def before_request(self):
current_app.logger.debug("Restricting access: %s" % str(current_user.is_authenticated()))
if not current_user.is_authenticated():
return redirect(url_for("user.login", next=request.url))
elif not current_user.has_roles("admin"):
current_app.logger.debug("%s, %s" % (current_user.has_roles("admin"), str(current_user.roles)))
return abort(403)
def before_request():
g.languages = LANGUAGES
g.site_currencies = app.config['SITE_CURRENCIES']
g.crypto_currencies = app.config['CRYPTO_CURRENCIES']
g.paypal_currencies = app.config['PAYPAL_CURRENCIES']
g.bank_currencies = app.config['BANK_CURRENCIES']
g.top_currencies = app.config['TOP_CURRENCIES']
g.exchangable_currencies = app.config['EXCHANGABLE_CURRENCIES']
g.fee_per_currency = app.config['FEE_PER_CURRENCIES']
g.locale = get_locale()
g.timezone = get_timezone()
g.current_user = current_user
g.year = date.today().year
if not 'currencies' in session:
session['currencies'] = app.config['DEFAULT_EXCHANGABLE_CURRENCIES']
g.currency = session['currencies'][0]
g.currency2 = session['currencies'][1]
if current_user.is_authenticated():
if not session.get('2FA', False) and \
current_user.otp_secret and \
request.url_rule.endpoint not in ('two_factor_login', 'lang', 'user.logout'):
# requested one-time password
flash(_('Please type one time password to access your account'), 'warning')
return redirect(url_for('two_factor_login'))
else:
if '2FA' in session:
del session['2FA']
def manager_do_login():
if current_user.is_authenticated():
return redirect(_endpoint_url('manager_home.home_page'))
info = None
if request.method == 'POST':
request.auth_method = 'basic'
user_manager = current_app.user_manager
email = request.form.get('email')
password = request.form.get('password')
account = Account.query.filter(Account.email == email).first()
success = False
if account:
success = user_manager.verify_password(password, account)
if success:
if not login_user(account, remember=False):
success = False
info = u'该账户已被禁用'
else:
info = u'用户名或密码错误'
else:
info = u'该用户不存在'
if success:
return redirect(_endpoint_url('manager_home.home_page'))
else:
return render_template('backend/login.html', info=info)
else:
return render_template('backend/login.html')
def save_cart_items():
user_id = None
if current_user.is_authenticated():
user_id = current_user._get_current_object().id
cart_items = request.json
cart_items = filter(_check_cart_item, cart_items)
cart_service.save_items(cart_items, user_id=user_id)
return json_response(success=True)
def list_cart_items():
user_id = None
if current_user.is_authenticated():
user_id = current_user._get_current_object().id
cart_items = cart_service.get_items(user_id)
return json_response(
items=[(ProductItem.from_cache_by_id(product_item_id).__json__(
include_keys=['product.name']), quantity)
for product_item_id, quantity in cart_items])
def welcome():
if current_user.is_authenticated():
if not request.referrer:
return redirect(url_for('scriptlist'))
url = urlparse(request.referrer)
paths = ['/blog', '/contact', '/about', '/scriptlist']
if url.netloc == app.config['SERVER_NAME'] and url.path not in paths:
return redirect(url_for('scriptlist'))
form = user_manager.login_form(next='/scriptlist')
return render_template('flask_welcome.html', form=form, login_form=form)
def show_user_data():
if not current_user.is_authenticated():
return redirect(url_for('user.login'))
overlay = None
if(session.get('show_loading_overlay') == True):
overlay = True
session.pop('show_loading_overlay')
return render_template('show_user_data.html', overlay=overlay)
def welcome():
if current_user.is_authenticated():
if not request.referrer:
return redirect(url_for('scriptlist'))
url = urlparse(request.referrer)
paths = ['/blog', '/contact', '/about', '/scriptlist']
if url.netloc == app.config['SERVER_NAME'] and url.path not in paths:
return redirect(url_for('scriptlist'))
form = user_manager.login_form(next='/scriptlist')
return render_template('flask_welcome.html', form=form, login_form=form)
def show_user_data():
if not current_user.is_authenticated():
return redirect(url_for('user.login'))
error=""
# determine hostname/IP we are currently using
# (needed for accessing container)
host_url = urlparse(request.host_url).hostname
container_name = session['user_container_name']
return render_template('show_user_data.html', **locals())
def cart_page():
user_id = None
if current_user.is_authenticated():
user_id = current_user._get_current_object().id
cart_items = cart_service.get_items(user_id)
product_items_with_quantity = [
(ProductItem.from_cache_by_id(product_item_id), quantity)
for product_item_id, quantity in cart_items
]
return render_template(
'cart.html', product_items_with_quantity=product_items_with_quantity)
def two_factor_setup():
if not current_user.is_authenticated():
return redirect(url_for('home_page'))
if current_user is None:
return redirect(url_for('home_page'))
# since this page contains the sensitive qrcode, make sure the browser
# does not cache it
return render_template('users/two-factor-setup.html'), 200, {
'Cache-Control': 'no-cache, no-store, must-revalidate',
'Pragma': 'no-cache',
'Expires': '0'}
def _context_processor():
if current_user.is_authenticated():
user_id = current_user._get_current_object().id
else:
user_id = None
cart_total = 0
for product_item_id, quantity in cart_service.get_items(user_id):
cart_total += quantity
return dict(cart_total=cart_total,
dt_format=lambda dt, fmt: dt.strftime(fmt))
def show_team_page(team_id):
team = models.Team.from_cache_by_id(team_id)
if not team:
raise AppError(error_code=errors.team_id_nonexistent)
current_team_member = None # 当前登录用户 的 team_member
if current_user.is_authenticated():
current_account_id = current_user._get_current_object().id
current_athlete = models.Athlete.from_cache_by_account_id_and_athletic_item_id(current_account_id,
team.athletic_item_id)
if current_athlete:
current_team_member = current_athlete.current_team
return render_template('frontend/team.html', team=team, current_team_member=current_team_member)
def titlepage():
resource_id = request.args.get('resource_id')
if not current_user.is_authenticated() and resource_id != 'Demo':
return redirect(url_for('welcome'))
user_email = get_current_user_email_with_default()
permission = Screenplay.get_users_permission(resource_id, user_email)
if permission != 'owner' and resource_id != 'Demo':
return redirect(url_for('scriptlist'))
fields = TitlePageData.get_fields_by_resource_id(resource_id)
screenplay_title = Screenplay.get_title(resource_id)
return render_template('titlepage.html', user=user_email,
screenplay_title=screenplay_title, **fields)
def show_user_data():
if not current_user.is_authenticated():
return redirect(url_for('user.login'))
if not 'user_container_name' in session:
return redirect(url_for('user.logout'))
error=""
# determine hostname/IP we are currently using
# (needed for accessing container)
host_url = urlparse(request.host_url).hostname
container_name = session['user_container_name']
application_names = docker_interface.get_application_image_names()
role_names = map(lambda x: str(x.name), current_user.roles)
return render_template('show_user_data.html', **locals())
def get_user_open_buy_orders(obj_response):
if not current_user.is_authenticated():
obj_response.redirect(url_for('home_page'))
json_resp = {}
user_orders = []
buy_open_orders = Buy.query.filter_by(uid=current_user.id,
flag_completed=2).order_by(Buy.last_updated.desc())
json_resp['html'] = render_template('users/panels/buy_orders_open.html',
buy_open_orders=buy_open_orders,
)
obj_response.call('render_user_open_buy_orders', [json_resp,])
def home_page():
print url_for('callback')
tasks_due_today = None
tasks_due_tomorrow = None
streak = None
print url_for('create_report', task="task")
if current_user.is_authenticated():
tasks = Task.query.filter_by(user_id = current_user.user_profile.id).all()
today = date.today()
tommorrow = today + timedelta(days=1)
tasks_due_today = [task for task in tasks if task.due_date == today]
tasks_due_tomorrow = [task for task in tasks if task.due_date == tommorrow]
streak = current_user.streak
return render_template('pages/home_page.html', tasks_today = tasks_due_today, tasks_tomorrow = tasks_due_tomorrow,
streak = streak)
def get_user_latest_closed_orders(obj_response):
if not current_user.is_authenticated():
obj_response.redirect(url_for('home_page'))
json_resp = {}
json_resp['html'] = ''
closed_orders = []
closed_orders.extend(BuyHistory.query.filter_by(uid=current_user.id))
closed_orders.extend(SellHistory.query.filter_by(uid=current_user.id))
closed_orders.sort(key=lambda x: x.last_updated, reverse=True)
json_resp['html'] = render_template('users/panels/latest_closed_orders.html',
closed_orders=closed_orders)
obj_response.call('render_user_latest_closed_orders', [json_resp,])
def get_locale():
if 'language' in session:
if session['language']:
session['language'] = session['language'].lower()
if session['language'] in LANGUAGES.keys():
return session['language']
# if a user is logged in, use the locale from the user settings
if current_user is not None and current_user.is_authenticated():
session['language'] = current_user.locale.lower()
return current_user.locale.lower()
# otherwise try to guess the language from the user accept
# header the browser transmits. We support de/fr/en in this
# example. The best match wins.
session['language'] = request.accept_languages.best_match(LANGUAGES.keys())
if not session['language']:
session['language'] = 'en'
return session['language']
def get_user_closed_orders(obj_response, currency, currency2, order_type):
if not current_user.is_authenticated():
obj_response.redirect(url_for('home_page'))
json_resp = {}
json_resp['html'] = ''
open_orders = []
if not currency or not currency2:
if order_type not in ('buy', 'sell'):
open_orders.extend(BuyHistory.query.filter_by(uid=current_user.id))
open_orders.extend(SellHistory.query.filter_by(uid=current_user.id))
else:
if order_type == 'buy':
open_orders.extend(BuyHistory.query.filter_by(uid=current_user.id))
else:
open_orders.extend(SellHistory.query.filter_by(uid=current_user.id))
else:
if order_type not in ('buy', 'sell'):
open_orders.extend(BuyHistory.query.filter_by(uid=current_user.id,
currency=currency,
currency2=currency2))
open_orders.extend(SellHistory.query.filter_by(uid=current_user.id,
currency=currency,
currency2=currency2))
else:
if order_type == 'buy':
open_orders.extend(BuyHistory.query.filter_by(uid=current_user.id,
currency=currency,
currency2=currency2))
else:
open_orders.extend(SellHistory.query.filter_by(uid=current_user.id,
currency=currency,
currency2=currency2))
open_orders.sort(key=lambda x: x.last_updated, reverse=True)
json_resp['html'] = render_template('users/user_orders_closed_list.html',
open_orders=open_orders)
obj_response.call('render_user_open_orders', [json_resp,])
def twofactor_register():
"""User registration route."""
if current_user.is_authenticated():
# if user is logged in we get out of here
return redirect(url_for('index'))
form = RegisterForm()
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
if user is not None:
flash('Username already exists.')
return redirect(url_for('register'))
# add new user to the database
user = User(username=form.username.data, password=form.password.data)
db.session.add(user)
db.session.commit()
# redirect to the two-factor auth page, passing username in session
session['username'] = user.username
return redirect(url_for('two_factor_setup'))
return render_template('register.html', form=form)
def home_page():
return render_template_string("""
{% extends "base.html" %}
{% block content %}
<h2>{%trans%}Home Page{%endtrans%}</h2>
{% if current_user.is_authenticated() %}
<p> <a href="{{ url_for('user_profile_page') }}">
{%trans%}Profile Page{%endtrans%}</a></p>
<p> <a href="{{ url_for('user.logout') }}">
{%trans%}Sign out{%endtrans%}</a></p>
{% else %}
<p> <a href="{{ url_for('user.login') }}">
{%trans%}Sign in or Register{%endtrans%}</a></p>
{% endif %}
{% endblock %}
""")
if current_user.is_authenticated():
return redirect(url_for('user_profile_page'))
else:
return redirect(url_for('user.login'))
def home_page():
return render_template_string("""
{% extends "base.html" %}
{% block content %}
<h2>{%trans%}Home Page{%endtrans%}</h2>
{% if current_user.is_authenticated() %}
<p> <a href="{{ url_for('user_profile_page') }}">
{%trans%}Profile Page{%endtrans%}</a></p>
<p> <a href="{{ url_for('user.logout') }}">
{%trans%}Sign out{%endtrans%}</a></p>
{% else %}
<p> <a href="{{ url_for('user.login') }}">
{%trans%}Sign in or Register{%endtrans%}</a></p>
{% endif %}
{% endblock %}
""")
if current_user.is_authenticated():
return redirect(url_for('user_profile_page'))
else:
return redirect(url_for('user.login'))
def get_user_orders(obj_response):
if not current_user.is_authenticated():
obj_response.redirect(url_for('home_page'))
json_resp = {}
user_orders = []
user_orders.extend(BuyHistory.query.filter_by(
uid=current_user.id,
currency=g.currency,
currency2=g.currency2))
user_orders.extend(SellHistory.query.filter_by(
uid=current_user.id,
currency=g.currency,
currency2=g.currency2))
json_resp['html'] = render_template('users/user_orders_list.html',
user_orders=user_orders)
obj_response.call('render_user_orders', [json_resp,])
def get_user_latest_transactions(obj_response):
if not current_user.is_authenticated():
obj_response.redirect(url_for('home_page'))
json_resp = {}
user_orders = []
accredits = Transaction.query.filter_by(id_user=current_user.id,
transaction_type='accredit'
).order_by(Transaction.created_date.desc()).limit(10)
charges = Transaction.query.filter_by(id_user=current_user.id,
transaction_type='charge'
).order_by(Transaction.created_date.desc()).limit(10)
json_resp['html'] = render_template('users/panels/latest_transactions.html',
accredits=accredits,
charges=charges)
obj_response.call('render_user_latest_transactions', [json_resp,])
def two_factor_qrcode():
if not current_user.is_authenticated():
abort(404)
if current_user is None:
abort(404)
if not current_user.otp_secret:
session['2FA'] = True
user = db_adapter.find_first_object(User, id=current_user.id)
db_adapter.update_object(user, otp_secret = current_user.create_2fa())
db_adapter.commit()
# render qrcode for FreeTOTP
url = pyqrcode.create(current_user.get_totp_uri())
stream = StringIO()
url.svg(stream, scale=3)
return stream.getvalue().encode('utf-8'), 200, {
'Content-Type': 'image/svg+xml',
'Cache-Control': 'no-cache, no-store, must-revalidate',
'Pragma': 'no-cache',
'Expires': '0'}
def get_user_total_orders(obj_response):
if not current_user.is_authenticated():
obj_response.redirect(url_for('home_page'))
json_resp = {}
user_orders = []
json_resp['total_buy_orders'] = Buy.query.filter_by(uid=current_user.id).count()
json_resp['total_sell_orders'] = Sell.query.filter_by(uid=current_user.id).count()
json_resp['total_history_buy_order'] = BuyHistory.query.filter_by(uid=current_user.id).count()
json_resp['total_history_sell_order'] = SellHistory.query.filter_by(uid=current_user.id).count()
json_resp['total_orders'] = json_resp['total_buy_orders'] + json_resp['total_sell_orders'] +\
json_resp['total_history_buy_order'] + json_resp['total_history_sell_order']
json_resp['total_open_orders'] = json_resp['total_buy_orders'] + json_resp['total_sell_orders']
json_resp['total_closed_orders'] = json_resp['total_history_buy_order'] + json_resp['total_history_sell_order']
for k in json_resp:
json_resp[k] = format_locale_number(json_resp[k])
obj_response.call('render_user_total_orders', [json_resp,])
def editor():
resource_id = request.args.get('resource_id')
if not current_user.is_authenticated() and resource_id != 'Demo':
return redirect(url_for('welcome'))
user_email = get_current_user_email_with_default()
permission = Screenplay.get_users_permission(resource_id, user_email)
if permission is None and resource_id != 'Demo':
return redirect(url_for('scriptlist'))
notification = ShareNotify.query. \
filter_by(resource_id=resource_id, user=user_email).first()
if notification:
notification.opened = True
notification.timeopened = datetime.utcnow()
db.session.commit()
EOV = 'editor' if permission == 'owner' else 'viewer'
sign_out = '/user/sign-out'
return render_template('editor.html', user=user_email, mode="PRO",
resource_id=resource_id, EOV=EOV, sign_out=sign_out)
def get_user_deposits_withdrawals(obj_response, currency, transaction_type):
if not current_user.is_authenticated():
obj_response.redirect(url_for('home_page'))
json_resp = {}
transactions = []
if transaction_type:
if currency:
transactions.extend(UserDepositWithdrawal.query.filter_by(id_user=current_user.id,
transaction_type=transaction_type,
currency=currency
).order_by(UserDepositWithdrawal.created_date.desc())
)
else:
transactions.extend(UserDepositWithdrawal.query.filter_by(id_user=current_user.id,
transaction_type=transaction_type,
).order_by(UserDepositWithdrawal.created_date.desc())
)
else:
if currency:
transactions.extend(UserDepositWithdrawal.query.filter_by(id_user=current_user.id,
currency=currency
).order_by(UserDepositWithdrawal.created_date.desc())
)
else:
transactions.extend(UserDepositWithdrawal.query.filter_by(id_user=current_user.id,
).order_by(UserDepositWithdrawal.created_date.desc())
)
transactions.sort(key=lambda x: x.created_date, reverse=True)
json_resp['html'] = render_template('users/user_deposits_withdrawals_list.html',
transactions=transactions)
obj_response.call('render_user_transactions', [json_resp,])
def decorated_function(*args, **kwargs):
if not current_user.is_authenticated() or not current_user.has_role('ADMIN'):
return current_app.login_manager.unauthorized()
return f(*args, **kwargs)
def select_application(application_name):
# TODO: I don't think that's needed in compination with login_required decorator
if not current_user.is_authenticated():
return redirect(url_for('user.login'))
session['application_name'] = application_name
return redirect('/'+application_name)
def get_current_user_email_with_default():
user = '******'
if current_user.is_authenticated():
user = current_user.name
return user
def who_am_i():
if current_user.is_authenticated():
user = current_user._get_current_object()
return json_response(user=user)
else:
return json_response(success=False)
def get_timezone():
if current_user is not None and current_user.is_authenticated():
return current_user.timezone
else:
return 'Europe/Amsterdam'
def get_current_user_email_with_default():
user = '******'
if current_user.is_authenticated():
user = current_user.name
return user
def restrict_access():
if not current_user.is_authenticated():
return redirect(url_for("user.login", next=request.url))
elif not current_user.has_roles("admin"):
return abort(403)
def logged_in():
return current_user.is_authenticated()
