def register():
'''
Checks to see if the user has verified their number (and redirects them away)
:return: Forms to enter phone number, then token
'''
if current_user.verified:
return redirect(url_for('home',_external=True))
elif current_user.phone:
token_form = TokenForm()
if token_form.validate_on_submit():
token = str(token_form.data['token'])
if current_user.check_token(token):
current_user.verified = True
db.session.commit()
return redirect(url_for('register',_external=True))
else:
flash('Please check your token.', "info")
return render_template('token.html', form = token_form)
else:
form = PhoneNumberForm()
if form.validate_on_submit():
phoneNum = form.data['phone']
if User.query.filter_by(phone = phoneNum, verified = True).all():
flash("Number already in use.", "danger")
return redirect(url_for('register',_external=True))
current_user.phone = phoneNum
update_token(current_user) #db committed in this method for us
return current_user.token + " This is your token. Remember it or smth idc."
return render_template('register.html', form=form)
def token(request):
# 验证应用端合法性
client = oauth_server.authorize(request.META.get('HTTP_AUTHORIZATION'))
if not client:
response = HttpResponse('401 Unauthorized', status=401)
response['WWW-Authenticate'] = 'Basic realm="Please provide your client_id and client_secret."'
return response
# 验证是否为令牌表单
form = TokenForm(request.POST)
if not form.is_valid():
return error_response('invalid_request')
grant_type = form.cleaned_data['grant_type']
code = form.cleaned_data['code']
redirect_uri = form.cleaned_data['redirect_uri']
# 处理authorization_code请求
if grant_type == 'authorization_code':
try:
code = AuthorizationCode.objects.filter(expire_time__gte=datetime.datetime.now()).get(client=client, code=UUID(bytes=urlsafe_base64_decode(code)), redirect_uri=redirect_uri)
except AuthorizationCode.DoesNotExist:
return error_response('invalid_grant')
try:
token = AccessToken(client=client, user=code.user, code=code.code, expire_time=datetime.datetime.now() + datetime.timedelta(hours=1))
token.save()
except IntegrityError:
AccessToken.objects.get(code=code.code).delete()
code.delete()
return error_response('invalid_grant')
return success_response(urlsafe_base64_encode(token.token.bytes))
else:
return error_response('unsupported_grant_type')
def like_or_unlike_message(msg_id):
''' Handle user liking or unliking a message. Adds user id and msg id to
liked_messages table if messages is liked. Removes relevant record
if message is unliked.
Redirects to homepage'''
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
form = TokenForm()
if form.validate_on_submit():
message = Message.query.get(msg_id)
user = g.user
#user.likes is an array of the all the message this user likes
if message in user.message_likes:
user.message_likes.remove(
message
) #remove message id from their user's liked message id [])
db.session.commit()
else:
user.message_likes.append(
message) #add liked messages to user's liked message list
db.session.commit()
return redirect("/")
else:
return render_template('home.html', form=form)
def createToken(request):
if request.method == 'POST':
if 'createtoken' in request.POST:
form = TokenForm(request.POST)
# restrict projects to user visible fields
form.fields['project'].queryset = Project.objects.filter(user_id=request.user.id) | Project.objects.filter(public=1)
if form.is_valid():
new_token=form.save(commit=False)
new_token.user_id=request.user.id
new_token.save()
return HttpResponseRedirect(get_script_prefix()+'ocpuser/projects')
else:
context = {'form': form}
print form.errors
return render_to_response('createtoken.html',context,context_instance=RequestContext(request))
elif 'backtotokens' in request.POST:
return redirect(getTokens)
else:
messages.error(request,"Unrecognized Post")
redirect(getTokens)
else:
'''Show the Create datasets form'''
form = TokenForm()
# restrict projects to user visible fields
form.fields['project'].queryset = Project.objects.filter(user_id=request.user.id) | Project.objects.filter(public=1)
context = {'form': form}
return render_to_response('createtoken.html',context,context_instance=RequestContext(request))
def sign_in(request):
if request.method == 'POST':
form = TokenForm(request.POST)
if form.is_valid():
tok=form.cleaned_data['token_id']
# us =form.cleaned_data['user']
return HttpResponseRedirect('/notes/'+tok)
else:
form = TokenForm()
return render(request, 'sign_in.html', {'form': form})
def add_token():
form = TokenForm()
users = User.query.all()
if form.validate_on_submit():
user = User.query.filter_by(username=form.name.data).first()
if user is not None:
user.reset_token(form.token.data)
flash("Token updated for %s" % form.name.data)
return redirect(url_for('admin.add_token'))
else:
user = User(username=form.name.data, token=form.token.data)
db.session.add(user)
db.session.commit()
flash('Token generated for %s.' % form.name.data)
return render_template('admin/token.html', form=form, users=users)
def updateToken(request):
# Get the dataset to update
token = request.session["token_name"]
if request.method == 'POST':
if 'updatetoken' in request.POST:
token_update = get_object_or_404(Token,token_name=token)
form = TokenForm(data=request.POST or None, instance=token_update)
if form.is_valid():
newtoken = form.save( commit=False )
if newtoken.user_id == request.user.id or request.user.is_superuser:
# if you changed the token name, delete old token
newtoken.save()
if newtoken.token_name != token:
deltoken = Token.objects.filter(token_name=token)
deltoken.delete()
messages.success(request, 'Sucessfully updated Token')
del request.session["token_name"]
else:
messages.error(request,"Cannot update. You are not owner of this token or not superuser.")
return HttpResponseRedirect(get_script_prefix()+'ocpuser/token')
else:
#Invalid form
context = {'form': form}
print form.errors
return render_to_response('updatetoken.html',context,context_instance=RequestContext(request))
elif 'backtotokens' in request.POST:
#unrecognized option
return HttpResponseRedirect(get_script_prefix()+'ocpuser/token')
else:
#unrecognized option
return HttpResponseRedirect(get_script_prefix()+'ocpuser/token')
else:
print "Getting the update form"
if "token_name" in request.session:
token = request.session["token_name"]
else:
token = ""
token_to_update = Token.objects.filter(token_name=token)
data = {
'token_name': token_to_update[0].token_name,
'token_description':token_to_update[0].token_description,
'project':token_to_update[0].project_id,
'public':token_to_update[0].public,
}
form = TokenForm(initial=data)
context = {'form': form}
return render_to_response('updatetoken.html',context,context_instance=RequestContext(request))
def delete_user():
"""Delete user."""
#TODO use deleteform()
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
form = TokenForm()
if form.validate_on_submit():
do_logout()
db.session.delete(g.user)
db.session.commit()
return redirect("/signup", form=form)
def homepage():
"""Show homepage:
- anon users: no messages
- logged in: 100 most recent messages of followed_users
"""
# user = User.query.get(g.user)
# print('g.user', User.query.get(g.user.id))
# print('followers', user.following)
form = TokenForm()
if g.user:
following_id = [user.id for user in g.user.following]
messages = (Message
.query
.filter(Message.user_id.in_(following_id))
.order_by(Message.timestamp.desc())
.limit(100)
.all())
return render_template('home.html', messages=messages, form=form)
return render_template('home-anon.html')
def post(self, request):
student = Student.objects.get(user=request.user)
filled_slot_list = Slot.objects.filter(stud_count=F('max_limit'))
form = TokenForm(request.POST)
if form.is_valid():
appointment = form.save(commit=False)
appointment.student = Student.objects.get(user=request.user)
try:
appointment = form.save(commit=True)
# If appointment is saved assign form = None. Otherwise form
# will be rendered again in template.
# Template has a {% if form %} tag to check if form is present.
form = None
except ValidationError as e:
# if appointment is not saved, then assign appointment = None.
# Otheriwse **unsaved** appointment will be rendered in the
# template.
appointment = None
form.add_error('slot', e)
context = dict(student=student,
appointment=appointment,
form=form,
filled_slot_list=filled_slot_list)
return render(request, self.template_name, context)
else:
context = dict(student=student,
form=form,
filled_slot_list=filled_slot_list)
return render(request, self.template_name, context)
def add_token():
form = TokenForm()
users = User.query.all()
if form.validate_on_submit():
user = User.query.filter_by(username=form.name.data).first()
if user is not None:
user.reset_token(form.token.data)
flash("Token updated for %s" % form.name.data)
return redirect(url_for('admin.add_token'))
else:
user = User(
username=form.name.data,
token=form.token.data
)
db.session.add(user)
db.session.commit()
flash('Token generated for %s.' % form.name.data)
return render_template('admin/token.html', form=form, users=users)
def token(request):
# 验证应用端合法性
client = oauth_server.authorize(request.META.get('HTTP_AUTHORIZATION'))
if not client:
response = HttpResponse('401 Unauthorized', status=401)
response[
'WWW-Authenticate'] = 'Basic realm="Please provide your client_id and client_secret."'
return response
# 验证是否为令牌表单
form = TokenForm(request.POST)
if not form.is_valid():
return error_response('invalid_request')
grant_type = form.cleaned_data['grant_type']
code = form.cleaned_data['code']
redirect_uri = form.cleaned_data['redirect_uri']
# 处理authorization_code请求
if grant_type == 'authorization_code':
try:
code = AuthorizationCode.objects.filter(
expire_time__gte=datetime.datetime.now()).get(
client=client,
code=UUID(bytes=urlsafe_base64_decode(code)),
redirect_uri=redirect_uri)
except AuthorizationCode.DoesNotExist:
return error_response('invalid_grant')
try:
token = AccessToken(client=client,
user=code.user,
code=code.code,
expire_time=datetime.datetime.now() +
datetime.timedelta(hours=1))
token.save()
except IntegrityError:
AccessToken.objects.get(code=code.code).delete()
code.delete()
return error_response('invalid_grant')
return success_response(urlsafe_base64_encode(token.token.bytes))
else:
return error_response('unsupported_grant_type')
def users_followers(user_id):
"""Show list of followers of this user."""
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
form = TokenForm()
user = User.query.get_or_404(user_id)
return render_template('users/followers.html', user=user, form=form)
def users_show(user_id):
"""Show user profile."""
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
user = User.query.get_or_404(user_id)
form = TokenForm()
return render_template('users/show.html', user=user, form=form)
def dispatch_request(self, user_token):
form = TokenForm()
if form.validate_on_submit():
user_token = form.user_token.data.upper()
if user_token:
registered_users = UserModel.query(
UserModel.user_token == user_token)
updated_users = []
for registered_user in registered_users:
if registered_user.user_token and registered_user.user_token == user_token:
session['user'] = registered_user.to_dict()
session['user']['uid'] = registered_user.key.id()
#registered_user.user_token = None
#updated_users.append(registered_user)
#ndb.put_multi(updated_users)
if session.get('user', None):
return redirect(url_for('list_users'))
else:
flash(u"Invalid token, please request a new one.", 'warning')
return redirect(url_for('login'))
def user_likes(user_id):
"""Show user's liked messages."""
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
form = TokenForm()
user = User.query.get_or_404(user_id)
messages = user.message_likes
return render_template('users/likes.html', messages=messages, form=form)
def get(self, request):
student = Student.objects.get(user=request.user)
appointment = None
form = None
if student.token_booked:
appointment = Appointment.objects.get(student=student)
else:
form = TokenForm()
filled_slot_list = Slot.objects.filter(stud_count=F('max_limit'))
context = dict(appointment=appointment,
form=form,
student=student,
filled_slot_list=filled_slot_list)
return render(request, self.template_name, context)
def invitar():
form = TokenForm()
if form.validate_on_submit():
if request.method == 'POST' and form.validate():
email = str(request.form['email'])
token= ''.join(random.choice(string.ascii_uppercase) for i in range(6))
#
if sendmail(email, token) == True:
t = Token(token=token)
db.session.add(t)
db.session.commit()
return render_template('enviado.html', email=email)
else:
return render_template('404.html')
#return render_template('enviado.html', email=email, token=token)
return render_template('invitar.html', form=form)
def dispatch_request(self):
form = TokenForm()
if form.validate_on_submit():
token = uuid4().hex[:6].upper()
phone = phonenumbers.format_number(
phonenumbers.parse(form.user_phone.data, region='US'),
phonenumbers.PhoneNumberFormat.E164)
registered_users = UserModel.query(UserModel.user_phone == phone)
updated_users = []
for registered_user in registered_users:
registered_user.user_token = token
updated_users.append(registered_user)
if updated_users:
ndb.put_multi(updated_users)
url = request.url_root.rstrip('/') + url_for('validate',
user_token=token)
client = TwilioRestClient(TWILIO_SID, TWILIO_TOKEN)
message = client.messages.create(body="Jeff's Xmas Tracker\n\n"
"Token: %s\n"
"or\n"
"Click: %s" % (token, url),
to=phone,
from_="+15153052239")
flash(
u"Token sent to %s. Follow link or type in token above." %
phone, 'success')
else:
flash(
u"The phone number %s isn't registered to any users." %
phone, 'warning')
return render_template('validate_token.html', form=form)
def list_users():
"""Page with listing of users.
Can take a 'q' param in querystring to search by that username.
"""
search = request.args.get('q')
if not search:
users = User.query.all()
else:
users = User.query.filter(User.username.like(f"%{search}%")).all()
form = TokenForm()
return render_template('users/index.html', users=users, form=form)
def editview(request, action):
if request.user.is_authenticated():
request_data = None
context = {}
if request.method == 'POST':
request_data = request.POST
if action == 'password':
form = PasswordChangeForm(user=request.user, data=request_data)
context = {
'form': form,
'action': 'Change password',
'edition': True
}
elif action == 'settings':
tz = 'UTC'
if hasattr(request.user, 'sciriususer'):
tz = request.user.sciriususer.timezone
initial = {'timezone': tz}
if request.user.is_superuser:
form = UserSettingsForm(request_data,
instance=request.user,
initial=initial)
else:
form = NormalUserSettingsForm(request_data,
instance=request.user,
initial=initial)
context = {
'form': form,
'action': 'Edit settings for ' + request.user.username,
'edition': True
}
elif action == 'token':
initial = {}
token = Token.objects.filter(user=request.user)
if len(token):
initial['token'] = token[0]
form = TokenForm(request_data, initial=initial)
context = {'form': form, 'action': 'User token', 'edition': True}
else:
context = {'action': 'User settings', 'edition': False}
if request.method == 'POST':
if action == 'token':
current_tokens = Token.objects.filter(user=request.user)
for token in current_tokens:
token.delete()
Token.objects.create(user=request.user)
return redirect('accounts_edit', action='token')
orig_superuser = request.user.is_superuser
orig_staff = request.user.is_staff
if form.is_valid():
context['edition'] = False
context['action'] = 'User settings'
ruser = form.save(commit=False)
if not orig_superuser:
ruser.is_superuser = False
ruser.is_staff = orig_staff
ruser.save()
if action == 'password':
update_session_auth_hash(request, ruser)
if action == 'settings':
try:
sciriususer = ruser.sciriususer
sciriususer.timezone = form.cleaned_data['timezone']
except:
sciriususer = SciriusUser.objects.create(
user=ruser, timezone=form.cleaned_data['timezone'])
sciriususer.save()
return scirius_render(request, 'accounts/edit.html', context)
def editview(request, action):
if request.user.is_authenticated():
if request.method == 'POST':
context = {'action': 'User settings'}
orig_superuser = request.user.is_superuser
orig_staff = request.user.is_staff
if (action == 'password'):
form = PasswordChangeForm(data=request.POST, user=request.user)
elif (action == 'settings'):
if request.user.is_superuser:
form = UserSettingsForm(request.POST,
instance=request.user)
else:
form = NormalUserSettingsForm(request.POST,
instance=request.user)
elif action == 'token':
current_tokens = Token.objects.filter(user=request.user)
for token in current_tokens:
token.delete()
Token.objects.create(user=request.user)
return redirect('accounts_edit', action='token')
if form.is_valid():
ruser = form.save(commit=False)
if not orig_superuser:
ruser.is_superuser = False
ruser.is_staff = orig_staff
ruser.save()
if action == 'settings':
try:
sciriususer = ruser.sciriususer
sciriususer.timezone = form.cleaned_data['timezone']
except:
sciriususer = SciriusUser.objects.create(
user=ruser, timezone=form.cleaned_data['timezone'])
sciriususer.save()
else:
context['error'] = 'Invalid form'
return scirius_render(request, 'accounts/edit.html', context)
else:
if (action == 'password'):
form = PasswordChangeForm(request.user)
context = {'form': form, 'action': 'Change password'}
elif (action == 'settings'):
if request.user.is_superuser:
form = UserSettingsForm(instance=request.user, )
else:
form = NormalUserSettingsForm(instance=request.user)
try:
form.initial[
'timezone'] = request.user.sciriususer.timezone
except:
pass
context = {
'form': form,
'action': 'Edit settings for ' + request.user.username
}
elif (action == 'token'):
initial = {}
token = Token.objects.filter(user=request.user)
if len(token):
initial['token'] = token[0]
form = TokenForm(initial=initial)
context = {'form': form, 'action': 'User token'}
else:
context = {'action': 'User settings'}
return scirius_render(request, 'accounts/edit.html', context)
