Example #1
0
def manage_user(user_data):
    """Manage the user after signin"""
    # We have to store the oauth_token in the session to get the USER fields

    user = user_repo.get_by(mykaarma_user_id=user_data['id'])
    # user never signed on
    if user is None:
        user_by_email = user_repo.get_by(email_addr=user_data['email'])

        if (user_by_email is None):
            """Generate 4 digit alphanumeric string with digits and lowercase characters"""
            name = get_mykaarma_username_from_full_name(user_data['name'])
            """check if already a user present with the same name, if yes, generate another random string"""
            user = user_repo.get_by_name(name)
            while (user is not None):
                name = get_mykaarma_username_from_full_name(user_data['name'])
                user = user_repo.get_by_name(name)
            """add user"""
            user = User(fullname=user_data['name'],
                        name=name,
                        email_addr=user_data['email'],
                        mykaarma_user_id=user_data['id'])
            user_repo.save(user)
            if newsletter.is_initialized():
                newsletter.subscribe_user(user)
            return user
        else:
            return add_through_email(user_by_email, user_data)
    else:
        return user
Example #2
0
def add_through_email(user_by_email, user_data):
    if (user_by_email.name == username_from_full_name(
            user_data['name']).decode('utf-8')):
        name = get_mykaarma_username_from_full_name(user_data['name'])
        user = user_repo.get_by_name(name)
        while (user is not None):
            name = get_mykaarma_username_from_full_name(user_data['name'])
            user = user_repo.get_by_name(name)
        user_by_email.name = name
    user_by_email.mykaarma_user_id = user_data['id']
    user_repo.save(user_by_email)
    return user_by_email
Example #3
0
def reset_password():
    """
    Reset password method.

    Returns a Jinja2 template.

    """
    key = request.args.get('key')
    if key is None:
        abort(403)
    userdict = {}
    try:
        timeout = current_app.config.get('ACCOUNT_LINK_EXPIRATION', 3600)
        userdict = signer.loads(key, max_age=timeout, salt='password-reset')
    except BadData:
        abort(403)
    username = userdict.get('user')
    if not username or not userdict.get('password'):
        abort(403)
    user = user_repo.get_by_name(username)
    if user.passwd_hash != userdict.get('password'):
        abort(403)
    form = ChangePasswordForm(request.body)
    if form.validate_on_submit():
        user.set_password(form.new_password.data)
        user_repo.update(user)
        flash(gettext('You reset your password successfully!'), 'success')
        return _sign_in_user(user)
    if request.method == 'POST' and not form.validate():
        flash(gettext('Please correct the errors'), 'error')
    response = dict(template='/account/password_reset.html', form=form)
    return handle_content_type(response)
Example #4
0
def manage_user(access_token, user_data):
    """Manage the user after signin"""
    user = user_repo.get_by(facebook_user_id=user_data['id'])
    facebook_token = dict(oauth_token=access_token)

    if user is None:
        info = dict(facebook_token=facebook_token)
        name = username_from_full_name(user_data['name'])
        user_exists = user_repo.get_by_name(name) is not None
        # NOTE: Sometimes users at Facebook validate their accounts without
        # registering an e-mail (see this http://stackoverflow.com/a/17809808)
        email_exists = (user_data.get('email') is not None and
                        user_repo.get_by(email_addr=user_data['email']) is not None)

        if not user_exists and not email_exists:
            if not user_data.get('email'):
                user_data['email'] = name
            user = User(fullname=user_data['name'],
                        name=name,
                        email_addr=user_data['email'],
                        facebook_user_id=user_data['id'],
                        info=info)
            user_repo.save(user)
            if newsletter.is_initialized() and user.email_addr != name:
                newsletter.subscribe_user(user)
            return user
        else:
            return None
    else:
        user.info['facebook_token'] = facebook_token
        user_repo.save(user)
        return user
Example #5
0
def manage_user(access_token, user_data):
    """Manage the user after signin"""
    # Twitter API does not provide a way
    # to get the e-mail so we will ask for it
    # only the first time
    twitter_token = dict(oauth_token=access_token["oauth_token"], oauth_token_secret=access_token["oauth_token_secret"])
    info = dict(twitter_token=twitter_token)

    user = user_repo.get_by(twitter_user_id=user_data["user_id"])

    if user is not None:
        user.info["twitter_token"] = twitter_token
        user_repo.save(user)
        return user

    user = user_repo.get_by_name(user_data["screen_name"])
    if user is not None:
        return None

    user = User(
        fullname=user_data["screen_name"],
        name=user_data["screen_name"],
        email_addr=user_data["screen_name"],
        twitter_user_id=user_data["user_id"],
        info=info,
    )
    user_repo.save(user)
    return user
Example #6
0
def manage_user(access_token, user_data):
    """Manage the user after signin"""
    # We have to store the oauth_token in the session to get the USER fields

    user = user_repo.get_by(google_user_id=user_data['id'])
    google_token = dict(oauth_token=access_token)

    # user never signed on
    if user is None:
        info = dict(google_token=google_token)
        name = username_from_full_name(user_data['name'])
        user = user_repo.get_by_name(name)

        email = user_repo.get_by(email_addr=user_data['email'])

        if ((user is None) and (email is None)):
            user = User(fullname=user_data['name'],
                        name=name,
                        email_addr=user_data['email'],
                        google_user_id=user_data['id'],
                        info=info)
            user_repo.save(user)
            if newsletter.is_initialized():
                newsletter.subscribe_user(user)
            return user
        else:
            return None
    else:
        user.info['google_token'] = google_token
        # Update the name to fit with new paradigm to avoid UTF8 problems
        if type(user.name) == unicode or ' ' in user.name:
            user.name = username_from_full_name(user.name)
        user_repo.save(user)
        return user
Example #7
0
def reset_password():
    """
    Reset password method.

    Returns a Jinja2 template.

    """
    key = request.args.get('key')
    if key is None:
        abort(403)
    userdict = {}
    try:
        userdict = signer.loads(key, max_age=3600, salt='password-reset')
    except BadData:
        abort(403)
    username = userdict.get('user')
    if not username or not userdict.get('password'):
        abort(403)
    user = user_repo.get_by_name(username)
    if user.passwd_hash != userdict.get('password'):
        abort(403)
    form = ChangePasswordForm(request.form)
    if form.validate_on_submit():
        user.set_password(form.new_password.data)
        user_repo.update(user)
        login_user(user)
        flash(gettext('You reset your password successfully!'), 'success')
        return redirect(url_for('.signin'))
    if request.method == 'POST' and not form.validate():
        flash(gettext('Please correct the errors'), 'error')
    return render_template('/account/password_reset.html', form=form)
Example #8
0
def manage_user_login(user, user_data, next_url):
    """Manage user login."""
    if user is None:
        # Give a hint for the user
        user = user_repo.get_by(email_addr=user_data['email'])
        if user is None:
            name = username_from_full_name(user_data['name'])
            user = user_repo.get_by_name(name)

        msg, method = get_user_signup_method(user)
        flash(msg, 'info')
        if method == 'local':
            return redirect(url_for_app_type('account.forgot_password',
                                             _hash_last_flash=True))
        else:
            return redirect(url_for_app_type('account.signin',
                                             _hash_last_flash=True))
    else:
        login_user(user, remember=True)
        flash("Welcome back %s" % user.fullname, 'success')
        if user.newsletter_prompted is False and newsletter.is_initialized():
            return redirect(url_for_app_type('account.newsletter_subscribe',
                                             next=next_url,
                                             _hash_last_flash=True))
        return redirect(next_url)
Example #9
0
def projects(name):
    """
    List user's project list.

    Returns a Jinja2 template with the list of projects of the user.

    """
    user = user_repo.get_by_name(name)
    if not user:
        return abort(404)
    if current_user.name != name:
        return abort(403)

    user = user_repo.get(current_user.id)
    args = get_project_browse_args(request.args)
    projects_published, projects_draft = _get_user_projects(user.id, args)

    sort_options = {
        "columns": {
            "entries": columns,
            "id": "project-column-selection",
            "current_selection": args["column"]
        },
        "directions": {
            "entries": directions,
            "id": "project-dir-selection",
            "current_selection": args["order"]
        }
    }

    return render_template('account/projects.html',
                           title=gettext("Projects"),
                           projects_published=projects_published,
                           projects_draft=projects_draft,
                           sort_options=sort_options)
Example #10
0
def manage_user(access_token, user_data):
    """Manage the user after signin"""
    # We have to store the oauth_token in the session to get the USER fields

    user = user_repo.get_by(google_user_id=user_data['id'])

    # user never signed on
    if user is None:
        google_token = dict(oauth_token=access_token)
        info = dict(google_token=google_token)
        name = username_from_full_name(user_data['name'])
        user = user_repo.get_by_name(name)

        email = user_repo.get_by(email_addr=user_data['email'])

        if ((user is None) and (email is None)):
            user = User(fullname=user_data['name'],
                        name=name,
                        email_addr=user_data['email'],
                        google_user_id=user_data['id'],
                        info=info)
            user_repo.save(user)
            if newsletter.is_initialized():
                newsletter.subscribe_user(user)
            return user
        else:
            return None
    else:
        # Update the name to fit with new paradigm to avoid UTF8 problems
        if type(user.name) == unicode or ' ' in user.name:
            user.name = username_from_full_name(user.name)
            user_repo.update(user)
        return user
Example #11
0
def manage_user(access_token, user_data, next_url):
    """Manage the user after signin"""
    # We have to store the oauth_token in the session to get the USER fields

    user = user_repo.get_by(google_user_id=user_data['id'])

    # user never signed on
    if user is None:
        google_token = dict(oauth_token=access_token)
        info = dict(google_token=google_token)
        name = user_data['name'].encode('ascii', 'ignore').lower().replace(" ", "")
        user = user_repo.get_by_name(name)

        email = user_repo.get_by(email_addr=user_data['email'])

        if ((user is None) and (email is None)):
            user = User(fullname=user_data['name'],
                   name=user_data['name'].encode('ascii', 'ignore')
                                         .lower().replace(" ", ""),
                   email_addr=user_data['email'],
                   google_user_id=user_data['id'],
                   info=info)
            user_repo.save(user)
            return user
        else:
            return None
    else:
        # Update the name to fit with new paradigm to avoid UTF8 problems
        if type(user.name) == unicode or ' ' in user.name:
            user.name = user.name.encode('ascii', 'ignore').lower().replace(" ", "")
            user_repo.update(user)
        return user
Example #12
0
def manage_user(access_token, user_data):
    """Manage the user after signin"""
    user = user_repo.get_by(facebook_user_id=user_data['id'])

    if user is None:
        facebook_token = dict(oauth_token=access_token)
        info = dict(facebook_token=facebook_token)
        name = username_from_full_name(user_data['name'])
        user_exists = user_repo.get_by_name(name) is not None
        # NOTE: Sometimes users at Facebook validate their accounts without
        # registering an e-mail (see this http://stackoverflow.com/a/17809808)
        email_exists = (user_data.get('email') is not None and
                        user_repo.get_by(email_addr=user_data['email']) is not None)

        if not user_exists and not email_exists:
            if not user_data.get('email'):
                user_data['email'] = name
            user = User(fullname=user_data['name'],
                        name=name,
                        email_addr=user_data['email'],
                        facebook_user_id=user_data['id'],
                        info=info)
            user_repo.save(user)
            if newsletter.is_initialized() and user.email_addr != name:
                newsletter.subscribe_user(user)
            return user
        else:
            return None
    else:
        return user
Example #13
0
def _create_account_Auth(user_data):
    new_user = model.user.User(fullname=user_data['fullname'],
                               name=user_data['name'],
                               email_addr=user_data['email_addr'],
                               valid_email=True,
                               auth_user_id=user_data['auth_user_id'],
                               admin=False)
    password = GenPasswd2(8, string.digits) + GenPasswd2(
        15, string.ascii_letters)
    new_user.set_password(password)

    userxemail = user_repo.get_by(email_addr=user_data['email_addr'])
    if userxemail:
        if userxemail.auth_user_id is None:
            new_user = userxemail
            new_user.auth_user_id = user_data['auth_user_id']
            user_repo.update(new_user)
            flash(gettext(u'Bienvenido') + " " + new_user.fullname, 'success')
            return _sign_in_user(new_user)
        else:
            flash(
                gettext(
                    u'El email ya está registrado en nuestro sistema bajo otra cuenta con otras credenciales. No ha sido posible iniciar sesión.  Inicie sesión utilizando la cuenta original que uso para registrarse por primera vez con esta dirección de correo.'
                ), 'error')
            return redirect_content_type(url_for("home.home"))
    else:
        userduplicatename = user_repo.get_by_name(name=new_user.name)
        if userduplicatename:
            new_user.name = new_user.name + GenRandomString(
                6, string.ascii_lowercase)

        user_repo.save(new_user)
        flash(gettext(u'Gracias por registrarte.'), 'success')
        return _sign_in_user(new_user)
Example #14
0
def manage_user(access_token, user_data):
    """Manage the user after signin"""
    # Twitter API does not provide a way
    # to get the e-mail so we will ask for it
    # only the first time
    info = dict(twitter_token=access_token)

    user = user_repo.get_by(twitter_user_id=user_data['user_id'])

    if user is not None:
        user.info['twitter_token'] = access_token
        user_repo.save(user)
        return user

    user = user_repo.get_by_name(user_data['screen_name'])
    if user is not None:
        return None

    user = User(fullname=user_data['screen_name'],
                name=user_data['screen_name'],
                email_addr=user_data['screen_name'],
                twitter_user_id=user_data['user_id'],
                info=info)
    user_repo.save(user)
    return user
Example #15
0
def manage_user(access_token, user_data):
    """Manage the user after signin"""
    # Twitter API does not provide a way
    # to get the e-mail so we will ask for it
    # only the first time
    info = dict(twitter_token=access_token)

    user = user_repo.get_by(twitter_user_id=user_data['user_id'])

    if user is not None:
        user.info['twitter_token'] = access_token
        user_repo.save(user)
        return user

    user = user_repo.get_by_name(user_data['screen_name'])
    if user is not None:
        return None

    user = User(fullname=user_data['screen_name'],
                name=user_data['screen_name'],
                email_addr=user_data['screen_name'],
                twitter_user_id=user_data['user_id'],
                info=info)
    user_repo.save(user)
    return user
Example #16
0
def reset_password():
    """
    Reset password method.

    Returns a Jinja2 template.

    """
    key = request.args.get('key')
    if key is None:
        abort(403)
    userdict = {}
    try:
        timeout = current_app.config.get('ACCOUNT_LINK_EXPIRATION', 3600)
        userdict = signer.loads(key, max_age=timeout, salt='password-reset')
    except BadData:
        abort(403)
    username = userdict.get('user')
    if not username or not userdict.get('password'):
        abort(403)
    user = user_repo.get_by_name(username)
    if user.passwd_hash != userdict.get('password'):
        abort(403)
    form = ChangePasswordForm(request.form)
    if form.validate_on_submit():
        user.set_password(form.new_password.data)
        user_repo.update(user)
        flash(gettext('You reset your password successfully!'), 'success')
        return _sign_in_user(user)
    if request.method == 'POST' and not form.validate():
        flash(gettext('Please correct the errors'), 'error')
    return render_template('/account/password_reset.html', form=form)
Example #17
0
def manage_user(access_token, user_data, next_url):
    """Manage the user after signin"""
    user = user_repo.get_by(facebook_user_id=user_data['id'])

    if user is None:
        facebook_token = dict(oauth_token=access_token)
        info = dict(facebook_token=facebook_token)
        user = user_repo.get_by_name(user_data['username'])
        # NOTE: Sometimes users at Facebook validate their accounts without
        # registering an e-mail (see this http://stackoverflow.com/a/17809808)
        email = None
        if user_data.get('email'):
            email = user_repo.get_by(email_addr=user_data['email'])

        if user is None and email is None:
            if not user_data.get('email'):
                user_data['email'] = "None"
            user = User(fullname=user_data['name'],
                   name=user_data['username'],
                   email_addr=user_data['email'],
                   facebook_user_id=user_data['id'],
                   info=info)
            user_repo.save(user)
            return user
        else:
            return None
    else:
        return user
Example #18
0
def manage_user(access_token, user_data, next_url):
    """Manage the user after signin"""
    user = user_repo.get_by(facebook_user_id=user_data['id'])

    if user is None:
        facebook_token = dict(oauth_token=access_token)
        info = dict(facebook_token=facebook_token)
        user = user_repo.get_by_name(user_data['username'])
        # NOTE: Sometimes users at Facebook validate their accounts without
        # registering an e-mail (see this http://stackoverflow.com/a/17809808)
        email = None
        if user_data.get('email'):
            email = user_repo.get_by(email_addr=user_data['email'])

        if user is None and email is None:
            if not user_data.get('email'):
                user_data['email'] = "None"
            user = User(fullname=user_data['name'],
                        name=user_data['username'],
                        email_addr=user_data['email'],
                        facebook_user_id=user_data['id'],
                        info=info)
            user_repo.save(user)
            if newsletter.app and user.email_addr != "None":
                newsletter.subscribe_user(user)
            return user
        else:
            return None
    else:
        return user
Example #19
0
def recent_tasks(name):
    current_app.logger.debug('recent_tasks: {}'.format(name))
    start_time_utc = request.args.get('start')
    if (not start_time_utc) or (not utc_dt_re.search(start_time_utc)):
        abort(400)
    user = user_repo.get_by_name(name)
    recent = cached_users.get_tasks_completed_between(user.id, beginning_time_utc=start_time_utc[:-1])
    return jsonify(dict(count=len(recent)))
Example #20
0
def add_metadata(name):
    """
    Admin can save metadata for selected user.
    Regular user can save their own metadata.

    Redirects to public profile page for selected user.

    """
    user = user_repo.get_by_name(name=name)
    (can_update, disabled_fields) = can_update_user_info(current_user, user)
    if not can_update:
        abort(403)
    form_data = get_form_data(request, user, disabled_fields)
    form = UserPrefMetadataForm(form_data,
                                can_update=(can_update, disabled_fields))
    form.set_upref_mdata_choices()

    if not form.validate():
        if current_user.id == user.id:
            user_dict = cached_users.get_user_summary(user.name)
        else:
            user_dict = cached_users.public_get_user_summary(user.name)
        projects_contributed = cached_users.projects_contributed_cached(
            user.id)
        projects_created = cached_users.published_projects_cached(user.id)
        total_projects_contributed = '{} / {}'.format(
            cached_users.n_projects_contributed(user.id), n_published())
        percentage_tasks_completed = user_dict['n_answers'] * 100 / (
            n_total_tasks() or 1)
        if current_user.is_authenticated and current_user.admin:
            draft_projects = cached_users.draft_projects(user.id)
            projects_created.extend(draft_projects)
        title = "%s · User Profile" % user.name
        flash("Please fix the errors", 'message')
        return render_template(
            '/account/public_profile.html',
            title=title,
            user=user,
            projects=projects_contributed,
            projects_created=projects_created,
            total_projects_contributed=total_projects_contributed,
            percentage_tasks_completed=percentage_tasks_completed,
            form=form,
            input_form=True,
            can_update=can_update,
            upref_mdata_enabled=bool(app_settings.upref_mdata))

    user_pref, metadata = get_user_pref_and_metadata(name, form)
    user.info['metadata'] = metadata
    ensure_data_access_assignment_from_form(user.info, form)
    user.user_pref = user_pref
    user_repo.update(user)
    cached_users.delete_user_pref_metadata(user.name)
    cached_users.delete_user_access_levels_by_id(user.id)
    delete_memoized(get_user_preferences, user.id)
    flash("Input saved successfully", "info")
    return redirect(url_for('account.profile', name=name))
Example #21
0
def warm_cache():  # pragma: no cover
    """Background job to warm cache."""
    from pybossa.core import create_app
    app = create_app(run_as_server=False)
    projects_cached = []
    import pybossa.cache.projects as cached_projects
    import pybossa.cache.categories as cached_cat
    import pybossa.cache.users as cached_users
    import pybossa.cache.project_stats as stats
    from pybossa.util import rank
    from pybossa.core import user_repo

    def warm_project(_id, short_name, featured=False):
        if _id not in projects_cached:
            #cached_projects.get_project(short_name)
            #cached_projects.n_tasks(_id)
            #n_task_runs = cached_projects.n_task_runs(_id)
            #cached_projects.overall_progress(_id)
            #cached_projects.last_activity(_id)
            #cached_projects.n_completed_tasks(_id)
            #cached_projects.n_volunteers(_id)
            #cached_projects.browse_tasks(_id)
            #if n_task_runs >= 1000 or featured:
            #    # print ("Getting stats for %s as it has %s task runs" %
            #    #        (short_name, n_task_runs))
            stats.update_stats(_id, app.config.get('GEO'))
            projects_cached.append(_id)

    # Cache top projects
    projects = cached_projects.get_top()
    for p in projects:
        warm_project(p['id'], p['short_name'])

    # Cache 3 pages
    to_cache = 3 * app.config['APPS_PER_PAGE']
    projects = rank(cached_projects.get_all_featured('featured'))[:to_cache]
    for p in projects:
        warm_project(p['id'], p['short_name'], featured=True)

    # Categories
    categories = cached_cat.get_used()
    for c in categories:
        projects = rank(cached_projects.get_all(c['short_name']))[:to_cache]
        for p in projects:
            warm_project(p['id'], p['short_name'])
    # Users
    users = cached_users.get_leaderboard(app.config['LEADERBOARD'])
    for user in users:
        # print "Getting stats for %s" % user['name']
        print user_repo
        u = user_repo.get_by_name(user['name'])
        cached_users.get_user_summary(user['name'])
        cached_users.projects_contributed_cached(u.id)
        cached_users.published_projects_cached(u.id)
        cached_users.draft_projects_cached(u.id)

    return True
Example #22
0
def warm_cache():  # pragma: no cover
    """Background job to warm cache."""
    from pybossa.core import create_app
    app = create_app(run_as_server=False)
    projects_cached = []
    import pybossa.cache.projects as cached_projects
    import pybossa.cache.categories as cached_cat
    import pybossa.cache.users as cached_users
    import pybossa.cache.project_stats as stats
    from pybossa.util import rank
    from pybossa.core import user_repo

    def warm_project(_id, short_name, featured=False):
        if _id not in projects_cached:
            #cached_projects.get_project(short_name)
            #cached_projects.n_tasks(_id)
            #n_task_runs = cached_projects.n_task_runs(_id)
            #cached_projects.overall_progress(_id)
            #cached_projects.last_activity(_id)
            #cached_projects.n_completed_tasks(_id)
            #cached_projects.n_volunteers(_id)
            #cached_projects.browse_tasks(_id)
            #if n_task_runs >= 1000 or featured:
            #    # print ("Getting stats for %s as it has %s task runs" %
            #    #        (short_name, n_task_runs))
            stats.update_stats(_id, app.config.get('GEO'))
            projects_cached.append(_id)

    # Cache top projects
    projects = cached_projects.get_top()
    for p in projects:
        warm_project(p['id'], p['short_name'])

    # Cache 3 pages
    to_cache = 3 * app.config['APPS_PER_PAGE']
    projects = rank(cached_projects.get_all_featured('featured'))[:to_cache]
    for p in projects:
        warm_project(p['id'], p['short_name'], featured=True)

    # Categories
    categories = cached_cat.get_used()
    for c in categories:
        projects = rank(cached_projects.get_all(c['short_name']))[:to_cache]
        for p in projects:
            warm_project(p['id'], p['short_name'])
    # Users
    users = cached_users.get_leaderboard(app.config['LEADERBOARD'])
    for user in users:
        # print "Getting stats for %s" % user['name']
        print user_repo
        u = user_repo.get_by_name(user['name'])
        cached_users.get_user_summary(user['name'])
        cached_users.projects_contributed_cached(u.id)
        cached_users.published_projects_cached(u.id)
        cached_users.draft_projects_cached(u.id)

    return True
def update_profile(name):
    """
    Update user's profile.

    Returns Jinja2 template.

    """
    user = user_repo.get_by_name(name)
    if not user:
        return abort(404)
    ensure_authorized_to('update', user)

    if not user.admin :        
        if is_amnesty_sso_enable():        
            return redirect(amnesty_url_for('/<name>/'))

    show_passwd_form = True
    if user.twitter_user_id or user.google_user_id or user.facebook_user_id:
        show_passwd_form = False
    usr = cached_users.get_user_summary(name)
    # Extend the values
    user.rank = usr.get('rank')
    user.score = usr.get('score')
    # Creation of forms
    update_form = UpdateProfileForm(obj=user)
    update_form.set_locales(current_app.config['LOCALES'])

    avatar_form = AvatarUploadForm()
    password_form = ChangePasswordForm()

    if request.method == 'POST':

        # Update user avatar
        if request.form.get('btn') == 'Upload':
            _handle_avatar_update(user, avatar_form)
        # Update user profile
        elif request.form.get('btn') == 'Profile':
            _handle_profile_update(user, update_form)
        # Update user password
        elif request.form.get('btn') == 'Password':
            _handle_password_update(user, password_form)
        # Update user external services
        elif request.form.get('btn') == 'External':
            _handle_external_services_update(user, update_form)
        # Otherwise return 415
        else:
            return abort(415)
        return redirect(url_for('.update_profile', name=user.name))

    title_msg = "Update your profile: %s" % user.fullname
    return render_template('/account/update.html',
                           form=update_form,
                           upload_form=avatar_form,
                           password_form=password_form,
                           title=title_msg,
                           show_passwd_form=show_passwd_form)
Example #24
0
def wallet(name):
    user = user_repo.get_by_name(name)
    if not user:
        return abort(404)
    if current_user.name != name:
        return abort(403)

    user = user_repo.get(current_user.id)
    response = dict(template='account/wallet.html', title=gettext("Wallet"))
    return handle_content_type(response)
    def test_enable_changes_last_login(self):
        """Test enabling user changes last login"""
        self.register()
        self.signin()
        self.register(name='tyrion')
        self.signout()

        self.signin(email='*****@*****.**')
        user = user_repo.get_by_name('tyrion')
        last_login = user.last_login
        self.signout()

        self.signin()
        self.app.get('/admin/users/disable_user/{}'.format(user.id))

        self.app.get('/admin/users/enable_user/{}'.format(user.id))
        self.signout()

        user = user_repo.get_by_name('tyrion')
        assert user.last_login != last_login
Example #26
0
def profile(name):
    """
    Get user profile.

    Returns a Jinja2 template with the user information.

    """
    user = user_repo.get_by_name(name=name)
    if user is None:
        raise abort(404)
    if current_user.is_anonymous() or (user.id != current_user.id):
        return _show_public_profile(user)
    if current_user.is_authenticated() and user.id == current_user.id:
        return _show_own_profile(user)
Example #27
0
def profile(name):
    """
    Get user profile.

    Returns a Jinja2 template with the user information.

    """
    user = user_repo.get_by_name(name=name)
    if user is None:
        raise abort(404)
    if current_user.is_anonymous() or (user.id != current_user.id):
        return _show_public_profile(user)
    if current_user.is_authenticated() and user.id == current_user.id:
        return _show_own_profile(user)
Example #28
0
def confirm_account():
    """Confirm account endpoint."""
    key = request.args.get('key')
    if key is None:
        abort(403)
    try:
        timeout = current_app.config.get('ACCOUNT_LINK_EXPIRATION', 3600)
        userdict = signer.loads(key, max_age=timeout, salt='account-validation')
    except BadData:
        abort(403)
    # First check if the user exists
    user = user_repo.get_by_name(userdict['name'])
    if user is not None:
        return _update_user_with_valid_email(user, userdict['email_addr'])
    return _create_account(userdict)
Example #29
0
def confirm_account():
    """Confirm account endpoint."""
    key = request.args.get('key')
    if key is None:
        abort(403)
    try:
        timeout = current_app.config.get('ACCOUNT_LINK_EXPIRATION', 3600)
        userdict = signer.loads(key, max_age=timeout, salt='account-validation')
    except BadData:
        abort(403)
    # First check if the user exists
    user = user_repo.get_by_name(userdict['name'])
    if user is not None:
        return _update_user_with_valid_email(user, userdict['email_addr'])
    return _create_account(userdict)
    def test_disable_user(self):
        """Test disable enable user works"""
        self.register()
        self.signin()
        self.register(name='tyrion')
        user = user_repo.get_by_name('tyrion')
        self.app.get('/admin/users/disable_user/{}'.format(user.id))
        self.signout()
        res = self.signin(email='*****@*****.**')
        assert 'Your account is disabled. ' in res.data, res.data

        self.signin()
        self.app.get('/admin/users/enable_user/{}'.format(user.id))
        self.signout()
        res = self.signin(email='*****@*****.**')
        assert 'Welcome back ' in res.data, res.data
    def test_user_cannot_disable_users(self):
        """Test user cannot disable users"""
        self.register()
        self.signin()
        self.register(name='tyrion')
        self.register(name='tywin')
        self.signout()

        self.signin(email='*****@*****.**')
        tyrion = user_repo.get_by_name('tyrion')

        res = self.app.get('/admin/users/disable_user/{}'.format(tyrion.id))
        assert res.status_code == 403, res.status

        res = self.app.get('/admin/users/enable_user/{}'.format(tyrion.id))
        assert res.status_code == 403, res.status
Example #32
0
def reset_api_key(name):
    """
    Reset API-KEY for user.

    Returns a Jinja2 template.

    """
    user = user_repo.get_by_name(name)
    if not user:
        return abort(404)
    ensure_authorized_to('update', user)
    user.api_key = model.make_uuid()
    user_repo.update(user)
    cached_users.delete_user_summary(user.name)
    msg = gettext('New API-KEY generated')
    flash(msg, 'success')
    return redirect(url_for('account.profile', name=name))
Example #33
0
def add_metadata(name):
    """
    Admin can add metadata for selected user

    Redirects to public profile page for selected user.

    """
    user = user_repo.get_by_name(name=name)
    if not can_update_user_info(current_user, user):
        abort(403)
    form = MetadataForm(request.form)
    if not any(value for value in form.data.values()):
        user.info['metadata'] = {}
        user.user_pref = {}
    elif form.validate():
        metadata = dict(admin=current_user.name, time_stamp=time.ctime(),
                        user_type=form.user_type.data, start_time=form.start_time.data,
                        end_time=form.end_time.data, review=form.review.data,
                        timezone=form.timezone.data, profile_name=user.name)
        user.info['metadata'] = metadata
        user_pref = {}
        if form.languages.data:
            user_pref["languages"] = form.languages.data
        if form.locations.data:
            user_pref["locations"] = form.locations.data

        user.user_pref = user_pref
    else:
        projects_contributed = cached_users.projects_contributed_cached(user.id)
        projects_created = cached_users.published_projects_cached(user.id)
        metadata = cached_users.get_metadata(user.name)
        if current_user.is_authenticated() and current_user.admin:
            draft_projects = cached_users.draft_projects(user.id)
            projects_created.extend(draft_projects)
        title = "%s &middot; User Profile" % user.name
        flash("Please fix the errors", 'message')
        return render_template('/account/public_profile.html',
                               title=title, user=user, metadata=metadata,
                               projects=projects_contributed, form=form,
                               projects_created=projects_created,
                               input_form=True)
    user_repo.update(user)
    cached_users.delete_user_metadata(user.name)
    delete_memoized(get_user_preferences, user.id)
    flash("Input saved successfully", "info")
    return redirect(url_for('account.profile', name=name))
Example #34
0
def oauth_authorized(resp):  # pragma: no cover
    """Called after authorization. After this function finished handling,
    the OAuth information is removed from the session again. When this
    happened, the tokengetter from above is used to retrieve the oauth
    token and secret.

    Because the remote application could have re-authorized the application
    it is necessary to update the values in the database.

    If the application redirected back after denying, the response passed
    to the function will be `None`. Otherwise a dictionary with the values
    the application submitted. Note that Twitter itself does not really
    redirect back unless the user clicks on the application name.
    """
    next_url = request.args.get('next') or url_for('home.home')
    if resp is None:
        flash(u'You denied the request to sign in.', 'error')
        return redirect(next_url)

    access_token = dict(oauth_token=resp['oauth_token'],
                        oauth_token_secret=resp['oauth_token_secret'])

    user_data = dict(screen_name=resp['screen_name'],
                     user_id=resp['user_id'])

    user = manage_user(access_token, user_data, next_url)

    if user is None:
        user = user_repo.get_by_name(user_data['screen_name'])
        msg, method = get_user_signup_method(user)
        flash(msg, 'info')
        if method == 'local':
            return redirect(url_for('account.forgot_password'))
        else:
            return redirect(url_for('account.signin'))

    first_login = False
    login_user(user, remember=True)
    flash("Welcome back %s" % user.fullname, 'success')
    if user.email_addr != user.name:
        return redirect(next_url)
    if first_login:
        flash("This is your first login, please add a valid e-mail")
    else:
        flash("Please update your e-mail address in your profile page")
    return redirect(url_for('account.update_profile', name=user.name))
Example #35
0
def reset_api_key(name):
    """
    Reset API-KEY for user.

    Returns a Jinja2 template.

    """
    user = user_repo.get_by_name(name)
    if not user:
        return abort(404)
    ensure_authorized_to('update', user)
    user.api_key = model.make_uuid()
    user_repo.update(user)
    cached_users.delete_user_summary(user.name)
    msg = gettext('New API-KEY generated')
    flash(msg, 'success')
    return redirect(url_for('account.profile', name=name))
Example #36
0
def start_export(name):
    """
    Starts a export of all user data according to EU GDPR

    Data will be available on GET /export after it is processed

    """
    user = user_repo.get_by_name(name)
    if not user:
        return abort(404)

    ensure_authorized_to('update', user)
    export_queue.enqueue(export_userdata,
                         user_id=user.id,
                         admin_addr=current_user.email_addr)
    msg = gettext('GDPR export started')
    flash(msg, 'success')
    return redirect_content_type(url_for('account.profile', name=name))
Example #37
0
def manage_user_login(user, user_data, next_url):
    """Manage user login."""
    if user is None:
        user = user_repo.get_by_name(user_data['screen_name'])
        msg, method = get_user_signup_method(user)
        flash(msg, 'info')
        if method == 'local':
            return redirect(url_for_app_type('account.forgot_password'))
        else:
            return redirect(url_for_app_type('account.signin'))

    login_user(user, remember=True)
    flash("Welcome back %s" % user.fullname, 'success')
    if ((user.email_addr != user.name) and user.newsletter_prompted is False
            and newsletter.is_initialized()):
        return redirect(url_for_app_type('account.newsletter_subscribe',
                                         next=next_url))
    return redirect(next_url)
Example #38
0
def manage_user_login(user, user_data, next_url):
    """Manage user login."""
    if user is None:
        user = user_repo.get_by_name(user_data['screen_name'])
        msg, method = get_user_signup_method(user)
        flash(msg, 'info')
        if method == 'local':
            return redirect(url_for_app_type('account.forgot_password'))
        else:
            return redirect(url_for_app_type('account.signin'))

    login_user(user, remember=True)
    flash("Welcome back %s" % user.fullname, 'success')
    if ((user.email_addr != user.name) and user.newsletter_prompted is False
            and newsletter.is_initialized()):
        return redirect(
            url_for_app_type('account.newsletter_subscribe', next=next_url))
    return redirect(next_url)
Example #39
0
def reset_api_key(name):
    """
    Reset API-KEY for user.

    Returns a Jinja2 template.

    """
    user = user_repo.get_by_name(name)
    if not user:
        return abort(404)
    require.user.update(user)
    title = ("User: %s &middot; Settings"
             "- Reset API KEY") % current_user.fullname
    user.api_key = model.make_uuid()
    user_repo.update(user)
    cached_users.delete_user_summary(user.name)
    msg = gettext('New API-KEY generated')
    flash(msg, 'success')
    return redirect(url_for('account.profile', name=name))
    def test_subadmin_can_disable_users(self):
        """Test subadmin can disable users"""
        self.register()
        self.signin()
        self.register(name='tyrion')
        self.register(name='tywin')
        self.signout()

        make_subadmin_by(name='tyrion')
        self.signin(email='*****@*****.**')
        tywin = user_repo.get_by_name('tywin')

        res = self.app.get('/admin/users/disable_user/{}'.format(tywin.id),
                           follow_redirects=True)
        assert res.status_code == 200, res.status

        res = self.app.get('/admin/users/enable_user/{}'.format(tywin.id),
                           follow_redirects=True)
        assert res.status_code == 200, res.status
Example #41
0
def reset_api_key(name):
    """
    Reset API-KEY for user.

    Returns a Jinja2 template.

    """
    user = user_repo.get_by_name(name)
    if not user:
        return abort(404)
    require.user.update(user)
    title = ("User: %s &middot; Settings"
             "- Reset API KEY") % current_user.fullname
    user.api_key = model.make_uuid()
    user_repo.update(user)
    cached_users.delete_user_summary(user.name)
    msg = gettext('New API-KEY generated')
    flash(msg, 'success')
    return redirect(url_for('account.profile', name=name))
Example #42
0
def oauth_authorized(resp):  # pragma: no cover
    #print "OAUTH authorized method called"
    next_url = url_for('home.home')

    if resp is None or request.args.get('error'):
        flash(u'You denied the request to sign in.', 'error')
        flash(u'Reason: ' + request.args['error'], 'error')
        if request.args.get('error'):
                return redirect(url_for('account.signin'))
        return redirect(next_url)

    headers = {'Authorization': ' '.join(['OAuth', resp['access_token']])}
    url = 'https://www.googleapis.com/oauth2/v1/userinfo'
    try:
        r = requests.get(url, headers=headers)
    except requests.exceptions.http_error:
        # Unauthorized - bad token
        if r.status_code == 401:
            return redirect(url_for('account.signin'))
        return r.content

    access_token = resp['access_token']
    session['oauth_token'] = access_token
    import json
    user_data = json.loads(r.content)
    user = manage_user(access_token, user_data, next_url)
    if user is None:
        # Give a hint for the user
        user = user_repo.get_by(email_addr=user_data['email'])
        if user is None:
            name = user_data['name'].encode('ascii', 'ignore').lower().replace(' ', '')
            user = user_repo.get_by_name(name)

        msg, method = get_user_signup_method(user)
        flash(msg, 'info')
        if method == 'local':
            return redirect(url_for('account.forgot_password'))
        else:
            return redirect(url_for('account.signin'))
    else:
        login_user(user, remember=True)
        flash("Welcome back %s" % user.fullname, 'success')
        return redirect(next_url)
Example #43
0
def start_export(name):
    """
    Starts a export of all user data according to EU GDPR

    Data will be available on GET /export after it is processed

    """
    user = user_repo.get_by_name(name)
    if not user:
        return abort(404)
    if user.id != current_user.id:
        return abort(403)

    ensure_authorized_to('update', user)
    export_queue.enqueue(export_userdata,
                         user_id=user.id)
    msg = gettext('GDPR export started')
    flash(msg, 'success')
    return redirect_content_type(url_for('account.profile', name=name))
Example #44
0
def delete(name):
    """
    Delete user account.
    """
    user = user_repo.get_by_name(name)
    if not user:
        return abort(404)
    if current_user.name != name:
        return abort(403)

    super_queue.enqueue(delete_account, user.id)

    if (request.headers.get('Content-Type') == 'application/json' or
        request.args.get('response_format') == 'json'):

        response = dict(job='enqueued', template='account/delete.html')
        return handle_content_type(response)
    else:
        return redirect(url_for('account.signout'))
def profile(name):
    """
    Get user profile.

    Returns a Jinja2 template with the user information.

    """
    user = user_repo.get_by_name(name=name)
    if user is None:
        raise abort(404)
    if current_user.is_anonymous() or (user.id != current_user.id):
        return _show_public_profile(user)
    if current_user.is_authenticated() and user.id == current_user.id:
        # pybossa admin can still access pybossa account page event when we enable IM
        if not user.admin :
            if is_amnesty_sso_enable():
                return redirect(amnesty_url_for('/<name>/'))

        return _show_own_profile(user)
Example #46
0
def delete(name):
    """
    Delete user account.
    """
    user = user_repo.get_by_name(name)
    if not user:
        return abort(404)
    if user.admin:
        return abort(403)

    super_queue.enqueue(delete_account, user.id, current_user.email_addr)

    if (request.headers.get('Content-Type') == 'application/json'
            or request.args.get('response_format') == 'json'):

        response = dict(job='enqueued', template='account/delete.html')
        return handle_content_type(response)
    else:
        return redirect(url_for('admin.index'))
Example #47
0
def manage_user_login(user, user_data, next_url):
    """Manage user login."""
    if user is None:
        user = user_repo.get_by_name(user_data["screen_name"])
        msg, method = get_user_signup_method(user)
        flash(msg, "info")
        if method == "local":
            return redirect(url_for("account.forgot_password"))
        else:
            return redirect(url_for("account.signin"))

    login_user(user, remember=True)
    flash("Welcome back %s" % user.fullname, "success")
    if (user.email_addr != user.name) and user.newsletter_prompted is False and newsletter.is_initialized():
        return redirect(url_for("account.newsletter_subscribe", next=next_url))
    if user.email_addr != user.name:
        return redirect(next_url)
    else:
        flash("Please update your e-mail address in your profile page")
        return redirect(url_for("account.update_profile", name=user.name))
Example #48
0
def projects(name):
    """
    List user's project list.

    Returns a Jinja2 template with the list of projects of the user.

    """
    user = user_repo.get_by_name(name)
    if not user:
        return abort(404)
    if current_user.name != name:
        return abort(403)

    user = user_repo.get(current_user.id)
    projects_published, projects_draft = _get_user_projects(user.id)

    return render_template('account/projects.html',
                           title=gettext("Projects"),
                           projects_published=projects_published,
                           projects_draft=projects_draft)
Example #49
0
def projects(name):
    """
    List user's project list.

    Returns a Jinja2 template with the list of projects of the user.

    """
    user = user_repo.get_by_name(name)
    if not user:
        return abort(404)
    if current_user.name != name:
        return abort(403)

    user = user_repo.get(current_user.id)
    projects_published, projects_draft = _get_user_projects(user.id)

    return render_template('account/projects.html',
                           title=gettext("Projects"),
                           projects_published=projects_published,
                           projects_draft=projects_draft)
Example #50
0
def manage_user_login(user, user_data, next_url):
    """Manage user login."""
    if user is None:
        # Give a hint for the user
        user = user_repo.get_by(email_addr=user_data["email"])
        if user is None:
            name = username_from_full_name(user_data["name"])
            user = user_repo.get_by_name(name)

        msg, method = get_user_signup_method(user)
        flash(msg, "info")
        if method == "local":
            return redirect(url_for("account.forgot_password"))
        else:
            return redirect(url_for("account.signin"))
    else:
        login_user(user, remember=True)
        flash("Welcome back %s" % user.fullname, "success")
        if user.newsletter_prompted is False and newsletter.is_initialized():
            return redirect(url_for("account.newsletter_subscribe", next=next_url))
        return redirect(next_url)
Example #51
0
def applications(name):
    """
    List user's project list.

    Returns a Jinja2 template with the list of projects of the user.

    """
    user = user_repo.get_by_name(name)
    if not user:
        return abort(404)
    if current_user.name != name:
        return abort(403)

    user = user_repo.get(current_user.id)
    apps_published, apps_draft = _get_user_apps(user.id)
    apps_published.extend(cached_users.hidden_apps(user.id))

    return render_template('account/applications.html',
                           title=gettext("Projects"),
                           apps_published=apps_published,
                           apps_draft=apps_draft)
Example #52
0
def profile(name):
    """
    Get user profile.

    Returns a Jinja2 template with the user information.

    """
    user = user_repo.get_by_name(name=name)
    if user is None:
        raise abort(404)

    form = None
    if current_app.config.upref_mdata:
        form_data = cached_users.get_user_pref_metadata(user.name)
        form = UserPrefMetadataForm(**form_data)
        form.set_upref_mdata_choices()

    if current_user.is_anonymous() or (user.id != current_user.id):
        return _show_public_profile(user, form)
    if current_user.is_authenticated() and user.id == current_user.id:
        return _show_own_profile(user, form)
Example #53
0
def reset_api_key(name):
    """
    Reset API-KEY for user.

    Returns a Jinja2 template.

    """
    if request.method == 'POST':
        user = user_repo.get_by_name(name)
        if not user:
            return abort(404)
        ensure_authorized_to('update', user)
        user.api_key = model.make_uuid()
        user_repo.update(user)
        cached_users.delete_user_summary(user.name)
        msg = gettext('New API-KEY generated')
        flash(msg, 'success')
        return redirect_content_type(url_for('account.profile', name=name))
    else:
        csrf = dict(form=dict(csrf=generate_csrf()))
        return jsonify(csrf)
Example #54
0
def manage_user_login(user, user_data, next_url):
    """Manage user login."""
    if user is None:
        # Give a hint for the user
        user = user_repo.get_by(email_addr=user_data['email'])
        if user is None:
            name = user_data['name'].encode('ascii', 'ignore').lower().replace(' ', '')
            user = user_repo.get_by_name(name)

        msg, method = get_user_signup_method(user)
        flash(msg, 'info')
        if method == 'local':
            return redirect(url_for('account.forgot_password'))
        else:
            return redirect(url_for('account.signin'))
    else:
        login_user(user, remember=True)
        flash("Welcome back %s" % user.fullname, 'success')
        if user.newsletter_prompted is False and newsletter.app:
            return redirect(url_for('account.newsletter_subscribe',
                                    next=next_url))
        return redirect(next_url)
Example #55
0
def add_metadata(name):
    """
    Admin can save metadata for selected user
    Redirects to public profile page for selected user.
    """
    user = user_repo.get_by_name(name=name)
    form = UserPrefMetadataForm(request.form)
    form.set_upref_mdata_choices()
    if not form.validate():
        if current_user.id == user.id:
            user_dict = cached_users.get_user_summary(user.name)
        else:
            user_dict = cached_users.public_get_user_summary(user.name)
        projects_contributed = cached_users.projects_contributed_cached(user.id)
        projects_created = cached_users.published_projects_cached(user.id)
        if current_user.is_authenticated() and current_user.admin:
            draft_projects = cached_users.draft_projects(user.id)
            projects_created.extend(draft_projects)
        title = "%s &middot; User Profile" % user.name
        flash("Please fix the errors", 'message')
        can_update = current_user.admin
        return render_template('/account/public_profile.html',
                               title=title,
                               user=user_dict,
                               projects=projects_contributed,
                               projects_created=projects_created,
                               form=form,
                               can_update=can_update,
                               input_form=True)

    user_pref, metadata = get_user_pref_and_metadata(name, form)
    user.info['metadata'] = metadata
    user.user_pref = user_pref
    user_repo.update(user)
    cached_users.delete_user_pref_metadata(user.name)
    flash("Input saved successfully", "info")
    return redirect(url_for('account.profile', name=name))
Example #56
0
def projects(name):
    """
    List user's project list.

    Returns a Jinja2 template with the list of projects of the user.

    """
    user = user_repo.get_by_name(name)
    if not user:
        return abort(404)
    if current_user.name != name:
        return abort(403)

    if not user.admin :        
        if is_amnesty_sso_enable():        
            return redirect(amnesty_url_for('/<name>/'))
            
    user = user_repo.get(current_user.id)
    projects_published, projects_draft = _get_user_projects(user.id)

    return render_template('account/projects.html',
                           title=gettext("Projects"),
                           projects_published=projects_published,
                           projects_draft=projects_draft)
Example #57
0
def update_profile(name):
    """
    Update user's profile.

    Returns Jinja2 template.

    """
    user = user_repo.get_by_name(name)
    if not user:
        return abort(404)
    ensure_authorized_to('update', user)
    show_passwd_form = True
    if user.twitter_user_id or user.google_user_id or user.facebook_user_id or user.wechat_user_id or user.weibo_user_id:
        show_passwd_form = False
    usr = cached_users.get_user_summary(name)
    # Extend the values
    user.rank = usr.get('rank')
    user.score = usr.get('score')
    btn = request.body.get('btn', 'None').capitalize()
    if btn != 'Profile':
        update_form = UpdateProfileForm(formdata=None, obj=user)
    else:
        update_form = UpdateProfileForm(obj=user)
    update_form.set_locales(current_app.config['LOCALES'])
    avatar_form = AvatarUploadForm()
    password_form = ChangePasswordForm()

    title_msg = "Update your profile: %s" % user.fullname

    if request.method == 'POST':
        # Update user avatar
        succeed = False
        btn = request.body.get('btn', 'None').capitalize()
        if btn == 'Upload':
            succeed = _handle_avatar_update(user, avatar_form)
        # Update user profile
        elif btn == 'Profile':
            succeed = _handle_profile_update(user, update_form)
        # Update user password
        elif btn == 'Password':
            succeed = _handle_password_update(user, password_form)
        # Update user external services
        elif btn == 'External':
            succeed = _handle_external_services_update(user, update_form)
        # Otherwise return 415
        else:
            return abort(415)
        if succeed:
            cached_users.delete_user_summary(user.name)
            return redirect_content_type(url_for('.update_profile',
                                                 name=user.name),
                                         status=SUCCESS)
        else:
            data = dict(template='/account/update.html',
                        form=update_form,
                        upload_form=avatar_form,
                        password_form=password_form,
                        title=title_msg,
                        show_passwd_form=show_passwd_form)
            return handle_content_type(data)

    data = dict(template='/account/update.html',
                form=update_form,
                upload_form=avatar_form,
                password_form=password_form,
                title=title_msg,
                show_passwd_form=show_passwd_form)
    return handle_content_type(data)