def get(self, verification_id): if not verification_id: return HttpErrorException.bad_request('no verification id given') if self.request.get('username') == '': return HttpErrorException.bad_request('no username given') user = User.get_by_id(self.request.get('username')) if not user: return HttpErrorException.bad_request('invilad username') if user.email_verification.verify_id == verification_id: user.email_verification.verified = True user.put() lr = tt_logging.construct_log( msg_short='User has verified their email', msg='User has verified their email: ' + user.email, log_type=tt_logging.USER, affected_user=user ) log.info(lr['dict_msg']['msg'], extra=lr) self.redirect('/') else: return HttpErrorException.bad_request('invalid verification id')
def post(self, user_id=None): if not user_id: raise HttpErrorException.bad_request('no user id given') user = User.get_by_id(user_id) if not user: raise HttpErrorException.bad_request('invalid user id given') if user != self.user and not self.user.is_super_admin: lr = tt_logging.construct_log( msg_short='Non-Admin User try to Alter Another User\'s Billing', msg='User (%s) attemped to change another user\'s (%s) ' 'billing information' % (self.user.key.id(), user.key.id()), log_type=tt_logging.SECURITY, request_user=self.user, affected_user=user, request=self.request ) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() if self.json_request.get('subscribe'): pay_plan = self.json_request.get('subscribe') if user.is_billable_account(): raise HttpErrorException.bad_request('user already has billable account') checkout_url = user.setup_billable_account(pay_plan) self.write_json_response({'checkout_url': checkout_url})
def post(self, user_id=None): if not user_id: raise HttpErrorException.bad_request('No user id given') user = User.get_by_id(user_id) if not user: raise HttpErrorException.bad_request('invalid user id given') user.edit(self.request, self.json_request, self.user)
def get(self, user_id=None): if user_id is not None: if user_id == 'anonymous': self.write_json_response({'username': '******'}) else: user = User.get_by_id(user_id) if not user: self.write_json_response({'username': '******'}) else: self.write_json_response({'username': '******'}) else: user_id = self.request.get('username') if user_id is None or user_id == '' or user_id == 'anonymous': self.response.write('false') else: user = User.get_by_id(user_id) if not user: self.response.write('true') else: self.response.write('false')
def get(self, user_id=None): if not user_id: raise HttpErrorException.bad_request('no user id given') user = User.get_by_id(user_id) if not user: raise HttpErrorException.bad_request('invalid user id given') if user != self.user and not self.user.is_super_admin: lr = tt_logging.construct_log( msg_short='Non-Admin User try to Alter Another User\'s Billing', msg='User (%s) attemped to change another user\'s (%s) ' 'billing information' % (self.user.key.id(), user.key.id()), log_type=tt_logging.SECURITY, request_user=self.user, affected_user=user, request=self.request ) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() template_data = { 'title': 'thinkTank', 'display_name': self.user.display_name, 'nav_bar_title': 'thinkTank', 'domain': self.request.host_url, 'payment_plans': payment_plan.get_payment_plan_list(), 'data': { 'user': json.dumps(self.user.to_dict(user=self.user)) }, } if user.is_billable_account(): template_data['billable_account'] = True else: template_data['billable_account'] = False if user.is_admin: template_data['admin'] = True template_index = JINJA_ENVIRONMENT.get_template('user_billing.html') self.response.write(template_index.render(template_data))
def get(self, username=None): if not username: raise HttpErrorException.bad_request('no username given') user = User.get_by_id(username) if not user: raise HttpErrorException.bad_request('invalid username given') if user != self.user: raise HttpErrorException.bad_request('Getting someone else user account info is not supported right now') template_data = { 'title': 'thinkTank', 'display_name': self.user.display_name, 'nav_bar_title': 'thinkTank', 'domain': self.request.host_url, 'first_name': user.first_name, 'last_name': user.last_name, 'email': user.email, 'main_phone': user.get_phone_number('main') if user.get_phone_number('main') else 'Main Phone', 'cell_phone': user.get_phone_number('cell') if user.get_phone_number('cell') else 'Cell Phone', 'birthday': user.birthday, 'street1': user.address['street1'] if user.address else 'Street1', 'street2': user.address['street2'] if user.address else 'Street2', 'city': user.address['city'] if user.address else 'City', 'state': user.address['state'] if user.address else 'State', 'zipecode': user.address['zip_code'] if user.address else 'Zip Code', 'spectra_count': self.user.spectra_count, 'data': { 'user': json.dumps(user.to_dict(user=self.user)) }, } if user.in_org(): template_data['organization'] = True if user.is_admin: template_data['admin'] = True template_index = JINJA_ENVIRONMENT.get_template('user_profile.html') self.response.write(template_index.render(template_data))
def post(self): # TODO: This handler needs broken down into smaller methods. No point cleaning # this up until that is complete. if self.json_request.get('status') == 'login': gc = GlobalConfig.get_configs() user = User.get_by_id(self.json_request.get('username')) if not user: self.request.body = '' # Make sure we don't record the users credentials in plan text lr = tt_logging.construct_log(msg_short='Unknow user attempted to login', log_type=tt_logging.USER, request=self.request) log.info(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.bad_request('invalid username or password given') if user.login_timeout(): raise HttpErrorException.forbidden() if not gc.allow_non_admin_user_login and not user.is_admin: self.request.body = '' # Make sure we don't record the users credentials in plan text lr = tt_logging.construct_log(msg_short='User attempted to loggin, but login is disabled', log_type=tt_logging.USER, request=self.request, request_user=user) log.info(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() creds = GenericCredentials.from_request(self.json_request) if not creds.authenticate(): user.failed_login_attemps.append(datetime.datetime.now()) self.request.body = '' # Make sure we don't record the users credentials in plan text lr = tt_logging.construct_log(msg_short='User provided invalid credentials', log_type=tt_logging.USER, request=self.request, request_user=user) log.info(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.bad_request('invalid username or password given') user.failed_login_attemps = [] user.last_login == datetime.datetime.now() user.put() session = login(self.request, creds, User) self.request.body = '' # Make sure we don't record the users credentials in plan text lr = tt_logging.construct_log(msg_short='User logged in', msg='User logged in: session: %s, IP Address: %s' % (session.token, self.request.remote_addr), log_type=tt_logging.USER, request=self.request, request_user=user) log.info(lr['dict_msg']['msg'], extra=lr) self.response.set_cookie('auth_user', base64.b64encode(creds.username)) self.response.set_cookie('user', creds.username) self.response.set_cookie('auth_token', session.token) self.write_json_response({'status': 'success'}) elif self.json_request.get('status') == 'logout': user = User.get_by_id(self.json_request.get('user')) Session.invalidate_cache_for(user) session = Session.get_by_id(user.username) if session is not None: lr = tt_logging.construct_log(msg_short='User logged out', msg='User logged out: session: %s, IP Address: %s' % (session.token, self.request.remote_addr), log_type=tt_logging.USER, request=self.request, request_user=user) log.info(lr['dict_msg']['msg'], extra=lr) session.key.delete() else: lr = tt_logging.construct_log(msg_short='User logged out', msg='User logged out: session: %s, IP Address: %s' % self.request.remote_addr, log_type=tt_logging.USER, request=self.request, request_user=user) log.info(lr['dict_msg']['msg'], extra=lr) elif self.json_request.get('reset_password'): user = User.get_by_id(self.json_request.get('username')) if not user: raise HttpErrorException.bad_request('invalid username') lr = tt_logging.construct_log(msg_short='Password Reset Requested', msg='User has requested password reset', log_type=tt_logging.USER, request=self.request, request_user=user) log.info(lr['dict_msg']['msg'], extra=lr) user.send_password_reset() else: self.write_json_response({'status': 'failed do not know what to do!!!'})
def get(self, user_id=None): # TODO: This handler needs broken down into smaller methods. No point cleaning # this up until that is complete. if self.request.get('user_info') is not '': if self.request.get('user_info') == self.user.username or self.user.is_admin: user = User.get_by_id(self.request.get('user_info')) if not user: raise HttpErrorException.bad_request('invalid user id') self.write_json_response(user.to_dict(user=self.user)) elif self.request.get('user_perms') is not '': user = User.get_by_id(self.request.get('user_perms')) if not user: raise HttpErrorException.bad_request('invalid username') if not user.is_admin and not self.user == user: lr = tt_logging.construct_log(msg_short='Non-Admin User Try Accessing Another User', msg='User (%s) attemped to access user\'s (%s) data ' % (self.user.key.id(), user.key.id()), log_type=tt_logging.SECURITY, request_user=self.user, affected_user=user, request=self.request) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() user_perms_dict = {} for group_key in user.groups: group = group_key.get() if group is None: user.groups.remove(group_key) user.put() lr = tt_logging.construct_log(msg_short='Broken Group Key in User Group List', msg='Found a broken group key (%s) in the user\'s group list\n' 'Key has been removed' % str(group_key), log_type=tt_logging.USER, request_user=self.user, affected_user=user, request=self.request) log.error(lr['dict_msg']['msg'], extra=lr) elif (group.has_permission(self.user, 'set_user_perms') or group.has_permission(self.user, 'remove_user_perms') or user.key == self.user.key): perms = user.get_group_perms_dict(group) if perms is not None: user_perms_dict[group.key.id()] = perms self.write_json_response(user_perms_dict) elif self.request.get('organization_users') is not '': if self.request.get('organization_users') == 'all': organization = Organization.get_by_id(self.request.get('organization_id')) if organization.is_admin(self.user) or Group.get_by_id('super_admin').key in self.user.groups: user_array = User.get_all_users(organization, request_user=self.user) self.write_json_response(user_array) else: lr = tt_logging.construct_log(msg_short='Non-Admin User Try Accessing Org Users', msg='User (%s) attemped to access all Organization\'s users' % (self.user.key.id()), log_type=tt_logging.SECURITY, request_user=self.user, request=self.request, artifact=organization) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() elif self.request.get('non_org') is not '': if not self.user.is_super_admin: lr = tt_logging.construct_log(msg_short='Non-Admin User Try Accessing Org Users', msg='User (%s) attemped to access all Organization\'s users' % (self.user.key.id()), log_type=tt_logging.SECURITY, request_user=self.user, request=self.request) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() else: users = User.query(User.organization == None).fetch() users_dicts = [] for user in users: users_dicts.append(user.to_dict()) self.write_json_response(users_dicts)