def before_request():
#print "REQUEST_HOST='%s'" % (request.host,)
host_name = request.host.lower()
# if ':' in host_name: host_name = host_name[:host_name.find(':')]
if host_name in Site.domain_to_tag:
# This is for DNS resolved versions
site_tag = Site.domain_to_tag[host_name]
else:
# This is for subdomains of the main site : Just strip off the subdomain
site_tag = host_name[:host_name.find('.')].lower()
#print "REQUEST_HOST_TAG='%s'" % (site_tag,)
flask.g.site = Site.query().filter_by(tag=site_tag).first()
if flask.g.site is None:
print("FAILED TO FIND SITE_TAG : DEFAULTING")
# Default if all else fails
flask.g.site = Site.query().filter_by(tag=Site.tag_main).first()
if 'userid' in session:
flask.g.user = User.get(session['userid'])
else:
flask.g.user = User(flask.g.site.tag, '*****@*****.**',
'Not logged in') # Creates a user with id=None
#session.pop('hash')
if 'hash' not in session:
session['hash'] = ''.join(['%02x' % ord(ch) for ch in urandom(4)])
print("Created session hash '%s'" % (session['hash'], ))
flask.g.hash = session['hash']
flask.g.ip = request.remote_addr
def before_request():
#print "REQUEST_HOST='%s'" % (request.host,)
host_name = request.host.lower()
# if ':' in host_name: host_name = host_name[:host_name.find(':')]
if host_name in Site.domain_to_tag:
# This is for DNS resolved versions
site_tag = Site.domain_to_tag[host_name]
else:
# This is for subdomains of the main site : Just strip off the subdomain
site_tag = host_name[:host_name.find('.')].lower()
#print "REQUEST_HOST_TAG='%s'" % (site_tag,)
flask.g.site = Site.query().filter_by(tag=site_tag).first()
if flask.g.site is None:
print "FAILED TO FIND SITE_TAG : DEFAULTING"
# Default if all else fails
flask.g.site = Site.query().filter_by(tag=Site.tag_main).first()
if 'userid' in session:
flask.g.user = User.get(session['userid'])
else:
flask.g.user = User(flask.g.site.tag, '*****@*****.**', 'Not logged in') # Creates a user with id=None
#session.pop('hash')
if 'hash' not in session:
session['hash'] = ''.join([ '%02x' % ord(ch) for ch in urandom(4) ])
print "Created session hash '%s'" % (session['hash'],)
flask.g.hash = session['hash']
flask.g.ip = request.remote_addr
def log_the_user_in():
form = request.form
user = User.get(name=form['name'])
sign = md5_hash(user.id + user.password)
app.signed_cookie[user.name] = sign
form['sign'] = sign
del form['password']
request.set_cookie(form)
return redirect('/hello')
def login():
if request.method == 'GET':
return render('log_in.html')
form = request.form
user = User.get(name=form.get('name'))
password = md5_hash(form.get('password', ''), salt=form.get('name', ''))
if user is None or user.password != password:
error = 'UserName or Password Is Incorrect'
return render('log_in.html', error=error)
return log_the_user_in()
def admin_audit():
criteria = dict()
for c in ['proj', 'email', 'action']:
criteria[c] = request.form.get(c, None)
if criteria[c] == 'EMPTY': criteria[c] = None
proj = criteria['proj']
Audit(flask.g, proj, '/admin/audit', '').write()
if not flask.g.user.can_siteadmin():
Audit(flask.g, proj, '/admin/audit', '',
result='NOT AUTHORIZED').write()
return home_page()
form = dict()
crit_site = (Audit.site_tag == flask.g.site.tag)
form['projects'] = Audit.query_element(
Audit.project.distinct()).filter(crit_site).order_by(
Audit.project).all()
form['emails'] = Audit.query_element(
Audit.user_id.distinct(), User.email).filter(crit_site).join(
User, Audit.user_id == User.id).order_by(User.email).all()
form['actions'] = Audit.query_element(
Audit.action.distinct()).filter(crit_site).order_by(
Audit.action).all()
# http://stackoverflow.com/questions/2678600/how-do-i-construct-a-slightly-more-complex-filter-using-or-or-and-in-sqlalchem
crit_extra = True
clause = ''
if criteria['proj'] is not None:
crit_extra = (Audit.project == criteria['proj'].strip())
clause = ': Project = "%s"' % (criteria['proj'], )
if criteria['email'] is not None:
user = User.get(criteria['email'])
if user and user.site_tag == flask.g.site.tag:
crit_extra = (Audit.user_id == user.id)
clause = ': Email = "%s"' % (user.email, )
if criteria['action'] is not None:
crit_extra = (Audit.action == criteria['action'].strip())
clause = ': Action = "%s"' % (criteria['action'], )
trail = Audit.query_element(
Audit, User.email).filter(crit_site).filter(crit_extra).order_by(
Audit.ts.desc()).join(User,
Audit.user_id == User.id).limit(100).all()
form['clause'] = clause
return render_template('admin.audit.haml', form=form, trail=trail)
def login(request):
if request.method == "GET":
return render_for_response(request, "log_in.html")
dic = request.form
user = User.get(name=dic.get("name"))
password = md5_hash(dic.get("password", ""), salt=dic.get("name", ""))
if user is None or user.password != password:
error = "UserName or Password Is Incorrect"
return render_for_response(request, "log_in.html", error=error)
request.status = "303 See Other"
request.header.append(("Location", "/hello"))
dic["sign"] = md5_hash(user.id + user.password)
del dic["password"]
signed_cookie[user.name] = dic["sign"]
request.set_cookie(dic)
return request
def login(request):
if request.method == 'GET':
return render_for_response(request, 'log_in.html')
dic = request.form
user = User.get(name=dic.get('name'))
password = md5_hash(dic.get('password', ''), salt=dic.get('name', ''))
if user is None or user.password != password:
error = 'UserName or Password Is Incorrect'
return render_for_response(request, 'log_in.html', error=error)
request.status = '303 See Other'
request.header.append(('Location', '/hello'))
dic['sign'] = md5_hash(user.id + user.password)
del dic['password']
signed_cookie[user.name] = dic['sign']
request.set_cookie(dic)
return request
def register():
form = request.form
name = form.get('name')
user = User.get(name=name)
password = form.get('password')
if request.method == 'GET':
return render('register.html')
elif user is not None:
error = 'UserName Is Registered'
return render('register.html', error=error)
password = md5_hash(password, salt=name)
user = User(name=name, password=password)
user.insert()
return log_the_user_in()
def admin_audit():
criteria=dict()
for c in ['proj', 'email', 'action']:
criteria[c] = request.form.get(c, None)
if criteria[c]=='EMPTY': criteria[c]=None
proj = criteria['proj']
Audit(flask.g, proj, '/admin/audit', '').write()
if not flask.g.user.can_siteadmin():
Audit(flask.g, proj, '/admin/audit', '', result='NOT AUTHORIZED').write()
return home_page()
form = dict()
crit_site = ( Audit.site_tag == flask.g.site.tag )
form['projects']= Audit.query_element(Audit.project.distinct()).filter(crit_site).order_by(Audit.project).all()
form['emails'] = Audit.query_element(Audit.user_id.distinct(), User.email).filter(crit_site).join(User, Audit.user_id == User.id).order_by(User.email).all()
form['actions'] = Audit.query_element(Audit.action.distinct()).filter(crit_site).order_by(Audit.action).all()
# http://stackoverflow.com/questions/2678600/how-do-i-construct-a-slightly-more-complex-filter-using-or-or-and-in-sqlalchem
crit_extra = True
clause=''
if criteria['proj'] is not None:
crit_extra = (Audit.project == criteria['proj'].strip())
clause = ': Project = "%s"' % (criteria['proj'],)
if criteria['email'] is not None:
user = User.get(criteria['email'])
if user and user.site_tag == flask.g.site.tag:
crit_extra = (Audit.user_id == user.id)
clause = ': Email = "%s"' % (user.email,)
if criteria['action'] is not None:
crit_extra = (Audit.action == criteria['action'].strip())
clause = ': Action = "%s"' % (criteria['action'],)
trail = Audit.query_element(Audit, User.email).filter(crit_site).filter(crit_extra).order_by(Audit.ts.desc()).join(User, Audit.user_id == User.id).limit(100).all()
form['clause']=clause
return render_template('admin.audit.haml', form=form, trail=trail)
def register(request):
dic = request.form
name = dic.get("name")
user = User.get(name=name)
password = dic.get("password")
error = ""
if request.method == "GET":
return render_for_response(request, "register.html")
elif user is not None:
error = "UserName Is Registered"
elif not password or not name:
error = "User Name or Password Is empty"
if error:
return render_for_response(request, "register.html", error=error)
dic["password"] = md5_hash(password, salt=name)
user = User(**dic)
user.insert()
request.status = "303 See Other"
request.header.append(("Location", "/hello"))
dic["sign"] = md5_hash(user.id + user.password)
del dic["password"]
signed_cookie[user.name] = dic["sign"]
request.set_cookie(dic)
return request
def register(request):
dic = request.form
name = dic.get('name')
user = User.get(name=name)
password = dic.get('password')
error = ''
if request.method == 'GET':
return render_for_response(request, 'register.html')
elif user is not None:
error = 'UserName Is Registered'
elif not password or not name:
error = 'User Name or Password Is empty'
if error:
return render_for_response(request, 'register.html', error=error)
dic['password'] = md5_hash(password, salt=name)
user = User(**dic)
user.insert()
request.status = '303 See Other'
request.header.append(('Location', '/hello'))
dic['sign'] = md5_hash(user.id + user.password)
del dic['password']
signed_cookie[user.name] = dic['sign']
request.set_cookie(dic)
return request
def admin_users(user_id=0):
Audit(flask.g, None, '/admin/users', '').write()
if not flask.g.user.can_siteadmin():
Audit(flask.g, None, '/admin/users', '',
result='NOT AUTHORIZED').write()
return home_page()
form = dict()
if user_id == 0:
user = None
else:
user = User.get(user_id)
print("Email='%s' :: perms='%s'" % (
user.email,
user.bundle['perms'],
))
rights = ['access', 'invite', 'files', 'admin']
projects = []
for i, proj in enumerate(sorted(flask.g.user.list_projects('access'))):
d = {
'i': i,
'name': proj,
'disabled': '',
}
for r in rights:
d[r] = ''
projects.append(d)
if user and user.site_tag == flask.g.site.tag: # Check that a user is selected and we can edit them
Audit(flask.g,
None,
'/admin/users',
'user_id=%d' % (user.id, ),
result='accessing').write()
if request.method == 'POST':
valid = True
if request.form['email']:
if user.email != request.form['email']:
user.email = request.form['email']
flash('Email address updated', 'section_success')
else:
valid = False
flash('Error: you have to provide an email address',
'section_edit')
if request.form['name']:
if user.name != request.form['name']:
user.name = request.form['name']
flash('User name updated', 'section_success')
else:
valid = False
flash('Error: you have to provide the user\'s name',
'section_edit')
if user.id != flask.g.user.id: # Don't alter your own permissions!
update = False
for p in projects:
for r in rights:
if 'proj%d_%s' % (
p['i'], r
) in request.form: # http://nesv.blogspot.com/2011/10/flask-gotcha-with-html-forms-checkboxes.html
#print "project[%s] %s checked" % (p['name'], r, )
if user.grant_permission(p['name'], r):
update = True
else:
#print "project[%s] %s unchecked" % (p['name'], r, )
if user.revoke_permission(p['name'], r):
update = True
if update:
flash('Access Rights updated', 'section_success')
if valid:
User.commit()
Audit(flask.g,
None,
'/admin/users',
'user_id=%d' % (user.id, ),
result='updated').write()
else:
Audit(flask.g,
None,
'/admin/users',
'user_id=%d' % (user.id, ),
result='FAILURE').write()
if 'password_reset' in request.form:
User.commit() # In case the email address was updated
send_reset_link(user)
flash('Password Reset Email : Sent', 'section_success')
form['user_id'] = user.id
form['name'] = user.name
form['email'] = user.email
for p in projects:
for r in rights:
if user.has_permission(p['name'], r):
p[r] = 'checked'
if user.id == flask.g.user.id: # Don't alter your own permissions!
p['disabled'] = 'disabled'
else:
form[
'user_id'] = 0 # Zero is unassigned - and removes a lot of the RHS
for i in ['name', 'email']:
form[i] = ''
# Build a list of users for this site_tag - for showing on the LHS
users = []
for u in flask.g.site.list_users():
users.append({ # Flatten out the data (?WHY?)
'id':u.id,
'email':u.email,
'name':u.name,
})
return render_template('admin.users.haml',
form=form,
users=users,
projects=projects,
rights=rights)
def create_password_form(user_id, token, is_new=True):
next_url = request.args.get('next_url', '/')
url_here = '/user/new' if is_new else '/user/reset'
Audit(flask.g, '', url_here, '', result='Invite start').write()
# Sign the user out (just to make sure)
session.pop('userid', None)
form = dict(email='', password='', password2='')
valid = False
if is_new:
msg = "Error : Your invitation is invalid - please ask for a new one"
else:
msg = "Error : This is not a valid password reset link"
user = User.get(user_id)
if user:
token_target = user.invitation_token()
if token_target.lower() == token.lower():
form['email'] = user.email
valid = True
Audit(flask.g, '', url_here, user.email, result='Arrived').write()
if is_new:
if not user.password_unset(
): # This invitation has already been consumed...
Audit(flask.g,
'',
url_here,
'',
result='Invitation already used up').write()
valid = False
msg = "Your invitation has already been used once - please use the Login tab above"
else:
user.password = None
Audit(flask.g, '', url_here, '',
result='Resetting Password').write()
User.commit()
if valid:
if request.method == 'POST': # user has good data in it
form['password'] = request.form['password'].strip()
valid = check_password_acceptable(url_here, user, form['password'],
request.form['password2'])
if 'ts_and_cs' in request.form:
Audit(flask.g,
'',
url_here,
user.email,
result='Accepted Ts and Cs').write()
else:
valid = False
Audit(flask.g,
'',
url_here,
user.email,
result='Did not accept Ts and Cs').write()
flash("The Terms and Conditions must be accepted to continue",
'error')
if valid: # HUGE success
user.set_password(form['password'])
User.commit()
# Now log this user in too
flask.g.user = user # Fix up g, so that Audit works
Audit(flask.g, '', url_here, user.email,
result='Set password').write()
session['userid'] = user.id
return redirect(url_for('edit_profile', next_url=next_url))
else:
Audit(flask.g,
'',
url_here,
"%d/%s" % (
user_id,
token,
),
result='Failure').write()
flash(msg, 'error')
return render_template('user.create-password.haml',
form=form,
next_url=next_url,
is_new=is_new)
def admin_users(user_id=0):
Audit(flask.g, None, '/admin/users', '').write()
if not flask.g.user.can_siteadmin():
Audit(flask.g, None, '/admin/users', '', result='NOT AUTHORIZED').write()
return home_page()
form=dict()
if user_id==0:
user = None
else:
user = User.get(user_id)
print "Email='%s' :: perms='%s'" % (user.email, user.bundle['perms'], )
rights = ['access', 'invite', 'files', 'admin']
projects=[]
for i,proj in enumerate(sorted(flask.g.user.list_projects('access'))):
d = { 'i':i, 'name':proj, 'disabled':'', }
for r in rights:
d[r]=''
projects.append(d)
if user and user.site_tag == flask.g.site.tag: # Check that a user is selected and we can edit them
Audit(flask.g, None, '/admin/users', 'user_id=%d' % (user.id,), result='accessing').write()
if request.method == 'POST':
valid = True
if request.form['email']:
if user.email != request.form['email']:
user.email = request.form['email']
flash(u'Email address updated', 'section_success')
else:
valid = False
flash(u'Error: you have to provide an email address', 'section_edit')
if request.form['name']:
if user.name != request.form['name']:
user.name = request.form['name']
flash(u'User name updated', 'section_success')
else:
valid = False
flash(u'Error: you have to provide the user\'s name', 'section_edit')
if user.id != flask.g.user.id: # Don't alter your own permissions!
update = False
for p in projects:
for r in rights:
if 'proj%d_%s' % (p['i'],r) in request.form: # http://nesv.blogspot.com/2011/10/flask-gotcha-with-html-forms-checkboxes.html
#print "project[%s] %s checked" % (p['name'], r, )
if user.grant_permission(p['name'], r):
update = True
else:
#print "project[%s] %s unchecked" % (p['name'], r, )
if user.revoke_permission(p['name'], r):
update = True
if update:
flash(u'Access Rights updated', 'section_success')
if valid:
User.commit()
Audit(flask.g, None, '/admin/users', 'user_id=%d' % (user.id,), result='updated').write()
else:
Audit(flask.g, None, '/admin/users', 'user_id=%d' % (user.id,), result='FAILURE').write()
if 'password_reset' in request.form:
User.commit() # In case the email address was updated
send_reset_link(user)
flash(u'Password Reset Email : Sent', 'section_success')
form['user_id']=user.id
form['name']=user.name
form['email']=user.email
for p in projects:
for r in rights:
if user.has_permission(p['name'], r):
p[r]='checked'
if user.id == flask.g.user.id: # Don't alter your own permissions!
p['disabled']='disabled'
else:
form['user_id']=0 # Zero is unassigned - and removes a lot of the RHS
for i in ['name', 'email']:
form[i] = ''
# Build a list of users for this site_tag - for showing on the LHS
users = []
for u in flask.g.site.list_users():
users.append({ # Flatten out the data (?WHY?)
'id':u.id,
'email':u.email,
'name':u.name,
})
return render_template('admin.users.haml', form=form, users=users, projects=projects, rights=rights)
def create_password_form(user_id, token, is_new=True):
next_url = request.args.get('next_url', '/')
url_here = '/user/new' if is_new else '/user/reset'
Audit(flask.g, '', url_here, '', result='Invite start').write()
# Sign the user out (just to make sure)
session.pop('userid', None)
form=dict(email='', password='', password2='')
valid=False
if is_new:
msg = "Error : Your invitation is invalid - please ask for a new one"
else:
msg = "Error : This is not a valid password reset link"
user = User.get(user_id)
if user:
token_target = user.invitation_token()
if token_target.lower()==token.lower():
form['email']=user.email
valid=True
Audit(flask.g, '', url_here, user.email, result='Arrived').write()
if is_new :
if not user.password_unset(): # This invitation has already been consumed...
Audit(flask.g, '', url_here, '', result='Invitation already used up').write()
valid=False
msg="Your invitation has already been used once - please use the Login tab above"
else:
user.password=None
Audit(flask.g, '', url_here, '', result='Resetting Password').write()
User.commit()
if valid :
if request.method == 'POST': # user has good data in it
form['password']=request.form['password'].strip()
valid=check_password_acceptable(url_here, user, form['password'], request.form['password2'])
if 'ts_and_cs' in request.form:
Audit(flask.g, '', url_here, user.email, result='Accepted Ts and Cs').write()
else:
valid=False
Audit(flask.g, '', url_here, user.email, result='Did not accept Ts and Cs').write()
flash("The Terms and Conditions must be accepted to continue", 'error')
if valid: # HUGE success
user.set_password(form['password'])
User.commit()
# Now log this user in too
flask.g.user = user # Fix up g, so that Audit works
Audit(flask.g, '', url_here, user.email, result='Set password').write()
session['userid']=user.id
return redirect(url_for('edit_profile', next_url=next_url))
else:
Audit(flask.g, '', url_here, "%d/%s" % (user_id, token, ) , result='Failure').write()
flash(msg, 'error')
return render_template('user.create-password.haml', form=form, next_url=next_url, is_new=is_new)
