria[c] = None proj = criteria['proj'] Audit(flask.g, proj, '/admin/audit', '').write() if not flask.g.user.can_siteadmin(): Audit(flask.g, proj, '/admin/audit', '', result='NOT AUTHORIZED').write() return home_page() form = dict() crit_site = (Audit.site_tag == flask.g.site.tag) form['projects'] = Audit.query_element( Audit.project.distinct()).filter(crit_site).order_by( Audit.project).all() form['emails'] = Audit.query_element( Audit.user_id.distinct(), User.email).filter(crit_site).join( User, Audit.user_id == User.id).order_by(User.email).all() form['actions'] = Audit.query_element( Audit.action.distinct()).filter(crit_site).order_by( Audit.action).all() # http://stackoverflow.com/questions/2678600/how-do-i-construct-a-slightly-more-complex-filter-using-or-or-and-in-sqlalchem crit_extra = True clause = '' if criteria['proj'] is not None: crit_extra = (Audit.project == criteria['proj'].strip()) clause = ': Project = "%s"' % (criteria['proj'], ) if criteria['email'] is not None: user = User.get(criteria['email']) if user and user.site_tag == flask.g.site.tag: crit_extra = (Audit.user_id == user.id) clause = ': Email = "%s"' % (user.email, ) if criteria['action'] is not None: crit_extra = (Audit.action == criteria['action'].strip()) clause = ': Action = "%s"' % (criteria['action'], ) trail = Audit.query_element( Audit, User.email).filter(crit_site).filter(crit_extra).order_by( Audit.ts.desc()).join(User, Audit.user_id == User.id).limit(100).all() form['clause'] = clause return render_template('admin.audit.haml', form=form, trail=trail)
def login(request): if request.method == "GET": return render_for_response(request, "log_in.html") dic = request.form user = User.get(name=dic.get("name")) password = md5_hash(dic.get("password", ""), salt=dic.get("name", "")) if user is None or user.password != password: error = "UserName or Password Is Incorrect" return render_for_response(request, "log_in.html", error=error) request.status = "303 See Other" request.header.append(("Location", "/hello")) dic["sign"] = md5_hash(user.id + user.password) del dic["password"] signed_cookie[user.name] = dic["sign"] request.set_cookie(dic) return request
def login(request): if request.method == 'GET': return render_for_response(request, 'log_in.html') dic = request.form user = User.get(name=dic.get('name')) password = md5_hash(dic.get('password', ''), salt=dic.get('name', '')) if user is None or user.password != password: error = 'UserName or Password Is Incorrect' return render_for_response(request, 'log_in.html', error=error) request.status = '303 See Other' request.header.append(('Location', '/hello')) dic['sign'] = md5_hash(user.id + user.password) del dic['password'] signed_cookie[user.name] = dic['sign'] request.set_cookie(dic) return request
def register(): form = request.form name = form.get('name') user = User.get(name=name) password = form.get('password') if request.method == 'GET': return render('register.html') elif user is not None: error = 'UserName Is Registered' return render('register.html', error=error) password = md5_hash(password, salt=name) user = User(name=name, password=password) user.insert() return log_the_user_in()
def admin_audit(): criteria=dict() for c in ['proj', 'email', 'action']: criteria[c] = request.form.get(c, None) if criteria[c]=='EMPTY': criteria[c]=None proj = criteria['proj'] Audit(flask.g, proj, '/admin/audit', '').write() if not flask.g.user.can_siteadmin(): Audit(flask.g, proj, '/admin/audit', '', result='NOT AUTHORIZED').write() return home_page() form = dict() crit_site = ( Audit.site_tag == flask.g.site.tag ) form['projects']= Audit.query_element(Audit.project.distinct()).filter(crit_site).order_by(Audit.project).all() form['emails'] = Audit.query_element(Audit.user_id.distinct(), User.email).filter(crit_site).join(User, Audit.user_id == User.id).order_by(User.email).all() form['actions'] = Audit.query_element(Audit.action.distinct()).filter(crit_site).order_by(Audit.action).all() # http://stackoverflow.com/questions/2678600/how-do-i-construct-a-slightly-more-complex-filter-using-or-or-and-in-sqlalchem crit_extra = True clause='' if criteria['proj'] is not None: crit_extra = (Audit.project == criteria['proj'].strip()) clause = ': Project = "%s"' % (criteria['proj'],) if criteria['email'] is not None: user = User.get(criteria['email']) if user and user.site_tag == flask.g.site.tag: crit_extra = (Audit.user_id == user.id) clause = ': Email = "%s"' % (user.email,) if criteria['action'] is not None: crit_extra = (Audit.action == criteria['action'].strip()) clause = ': Action = "%s"' % (criteria['action'],) trail = Audit.query_element(Audit, User.email).filter(crit_site).filter(crit_extra).order_by(Audit.ts.desc()).join(User, Audit.user_id == User.id).limit(100).all() form['clause']=clause return render_template('admin.audit.haml', form=form, trail=trail)
def register(request): dic = request.form name = dic.get("name") user = User.get(name=name) password = dic.get("password") error = "" if request.method == "GET": return render_for_response(request, "register.html") elif user is not None: error = "UserName Is Registered" elif not password or not name: error = "User Name or Password Is empty" if error: return render_for_response(request, "register.html", error=error) dic["password"] = md5_hash(password, salt=name) user = User(**dic) user.insert() request.status = "303 See Other" request.header.append(("Location", "/hello")) dic["sign"] = md5_hash(user.id + user.password) del dic["password"] signed_cookie[user.name] = dic["sign"] request.set_cookie(dic) return request
def register(request): dic = request.form name = dic.get('name') user = User.get(name=name) password = dic.get('password') error = '' if request.method == 'GET': return render_for_response(request, 'register.html') elif user is not None: error = 'UserName Is Registered' elif not password or not name: error = 'User Name or Password Is empty' if error: return render_for_response(request, 'register.html', error=error) dic['password'] = md5_hash(password, salt=name) user = User(**dic) user.insert() request.status = '303 See Other' request.header.append(('Location', '/hello')) dic['sign'] = md5_hash(user.id + user.password) del dic['password'] signed_cookie[user.name] = dic['sign'] request.set_cookie(dic) return request
def admin_users(user_id=0): Audit(flask.g, None, '/admin/users', '').write() if not flask.g.user.can_siteadmin(): Audit(flask.g, None, '/admin/users', '', result='NOT AUTHORIZED').write() return home_page() form = dict() if user_id == 0: user = None else: user = User.get(user_id) print("Email='%s' :: perms='%s'" % ( user.email, user.bundle['perms'], )) rights = ['access', 'invite', 'files', 'admin'] projects = [] for i, proj in enumerate(sorted(flask.g.user.list_projects('access'))): d = { 'i': i, 'name': proj, 'disabled': '', } for r in rights: d[r] = '' projects.append(d) if user and user.site_tag == flask.g.site.tag: # Check that a user is selected and we can edit them Audit(flask.g, None, '/admin/users', 'user_id=%d' % (user.id, ), result='accessing').write() if request.method == 'POST': valid = True if request.form['email']: if user.email != request.form['email']: user.email = request.form['email'] flash('Email address updated', 'section_success') else: valid = False flash('Error: you have to provide an email address', 'section_edit') if request.form['name']: if user.name != request.form['name']: user.name = request.form['name'] flash('User name updated', 'section_success') else: valid = False flash('Error: you have to provide the user\'s name', 'section_edit') if user.id != flask.g.user.id: # Don't alter your own permissions! update = False for p in projects: for r in rights: if 'proj%d_%s' % ( p['i'], r ) in request.form: # http://nesv.blogspot.com/2011/10/flask-gotcha-with-html-forms-checkboxes.html #print "project[%s] %s checked" % (p['name'], r, ) if user.grant_permission(p['name'], r): update = True else: #print "project[%s] %s unchecked" % (p['name'], r, ) if user.revoke_permission(p['name'], r): update = True if update: flash('Access Rights updated', 'section_success') if valid: User.commit() Audit(flask.g, None, '/admin/users', 'user_id=%d' % (user.id, ), result='updated').write() else: Audit(flask.g, None, '/admin/users', 'user_id=%d' % (user.id, ), result='FAILURE').write() if 'password_reset' in request.form: User.commit() # In case the email address was updated send_reset_link(user) flash('Password Reset Email : Sent', 'section_success') form['user_id'] = user.id form['name'] = user.name form['email'] = user.email for p in projects: for r in rights: if user.has_permission(p['name'], r): p[r] = 'checked' if user.id == flask.g.user.id: # Don't alter your own permissions! p['disabled'] = 'disabled' else: form[ 'user_id'] = 0 # Zero is unassigned - and removes a lot of the RHS for i in ['name', 'email']: form[i] = '' # Build a list of users for this site_tag - for showing on the LHS users = [] for u in flask.g.site.list_users(): users.append({ # Flatten out the data (?WHY?) 'id':u.id, 'email':u.email, 'name':u.name, }) return render_template('admin.users.haml', form=form, users=users, projects=projects, rights=rights)
def create_password_form(user_id, token, is_new=True): next_url = request.args.get('next_url', '/') url_here = '/user/new' if is_new else '/user/reset' Audit(flask.g, '', url_here, '', result='Invite start').write() # Sign the user out (just to make sure) session.pop('userid', None) form = dict(email='', password='', password2='') valid = False if is_new: msg = "Error : Your invitation is invalid - please ask for a new one" else: msg = "Error : This is not a valid password reset link" user = User.get(user_id) if user: token_target = user.invitation_token() if token_target.lower() == token.lower(): form['email'] = user.email valid = True Audit(flask.g, '', url_here, user.email, result='Arrived').write() if is_new: if not user.password_unset( ): # This invitation has already been consumed... Audit(flask.g, '', url_here, '', result='Invitation already used up').write() valid = False msg = "Your invitation has already been used once - please use the Login tab above" else: user.password = None Audit(flask.g, '', url_here, '', result='Resetting Password').write() User.commit() if valid: if request.method == 'POST': # user has good data in it form['password'] = request.form['password'].strip() valid = check_password_acceptable(url_here, user, form['password'], request.form['password2']) if 'ts_and_cs' in request.form: Audit(flask.g, '', url_here, user.email, result='Accepted Ts and Cs').write() else: valid = False Audit(flask.g, '', url_here, user.email, result='Did not accept Ts and Cs').write() flash("The Terms and Conditions must be accepted to continue", 'error') if valid: # HUGE success user.set_password(form['password']) User.commit() # Now log this user in too flask.g.user = user # Fix up g, so that Audit works Audit(flask.g, '', url_here, user.email, result='Set password').write() session['userid'] = user.id return redirect(url_for('edit_profile', next_url=next_url)) else: Audit(flask.g, '', url_here, "%d/%s" % ( user_id, token, ), result='Failure').write() flash(msg, 'error') return render_template('user.create-password.haml', form=form, next_url=next_url, is_new=is_new)
def admin_users(user_id=0): Audit(flask.g, None, '/admin/users', '').write() if not flask.g.user.can_siteadmin(): Audit(flask.g, None, '/admin/users', '', result='NOT AUTHORIZED').write() return home_page() form=dict() if user_id==0: user = None else: user = User.get(user_id) print "Email='%s' :: perms='%s'" % (user.email, user.bundle['perms'], ) rights = ['access', 'invite', 'files', 'admin'] projects=[] for i,proj in enumerate(sorted(flask.g.user.list_projects('access'))): d = { 'i':i, 'name':proj, 'disabled':'', } for r in rights: d[r]='' projects.append(d) if user and user.site_tag == flask.g.site.tag: # Check that a user is selected and we can edit them Audit(flask.g, None, '/admin/users', 'user_id=%d' % (user.id,), result='accessing').write() if request.method == 'POST': valid = True if request.form['email']: if user.email != request.form['email']: user.email = request.form['email'] flash(u'Email address updated', 'section_success') else: valid = False flash(u'Error: you have to provide an email address', 'section_edit') if request.form['name']: if user.name != request.form['name']: user.name = request.form['name'] flash(u'User name updated', 'section_success') else: valid = False flash(u'Error: you have to provide the user\'s name', 'section_edit') if user.id != flask.g.user.id: # Don't alter your own permissions! update = False for p in projects: for r in rights: if 'proj%d_%s' % (p['i'],r) in request.form: # http://nesv.blogspot.com/2011/10/flask-gotcha-with-html-forms-checkboxes.html #print "project[%s] %s checked" % (p['name'], r, ) if user.grant_permission(p['name'], r): update = True else: #print "project[%s] %s unchecked" % (p['name'], r, ) if user.revoke_permission(p['name'], r): update = True if update: flash(u'Access Rights updated', 'section_success') if valid: User.commit() Audit(flask.g, None, '/admin/users', 'user_id=%d' % (user.id,), result='updated').write() else: Audit(flask.g, None, '/admin/users', 'user_id=%d' % (user.id,), result='FAILURE').write() if 'password_reset' in request.form: User.commit() # In case the email address was updated send_reset_link(user) flash(u'Password Reset Email : Sent', 'section_success') form['user_id']=user.id form['name']=user.name form['email']=user.email for p in projects: for r in rights: if user.has_permission(p['name'], r): p[r]='checked' if user.id == flask.g.user.id: # Don't alter your own permissions! p['disabled']='disabled' else: form['user_id']=0 # Zero is unassigned - and removes a lot of the RHS for i in ['name', 'email']: form[i] = '' # Build a list of users for this site_tag - for showing on the LHS users = [] for u in flask.g.site.list_users(): users.append({ # Flatten out the data (?WHY?) 'id':u.id, 'email':u.email, 'name':u.name, }) return render_template('admin.users.haml', form=form, users=users, projects=projects, rights=rights)
def create_password_form(user_id, token, is_new=True): next_url = request.args.get('next_url', '/') url_here = '/user/new' if is_new else '/user/reset' Audit(flask.g, '', url_here, '', result='Invite start').write() # Sign the user out (just to make sure) session.pop('userid', None) form=dict(email='', password='', password2='') valid=False if is_new: msg = "Error : Your invitation is invalid - please ask for a new one" else: msg = "Error : This is not a valid password reset link" user = User.get(user_id) if user: token_target = user.invitation_token() if token_target.lower()==token.lower(): form['email']=user.email valid=True Audit(flask.g, '', url_here, user.email, result='Arrived').write() if is_new : if not user.password_unset(): # This invitation has already been consumed... Audit(flask.g, '', url_here, '', result='Invitation already used up').write() valid=False msg="Your invitation has already been used once - please use the Login tab above" else: user.password=None Audit(flask.g, '', url_here, '', result='Resetting Password').write() User.commit() if valid : if request.method == 'POST': # user has good data in it form['password']=request.form['password'].strip() valid=check_password_acceptable(url_here, user, form['password'], request.form['password2']) if 'ts_and_cs' in request.form: Audit(flask.g, '', url_here, user.email, result='Accepted Ts and Cs').write() else: valid=False Audit(flask.g, '', url_here, user.email, result='Did not accept Ts and Cs').write() flash("The Terms and Conditions must be accepted to continue", 'error') if valid: # HUGE success user.set_password(form['password']) User.commit() # Now log this user in too flask.g.user = user # Fix up g, so that Audit works Audit(flask.g, '', url_here, user.email, result='Set password').write() session['userid']=user.id return redirect(url_for('edit_profile', next_url=next_url)) else: Audit(flask.g, '', url_here, "%d/%s" % (user_id, token, ) , result='Failure').write() flash(msg, 'error') return render_template('user.create-password.haml', form=form, next_url=next_url, is_new=is_new)