def _forgotten_password(self):
"""Action to let the user request a password change.
GET returns a form for emailing them the password change
confirmation.
POST checks the form and then creates a confirmation record:
date, email_address, and a url_hash that is a hash of a
combination of date, email_address, and a random nonce.
The email address must exist in the person database.
The second half of the password change operation happens in
the ``confirm`` action.
"""
c.email = self.form_result['email_address']
c.person = Person.find_by_email(c.email)
if c.person is not None:
# Check if there is already a password recovery in progress
reset = PasswordResetConfirmation.find_by_email(c.email)
if reset is not None:
return render('person/in_progress.mako')
# Ok kick one off
c.conf_rec = PasswordResetConfirmation(email_address=c.email)
meta.Session.add(c.conf_rec)
meta.Session.commit()
email(c.email, render('person/confirmation_email.mako'))
return render('person/password_confirmation_sent.mako')
def _new(self):
# Do we allow account creation?
if lca_info['account_creation']:
"""Create a new person submit.
"""
# Remove fields not in class
results = self.form_result['person']
del results['password_confirm']
del results['email_address2']
c.person = Person(**results)
c.person.email_address = c.person.email_address.lower()
meta.Session.add(c.person)
#for sn in self.form_result['social_network']:
# network = SocialNetwork.find_by_name(sn['name'])
# if sn['account_name']:
# c.person.social_networks[network] = sn['account_name']
meta.Session.commit()
if lca_rego['confirm_email_address'] == 'no':
redirect_to(controller='person',
action='confirm',
confirm_hash=c.person.url_hash)
else:
email(c.person.email_address,
render('/person/new_person_email.mako'))
return render('/person/thankyou.mako')
else:
return render('/not_allowed.mako')
def _new(self):
# Do we allow account creation?
if lca_info['account_creation']:
"""Create a new person submit.
"""
# Remove fields not in class
results = self.form_result['person']
del results['password_confirm']
del results['email_address2']
c.person = Person(**results)
c.person.email_address = c.person.email_address.lower()
meta.Session.add(c.person)
#for sn in self.form_result['social_network']:
# network = SocialNetwork.find_by_name(sn['name'])
# if sn['account_name']:
# c.person.social_networks[network] = sn['account_name']
meta.Session.commit()
if lca_rego['confirm_email_address'] == 'no':
redirect_to(controller='person', action='confirm', confirm_hash=c.person.url_hash)
else:
email(c.person.email_address, render('/person/new_person_email.mako'))
return render('/person/thankyou.mako')
else:
return render('/not_allowed.mako')
def void(self, id):
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zookeepr_attendee(id),
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.invoice = Invoice.find_by_id(id, True)
if c.invoice.is_void():
h.flash("Invoice was already voided.")
return redirect_to(action='view', id=c.invoice.id)
if h.auth.authorized(h.auth.has_organiser_role):
c.invoice.void = "Administration Change"
meta.Session.commit()
h.flash("Invoice was voided.")
return redirect_to(action='view', id=c.invoice.id)
else:
if c.invoice.paid():
h.flash("Cannot void a paid invoice.")
return redirect_to(action='view', id=c.invoice.id)
c.invoice.void = "User cancellation"
c.person = c.invoice.person
meta.Session.commit()
email(lca_info['contact_email'],
render('/invoice/user_voided.mako'))
h.flash("Previous invoice was voided.")
return redirect_to(controller='registration',
action='pay',
id=c.person.registration.id)
def _edit(self, id):
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
if not h.auth.authorized(h.auth.has_organiser_role):
if c.paper_editing == 'closed' and not h.auth.authorized(h.auth.has_late_submitter_role):
return render("proposal/editing_closed.mako")
elif c.paper_editing == 'not_open':
return render("proposal/editing_not_open.mako")
c.proposal = Proposal.find_by_id(id)
for key in self.form_result['proposal']:
setattr(c.proposal, key, self.form_result['proposal'][key])
c.proposal.abstract = self.clean_abstract(c.proposal.abstract)
c.person = self.form_result['person_to_edit']
if (c.person.id == h.signed_in_person().id or
h.auth.authorized(h.auth.has_organiser_role)):
for key in self.form_result['person']:
setattr(c.person, key, self.form_result['person'][key])
p_edit = "and author"
else:
p_edit = "(but not author)"
meta.Session.commit()
if lca_info['proposal_update_email'] != '':
body = "Subject: %s Proposal Updated\n\nID: %d\nTitle: %s\nType: %s\nURL: %s" % (h.lca_info['event_name'], c.proposal.id, c.proposal.title, c.proposal.type.name.lower(), "http://" + h.host_name() + h.url_for(action="view"))
email(lca_info['proposal_update_email'], body)
h.flash("Proposal %s edited!"%p_edit)
return redirect_to('/proposal')
def void(self, id):
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_attendee(id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.invoice = Invoice.find_by_id(id, True)
if c.invoice.is_void():
h.flash("Invoice was already voided.")
return redirect_to(action='view', id=c.invoice.id)
if h.auth.authorized(h.auth.has_organiser_role):
c.invoice.void = "Administration Change"
meta.Session.commit()
h.flash("Invoice was voided.")
return redirect_to(action='view', id=c.invoice.id)
else:
if c.invoice.paid():
h.flash("Cannot void a paid invoice.")
return redirect_to(action='view', id=c.invoice.id)
c.invoice.void = "User cancellation"
c.person = c.invoice.person
meta.Session.commit()
email(lca_info['contact_email'], render('/invoice/user_voided.mako'))
h.flash("Previous invoice was voided.")
return redirect_to(controller='registration', action='pay', id=c.person.registration.id)
def _new(self):
person_results = self.form_result['person']
proposal_results = self.form_result['proposal']
attachment_results = self.form_result['attachment']
proposal_results['status'] = ProposalStatus.find_by_name('Pending')
c.proposal = Proposal(**proposal_results)
meta.Session.add(c.proposal)
if not h.signed_in_person():
c.person = model.Person(**person_results)
meta.Session.add(c.person)
email(c.person.email_address, render('/person/new_person_email.mako'))
else:
c.person = h.signed_in_person()
for key in person_results:
setattr(c.person, key, self.form_result['person'][key])
c.person.proposals.append(c.proposal)
if attachment_results is not None:
c.attachment = Attachment(**attachment_results)
c.proposal.attachments.append(c.attachment)
meta.Session.add(c.attachment)
meta.Session.commit()
email(c.person.email_address, render('proposal/thankyou_mini_email.mako'))
h.flash("Proposal submitted!")
return redirect_to(controller='proposal', action="index", id=None)
def _forgotten_password(self):
"""Action to let the user request a password change.
GET returns a form for emailing them the password change
confirmation.
POST checks the form and then creates a confirmation record:
date, email_address, and a url_hash that is a hash of a
combination of date, email_address, and a random nonce.
The email address must exist in the person database.
The second half of the password change operation happens in
the ``confirm`` action.
"""
c.email = self.form_result['email_address']
c.person = Person.find_by_email(c.email)
if c.person is not None:
# Check if there is already a password recovery in progress
reset = PasswordResetConfirmation.find_by_email(c.email)
if reset is not None:
return render('person/in_progress.mako')
# Ok kick one off
c.conf_rec = PasswordResetConfirmation(email_address=c.email)
meta.Session.add(c.conf_rec)
meta.Session.commit()
email(c.email, render('person/confirmation_email.mako'))
return render('person/password_confirmation_sent.mako')
def _new(self):
person_results = self.form_result['person']
proposal_results = self.form_result['proposal']
attachment_results = self.form_result['attachment']
proposal_results['status'] = ProposalStatus.find_by_name('Pending')
c.proposal = Proposal(**proposal_results)
meta.Session.add(c.proposal)
if not h.signed_in_person():
c.person = model.Person(**person_results)
meta.Session.add(c.person)
email(c.person.email_address,
render('/person/new_person_email.mako'))
else:
c.person = h.signed_in_person()
for key in person_results:
setattr(c.person, key, self.form_result['person'][key])
c.person.proposals.append(c.proposal)
if attachment_results is not None:
c.attachment = Attachment(**attachment_results)
c.proposal.attachments.append(c.attachment)
meta.Session.add(c.attachment)
meta.Session.commit()
email(c.person.email_address,
render('proposal/thankyou_mini_email.mako'))
h.flash("Proposal submitted!")
return redirect_to(controller='proposal', action="index", id=None)
def _remind(self):
results = self.form_result
for i in results['invoices']:
c.invoice = i
c.recipient = i.person
email(c.recipient.email_address, render('invoice/remind_email.mako'))
h.flash('Email sent to ' + c.recipient.firstname + ' ' + c.recipient.lastname + ' <' + c.recipient.email_address + '>')
redirect_to(action='remind')
def reject(self, id):
volunteer = Volunteer.find_by_id(id)
volunteer.accepted = False
volunteer.ticket_type = None
meta.Session.commit()
c.volunteer = volunteer
c.person = volunteer.person
email(c.person.email_address, render("volunteer/response.mako"))
h.flash("Status Updated and Rejection Email Sent")
redirect_to(action="index", id=None)
def reject(self, id):
volunteer = Volunteer.find_by_id(id)
volunteer.accepted = False
volunteer.ticket_type = None
meta.Session.commit()
c.volunteer = volunteer
c.person = volunteer.person
email(c.person.email_address, render('volunteer/response.mako'))
h.flash('Status Updated and Rejection Email Sent')
redirect_to(action='index', id=None)
def _accept(self, id):
results = self.form_result
volunteer = Volunteer.find_by_id(id)
volunteer.ticket_type = results['ticket_type']
volunteer.accepted = True
meta.Session.commit()
c.volunteer = volunteer
c.person = volunteer.person
email(c.person.email_address, render('volunteer/response.mako'))
h.flash('Status Updated and Acceptance Email Sent')
redirect_to(action='index', id=None)
def _remind(self):
results = self.form_result
for i in results['invoices']:
c.invoice = i
c.recipient = i.person
email(c.recipient.email_address,
render('invoice/remind_email.mako'))
h.flash('Email sent to ' + c.recipient.firstname + ' ' +
c.recipient.lastname + ' <' + c.recipient.email_address +
'>')
redirect_to(action='remind')
def _accept(self, id):
results = self.form_result
volunteer = Volunteer.find_by_id(id)
volunteer.ticket_type = results["ticket_type"]
volunteer.accepted = True
meta.Session.commit()
c.volunteer = volunteer
c.person = volunteer.person
email(c.person.email_address, render("volunteer/response.mako"))
h.flash("Status Updated and Acceptance Email Sent")
redirect_to(action="index", id=None)
def _new(self):
results = self.form_result["volunteer"]
c.volunteer = Volunteer(**results)
c.volunteer.person = h.signed_in_person()
c.person = c.volunteer.person
meta.Session.add(c.volunteer)
meta.Session.commit()
h.flash("Thank you for volunteering. We will contact you shortly regarding your application")
email(c.person.email_address, render("volunteer/response.mako"))
redirect_to(action="view", id=c.volunteer.id)
def _new(self):
results = self.form_result['volunteer']
c.volunteer = Volunteer(**results)
c.volunteer.person = h.signed_in_person()
c.person = c.volunteer.person
meta.Session.add(c.volunteer)
meta.Session.commit()
h.flash(
"Thank you for volunteering. We will contact you shortly regarding your application"
)
email(c.person.email_address, render('volunteer/response.mako'))
redirect_to(action='view', id=c.volunteer.id)
def _withdraw(self, id):
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.proposal = Proposal.find_by_id(id)
status = ProposalStatus.find_by_name('Withdrawn')
c.proposal.status = status
meta.Session.commit()
c.person = h.signed_in_person()
# Make sure the organisers are notified of this
c.email_address = h.lca_info['emails'][c.proposal.type.name.lower()]
email(c.email_address, render('/proposal/withdraw_email.mako'))
h.flash("Proposal withdrawn. The organisers have been notified.")
return redirect_to(controller='proposal', action="index", id=None)
def _withdraw(self, id):
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zookeepr_submitter(id),
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.proposal = Proposal.find_by_id(id)
status = ProposalStatus.find_by_name('Withdrawn')
c.proposal.status = status
meta.Session.commit()
c.person = h.signed_in_person()
# Make sure the organisers are notified of this
c.email_address = h.lca_info['emails'][c.proposal.type.name.lower()]
email(c.email_address, render('/proposal/withdraw_email.mako'))
h.flash("Proposal withdrawn. The organisers have been notified.")
return redirect_to(controller='proposal', action="index", id=None)
def _new(self):
if c.funding_status == 'closed':
return render("funding/closed.mako")
elif c.funding_status == 'not_open':
return render("funding/not_open.mako")
if self.form_result['funding']['male'] == 1:
self.form_result['funding']['male'] = True
elif self.form_result['funding']['male'] == 0:
self.form_result['funding']['male'] = False
funding_results = self.form_result['funding']
attachment_results1 = self.form_result['attachment1']
attachment_results2 = self.form_result['attachment2']
c.person = h.signed_in_person()
c.funding = Funding(**funding_results)
c.funding.status = FundingStatus.find_by_name('Pending')
c.funding.person = c.person
if not c.funding.type.available():
return render("funding/type_unavailable.mako")
meta.Session.add(c.funding)
if attachment_results1 is not None:
attachment = FundingAttachment(**attachment_results1)
c.funding.attachments.append(attachment)
meta.Session.add(attachment)
if attachment_results2 is not None:
attachment = FundingAttachment(**attachment_results2)
c.funding.attachments.append(attachment)
meta.Session.add(attachment)
meta.Session.commit()
email(c.funding.person.email_address,
render('funding/thankyou_email.mako'))
h.flash("Funding submitted!")
return redirect_to(controller='funding', action="index", id=None)
def _new(self):
if c.cfp_status == 'closed':
if not h.auth.authorized(
h.auth.Or(h.auth.has_organiser_role,
h.auth.has_late_submitter_role)):
return render("proposal/closed.mako")
elif c.cfp_status == 'not_open':
return render("proposal/not_open.mako")
person_results = self.form_result['person']
proposal_results = self.form_result['proposal']
attachment_results = self.form_result['attachment']
proposal_results['status'] = ProposalStatus.find_by_name('Pending')
c.proposal = Proposal(**proposal_results)
c.proposal.abstract = self.clean_abstract(c.proposal.abstract)
meta.Session.add(c.proposal)
if not h.signed_in_person():
c.person = model.Person(**person_results)
meta.Session.add(c.person)
email(c.person.email_address,
render('/person/new_person_email.mako'))
else:
c.person = h.signed_in_person()
for key in person_results:
setattr(c.person, key, self.form_result['person'][key])
c.person.proposals.append(c.proposal)
if attachment_results is not None:
attachment = Attachment(**attachment_results)
c.proposal.attachments.append(attachment)
meta.Session.add(attachment)
meta.Session.commit()
email(c.person.email_address, render('proposal/thankyou_email.mako'))
h.flash("Proposal submitted!")
return redirect_to(controller='proposal', action="index", id=None)
def _edit(self, id):
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zookeepr_submitter(id),
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
if not h.auth.authorized(h.auth.has_organiser_role):
if c.paper_editing == 'closed' and not h.auth.authorized(
h.auth.has_late_submitter_role):
return render("proposal/editing_closed.mako")
elif c.paper_editing == 'not_open':
return render("proposal/editing_not_open.mako")
c.proposal = Proposal.find_by_id(id)
for key in self.form_result['proposal']:
setattr(c.proposal, key, self.form_result['proposal'][key])
c.proposal.abstract = self.clean_abstract(c.proposal.abstract)
c.person = self.form_result['person_to_edit']
if (c.person.id == h.signed_in_person().id
or h.auth.authorized(h.auth.has_organiser_role)):
for key in self.form_result['person']:
setattr(c.person, key, self.form_result['person'][key])
p_edit = "and author"
else:
p_edit = "(but not author)"
meta.Session.commit()
if lca_info['proposal_update_email'] != '':
body = "Subject: %s Proposal Updated\n\nID: %d\nTitle: %s\nType: %s\nURL: %s" % (
h.lca_info['event_name'], c.proposal.id, c.proposal.title,
c.proposal.type.name.lower(),
"http://" + h.host_name() + h.url_for(action="view"))
email(lca_info['proposal_update_email'], body)
h.flash("Proposal %s edited!" % p_edit)
return redirect_to('/proposal')
def _new(self):
if c.funding_status == 'closed':
return render("funding/closed.mako")
elif c.funding_status == 'not_open':
return render("funding/not_open.mako")
if self.form_result['funding']['male'] == 1:
self.form_result['funding']['male'] = True
elif self.form_result['funding']['male'] == 0:
self.form_result['funding']['male'] = False
funding_results = self.form_result['funding']
attachment_results1 = self.form_result['attachment1']
attachment_results2 = self.form_result['attachment2']
c.person = h.signed_in_person()
c.funding = Funding(**funding_results)
c.funding.status = FundingStatus.find_by_name('Pending')
c.funding.person = c.person
if not c.funding.type.available():
return render("funding/type_unavailable.mako")
meta.Session.add(c.funding)
if attachment_results1 is not None:
attachment = FundingAttachment(**attachment_results1)
c.funding.attachments.append(attachment)
meta.Session.add(attachment)
if attachment_results2 is not None:
attachment = FundingAttachment(**attachment_results2)
c.funding.attachments.append(attachment)
meta.Session.add(attachment)
meta.Session.commit()
email(c.funding.person.email_address, render('funding/thankyou_email.mako'))
h.flash("Funding submitted!")
return redirect_to(controller='funding', action="index", id=None)
def _new(self):
if c.cfp_status == 'closed':
if not h.auth.authorized(h.auth.Or(h.auth.has_organiser_role, h.auth.has_late_submitter_role)):
return render("proposal/closed.mako")
elif c.cfp_status == 'not_open':
return render("proposal/not_open.mako")
person_results = self.form_result['person']
proposal_results = self.form_result['proposal']
attachment_results = self.form_result['attachment']
proposal_results['status'] = ProposalStatus.find_by_name('Pending')
c.proposal = Proposal(**proposal_results)
c.proposal.abstract = self.clean_abstract(c.proposal.abstract)
meta.Session.add(c.proposal)
if not h.signed_in_person():
c.person = model.Person(**person_results)
meta.Session.add(c.person)
email(c.person.email_address, render('/person/new_person_email.mako'))
else:
c.person = h.signed_in_person()
for key in person_results:
setattr(c.person, key, self.form_result['person'][key])
c.person.proposals.append(c.proposal)
if attachment_results is not None:
attachment = Attachment(**attachment_results)
c.proposal.attachments.append(attachment)
meta.Session.add(attachment)
meta.Session.commit()
email(c.person.email_address, render('proposal/thankyou_email.mako'))
h.flash("Proposal submitted!")
return redirect_to(controller='proposal', action="index", id=None)
class PaymentController(BaseController):
"""This controller receives payment advice from the payment gateway.
the url /payment/new receives the advice
"""
@authorize(h.auth.has_organiser_role)
def index(self):
c.payment_collection = Payment.find_all()
return render('/payment/list.mako')
@authorize(h.auth.is_valid_user)
def view(self, id):
payment = Payment.find_by_id(id, abort_404=True)
c.person = payment.invoice.person
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zookeepr_user(c.person.id),
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.is_organiser = False
if h.auth.authorized(h.auth.has_organiser_role):
c.is_organiser = True
c.payment = PaymentReceived.find_by_payment(payment.id)
c.validation_errors = []
if c.payment is not None and c.payment.validation_errors is not None and len(
c.payment.validation_errors) > 0:
c.validation_errors = c.payment.validation_errors.split(';')
same_invoice = PaymentReceived.find_by_invoice(payment.invoice.id)
same_email = PaymentReceived.find_by_email(c.person.email_address)
if c.payment is not None:
same_invoice = same_invoice.filter("payment_id <> " +
str(payment.id))
same_email = same_email.filter("payment_id <> " + str(payment.id))
c.related_payments = same_invoice.union(same_email)
return render('/payment/view.mako')
# No authentication because it's called directly by the payment gateway
def new(self):
schema = SecurePayPingSchema()
try:
form_result = schema.to_python(request.params)
except validators.Invalid, error:
return 'Invalid: %s' % error
payment = None
c.person = None
fields = form_result
c.response = {
'payment_id': fields['payment_id'],
'invoice_id': fields['invoice_id'],
'success_code': fields['summary_code'],
'amount_paid': fields['response_amount'],
'currency_used': fields['currency'],
'card_name': fields['card_name'],
'card_type': fields['card_type'],
'card_number': fields['card_number'],
'card_expiry': fields['card_number'],
'card_mac': fields['card_mac'],
'auth_code': fields['response_code'],
'gateway_ref': fields['bank_reference'],
'response_text': fields['response_text'],
'client_ip_gateway': fields['remote_ip'],
'client_ip_zookeepr': request.environ.get('REMOTE_ADDR'),
'email_address': fields['receipt_address']
}
if 'Approved' in c.response['response_text']:
c.response['approved'] = True
else:
c.response['approved'] = False
validation_errors = []
if c.response is None:
abort(500, ''.join(validation_errors))
else:
# Make sure the same browser created the zookeepr payment object and paid by credit card
#if c.response['client_ip_gateway'] != c.response['client_ip_zookeepr']:
#validation_errors.append('Mismatch in IP addresses: zookeepr=' + c.response['client_ip_zookeepr'] + ' gateway=' + c.response['client_ip_gateway'])
# Get the payment object associated with this transaction
payment = Payment.find_by_id(c.response['payment_id'])
if payment is None:
validation_errors.append(
'Invalid payment ID from the payment gateway')
else:
c.person = payment.invoice.person
# Check whether a payment has already been received for this payment object
received = PaymentReceived.find_by_payment(payment.id)
if received is not None:
# Ignore repeat payment
return redirect_to(action='view', id=payment.id)
# Extra validation
if c.response['amount_paid'] != payment.amount:
validation_errors.append(
'Mismatch between amounts paid and invoiced')
if c.response['invoice_id'] != payment.invoice.id:
validation_errors.append(
'Mismatch between returned invoice ID and payment object')
#if c.response['email_address'] != pxpay.munge_email(payment.invoice.person.email_address):
# validation_errors.append('Mismatch between returned email address and invoice object')
if not c.person.is_from_common_country():
validation_errors.append('Uncommon country: ' +
c.person.country)
c.pr = PaymentReceived(**c.response)
c.pr.validation_errors = ';'.join(validation_errors)
meta.Session.add(c.pr)
meta.Session.commit()
if len(validation_errors) > 0 and c.response['approved']:
# Suspiciously approved transaction which needs to be checked manually
email(lca_info['contact_email'],
render('/payment/suspicious_payment.mako'))
if c.person is not None:
email(c.person.email_address, render('/payment/response.mako'))
# OK we now have a valid transaction, we redirect the user to the view page
# so they can see if their transaction was accepted or declined
return redirect_to(action='view', id=payment.id)
