def forgot_password(): form = RecoverPasswordForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user: flash(_("Please see your email for instructions on " "how to access your account"), "success") user.activation_key = str(uuid.uuid4()) db.session.commit() body = render_template("emails/recover_password.html", user=user) message = Message(subject=_("Recover your password"), body=body, sender=current_app.config.get( 'DEFAULT_MAIL_SENDER'), recipients=[user.email]) mail.send(message) return redirect(url_for("frontend.index")) else: flash(_("Sorry, no user found for that email address"), "error") return render_template("recover_password.html", form=form)
def report_abuse(comment_id): comment = Comment.query.get_or_404(comment_id) form = CommentAbuseForm() if form.validate_on_submit(): admins = current_app.config['ADMINS'] if admins: body = render_template("emails/report_abuse.html", comment=comment, complaint=form.complaint.data) message = Message(subject="Report Abuse", body=body, sender=g.user.email, recipients=admins) mail.send(message) flash(_("Your report has been sent to the admins"), "success") return redirect(comment.url) return render_template("comment/report_abuse.html", comment=comment, form=form)
def edit(post_id): post = Post.query.get_or_404(post_id) post.permissions.edit.test(403) form = PostForm(obj=post) if form.validate_on_submit(): form.populate_obj(post) db.session.commit() if g.user.id != post.author_id: body = render_template("emails/post_edited.html", post=post) message = Message(subject="Your post has been edited", body=body, recipients=[post.author.email]) mail.send(message) flash(_("The post has been updated"), "success") else: flash(_("Your post has been updated"), "success") return redirect(url_for("post.view", post_id=post_id)) return render_template("post/edit_post.html", post=post, form=form)
def send_message(user_id): user = User.query.get_or_404(user_id) user.permissions.send_message.test(403) form = MessageForm() if form.validate_on_submit(): body = render_template("emails/send_message.html", user=user, subject=form.subject.data, message=form.message.data) subject = _("You have received a message from %(name)s", name=g.user.username) message = Message(subject=subject, body=body, recipients=[user.email]) mail.send(message) flash(_("Your message has been sent to %(name)s", name=user.username), "success") return redirect(url_for("user.posts", username=user.username)) return render_template("user/send_message.html", user=user, form=form)
def forgot_password(): form = RecoverPasswordForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user: flash( _("Please see your email for instructions on " "how to access your account"), "success") user.activation_key = str(uuid.uuid4()) db.session.commit() body = render_template("emails/recover_password.html", user=user) message = Message(subject=_("Recover your password"), body=body, recipients=[user.email]) mail.send(message) return redirect(url_for("frontend.index")) else: flash(_("Sorry, no user found for that email address"), "error") return render_template("account/recover_password.html", form=form)
def add_comment(post_id, parent_id=None): post = Post.query.get_or_404(post_id) post.permissions.view.test(403) parent = Comment.query.get_or_404(parent_id) if parent_id else None form = CommentForm() if form.validate_on_submit(): comment = Comment(post=post, parent=parent, author=g.user) form.populate_obj(comment) db.session.add(comment) db.session.commit() signals.comment_added.send(post) flash(_("Thanks for your comment"), "success") author = parent.author if parent else post.author if author.email_alerts and author.id != g.user.id: subject = _("Somebody replied to your comment") if parent else \ _("Somebody commented on your post") template = "emails/comment_replied.html" if parent else \ "emails/post_commented.html" body = render_template(template, author=author, post=post, parent=parent, comment=comment) mail.send_message(subject=subject, body=body, sender=current_app.config.get( 'DEFAULT_MAIL_SENDER'), recipients=[post.author.email]) return redirect(comment.url) return render_template("add_comment.html", parent=parent, post=post, form=form)
def signup(): if 'openid' not in session: abort(403) form = OpenIdSignupForm(next=request.args.get("next"), username=request.args.get("name"), email=request.args.get("email")) if form.validate_on_submit(): user = User(openid=session.pop('openid')) form.populate_obj(user) db.session.add(user) db.session.commit() session.permanent = True identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) flash(_("Welcome, %%s") % user.username, "success") next_url = form.next.data or \ url_for("user.posts", username=user.username) return redirect(next_url) return render_template("openid_signup.html", form=form)
def signup(): form = SignupForm(next=request.args.get("next")) if form.validate_on_submit(): user = User() form.populate_obj(user) db.session.add(user) db.session.commit() identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) flash(_("Welcome, %(name)s", name=user.username), "success") next_url = form.next.data if not next_url or next_url == request.path: next_url = url_for('user.posts', username=user.username) return redirect(next_url) return render_template("account/signup.html", form=form)
def change_password(): user = None if g.user: user = g.user elif 'activation_key' in request.values: user = User.query.filter_by( activation_key=request.values['activation_key']).first() if user is None: abort(403) form = ChangePasswordForm(activation_key=user.activation_key) if form.validate_on_submit(): user.password = form.password.data user.activation_key = None db.session.commit() flash(_("Your password has been changed, " "please log in again"), "success") # 修改成功后,强制用户退出 identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity()) return redirect(url_for("account.login")) return render_template("change_password.html", form=form)
def signup(): form = SignupForm(next=request.args.get("next")) if form.validate_on_submit(): user = User() form.populate_obj(user) db.session.add(user) db.session.commit() identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) flash(_("Welcome, %(name)s", name=user.username), "success") next_url = form.next.data if not next_url or next_url == request.path: next_url = url_for('user.posts', username=user.username) return redirect(next_url) return render_template("signup.html", form=form)
def contact(): if g.user: form = ContactForm(name=g.user.username, email=g.user.email) else: form = ContactForm() if form.validate_on_submit(): admins = current_app.config.get('ADMINS', []) from_address = "%s <%s>" % (form.name.data, form.email.data) if admins: message = Message(subject=form.subject.data, body=form.message.data, recipients=admins, sender=from_address) mail.send(message) flash(_("Thanks, your message has been sent to us"), "success") return redirect(url_for('frontend.index')) return render_template("contact.html", form=form)
def change_password(): user = None if g.user: user = g.user elif "activation_key" in request.values: user = User.query.filter_by(activation_key=request.values["activation_key"]).first() if user is None: abort(403) form = ChangePasswordForm(activation_key=user.activation_key) if form.validate_on_submit(): user.password = form.password.data user.activation_key = None db.session.commit() flash(_("Your password has been changed, " "please log in again"), "success") return redirect(url_for("account.login")) return render_template("account/change_password.html", form=form)
def signup(): if 'openid' not in session: abort(403) form = OpenIdSignupForm(next=request.args.get("next"), username=request.args.get("name"), email=request.args.get("email")) if form.validate_on_submit(): user = User(openid=session.pop('openid')) form.populate_obj(user) db.session.add(user) db.session.commit() session.permanent = True identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) flash(_("Welcome, %%s") % user.username, "success") next_url = form.next.data or \ url_for("user.posts", username=user.username) return redirect(next_url) return render_template("openid/signup.html", form=form)
def delete(post_id): post = Post.query.get_or_404(post_id) post.permissions.delete.test(403) Comment.query.filter_by(post=post).delete() db.session.delete(post) db.session.commit() if g.user.id != post.author_id: body = render_template("emails/post_deleted.html", post=post) message = Message(subject="Your post has been deleted", body=body, recipients=[post.author.email]) mail.send(message) flash(_("The post has been deleted"), "success") else: flash(_("Your post has been deleted"), "success") return jsonify(success=True, redirect_url=url_for('frontend.index'))
def change_password(): user = None if g.user: user = g.user elif 'activation_key' in request.values: user = User.query.filter_by( activation_key=request.values['activation_key']).first() if user is None: abort(403) form = ChangePasswordForm(activation_key=user.activation_key) if form.validate_on_submit(): user.password = form.password.data user.activation_key = None db.session.commit() flash(_("Your password has been changed, " "please log in again"), "success") return redirect(url_for("account.login")) return render_template("account/change_password.html", form=form)
def latest(page=1): page_obj = Post.query.popular().restricted(g.user).as_list().\ paginate(page, per_page=Post.PER_PAGE) page_url = lambda page: url_for("frontend.latest", page=page) return render_template("latest.html", page_obj=page_obj, page_url=page_url)
def deadpool(page=1): page_obj = Post.query.deadpooled().restricted(g.user).as_list().\ paginate(page, per_page=Post.PER_PAGE) page_url = lambda page: url_for("frontend.deadpool", page=page) return render_template("deadpool.html", page_obj=page_obj, page_url=page_url)
def follow(user_id): user = User.query.get_or_404(user_id) g.user.follow(user) db.session.commit() body = render_template("emails/followed.html", user=user) mail.send_message(subject=_("%s is now following you" % g.user.username), body=body, recipients=[user.email]) return jsonify(success=True, reload=True)
def tag(slug, page=1): tag = Tag.query.filter_by(slug=slug).first_or_404() page_obj = tag.posts.restricted(g.user).as_list().\ paginate(page, per_page=Post.PER_PAGE) page_url = lambda page: url_for('frontend.tag', slug=slug, page=page) return render_template("tag.html", tag=tag, page_url=page_url, page_obj=page_obj)
def login(): form = OpenIdLoginForm(next=request.args.get("next")) if form.validate_on_submit(): session['next'] = form.next.data return oid.try_login(form.openid.data, ask_for=('email', 'fullname', 'nickname')) return render_template("openid/login.html", form=form, error=oid.fetch_error())
def login(): form = OpenIdLoginForm(next=request.args.get("next")) if form.validate_on_submit(): session['next'] = form.next.data return oid.try_login(form.openid.data, ask_for=('email', 'fullname', 'nickname')) return render_template("openid_login.html", form=form, error=oid.fetch_error())
def edit(): form = EditAccountForm(g.user) if form.validate_on_submit(): form.populate_obj(g.user) db.session.commit() flash(_("Your account has been updated"), "success") return redirect(url_for("frontend.index")) return render_template("account/edit_account.html", form=form)
def edit(): form = EditAccountForm(g.user) if form.validate_on_submit(): form.populate_obj(g.user) db.session.commit() flash(_("Your account has been updated"), "success") return redirect(url_for("frontend.index")) return render_template("edit_account.html", form=form)
def submit(): form = PostForm() if form.validate_on_submit(): post = Post(author=g.user) form.populate_obj(post) db.session.add(post) db.session.commit() flash(_("Thank you for posting"), "success") return redirect(url_for("frontend.latest")) return render_template("submit.html", form=form)
def delete(): # confirm password & recaptcha form = DeleteAccountForm() if form.validate_on_submit(): db.session.delete(g.user) db.session.commit() identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity()) flash(_("Your account has been deleted"), "success") return redirect(url_for("frontend.index")) return render_template("account/delete_account.html", form=form)
def view(post_id, slug=None): post = Post.query.get_or_404(post_id) if not post.permissions.view: if not g.user: flash(_("You must be logged in to see this post"), "error") return redirect(url_for("account.login", next=request.path)) else: flash(_("You must be a friend to see this post"), "error") abort(403) def edit_comment_form(comment): return CommentForm(obj=comment) return render_template("post/post.html", comment_form=CommentForm(), edit_comment_form=edit_comment_form, post=post)
def following(username, page=1): user = User.query.filter_by(username=username).first_or_404() num_posts = Post.query.filter_by(author_id=user.id).\ restricted(g.user).count() num_comments = Comment.query.filter_by(author_id=user.id).\ restricted(g.user).count() following = user.get_following().order_by(User.username.asc()) return render_template("user/following.html", user=user, num_posts=num_posts, num_comments=num_comments, following=following)
def posts(username, page=1): user = User.query.filter_by(username=username).first_or_404() page_obj = Post.query.filter_by(author=user).restricted(g.user).\ as_list().paginate(page, Post.PER_PAGE) page_url = lambda page: url_for('user.posts', username=username, page=page) num_comments = Comment.query.filter_by(author_id=user.id).\ restricted(g.user).count() return render_template("user/posts.html", user=user, num_posts=page_obj.total, num_comments=num_comments, page_obj=page_obj, page_url=page_url)
def login(): form = LoginForm(login=request.args.get("login", None), next=request.args.get("next", None)) # TBD: ensure "next" field is passed properly if form.validate_on_submit(): user, authenticated = \ User.query.authenticate(form.login.data, form.password.data) if user and authenticated: session.permanent = form.remember.data identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) # check if openid has been passed in openid = session.pop('openid', None) if openid: user.openid = openid db.session.commit() flash( _("Your OpenID has been attached to your account. " "You can now sign in with your OpenID."), "success") else: flash(_("Welcome back, %(name)s", name=user.username), "success") next_url = form.next.data if not next_url or next_url == request.path: next_url = url_for('user.posts', username=user.username) return redirect(next_url) else: flash(_("Sorry, invalid login"), "error") return render_template("account/login.html", form=form)
def login(): form = LoginForm(login=request.args.get("login", None), next=request.args.get("next", None)) # TBD: ensure "next" field is passed properly if form.validate_on_submit(): user, authenticated = \ User.query.authenticate(form.login.data, form.password.data) if user and authenticated: session.permanent = form.remember.data identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) # check if openid has been passed in openid = session.pop('openid', None) if openid: user.openid = openid db.session.commit() flash(_("Your OpenID has been attached to your account. " "You can now sign in with your OpenID."), "success") else: flash( _("Welcome back, %(name)s", name=user.username), "success") next_url = form.next.data if not next_url or next_url == request.path: next_url = url_for('user.posts', username=user.username) return redirect(next_url) else: flash(_("Sorry, invalid login"), "error") return render_template("login.html", form=form)
def edit(comment_id): comment = Comment.query.get_or_404(comment_id) comment.permissions.edit.test(403) form = CommentForm(obj=comment) if form.validate_on_submit(): form.populate_obj(comment) db.session.commit() flash(_("Your comment has been updated"), "success") return redirect(comment.url) return render_template("comment/edit_comment.html", comment=comment, form=form)
def search(page=1): keywords = request.args.get("keywords", '').strip() if not keywords: return redirect(url_for("frontend.index")) page_obj = Post.query.search(keywords).restricted(g.user).as_list().\ paginate(page, per_page=Post.PER_PAGE) if page_obj.total == 1: post = page_obj.items[0] return redirect(post.url) page_url = lambda page: url_for( 'frontend.search', page=page, keywords=keywords) return render_template("search.html", page_obj=page_obj, page_url=page_url, keywords=keywords)
def search(page=1): keywords = request.args.get("keywords", '').strip() if not keywords: return redirect(url_for("frontend.index")) page_obj = Post.query.search(keywords).restricted(g.user).as_list().paginate(page, per_page=Post.PER_PAGE) if page_obj.total == 1: post = page_obj.items[0] return redirect(post.url) page_url = lambda page: url_for('frontend.search', page=page, keywords=keywords) return render_template("search.html", page_obj=page_obj, page_url=page_url, keywords=keywords)
def tags(): tags = Tag.query.cloud() return render_template("tags.html", tag_cloud=tags)
def help(): return render_template("help.html")
def rules(): return render_template("rules.html")
def forbidden(error): if request.is_xhr: return jsonify(error=_('Sorry, not allowed')) return render_template("errors/403.html", error=error)
def server_error(error): if request.is_xhr: return jsonify(error=_('Sorry, an error has occurred')) return render_template("errors/500.html", error=error)
def page_not_found(error): if request.is_xhr: return jsonify(error=_('Sorry, page not found')) return render_template("errors/404.html", error=error)