def manage_user(user_data): """Manage the user after signin""" # We have to store the oauth_token in the session to get the USER fields user = user_repo.get_by(mykaarma_user_id=user_data['id']) # user never signed on if user is None: user_by_email = user_repo.get_by(email_addr=user_data['email']) if (user_by_email is None): """Generate 4 digit alphanumeric string with digits and lowercase characters""" name = get_mykaarma_username_from_full_name(user_data['name']) """check if already a user present with the same name, if yes, generate another random string""" user = user_repo.get_by_name(name) while (user is not None): name = get_mykaarma_username_from_full_name(user_data['name']) user = user_repo.get_by_name(name) """add user""" user = User(fullname=user_data['name'], name=name, email_addr=user_data['email'], mykaarma_user_id=user_data['id']) user_repo.save(user) if newsletter.is_initialized(): newsletter.subscribe_user(user) return user else: return add_through_email(user_by_email, user_data) else: return user
def add_through_email(user_by_email, user_data): if (user_by_email.name == username_from_full_name( user_data['name']).decode('utf-8')): name = get_mykaarma_username_from_full_name(user_data['name']) user = user_repo.get_by_name(name) while (user is not None): name = get_mykaarma_username_from_full_name(user_data['name']) user = user_repo.get_by_name(name) user_by_email.name = name user_by_email.mykaarma_user_id = user_data['id'] user_repo.save(user_by_email) return user_by_email
def reset_password(): """ Reset password method. Returns a Jinja2 template. """ key = request.args.get('key') if key is None: abort(403) userdict = {} try: timeout = current_app.config.get('ACCOUNT_LINK_EXPIRATION', 3600) userdict = signer.loads(key, max_age=timeout, salt='password-reset') except BadData: abort(403) username = userdict.get('user') if not username or not userdict.get('password'): abort(403) user = user_repo.get_by_name(username) if user.passwd_hash != userdict.get('password'): abort(403) form = ChangePasswordForm(request.body) if form.validate_on_submit(): user.set_password(form.new_password.data) user_repo.update(user) flash(gettext('You reset your password successfully!'), 'success') return _sign_in_user(user) if request.method == 'POST' and not form.validate(): flash(gettext('Please correct the errors'), 'error') response = dict(template='/account/password_reset.html', form=form) return handle_content_type(response)
def manage_user(access_token, user_data): """Manage the user after signin""" user = user_repo.get_by(facebook_user_id=user_data['id']) facebook_token = dict(oauth_token=access_token) if user is None: info = dict(facebook_token=facebook_token) name = username_from_full_name(user_data['name']) user_exists = user_repo.get_by_name(name) is not None # NOTE: Sometimes users at Facebook validate their accounts without # registering an e-mail (see this http://stackoverflow.com/a/17809808) email_exists = (user_data.get('email') is not None and user_repo.get_by(email_addr=user_data['email']) is not None) if not user_exists and not email_exists: if not user_data.get('email'): user_data['email'] = name user = User(fullname=user_data['name'], name=name, email_addr=user_data['email'], facebook_user_id=user_data['id'], info=info) user_repo.save(user) if newsletter.is_initialized() and user.email_addr != name: newsletter.subscribe_user(user) return user else: return None else: user.info['facebook_token'] = facebook_token user_repo.save(user) return user
def manage_user(access_token, user_data): """Manage the user after signin""" # Twitter API does not provide a way # to get the e-mail so we will ask for it # only the first time twitter_token = dict(oauth_token=access_token["oauth_token"], oauth_token_secret=access_token["oauth_token_secret"]) info = dict(twitter_token=twitter_token) user = user_repo.get_by(twitter_user_id=user_data["user_id"]) if user is not None: user.info["twitter_token"] = twitter_token user_repo.save(user) return user user = user_repo.get_by_name(user_data["screen_name"]) if user is not None: return None user = User( fullname=user_data["screen_name"], name=user_data["screen_name"], email_addr=user_data["screen_name"], twitter_user_id=user_data["user_id"], info=info, ) user_repo.save(user) return user
def manage_user(access_token, user_data): """Manage the user after signin""" # We have to store the oauth_token in the session to get the USER fields user = user_repo.get_by(google_user_id=user_data['id']) google_token = dict(oauth_token=access_token) # user never signed on if user is None: info = dict(google_token=google_token) name = username_from_full_name(user_data['name']) user = user_repo.get_by_name(name) email = user_repo.get_by(email_addr=user_data['email']) if ((user is None) and (email is None)): user = User(fullname=user_data['name'], name=name, email_addr=user_data['email'], google_user_id=user_data['id'], info=info) user_repo.save(user) if newsletter.is_initialized(): newsletter.subscribe_user(user) return user else: return None else: user.info['google_token'] = google_token # Update the name to fit with new paradigm to avoid UTF8 problems if type(user.name) == unicode or ' ' in user.name: user.name = username_from_full_name(user.name) user_repo.save(user) return user
def reset_password(): """ Reset password method. Returns a Jinja2 template. """ key = request.args.get('key') if key is None: abort(403) userdict = {} try: userdict = signer.loads(key, max_age=3600, salt='password-reset') except BadData: abort(403) username = userdict.get('user') if not username or not userdict.get('password'): abort(403) user = user_repo.get_by_name(username) if user.passwd_hash != userdict.get('password'): abort(403) form = ChangePasswordForm(request.form) if form.validate_on_submit(): user.set_password(form.new_password.data) user_repo.update(user) login_user(user) flash(gettext('You reset your password successfully!'), 'success') return redirect(url_for('.signin')) if request.method == 'POST' and not form.validate(): flash(gettext('Please correct the errors'), 'error') return render_template('/account/password_reset.html', form=form)
def manage_user_login(user, user_data, next_url): """Manage user login.""" if user is None: # Give a hint for the user user = user_repo.get_by(email_addr=user_data['email']) if user is None: name = username_from_full_name(user_data['name']) user = user_repo.get_by_name(name) msg, method = get_user_signup_method(user) flash(msg, 'info') if method == 'local': return redirect(url_for_app_type('account.forgot_password', _hash_last_flash=True)) else: return redirect(url_for_app_type('account.signin', _hash_last_flash=True)) else: login_user(user, remember=True) flash("Welcome back %s" % user.fullname, 'success') if user.newsletter_prompted is False and newsletter.is_initialized(): return redirect(url_for_app_type('account.newsletter_subscribe', next=next_url, _hash_last_flash=True)) return redirect(next_url)
def projects(name): """ List user's project list. Returns a Jinja2 template with the list of projects of the user. """ user = user_repo.get_by_name(name) if not user: return abort(404) if current_user.name != name: return abort(403) user = user_repo.get(current_user.id) args = get_project_browse_args(request.args) projects_published, projects_draft = _get_user_projects(user.id, args) sort_options = { "columns": { "entries": columns, "id": "project-column-selection", "current_selection": args["column"] }, "directions": { "entries": directions, "id": "project-dir-selection", "current_selection": args["order"] } } return render_template('account/projects.html', title=gettext("Projects"), projects_published=projects_published, projects_draft=projects_draft, sort_options=sort_options)
def manage_user(access_token, user_data): """Manage the user after signin""" # We have to store the oauth_token in the session to get the USER fields user = user_repo.get_by(google_user_id=user_data['id']) # user never signed on if user is None: google_token = dict(oauth_token=access_token) info = dict(google_token=google_token) name = username_from_full_name(user_data['name']) user = user_repo.get_by_name(name) email = user_repo.get_by(email_addr=user_data['email']) if ((user is None) and (email is None)): user = User(fullname=user_data['name'], name=name, email_addr=user_data['email'], google_user_id=user_data['id'], info=info) user_repo.save(user) if newsletter.is_initialized(): newsletter.subscribe_user(user) return user else: return None else: # Update the name to fit with new paradigm to avoid UTF8 problems if type(user.name) == unicode or ' ' in user.name: user.name = username_from_full_name(user.name) user_repo.update(user) return user
def manage_user(access_token, user_data, next_url): """Manage the user after signin""" # We have to store the oauth_token in the session to get the USER fields user = user_repo.get_by(google_user_id=user_data['id']) # user never signed on if user is None: google_token = dict(oauth_token=access_token) info = dict(google_token=google_token) name = user_data['name'].encode('ascii', 'ignore').lower().replace(" ", "") user = user_repo.get_by_name(name) email = user_repo.get_by(email_addr=user_data['email']) if ((user is None) and (email is None)): user = User(fullname=user_data['name'], name=user_data['name'].encode('ascii', 'ignore') .lower().replace(" ", ""), email_addr=user_data['email'], google_user_id=user_data['id'], info=info) user_repo.save(user) return user else: return None else: # Update the name to fit with new paradigm to avoid UTF8 problems if type(user.name) == unicode or ' ' in user.name: user.name = user.name.encode('ascii', 'ignore').lower().replace(" ", "") user_repo.update(user) return user
def manage_user(access_token, user_data): """Manage the user after signin""" user = user_repo.get_by(facebook_user_id=user_data['id']) if user is None: facebook_token = dict(oauth_token=access_token) info = dict(facebook_token=facebook_token) name = username_from_full_name(user_data['name']) user_exists = user_repo.get_by_name(name) is not None # NOTE: Sometimes users at Facebook validate their accounts without # registering an e-mail (see this http://stackoverflow.com/a/17809808) email_exists = (user_data.get('email') is not None and user_repo.get_by(email_addr=user_data['email']) is not None) if not user_exists and not email_exists: if not user_data.get('email'): user_data['email'] = name user = User(fullname=user_data['name'], name=name, email_addr=user_data['email'], facebook_user_id=user_data['id'], info=info) user_repo.save(user) if newsletter.is_initialized() and user.email_addr != name: newsletter.subscribe_user(user) return user else: return None else: return user
def _create_account_Auth(user_data): new_user = model.user.User(fullname=user_data['fullname'], name=user_data['name'], email_addr=user_data['email_addr'], valid_email=True, auth_user_id=user_data['auth_user_id'], admin=False) password = GenPasswd2(8, string.digits) + GenPasswd2( 15, string.ascii_letters) new_user.set_password(password) userxemail = user_repo.get_by(email_addr=user_data['email_addr']) if userxemail: if userxemail.auth_user_id is None: new_user = userxemail new_user.auth_user_id = user_data['auth_user_id'] user_repo.update(new_user) flash(gettext(u'Bienvenido') + " " + new_user.fullname, 'success') return _sign_in_user(new_user) else: flash( gettext( u'El email ya está registrado en nuestro sistema bajo otra cuenta con otras credenciales. No ha sido posible iniciar sesión. Inicie sesión utilizando la cuenta original que uso para registrarse por primera vez con esta dirección de correo.' ), 'error') return redirect_content_type(url_for("home.home")) else: userduplicatename = user_repo.get_by_name(name=new_user.name) if userduplicatename: new_user.name = new_user.name + GenRandomString( 6, string.ascii_lowercase) user_repo.save(new_user) flash(gettext(u'Gracias por registrarte.'), 'success') return _sign_in_user(new_user)
def manage_user(access_token, user_data): """Manage the user after signin""" # Twitter API does not provide a way # to get the e-mail so we will ask for it # only the first time info = dict(twitter_token=access_token) user = user_repo.get_by(twitter_user_id=user_data['user_id']) if user is not None: user.info['twitter_token'] = access_token user_repo.save(user) return user user = user_repo.get_by_name(user_data['screen_name']) if user is not None: return None user = User(fullname=user_data['screen_name'], name=user_data['screen_name'], email_addr=user_data['screen_name'], twitter_user_id=user_data['user_id'], info=info) user_repo.save(user) return user
def reset_password(): """ Reset password method. Returns a Jinja2 template. """ key = request.args.get('key') if key is None: abort(403) userdict = {} try: timeout = current_app.config.get('ACCOUNT_LINK_EXPIRATION', 3600) userdict = signer.loads(key, max_age=timeout, salt='password-reset') except BadData: abort(403) username = userdict.get('user') if not username or not userdict.get('password'): abort(403) user = user_repo.get_by_name(username) if user.passwd_hash != userdict.get('password'): abort(403) form = ChangePasswordForm(request.form) if form.validate_on_submit(): user.set_password(form.new_password.data) user_repo.update(user) flash(gettext('You reset your password successfully!'), 'success') return _sign_in_user(user) if request.method == 'POST' and not form.validate(): flash(gettext('Please correct the errors'), 'error') return render_template('/account/password_reset.html', form=form)
def manage_user(access_token, user_data, next_url): """Manage the user after signin""" user = user_repo.get_by(facebook_user_id=user_data['id']) if user is None: facebook_token = dict(oauth_token=access_token) info = dict(facebook_token=facebook_token) user = user_repo.get_by_name(user_data['username']) # NOTE: Sometimes users at Facebook validate their accounts without # registering an e-mail (see this http://stackoverflow.com/a/17809808) email = None if user_data.get('email'): email = user_repo.get_by(email_addr=user_data['email']) if user is None and email is None: if not user_data.get('email'): user_data['email'] = "None" user = User(fullname=user_data['name'], name=user_data['username'], email_addr=user_data['email'], facebook_user_id=user_data['id'], info=info) user_repo.save(user) return user else: return None else: return user
def manage_user(access_token, user_data, next_url): """Manage the user after signin""" user = user_repo.get_by(facebook_user_id=user_data['id']) if user is None: facebook_token = dict(oauth_token=access_token) info = dict(facebook_token=facebook_token) user = user_repo.get_by_name(user_data['username']) # NOTE: Sometimes users at Facebook validate their accounts without # registering an e-mail (see this http://stackoverflow.com/a/17809808) email = None if user_data.get('email'): email = user_repo.get_by(email_addr=user_data['email']) if user is None and email is None: if not user_data.get('email'): user_data['email'] = "None" user = User(fullname=user_data['name'], name=user_data['username'], email_addr=user_data['email'], facebook_user_id=user_data['id'], info=info) user_repo.save(user) if newsletter.app and user.email_addr != "None": newsletter.subscribe_user(user) return user else: return None else: return user
def recent_tasks(name): current_app.logger.debug('recent_tasks: {}'.format(name)) start_time_utc = request.args.get('start') if (not start_time_utc) or (not utc_dt_re.search(start_time_utc)): abort(400) user = user_repo.get_by_name(name) recent = cached_users.get_tasks_completed_between(user.id, beginning_time_utc=start_time_utc[:-1]) return jsonify(dict(count=len(recent)))
def add_metadata(name): """ Admin can save metadata for selected user. Regular user can save their own metadata. Redirects to public profile page for selected user. """ user = user_repo.get_by_name(name=name) (can_update, disabled_fields) = can_update_user_info(current_user, user) if not can_update: abort(403) form_data = get_form_data(request, user, disabled_fields) form = UserPrefMetadataForm(form_data, can_update=(can_update, disabled_fields)) form.set_upref_mdata_choices() if not form.validate(): if current_user.id == user.id: user_dict = cached_users.get_user_summary(user.name) else: user_dict = cached_users.public_get_user_summary(user.name) projects_contributed = cached_users.projects_contributed_cached( user.id) projects_created = cached_users.published_projects_cached(user.id) total_projects_contributed = '{} / {}'.format( cached_users.n_projects_contributed(user.id), n_published()) percentage_tasks_completed = user_dict['n_answers'] * 100 / ( n_total_tasks() or 1) if current_user.is_authenticated and current_user.admin: draft_projects = cached_users.draft_projects(user.id) projects_created.extend(draft_projects) title = "%s · User Profile" % user.name flash("Please fix the errors", 'message') return render_template( '/account/public_profile.html', title=title, user=user, projects=projects_contributed, projects_created=projects_created, total_projects_contributed=total_projects_contributed, percentage_tasks_completed=percentage_tasks_completed, form=form, input_form=True, can_update=can_update, upref_mdata_enabled=bool(app_settings.upref_mdata)) user_pref, metadata = get_user_pref_and_metadata(name, form) user.info['metadata'] = metadata ensure_data_access_assignment_from_form(user.info, form) user.user_pref = user_pref user_repo.update(user) cached_users.delete_user_pref_metadata(user.name) cached_users.delete_user_access_levels_by_id(user.id) delete_memoized(get_user_preferences, user.id) flash("Input saved successfully", "info") return redirect(url_for('account.profile', name=name))
def warm_cache(): # pragma: no cover """Background job to warm cache.""" from pybossa.core import create_app app = create_app(run_as_server=False) projects_cached = [] import pybossa.cache.projects as cached_projects import pybossa.cache.categories as cached_cat import pybossa.cache.users as cached_users import pybossa.cache.project_stats as stats from pybossa.util import rank from pybossa.core import user_repo def warm_project(_id, short_name, featured=False): if _id not in projects_cached: #cached_projects.get_project(short_name) #cached_projects.n_tasks(_id) #n_task_runs = cached_projects.n_task_runs(_id) #cached_projects.overall_progress(_id) #cached_projects.last_activity(_id) #cached_projects.n_completed_tasks(_id) #cached_projects.n_volunteers(_id) #cached_projects.browse_tasks(_id) #if n_task_runs >= 1000 or featured: # # print ("Getting stats for %s as it has %s task runs" % # # (short_name, n_task_runs)) stats.update_stats(_id, app.config.get('GEO')) projects_cached.append(_id) # Cache top projects projects = cached_projects.get_top() for p in projects: warm_project(p['id'], p['short_name']) # Cache 3 pages to_cache = 3 * app.config['APPS_PER_PAGE'] projects = rank(cached_projects.get_all_featured('featured'))[:to_cache] for p in projects: warm_project(p['id'], p['short_name'], featured=True) # Categories categories = cached_cat.get_used() for c in categories: projects = rank(cached_projects.get_all(c['short_name']))[:to_cache] for p in projects: warm_project(p['id'], p['short_name']) # Users users = cached_users.get_leaderboard(app.config['LEADERBOARD']) for user in users: # print "Getting stats for %s" % user['name'] print user_repo u = user_repo.get_by_name(user['name']) cached_users.get_user_summary(user['name']) cached_users.projects_contributed_cached(u.id) cached_users.published_projects_cached(u.id) cached_users.draft_projects_cached(u.id) return True
def update_profile(name): """ Update user's profile. Returns Jinja2 template. """ user = user_repo.get_by_name(name) if not user: return abort(404) ensure_authorized_to('update', user) if not user.admin : if is_amnesty_sso_enable(): return redirect(amnesty_url_for('/<name>/')) show_passwd_form = True if user.twitter_user_id or user.google_user_id or user.facebook_user_id: show_passwd_form = False usr = cached_users.get_user_summary(name) # Extend the values user.rank = usr.get('rank') user.score = usr.get('score') # Creation of forms update_form = UpdateProfileForm(obj=user) update_form.set_locales(current_app.config['LOCALES']) avatar_form = AvatarUploadForm() password_form = ChangePasswordForm() if request.method == 'POST': # Update user avatar if request.form.get('btn') == 'Upload': _handle_avatar_update(user, avatar_form) # Update user profile elif request.form.get('btn') == 'Profile': _handle_profile_update(user, update_form) # Update user password elif request.form.get('btn') == 'Password': _handle_password_update(user, password_form) # Update user external services elif request.form.get('btn') == 'External': _handle_external_services_update(user, update_form) # Otherwise return 415 else: return abort(415) return redirect(url_for('.update_profile', name=user.name)) title_msg = "Update your profile: %s" % user.fullname return render_template('/account/update.html', form=update_form, upload_form=avatar_form, password_form=password_form, title=title_msg, show_passwd_form=show_passwd_form)
def wallet(name): user = user_repo.get_by_name(name) if not user: return abort(404) if current_user.name != name: return abort(403) user = user_repo.get(current_user.id) response = dict(template='account/wallet.html', title=gettext("Wallet")) return handle_content_type(response)
def test_enable_changes_last_login(self): """Test enabling user changes last login""" self.register() self.signin() self.register(name='tyrion') self.signout() self.signin(email='*****@*****.**') user = user_repo.get_by_name('tyrion') last_login = user.last_login self.signout() self.signin() self.app.get('/admin/users/disable_user/{}'.format(user.id)) self.app.get('/admin/users/enable_user/{}'.format(user.id)) self.signout() user = user_repo.get_by_name('tyrion') assert user.last_login != last_login
def profile(name): """ Get user profile. Returns a Jinja2 template with the user information. """ user = user_repo.get_by_name(name=name) if user is None: raise abort(404) if current_user.is_anonymous() or (user.id != current_user.id): return _show_public_profile(user) if current_user.is_authenticated() and user.id == current_user.id: return _show_own_profile(user)
def confirm_account(): """Confirm account endpoint.""" key = request.args.get('key') if key is None: abort(403) try: timeout = current_app.config.get('ACCOUNT_LINK_EXPIRATION', 3600) userdict = signer.loads(key, max_age=timeout, salt='account-validation') except BadData: abort(403) # First check if the user exists user = user_repo.get_by_name(userdict['name']) if user is not None: return _update_user_with_valid_email(user, userdict['email_addr']) return _create_account(userdict)
def test_disable_user(self): """Test disable enable user works""" self.register() self.signin() self.register(name='tyrion') user = user_repo.get_by_name('tyrion') self.app.get('/admin/users/disable_user/{}'.format(user.id)) self.signout() res = self.signin(email='*****@*****.**') assert 'Your account is disabled. ' in res.data, res.data self.signin() self.app.get('/admin/users/enable_user/{}'.format(user.id)) self.signout() res = self.signin(email='*****@*****.**') assert 'Welcome back ' in res.data, res.data
def test_user_cannot_disable_users(self): """Test user cannot disable users""" self.register() self.signin() self.register(name='tyrion') self.register(name='tywin') self.signout() self.signin(email='*****@*****.**') tyrion = user_repo.get_by_name('tyrion') res = self.app.get('/admin/users/disable_user/{}'.format(tyrion.id)) assert res.status_code == 403, res.status res = self.app.get('/admin/users/enable_user/{}'.format(tyrion.id)) assert res.status_code == 403, res.status
def reset_api_key(name): """ Reset API-KEY for user. Returns a Jinja2 template. """ user = user_repo.get_by_name(name) if not user: return abort(404) ensure_authorized_to('update', user) user.api_key = model.make_uuid() user_repo.update(user) cached_users.delete_user_summary(user.name) msg = gettext('New API-KEY generated') flash(msg, 'success') return redirect(url_for('account.profile', name=name))
def add_metadata(name): """ Admin can add metadata for selected user Redirects to public profile page for selected user. """ user = user_repo.get_by_name(name=name) if not can_update_user_info(current_user, user): abort(403) form = MetadataForm(request.form) if not any(value for value in form.data.values()): user.info['metadata'] = {} user.user_pref = {} elif form.validate(): metadata = dict(admin=current_user.name, time_stamp=time.ctime(), user_type=form.user_type.data, start_time=form.start_time.data, end_time=form.end_time.data, review=form.review.data, timezone=form.timezone.data, profile_name=user.name) user.info['metadata'] = metadata user_pref = {} if form.languages.data: user_pref["languages"] = form.languages.data if form.locations.data: user_pref["locations"] = form.locations.data user.user_pref = user_pref else: projects_contributed = cached_users.projects_contributed_cached(user.id) projects_created = cached_users.published_projects_cached(user.id) metadata = cached_users.get_metadata(user.name) if current_user.is_authenticated() and current_user.admin: draft_projects = cached_users.draft_projects(user.id) projects_created.extend(draft_projects) title = "%s · User Profile" % user.name flash("Please fix the errors", 'message') return render_template('/account/public_profile.html', title=title, user=user, metadata=metadata, projects=projects_contributed, form=form, projects_created=projects_created, input_form=True) user_repo.update(user) cached_users.delete_user_metadata(user.name) delete_memoized(get_user_preferences, user.id) flash("Input saved successfully", "info") return redirect(url_for('account.profile', name=name))
def oauth_authorized(resp): # pragma: no cover """Called after authorization. After this function finished handling, the OAuth information is removed from the session again. When this happened, the tokengetter from above is used to retrieve the oauth token and secret. Because the remote application could have re-authorized the application it is necessary to update the values in the database. If the application redirected back after denying, the response passed to the function will be `None`. Otherwise a dictionary with the values the application submitted. Note that Twitter itself does not really redirect back unless the user clicks on the application name. """ next_url = request.args.get('next') or url_for('home.home') if resp is None: flash(u'You denied the request to sign in.', 'error') return redirect(next_url) access_token = dict(oauth_token=resp['oauth_token'], oauth_token_secret=resp['oauth_token_secret']) user_data = dict(screen_name=resp['screen_name'], user_id=resp['user_id']) user = manage_user(access_token, user_data, next_url) if user is None: user = user_repo.get_by_name(user_data['screen_name']) msg, method = get_user_signup_method(user) flash(msg, 'info') if method == 'local': return redirect(url_for('account.forgot_password')) else: return redirect(url_for('account.signin')) first_login = False login_user(user, remember=True) flash("Welcome back %s" % user.fullname, 'success') if user.email_addr != user.name: return redirect(next_url) if first_login: flash("This is your first login, please add a valid e-mail") else: flash("Please update your e-mail address in your profile page") return redirect(url_for('account.update_profile', name=user.name))
def start_export(name): """ Starts a export of all user data according to EU GDPR Data will be available on GET /export after it is processed """ user = user_repo.get_by_name(name) if not user: return abort(404) ensure_authorized_to('update', user) export_queue.enqueue(export_userdata, user_id=user.id, admin_addr=current_user.email_addr) msg = gettext('GDPR export started') flash(msg, 'success') return redirect_content_type(url_for('account.profile', name=name))
def manage_user_login(user, user_data, next_url): """Manage user login.""" if user is None: user = user_repo.get_by_name(user_data['screen_name']) msg, method = get_user_signup_method(user) flash(msg, 'info') if method == 'local': return redirect(url_for_app_type('account.forgot_password')) else: return redirect(url_for_app_type('account.signin')) login_user(user, remember=True) flash("Welcome back %s" % user.fullname, 'success') if ((user.email_addr != user.name) and user.newsletter_prompted is False and newsletter.is_initialized()): return redirect(url_for_app_type('account.newsletter_subscribe', next=next_url)) return redirect(next_url)
def manage_user_login(user, user_data, next_url): """Manage user login.""" if user is None: user = user_repo.get_by_name(user_data['screen_name']) msg, method = get_user_signup_method(user) flash(msg, 'info') if method == 'local': return redirect(url_for_app_type('account.forgot_password')) else: return redirect(url_for_app_type('account.signin')) login_user(user, remember=True) flash("Welcome back %s" % user.fullname, 'success') if ((user.email_addr != user.name) and user.newsletter_prompted is False and newsletter.is_initialized()): return redirect( url_for_app_type('account.newsletter_subscribe', next=next_url)) return redirect(next_url)
def reset_api_key(name): """ Reset API-KEY for user. Returns a Jinja2 template. """ user = user_repo.get_by_name(name) if not user: return abort(404) require.user.update(user) title = ("User: %s · Settings" "- Reset API KEY") % current_user.fullname user.api_key = model.make_uuid() user_repo.update(user) cached_users.delete_user_summary(user.name) msg = gettext('New API-KEY generated') flash(msg, 'success') return redirect(url_for('account.profile', name=name))
def test_subadmin_can_disable_users(self): """Test subadmin can disable users""" self.register() self.signin() self.register(name='tyrion') self.register(name='tywin') self.signout() make_subadmin_by(name='tyrion') self.signin(email='*****@*****.**') tywin = user_repo.get_by_name('tywin') res = self.app.get('/admin/users/disable_user/{}'.format(tywin.id), follow_redirects=True) assert res.status_code == 200, res.status res = self.app.get('/admin/users/enable_user/{}'.format(tywin.id), follow_redirects=True) assert res.status_code == 200, res.status
def oauth_authorized(resp): # pragma: no cover #print "OAUTH authorized method called" next_url = url_for('home.home') if resp is None or request.args.get('error'): flash(u'You denied the request to sign in.', 'error') flash(u'Reason: ' + request.args['error'], 'error') if request.args.get('error'): return redirect(url_for('account.signin')) return redirect(next_url) headers = {'Authorization': ' '.join(['OAuth', resp['access_token']])} url = 'https://www.googleapis.com/oauth2/v1/userinfo' try: r = requests.get(url, headers=headers) except requests.exceptions.http_error: # Unauthorized - bad token if r.status_code == 401: return redirect(url_for('account.signin')) return r.content access_token = resp['access_token'] session['oauth_token'] = access_token import json user_data = json.loads(r.content) user = manage_user(access_token, user_data, next_url) if user is None: # Give a hint for the user user = user_repo.get_by(email_addr=user_data['email']) if user is None: name = user_data['name'].encode('ascii', 'ignore').lower().replace(' ', '') user = user_repo.get_by_name(name) msg, method = get_user_signup_method(user) flash(msg, 'info') if method == 'local': return redirect(url_for('account.forgot_password')) else: return redirect(url_for('account.signin')) else: login_user(user, remember=True) flash("Welcome back %s" % user.fullname, 'success') return redirect(next_url)
def start_export(name): """ Starts a export of all user data according to EU GDPR Data will be available on GET /export after it is processed """ user = user_repo.get_by_name(name) if not user: return abort(404) if user.id != current_user.id: return abort(403) ensure_authorized_to('update', user) export_queue.enqueue(export_userdata, user_id=user.id) msg = gettext('GDPR export started') flash(msg, 'success') return redirect_content_type(url_for('account.profile', name=name))
def delete(name): """ Delete user account. """ user = user_repo.get_by_name(name) if not user: return abort(404) if current_user.name != name: return abort(403) super_queue.enqueue(delete_account, user.id) if (request.headers.get('Content-Type') == 'application/json' or request.args.get('response_format') == 'json'): response = dict(job='enqueued', template='account/delete.html') return handle_content_type(response) else: return redirect(url_for('account.signout'))
def profile(name): """ Get user profile. Returns a Jinja2 template with the user information. """ user = user_repo.get_by_name(name=name) if user is None: raise abort(404) if current_user.is_anonymous() or (user.id != current_user.id): return _show_public_profile(user) if current_user.is_authenticated() and user.id == current_user.id: # pybossa admin can still access pybossa account page event when we enable IM if not user.admin : if is_amnesty_sso_enable(): return redirect(amnesty_url_for('/<name>/')) return _show_own_profile(user)
def delete(name): """ Delete user account. """ user = user_repo.get_by_name(name) if not user: return abort(404) if user.admin: return abort(403) super_queue.enqueue(delete_account, user.id, current_user.email_addr) if (request.headers.get('Content-Type') == 'application/json' or request.args.get('response_format') == 'json'): response = dict(job='enqueued', template='account/delete.html') return handle_content_type(response) else: return redirect(url_for('admin.index'))
def manage_user_login(user, user_data, next_url): """Manage user login.""" if user is None: user = user_repo.get_by_name(user_data["screen_name"]) msg, method = get_user_signup_method(user) flash(msg, "info") if method == "local": return redirect(url_for("account.forgot_password")) else: return redirect(url_for("account.signin")) login_user(user, remember=True) flash("Welcome back %s" % user.fullname, "success") if (user.email_addr != user.name) and user.newsletter_prompted is False and newsletter.is_initialized(): return redirect(url_for("account.newsletter_subscribe", next=next_url)) if user.email_addr != user.name: return redirect(next_url) else: flash("Please update your e-mail address in your profile page") return redirect(url_for("account.update_profile", name=user.name))
def projects(name): """ List user's project list. Returns a Jinja2 template with the list of projects of the user. """ user = user_repo.get_by_name(name) if not user: return abort(404) if current_user.name != name: return abort(403) user = user_repo.get(current_user.id) projects_published, projects_draft = _get_user_projects(user.id) return render_template('account/projects.html', title=gettext("Projects"), projects_published=projects_published, projects_draft=projects_draft)
def manage_user_login(user, user_data, next_url): """Manage user login.""" if user is None: # Give a hint for the user user = user_repo.get_by(email_addr=user_data["email"]) if user is None: name = username_from_full_name(user_data["name"]) user = user_repo.get_by_name(name) msg, method = get_user_signup_method(user) flash(msg, "info") if method == "local": return redirect(url_for("account.forgot_password")) else: return redirect(url_for("account.signin")) else: login_user(user, remember=True) flash("Welcome back %s" % user.fullname, "success") if user.newsletter_prompted is False and newsletter.is_initialized(): return redirect(url_for("account.newsletter_subscribe", next=next_url)) return redirect(next_url)
def applications(name): """ List user's project list. Returns a Jinja2 template with the list of projects of the user. """ user = user_repo.get_by_name(name) if not user: return abort(404) if current_user.name != name: return abort(403) user = user_repo.get(current_user.id) apps_published, apps_draft = _get_user_apps(user.id) apps_published.extend(cached_users.hidden_apps(user.id)) return render_template('account/applications.html', title=gettext("Projects"), apps_published=apps_published, apps_draft=apps_draft)
def profile(name): """ Get user profile. Returns a Jinja2 template with the user information. """ user = user_repo.get_by_name(name=name) if user is None: raise abort(404) form = None if current_app.config.upref_mdata: form_data = cached_users.get_user_pref_metadata(user.name) form = UserPrefMetadataForm(**form_data) form.set_upref_mdata_choices() if current_user.is_anonymous() or (user.id != current_user.id): return _show_public_profile(user, form) if current_user.is_authenticated() and user.id == current_user.id: return _show_own_profile(user, form)
def reset_api_key(name): """ Reset API-KEY for user. Returns a Jinja2 template. """ if request.method == 'POST': user = user_repo.get_by_name(name) if not user: return abort(404) ensure_authorized_to('update', user) user.api_key = model.make_uuid() user_repo.update(user) cached_users.delete_user_summary(user.name) msg = gettext('New API-KEY generated') flash(msg, 'success') return redirect_content_type(url_for('account.profile', name=name)) else: csrf = dict(form=dict(csrf=generate_csrf())) return jsonify(csrf)
def manage_user_login(user, user_data, next_url): """Manage user login.""" if user is None: # Give a hint for the user user = user_repo.get_by(email_addr=user_data['email']) if user is None: name = user_data['name'].encode('ascii', 'ignore').lower().replace(' ', '') user = user_repo.get_by_name(name) msg, method = get_user_signup_method(user) flash(msg, 'info') if method == 'local': return redirect(url_for('account.forgot_password')) else: return redirect(url_for('account.signin')) else: login_user(user, remember=True) flash("Welcome back %s" % user.fullname, 'success') if user.newsletter_prompted is False and newsletter.app: return redirect(url_for('account.newsletter_subscribe', next=next_url)) return redirect(next_url)
def add_metadata(name): """ Admin can save metadata for selected user Redirects to public profile page for selected user. """ user = user_repo.get_by_name(name=name) form = UserPrefMetadataForm(request.form) form.set_upref_mdata_choices() if not form.validate(): if current_user.id == user.id: user_dict = cached_users.get_user_summary(user.name) else: user_dict = cached_users.public_get_user_summary(user.name) projects_contributed = cached_users.projects_contributed_cached(user.id) projects_created = cached_users.published_projects_cached(user.id) if current_user.is_authenticated() and current_user.admin: draft_projects = cached_users.draft_projects(user.id) projects_created.extend(draft_projects) title = "%s · User Profile" % user.name flash("Please fix the errors", 'message') can_update = current_user.admin return render_template('/account/public_profile.html', title=title, user=user_dict, projects=projects_contributed, projects_created=projects_created, form=form, can_update=can_update, input_form=True) user_pref, metadata = get_user_pref_and_metadata(name, form) user.info['metadata'] = metadata user.user_pref = user_pref user_repo.update(user) cached_users.delete_user_pref_metadata(user.name) flash("Input saved successfully", "info") return redirect(url_for('account.profile', name=name))
def projects(name): """ List user's project list. Returns a Jinja2 template with the list of projects of the user. """ user = user_repo.get_by_name(name) if not user: return abort(404) if current_user.name != name: return abort(403) if not user.admin : if is_amnesty_sso_enable(): return redirect(amnesty_url_for('/<name>/')) user = user_repo.get(current_user.id) projects_published, projects_draft = _get_user_projects(user.id) return render_template('account/projects.html', title=gettext("Projects"), projects_published=projects_published, projects_draft=projects_draft)
def update_profile(name): """ Update user's profile. Returns Jinja2 template. """ user = user_repo.get_by_name(name) if not user: return abort(404) ensure_authorized_to('update', user) show_passwd_form = True if user.twitter_user_id or user.google_user_id or user.facebook_user_id or user.wechat_user_id or user.weibo_user_id: show_passwd_form = False usr = cached_users.get_user_summary(name) # Extend the values user.rank = usr.get('rank') user.score = usr.get('score') btn = request.body.get('btn', 'None').capitalize() if btn != 'Profile': update_form = UpdateProfileForm(formdata=None, obj=user) else: update_form = UpdateProfileForm(obj=user) update_form.set_locales(current_app.config['LOCALES']) avatar_form = AvatarUploadForm() password_form = ChangePasswordForm() title_msg = "Update your profile: %s" % user.fullname if request.method == 'POST': # Update user avatar succeed = False btn = request.body.get('btn', 'None').capitalize() if btn == 'Upload': succeed = _handle_avatar_update(user, avatar_form) # Update user profile elif btn == 'Profile': succeed = _handle_profile_update(user, update_form) # Update user password elif btn == 'Password': succeed = _handle_password_update(user, password_form) # Update user external services elif btn == 'External': succeed = _handle_external_services_update(user, update_form) # Otherwise return 415 else: return abort(415) if succeed: cached_users.delete_user_summary(user.name) return redirect_content_type(url_for('.update_profile', name=user.name), status=SUCCESS) else: data = dict(template='/account/update.html', form=update_form, upload_form=avatar_form, password_form=password_form, title=title_msg, show_passwd_form=show_passwd_form) return handle_content_type(data) data = dict(template='/account/update.html', form=update_form, upload_form=avatar_form, password_form=password_form, title=title_msg, show_passwd_form=show_passwd_form) return handle_content_type(data)