def sso(app_key, user_login): """Simple SSO API.""" app = get_app(app_key) require_userinfo = request.values.get('with') == 'userinfo' error_ignored = request.values.get('error') == 'ignore' success = None if User.LOGIN_PATTERN.match(user_login): try: user = langdev.web.user.get_user(user_login) except werkzeug.exceptions.NotFound: if not error_ignored: raise success = False else: try: user = g.session.query(User).filter_by(email=user_login).one() except sqlalchemy.orm.exc.NoResultFound: if error_ignored: success = False else: abort(404) except sqlalchemy.orm.exc.MultipleResultsFound: success = False if success is None: success = app.hmac(user.password) == request.values['password'] if success and require_userinfo: result = user # workaround to include ``email`` attribute in the response. # see also :func:`langdev.objsimplify.transform`. g.current_user = user else: result = success return render('thirdparty/sso', result, success=success)
def signin_form(form=None, return_url=None): if not form: form = SignInForm() return_url = return_url or request.values.get('return_url') if return_url: form.return_url.data = return_url return render('user/signin_form', form, form=form)
def sso(app_key, user_login): """Simple SSO API.""" app = get_app(app_key) require_userinfo = request.values.get("with") == "userinfo" error_ignored = request.values.get("error") == "ignore" success = None if User.LOGIN_PATTERN.match(user_login): try: user = langdev.web.user.get_user(user_login) except werkzeug.exceptions.NotFound: if not error_ignored: raise success = False else: try: user = g.session.query(User).filter_by(email=user_login).one() except sqlalchemy.orm.exc.NoResultFound: if error_ignored: success = False else: abort(404) except sqlalchemy.orm.exc.MultipleResultsFound: success = False if success is None: success = app.hmac(user.password) == request.values["password"] if success and require_userinfo: result = user # workaround to include ``email`` attribute in the response. # see also :func:`langdev.objsimplify.transform`. g.current_user = user else: result = success return render("thirdparty/sso", result, success=success)
def request_find_password(user_login): user = get_user(user_login, orm.undefer_group('profile')) if user.email: token, expired_at = generate_token(user) url = url_for('.change_password_form', user_login=user.login, token=token, _external=True) expired_at = datetime.datetime.utcfromtimestamp(expired_at) msg = Message('[LangDev.org] Change your password: '******''' You can change your password through the following link: {url} But the above link will be expired at {expired_at} UTC. ''').format(url=url, expired_at=expired_at) current_app.mail.send(msg) email = hide_email(user.email) result = Result(user=user, email=email) status_code = 201 else: result = Result(user=user, error='Has no email address') status_code = 403 response = render('user/request_find_password', result, **result) response.status_code = status_code return response
def posts(): """Show a list of posts. :query view: one of ``summary`` or ``table``. default is ``table`` :query next: id of the next post what you want to fetch. It can be useful for calling API, or infinite scroll. :query offset: offset from a latest post. :query limit: number of posts to show. default is 20, maximum is 100. :status 200: no error. :status 404: ``next`` post is not exists. """ posts = g.session.query(Post) \ .order_by(Post.sticky.desc(), Post.created_at.desc()) cnt = posts.count() view = request.args.get('view', 'table') next_id = request.args.get('next') offset = int(request.args.get('offset', 0)) limit = min(int(request.args.get('limit', 20)), 100) if next_id: basis = g.session.query(Post).get(next_id) if not basis: abort(404) posts = posts.filter(~Post.sticky) \ .filter(Post.created_at <= basis.created_at) paged_posts = posts.offset(offset).limit(limit) next = posts.offset(offset+limit).first() pager = langdev.web.pager.Pager(math.ceil(cnt / float(limit)), 1 + offset / limit) return render('forum/posts', posts, view=view, next=next, posts=paged_posts, pager=pager, limit=limit)
def change_password(user_login, token): user = get_user(user_login) form = ChangePasswordForm() if not is_token_expired(user, token) and form.validate(): with g.session.begin(): form.populate_obj(user) return render('user/change_password', user, user=user) return change_password_form(user_login=user_login, token=token, form=form)
def comment(post_id, comment_id): comment = get_comment(comment_id, post_id) response = render('forum/base', comment, comment=comment) if re.match(r'^(application/xhtml\+xml|text/html)\s*($|;)', response.content_type): return redirect(url_for('.post', post_id=post_id) + '#comment-{0}'.format(comment.id)) return response
def signup_form(form=None): form = form or SignUpForm.get_instance() response = render('user/signup_form', form, form=form) # ReCAPTCHA doesn't work on application/xhtml+xml. if ('RECAPTCHA_PUBLIC_KEY' in current_app.config and 'RECAPTCHA_PRIVATE_KEY' in current_app.config and re.match( r'^application/xhtml\+xml(;|$)', response.content_type)): response.content_type = 'text/html' return response
def comment(post_id, comment_id): comment = get_comment(comment_id, post_id) response = render('forum/base', comment, comment=comment) if re.match(r'^(application/xhtml\+xml|text/html)\s*($|;)', response.content_type): return redirect( url_for('.post', post_id=post_id) + '#comment-{0}'.format(comment.id)) return response
def change_password_form(user_login, token, form=None): user = get_user(user_login) expired = is_token_expired(user, token) form = form or ChangePasswordForm() response = render('user/change_password_form', form, form=form, user=user, token=token, expired=expired) if expired: response.status_code = 403 return response
def signup_form(form=None): form = form or SignUpForm.get_instance() response = render('user/signup_form', form, form=form) # ReCAPTCHA doesn't work on application/xhtml+xml. if ('RECAPTCHA_PUBLIC_KEY' in current_app.config and 'RECAPTCHA_PRIVATE_KEY' in current_app.config and re.match(r'^application/xhtml\+xml(;|$)', response.content_type)): response.content_type = 'text/html' return response
def posts(): """Show a list of posts. :query view: one of ``summary`` or ``table``. default is ``table`` :query next: id of the next post what you want to fetch. It can be useful for calling API, or infinite scroll. :query offset: offset from a latest post. :query limit: number of posts to show. default is 20, maximum is 100. :status 200: no error. :status 404: ``next`` post is not exists. """ posts = g.session.query(Post) \ .order_by(Post.sticky.desc(), Post.created_at.desc()) cnt = posts.count() view = request.args.get('view', 'table') next_id = request.args.get('next') offset = int(request.args.get('offset', 0)) limit = min(int(request.args.get('limit', 20)), 100) if next_id: basis = g.session.query(Post).get(next_id) if not basis: abort(404) posts = posts.filter(~Post.sticky) \ .filter(Post.created_at <= basis.created_at) paged_posts = posts.offset(offset).limit(limit) next = posts.offset(offset + limit).first() pager = langdev.web.pager.Pager(math.ceil(cnt / float(limit)), 1 + offset / limit) return render('forum/posts', posts, view=view, next=next, posts=paged_posts, pager=pager, limit=limit)
def write_form(form=None): langdev.web.user.ensure_signin() form = form or PostForm() return render('forum/write_form', form, form=form)
def find_password_form(form=None): form = form or PasswordFindingForm() return render('user/find_password_form', form, form=form)
def request_find_password_form(user_login): user = get_user(user_login) return render('user/request_find_password_form', user, user=user)
def profile(user_login, form=None): """User profile page.""" user = get_user(user_login) if g.current_user == user and not form: form = ProfileForm(request.form, user) return render('user/profile', user, user=user, form=form)
def posts(user_login): """Posts a user wrote.""" user = get_user(user_login) posts = user.posts return render('user/posts', posts, user=user, posts=posts)
def edit_form(post_id, form=None): post = get_post(post_id) langdev.web.user.ensure_signin(post.author) form = form or PostForm(request.form, post) return render('forum/edit_form', form, form=form, post=post)
def register_form(form=None): """Third-party application registration form.""" langdev.web.user.ensure_signin() form = form or ApplicationForm() return render('thirdparty/register_form', form, form=form)
def post(post_id, comment_form=None): post = get_post(post_id) if not comment_form: comment_form = CommentForm() comment_form.fill_comments(post) return render('forum/post', post, post=post, comment_form=comment_form)
def app(app_key): """Application detail information.""" app = get_app(app_key) langdev.web.user.ensure_signin(app.owner) return render("thirdparty/app", app, app=app)
def app(app_key): """Application detail information.""" app = get_app(app_key) langdev.web.user.ensure_signin(app.owner) return render('thirdparty/app', app, app=app)
def register_form(form=None): """Third-party application registration form.""" langdev.web.user.ensure_signin() form = form or ApplicationForm() return render("thirdparty/register_form", form, form=form)