def edit_blog_post(request):
session = DBSession()
matchdict = request.matchdict
post = session.query(Post).filter(Post.id == matchdict["post_id"]).one()
if 'submitted' in request.params:
fs = FieldSet(post, data=request.params)
# TODO
# Not sure why this is necessary...shouldn't I just be able to pass the session to FieldSet and have it sync?
post.title = fs.title.value
post.content = fs.content.value
post.modified_time = time.time()
session.add(post)
return HTTPFound(location = route_url("view_blog_post", request, post_id = post.id))
if 'delete' in request.params:
session.delete(post)
return HTTPFound(location = route_url("edit_blog", request))
edit_blog_post_url = route_url("edit_blog_post", request, post_id = post.id)
fs = FieldSet(post)
fs.configure(options=[fs.content.textarea(size=(45, 10))], exclude = [fs["modified_time"], fs["created_time"], fs["user"]])
form = fs.render()
return dict(form = form, title = post.title, edit_blog_post_url = edit_blog_post_url)
def edit_page(request):
"""Edit a given page."""
session = DBSession()
matchdict = request.matchdict
page = session.query(Page).join(User).filter(Page.id == matchdict["page_id"]).order_by(desc(Page.modified_time)).one()
if 'submitted' in request.params:
fs = FieldSet(page, data=request.params)
# TODO
# add validation
# Not sure why this is necessary...shouldn't I just be able to pass the session to FieldSet and have it sync?
page.title = fs.title.value
page.content = fs.content.value
page.modified_time = time.time()
page.location = fs.location.value
session.add(page)
return HTTPFound(location = route_url("view_page", request, page_location = page.location))
elif 'delete' in request.params:
session.delete(page)
return HTTPFound(location = route_url("edit_pages", request))
edit_blog_post_url = route_url("edit_page", request, page_id = page.id)
fs = FieldSet(page)
fs.configure(options=[fs.content.textarea(size=(45, 10))], exclude = [fs["modified_time"], fs["created_time"], fs["user"]])
form = fs.render()
# TODO
# Figure out how to delete using checkboxes
return dict(title = "Edit '%s'" % page.title, save_name = save_name, delete_name = delete_name, form = form)
def register_user(request):
session = DBSession()
matchdict = request.matchdict
if (request.logged_in):
request.session.flash(_("You are already logged in and therefore cannot register for a new account."))
return HTTPFound(location = route_url("home", request))
login_url = route_url('login', request)
referrer = request.url
if (referrer == login_url):
referrer = '/' # never use the login form itself as came_from
came_from = request.params.get('came_from', referrer)
fs = None
if 'submitted' in request.params:
fs = RegisterUserFieldSet().bind(User, session = session, data = request.params or None)
valid = fs.validate()
if valid:
user = User()
password = bcrypt.hashpw(fs.password1.value, bcrypt.gensalt())
# TODO
# Shouldn't have to do this, but doing it for simplicity now
user.username = fs.username.value
user.password = password
user.given_name = fs.given_name.value
user.surname = fs.surname.value
user.homepage = fs.homepage.value
#user.email = fs.email.value
user.email = bcrypt.hashpw(fs.email.value, bcrypt.gensalt())
user.created_time = time.time()
user.user_type = User.NORMAL
session.add(user)
session.flush()
User.addToGroup(fs.username.value, "nexus")
request.session["username"] = fs.username.value
headers = remember(request, User.getID(fs.username.value))
request.session.flash(_("You have successfully created a new account!"))
return HTTPFound(location = route_url("home", request), headers = headers)
if (fs is None):
fs = RegisterUserFieldSet().bind(User, session = session)
form = fs.render()
return dict(form = form, title = _("Register new user"))
def reset_password(request):
session = DBSession()
matchdict = request.matchdict
token = matchdict["token"]
forgotPassword = ForgotPassword.getByToken(token)
if (not forgotPassword):
request.session.flash(_("Reset password token not found in database."))
return HTTPFound(location = route_url("home", request))
if (request.logged_in):
request.session.flash(_("You are already logged in and therefore cannot reset a password."))
return HTTPFound(location = route_url("home", request))
login_url = route_url('login', request)
referrer = request.url
if (referrer == login_url):
referrer = '/' # never use the login form itself as came_from
came_from = request.params.get('came_from', referrer)
user = User.getByID(forgotPassword.user.id)
fs = None
if 'submitted' in request.params:
fs = ResetPasswordFieldSet().bind(User, session = session, data = request.params or None)
valid = fs.validate()
if valid:
user = User.getByID(request.params["user_id"])
password = bcrypt.hashpw(fs.password1.value, bcrypt.gensalt())
user.password = password
user.user_type = User.NORMAL
session.add(user)
session.flush()
session.query(ForgotPassword).filter(ForgotPassword.user_id == user.id).delete()
request.session["username"] = user.username
headers = remember(request, user.id)
request.session.flash(_("You have successfully updated your password!"))
return HTTPFound(location = route_url("home", request), headers = headers)
if (fs is None):
fs = ResetPasswordFieldSet().bind(User, session = session)
form = fs.render()
return dict(form = form, user_id = user.id, title = _("Forgot your password?"))
def register_user_openid(request):
session = DBSession()
matchdict = request.matchdict
if (request.logged_in):
request.session.flash(_("You are already logged in and therefore cannot register for a new account."))
return HTTPFound(location = route_url("home", request))
fs = OpenIDUserFieldSet().bind(User, session = session)
fs.append(Field("openid_url", value = request.params.get("openid_url", "")).hidden())
if 'submitted' in request.params:
fs = OpenIDUserFieldSet().bind(User, session = session, data = request.params or None)
valid = fs.validate()
if valid:
user = User()
# TODO
# Shouldn't have to do this, but doing it for simplicity now
# Should validate that the username is unique
user.username = fs.username.value
user.given_name = fs.given_name.value
user.surname = fs.surname.value
user.homepage = fs.homepage.value
user.user_type = User.OPENID
now = time.time()
user.created_time = now
user.password = bcrypt.hashpw(str(int(now)), bcrypt.gensalt())
session.add(user)
session.flush()
User.addToGroup(fs.username.value, "nexus")
request.session["username"] = fs.username.value
user_id = User.getID(fs.username.value)
openid = OpenID(openid_url = request.params.get("openid_url", ""), user_id = user_id)
session.add(openid)
headers = remember(request, user_id)
request.session["username"] = fs.username.value
request.session.flash(_("You have successfully registered!"))
return HTTPFound(location = route_url("home", request), headers = headers)
form = fs.render()
return dict(form = form, title = _("Register new user"))
def new_blog_post(request):
session = DBSession()
if 'submitted' in request.params:
post = Post()
fs = FieldSet(Post, data=request.params)
post.title = fs.title.value
post.content = fs.content.value
now = time.time()
post.modified_time = now
post.created_time = now
post.user_id = authenticated_userid(request)
session.add(post)
return HTTPFound(location = route_url("edit_blog", request))
new_blog_post_url = route_url("new_blog_post", request)
fs = FieldSet(Post, session = session)
fs.configure(options=[fs.content.textarea(size=(45, 10))], exclude = [fs["modified_time"], fs["user"], fs["comments"], fs["created_time"]])
form = fs.render()
return dict(title = _("New Fluid Nexus Blog Post"), form = form, new_blog_post_url = new_blog_post_url)
def new_page(request):
session = DBSession()
if 'submitted' in request.params:
page = Page()
fs = FieldSet(Page, data=request.params)
page.title = fs.title.value
page.content = fs.content.value
page.location = fs.location.value.lower()
now = time.time()
page.modified_time = now
page.created_time = now
page.user_id = authenticated_userid(request)
session.add(page)
return HTTPFound(location = route_url("edit_pages", request))
new_page_url = route_url("new_page", request)
fs = FieldSet(Page, session = session)
fs.configure(options=[fs.content.textarea(size=(45, 10))], exclude = [fs["modified_time"], fs["user"], fs["created_time"]])
form = fs.render()
return dict(title = "Create new Fluid Nexus page", save_name = save_name, form = form)
def api_do_authorize_token(request):
session = DBSession()
matchdict = request.matchdict
appType = matchdict.get("appType", "")
# First check that the logged in user is the holder of this token
given_token = request.params.get("token")
token = Token.getByToken(given_token)
consumer = ConsumerKeySecret.getByConsumerID(token.consumer_key_secret.id)
if (not consumer):
request.session.flash(_("Unable to find consumer key in the database; this should never happen!"))
return HTTPFound(location = route_url("home", request))
if (token):
if (token.consumer_key_secret.user.id != request.logged_in):
request.session.flash(_("Attempt to use an authorization token that does not belong to you."))
return HTTPFound(location = route_url("home", request))
else:
request.session.flash(_("Malformed authorization token parameters."))
return HTTPFound(location = route_url("home", request))
# Generate a new token to replace this now non-useful authorization token
randomData = hashlib.sha1(str(random.random())).hexdigest()
key = generateRandomKey()
secret = generateRandomKey()
token.token = key
token.token_secret = secret
token.consumer_id = consumer.id
token.timestamp = time.time()
token.setAccessType()
if (appType == "android"):
token.callback_url = token.callback_url + "?oauth_token=%s&oauth_token_secret=%s" % (token.token, token.token_secret)
session.add(token)
return HTTPFound(location = token.callback_url)
def view_blog_post(request):
session = DBSession()
matchdict = request.matchdict
post = session.query(Post).filter(Post.id == matchdict["post_id"]).one()
user = session.query(User).filter(User.id == post.user_id).one()
post.username = user.username
post_comment_url = route_url("view_blog_post", request, post_id = post.id)
fs = None
# TODO
# * make form validation better and more attractive
# * add in field that asks for user to type word to submit form
if 'submitted' in request.params:
comment = Comment()
fs = CommentFieldSet().bind(Comment, session = session, data = request.POST or None)
valid = fs.validate()
if valid:
comment.name = fs.name.value
comment.email = fs.email.value
comment.homepage = fs.homepage.value
comment.content = fs.content.value
now = time.time()
comment.created_time = now
comment.post_id = post.id
session.add(comment)
request.session.flash(_("Your comment was successfully posted."))
fs = None
comments = session.query(Comment).filter(Comment.post_id == post.id).order_by(desc(Comment.created_time))
if (fs is None):
fs = CommentFieldSet().bind(Comment, session = session)
comment_form = fs.render()
return dict(title = post.title + _(" || Fluid Nexus Blog Post"), post = post, comments = comments, comment_form = comment_form, post_comment_url = post_comment_url)
def api_request_key(request):
session = DBSession()
if (not request.logged_in):
request.session.flash(_("You must be registered and logged in to request a consumer key and secret."))
return HTTPForbidden(location = route_url("home", request))
keySecret = ConsumerKeySecret.getByUserID(request.logged_in)
if (keySecret):
key = keySecret.consumer_key
secret = keySecret.consumer_secret
else:
# generate a consumer key and secret
randomData = hashlib.sha1(str(random.random())).hexdigest()
keySecret = ConsumerKeySecret()
key = generateRandomKey()
secret = generateRandomKey()
keySecret.consumer_key = key
keySecret.consumer_secret = secret
keySecret.user_id = request.logged_in
keySecret.setNormalStatus()
session.add(keySecret)
return dict(key = key, secret = secret, title = _("Fluid Nexus Key and Secret"))
def forgot_password(request):
session = DBSession()
matchdict = request.matchdict
if (request.logged_in):
request.session.flash(_("You are already logged in and therefore cannot request a new password."))
return HTTPFound(location = route_url("home", request))
login_url = route_url('login', request)
referrer = request.url
if (referrer == login_url):
referrer = '/' # never use the login form itself as came_from
came_from = request.params.get('came_from', referrer)
fs = None
if 'submitted' in request.params:
fs = ForgotPasswordFieldSet().bind(User, session = session, data = request.params or None)
valid_user = User.checkEmail(fs.username.value, fs.email.value)
if (not valid_user):
request.session.flash(_("E-mail and password combination do not match."))
return HTTPFound(location = route_url("home", request))
#user = User.getByEmail(fs.email.value)
token = str(time.time())
# Generate salt
for x in xrange(0, 10):
token += str(random.randint(0, 100))
token = hashlib.sha256(token).hexdigest()
fp = ForgotPassword(token = token)
fp.user_id = valid_user.id
session.add(fp)
valid_user.user_type = User.FORGOT_PASSWORD
session.add(valid_user)
# Import smtplib for the actual sending function
import smtplib
# Import the email modules we'll need
from email.mime.text import MIMEText
text = """Please go to the following link to reset your password:
http://fluidnexus.net/reset_password/%s
If you have any questions please reply to this e-mail.
Best,
fluidnexus.net""" % token
msg = MIMEText(text)
msg["Subject"] = "Forgotten password for %s" % (fs.email.value)
msg["From"] = "*****@*****.**"
msg["To"] = fs.email.value
s = smtplib.SMTP("localhost")
s.sendmail("*****@*****.**", [fs.email.value], msg.as_string())
s.quit()
request.session.flash(_("Please check your e-mail for the link to reset your password."))
return HTTPFound(location = route_url("home", request))
if (fs is None):
fs = ForgotPasswordFieldSet().bind(User, session = session)
form = fs.render()
return dict(form = form, title = _("Forgot your password?"))
def api_request_token(request):
session = DBSession()
auth_header = {}
matchdict = request.matchdict
appType = matchdict.get("appType", False)
if ('Authorization' in request.headers):
auth_header = {'Authorization': request.headers['Authorization']}
req = oauth2.Request.from_request(
request.method,
request.url,
headers = auth_header,
parameters = dict([(k,v) for k,v in request.params.iteritems()]))
consumer = ConsumerKeySecret.getByConsumerKey(req.get("oauth_consumer_key"))
#if (request.logged_in != consumer.id):
# request.session.flash(_("You are trying to request a token using credentials that do not belong to you."))
# return HTTPForbidden(location = route_url("home", request))
try:
oauth_server.verify_request(req, consumer, None)
# Check that this user doesn't already have an access token
consumerToken = Token.getByConsumerID(consumer.id)
if consumerToken:
if (consumerToken.token_type == consumerToken.ACCESS):
return Response(simplejson.dumps({'result': route_url('api_access_token', request)}))
elif (consumerToken.token_type == consumerToken.AUTHORIZATION):
# TODO
# Check that the token hasn't already expired
token = oauth2.Token(consumerToken.token, consumerToken.token_secret)
if (appType == "android"):
return Response(token.to_string())
else:
return Response(simplejson.dumps({'result': route_url('api_authorize_token', request, appType = appType) + '?' + token.to_string()}))
nonce = ConsumerNonce.getByNonce(req.get("oauth_nonce"))
if (nonce):
return simplejson.dumps({"error": "Nonce is already registered for an authorization token; please generate another request token, or wait five minutes and try again."})
else:
nonce = ConsumerNonce()
nonce.consumer_id = consumer.id
nonce.timestamp = req.get("oauth_timestamp")
nonce.nonce = req.get("oauth_nonce")
session.add(nonce)
randomData = hashlib.sha1(str(random.random())).hexdigest()
key = generateRandomKey()
secret = generateRandomKey()
token = oauth2.Token(key, secret)
token.callback_confirmed = True
tokenData = Token()
tokenData.token = key
tokenData.token_secret = secret
tokenData.consumer_id = consumer.id
tokenData.timestamp = time.time()
tokenData.callback_url = req.get("oauth_callback")
tokenData.setAuthorizationType()
session.add(tokenData)
if (appType == "android"):
return Response(token.to_string())
elif (appType == "desktop"):
result = {'result': route_url('api_authorize_token', request, appType = appType) + '?' + token.to_string()}
return Response(simplejson.dumps(result))
except oauth2.Error, e:
return Response(simplejson.dumps({"oauth2 error": str(e)}))