def do_login():
print 'step: do_login() with request method - ', request.method
user = None
_is_authenticated = False
try:
if request.method == 'GET':
if 'user_id' in session:
user = User.get_by_id(get_user_id_from_session())
if user is None:
raise
print 'user %s is not existing.' % get_user_id_from_session()
else:
_is_authenticated = check_signin()
print 'user exists'
elif request.method == 'POST':
#Check e-mail
email = request.form['email']
if validate_email(email) == None:
flash('This e-mail address is invalid.', 'error')
raise
user = User.get_by_id(email)
if user is None:
flash('This e-mail is not registered.', 'error')
raise
#Check password
if user.verify_password(request.form['password']) == False:
flash('Password is invalid!', 'error')
raise
session['user_id'] = email
_is_authenticated = True
except:
session.pop('user_id', None)
finally:
if _is_authenticated == True:
print '<authenticated>'
response = make_response(redirect_common(url_for('user.myaccount')))
key_random = urandom(24)
session['random_auth'] = hmac_new(key_random, get_user_id_from_session()).hexdigest()
response.set_cookie('random_auth', session['random_auth'])
return response
else:
print '<NOT authenticated>'
return render_template('login.html', email = get_user_id_from_session())
def get_user_by_session(self):
""" Returns the session user, by querying the db for the user id found in session """
uid = session.get("uid")
if not uid:
return None
myuser = User.get_by_id(dbs, uid)
if not myuser:
return None
return myuser
def get(self, uid):
my_user = User.get_by_id(dbs, uid)
if not my_user:
return self.flash_out("No user found", 404, "/")
user_items = Items.get_all_by_user(dbs, uid)
for item in user_items:
item.uname = my_user.name
return self.render_template(
"user_view.html", my_user=my_user, items=user_items)
def get_user_by_session(self):
''' Returns the session user, by querying the db for the user id found in session '''
uid = session.get("uid")
if not uid:
return None
myuser = User.get_by_id(dbs, uid)
if not myuser:
return None
return myuser
def get(self, category, item_id):
category = category.title()
my_item = Items.get_by_id(dbs, item_id)
if not my_item:
return self.flash_out(
"The item you are looking for does not exist", 404, "/")
owner = User.get_by_id(dbs, my_item.user_id)
# This really shouldn't happen but it's good to account for this
# possibility
if not owner:
return self.flash_out(
"Something went wrong, try again, if the problem persists contact us!", 500, "/")
return self.render_template("item.html", my_category=category,
owner=owner, my_item=my_item,
categories=other_info.item_categories)
def inject_context():
print 'inject_context'
user = User.get_by_id(get_user_id_from_session())
if user is None:
print 'failed to inject user.'
user = User()
else:
print 'successful to inject user.'
def check_signin_in_template():
print 'step: check_signin_in_template().'
return check_signin()
def redirect_in_template(last_path):
return redirect_common(last_path, just_path = True)
return dict(current_user = user, \
redirect_in_template = redirect_in_template, \
check_signin_in_template = check_signin_in_template)
def googlesignin():
print 'step: googlesignin'
token = request.form['idtoken']
if token == None:
print 'token is none.'
return 'False'
else:
print 'token is available.'
session['signin_party'] = 'google'
result, idinfo = get_info_from_google(token)
if result == False:
print 'googlesignin: failed to get info from google.'
session.pop('signin_party', None)
return 'False'
user = User.get_by_id(idinfo['email'])
if user == None:
print 'googlesingin: It is new user.'
user = User()
user.id = idinfo['email']
user.first_name = idinfo['given_name']
user.last_name = idinfo['family_name']
user.add()
else:
print 'googlesingin: It is NOT new user.'
user.id = idinfo['email']
user.first_name = idinfo['given_name']
user.last_name = idinfo['family_name']
user.merge()
print user.commit()
session['user_id'] = user.id
session['token'] = token
session['signin_party'] = 'google'
return 'True'
def change_edit_user(rest_id, user_id):
restaurant = Restaurant.get_by_id(rest_id)
if restaurant.user_id != current_user.id:
raise ApiError("Меню " + restaurant.name +
" не принадлежит данному пользователю!")
user = User.get_by_id(user_id)
add_access = request.method == 'POST'
if add_access:
restaurant.edit_users.append(user)
else:
restaurant.edit_users.remove(user)
notify_user(user, current_user, restaurant, add_access)
session.add(restaurant)
session.add(user)
session.commit()
return jsonify([user.serialize for user in restaurant.edit_users])
def load_user(user_id):
return User.get_by_id(user_id)
