def page_view(request):
page_id = request.matchdict['page_id']
page = request.context.page
if not page:
## TODO: setup notfound view
raise NotFound("No such page {0}".format(page_id))
logged_in = authenticated_userid(request)
api = get_template('ravel:templates/main.pt')
commentschema = Comment()
commentform = Form(commentschema,
action=route_url('comment_add',
request,
page_id=page_id),
buttons=('submit',),
use_ajax=True)
commentform['comment'].widget = widget.TextAreaWidget(rows=10, cols=60)
print page.get('comments', None)
return {
'api' : api,
'description' : page['description'],
'edit_url' : route_url('page_edit', request, page_id=page_id),
'logged_in' : logged_in,
'title' : page['title'],
'body' : page['body'],
'commentform' : commentform.render(),
'comments' : page.get('comments', None)
}
def tag_articles(request):
_ = request.translate
tag = request.matchdict['tag']
page_size = int(get_config('elements_on_page'))
start_page = 0
if 'start' in request.GET:
try:
start_page = int(request.GET['start'])
except ValueError:
start_page = 0
user = request.user
dbsession = DBSession()
q = dbsession.query(Article).join(Tag).options(joinedload('tags')).options(joinedload('user')).order_by(Article.published.desc())
if not user.has_role('editor'):
q = q.filter(Article.is_draft==False)
c = {}
c['articles'] = q.filter(Tag.tag == tag)[(start_page * page_size):(start_page+1) * page_size + 1]
c['prev_page'] = None
if len(c['articles']) > page_size:
c['prev_page'] = route_url('blog_tag_articles', request, tag=tag, _query=[('start', start_page+1)])
c['articles'].pop()
c['next_page'] = None
if start_page > 0:
c['next_page'] = route_url('blog_tag_articles', request, tag=tag, _query=[('start', start_page-1)])
c['page_title'] = _(u'Articles labeled with tag “{0}”'.format(tag))
return c
def edit_page(request):
"""Edit a given page."""
session = DBSession()
matchdict = request.matchdict
page = session.query(Page).join(User).filter(Page.id == matchdict["page_id"]).order_by(desc(Page.modified_time)).one()
if 'submitted' in request.params:
fs = FieldSet(page, data=request.params)
# TODO
# add validation
# Not sure why this is necessary...shouldn't I just be able to pass the session to FieldSet and have it sync?
page.title = fs.title.value
page.content = fs.content.value
page.modified_time = time.time()
page.location = fs.location.value
session.add(page)
return HTTPFound(location = route_url("view_page", request, page_location = page.location))
elif 'delete' in request.params:
session.delete(page)
return HTTPFound(location = route_url("edit_pages", request))
edit_blog_post_url = route_url("edit_page", request, page_id = page.id)
fs = FieldSet(page)
fs.configure(options=[fs.content.textarea(size=(45, 10))], exclude = [fs["modified_time"], fs["created_time"], fs["user"]])
form = fs.render()
# TODO
# Figure out how to delete using checkboxes
return dict(title = "Edit '%s'" % page.title, save_name = save_name, delete_name = delete_name, form = form)
def user_chirps(request):
dbsession = DBSession()
userid = authenticated_userid(request)
user = dbsession.query(User).filter_by(userid=userid).first()
matchdict = request.matchdict
other_userid = matchdict.get('userid')
other_user = dbsession.query(User).filter_by(userid=other_userid).first()
url = route_url('users', request, userid=other_userid)
if other_user is None:
return HTTPNotFound(location=url)
chirps = dbsession.query(Chirp).filter(Chirp.author==other_user)
chirps = chirps.order_by(Chirp.timestamp.desc()).limit(30)
follows = dbsession.query(Follower).filter(Follower.follower==other_user.id)
follows = follows.order_by(Follower.follows.asc()).limit(10)
followers = dbsession.query(Follower).filter(Follower.follows==other_user.id)
followers = followers.order_by(Follower.follower.asc()).limit(10)
followed = dbsession.query(Follower).filter(Follower.follower==user.id)
followed = followed.filter(Follower.follows==other_user.id).first()
follow_url = route_url('follow', request, userid=other_userid)
unfollow_url = route_url('unfollow', request, userid=other_userid)
return {'app_url': request.application_url,
'static_url': request.static_url,
'userid': userid,
'chirps': chirps,
'user_chirps': True,
'user': other_user,
'original_user': user,
'elapsed': get_elapsed,
'follows': follows,
'followers': followers,
'followed': followed,
'follow_url': follow_url,
'unfollow_url': unfollow_url
}
def confirm_login(request):
"""Renders a login form for a user that needs to login in order to
authenticate an active OpenID authentication request.
"""
if 'form.submitted' in request.POST:
if request.POST.get('csrf_token') != request.session.get_csrf_token():
raise Forbidden
login = request.POST.get('login', '')
password = request.POST.get('password', '')
user = DBSession().query(User).filter_by(username=login).first()
if user is not None and user.check_password(password):
headers = remember(request, user.username)
return HTTPFound(
location=route_url('openid_confirm_login_success', request),
headers=headers)
else:
request.session.flash(_(u'Failed to log in, please try again.'))
options = {
'title': _(u'Log in to authenticate OpenID request'),
'login_name': request.params.get('login', ''),
'action_url': route_url('openid_confirm_login', request),
#'reset_url': route_url('reset_password', request),
'csrf_token': request.session.get_csrf_token(),
}
return render_to_response('templates/openid_confirm_login.pt', options, request)
def register(self):
if not Validate.bool(self.settings('allow_local_registration','false')):
return HTTPFound(location=route_url('menu', self.request))
self.response['email'] = ''
if 'form.submitted' in self.request.params:
self.response['email'] = Validate.sanatize(self.request.params['email'])
password = Validate.sanatize(self.request.params['password'])
repassword = Validate.sanatize(self.request.params['re.password'])
if Users.by({'email':self.response['email']}).first():
self.response['message'] = "Email already in use"
return self.template('register.pt')
if not Validate.email(self.response['email']):
self.response['message'] = "Not a valid email address"
return self.template('register.pt')
if not Validate.password(password):
self.response['message'] = "Improper password."
return self.template('register.pt')
if repassword != password:
self.response['message'] = "Passwords do not match."
return self.template('register.pt')
# Below is good
Users.registerLocalUser(self.response['email'], password)
return HTTPFound(location=route_url('login', self.request))
return self.template('register.pt')
def get_tools(request, client, value=False):
if value:
tools_dicts = [{
"label": "Description",
"value": client.entity()["description"],
"url": route_url("entity", request, **request.matchdict),
}]
else:
tools_dicts = [{
"label": "Description",
"url": route_url("entity", request, **request.matchdict),
}]
for tool_name in TOOLS:
tool_value = getattr(client, tool_name)()
if tool_value and tool_value["objects"]:
if value:
tools_dicts.append({
"label": tool_name,
"value": tool_value,
"url": route_url(tool_name, request, **request.matchdict),
})
else:
tools_dicts.append({
"label": tool_name,
"url": route_url(tool_name, request, **request.matchdict),
})
return tools_dicts
def register(self):
if not Validate.bool(self.settings("allow_local_registration", "false")):
return HTTPFound(location=route_url("menu", self.request))
self.response["email"] = ""
if "form.submitted" in self.request.params:
self.response["email"] = Validate.sanatize(self.request.params["email"])
password = Validate.sanatize(self.request.params["password"])
repassword = Validate.sanatize(self.request.params["re.password"])
if Users.by({"email": self.response["email"]}).first():
self.notify("Email already in use!", warn=True)
return self.template("register.pt")
if not Validate.email(self.response["email"]):
self.notify("Not a valid email address!", warn=True)
return self.template("register.pt")
if not Validate.password(password):
self.notify("Improper password!", warn=True)
return self.template("register.pt")
if repassword != password:
self.notify("Passwords do not match!", warn=True)
return self.template("register.pt")
# Below is good
Users.registerLocalUser(self.response["email"], password)
return HTTPFound(location=route_url("login", self.request))
return self.template("register.pt")
def yadis(request):
"""Serves the YADIS XRDS documents to facilitate service discovery."""
OPENID_AX = 'http://openid.net/srv/ax/1.0'
if request.matchdict.get('local_id', '').strip():
session = DBSession()
account = session.query(User).filter(User.username == request.matchdict['local_id']).first()
if account is None:
raise NotFound()
# User specific XRDS document
options = {
'service_types': [discover.OPENID_2_0_TYPE, OPENID_AX, sreg.ns_uri],
'local_id': identity_url(request, request.matchdict['local_id']),
'uri': route_url('openid_endpoint', request),
}
else:
# Server XRDS document
options = {
'service_types': [discover.OPENID_IDP_2_0_TYPE, OPENID_AX, sreg.ns_uri],
'uri': route_url('openid_endpoint', request),
}
response = render_to_response('templates/openid_yadis.pt', options, request)
response.content_type = 'application/xrds+xml'
return response
def save_address(request):
username = request.params["username"]
try:
login(username, request.params["password"])
except:
request.session.flash("Error: Invalid Fedora Credentials")
return HTTPFound(route_url("accept", request))
app = DBSession.query(Application).filter_by(username=username).first()
if not app:
request.session.flash("Error: You did not submit an application.")
return HTTPFound(route_url("accept", request))
if not app.approved:
request.session.flash("Error: Your application has not been approved.")
return HTTPFound(route_url("accept", request))
app.address = request.params["address"]
mailer = get_mailer(request)
admins = request.registry.settings["admin_email"].split()
sender = request.registry.settings["email_from"]
body = (
"Real Name: %s\nUsername: %s\nCountry: %s\n Hardware: %s\n" + "Shield: %s\nDate Submitted: %s\nAddress: %s"
) % (app.realname, app.username, app.country, app.hardware, app.shield, app.date, app.address)
message = Message(
subject="[Fedora Summer of Open Hardware] Address " "submitted for %s" % username,
sender=sender,
recipients=admins,
body=body,
)
DBSession.commit()
mailer.send_immediately(message, fail_silently=False)
request.session.flash("Your address has been submitted.")
return HTTPFound(request.application_url)
def feedback(project, request):
session = DBSession()
item_id = request.matchdict.get('item_id',None)
items = project.get_items_for_user(request.user)
pending_items = [i for i in items if not i.submitted]
completed_items = [i for i in items if i.submitted]
if item_id:
item = project.get_item_for_user(request.user, item_id)
elif pending_items:
item = pending_items[0]
else:
item = None
if item is not None:
item = project.get_item(item.id)
feedback = session.query(FeedbackRecord).filter(FeedbackRecord.user==request.user).filter(FeedbackRecord.item==item).first()
else:
feedback = None
item_controller = FormController(project.item_form)
feedback_controller = FormController(project.feedback_form)
if request.method == 'POST' and item:
feedback_controller.validate_from_request(request)
if feedback_controller.errors:
request.session.flash('There was a problem with your feedback', 'errors')
else:
if not feedback:
feedback = FeedbackRecord(project, request.user, item)
session.add(feedback)
feedback.update_submitted()
feedback_controller.populate_record_from_request(feedback, request)
request.session.flash('Feedback on %s submitted' % item.title, 'messages')
# Once feedback is submitted, load the next
# record from the top of the list
if request.params.get('submit','') == 'save_and_next':
return HTTPFound(
location=route_url('project:feedback', request, project_id=project.id)
)
else:
return HTTPFound(
location=route_url('project:feedback:item', request, project_id=project.id, item_id=item.id)
)
return dict(
pending_items=pending_items,
completed_items=completed_items,
item=item,
item_values=item_controller.render_values(request, item),
form_widgets=feedback_controller.render_widgets(request, feedback),
project=project,
responsive_layout=True,
)
def login(request):
logged_in = authenticated_userid(request)
if logged_in:
return HTTPFound(location=route_url("home", request))
session = DBSession()
schema = schemas.Login()
result = {"_csrf_": request.session.get_csrf_token()}
errors = []
if request.POST:
if not validate_csrf(request):
return HTTPUnauthorized("Not authorized")
try:
form_result = schema.to_python(request.params)
user = (
session.query(User)
.filter(and_(User.email == form_result["email"], User.password == func.sha1(form_result["password"])))
.first()
)
if user:
headers = remember_me_header(request, user.email)
return HTTPFound(location=route_url("home", request), headers=headers)
else:
errors.append("form")
except validators.Invalid, e:
errors = e.error_dict
def login(request):
"""Renders a login form and logs in a user if given the correct
credentials.
"""
session = DBSession()
username = u''
log = logging.getLogger('nuorisovaalitadmin')
if 'form.submitted' in request.POST:
username = request.POST['username']
if request.session.get_csrf_token() != request.POST.get('csrf_token'):
log.warn('CSRF attempt at {0}.'.format(request.url))
raise Forbidden(u'CSRF attempt detected.')
else:
user = session.query(User).filter_by(username=username).first()
password = request.POST['password']
if user is not None and user.check_password(password):
headers = remember(request, user.username)
request.session.flash(u'Olet kirjautunut sisään.')
log.info('Successful login for "{0}".'.format(user.username))
return HTTPFound(location=request.application_url, headers=headers)
log.warn('Failed login attempt for {0}'.format(request.POST.get('username').encode('utf-8')))
request.session.flash(u'Kirjautuminen epäonnistui')
request.add_response_callback(disable_caching)
return {
'title': u'Kirjaudu sisään',
'action_url': route_url('login', request),
'username': username,
'reset_url': route_url('reset_password', request),
'csrf_token': request.session.get_csrf_token(),
}
def record_first(project, request):
if project.items:
return HTTPFound(
location=route_url("project:record", request, project_id=project.id, record_id=project.items[0].id)
)
else:
return HTTPFound(location=route_url("project:record:add", request, project_id=project.id))
def accessibility_view(self):
category = self._secure_get_category(int(self.request.matchdict['id']))
if self.request.params.get('nojs','0') != '1':
if not self.request.user.needs_accessibility:
return HTTPFound(location=route_url('category', self.request))
id = self.request.user.current_test
test = Tests.by(id).first()
results = TestsResults.by({'tests_id':id}, sort='id asc').all()
if 'form.submit' in self.request.params:
for key, value in self.request.params.iteritems():
key_type, sep, rid = key.rpartition(".")
if key_type == 'question':
result = TestsResults.by(rid).first()
passed = TestManager.check_answer_byid(result.question_sets_id, int(value))
result.correctly_answered = passed
if not passed:
result.wrong_attempts = test.max_wrong_answer_allowed
result.attempted = True
result.duration = self._accessibility_duration_calculator(self.request.params['st'], len(results), test.question_time_allowed)
final = self._test_calculator(test,results,result)
transaction.commit()
return HTTPFound(location=route_url('score', self.request, id=id))
else:
self.response['time_started'] = int(time.time())
self.response['test'] = test
self.response['results'] = []
for result in results:
self.response['results'].append({'question_set': result,
'answer': result.get_answers()})
return self.template('playing-accessibility.pt')
def upload_file(request):
# ``filename`` contains the name of the file in string format.
#
# WARNING: this example does not deal with the fact that IE sends an
# absolute file *path* as the filename. This example is naive; it
# trusts user input.
provider = request.POST['media-site']
#provider = request.matchdict.get('provider', 'youtube')
service = get_service(request, provider)
if service is None:
return HTTPFound(route_url('login', request, provider=provider))
log.debug('Uploading file: provider=%s' % provider)
# we have to ASCII-encode the string. if we use the utf-8 encoding the
# flickrapi library crashes at file upload.
filename = request.POST['filepath'].filename.encode('ascii')
log.debug('filename: ' + filename);
# 'filepath' contains the actual file data which needs to be
# stored somewhere.
input_file = request.POST['filepath'].file
out_filepath = get_file_from_user(filename, input_file)
log.debug('Output filepath: %s' % out_filepath)
# get media metadata.
pub_metadata = service.create_pub_metadata(request)
# upload the media file to the selected media sites.
service.publish(out_filepath, pub_metadata)
log.debug('Uploading succeeded.')
return HTTPFound(route_url('list_media', request, provider=provider))
def save_new_user(request):
login = request.POST['login']
email = request.POST['email']
if len(login) == 0 or len(email) == 0:
return Response('Bad input', content_type='text/plain', status_int=500)
try:
exists = DBSession.query(User).filter(or_(User.login == login,
User.email == email)).count()
if exists > 0:
existing_user = DBSession.query(User).filter(User.login == login).first()
return HTTPFound(location=route_url('show_user', request, id=existing_user.id))
user = User(login, email)
user.first_name = request.POST['first_name']
user.last_name = request.POST['last_name']
user.user_name = request.POST['user_name']
user.password = request.POST['password']
user.gender = request.POST['gender']
user.created_date = datetime.datetime.now()
user.last_login_date = datetime.datetime.now()
DBSession.add(user)
DBSession.flush()
return HTTPFound(location=route_url('show_user', request, id=user.id))
except DBAPIError:
return Response(conn_err_msg, content_type='text/plain', status_int=500)
def admin_login(self, context, request):
"""
Logs the admin user in.
"""
login_url = route_url("admin-login", request)
referrer = request.url
if referrer == login_url:
referrer = "/admin/"
came_from = request.params.get("came_from", referrer)
message = ""
# See if the login form was submitted
if "auth_key" in request.params:
auth_key = request.params["auth_key"]
if self.check_admin_auth_key(auth_key):
headers = remember(request, "admin")
return HTTPFound(location=came_from, headers=headers)
message = "Incorrect password."
# Credentials not submitted or incorrect, render login page
filename = os.path.join(os.path.dirname(__file__), "admin", "login.html")
lookup_path = os.path.join(os.path.dirname(__file__), "admin", "include")
lookup = TemplateLookup(directories=[lookup_path])
template = Template(filename=filename, lookup=lookup)
kwargs = {
"message": message,
"url": route_url("admin-login", request),
"came_from": came_from,
"user": "",
"loggedin": False,
}
body = template.render(**kwargs)
return Response(body=body)
def render(self):
user = User.by_id(self.session,
int(self.request.matchdict['user_id']))
if self.user.has_no_role:
# can only see own requests
if user.id != self.user.id:
return HTTPFound(location=route_url('list_request',
self.request))
if self.user.is_manager:
# can only see own requests and managed user requests
if ((user.id != self.user.id)
and (user.manager_id != self.user.id)):
return HTTPFound(location=route_url('list_request',
self.request))
today = datetime.now()
year = int(self.request.params.get('year', today.year))
start = datetime(2014, 5, 1)
years = [item for item in reversed(range(start.year, today.year + 1))]
pool_history = User.get_rtt_history(self.session, user, year)
return {'user': user, 'year': year, 'years': years,
'pool_history': pool_history}
def activate(request):
"""
"""
user_id = request.matchdict.get('user_id')
user = AuthUser.get_by_id(user_id)
submitted_hmac = request.matchdict.get('hmac')
current_time = time.time()
time_key = int(base64.b64decode(submitted_hmac[10:]))
if current_time < time_key:
hmac_key = hmac.new('%s:%s:%d' % (str(user.id), \
apex_settings('auth_secret'), time_key), \
user.email).hexdigest()[0:10]
if hmac_key == submitted_hmac[0:10]:
user.active = 'Y'
DBSession.merge(user)
DBSession.flush()
flash(_('Account activated. Please log in.'))
activated_route = apex_settings('activated_route')
if not activated_route:
activated_route = 'apex_login'
return HTTPFound(location=route_url(activated_route, request))
flash(_('Invalid request, please try again'))
return HTTPFound(location=route_url(apex_settings('came_from_route'), \
request))
def edit_blog_post(request):
session = DBSession()
matchdict = request.matchdict
post = session.query(Post).filter(Post.id == matchdict["post_id"]).one()
if 'submitted' in request.params:
fs = FieldSet(post, data=request.params)
# TODO
# Not sure why this is necessary...shouldn't I just be able to pass the session to FieldSet and have it sync?
post.title = fs.title.value
post.content = fs.content.value
post.modified_time = time.time()
session.add(post)
return HTTPFound(location = route_url("view_blog_post", request, post_id = post.id))
if 'delete' in request.params:
session.delete(post)
return HTTPFound(location = route_url("edit_blog", request))
edit_blog_post_url = route_url("edit_blog_post", request, post_id = post.id)
fs = FieldSet(post)
fs.configure(options=[fs.content.textarea(size=(45, 10))], exclude = [fs["modified_time"], fs["created_time"], fs["user"]])
form = fs.render()
return dict(form = form, title = post.title, edit_blog_post_url = edit_blog_post_url)
def final_bet(request):
player = request.authenticated_userid
final_tip = Final.get_player_tip(player)
if final_tip:
request.session.flash(u'You already entered a final tip.')
return HTTPFound(location=route_url('view_final_tip', request, player=player))
final_tip = Final(player)
form = Form(request, schema=FinalBetSchema, obj=final_tip)
if 'form.submitted' in request.POST and form.validate():
# verify, that the tip was entered on time
if FINAL_DEADLINE < datetime.now():
return HTTPFound(location=route_url('too_late', request))
final_tip.d_team1 = form.data['d_team1']
final_tip.d_team2 = form.data['d_team2']
final_tip.d_score1 = form.data['d_score1']
final_tip.d_score2 = form.data['d_score2']
DBSession.add(final_tip)
return HTTPFound(location=route_url('view_final_tip', request, player=player))
teams = [(team.d_id,team.d_name) for team in Team.get_all()]
return { 'tip': final_tip,
'form': FormRenderer(form),
'teams': teams,
'navigation': navigation_view(request) }
def record(project, request):
form_controller = FormController(project.item_form)
record_id = request.matchdict.get("record_id", None)
if record_id is not None:
record = project.get_item(record_id)
else:
record = None
if record and not record.reviewed:
record.reviewed = True
if request.method == "POST":
title = request.params.get("title", "").strip()
submit = request.params.get("submit", "")
if not title and submit.find("finish") >= 0:
return HTTPFound(location=route_url("project:feedback_form", request, project_id=project.id))
elif not title:
request.session.flash("%s Name or Title is required!" % project.item_name, "errors")
elif title:
form_controller = FormController(project.item_form)
form_controller.validate_from_request(request)
if form_controller.errors:
request.session.flash("There was a problem with your submission", "errors")
else:
request.session.flash("%s saved!" % title, "messages")
if record is None:
record = ItemRecord(project, title)
record.title = title
form_controller.populate_record_from_request(record, request)
session = DBSession()
session.add(record)
session.flush()
if submit.find("add") >= 0:
route = "project:record:add"
elif submit.find("finish") >= 0:
route = "project:feedback_form"
else:
route = "project:record"
return HTTPFound(location=route_url(route, request, project_id=project.id, record_id=record.id))
return dict(
project=project,
menu=project_menu(project, request, "records"),
form_widgets=form_controller.render_widgets(request, record),
record=record,
)
def front_page(request):
return {
'title': _(u'Nuorisovaalit 2011 - Tunnistautuminen'),
#'login_url': route_url('login', request),
#'logout_url': route_url('logout', request),
'openid_endpoint': route_url('openid_endpoint', request),
'xrds_location': route_url('yadis_server', request),
}
def resources(request):
resources_url = route_url('resources', request, **request.matchdict)
toc_url = route_url('toc', request, **request.matchdict)
return {
'project': 'mobileyutzu',
'resources': resources_url,
'toc': toc_url,
}
def signup(request):
user = request.user
if user and not user.is_temporary():
raise StandardError, "You may not signup while logged in"
came_from = request.params.get('came_from', request.referer)
login_url = route_url('auth:login', request)
signup_url = route_url('auth:signup', request)
home_url = route_url('home', request)
if came_from in [login_url, signup_url, home_url]:
came_from = route_url('project:list', request)
name = request.params.get('name','')
email = request.params.get('email','')
password = request.params.get('password','')
password_confirm = request.params.get('password_confirm','')
if request.method == 'POST':
if not (name and email and password and password_confirm):
request.session.flash('Oops! Please complete all fields', 'signup_errors')
elif get_user(email=email):
request.session.flash('The e-mail address %s is already in use' % email, 'signup_errors')
elif password != password_confirm:
request.session.flash('Your passwords did not match', 'signup_errors')
else:
if user and user.is_temporary():
# user is logged in with a temporary account
# update the account information to transfer the current
# project
user.set_name(name)
user.set_email(email)
user.set_password(password)
location = came_from
else:
user = User(email, name, password)
location = came_from
session = DBSession()
session.add(user)
session.flush()
headers = remember(request, user.id)
return HTTPFound(
location=location,
headers=headers
)
return dict(
name=name,
email=email,
came_from=came_from
)
def check(match):
word = match.group(1)
exists = session.query(Page).filter_by(name=word).all()
if exists:
view_url = route_url('view_page', request, pagename=word)
return '<a href="%s">%s</a>' % (view_url, word)
else:
add_url = route_url('add_page', request, pagename=word)
return '<a href="%s">%s</a>' % (add_url, word)
def project(project, request):
if project.has_role(request.user, 'owner') or project.has_role(request.user, 'administrator'):
return HTTPFound(
location=route_url('project:records', request, project_id=project.id)
)
else :
return HTTPFound(
location=route_url('project:feedback', request, project_id=project.id)
)
def __init__(self, request):
super(ForgotPasswordController, self).__init__(request)
self.forgot_password_redirect_view = route_url(
self.settings.get('horus.forgot_password_redirect', 'index'),
request)
self.reset_password_redirect_view = route_url(
self.settings.get('horus.reset_password_redirect', 'index'),
request)
def check(match):
word = match.group(1)
exists = session.query(Page).filter_by(name=word).all()
if exists:
view_url = route_url('view_page', request, pagename=word)
return '<a href="%s">%s</a>' % (view_url, word)
else:
add_url = route_url('add_page', request, pagename=word)
return '<a href="%s">%s</a>' % (add_url, word)
def __init__(self, request):
super(ForgotPasswordController, self).__init__(request)
self.forgot_password_redirect_view = route_url(
self.settings.get('horus.forgot_password_redirect', 'index'),
request)
self.reset_password_redirect_view = route_url(
self.settings.get('horus.reset_password_redirect', 'index'),
request)
def openid_response(request):
"""Processes the response of the OpenID provider and upon successful
response authenticates the user.
In order for a user to be authenticated the following criteria must be
met:
* the OpenID provider has responded with a positive assertation.
* the verified OpenID identity must match an existing
:py:attr:`nuorisovaalit.models.Voter.openid` record.
In case the above criteria are not met the user is presented with an error
page.
:param request: The currently active request.
:type request: :py:class:`pyramid.request.Request`
"""
log = logging.getLogger('nuorisovaalit')
mode = request.params.get('openid.mode', None)
if mode == 'id_res':
# We received a positive authentication response.
consumer = make_consumer(request)
response = consumer.complete(request.params, request.url)
if response.status == SUCCESS:
identity = response.identity_url.rstrip('/')
session = DBSession()
user = session.query(Voter).filter(Voter.openid == identity).first()
if user is None:
log.warn('Failed to authenticate "{0}": unknown user.'.format(identity))
return openid_failure(request)
log.info('Authenticated "{0}".'.format(identity))
if user.has_voted():
url = route_url('vote-finish', request)
request.session['vote_registered'] = 'yes'
log.info('User "{0}" has already voted.'.format(identity))
else:
url = route_url('select', request)
headers = remember(request, identity)
return HTTPFound(location=url, headers=headers)
else:
log.warn('Failed to authenticate "{0}".'.format(response.identity_url))
return openid_failure(request)
elif mode == 'cancel':
# We received an explicit negative authentication response.
log.info('OpenID authentication canceled.')
return openid_canceled(request)
else:
log.warn('Unknown OpenID response mode: {0}.'.format(mode))
return openid_failure(request)
def test_read_view(self):
user = self.user_add()
self.profile_add(user)
request = testing.DummyRequest()
name = route_url('sa_read', request, table="user", id="1")
response = self.testapp.get(name)
self.failUnlessEqual(response.status, '200 OK')
name = route_url('sa_read', request, table="profile", id="1")
response = self.testapp.get(name)
self.failUnlessEqual(response.status, '200 OK')
def home_view(request):
if request.session.get('admin'):
return HTTPFound(location=route_url('app', request))
password = request.POST.get('password', None)
if password != ADMIN_PASSWORD:
return {'page': 'home'}
else:
request.session['admin'] = True
return HTTPFound(location=route_url('app', request))
return {'page': 'home'}
def add_page(request):
name = request.matchdict['pagename']
if 'form.submitted' in request.params:
session = DBSession()
body = request.params['body']
page = Page(name, body)
session.add(page)
return HTTPFound(
location=route_url('view_page', request, pagename=name))
save_url = route_url('add_page', request, pagename=name)
page = Page('', '')
return dict(page=page, save_url=save_url)
def apex_callback(request):
""" apex_callback(request):
no return value, called with route_url('apex_callback', request)
This is the URL that Velruse returns an OpenID request to
"""
redir = request.GET.get('came_from', \
route_url(apex_settings('came_from_route'), request))
headers = []
if 'token' in request.POST:
auth = apexid_from_token(request.POST['token'])
if auth:
user = AuthUser.get_by_login(auth['id'])
if not user:
auth_info = auth['profile']['accounts'][0]
id = AuthID()
DBSession.add(id)
user = AuthUser(
login=auth_info['userid'],
provider=auth_info['domain'],
)
if auth['profile'].has_key('verifiedEmail'):
user.email = auth['profile']['verifiedEmail']
id.users.append(user)
if apex_settings('default_user_group'):
for name in apex_settings('default_user_group'). \
split(','):
group = DBSession.query(AuthGroup). \
filter(AuthGroup.name==name.strip()).one()
id.groups.append(group)
if apex_settings('create_openid_after'):
openid_after = get_module(
apex_settings('create_openid_after'))
openid_after().after_signup(user)
DBSession.flush()
if apex_settings('openid_required'):
openid_required = False
for required in apex_settings('openid_required').split(','):
if not getattr(user, required):
openid_required = True
if openid_required:
request.session['id'] = id.id
request.session['userid'] = user.id
return HTTPFound(location='%s?came_from=%s' % \
(route_url('apex_openid_required', request), \
request.GET.get('came_from', \
route_url(apex_settings('came_from_route'), request))))
headers = apex_remember(request, user)
redir = request.GET.get('came_from', \
route_url(apex_settings('came_from_route'), request))
flash(_('Successfully Logged in, welcome!'), 'success')
return HTTPFound(location=redir, headers=headers)
def view_subject_list(request):
""" Show a list of all subjects for which there are notes available. """
session = DBSession()
subjects = session.query(Subject).all()
# Link back to home page
homelink = route_url('home', request)
# Pairs of (Subject Name, URL), used to construct subject links in template
link_info = []
for s in subjects:
# URLs generated by route_url relative to the last request
url = route_url('subject_index', request, subjectcode=s.code)
link_info.append((s.name, url))
return dict(link_info=link_info, homelink=homelink)
def edit_page(request):
name = request.matchdict['pagename']
session = DBSession()
page = session.query(Page).filter_by(name=name).one()
if 'form.submitted' in request.params:
page.data = request.params['body']
session.add(page)
return HTTPFound(
location=route_url('view_page', request, pagename=name))
return dict(
page=page,
save_url=route_url('edit_page', request, pagename=name),
)
def check(match):
"""
Checks if a given page exists and returns a link to it.
If the page does not exist it returns a link to add the page.
"""
word = match.group(1)
exists = session.query(Page).filter_by(name=word).all()
if exists:
result = (route_url('viewPage', request, pagename=word), word)
else:
result = (route_url('addPage', request, pagename=word), word)
return '<a href="%s">%s</a>' % result
def add_article(request):
if 'form.submitted' in request.POST:
with transaction.manager:
article = Article(title=request.POST['title'],
body=request.POST['body'])
DBSession.add(article)
return HTTPFound(location=route_url('article_list', request))
else:
return render_to_response(
'templates/add_article.pt',
{'back_url': route_url('article_list', request)},
request=request)
def render(self):
if 'submit' in self.request.params:
email = self.request.params.get('email', '')
user = User.by_email(self.session, email)
if user:
passhash = uuid.uuid4().hex
date_end = datetime.now() + relativedelta(seconds=86400)
# create hash entry in database with a TTL of 1 day
entry = PasswordRecovery(user_id=user.id,
hash=passhash,
date_end=date_end)
self.session.add(entry)
self.session.flush()
# call celery send mail task directly
from celery.registry import tasks
from celery.task import subtask
req_task = tasks['worker_mail']
settings = self.request.registry.settings
sender = 'pyvac@localhost'
if 'pyvac.password.sender.mail' in settings:
sender = settings['pyvac.password.sender.mail']
data = {
'sender':
sender,
'target':
user.email,
'subject':
'Password Recovery',
'content':
"""Hello,
we send you this mail because you requested a password reset, to proceed please click the link below:
%s
Reminder, your login is: %s
""" % (route_url('change_password', self.request,
passhash=passhash), user.login)
}
subtask(req_task).delay(data=data)
msg = 'Mail sent to %s for password recovery.' % user.email
self.request.session.flash('info;%s' % msg)
return HTTPFound(location=route_url('login', self.request))
return {}
def __init__(self, request):
super(AuthController, self).__init__(request)
schema = request.registry.getUtility(ISULoginSchema)
self.schema = schema().bind(request=self.request)
form = request.registry.getUtility(ISULoginForm)
self.login_redirect_view = route_url(
self.settings.get('su.login_redirect', 'index'), request)
self.logout_redirect_view = route_url(
self.settings.get('su.logout_redirect', 'index'), request)
self.form = form(self.schema)
def idea_vote(request):
post_data = request.POST
target = post_data.get('target')
session = DBSession()
idea = Idea.get_by_id(target)
voter_username = authenticated_userid(request)
voter = User.get_by_username(voter_username)
if post_data.get('form.vote_hit'):
idea.hits += 1
idea.author.hits += 1
voter.delivered_hits += 1
elif post_data.get('form.vote_miss'):
idea.misses += 1
idea.author.misses += 1
voter.delivered_misses += 1
idea.voted_users.append(voter)
session.flush()
redirect_url = route_url('idea', request, idea_id=idea.idea_id)
response = HTTPMovedPermanently(location=redirect_url)
return response
def render(self):
# synchronise user groups/roles
User.sync_ldap_info(self.session)
ldap = LdapCache()
users_entity = {}
for chapter, members in ldap.list_chapters().iteritems():
for member in members:
users_entity.setdefault(member, []).append(chapter)
# keep only managed users for managers
# use all users for admin
overviews = {}
if self.user.is_admin or self.user.has_feature(
'chapter_overview_full'): # noqa
for _, target_chapter in self.chapter_leaders.items():
chapter_stats = self.get_chapter_stats(target_chapter,
users_entity) # noqa
overviews.update({target_chapter: chapter_stats})
elif self.user.is_manager:
# retrieve logged chapter leader
target_chapter = self.chapter_leaders[self.user.login]
chapter_stats = self.get_chapter_stats(target_chapter,
users_entity) # noqa
overviews = {target_chapter: chapter_stats}
else:
return HTTPFound(location=route_url('home', self.request))
return {'users_entity': users_entity, 'overviews': overviews}
def render(self):
# keep only managed users for managers
# use all users for admin
overviews = {}
extra_managers = []
# check if admin user is also a manager
if User.managed_users(self.session, self.user):
extra_managers = [self.user]
if self.user.is_admin or self.user.has_feature('squad_overview_full'):
for manager in extra_managers + User.by_role(
self.session, 'manager'): # noqa
# retrieve logged leader squad
users_entity = User.managed_users(self.session, manager)
target_manager = manager.login.replace('.', '_')
manager_stats = self.get_manager_stats(users_entity)
if not manager_stats:
continue
overviews.update({target_manager: manager_stats})
elif self.user.is_manager:
# retrieve logged leader squad
users_entity = User.managed_users(self.session, self.user)
target_manager = self.user.login.replace('.', '_')
manager_stats = self.get_manager_stats(users_entity)
if manager_stats:
overviews = {target_manager: manager_stats}
else:
return HTTPFound(location=route_url('home', self.request))
return {'users_entity': users_entity, 'overviews': overviews}
def author_delete(request):
author = request.db.query(M.Author).get(request.matchdict.get('id'))
if not author:
raise HTTPNotFound
request.db.delete(author)
request.db.flush()
return HTTPFound(location=route_url('author', request))
def render_page(self, section, redirpath, values=None):
if self.endpath is None:
return HTTPFound(location=route_url('subsections',
self.request,
action=section,
endpath='/'.join(redirpath)))
self.c.active_footer_nav = '-'.join(
[self.request.matchdict.get('action')] + list(self.endpath))
for ext in ('.mako', '.rst'):
tmpl_path = ('templates/pages/%s/%s%s' %
(section, '/'.join(self.endpath), ext))
values = values or {}
if pkg_resources.resource_exists('pylonshq', tmpl_path):
if ext == '.mako':
return render_to_response('pylonshq:%s' % tmpl_path,
values, self.request)
else:
self.c.pagename = ' : '.join([
item.replace('-', ' ').title() for item in self.endpath
])
content = pkg_resources.resource_string(
'pylonshq', tmpl_path)
body = publish_parts(content,
writer_name='html')['html_body']
values = {'body': body}
return render_to_response('pylonshq:templates/rst.mako',
values, self.request)
raise NotFound()
def login(request):
"""Handle login request"""
login_url = route_url('login', request)
referrer = request.url
if referrer == login_url:
# never use the login form itself as came_from
referrer = '/'
came_from = request.params.get('came_from', referrer)
message = ''
login = ''
password = ''
if 'form.submitted' in request.params:
login = request.params['login']
password = request.params['password']
if USERS.get(login) == password:
headers = remember(request, login)
return HTTPFound(location=came_from, headers=headers)
message = 'Failed login'
return dict(
message=message,
url=request.application_url + '/login',
came_from=came_from,
login=login,
password=password,
)
def forbidden_view(request):
# do not allow a user to login if they are already logged in
if authenticated_userid(request):
return Forbidden()
loc = route_url('login', request, _query=(('next', request.path), ))
return HTTPFound(location=loc)
def document_delete(request):
document = request.db.query(M.Document).get(request.matchdict.get('id'))
if not document:
raise HTTPNotFound
request.db.delete(document)
request.db.flush()
return HTTPFound(location=route_url('document', request))
def forbidden(request):
""" forbidden(request)
No return value
Called when user hits a resource that requires a permission and the
user doesn't have the required permission. Will prompt for login.
request.environ['repoze.bfg.message'] contains our forbidden error in case
of a csrf problem. Proper solution is probably an error page that
can be customized.
bfg.routes.route and repoze.bfg.message are scheduled to be deprecated,
however, corresponding objects are not present in the request to be able
to determine why the Forbidden exception was called.
**THIS WILL BREAK EVENTUALLY**
**THIS DID BREAK WITH Pyramid 1.2a3**
"""
if request.environ.has_key('bfg.routes.route'):
flash(_('Not logged in, please log in'), 'error')
return HTTPFound(
location='%s?came_from=%s' %
(route_url('apex_login', request), current_route_url(request)))
else:
return Response(request.environ.get('repoze.bfg.message', \
'Unknown error message'))
def job_edit(request):
id = request.matchdict['job']
session = DBSession()
job = session.query(Job).get(id)
licenses = session.query(License).all()
if 'form.submitted' in request.params:
job.title = request.params['title']
job.short_description = request.params['short_description']
job.description = request.params['description']
job.workflow = request.params['workflow']
josm_preset = request.params['josm_preset']
josm_preset = josm_preset.value.decode(
'UTF-8') if josm_preset != '' else ''
job.josm_preset = josm_preset
job.is_private = request.params.get('is_private') == 'on'
job.imagery = request.params['imagery']
job.task_extra = request.params['task_extra']
if request.params['license_id'] != "":
license_id = int(request.params['license_id'])
license = session.query(License).get(license_id)
job.license = license
session.add(job)
return HTTPFound(location=route_url('job', request, job=job.id))
return dict(job=job, licenses=licenses)
def route_url(self, route_name, *elements, **kw):
""" Return the URL for the route named ``route_name``, using
``*elements`` and ``**kw`` as modifiers.
This is a convenience method. The result of calling
:meth:`pyramid.request.Request.route_url` is the same as calling
:func:`pyramid.url.route_url` with an explicit ``request``
parameter.
The :meth:`pyramid.request.Request.route_url` method calls the
:func:`pyramid.url.route_url` function using the Request object as
the ``request`` argument. The ``route_name``, ``*elements`` and
``*kw`` arguments passed to :meth:`pyramid.request.Request.route_url`
are passed through to :func:`pyramid.url.route_url` unchanged and its
result is returned.
This call to :meth:`pyramid.request.Request.route_url`::
request.route_url('route_name')
Is completely equivalent to calling :func:`pyramid.url.route_url`
like this::
from pyramid.url import route_url
route_url('route_name', request)
"""
return route_url(route_name, self, *elements, **kw)
def spend_view(request):
if not request.session.get('admin'):
return HTTPFound(location=route_url('home', request))
today = datetime.date.today()
period_id = request.GET.get('period', None)
if period_id:
dbsession = DBSession()
expenses = dbsession.query(Expense).\
filter(Expense.period_id==int(period_id)).\
filter(Expense.date==today).all()
period = Period.get_by_id(period_id)
expenses_sum = period.get_expenses(today)
return {'expenses': expenses, 'expenses_sum': expenses_sum}
return HTTPFound(location=route_url('app', request))
def author_update(request):
author = request.db.query(M.Author).get(request.matchdict.get('id'))
if not author:
raise HTTPNotFound
author.name = request.params.get('name')
return HTTPFound(
location=route_url('author_instance', request, id=author.id))
def user_add(request):
form = Form(request, schema=RegistrationSchema)
if 'form.submitted' in request.POST and form.validate():
session = DBSession()
username = form.data['username']
user = User(username=username,
password=form.data['password'],
name=form.data['name'],
email=form.data['email'])
session.add(user)
headers = remember(request, username)
redirect_url = route_url('main', request)
return HTTPFound(location=redirect_url, headers=headers)
login_form = login_form_view(request)
return {
'form': FormRenderer(form),
'toolbar': toolbar_view(request),
'cloud': cloud_view(request),
'latest': latest_view(request),
'login_form': login_form,
}
def user_regmail(request, user_id, email, hmac):
message_class = EmailMessageText()
message_text = getattr(message_class, 'activate')()
message_body = message_text['body'].replace(
'%_url_%',
route_url('email_activate', request, user_id=user_id, hmac=hmac))
send_email(request, email, message_text['subject'], message_body)
def forbidden_view(request):
loc = route_url('login', request, _query=(('next', request.path),))
# tries to refresh the token
refresh_token = request.session.get('refresh_token')
if refresh_token:
print 'refreshing token'
payload = {}
payload['refresh_token'] = refresh_token
payload['client_id'] = request.registry.settings.get('alfresco.consumer_key')
payload['client_secret'] = request.registry.settings.get('alfresco.consumer_secret')
payload['grant_type'] = 'refresh_token'
r = requests.post('https://api.alfresco.com/auth/oauth/versions/2/token',
data=payload)
if r.status_code != 200:
headers = forget(request)
request.session.invalidate()
return HTTPFound(location=loc, headers=headers)
else:
request.session['access_token'] = r.json()['access_token']
request.session['refresh_token'] = r.json()['refresh_token']
return HTTPFound(location=request.path)
elif authenticated_userid(request):
headers = forget(request)
return HTTPFound(location=loc, headers=headers)
return HTTPFound(location=loc)
def pypi_simple_package(req):
channel = req.matchdict.get('channel', 'default')
index = req.matchdict.get('index', 'default')
package = req.matchdict.get('package', None)
if not package:
return Response('{"status":"error","package not found"}',
content_type='application/json',
status_code=404)
package = pypi_normalize_package_name(package)
indexobj = fetch_index_from_names(channel, index)
if not indexobj:
return dict(lines=[])
lines = []
relics = DBSession.query(Relic).filter_by(index_id=indexobj.uid)
matched = []
for relic in relics:
rparts = split_pypi_name(relic.name)
normname = pypi_normalize_package_name(rparts[0])
if package == normname:
matched.append((relic.name, normname))
matched.sort(key=lambda x: x[1])
for relic in matched:
packageurl = route_url('get_relic',
req,
channel=channel,
index=index,
relic_name=relic[0])
lines.append("<a href='{0}' rel='internal'>{1}</a><br/>".format(
packageurl, relic[0]))
return dict(lines=lines)
