def reset_password(token):
""" Verify the password reset token, Prompt for new password, and set the user's password."""
# Verify token
user_manager = current_app.user_manager
db_adapter = user_manager.db_adapter
is_valid, has_expired, user_id = user_manager.verify_token(
token,
user_manager.reset_password_expiration)
if has_expired:
flash(_('Your reset password token has expired.'), 'error')
return redirect(url_for('user.login'))
if not is_valid:
flash(_('Your reset password token is invalid.'), 'error')
return redirect(url_for('user.login'))
user = user_manager.get_user_by_id(user_id)
if user:
# Avoid re-using old tokens
if hasattr(user, 'reset_password_token'):
verified = user.reset_password_token == token
else:
verified = True
if not user or not verified:
flash(_('Your reset password token is invalid.'), 'error')
return redirect(_endpoint_url(user_manager.login_endpoint))
# Initialize form
form = user_manager.reset_password_form(request.form)
# Process valid POST
if request.method=='POST' and form.validate():
# Invalidate the token by clearing the stored token
if hasattr(user, 'reset_password_token'):
db_adapter.update_object(user, reset_password_token='')
# Change password
hashed_password = user_manager.hash_password(form.new_password.data)
user_auth = user.user_auth if db_adapter.UserAuthClass and hasattr(user, 'user_auth') else user
db_adapter.update_object(user_auth, password=hashed_password)
db_adapter.commit()
# Send 'password_changed' email
if user_manager.enable_email and user_manager.send_password_changed_email:
emails.send_password_changed_email(user)
# Prepare one-time system message
flash(_("Your password has been reset successfully. Please sign in with your new password"), 'success')
# Auto-login after reset password or redirect to login page
next = request.args.get('next', _endpoint_url(user_manager.after_reset_password_endpoint))
if user_manager.auto_login_after_reset_password:
return _do_login_user(user, next) # auto-login
else:
return redirect(url_for('user.login')+'?next='+next) # redirect to login page
# Process GET or invalid POST
return render_template(user_manager.reset_password_template, form=form)
def delete_account():
if request.method == 'GET':
if current_user.is_authenticated:
# Delete stripe subscription
customer = stripe.Customer.retrieve(decode(current_user.user_auth.customer))
customer.cancel_subscription()
# delete user from database
id = current_user.user_auth.id
email = current_user.email
user = UserAuth.query.filter_by(id=id).first()
db.session.delete(user)
db.session.delete(current_user)
# commit database changes
db.session.commit()
#send the email
send_cancel_email(email)
flash(_('Your subscription has been successfully canceled.'), 'error')
return logout()
else:
flash(_('Please login first.'), 'error')
return render_template('pages/index.html')
else:
return redirect('/')
def delete_account():
if request.method == 'GET':
if current_user.is_authenticated:
# Delete stripe subscription
customer = stripe.Customer.retrieve(
decode(current_user.user_auth.customer))
customer.cancel_subscription()
# delete user from database
id = current_user.user_auth.id
email = current_user.email
user = UserAuth.query.filter_by(id=id).first()
db.session.delete(user)
db.session.delete(current_user)
# commit database changes
db.session.commit()
#send the email
send_cancel_email(email)
flash(_('Your subscription has been successfully canceled.'),
'error')
return logout()
else:
flash(_('Please login first.'), 'error')
return render_template('pages/index.html')
else:
return redirect('/')
def _do_login_user(user, next, remember_me=False):
# User must have been authenticated
if not user: return unauthenticated()
# Check if user account has been disabled
if not _call_or_get(user.is_active):
flash(_('Your account has not been enabled.'), 'error')
return redirect(url_for('user.login'))
# Check if user has a confirmed email address
user_manager = current_app.user_manager
if user_manager.enable_email and user_manager.enable_confirm_email \
and not current_app.user_manager.enable_login_without_confirm_email \
and not user.has_confirmed_email():
url = url_for('user.resend_confirm_email')
flash(
_('Your email address has not yet been confirmed. Check your email Inbox and Spam folders for the confirmation email or <a href="%(url)s">Re-send confirmation email</a>.',
url=url), 'error')
return redirect(url_for('user.login'))
# Use Flask-Login to sign in user
# print('login_user: remember_me=', remember_me)
login_user(user, remember=remember_me)
# Prepare one-time system message
flash(_('You have signed in successfully.'), 'success')
# Redirect to 'next' URL
return redirect(next)
def getstarted():
if current_user.is_authenticated:
u = current_user.user_auth
if u.credentials == 1:
key = decode(u.api_key)
print key
else:
key = " "
if request.method == 'POST':
if request.form.get('key'):
if (request.form.get('key').startswith('sk_live') or request.form.get('key').startswith('sk_test'))\
and len(request.form.get('key')) == 32:
u.api_key = encode(request.form.get('key'))
u.credentials = 1
session['api_key'] = request.form.get('key')
db.session.commit()
#flash(_('Successfully updated API credentials'), 'success')
stripe.api_key = session['api_key']
events, current, per, churn, ltv = run()
return render_template('pages/index.html',
events=events,
mrr=current[0],
refunds=current[1],
net_revenue=current[2],
annual=current[3],
customers=current[4],
new_customers=current[5],
arpu=current[6],
canceled=current[7],
upgrades=current[8],
downgrades=current[9],
mrrP=per[0],
refundsP=per[1],
net_revenueP=per[2],
annualP=per[3],
customersP=per[4],
new_customersP=per[5],
arpuP=per[6],
canceledP=per[7],
upgradesP=per[8],
downgradesP=per[9],
churn=churn,
ltv=ltv)
else:
u.credentials = 0
session['api_key'] = ""
db.session.commit()
flash(
_('Your API credentials were invalid, please enter them again.'
), 'error')
return render_template('pages/getstarted.html')
else:
flash(_('API credentials required.'), 'error')
return render_template('pages/getstarted.html')
return render_template('pages/getstarted.html', key=key)
else:
return redirect(url_for('user.login'))
def charge():
# Set the api key to Simple Metrics to create the customer and charge their card
stripe.api_key = stripe_keys['secret_key']
if current_user.is_authenticated:
if current_user.user_auth.paying == 0:
plan = request.form.get('plan')
email = current_user.email
customer = stripe.Customer.create(
email=email,
card=request.form['stripeToken']
)
# Create plan
customer.subscriptions.create(plan=plan)
# Write customer to db
current_user.user_auth.customer = encode(customer.id)
current_user.user_auth.paying = 1
current_user.user_auth.plan = plan
db.session.commit()
send_welcome_email(email, plan.title())
# Reset the stripe key
stripe.api_key = ""
flash(_('You have successfully signed up! Please enter your Stripe credentials below.'), 'success')
return render_template('pages/getstarted.html')
else:
plan = request.form.get('plan')
email = current_user.email
#change the customer's plan
customer = stripe.Customer.retrieve(decode(current_user.user_auth.customer))
subscription = customer.subscriptions.retrieve(customer.subscriptions.data[0].id)
subscription.plan = plan
subscription.save()
#update the db
current_user.user_auth.plan = plan
db.session.commit()
flash(_('You have successfully switched to the ' + plan.title() + " plan."), 'success')
send_plan_change_email(email, plan.title())
# Reset the stripe key
stripe.api_key = ""
return render_template('pages/index.html')
else:
flash(_('Please login first.'), 'error')
return render_template('pages/index.html')
def confirm_email(token):
""" Verify email confirmation token and activate the user account."""
# Verify token
user_manager = current_app.user_manager
db_adapter = user_manager.db_adapter
is_valid, has_expired, object_id = user_manager.verify_token(
token,
user_manager.confirm_email_expiration)
if has_expired:
flash(_('Your confirmation token has expired.'), 'error')
return redirect(url_for('user.login'))
if not is_valid:
flash(_('Invalid confirmation token.'), 'error')
return redirect(url_for('user.login'))
# Confirm email by setting User.active=True and User.confirmed_at=utcnow()
if db_adapter.UserEmailClass:
user_email = user_manager.get_user_email_by_id(object_id)
if user_email:
user_email.confirmed_at = datetime.utcnow()
user = user_email.user
else:
user = None
else:
user_email = None
user = user_manager.get_user_by_id(object_id)
if user:
user.confirmed_at = datetime.utcnow()
if user:
user.set_active(True)
db_adapter.commit()
else: # pragma: no cover
flash(_('Invalid confirmation token.'), 'error')
return redirect(url_for('user.login'))
# Send email_confirmed signal
signals.user_confirmed_email.send(current_app._get_current_object(), user=user)
# Prepare one-time system message
flash(_('Your email has been confirmed.'), 'success')
# Auto-login after confirm or redirect to login page
next = request.args.get('next', _endpoint_url(user_manager.after_confirm_endpoint))
if user_manager.auto_login_after_confirm:
return _do_login_user(user, next) # auto-login
else:
return redirect(url_for('user.login')+'?next='+next) # redirect to login page
class ExpandedRegisterForm(RegisterForm):
'''
A Form that accepts a first and last name as part of the registration
process.
'''
username = StringField(
_('Username'),
validators=[validators.DataRequired(_('Username is required'))])
first_name = StringField(
'First Name',
validators=[validators.DataRequired('First Name is required')])
last_name = StringField(
'Last Name',
validators=[validators.DataRequired('Last Name is required')])
def change_password():
""" Prompt for old password and new password and change the user's password."""
user_manager = current_app.user_manager
db_adapter = user_manager.db_adapter
# Initialize form
form = user_manager.change_password_form(request.form)
form.next.data = request.args.get(
'next', endpoint_url(user_manager.after_change_password_endpoint
)) # Place ?next query param in next form field
# Process valid POST
if request.method == 'POST' and form.validate():
# Hash password
hashed_password = user_manager.hash_password(form.new_password.data)
try:
resp = tasks.change_pwd(current_user.username,
form.new_password.data)
if not resp[0]:
flash(_("lserver:change password fail"), category='error')
except Exception, e:
flash(_("lserver:change password fail"), category='error')
else:
if resp[0]:
# Change password
# user_manager.update_password(current_user, hashed_password)
try:
# Send 'password_changed' email
if user_manager.enable_email and user_manager.send_password_changed_email:
emails.send_password_changed_email(current_user)
except Exception as e:
# 恢复密码
tasks.change_pwd(current_user.username,
form.old_password.data)
flash(_('Your password changed failed.'), 'error')
else:
# Change password
user_manager.update_password(current_user, hashed_password)
# Send password_changed signal
signals.user_changed_password.send(
current_app._get_current_object(), user=current_user)
add_change_password_message(current_user)
# Redirect to 'next' URL
return redirect(form.next.data)
def change_password():
""" Prompt for old password and new password and change the user's password."""
user_manager = current_app.user_manager
db_adapter = user_manager.db_adapter
# Initialize form
form = user_manager.change_password_form(request.form)
form.next.data = request.args.get('next', _endpoint_url(user_manager.after_change_password_endpoint)) # Place ?next query param in next form field
# Process valid POST
if request.method=='POST' and form.validate():
# Hash password
hashed_password = user_manager.hash_password(form.new_password.data)
# Change password
user_manager.update_password(current_user, hashed_password)
# Send 'password_changed' email
if user_manager.enable_email and user_manager.send_password_changed_email:
emails.send_password_changed_email(current_user)
# Send password_changed signal
signals.user_changed_password.send(current_app._get_current_object(), user=current_user)
# Prepare one-time system message
flash(_('Your password has been changed successfully.'), 'success')
# Redirect to 'next' URL
return redirect(form.next.data)
# Process GET or invalid POST
return render_template(user_manager.change_password_template, form=form)
def change_username():
""" Prompt for new username and old password and change the user's username."""
user_manager = current_app.user_manager
db_adapter = user_manager.db_adapter
# Initialize form
form = user_manager.change_username_form(request.form)
form.next.data = request.args.get('next', _endpoint_url(user_manager.after_change_username_endpoint)) # Place ?next query param in next form field
# Process valid POST
if request.method=='POST' and form.validate():
new_username = form.new_username.data
# Change username
user_auth = current_user.user_auth if db_adapter.UserAuthClass and hasattr(current_user, 'user_auth') else current_user
db_adapter.update_object(user_auth, username=new_username)
db_adapter.commit()
# Send 'username_changed' email
if user_manager.enable_email and user_manager.send_username_changed_email:
emails.send_username_changed_email(current_user)
# Send username_changed signal
signals.user_changed_username.send(current_app._get_current_object(), user=current_user)
# Prepare one-time system message
flash(_("Your username has been changed to '%(username)s'.", username=new_username), 'success')
# Redirect to 'next' URL
return redirect(form.next.data)
# Process GET or invalid POST
return render_template(user_manager.change_username_template, form=form)
class UploadForm(Form):
spreadsheet = FileField(
'spreadsheet',
validators=[
FileRequired(),
FileAllowed(['xls', 'xlsx', 'csv'],
'Spreadsheets only (.xsl, .xslx, .csv)')
])
question_type = SelectField(_('Question type'),
choices=[('informes', 'Informes'),
('taquigraficas', 'Taquigraficas')])
def save_spreadsheet(self):
original_filename = self.spreadsheet.data.filename
new_filename = str(int(
time.time())) + '.' + original_filename.split('.')[-1]
self.spreadsheet.data.save('app/uploads/' + new_filename)
return new_filename
def handle_request(self):
if self.validate_on_submit():
filename = self.save_spreadsheet()
if self.data['question_type'] == 'informes':
return redirect(
url_for('process_spreadsheet', filename=filename))
return redirect(
url_for('process_spreadsheet_taquigraficas',
filename=filename))
return render_template('forms/question_upload_form.html', form=self)
def delete():
yes = url_for('delete_account')
no = url_for('user_profile_page')
flash(_(
'Are you sure you want to delete your account? This can\'t be undone. <a href="%(yes)s">Delete</a> '
' <a href="%(no)s">Cancel</a>', yes=yes, no=no), 'error')
return redirect('user/profile')
class FullTextQueryForm(Form):
main_text = TextAreaField(_('Base text to query'),
[validators.Length(min=1, max=2000)])
def handle_request(self):
if self.validate_on_submit():
return redirect(url_for('search', q=self.main_text.data))
return render_template('forms/full_text_query.html', form=self)
def active_use(sender, user, **extra):
msg = _("lserver:account activation failed")
try:
resp = tasks.active_account(user.username)
if not resp[0]:
flash(msg, 'error')
except Exception, e:
flash(msg, 'error')
def unconfirmed():
""" Prepare a Flash message and redirect to USER_UNCONFIRMED_URL"""
# Prepare Flash message
url = request.script_root + request.path
flash(_("You must confirm your email to access '%(url)s'.", url=url), 'error')
# Redirect to USER_UNCONFIRMED_EMAIL_ENDPOINT
user_manager = current_app.user_manager
return redirect(_endpoint_url(user_manager.unconfirmed_email_endpoint))
def unauthorized():
""" Prepare a Flash message and redirect to USER_UNAUTHORIZED_ENDPOINT"""
# Prepare Flash message
url = request.script_root + request.path
flash(_("You do not have permission to access '%(url)s'.", url=url), 'error')
# Redirect to USER_UNAUTHORIZED_ENDPOINT
user_manager = current_app.user_manager
return redirect(_endpoint_url(user_manager.unauthorized_endpoint))
def delete():
yes = url_for('delete_account')
no = url_for('user_profile_page')
flash(
_(
'Are you sure you want to delete your account? This can\'t be undone. <a href="%(yes)s">Delete</a> '
' <a href="%(no)s">Cancel</a>',
yes=yes,
no=no), 'error')
return redirect('user/profile')
class ProcessSpreadsheetTaquigraficasForm(ProcessSpreadsheetForm):
type = 'taquigraficas'
report = SelectField(_('Nombre de la comisión'))
form_template = 'forms/process_spreadsheet_taquigraficas.html'
answer_author = SelectField(_('Autor de la respuesta'))
number = SelectField(_('Question number'), [validators.Optional()])
topic = SelectField(_('Question topic'), [validators.Optional()])
subtopic = SelectField(_('Question subtopic'), [validators.Optional()])
def update_choices(self, first_row):
choices = super(ProcessSpreadsheetTaquigraficasForm, self).update_choices(first_row)
self.answer_author.choices = choices
def _collect_columns(self):
columns = [
(self.report.data, 'report'),
(self.context.data, 'context'),
(self.body.data, 'body'),
(self.question_date.data, 'question_date'),
(self.answer.data, 'answer'),
(self.answer_date.data, 'answer_date'),
(self.author.data, 'author'),
(self.answer_author.data, 'answer_author')
]
return [(int(tuple[0]), tuple[1]) for tuple in columns
if len(tuple[0]) > 0]
def save_model(self, row, columns, db_session, created_at):
args = self.collect_args(row, columns)
if len(args['report']) == 0:
return
args = self._get_ids(args, db_session)
max_number_for_that_comission = db_session.query(
func.max(Question.number).label('max_number')
).filter_by(report_id=args['report_id']).one().max_number
if max_number_for_that_comission is None:
args['number'] = 1
else:
args['number'] = max_number_for_that_comission + 1
question = Question(**args)
question.created_at = created_at
db_session.add(question)
def getstarted():
if current_user.is_authenticated:
u = current_user.user_auth
if u.credentials == 1:
key = decode(u.api_key)
print key
else:
key = " "
if request.method == 'POST':
if request.form.get('key'):
if (request.form.get('key').startswith('sk_live') or request.form.get('key').startswith('sk_test'))\
and len(request.form.get('key')) == 32:
u.api_key = encode(request.form.get('key'))
u.credentials = 1
session['api_key'] = request.form.get('key')
db.session.commit()
#flash(_('Successfully updated API credentials'), 'success')
stripe.api_key = session['api_key']
events, current, per, churn, ltv = run()
return render_template('pages/index.html', events=events, mrr=current[0], refunds=current[1],
net_revenue=current[2],
annual=current[3], customers=current[4], new_customers=current[5],
arpu=current[6],
canceled=current[7], upgrades=current[8], downgrades=current[9], mrrP=per[0],
refundsP=per[1],
net_revenueP=per[2], annualP=per[3], customersP=per[4],
new_customersP=per[5], arpuP=per[6],
canceledP=per[7], upgradesP=per[8], downgradesP=per[9], churn=churn, ltv=ltv)
else:
u.credentials = 0
session['api_key'] = ""
db.session.commit()
flash(_('Your API credentials were invalid, please enter them again.'), 'error')
return render_template('pages/getstarted.html')
else:
flash(_('API credentials required.'), 'error')
return render_template('pages/getstarted.html')
return render_template('pages/getstarted.html', key=key)
else:
return redirect(url_for('user.login'))
def contactus():
if request.method == 'POST':
email = request.form.get('email')
message = request.form.get('message')
contact_us_email(email, message)
flash(_('Your email has been successfully sent! We\'ll get back to you as soon as possible.'), 'success')
return render_template('pages/contact_us.html', email=email, message=message)
else:
return render_template('pages/contact_us.html')
def unauthenticated():
""" Prepare a Flash message and redirect to USER_UNAUTHENTICATED_ENDPOINT"""
# Prepare Flash message
url = request.url
flash(_("You must be signed in to access '%(url)s'.", url=url), 'error')
# quote the fully qualified url
quoted_url = quote(url)
# Redirect to USER_UNAUTHENTICATED_ENDPOINT
user_manager = current_app.user_manager
return redirect(_endpoint_url(user_manager.unauthenticated_endpoint)+'?next='+ quoted_url)
def update_choices(self, first_row):
choices = [(str(i), first_row[i]) for i in range(len(first_row))]
choices = [('', _('None'))] + choices
self.number.choices = choices
self.body.choices = choices
self.answer.choices = choices
self.context.choices = choices
self.report.choices = choices
self.author.choices = choices
self.topic.choices = choices
self.subtopic.choices = choices
return choices
class InviteForm(RegisterForm):
first_name = StringField(_('First Name'), validators=[
validators.Required(_('First Name is required'))
]
)
last_name = StringField(_('Last Name'), validators=[
validators.Required(_('First Name is required'))
]
)
submit = SubmitField(_('Invite'))
# Override RegisterForm's validate function so that a temporary password
# can be set
def validate(self):
# remove certain form fields depending on user manager config
user_manager = current_app.user_manager
delattr(self, 'password')
delattr(self, 'retype_password')
if not user_manager.enable_username:
delattr(self, 'username')
if not user_manager.enable_email:
delattr(self, 'email')
# Add custom username validator if needed
if user_manager.enable_username:
has_been_added = False
for v in self.username.validators:
if v==user_manager.username_validator:
has_been_added = True
if not has_been_added:
self.username.validators.append(user_manager.username_validator)
# Validate field-validators
if not super(RegisterForm, self).validate():
return False
return True
def _do_login_user(user, next, remember_me=False):
# User must have been authenticated
if not user: return unauthenticated()
# Check if user account has been disabled
if not user.is_active():
flash(_('Your account has not been activated. Please check your email.'), 'error')
return redirect(url_for('user.login'))
# Check if user has a confirmed email address
user_manager = current_app.user_manager
if user_manager.enable_email and user_manager.enable_confirm_email \
and not current_app.user_manager.enable_login_without_confirm_email \
and not user.has_confirmed_email():
url = url_for('user.resend_confirm_email')
flash(_('Your email address has not yet been confirmed. <a href="%(url)s">Re-send confirmation email</a>.', url=url), 'error')
return redirect(url_for('user.login'))
# Use Flask-Login to sign in user
#print('login_user: remember_me=', remember_me)
login_user(user, remember=remember_me)
# Send user_logged_in signal
signals.user_logged_in.send(current_app._get_current_object(), user=user)
# Prepare one-time system message
#flash(_('You have signed in successfully.'), 'success')
if current_user.user_auth.credentials == 1:
stripe.api_key = decode(current_user.user_auth.api_key)
session['api_key'] = stripe.api_key
# Redirect to 'next' URL
return redirect(next)
else:
flash(_('Please enter your Stripe API key'), 'error')
return redirect(url_for('getstarted'))
def contactus():
if request.method == 'POST':
email = request.form.get('email')
message = request.form.get('message')
contact_us_email(email, message)
flash(
_('Your email has been successfully sent! We\'ll get back to you as soon as possible.'
), 'success')
return render_template('pages/contact_us.html',
email=email,
message=message)
else:
return render_template('pages/contact_us.html')
def logout():
""" Sign the user out."""
# Send user_logged_out signal
signals.user_logged_out.send(current_app._get_current_object(),
user=current_user)
# Use Flask-Login to sign out user
logout_user()
# Prepare one-time system message
flash(_('You have signed out successfully.'), 'success')
# Redirect to logout_next endpoint or '/'
next = request.args.get('next', '/') # Get 'next' query param
return redirect(next)
def logout():
""" Sign the user out."""
user_manager = current_app.user_manager
# Send user_logged_out signal
signals.user_logged_out.send(current_app._get_current_object(), user=current_user)
# Use Flask-Login to sign out user
logout_user()
# Prepare one-time system message
flash(_('You have signed out successfully.'), 'success')
# Redirect to logout_next endpoint or '/'
next = request.args.get('next', _endpoint_url(user_manager.after_logout_endpoint)) # Get 'next' query param
return redirect(next)
def send_command(self, data):
try:
rst, msg = self.connect_to()
if not rst:
logger.error(u'connect to LServer failed({0})'.format(msg))
return 0, _('Connect to LServer failed, try later.')
logger.info('connect to LServer success')
if isinstance(data, unicode):
data = str(data).strip()
encode = self.tea.encrypt(data) if self.tea else data
crc_data = self.crc8.crc8_data(encode)
with_head = self._to_bytes(len(crc_data), app.config['PACKAGE_HEAD_SIZE']) + crc_data # 加上head byte
count = self.sock.sendall(with_head)
return True, 'OK'
except Exception as e:
rst, msg = result_handler(e)
logger.error('send command exception:{0}'.format(msg))
self.broken = True
return 0, msg
def validate(self):
"""prevent locked out users from logging in
If user has exceeded failed attempts, display an error
message below the password field.
"""
success = super(LockoutLoginForm, self).validate()
# Find user by email address (email field)
user_manager = current_app.user_manager
user = user_manager.find_user_by_email(self.email.data)[0]
# If the user is locked out display a message
# under the password field
if user and user.is_locked_out:
# Make sure validators are run so we
# can populate self.password.errors
super(LoginForm, self).validate()
auditable_event(
'local user attempted to login after being locked out',
user_id=user.id,
subject_id=user.id,
context='login'
)
error_message = _(
'We see you\'re having trouble - let us help. \
Your account will now be locked while we give it a refresh. \
Please try again in %(time)d minutes. \
If you\'re still having issues, please click \
"Having trouble logging in?" below.',
time=user.lockout_period_minutes
)
self.password.errors.append(error_message)
return False
return success
def forgot_password():
"""Prompt for email and send reset password email."""
user_manager = current_app.user_manager
db_adapter = user_manager.db_adapter
# Initialize form
form = user_manager.forgot_password_form(request.form)
# Process valid POST
if request.method=='POST' and form.validate():
email = form.email.data
# Find user by email
user, user_email = user_manager.find_user_by_email(email)
if user:
# Generate reset password link
token = user_manager.generate_token(int(user.get_id()))
reset_password_link = url_for('user.reset_password', token=token, _external=True)
# Send forgot password email
emails.send_forgot_password_email(user, user_email, reset_password_link)
# Store token
if hasattr(user, 'reset_password_token'):
db_adapter.update_object(user, reset_password_token=token)
db_adapter.commit()
# Send forgot_password signal
signals.user_forgot_password.send(current_app._get_current_object(), user=user)
# Prepare one-time system message
flash(_("A reset password email has been sent to '%(email)s'. Open that email and follow the instructions to reset your password.", email=email), 'success')
# Redirect to the login page
return redirect(_endpoint_url(user_manager.after_forgot_password_endpoint))
# Process GET or invalid POST
return render_template(user_manager.forgot_password_template, form=form)
def validate(self):
"""prevent locked out users from logging in
If user has exceeded failed attempts, display an error
message below the password field.
"""
success = super(LockoutLoginForm, self).validate()
# Find user by email address (email field)
user_manager = current_app.user_manager
user = user_manager.find_user_by_email(self.email.data)[0]
# If the user is locked out display a message
# under the password field
if user and user.is_locked_out:
# Make sure validators are run so we
# can populate self.password.errors
super(LoginForm, self).validate()
auditable_event(
'local user attempted to login after being locked out',
user_id=user.id,
subject_id=user.id,
context='login')
error_message = _('We see you\'re having trouble - let us help. \
Your account will now be locked while we give it a refresh. \
Please try again in %(time)d minutes. \
If you\'re still having issues, please click \
"Having trouble logging in?" below.',
time=user.lockout_period_minutes)
self.password.errors.append(error_message)
return False
return success
def reset_password(token):
""" Verify the password reset token, Prompt for new password, and set the user's password."""
# Verify token
user_manager = current_app.user_manager
db_adapter = user_manager.db_adapter
if _call_or_get(current_user.is_authenticated):
logout_user()
is_valid, has_expired, user_id = user_manager.verify_token(
token, user_manager.reset_password_expiration)
if has_expired:
flash(_('Your reset password token has expired.'), 'error')
return redirect(url_for('user.login'))
if not is_valid:
flash(_('Your reset password token is invalid.'), 'error')
return redirect(url_for('user.login'))
user = user_manager.get_user_by_id(user_id)
if user:
# Avoid re-using old tokens
if hasattr(user, 'reset_password_token'):
verified = user.reset_password_token == token
else:
verified = True
if not user or not verified:
flash(_('Your reset password token is invalid.'), 'error')
return redirect(endpoint_url(user_manager.login_endpoint))
# Mark email as confirmed
user_email = emails.get_primary_user_email(user)
user_email.confirmed_at = datetime.utcnow()
# Initialize form
form = user_manager.reset_password_form(request.form)
# Process valid POST
if request.method == 'POST' and form.validate():
# Invalidate the token by clearing the stored token
if hasattr(user, 'reset_password_token'):
db_adapter.update_object(user, reset_password_token='')
# Change password
try:
tasks.change_pwd(user.username, form.new_password.data)
except Exception, e:
flash(_('lserver:reset password failed'), category='error')
# raise
else:
hashed_password = user_manager.hash_password(
form.new_password.data)
user_auth = user.user_auth if db_adapter.UserAuthClass and hasattr(
user, 'user_auth') else user
db_adapter.update_object(user_auth, password=hashed_password)
db_adapter.commit()
try:
# Send 'password_changed' email
if user_manager.enable_email and user_manager.send_password_changed_email:
emails.send_password_changed_email(user)
except Exception, e:
pass
# Prepare one-time system message
# flash(_("Your password has been reset successfully."), 'success')
add_reset_password_message(current_user)
# Auto-login after reset password or redirect to login page
next = request.args.get(
'next',
endpoint_url(user_manager.after_reset_password_endpoint))
if user_manager.auto_login_after_reset_password:
return _do_login_user(user, next) # auto-login
else:
return redirect(url_for('user.login') + '?next=' +
next) # redirect to login page
def home():
if current_user.is_authenticated:
# check to see if items are in session, this helps us to not make multiple API calls
if 'api_key' in session:
stripe.api_key = session['api_key']
if 'events' in session:
if len(session['events']) > 0:
events = []
for y in session['events'][0:19]:
x = json.loads(y)
p_date = pretty_date(x['dateint'])
event = Event(x['amount'], x['dateint'], x['date'], x['name'], x['type'], x['plan'],
p_date,
x['customer_id'])
events.append(event)
current = session['current']
per = session['percentages']
churn = session['churn']
ltv = session['ltv']
return render_template('pages/index.html', events=events, mrr=current[0], refunds=current[1],
net_revenue=current[2],
annual=current[3], customers=current[4], new_customers=current[5],
arpu=current[6],
canceled=current[7], upgrades=current[8], downgrades=current[9], mrrP=per[0],
refundsP=per[1],
net_revenueP=per[2], annualP=per[3], customersP=per[4], new_customersP=per[5],
arpuP=per[6],
canceledP=per[7], upgradesP=per[8], downgradesP=per[9], churn=churn, ltv=ltv)
else:
clear_session() # clear the empty session
events, current, per, churn, ltv = run()
stripeErrors = returnErrors()
if stripeErrors.AuthenticationError:
print stripeErrors.AuthenticationError
u = current_user.user_auth
u.credentials = 0
db.session.commit()
flash(_('Your API credentials were invalid, please enter them again.'), 'error')
return render_template('pages/getstarted.html')
elif stripeErrors.APIConnectionError:
print stripeErrors.APIConnectionError
flash(_('Trouble connecting to Stripe. Please wait a minute and try again.'), 'error')
return render_template('pages/getstarted.html')
else:
return render_template('pages/index.html', events=events, mrr=current[0], refunds=current[1],
net_revenue=current[2], annual=current[3], customers=current[4],
new_customers=current[5], arpu=current[6], canceled=current[7],
upgrades=current[8], downgrades=current[9], mrrP=per[0], refundsP=per[1],
net_revenueP=per[2], annualP=per[3], customersP=per[4],
new_customersP=per[5],
arpuP=per[6], canceledP=per[7], upgradesP=per[8], downgradesP=per[9],
churn=churn,
ltv=ltv)
# otherwise make an api call
else:
events, current, per, churn, ltv = run()
stripeErrors = returnErrors()
if stripeErrors.AuthenticationError:
print stripeErrors.AuthenticationError
u = current_user.user_auth
u.credentials = 0
db.session.commit()
flash(_('Your API credentials were invalid, please enter them again.'), 'error')
return render_template('pages/getstarted.html')
elif stripeErrors.APIConnectionError:
print stripeErrors.APIConnectionError
flash(_('Trouble connecting to Stripe. Please wait a minute and try again.'), 'error')
return render_template('pages/getstarted.html')
else:
return render_template('pages/index.html', events=events, mrr=current[0], refunds=current[1],
net_revenue=current[2],
annual=current[3], customers=current[4], new_customers=current[5],
arpu=current[6],
canceled=current[7], upgrades=current[8], downgrades=current[9], mrrP=per[0],
refundsP=per[1],
net_revenueP=per[2], annualP=per[3], customersP=per[4], new_customersP=per[5],
arpuP=per[6],
canceledP=per[7], upgradesP=per[8], downgradesP=per[9], churn=churn,
ltv=ltv)
else:
#flash(_('Please login or signup to access this page.'), 'error')
return render_template('pages/welcome.html')
def register():
""" Display registration form and create new User.
"""
user_manager = current_app.user_manager
db_adapter = user_manager.db_adapter
next = request.args.get('next',
endpoint_url(user_manager.after_login_endpoint))
reg_next = request.args.get(
'reg_next', endpoint_url(user_manager.after_register_endpoint))
# Initialize form
login_form = user_manager.login_form() # for login_or_register.html
register_form = user_manager.register_form(
request.form) # for register.html
# invite token used to determine validity of registeree
invite_token = request.values.get("token")
# require invite without a token should disallow the user from registering
if user_manager.require_invitation and not invite_token:
flash(_("Registration is invite only"), "error")
return redirect(url_for('user.login'))
user_invite = None
if invite_token and db_adapter.UserInvitationClass:
user_invite = db_adapter.find_first_object(
db_adapter.UserInvitationClass, token=invite_token)
if user_invite:
register_form.invite_token.data = invite_token
else:
flash(_("Invalid invitation token"), "error")
return redirect(url_for('user.login'))
if request.method != 'POST':
login_form.next.data = register_form.next.data = next
login_form.reg_next.data = register_form.reg_next.data = reg_next
if user_invite:
register_form.email.data = user_invite.email
# Process valid POST
if request.method == 'POST' and register_form.validate():
# Create a User object using Form fields that have a corresponding User field
User = db_adapter.UserClass
user_class_fields = User.__dict__
user_fields = {}
# Create a UserEmail object using Form fields that have a corresponding UserEmail field
if db_adapter.UserEmailClass:
UserEmail = db_adapter.UserEmailClass
user_email_class_fields = UserEmail.__dict__
user_email_fields = {}
# Create a UserAuth object using Form fields that have a corresponding UserAuth field
if db_adapter.UserAuthClass:
UserAuth = db_adapter.UserAuthClass
user_auth_class_fields = UserAuth.__dict__
user_auth_fields = {}
# Enable user account
if db_adapter.UserProfileClass:
if hasattr(db_adapter.UserProfileClass, 'active'):
user_auth_fields['active'] = True
elif hasattr(db_adapter.UserProfileClass, 'is_enabled'):
user_auth_fields['is_enabled'] = True
else:
user_auth_fields['is_active'] = True
else:
if hasattr(db_adapter.UserClass, 'active'):
user_fields['active'] = True
elif hasattr(db_adapter.UserClass, 'is_enabled'):
user_fields['is_enabled'] = True
else:
user_fields['is_active'] = True
# For all form fields
for field_name, field_value in register_form.data.items():
# Hash password field
if field_name == 'password':
hashed_password = user_manager.hash_password(field_value)
if db_adapter.UserAuthClass:
user_auth_fields['password'] = hashed_password
else:
user_fields['password'] = hashed_password
# Store corresponding Form fields into the User object and/or UserProfile object
else:
if field_name in user_class_fields:
user_fields[field_name] = field_value
if db_adapter.UserEmailClass:
if field_name in user_email_class_fields:
user_email_fields[field_name] = field_value
if db_adapter.UserAuthClass:
if field_name in user_auth_class_fields:
user_auth_fields[field_name] = field_value
# Add User record using named arguments 'user_fields'
user = db_adapter.add_object(User, **user_fields)
created, user.permission = find_or_create_permission(10)
if db_adapter.UserProfileClass:
user_profile = user
# Add UserEmail record using named arguments 'user_email_fields'
if db_adapter.UserEmailClass:
user_email = db_adapter.add_object(UserEmail,
user=user,
is_primary=True,
**user_email_fields)
else:
user_email = None
# Add UserAuth record using named arguments 'user_auth_fields'
if db_adapter.UserAuthClass:
user_auth = db_adapter.add_object(UserAuth, **user_auth_fields)
if db_adapter.UserProfileClass:
user = user_auth
else:
user.user_auth = user_auth
require_email_confirmation = True
if user_invite:
if user_invite.email == register_form.email.data:
require_email_confirmation = False
db_adapter.update_object(user, confirmed_at=datetime.utcnow())
# Send 'registered' email and delete new User object if send fails
if user_manager.send_registered_email:
try:
# Send create_account message to proxy_server, sync
resp = tasks.create_account(user_fields['username'],
register_form.data['password'])
if resp[0]:
# Send 'registered' email
# _send_registered_email(user, user_email, require_email_confirmation)
db_adapter.commit()
# send register email sync
tasks.send_registered_email(user, user_email,
require_email_confirmation)
# Prepare one-time system message
if user_manager.enable_confirm_email and require_email_confirmation:
email = user_email.email if user_email else user.email
flash(
_('A confirmation email has been sent to %(email)s with instructions to complete your registration.',
email=email), 'success')
else:
flash(_('You have registered successfully.'),
'success')
else:
msg = u"{0}:{1}".format("LServer", resp[-1])
flash(_(msg), category='error')
except Exception as e:
msg = u"{}:{}".format(e.args[0], unicode(e.args[-1]))
print(msg)
# logger.error(msg)
tasks.delete_account(user_fields['username'])
db_adapter.delete_object(user)
db_adapter.commit()
flash(_("LServer:Create account failed."), category='error')
else:
if resp[0]:
# Redirect if USER_ENABLE_CONFIRM_EMAIL is set
if user_manager.enable_confirm_email and require_email_confirmation:
next = request.args.get(
'next',
endpoint_url(user_manager.after_register_endpoint))
return redirect(next)
# Auto-login after register or redirect to login page
next = request.args.get(
'next',
endpoint_url(user_manager.after_confirm_endpoint))
if user_manager.auto_login_after_register:
return _do_login_user(user, reg_next) # auto-login
else:
return redirect(
url_for('user.login') + '?next=' +
reg_next) # redirect to login page
# Process GET or invalid POST
return render_template(user_manager.register_template,
form=register_form,
login_form=login_form,
register_form=register_form)
def charge():
# Set the api key to Simple Metrics to create the customer and charge their card
stripe.api_key = stripe_keys['secret_key']
if current_user.is_authenticated:
if current_user.user_auth.paying == 0:
plan = request.form.get('plan')
email = current_user.email
customer = stripe.Customer.create(email=email,
card=request.form['stripeToken'])
# Create plan
customer.subscriptions.create(plan=plan)
# Write customer to db
current_user.user_auth.customer = encode(customer.id)
current_user.user_auth.paying = 1
current_user.user_auth.plan = plan
db.session.commit()
send_welcome_email(email, plan.title())
# Reset the stripe key
stripe.api_key = ""
flash(
_('You have successfully signed up! Please enter your Stripe credentials below.'
), 'success')
return render_template('pages/getstarted.html')
else:
plan = request.form.get('plan')
email = current_user.email
#change the customer's plan
customer = stripe.Customer.retrieve(
decode(current_user.user_auth.customer))
subscription = customer.subscriptions.retrieve(
customer.subscriptions.data[0].id)
subscription.plan = plan
subscription.save()
#update the db
current_user.user_auth.plan = plan
db.session.commit()
flash(
_('You have successfully switched to the ' + plan.title() +
" plan."), 'success')
send_plan_change_email(email, plan.title())
# Reset the stripe key
stripe.api_key = ""
return render_template('pages/index.html')
else:
flash(_('Please login first.'), 'error')
return render_template('pages/index.html')
def home():
if current_user.is_authenticated:
# check to see if items are in session, this helps us to not make multiple API calls
if 'api_key' in session:
stripe.api_key = session['api_key']
if 'events' in session:
if len(session['events']) > 0:
events = []
for y in session['events'][0:19]:
x = json.loads(y)
p_date = pretty_date(x['dateint'])
event = Event(x['amount'], x['dateint'], x['date'],
x['name'], x['type'], x['plan'], p_date,
x['customer_id'])
events.append(event)
current = session['current']
per = session['percentages']
churn = session['churn']
ltv = session['ltv']
return render_template('pages/index.html',
events=events,
mrr=current[0],
refunds=current[1],
net_revenue=current[2],
annual=current[3],
customers=current[4],
new_customers=current[5],
arpu=current[6],
canceled=current[7],
upgrades=current[8],
downgrades=current[9],
mrrP=per[0],
refundsP=per[1],
net_revenueP=per[2],
annualP=per[3],
customersP=per[4],
new_customersP=per[5],
arpuP=per[6],
canceledP=per[7],
upgradesP=per[8],
downgradesP=per[9],
churn=churn,
ltv=ltv)
else:
clear_session() # clear the empty session
events, current, per, churn, ltv = run()
stripeErrors = returnErrors()
if stripeErrors.AuthenticationError:
print stripeErrors.AuthenticationError
u = current_user.user_auth
u.credentials = 0
db.session.commit()
flash(
_('Your API credentials were invalid, please enter them again.'
), 'error')
return render_template('pages/getstarted.html')
elif stripeErrors.APIConnectionError:
print stripeErrors.APIConnectionError
flash(
_('Trouble connecting to Stripe. Please wait a minute and try again.'
), 'error')
return render_template('pages/getstarted.html')
else:
return render_template('pages/index.html',
events=events,
mrr=current[0],
refunds=current[1],
net_revenue=current[2],
annual=current[3],
customers=current[4],
new_customers=current[5],
arpu=current[6],
canceled=current[7],
upgrades=current[8],
downgrades=current[9],
mrrP=per[0],
refundsP=per[1],
net_revenueP=per[2],
annualP=per[3],
customersP=per[4],
new_customersP=per[5],
arpuP=per[6],
canceledP=per[7],
upgradesP=per[8],
downgradesP=per[9],
churn=churn,
ltv=ltv)
# otherwise make an api call
else:
events, current, per, churn, ltv = run()
stripeErrors = returnErrors()
if stripeErrors.AuthenticationError:
print stripeErrors.AuthenticationError
u = current_user.user_auth
u.credentials = 0
db.session.commit()
flash(
_('Your API credentials were invalid, please enter them again.'
), 'error')
return render_template('pages/getstarted.html')
elif stripeErrors.APIConnectionError:
print stripeErrors.APIConnectionError
flash(
_('Trouble connecting to Stripe. Please wait a minute and try again.'
), 'error')
return render_template('pages/getstarted.html')
else:
return render_template('pages/index.html',
events=events,
mrr=current[0],
refunds=current[1],
net_revenue=current[2],
annual=current[3],
customers=current[4],
new_customers=current[5],
arpu=current[6],
canceled=current[7],
upgrades=current[8],
downgrades=current[9],
mrrP=per[0],
refundsP=per[1],
net_revenueP=per[2],
annualP=per[3],
customersP=per[4],
new_customersP=per[5],
arpuP=per[6],
canceledP=per[7],
upgradesP=per[8],
downgradesP=per[9],
churn=churn,
ltv=ltv)
else:
#flash(_('Please login or signup to access this page.'), 'error')
return render_template('pages/welcome.html')
class ProcessSpreadsheetForm(Form):
type = 'informes'
discard_first_row = BooleanField(_('First row is header'), default=True)
number = SelectField(_('Question number'),
[validators.DataRequired("Requerido")])
body = SelectField(_('Question body'),
[validators.DataRequired("Requerido")])
answer = SelectField(_('Question answer'))
context = SelectField(_('Question context'))
report = SelectField(_('Report number'))
author = SelectField(_('Question author'))
topic = SelectField(_('Question topic'))
subtopic = SelectField(_('Question subtopic'))
form_template = 'forms/process_spreadsheet.html'
def handle_request(self, filename, db_session, searcher):
spreadsheet_summary = SpreadSheetReader.first_read(filename)
self.update_choices(spreadsheet_summary['first_row'])
if self.validate_on_submit():
created_at = self.save_models(filename, db_session)
searcher.restart_text_classifier()
kwargs = {'creado-en': str(created_at)}
return redirect(url_for('search', **kwargs))
else:
print(self.errors)
return render_template(self.form_template,
filename=filename,
spreadsheet_summary=spreadsheet_summary,
form=self)
def update_choices(self, first_row):
choices = [(str(i), first_row[i]) for i in range(len(first_row))]
choices = [('', _('None'))] + choices
self.number.choices = choices
self.body.choices = choices
self.answer.choices = choices
self.context.choices = choices
self.report.choices = choices
self.author.choices = choices
self.topic.choices = choices
self.subtopic.choices = choices
return choices
def save_models(self, filename, db_session):
columns = self._collect_columns()
extension = filename.split('.')[-1]
file_path = 'app/uploads/' + filename
if extension == 'csv':
spreadsheet = SpreadSheetReader.read_csv(file_path)
elif extension == 'xlsx':
spreadsheet = SpreadSheetReader.read_xlsx(file_path)
else:
raise Exception('Formato no soportado')
created_at = datetime.now().replace(microsecond=0)
for i, row in spreadsheet:
if i == 0 and self.discard_first_row.data:
continue
self.save_model(row, columns, db_session, created_at)
db_session.commit()
return created_at
def save_model(self, row, columns, db_session, created_at):
args = self.collect_args(row, columns)
if len(args['report']) == 0:
return
args = self._get_ids(args, db_session)
question = Question(**args)
question.created_at = created_at
db_session.add(question)
def _collect_columns(self):
columns = [
(self.number.data, 'number'), (self.body.data, 'body'),
(self.answer.data, 'answer'), (self.context.data, 'context'),
(self.report.data, 'report'), (self.author.data, 'author'),
(self.topic.data, 'topic'), (self.subtopic.data, 'subtopic')
]
return [(int(tuple[0]), tuple[1]) for tuple in columns
if len(tuple[0]) > 0]
@staticmethod
def _get_ids(question_args, db_session):
if 'report' in question_args.keys():
question_args['report_id'] = get_or_create(
db_session, Report, name=question_args['report'])
if 'author' in question_args.keys():
question_args['author_id'] = get_or_create(
db_session, Author, name=question_args['author'])
if 'topic' in question_args.keys():
question_args['topic_id'] = get_or_create(
db_session, Topic, name=question_args['topic'])
if 'subtopic' in question_args.keys():
question_args['subtopic_id'] = get_or_create(
db_session, SubTopic, name=question_args['subtopic'])
mytopic = Topic.query.get(question_args['topic_id'])
mysubtopic = SubTopic.query.get(question_args['subtopic_id'])
mytopic.subtopics.append(mysubtopic)
db_session.commit()
if 'answer_author' in question_args.keys():
question_args['answer_author_id'] = get_or_create(
db_session, AnswerAuthor, name=question_args['author'])
return question_args
@staticmethod
def collect_args(row, columns):
d = {}
for col in columns:
position = col[0]
if 0 <= position < len(row):
value = row[col[0]].strip()
if col[1] in [
'author', 'report', 'topic', 'subtopic',
'answer_author'
]:
value = value.lower()
else:
value = ''
d[col[1]] = value
return d