def student_logout(self): request = self.request # headers = forget(request) url = request.route_url('home') response = HTTPFound(location=url) response.delete_cookie('student_login') return response
def oauth(request): oaserver = request.env.auth.oauth oauth_url = request.route_url('auth.oauth') oauth_path = request.route_path('auth.oauth') def cookie_name(state): return 'ngw-oastate-' + state if 'error' in request.params: raise AuthorizationException() elif 'code' in request.params and 'state' in request.params: # Extract data from state named cookie state = request.params['state'] try: data = json.loads(request.cookies[cookie_name(state)]) except ValueError: raise AuthorizationException("State cookie parse error") tresp = oaserver.grant_type_authorization_code( request.params['code'], oauth_url) if data['merge'] == '1' and request.user.keyname != 'guest': user = oaserver.access_token_to_user(tresp.access_token, merge_user=request.user) else: user = oaserver.access_token_to_user(tresp.access_token) if user is None: raise InvalidTokenException() DBSession.flush() headers = remember(request, (user.id, tresp)) event = OnUserLogin(user, request, data['next_url']) zope.event.notify(event) response = HTTPFound(location=event.next_url, headers=headers) response.delete_cookie(cookie_name(state), path=oauth_path) return response else: data = dict( next_url=request.params.get('next', request.application_url), merge=request.params.get('merge', '0') ) alphabet = string.ascii_letters + string.digits state = ''.join(secrets.choice(alphabet) for i in range(16)) ac_url = oaserver.authorization_code_url(oauth_url, state=state) response = HTTPFound(location=ac_url) # Store data in state named cookie response.set_cookie( cookie_name(state), value=json.dumps(data), path=oauth_path, max_age=600, httponly=True) return response
def student_profile(self): student_login = self.request.cookies.get('student_login') student = DBSession.query(Student).filter_by(login=student_login).first() if not student: response = HTTPFound(self.request.route_url('home')) response.delete_cookie('student_login') return response return dict(student=student)
def logout_view(request): """ The logout view """ loc = request.route_url('index') headers = forget(request) response = HTTPFound(location=loc, headers=headers) response.delete_cookie("remember_me") return response
def landlord_address_edit(self): landlord_login = self.request.cookies.get('landlord_login') landlord = DBSession.query(Landlord).filter_by(login=landlord_login).first() if not landlord: response = HTTPFound(self.request.route_url('home')) response.delete_cookie('landlord_login') return response id = self.request.matchdict.get('uid') address = DBSession.query(LandlordAddress).join(Landlord)\ .filter(Landlord.login == landlord_login)\ .filter(LandlordAddress.uid == id).first() if not address: return HTTPFound(self.request.route_url('landlord_profile')) address_form = self.address_form if 'submit' in self.request.params: controls = self.request.POST.items() try: appstruct = address_form.validate(controls) except deform.ValidationFailure as e: return dict(landlord=landlord, form=e.render()) # Change the content and redirect to the view address.address = appstruct['address'] address.number_of_seats = appstruct['number_of_seats'] address.has_dinner = appstruct['has_dinner'] address.has_language_cources = appstruct['has_language_cources'] address.has_transfer = appstruct['has_transfer'] address.additional = appstruct['has_transfer'] address.price = appstruct['price'] address.special_price = appstruct['special_price'] address.special_price_min_num = appstruct['special_price_min_num'] try: DBSession.flush() except IntegrityError as e: log.exception(e) return Response('Address with this data is already exists.') url = self.request.route_url('landlord_profile') return HTTPFound(url) form = self.address_form.render(dict( uid = address.uid, address = address.address, number_of_seats = address.number_of_seats, has_dinner = address.has_dinner, has_language_cources = address.has_language_cources, has_transfer = address.has_transfer, additional = address.additional, price = address.price, special_price = address.special_price, special_price_min_num = address.special_price_min_num, ) ) return dict(address=address, form=form)
def landlord_delete(self): landlord_login = self.request.cookies.get('landlord_login') landlord = DBSession.query(Landlord).filter_by(login=landlord_login).first() if not landlord: response = HTTPFound(self.request.route_url('home')) response.delete_cookie('landlord_login') return response try: DBSession.delete(landlord) except SQLAlchemyError: return HTTPFound(self.request.route_url('landlord_profile')) return HTTPFound(self.request.route_url('home'))
def student_delete(self): student_login = self.request.cookies.get('student_login') student = DBSession.query(Student).filter_by(login=student_login).first() if not student: response = HTTPFound(self.request.route_url('home')) response.delete_cookie('student_login') return response try: DBSession.delete(student) except SQLAlchemyError: return HTTPFound(self.request.route_url('student_profile')) return HTTPFound(self.request.route_url('home'))
def do_logout(self, request, location): """ do the logout """ # convenient method to set Cache-Control and Expires headers request.response.cache_expires = 0 headers = forget(request) response = HTTPFound(location=location, headers=headers) response.delete_cookie('cis_account', path="/") response.cache_control = 'no-cache' request.session.pop_flash('token') return response
def landlord_address_new(self): landlord_login = self.request.cookies.get('landlord_login') landlord = DBSession.query(Landlord).filter_by(login=landlord_login).first() if not landlord: response = HTTPFound(self.request.route_url('home')) response.delete_cookie('landlord_login') return response form = self.address_form.render() if 'submit' in self.request.params: controls = self.request.POST.items() try: appstruct = self.address_form.validate(controls) except deform.ValidationFailure as e: # Form is NOT valid return dict(form=e.render()) # Add a new customer to the database new_address = appstruct['address'] new_number_of_seats = appstruct['number_of_seats'] new_has_dinner = appstruct['has_dinner'] new_has_language_cources = appstruct['has_language_cources'] new_has_transfer = appstruct['has_transfer'] new_additional = appstruct['has_transfer'] new_price = appstruct['price'] new_special_price = appstruct['special_price'] new_special_price_min_num = appstruct['special_price_min_num'] try: DBSession.add(LandlordAddress( landlord_id = landlord.uid, address = new_address, number_of_seats = new_number_of_seats, has_dinner = new_has_dinner, has_language_cources = new_has_language_cources, has_transfer = new_has_transfer, additional = new_additional, price = new_price, special_price = new_special_price, special_price_min_num = new_special_price_min_num, )) DBSession.flush() except IntegrityError as e: log.exception(e) return Response('LandLord Address with this address is already exists.') except SQLAlchemyError as e: log.exception(e) return Response('SQL Error') url = self.request.route_url('landlord_profile') return HTTPFound(url) return dict(form=form)
def change_profile(request, profile): """ Sets a cookie for the given profile and deletes any location set in the cookies. Returns a response which directs to the map view. """ response = HTTPFound(location=request.route_url('map_view')) response.set_cookie('_PROFILE_', profile, timedelta(days=90)) if '_LOCATION_' in request.cookies: response.delete_cookie('_LOCATION_') return response
def logout(self, request): request_cookie = request.cookies.get('signed') if not request_cookie: return {} cookie = signed_deserialize(request_cookie, SECRET) cookie_csrf = cookie.get('csrf') if request.method == 'POST': csrf = request.POST.get('csrf') if csrf == cookie_csrf: response = HTTPFound(request.route_url('admin.index')) response.delete_cookie('signed') return response return dict(csrf=cookie_csrf)
def change_profile(request, profile): """ Sets a cookie for the given profile and deletes any location set in the cookies. Returns a response which directs to the map view. """ response = HTTPFound(location=request.route_url('map_view')) response.set_cookie('_PROFILE_', profile, timedelta(days=90)) if '_LOCATION_' in request.cookies: response.delete_cookie('_LOCATION_') return response
def landlord_profile(self): landlord_login = self.request.cookies.get('landlord_login') landlord = DBSession.query(Landlord).filter_by(login=landlord_login).first() if not landlord: response = HTTPFound(self.request.route_url('home')) response.delete_cookie('landlord_login') return response orders = DBSession.query(Order).join(LandlordAddress).join(Landlord)\ .filter(Landlord.login == landlord_login) pending_orders = orders.filter(Order.status == 0) return dict( landlord=landlord, orders=orders, pending_orders=pending_orders, )
def landlord_address_delete(self): landlord_login = self.request.cookies.get('landlord_login') landlord = DBSession.query(Landlord).filter_by(login=landlord_login).first() if not landlord: response = HTTPFound(self.request.route_url('home')) response.delete_cookie('landlord_login') return response id = self.request.matchdict.get('uid') address = DBSession.query(LandlordAddress).join(Landlord)\ .filter(Landlord.login == landlord_login)\ .filter(LandlordAddress.uid == id).first() if not address: return HTTPFound(self.request.route_url('landlord_profile')) try: DBSession.delete(address) except SQLAlchemyError: return HTTPFound(self.request.route_url('landlord_profile')) return HTTPFound(self.request.route_url('landlord_profile'))
def landlord_edit(self): landlord_login = self.request.cookies.get('landlord_login') landlord = DBSession.query(Landlord).filter_by(login=landlord_login).first() if not landlord: response = HTTPFound(self.request.route_url('home')) response.delete_cookie('landlord_login') return response landlord_form = self.landlord_form if 'submit' in self.request.params: controls = self.request.POST.items() try: appstruct = landlord_form.validate(controls) except deform.ValidationFailure as e: return dict(landlord=landlord, form=e.render()) # Change the content and redirect to the view landlord.login = appstruct['login'] landlord.email = appstruct['email'] landlord.full_name = appstruct['full_name'] landlord.phone_number = appstruct['phone'] try: DBSession.flush() except IntegrityError as e: log.exception(e) return Response('LandLord with this email or login is already exists.') url = self.request.route_url('landlord_profile') return HTTPFound(url) form = self.landlord_form.render(dict( uid=landlord.uid, login = landlord.login, email = landlord.email, full_name = landlord.full_name, phone = landlord.phone_number, ) ) return dict(landlord=landlord, form=form)
def log_out(request): if "cherubplay" in request.cookies: request.login_store.delete("session:" + request.cookies["cherubplay"]) response = HTTPFound(request.route_path("home")) response.delete_cookie("cherubplay") return response
def confirm(request): if not 'order' in request.cookies: return {'error': True, 'community': Settings.Community} order = json.loads(request.cookies['order']) try: steamid = order['steamid'] email = order['email'] promocode = order['promocode'] server = order['server'] item = order['item'] promo = None except: return {'error': True, 'community': Settings.Community} server = Settings.Session.query(Server).filter(Server.id == order['server']).scalar() item = Settings.Session.query(Item).filter(Item.id == order['item']).scalar() if not server or not item or not re.match(r'[^@]+@[^@]+\.[^@]+', email): return {'error': True, 'community': Settings.Community} promotions = [] price = item.price for promotion in [promo.promotion for promo in item.promotions if promo.promotion.type == 1 and '%' not in promo.promotion.value and time.time() < promo.promotion.expires]: try: price = price - float(promotion.value) promotions.append(promotion) except: continue for promotion in [promo.promotion for promo in item.promotions if promo.promotion.type == 1 and '%' in promo.promotion.value and time.time() < promo.promotion.expires]: try: price = price - (price * (float(promotion.value.replace('%', '')) / 100)) promotions.append(promotion) except: continue; if price < 0: price = 0 try: commid = SteamIDToCommunityID(steamid) except SteamFormatException: return {'error': True, 'community': Settings.Community} if promocode != '': print "Code: %s" % promocode for promotion in [promo.promotion for promo in item.promotions if promo.promotion.type == 2 and time.time() < promo.promotion.expires]: if promotion.code == promocode: promo = promotion if '%' in promo.value: try: price = price - (price * (float(promo.value.replace('%', '')) / 100)) promotions.append(promo) except: pass else: try: price = price - float(promo.value) promotions.append(promo) except: pass break if price < 0: price = 0 if 'checkout' in request.params: txn = Transaction(item.id, server.id, round(price,2), steamid, email, time.time()) Settings.Session.add(txn) Settings.Session.flush() Settings.Session.refresh(txn) payment = paypalrestsdk.Payment({ "intent": "sale", "payer": {"payment_method": "paypal"}, "redirect_urls": { "return_url": request.route_url('paypal/execute', txn=txn.txn_id), "cancel_url": request.route_url('paypal/cancel', txn=txn.txn_id)}, "transactions": [{ "item_list": { "items": [{ "name": item.name, "sku": item.id, "price": round(price,2) if round(price,2) % 1 != 0 else int(round(price,2)), "currency": "USD", "quantity": 1 }]}, "amount": { "total": round(price,2) if round(price,2) % 1 != 0 else int(round(price,2)), "currency": "USD",}}]}) if payment.create(): Settings.Session.add(OngoingTransaction(payment.id, txn.txn_id)) try: Settings.Session.commit() except: Settings.Session.rollback() for link in payment.links: if link.method == 'REDIRECT': redirect_url = link.href response = HTTPFound(location=redirect_url) response.delete_cookie('order') return response else: print payment.error Settings.Session.delete(txn) try: Settings.Session.commit() except: Settings.Session.rollback() return {'error': True, 'community': Settings.Community} steamapi.core.APIConnection(api_key=Settings.SteamAPI) user = steamapi.user.SteamUser(commid) path = [{"href": request.route_url('home'), "name": "Home", "active": False}, {"href": '{href}?sid={sid}'.format(href=request.route_url('home'), sid=server.id), "name": server.name, "active": False}, {"href": request.route_url('order', server=server.id, product=item.id), "name": item.name, "active": True}] return {'item': item, 'server': server, 'user': user, 'email': email, 'steamid': steamid, 'promotions': promotions, 'error': False, 'path': path, 'price': round(price,2), 'community': Settings.Community}
def logout(request): headers = forget(request) response = HTTPFound(location=route_url('home', request), headers=headers) response.delete_cookie('user') return response
def logout(request): response = HTTPFound('/') response.delete_cookie('user_id') return response
def logOut(request): redirect = HTTPFound('/') redirect.delete_cookie('sessionData') redirect.delete_cookie('filterList') return redirect
def create_invoice(self): records = self.request.params.getall('records') if records: fullname = self.request.params.get('customer.name','') email = self.request.params.get('customer.email','') address = self.request.params.get('customer.address','') address2 = self.request.params.get('customer.address2','') phone = self.request.params.get('customer.phone','') agreement = Validators.bool(self.request.params.get('customer.agreement',0)) checkout = self.request.params.getall('customer.checkout') deliver_digitally = False deliver_physically = False # Delivery Options for option in checkout: if option == 'digitally': deliver_digitally = True if option == 'physically': deliver_physically = True # Prep Orders orders = [] total_price = 0.0 location_emails = {} # to notify any locations a request has been made for record in records: c = Cases.load(id=int(record)) e = Entities.load(case_id=int(record)) r = Roles.load(id=e.role) l = Archives.load(id=c.archive) location_emails[l.email] = l.email total_price += float(r.price) orders.append({'case':int(c.id), 'price' : r.price, 'location':int(l.id)}) invoice = Invoices(fullname=fullname, email=email, address=address, county_state_zip=address2, phone=phone, records=orders, agreement_accepted=agreement, deliver_digitally=deliver_digitally, deliver_physically=deliver_physically, total_price='${:,.2f}'.format(total_price)) invoice.insert(self.request) invoice = Invoices.load(order='id desc') #Email Client starting_status = Statuses.load(order='priority asc') Emailer.send(self.request, [email], starting_status.email_subject, starting_status.email_message, link=self.request.application_url + '/invoice/' + invoice.hash ) #Email Archives Involved Emailer.send(self.request, list(location_emails), 'Order request has been placed', 'A new order request has been placed', link=self.request.application_url + '/login?goto=' + self.request.application_url + '/manage/orders' ) response = HTTPFound(location=route_url('invoice', self.request, hash=invoice.hash)) response.delete_cookie('basket') return response else: return self.response
def log_out(request): if "cherubplay" in request.cookies: request.login_store.delete("session:" + request.cookies["cherubplay"]) response = HTTPFound(request.route_path("home")) response.delete_cookie("cherubplay") return response
def __call__(self): """ login view callable """ # convenient method to set Cache-Control and Expires headers self.request.response.cache_expires = 0 dbsession = DBSession() params = self.request.params login_url = route_url('login', self.request) message = '' # playerid, password from cookie playerid = '' password = '' passwordFromCookie = False lc = self.request.cookies.get('cis_login_credentials', '') if lc: lc = lc.split('|') if len(lc) == 3: passwordFromCookie = True playerid = lc[0] password = lc[1] activeUser = User() activeUser.playerid = playerid activeUser.password = password user = None errors = {} passwordOk = False referrer = self.request.url if referrer == login_url: referrer = '/' came_from = self.request.params.get('came_from', referrer) url = came_from logged_in = authenticated_userid(self.request) headers = '' initial_login = not logged_in storeplayeridPwd = params.get('remember', '') # if already logged in and requesting this page, redirect to forbidden if logged_in: message = 'You do not have the required permissions to see this page.' return dict( message=message, url=url, came_from=came_from, password=password, user=activeUser, headers=headers, errors=errors, logged_in=logged_in, remember=storeplayeridPwd ) # check whether we are asked to do an autologin (from pwdreset.py) autologin = 0 #self.request.session.pop_flash(queue='autologin') # 'SECURITY RISK' forcelogin = lc and self.request.params.get('forcelogin', '') if forcelogin or autologin or 'form.submitted' in params: if autologin: autologin = autologin[0].split('|') playerid = autologin[0] password = autologin[1] #encrypted elif forcelogin: pass else: playerid = params['playerid'] # when we get a password from a cookie, we already receive it encrypted. If not, encrypt it here password = (passwordFromCookie and password) or params['password'] if not password: errors['password'] = "******" else: # if autologin, we already receive it encrypted. If not, encrypt it here password = ((forcelogin or autologin) and password) or hashlib.md5(params['password']).hexdigest() if not playerid: errors['playerid'] = "Enter your player id" if playerid and password: user = dbsession.query(User).filter_by(playerid=playerid).first() if user: passwordOk = (user.password == password) if not user: message = 'You do not have a CIS account' elif user.banned: message = 'Your account has been banned.' elif not user.activated: message = 'Your account has not yet been activated' elif not passwordOk: message = 'Your account/password do not match' else: # READY TO LOGIN, SOME FINAL CHECKS now = datetime.now() headers = remember(self.request, user.playerid) last_login = now.strftime('%Y-%m-%d %H:%M:%S') user.last_web = last_login response = HTTPFound() user.last_login = last_login response.headers = headers response.content_type = 'text/html' response.charset = 'UTF-8' if storeplayeridPwd: cookie_val = '%s|%s' % (playerid, password) response.set_cookie('cis_login_credentials', cookie_val, max_age=timedelta(days=365), path='/') response.location = came_from if (not forcelogin) and (not storeplayeridPwd): response.delete_cookie('cis_login_credentials') response.cache_control = 'no-cache' return response activeUser.playerid = playerid storeplayeridPwd = self.request.cookies.get('cis_login_credentials') and '1' or '' return dict( message=message, url=url, came_from=came_from, password=password, user=activeUser, headers=headers, errors=errors, logged_in=logged_in, remember=storeplayeridPwd )