def before_request(self): current_app.logger.debug("Restricting access: %s" % str(current_user.is_authenticated())) if not current_user.is_authenticated(): return redirect(url_for("user.login", next=request.url)) elif not current_user.has_roles("admin"): current_app.logger.debug("%s, %s" % (current_user.has_roles("admin"), str(current_user.roles))) return abort(403)
def before_request(): g.languages = LANGUAGES g.site_currencies = app.config['SITE_CURRENCIES'] g.crypto_currencies = app.config['CRYPTO_CURRENCIES'] g.paypal_currencies = app.config['PAYPAL_CURRENCIES'] g.bank_currencies = app.config['BANK_CURRENCIES'] g.top_currencies = app.config['TOP_CURRENCIES'] g.exchangable_currencies = app.config['EXCHANGABLE_CURRENCIES'] g.fee_per_currency = app.config['FEE_PER_CURRENCIES'] g.locale = get_locale() g.timezone = get_timezone() g.current_user = current_user g.year = date.today().year if not 'currencies' in session: session['currencies'] = app.config['DEFAULT_EXCHANGABLE_CURRENCIES'] g.currency = session['currencies'][0] g.currency2 = session['currencies'][1] if current_user.is_authenticated(): if not session.get('2FA', False) and \ current_user.otp_secret and \ request.url_rule.endpoint not in ('two_factor_login', 'lang', 'user.logout'): # requested one-time password flash(_('Please type one time password to access your account'), 'warning') return redirect(url_for('two_factor_login')) else: if '2FA' in session: del session['2FA']
def manager_do_login(): if current_user.is_authenticated(): return redirect(_endpoint_url('manager_home.home_page')) info = None if request.method == 'POST': request.auth_method = 'basic' user_manager = current_app.user_manager email = request.form.get('email') password = request.form.get('password') account = Account.query.filter(Account.email == email).first() success = False if account: success = user_manager.verify_password(password, account) if success: if not login_user(account, remember=False): success = False info = u'该账户已被禁用' else: info = u'用户名或密码错误' else: info = u'该用户不存在' if success: return redirect(_endpoint_url('manager_home.home_page')) else: return render_template('backend/login.html', info=info) else: return render_template('backend/login.html')
def save_cart_items(): user_id = None if current_user.is_authenticated(): user_id = current_user._get_current_object().id cart_items = request.json cart_items = filter(_check_cart_item, cart_items) cart_service.save_items(cart_items, user_id=user_id) return json_response(success=True)
def list_cart_items(): user_id = None if current_user.is_authenticated(): user_id = current_user._get_current_object().id cart_items = cart_service.get_items(user_id) return json_response( items=[(ProductItem.from_cache_by_id(product_item_id).__json__( include_keys=['product.name']), quantity) for product_item_id, quantity in cart_items])
def welcome(): if current_user.is_authenticated(): if not request.referrer: return redirect(url_for('scriptlist')) url = urlparse(request.referrer) paths = ['/blog', '/contact', '/about', '/scriptlist'] if url.netloc == app.config['SERVER_NAME'] and url.path not in paths: return redirect(url_for('scriptlist')) form = user_manager.login_form(next='/scriptlist') return render_template('flask_welcome.html', form=form, login_form=form)
def show_user_data(): if not current_user.is_authenticated(): return redirect(url_for('user.login')) overlay = None if(session.get('show_loading_overlay') == True): overlay = True session.pop('show_loading_overlay') return render_template('show_user_data.html', overlay=overlay)
def show_user_data(): if not current_user.is_authenticated(): return redirect(url_for('user.login')) error="" # determine hostname/IP we are currently using # (needed for accessing container) host_url = urlparse(request.host_url).hostname container_name = session['user_container_name'] return render_template('show_user_data.html', **locals())
def cart_page(): user_id = None if current_user.is_authenticated(): user_id = current_user._get_current_object().id cart_items = cart_service.get_items(user_id) product_items_with_quantity = [ (ProductItem.from_cache_by_id(product_item_id), quantity) for product_item_id, quantity in cart_items ] return render_template( 'cart.html', product_items_with_quantity=product_items_with_quantity)
def two_factor_setup(): if not current_user.is_authenticated(): return redirect(url_for('home_page')) if current_user is None: return redirect(url_for('home_page')) # since this page contains the sensitive qrcode, make sure the browser # does not cache it return render_template('users/two-factor-setup.html'), 200, { 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0'}
def _context_processor(): if current_user.is_authenticated(): user_id = current_user._get_current_object().id else: user_id = None cart_total = 0 for product_item_id, quantity in cart_service.get_items(user_id): cart_total += quantity return dict(cart_total=cart_total, dt_format=lambda dt, fmt: dt.strftime(fmt))
def show_team_page(team_id): team = models.Team.from_cache_by_id(team_id) if not team: raise AppError(error_code=errors.team_id_nonexistent) current_team_member = None # 当前登录用户 的 team_member if current_user.is_authenticated(): current_account_id = current_user._get_current_object().id current_athlete = models.Athlete.from_cache_by_account_id_and_athletic_item_id(current_account_id, team.athletic_item_id) if current_athlete: current_team_member = current_athlete.current_team return render_template('frontend/team.html', team=team, current_team_member=current_team_member)
def titlepage(): resource_id = request.args.get('resource_id') if not current_user.is_authenticated() and resource_id != 'Demo': return redirect(url_for('welcome')) user_email = get_current_user_email_with_default() permission = Screenplay.get_users_permission(resource_id, user_email) if permission != 'owner' and resource_id != 'Demo': return redirect(url_for('scriptlist')) fields = TitlePageData.get_fields_by_resource_id(resource_id) screenplay_title = Screenplay.get_title(resource_id) return render_template('titlepage.html', user=user_email, screenplay_title=screenplay_title, **fields)
def show_user_data(): if not current_user.is_authenticated(): return redirect(url_for('user.login')) if not 'user_container_name' in session: return redirect(url_for('user.logout')) error="" # determine hostname/IP we are currently using # (needed for accessing container) host_url = urlparse(request.host_url).hostname container_name = session['user_container_name'] application_names = docker_interface.get_application_image_names() role_names = map(lambda x: str(x.name), current_user.roles) return render_template('show_user_data.html', **locals())
def get_user_open_buy_orders(obj_response): if not current_user.is_authenticated(): obj_response.redirect(url_for('home_page')) json_resp = {} user_orders = [] buy_open_orders = Buy.query.filter_by(uid=current_user.id, flag_completed=2).order_by(Buy.last_updated.desc()) json_resp['html'] = render_template('users/panels/buy_orders_open.html', buy_open_orders=buy_open_orders, ) obj_response.call('render_user_open_buy_orders', [json_resp,])
def home_page(): print url_for('callback') tasks_due_today = None tasks_due_tomorrow = None streak = None print url_for('create_report', task="task") if current_user.is_authenticated(): tasks = Task.query.filter_by(user_id = current_user.user_profile.id).all() today = date.today() tommorrow = today + timedelta(days=1) tasks_due_today = [task for task in tasks if task.due_date == today] tasks_due_tomorrow = [task for task in tasks if task.due_date == tommorrow] streak = current_user.streak return render_template('pages/home_page.html', tasks_today = tasks_due_today, tasks_tomorrow = tasks_due_tomorrow, streak = streak)
def get_user_latest_closed_orders(obj_response): if not current_user.is_authenticated(): obj_response.redirect(url_for('home_page')) json_resp = {} json_resp['html'] = '' closed_orders = [] closed_orders.extend(BuyHistory.query.filter_by(uid=current_user.id)) closed_orders.extend(SellHistory.query.filter_by(uid=current_user.id)) closed_orders.sort(key=lambda x: x.last_updated, reverse=True) json_resp['html'] = render_template('users/panels/latest_closed_orders.html', closed_orders=closed_orders) obj_response.call('render_user_latest_closed_orders', [json_resp,])
def get_locale(): if 'language' in session: if session['language']: session['language'] = session['language'].lower() if session['language'] in LANGUAGES.keys(): return session['language'] # if a user is logged in, use the locale from the user settings if current_user is not None and current_user.is_authenticated(): session['language'] = current_user.locale.lower() return current_user.locale.lower() # otherwise try to guess the language from the user accept # header the browser transmits. We support de/fr/en in this # example. The best match wins. session['language'] = request.accept_languages.best_match(LANGUAGES.keys()) if not session['language']: session['language'] = 'en' return session['language']
def get_user_closed_orders(obj_response, currency, currency2, order_type): if not current_user.is_authenticated(): obj_response.redirect(url_for('home_page')) json_resp = {} json_resp['html'] = '' open_orders = [] if not currency or not currency2: if order_type not in ('buy', 'sell'): open_orders.extend(BuyHistory.query.filter_by(uid=current_user.id)) open_orders.extend(SellHistory.query.filter_by(uid=current_user.id)) else: if order_type == 'buy': open_orders.extend(BuyHistory.query.filter_by(uid=current_user.id)) else: open_orders.extend(SellHistory.query.filter_by(uid=current_user.id)) else: if order_type not in ('buy', 'sell'): open_orders.extend(BuyHistory.query.filter_by(uid=current_user.id, currency=currency, currency2=currency2)) open_orders.extend(SellHistory.query.filter_by(uid=current_user.id, currency=currency, currency2=currency2)) else: if order_type == 'buy': open_orders.extend(BuyHistory.query.filter_by(uid=current_user.id, currency=currency, currency2=currency2)) else: open_orders.extend(SellHistory.query.filter_by(uid=current_user.id, currency=currency, currency2=currency2)) open_orders.sort(key=lambda x: x.last_updated, reverse=True) json_resp['html'] = render_template('users/user_orders_closed_list.html', open_orders=open_orders) obj_response.call('render_user_open_orders', [json_resp,])
def twofactor_register(): """User registration route.""" if current_user.is_authenticated(): # if user is logged in we get out of here return redirect(url_for('index')) form = RegisterForm() if form.validate_on_submit(): user = User.query.filter_by(username=form.username.data).first() if user is not None: flash('Username already exists.') return redirect(url_for('register')) # add new user to the database user = User(username=form.username.data, password=form.password.data) db.session.add(user) db.session.commit() # redirect to the two-factor auth page, passing username in session session['username'] = user.username return redirect(url_for('two_factor_setup')) return render_template('register.html', form=form)
def home_page(): return render_template_string(""" {% extends "base.html" %} {% block content %} <h2>{%trans%}Home Page{%endtrans%}</h2> {% if current_user.is_authenticated() %} <p> <a href="{{ url_for('user_profile_page') }}"> {%trans%}Profile Page{%endtrans%}</a></p> <p> <a href="{{ url_for('user.logout') }}"> {%trans%}Sign out{%endtrans%}</a></p> {% else %} <p> <a href="{{ url_for('user.login') }}"> {%trans%}Sign in or Register{%endtrans%}</a></p> {% endif %} {% endblock %} """) if current_user.is_authenticated(): return redirect(url_for('user_profile_page')) else: return redirect(url_for('user.login'))
def get_user_orders(obj_response): if not current_user.is_authenticated(): obj_response.redirect(url_for('home_page')) json_resp = {} user_orders = [] user_orders.extend(BuyHistory.query.filter_by( uid=current_user.id, currency=g.currency, currency2=g.currency2)) user_orders.extend(SellHistory.query.filter_by( uid=current_user.id, currency=g.currency, currency2=g.currency2)) json_resp['html'] = render_template('users/user_orders_list.html', user_orders=user_orders) obj_response.call('render_user_orders', [json_resp,])
def get_user_latest_transactions(obj_response): if not current_user.is_authenticated(): obj_response.redirect(url_for('home_page')) json_resp = {} user_orders = [] accredits = Transaction.query.filter_by(id_user=current_user.id, transaction_type='accredit' ).order_by(Transaction.created_date.desc()).limit(10) charges = Transaction.query.filter_by(id_user=current_user.id, transaction_type='charge' ).order_by(Transaction.created_date.desc()).limit(10) json_resp['html'] = render_template('users/panels/latest_transactions.html', accredits=accredits, charges=charges) obj_response.call('render_user_latest_transactions', [json_resp,])
def two_factor_qrcode(): if not current_user.is_authenticated(): abort(404) if current_user is None: abort(404) if not current_user.otp_secret: session['2FA'] = True user = db_adapter.find_first_object(User, id=current_user.id) db_adapter.update_object(user, otp_secret = current_user.create_2fa()) db_adapter.commit() # render qrcode for FreeTOTP url = pyqrcode.create(current_user.get_totp_uri()) stream = StringIO() url.svg(stream, scale=3) return stream.getvalue().encode('utf-8'), 200, { 'Content-Type': 'image/svg+xml', 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0'}
def get_user_total_orders(obj_response): if not current_user.is_authenticated(): obj_response.redirect(url_for('home_page')) json_resp = {} user_orders = [] json_resp['total_buy_orders'] = Buy.query.filter_by(uid=current_user.id).count() json_resp['total_sell_orders'] = Sell.query.filter_by(uid=current_user.id).count() json_resp['total_history_buy_order'] = BuyHistory.query.filter_by(uid=current_user.id).count() json_resp['total_history_sell_order'] = SellHistory.query.filter_by(uid=current_user.id).count() json_resp['total_orders'] = json_resp['total_buy_orders'] + json_resp['total_sell_orders'] +\ json_resp['total_history_buy_order'] + json_resp['total_history_sell_order'] json_resp['total_open_orders'] = json_resp['total_buy_orders'] + json_resp['total_sell_orders'] json_resp['total_closed_orders'] = json_resp['total_history_buy_order'] + json_resp['total_history_sell_order'] for k in json_resp: json_resp[k] = format_locale_number(json_resp[k]) obj_response.call('render_user_total_orders', [json_resp,])
def editor(): resource_id = request.args.get('resource_id') if not current_user.is_authenticated() and resource_id != 'Demo': return redirect(url_for('welcome')) user_email = get_current_user_email_with_default() permission = Screenplay.get_users_permission(resource_id, user_email) if permission is None and resource_id != 'Demo': return redirect(url_for('scriptlist')) notification = ShareNotify.query. \ filter_by(resource_id=resource_id, user=user_email).first() if notification: notification.opened = True notification.timeopened = datetime.utcnow() db.session.commit() EOV = 'editor' if permission == 'owner' else 'viewer' sign_out = '/user/sign-out' return render_template('editor.html', user=user_email, mode="PRO", resource_id=resource_id, EOV=EOV, sign_out=sign_out)
def get_user_deposits_withdrawals(obj_response, currency, transaction_type): if not current_user.is_authenticated(): obj_response.redirect(url_for('home_page')) json_resp = {} transactions = [] if transaction_type: if currency: transactions.extend(UserDepositWithdrawal.query.filter_by(id_user=current_user.id, transaction_type=transaction_type, currency=currency ).order_by(UserDepositWithdrawal.created_date.desc()) ) else: transactions.extend(UserDepositWithdrawal.query.filter_by(id_user=current_user.id, transaction_type=transaction_type, ).order_by(UserDepositWithdrawal.created_date.desc()) ) else: if currency: transactions.extend(UserDepositWithdrawal.query.filter_by(id_user=current_user.id, currency=currency ).order_by(UserDepositWithdrawal.created_date.desc()) ) else: transactions.extend(UserDepositWithdrawal.query.filter_by(id_user=current_user.id, ).order_by(UserDepositWithdrawal.created_date.desc()) ) transactions.sort(key=lambda x: x.created_date, reverse=True) json_resp['html'] = render_template('users/user_deposits_withdrawals_list.html', transactions=transactions) obj_response.call('render_user_transactions', [json_resp,])
def decorated_function(*args, **kwargs): if not current_user.is_authenticated() or not current_user.has_role('ADMIN'): return current_app.login_manager.unauthorized() return f(*args, **kwargs)
def select_application(application_name): # TODO: I don't think that's needed in compination with login_required decorator if not current_user.is_authenticated(): return redirect(url_for('user.login')) session['application_name'] = application_name return redirect('/'+application_name)
def get_current_user_email_with_default(): user = '******' if current_user.is_authenticated(): user = current_user.name return user
def who_am_i(): if current_user.is_authenticated(): user = current_user._get_current_object() return json_response(user=user) else: return json_response(success=False)
def get_timezone(): if current_user is not None and current_user.is_authenticated(): return current_user.timezone else: return 'Europe/Amsterdam'
def restrict_access(): if not current_user.is_authenticated(): return redirect(url_for("user.login", next=request.url)) elif not current_user.has_roles("admin"): return abort(403)
def logged_in(): return current_user.is_authenticated()