def register(): ''' Checks to see if the user has verified their number (and redirects them away) :return: Forms to enter phone number, then token ''' if current_user.verified: return redirect(url_for('home',_external=True)) elif current_user.phone: token_form = TokenForm() if token_form.validate_on_submit(): token = str(token_form.data['token']) if current_user.check_token(token): current_user.verified = True db.session.commit() return redirect(url_for('register',_external=True)) else: flash('Please check your token.', "info") return render_template('token.html', form = token_form) else: form = PhoneNumberForm() if form.validate_on_submit(): phoneNum = form.data['phone'] if User.query.filter_by(phone = phoneNum, verified = True).all(): flash("Number already in use.", "danger") return redirect(url_for('register',_external=True)) current_user.phone = phoneNum update_token(current_user) #db committed in this method for us return current_user.token + " This is your token. Remember it or smth idc." return render_template('register.html', form=form)
def token(request): # 验证应用端合法性 client = oauth_server.authorize(request.META.get('HTTP_AUTHORIZATION')) if not client: response = HttpResponse('401 Unauthorized', status=401) response['WWW-Authenticate'] = 'Basic realm="Please provide your client_id and client_secret."' return response # 验证是否为令牌表单 form = TokenForm(request.POST) if not form.is_valid(): return error_response('invalid_request') grant_type = form.cleaned_data['grant_type'] code = form.cleaned_data['code'] redirect_uri = form.cleaned_data['redirect_uri'] # 处理authorization_code请求 if grant_type == 'authorization_code': try: code = AuthorizationCode.objects.filter(expire_time__gte=datetime.datetime.now()).get(client=client, code=UUID(bytes=urlsafe_base64_decode(code)), redirect_uri=redirect_uri) except AuthorizationCode.DoesNotExist: return error_response('invalid_grant') try: token = AccessToken(client=client, user=code.user, code=code.code, expire_time=datetime.datetime.now() + datetime.timedelta(hours=1)) token.save() except IntegrityError: AccessToken.objects.get(code=code.code).delete() code.delete() return error_response('invalid_grant') return success_response(urlsafe_base64_encode(token.token.bytes)) else: return error_response('unsupported_grant_type')
def like_or_unlike_message(msg_id): ''' Handle user liking or unliking a message. Adds user id and msg id to liked_messages table if messages is liked. Removes relevant record if message is unliked. Redirects to homepage''' if not g.user: flash("Access unauthorized.", "danger") return redirect("/") form = TokenForm() if form.validate_on_submit(): message = Message.query.get(msg_id) user = g.user #user.likes is an array of the all the message this user likes if message in user.message_likes: user.message_likes.remove( message ) #remove message id from their user's liked message id []) db.session.commit() else: user.message_likes.append( message) #add liked messages to user's liked message list db.session.commit() return redirect("/") else: return render_template('home.html', form=form)
def createToken(request): if request.method == 'POST': if 'createtoken' in request.POST: form = TokenForm(request.POST) # restrict projects to user visible fields form.fields['project'].queryset = Project.objects.filter(user_id=request.user.id) | Project.objects.filter(public=1) if form.is_valid(): new_token=form.save(commit=False) new_token.user_id=request.user.id new_token.save() return HttpResponseRedirect(get_script_prefix()+'ocpuser/projects') else: context = {'form': form} print form.errors return render_to_response('createtoken.html',context,context_instance=RequestContext(request)) elif 'backtotokens' in request.POST: return redirect(getTokens) else: messages.error(request,"Unrecognized Post") redirect(getTokens) else: '''Show the Create datasets form''' form = TokenForm() # restrict projects to user visible fields form.fields['project'].queryset = Project.objects.filter(user_id=request.user.id) | Project.objects.filter(public=1) context = {'form': form} return render_to_response('createtoken.html',context,context_instance=RequestContext(request))
def sign_in(request): if request.method == 'POST': form = TokenForm(request.POST) if form.is_valid(): tok=form.cleaned_data['token_id'] # us =form.cleaned_data['user'] return HttpResponseRedirect('/notes/'+tok) else: form = TokenForm() return render(request, 'sign_in.html', {'form': form})
def add_token(): form = TokenForm() users = User.query.all() if form.validate_on_submit(): user = User.query.filter_by(username=form.name.data).first() if user is not None: user.reset_token(form.token.data) flash("Token updated for %s" % form.name.data) return redirect(url_for('admin.add_token')) else: user = User(username=form.name.data, token=form.token.data) db.session.add(user) db.session.commit() flash('Token generated for %s.' % form.name.data) return render_template('admin/token.html', form=form, users=users)
def updateToken(request): # Get the dataset to update token = request.session["token_name"] if request.method == 'POST': if 'updatetoken' in request.POST: token_update = get_object_or_404(Token,token_name=token) form = TokenForm(data=request.POST or None, instance=token_update) if form.is_valid(): newtoken = form.save( commit=False ) if newtoken.user_id == request.user.id or request.user.is_superuser: # if you changed the token name, delete old token newtoken.save() if newtoken.token_name != token: deltoken = Token.objects.filter(token_name=token) deltoken.delete() messages.success(request, 'Sucessfully updated Token') del request.session["token_name"] else: messages.error(request,"Cannot update. You are not owner of this token or not superuser.") return HttpResponseRedirect(get_script_prefix()+'ocpuser/token') else: #Invalid form context = {'form': form} print form.errors return render_to_response('updatetoken.html',context,context_instance=RequestContext(request)) elif 'backtotokens' in request.POST: #unrecognized option return HttpResponseRedirect(get_script_prefix()+'ocpuser/token') else: #unrecognized option return HttpResponseRedirect(get_script_prefix()+'ocpuser/token') else: print "Getting the update form" if "token_name" in request.session: token = request.session["token_name"] else: token = "" token_to_update = Token.objects.filter(token_name=token) data = { 'token_name': token_to_update[0].token_name, 'token_description':token_to_update[0].token_description, 'project':token_to_update[0].project_id, 'public':token_to_update[0].public, } form = TokenForm(initial=data) context = {'form': form} return render_to_response('updatetoken.html',context,context_instance=RequestContext(request))
def delete_user(): """Delete user.""" #TODO use deleteform() if not g.user: flash("Access unauthorized.", "danger") return redirect("/") form = TokenForm() if form.validate_on_submit(): do_logout() db.session.delete(g.user) db.session.commit() return redirect("/signup", form=form)
def homepage(): """Show homepage: - anon users: no messages - logged in: 100 most recent messages of followed_users """ # user = User.query.get(g.user) # print('g.user', User.query.get(g.user.id)) # print('followers', user.following) form = TokenForm() if g.user: following_id = [user.id for user in g.user.following] messages = (Message .query .filter(Message.user_id.in_(following_id)) .order_by(Message.timestamp.desc()) .limit(100) .all()) return render_template('home.html', messages=messages, form=form) return render_template('home-anon.html')
def post(self, request): student = Student.objects.get(user=request.user) filled_slot_list = Slot.objects.filter(stud_count=F('max_limit')) form = TokenForm(request.POST) if form.is_valid(): appointment = form.save(commit=False) appointment.student = Student.objects.get(user=request.user) try: appointment = form.save(commit=True) # If appointment is saved assign form = None. Otherwise form # will be rendered again in template. # Template has a {% if form %} tag to check if form is present. form = None except ValidationError as e: # if appointment is not saved, then assign appointment = None. # Otheriwse **unsaved** appointment will be rendered in the # template. appointment = None form.add_error('slot', e) context = dict(student=student, appointment=appointment, form=form, filled_slot_list=filled_slot_list) return render(request, self.template_name, context) else: context = dict(student=student, form=form, filled_slot_list=filled_slot_list) return render(request, self.template_name, context)
def add_token(): form = TokenForm() users = User.query.all() if form.validate_on_submit(): user = User.query.filter_by(username=form.name.data).first() if user is not None: user.reset_token(form.token.data) flash("Token updated for %s" % form.name.data) return redirect(url_for('admin.add_token')) else: user = User( username=form.name.data, token=form.token.data ) db.session.add(user) db.session.commit() flash('Token generated for %s.' % form.name.data) return render_template('admin/token.html', form=form, users=users)
def token(request): # 验证应用端合法性 client = oauth_server.authorize(request.META.get('HTTP_AUTHORIZATION')) if not client: response = HttpResponse('401 Unauthorized', status=401) response[ 'WWW-Authenticate'] = 'Basic realm="Please provide your client_id and client_secret."' return response # 验证是否为令牌表单 form = TokenForm(request.POST) if not form.is_valid(): return error_response('invalid_request') grant_type = form.cleaned_data['grant_type'] code = form.cleaned_data['code'] redirect_uri = form.cleaned_data['redirect_uri'] # 处理authorization_code请求 if grant_type == 'authorization_code': try: code = AuthorizationCode.objects.filter( expire_time__gte=datetime.datetime.now()).get( client=client, code=UUID(bytes=urlsafe_base64_decode(code)), redirect_uri=redirect_uri) except AuthorizationCode.DoesNotExist: return error_response('invalid_grant') try: token = AccessToken(client=client, user=code.user, code=code.code, expire_time=datetime.datetime.now() + datetime.timedelta(hours=1)) token.save() except IntegrityError: AccessToken.objects.get(code=code.code).delete() code.delete() return error_response('invalid_grant') return success_response(urlsafe_base64_encode(token.token.bytes)) else: return error_response('unsupported_grant_type')
def users_followers(user_id): """Show list of followers of this user.""" if not g.user: flash("Access unauthorized.", "danger") return redirect("/") form = TokenForm() user = User.query.get_or_404(user_id) return render_template('users/followers.html', user=user, form=form)
def users_show(user_id): """Show user profile.""" if not g.user: flash("Access unauthorized.", "danger") return redirect("/") user = User.query.get_or_404(user_id) form = TokenForm() return render_template('users/show.html', user=user, form=form)
def dispatch_request(self, user_token): form = TokenForm() if form.validate_on_submit(): user_token = form.user_token.data.upper() if user_token: registered_users = UserModel.query( UserModel.user_token == user_token) updated_users = [] for registered_user in registered_users: if registered_user.user_token and registered_user.user_token == user_token: session['user'] = registered_user.to_dict() session['user']['uid'] = registered_user.key.id() #registered_user.user_token = None #updated_users.append(registered_user) #ndb.put_multi(updated_users) if session.get('user', None): return redirect(url_for('list_users')) else: flash(u"Invalid token, please request a new one.", 'warning') return redirect(url_for('login'))
def user_likes(user_id): """Show user's liked messages.""" if not g.user: flash("Access unauthorized.", "danger") return redirect("/") form = TokenForm() user = User.query.get_or_404(user_id) messages = user.message_likes return render_template('users/likes.html', messages=messages, form=form)
def get(self, request): student = Student.objects.get(user=request.user) appointment = None form = None if student.token_booked: appointment = Appointment.objects.get(student=student) else: form = TokenForm() filled_slot_list = Slot.objects.filter(stud_count=F('max_limit')) context = dict(appointment=appointment, form=form, student=student, filled_slot_list=filled_slot_list) return render(request, self.template_name, context)
def invitar(): form = TokenForm() if form.validate_on_submit(): if request.method == 'POST' and form.validate(): email = str(request.form['email']) token= ''.join(random.choice(string.ascii_uppercase) for i in range(6)) # if sendmail(email, token) == True: t = Token(token=token) db.session.add(t) db.session.commit() return render_template('enviado.html', email=email) else: return render_template('404.html') #return render_template('enviado.html', email=email, token=token) return render_template('invitar.html', form=form)
def dispatch_request(self): form = TokenForm() if form.validate_on_submit(): token = uuid4().hex[:6].upper() phone = phonenumbers.format_number( phonenumbers.parse(form.user_phone.data, region='US'), phonenumbers.PhoneNumberFormat.E164) registered_users = UserModel.query(UserModel.user_phone == phone) updated_users = [] for registered_user in registered_users: registered_user.user_token = token updated_users.append(registered_user) if updated_users: ndb.put_multi(updated_users) url = request.url_root.rstrip('/') + url_for('validate', user_token=token) client = TwilioRestClient(TWILIO_SID, TWILIO_TOKEN) message = client.messages.create(body="Jeff's Xmas Tracker\n\n" "Token: %s\n" "or\n" "Click: %s" % (token, url), to=phone, from_="+15153052239") flash( u"Token sent to %s. Follow link or type in token above." % phone, 'success') else: flash( u"The phone number %s isn't registered to any users." % phone, 'warning') return render_template('validate_token.html', form=form)
def list_users(): """Page with listing of users. Can take a 'q' param in querystring to search by that username. """ search = request.args.get('q') if not search: users = User.query.all() else: users = User.query.filter(User.username.like(f"%{search}%")).all() form = TokenForm() return render_template('users/index.html', users=users, form=form)
def editview(request, action): if request.user.is_authenticated(): request_data = None context = {} if request.method == 'POST': request_data = request.POST if action == 'password': form = PasswordChangeForm(user=request.user, data=request_data) context = { 'form': form, 'action': 'Change password', 'edition': True } elif action == 'settings': tz = 'UTC' if hasattr(request.user, 'sciriususer'): tz = request.user.sciriususer.timezone initial = {'timezone': tz} if request.user.is_superuser: form = UserSettingsForm(request_data, instance=request.user, initial=initial) else: form = NormalUserSettingsForm(request_data, instance=request.user, initial=initial) context = { 'form': form, 'action': 'Edit settings for ' + request.user.username, 'edition': True } elif action == 'token': initial = {} token = Token.objects.filter(user=request.user) if len(token): initial['token'] = token[0] form = TokenForm(request_data, initial=initial) context = {'form': form, 'action': 'User token', 'edition': True} else: context = {'action': 'User settings', 'edition': False} if request.method == 'POST': if action == 'token': current_tokens = Token.objects.filter(user=request.user) for token in current_tokens: token.delete() Token.objects.create(user=request.user) return redirect('accounts_edit', action='token') orig_superuser = request.user.is_superuser orig_staff = request.user.is_staff if form.is_valid(): context['edition'] = False context['action'] = 'User settings' ruser = form.save(commit=False) if not orig_superuser: ruser.is_superuser = False ruser.is_staff = orig_staff ruser.save() if action == 'password': update_session_auth_hash(request, ruser) if action == 'settings': try: sciriususer = ruser.sciriususer sciriususer.timezone = form.cleaned_data['timezone'] except: sciriususer = SciriusUser.objects.create( user=ruser, timezone=form.cleaned_data['timezone']) sciriususer.save() return scirius_render(request, 'accounts/edit.html', context)
def editview(request, action): if request.user.is_authenticated(): if request.method == 'POST': context = {'action': 'User settings'} orig_superuser = request.user.is_superuser orig_staff = request.user.is_staff if (action == 'password'): form = PasswordChangeForm(data=request.POST, user=request.user) elif (action == 'settings'): if request.user.is_superuser: form = UserSettingsForm(request.POST, instance=request.user) else: form = NormalUserSettingsForm(request.POST, instance=request.user) elif action == 'token': current_tokens = Token.objects.filter(user=request.user) for token in current_tokens: token.delete() Token.objects.create(user=request.user) return redirect('accounts_edit', action='token') if form.is_valid(): ruser = form.save(commit=False) if not orig_superuser: ruser.is_superuser = False ruser.is_staff = orig_staff ruser.save() if action == 'settings': try: sciriususer = ruser.sciriususer sciriususer.timezone = form.cleaned_data['timezone'] except: sciriususer = SciriusUser.objects.create( user=ruser, timezone=form.cleaned_data['timezone']) sciriususer.save() else: context['error'] = 'Invalid form' return scirius_render(request, 'accounts/edit.html', context) else: if (action == 'password'): form = PasswordChangeForm(request.user) context = {'form': form, 'action': 'Change password'} elif (action == 'settings'): if request.user.is_superuser: form = UserSettingsForm(instance=request.user, ) else: form = NormalUserSettingsForm(instance=request.user) try: form.initial[ 'timezone'] = request.user.sciriususer.timezone except: pass context = { 'form': form, 'action': 'Edit settings for ' + request.user.username } elif (action == 'token'): initial = {} token = Token.objects.filter(user=request.user) if len(token): initial['token'] = token[0] form = TokenForm(initial=initial) context = {'form': form, 'action': 'User token'} else: context = {'action': 'User settings'} return scirius_render(request, 'accounts/edit.html', context)