def do_login(): print 'step: do_login() with request method - ', request.method user = None _is_authenticated = False try: if request.method == 'GET': if 'user_id' in session: user = User.get_by_id(get_user_id_from_session()) if user is None: raise print 'user %s is not existing.' % get_user_id_from_session() else: _is_authenticated = check_signin() print 'user exists' elif request.method == 'POST': #Check e-mail email = request.form['email'] if validate_email(email) == None: flash('This e-mail address is invalid.', 'error') raise user = User.get_by_id(email) if user is None: flash('This e-mail is not registered.', 'error') raise #Check password if user.verify_password(request.form['password']) == False: flash('Password is invalid!', 'error') raise session['user_id'] = email _is_authenticated = True except: session.pop('user_id', None) finally: if _is_authenticated == True: print '<authenticated>' response = make_response(redirect_common(url_for('user.myaccount'))) key_random = urandom(24) session['random_auth'] = hmac_new(key_random, get_user_id_from_session()).hexdigest() response.set_cookie('random_auth', session['random_auth']) return response else: print '<NOT authenticated>' return render_template('login.html', email = get_user_id_from_session())
def get_user_by_session(self): """ Returns the session user, by querying the db for the user id found in session """ uid = session.get("uid") if not uid: return None myuser = User.get_by_id(dbs, uid) if not myuser: return None return myuser
def get(self, uid): my_user = User.get_by_id(dbs, uid) if not my_user: return self.flash_out("No user found", 404, "/") user_items = Items.get_all_by_user(dbs, uid) for item in user_items: item.uname = my_user.name return self.render_template( "user_view.html", my_user=my_user, items=user_items)
def get_user_by_session(self): ''' Returns the session user, by querying the db for the user id found in session ''' uid = session.get("uid") if not uid: return None myuser = User.get_by_id(dbs, uid) if not myuser: return None return myuser
def get(self, category, item_id): category = category.title() my_item = Items.get_by_id(dbs, item_id) if not my_item: return self.flash_out( "The item you are looking for does not exist", 404, "/") owner = User.get_by_id(dbs, my_item.user_id) # This really shouldn't happen but it's good to account for this # possibility if not owner: return self.flash_out( "Something went wrong, try again, if the problem persists contact us!", 500, "/") return self.render_template("item.html", my_category=category, owner=owner, my_item=my_item, categories=other_info.item_categories)
def inject_context(): print 'inject_context' user = User.get_by_id(get_user_id_from_session()) if user is None: print 'failed to inject user.' user = User() else: print 'successful to inject user.' def check_signin_in_template(): print 'step: check_signin_in_template().' return check_signin() def redirect_in_template(last_path): return redirect_common(last_path, just_path = True) return dict(current_user = user, \ redirect_in_template = redirect_in_template, \ check_signin_in_template = check_signin_in_template)
def googlesignin(): print 'step: googlesignin' token = request.form['idtoken'] if token == None: print 'token is none.' return 'False' else: print 'token is available.' session['signin_party'] = 'google' result, idinfo = get_info_from_google(token) if result == False: print 'googlesignin: failed to get info from google.' session.pop('signin_party', None) return 'False' user = User.get_by_id(idinfo['email']) if user == None: print 'googlesingin: It is new user.' user = User() user.id = idinfo['email'] user.first_name = idinfo['given_name'] user.last_name = idinfo['family_name'] user.add() else: print 'googlesingin: It is NOT new user.' user.id = idinfo['email'] user.first_name = idinfo['given_name'] user.last_name = idinfo['family_name'] user.merge() print user.commit() session['user_id'] = user.id session['token'] = token session['signin_party'] = 'google' return 'True'
def change_edit_user(rest_id, user_id): restaurant = Restaurant.get_by_id(rest_id) if restaurant.user_id != current_user.id: raise ApiError("Меню " + restaurant.name + " не принадлежит данному пользователю!") user = User.get_by_id(user_id) add_access = request.method == 'POST' if add_access: restaurant.edit_users.append(user) else: restaurant.edit_users.remove(user) notify_user(user, current_user, restaurant, add_access) session.add(restaurant) session.add(user) session.commit() return jsonify([user.serialize for user in restaurant.edit_users])
def load_user(user_id): return User.get_by_id(user_id)