Example #1
0
def new_comment(photo_id):
    photo = Photo.query.get_or_404(photo_id)
    page = request.args.get('page', 1, type=int)
    form = CommentForm()
    if form.validate_on_submit():
        body = form.body.data
        author = current_user._get_current_object()
        comment = Comment(body=body, author=author, photo=photo)

        replied_id = request.args.get('reply')
        if replied_id:
            comment.replied = Comment.query.get_or_404(replied_id)
            push_comment_notification(photo_id=photo.id,
                                      receiver=comment.replied.author)
        db.session.add(comment)
        db.session.commit()
        flash('Comment published.', 'success')

        if current_user != photo.author:
            push_comment_notification(photo_id,
                                      receiver=photo.author,
                                      page=page)

    flash_error(form)
    return redirect(url_for('.show_photo', photo_id=photo_id, page=page))
Example #2
0
def upload_avatar():
    form = UploadAvatarForm()
    if form.validate_on_submit():
        image = form.image.data
        filename = avatars.save_avatar(image)
        current_user.avatar_raw = filename
        db.session.commit()
        flash('Image uploaded, please corp.', 'success')
    flash_error(form)
    return redirect(url_for('.change_avatar'))
Example #3
0
def edit_description(photo_id):
    photo = Photo.query.get_or_404(photo_id)
    if current_user != photo.author:
        abort(403)

    form = DescriptionForm()
    if form.validate_on_submit():
        photo.description = form.description.data
        db.session.commit()
        flash('Description updated.', 'success')
    flash_error(form)
    return redirect(url_for('.show_photo', photo_id=photo_id))
Example #4
0
def crop_avatar():
    form = CropAvatarForm()
    if form.validate_on_submit():
        x = form.x.data
        y = form.y.data
        w = form.w.data
        h = form.h.data
        filenames = avatars.crop_avatar(current_user.avatar_raw, x, y, w, h)
        current_user.avatar_s = filenames[0]
        current_user.avatar_m = filenames[1]
        current_user.avatar_l = filenames[2]
        db.session.commit()
        flash('Avatar updated.', 'success')
    flash_error(form)
    return redirect(url_for('.change_avatar'))
Example #5
0
def render_login_local():
    """ Render the login page with username/pass

    @see #index()
    @see #render_login_shib()
    """
    if current_user.is_authenticated():
        return redirect(get_role_landing_page())

    uuid = session['uuid']
    form = LoginForm(request.form)

    if request.method == 'POST' and form.validate():
        email = form.email.data.strip(
            ) if form.email.data else "*****@*****.**"
        password = form.password.data.strip() if form.password.data else ""
        app.logger.debug("{} password: {}".format(email, password))

        app.logger.debug("Checking email: {}".format(email))
        user = UserEntity.query.filter_by(email=email).first()

        if user:
            app.logger.debug("Found user object: {}".format(user))
        else:
            utils.flash_error("No such email: {}".format(email))
            LogEntity.login(uuid, "No such email: {}".format(email))
            return redirect(url_for('index'))

        # if utils.is_valid_auth(app.config['SECRET_KEY'], auth.uathSalt,
        # password, auth.uathPassword):
        if '' == user.password_hash:
            app.logger.info('Log login event for: {}'.format(user))
            LogEntity.login(uuid, 'Successful login via email/password')
            login_user(user, remember=False, force=False)

            # Tell Flask-Principal that the identity has changed
            identity_changed.send(current_app._get_current_object(),
                                  identity=Identity(user.get_id()))
            return redirect(get_role_landing_page())
        else:
            app.logger.info('Incorrect pass for: {}'.format(user))
            LogEntity.login_error(uuid, 'Incorrect pass for: {}'.format(user))

    # When sending a GET request render the login form
    return render_template('index.html', form=form,
                           next_page=request.args.get('next'))
Example #6
0
def render_login_local():
    """ Render the login page with username/pass

    @see #index()
    @see #render_login_shib()
    """
    if current_user.is_authenticated():
        return redirect(get_role_landing_page())

    uuid = session['uuid']
    form = LoginForm(request.form)

    if request.method == 'POST' and form.validate():
        email = form.email.data.strip(
            ) if form.email.data else ""
        password = form.password.data.strip() if form.password.data else ""
        app.logger.debug("{} password: {}".format(email, password))

        app.logger.debug("Checking email: {}".format(email))
        user = UserEntity.query.filter_by(email=email).first()

        if user:
            app.logger.debug("Found user object: {}".format(user))
        else:
            utils.flash_error("No such email: {}".format(email))
            LogEntity.login(uuid, "No such email: {}".format(email))
            return redirect(url_for('index'))

        # if utils.is_valid_auth(app.config['SECRET_KEY'], auth.uathSalt,
        # password, auth.uathPassword):
        if '' == user.password_hash:
            app.logger.info('Log login event for: {}'.format(user))
            LogEntity.login(uuid, 'Successful login via email/password')
            login_user(user, remember=False, force=False)

            # Tell Flask-Principal that the identity has changed
            identity_changed.send(current_app._get_current_object(),
                                  identity=Identity(user.get_id()))
            return redirect(get_role_landing_page())
        else:
            app.logger.info('Incorrect pass for: {}'.format(user))
            LogEntity.login_error(uuid, 'Incorrect pass for: {}'.format(user))

    # When sending a GET request render the login form
    return render_template('index.html', form=form,
                           next_page=request.args.get('next'))
Example #7
0
def new_tag(photo_id):
    photo = Photo.query.get_or_404(photo_id)
    if current_user != photo.author:
        abort(403)

    form = TagForm()
    if form.validate_on_submit():
        for name in form.tag.data.split():
            tag = Tag.query.filter_by(name=name).first()
            if tag is None:
                tag = Tag(name=name)
                db.session.add(tag)
                db.session.commit()
            if tag not in photo.tags:
                photo.tags.append(tag)
                db.session.commit()
        flash('Tag added.', 'success')
    flash_error(form)
    return redirect(url_for('.show_photo', photo_id=photo_id))
Example #8
0
def shibb_return():
    """
    Read the Shibboleth headers returned by the IdP after
    the user entered the username/password.
    If the `eduPersonPrincipalName` (aka Eppn) for the user matches the
    usrEmail of an active user then let the user in,
    otherwise let them see the login page.

    @see #shibb_redirect()
    """
    if current_user.is_authenticated():
        # next_page = request.args.get('next') or get_role_landing_page()
        return redirect(get_role_landing_page())

    # fresh login...
    uuid = session['uuid']
    email = request.headers['Mail']
    glid = request.headers['Glid']  # Gatorlink ID
    app.logger.debug("Checking if email: {} is registered for glid: {}"
                     .format(email, glid))
    user = UserEntity.query.filter_by(email=email).first()

    if not user:
        utils.flash_error("No such user: {}".format(email))
        LogEntity.login_error(uuid,
                              "Shibboleth user is not registered for this app")

        return redirect(url_for('index'))

    if not user.is_active():
        utils.flash_error("Inactive user: {}".format(email))
        LogEntity.login_error(uuid, 'Inactive user tried to login')
        return redirect(url_for('index'))

    if user.is_expired():
        utils.flash_error("User account for {} expired on {}"
                          .format(email, user.access_expires_at))
        LogEntity.login_error(uuid, 'Expired user tried to login')
        return redirect(url_for('index'))

    # Log it
    app.logger.info('Successful login via Shibboleth for: {}'.format(user))
    LogEntity.login(uuid, 'Successful login via Shibboleth')

    login_user(user, remember=False, force=False)

    # Tell Flask-Principal that the identity has changed
    identity_changed.send(current_app._get_current_object(),
                          identity=Identity(user.get_id()))
    next_page = get_role_landing_page()
    return redirect(next_page)
Example #9
0
def shibb_return():
    """
    Read the Shibboleth headers returned by the IdP after
    the user entered the username/password.
    If the `eduPersonPrincipalName` (aka Eppn) for the user matches the
    usrEmail of an active user then let the user in,
    otherwise let them see the login page.

    @see #shibb_redirect()
    """
    if current_user.is_authenticated():
        # next_page = request.args.get('next') or get_role_landing_page()
        return redirect(get_role_landing_page())

    # fresh login...
    uuid = session['uuid']
    email = request.headers['Mail']
    glid = request.headers['Glid']  # Gatorlink ID
    app.logger.debug("Checking if email: {} is registered for glid: {}"
                     .format(email, glid))
    user = UserEntity.query.filter_by(email=email).first()

    if not user:
        utils.flash_error("No such user: {}".format(email))
        LogEntity.login_error(uuid,
                              "Shibboleth user is not registered for this app")

        return redirect(url_for('index'))

    if not user.is_active():
        utils.flash_error("Inactive user: {}".format(email))
        LogEntity.login_error(uuid, 'Inactive user tried to login')
        return redirect(url_for('index'))

    if user.is_expired():
        utils.flash_error("User account for {} expired on {}"
                          .format(email, user.access_expires_at))
        LogEntity.login_error(uuid, 'Expired user tried to login')
        return redirect(url_for('index'))

    # Log it
    app.logger.info('Successful login via Shibboleth for: {}'.format(user))
    LogEntity.login(uuid, 'Successful login via Shibboleth')

    login_user(user, remember=False, force=False)

    # Tell Flask-Principal that the identity has changed
    identity_changed.send(current_app._get_current_object(),
                          identity=Identity(user.get_id()))
    next_page = get_role_landing_page()
    return redirect(next_page)