def security_check(): request.user = l.get_user(session.get('userid')) if request.user and not request.user.approved: session.clear() return redirect(url_for('login')) path = request.path if (request.user and path.startswith('/admin') and request.user.email not in _ADMIN_EMAILS): abort(403) if path.startswith('/screening') and THIS_IS_BATCH: abort(403) if path.startswith('/batch') and not THIS_IS_BATCH: if request.user and request.user.email not in _ADMIN_EMAILS: abort(403) if request.user: return safe_prefixes = ('/static', '/user', '/feedback', '/confirmation') for prefix in safe_prefixes: if path.startswith(prefix): return return redirect(url_for('login'))
def test_user_basics(): for n in range(20): assert l.add_user(u'{}@example.com'.format(n), u'Name {}'.format(n), u'pw{}'.format(n)) email = u'*****@*****.**' name = u'Ned Jackson Lovely' pw = u'password' assert not l.check_pw(email, pw) uid = l.add_user(email, name, pw) assert len(l.list_users()) == 21 for user in l.list_users(): assert not user.approved_on l.approve_user(uid) for user in l.list_users(): assert not user.approved_on if user.id != uid else user.approved_on assert l.get_user(uid).display_name == name assert l.check_pw(email, pw) assert l.check_pw(email.upper(), pw) assert not l.check_pw(email, pw.upper()) pw2 = u'\u2603' l.change_pw(uid, pw2) assert not l.check_pw(email, pw) assert l.check_pw(email, pw2)
def test_user_basics(): for n in range(20): assert l.add_user(u"{}@example.com".format(n), u"Name {}".format(n), u"pw{}".format(n)) email = u"*****@*****.**" name = u"Ned Jackson Lovely" pw = u"password" assert not l.check_pw(email, pw) uid = l.add_user(email, name, pw) assert len(l.list_users()) == 21 for user in l.list_users(): assert not user.approved_on l.approve_user(uid) for user in l.list_users(): assert not user.approved_on if user.id != uid else user.approved_on assert l.get_user(uid).display_name == name assert l.check_pw(email, pw) assert l.check_pw(email.upper(), pw) assert not l.check_pw(email, pw.upper()) pw2 = u"\u2603" l.change_pw(uid, pw2) assert not l.check_pw(email, pw) assert l.check_pw(email, pw2)
def approve_user(uid): l.approve_user(uid) user = l.get_user(uid) flash('Approved user {}'.format(user.email)) l.email_approved(uid) requests.post('https://slack.com/api/users.admin.invite', data = dict(token=os.environ['SLACK_TOKEN'], email=user.email)) return redirect(url_for('admin.list_users'))
def approve_user(uid): l.approve_user(uid) user = l.get_user(uid) flash('Approved user {}'.format(user.email)) l.email_approved(uid) requests.post('https://slack.com/api/users.admin.invite', data=dict(token=os.environ['SLACK_TOKEN'], email=user.email)) return redirect(url_for('admin.list_users'))
def get_user(): user_id = request.args.get('user_id') if not user_id: return {'success':False,'error':env_constants.INVALID_REQUEST_ERROR} user = logic.get_user(user_id) if not user: return {'success':False,'error':'No such user exists'} return {'success':True, 'user':user}
def login_post(): uid = l.check_pw(request.values.get("email"), request.values.get("pw")) if not uid: flash("Bad email or password.") return redirect(url_for("login")) user = l.get_user(uid) if not user.approved: flash("You have not yet been approved.") return redirect(url_for("login")) session["userid"] = uid return redirect("/")
def login_post(): uid = l.check_pw(request.values.get('email'), request.values.get('pw')) if not uid: flash('Bad email or password.') return redirect(url_for('login')) user = l.get_user(uid) if not user.approved: flash('You have not yet been approved.') return redirect(url_for('login')) session['userid'] = uid return redirect('/')
def edit(request): """ Edit the user's own profile """ user = logic.get_user(request) if request.method == "POST": form = UserForm(request.POST, instance=user) # check whether it's valid: if form.is_valid(): m = form.save() m.save() return HttpResponseRedirect('/users/show/' + str(user.user_key)) else: return render(request, 'users/edit_profile.html', {'form': UserForm(instance=user), 'user': user, 'nanodegree_choices': NANODEGREE_CHOICES})
def show(request, user_key): """ Show user's profile, and the project's they have created. """ user = logic.get_user(request, user_key=user_key) problems = logic.get_user_submitted_problems(user) solutions = logic.get_user_submitted_solutions(user) liked_problems = logic.get_user_liked_problems(user) liked_solutions = logic.get_user_liked_solutions(user) return render(request, 'users/show_profile.html', {'user': user, 'problems': problems, 'solutions': solutions, 'current_user': request.session['email'], 'liked_problems': liked_problems, 'liked_solutions': liked_solutions })
def get(self): user = users.get_current_user() if not user: self.redirect(users.create_login_url(self.request.uri)) return user = logic.get_user(user.email()) logout_url = users.create_logout_url('/') context = { 'user': user, 'logout_url': logout_url } self.response.write(render_to_string('testpage.html', context))
def admin(request): guser = users.get_current_user() if not guser: return redirect(users.create_login_url(request.path)) logic.init_mbank() logout_url = users.create_logout_url('/') user = logic.get_user(guser.email()) peoples = gmodels.MUser.all().run(limit = 100) admin = users.is_current_user_admin() peoples = list(peoples) # peoples_new_bill = list(peoples) # peoples_topup = list(peoples) return render_to_response('admin.html', locals())
def get(self): self.response.headers['Content-Type'] = 'text/plain' user = users.get_current_user() if not user: self.redirect(users.create_login_url(self.request.uri)) return email = user.email() user = logic.get_user(email) records = logic.get_recent_record(user) for record in records: self.response.write('%s \r\n' % record)
def get(self): user_id = tornado.escape.xhtml_escape(self.current_user) template = 'afterlogintemplate.html' topic = logic.get_current_topic(tornado.escape.xhtml_escape(self.current_user)) location = logic.get_current_location(tornado.escape.xhtml_escape(self.current_user)) relevant_locations = logic.get_relevant_locations() user = logic.get_user(user_id) auth_url = logic.get_twitter_auth_url() variables = { 'title': "My Profile", 'type': "profile", 'username': user['username'], 'country': user['country'], 'alerts': logic.get_topic_list(user_id), 'topic': topic, 'location': location, 'relevant_locations': relevant_locations, 'auth_url': auth_url[0] } self.set_secure_cookie("request_token", str(auth_url[1])) content = self.render_template(template, variables) self.write(content)
def home(request): guser = users.get_current_user() if not guser: return redirect(users.create_login_url(request.path)) user = logic.get_user(guser.email()) logout_url = users.create_logout_url('/') admin = users.is_current_user_admin() peoples = gmodels.MUser.all().run(limit = 100) records = gmodels.SumRecord.all().order('-date').run(limit = 20) drecords = [] for r in records: nr = {}; nr['date'] = format_date(r.date) nr['amount'] = r.amount nr['balance'] = r.balance nr['details'] = r.details drecords.append(nr) records = gmodels.BillingRecord.all().ancestor(user).order('-date').run(limit = 15) precords = [] for r in records: nr = {}; nr['date'] = format_date(r.date) nr['amount'] = r.amount nr['balance'] = r.balance nr['details'] = r.extra precords.append(nr) return render_to_response('home.html', locals())
def security_check(): request.user = l.get_user(session.get("userid")) if request.user and not request.user.approved: session.clear() return redirect(url_for("login")) path = request.path if request.user and path.startswith("/admin") and request.user.email not in _ADMIN_EMAILS: abort(403) if path.startswith("/screening") and THIS_IS_BATCH: abort(403) if path.startswith("/batch") and not THIS_IS_BATCH: abort(403) if request.user: return for prefix in ("/static", "/user", "/feedback"): if path.startswith(prefix): return return redirect(url_for("login"))
def approve_user(uid): l.approve_user(uid) user = l.get_user(uid) flash("Approved user {}".format(user.email)) return redirect(url_for("list_users"))
def get_user(): user = logic.get_user(user_id) if not user: return {'success':False,'error':'No such user exists'} return {'success':True, 'user':user}
def approve_user(uid): l.approve_user(uid) user = l.get_user(uid) flash('Approved user {}'.format(user.email)) l.email_approved(uid) return redirect(url_for('list_users'))
def get(self, id): """Returns the user json based on id""" return get_user(id)