def clean_inputs(event): request = event.request safe_post = {} safe_params = {} safe_get = {} if request.POST: p = request.POST for i in p.items(): # i[0] is field name, i[1] is actual object # do NOT do anything to FieldStorage (POST'd files) # attempting to add them to this variable results in # pickling error, cgi.FieldStorage does not define # __getstate__ apparently. # access any posted files directly via request.POST if isinstance(i[1], cgi.FieldStorage): continue if i[0] != 'body' and i[0] != 'description' and i[0] != 'description-textarea': safe_i = general.strip_all_html(i[1]) safe_post[i[0]] = safe_i else: safe_post[i[0]] = i[1] if request.GET: get = request.GET for i in get.items(): safe_i = general.strip_all_html(i[1]) safe_get[i[0]] = safe_i request.session['safe_get'] = safe_get request.session['safe_post'] = safe_post request.session['safe_params'] = dict(safe_get.items() + safe_post.items()) return 0
def login(request): #@FIXME: this uses a request handling method with success with which I was experimenting # it is not used elsewhere and is a pain to read and write # success = False causes a page to stop drawing and "error out" # some error conditions therefore don't set success to false because it's more convenient # to draw the rest of the page. # # someone should adapt this to be less success-centric and read less branchy. s = request.session success = True # check for facebook login, provided by Facebook's JS SDK try: fb_cookie = fb.extract_from_cookie(request) try: u = users.get_user_by_name(fb_cookie['local_username']) except sqlalchemy.orm.exc.NoResultFound: u = fb.create_local_user(fb_cookie['info'], fb_cookie['local_username'], request=request) try: users.login_user(request, u, None, bypass_password=True) except LoginAdapterExc: pass except LoginAdapterExc: pass if 'logout' in request.session['safe_params']: if 'logged_in' in s: del s['logged_in'] del s['users.id'] if 'u_fbgraph' in s: del s['u_fbgraph'] del s['u_fbinfo'] if 'u_twit' in s: del s['u_twit'] s['message'] = "You have been logged out, thanks." success = True else: s['message'] = "You are not logged in." success = True else: logged_in = False if 'logged_in' in s: s['message'] = "You are already logged in." logged_in = True else: if 'message' not in s: if 'last_login_status' in s: s['message'] = s['last_login_status'] del s['last_login_status'] else: s['message'] = "Please log in." p = request.session['safe_post'] prm = request.session['safe_params'] username = None if 'username' in prm: username = general.strip_all_html(prm['username']) if p: dbsession = DBSession() if request.session['safe_get']['act'] == 'register': if logged_in: try: u = users.get_user_by_id(s['users.id']) if u.temporary: users.create_user(temp_to_perm=True, extant_id=s['users.id'], username=username, password=p['password'], email=p['email'], origination='site') s['message'] = "Your anonymous profile has been converted, thanks." else: s['message'] = "You can't register while you're logged in." except sqlalchemy.exc.IntegrityError: s['message'] = "This username is already registered, sorry." dbsession.rollback() else: try: users.create_user(username=username, password=p['password'], email=p['email'], origination='site') s['message'] = "Successfully registered." success = True except sqlalchemy.exc.IntegrityError: s['message'] = "This username is already registered, sorry." success = False dbsession.rollback() elif request.session['safe_get']['act'] == 'update_pw': if p['new_password'] != p['new_password_confirm']: s['message'] = 'New password doesn\'t match confirmation, please try again.' else: u = None if s['logged_in_admin']: if 'user_id' in prm: u = users.get_user_by_id(prm['user_id']) if u == None: u = users.get_user_by_id(s['users.id']) if u.verify_pw(p['old_password']) or s['logged_in_admin']: u.password = u.hash_pw(p['new_password']) dbsession.add(u) s['message'] = 'Password updated.' success = True else: s['message'] = 'Old password invalid.' elif request.session['safe_get']['act'] == 'forgot_pass': user = users.get_user_by_email(p['email']) if not user: s['message'] = "That email isn't registered" else: s['message'] = "Check your mail for a confirmation message." users.send_lost_password_verify_email(request, user) else: try: u = users.get_user_by_name(username) try: users.login_user(request, u, p['password']) s['message'] = "Good, logged in" success = True return HTTPFound(request.route_url('post')) except LoginAdapterExc: s['message'] = "Incorrect password." success = False except sqlalchemy.orm.exc.NoResultFound: s['message'] = "Sorry, I don't know you." success = False return { 'success': success, }
def submit(request): s = request.session p = request.session['safe_post'] r = request qs = s['safe_get'] s['message'] = "Post a story." dbsession = DBSession() stories = None sections = section_queries.get_sections() new_url_text = '' new_title_text = '' route_name = r.matched_route.name if route_name == 'new_page': # require admin to load a new page form if 'logged_in_admin' not in s or s['logged_in_admin'] == False: return HTTPNotFound() #if uses came in with a share button, redirect to existing discussion if there is one if 'from' in qs and qs['from'] == 'button': existing_post = submission.get_story_by_url_oldest(qs['url']) if existing_post: return HTTPFound(r.route_url('full', sub_id=existing_post.id)) new_url_text = qs['url'] if 'title' in qs: new_title_text = qs['title'] if 'logged_in' not in s: s['message'] = 'Sorry, you must <a href="{0}">log in</a> before you can share a link.'.format( r.route_url('login')) return {'stories': [], 'success': False, 'code': 'ENOLOGIN'} if p and 'title' in p: if 'logged_in' not in s: s['message'] = 'Sorry, please log in first' return {'stories': [], 'success': False, 'code': 'ENOLOGIN'} if 'section_id' not in p or p['section_id'] == '': return {'stories': [], 'success': False, 'code': 'ENOSECTION'} if 'url' in p and p['url'] != '' and p['url'] is not None: p['url'] = general.strip_all_html(p['url']) if not re.match(r'http[s]*:\/\/', p['url']): p['url'] = 'http://' + p['url'] else: # set to None so that NULL goes into the database p['url'] = None if route_name == 'new_page': render_type = p['render_type'] slug = p['slug'] # if we can find this slug already, kill submission here. try: s = dbsession.query(Submission).filter( Submission.slug == slug).one() s['message'] = 'This slug is already taken.' success = False except sqlalchemy.orm.exc.NoResultFound: pass else: slug = '' render_type = 'story_md' if 'section_id' in p: sub = Submission(p['title'][:100], p['description'], p['url'], s['users.id'], section=p['section_id']) else: sub = Submission(p['title'][:100], p['description'], p['url'], s['users.id']) sub.render_type = render_type # slug octet no longer derived from story's actual id if slug == '': slug = u"{title}-{uuid_first_octet}".format( title=slugify.slugify(unicode(p['title'][:100])), uuid_first_octet=str(general.gen_uuid())[:8]) sub.slug = slug dbsession.add(sub) dbsession.flush() # add notify if general.check_notify_default(s['users.id'], r): notify_queries.create_notify(s['users.id'], sub.id, s['users.id']) v = Vote(sub.id, s['users.id'], 1, "submission", None) v.direction = 1 dbsession.add(v) s['message'] = "Added." try: if request.registry.solr_conn: # we flush here to ensure we have a vaild id object when added to solr # we use this if statement so that the exception will be raised before # dbsession is flushed, hence avoiding an unnecessary flush if the site # is not using solr. dbsession.flush() request.registry.solr_conn.add({ 'id': sub.id, 'title': sub.title, 'description': sub.description }) request.registry.solr_conn.commit() except AttributeError: #solr is not configured for this connection pass return HTTPFound(r.route_url('home')) return { 'stories': stories, 'success': True, 'code': 0, 'new_url_text': new_url_text, 'new_title_text': new_title_text, 'sections': sections }
def submit(request): s = request.session p = request.session['safe_post'] r = request qs = s['safe_get'] s['message'] = "Post a story." dbsession = DBSession() stories = None sections = section_queries.get_sections() new_url_text = '' new_title_text = '' route_name = r.matched_route.name if route_name == 'new_page': # require admin to load a new page form if 'logged_in_admin' not in s or s['logged_in_admin'] == False: return HTTPNotFound() #if uses came in with a share button, redirect to existing discussion if there is one if 'from' in qs and qs['from'] == 'button': existing_post = submission.get_story_by_url_oldest(qs['url']) if existing_post: return HTTPFound(r.route_url('full', sub_id=existing_post.id)) new_url_text = qs['url'] if 'title' in qs: new_title_text = qs['title'] if 'logged_in' not in s: s['message'] = 'Sorry, you must <a href="{0}">log in</a> before you can share a link.'.format(r.route_url('login')) return {'stories': [], 'success': False, 'code': 'ENOLOGIN'} if p and 'title' in p: if 'logged_in' not in s: s['message'] = 'Sorry, please log in first' return {'stories': [], 'success': False, 'code': 'ENOLOGIN'} if 'section_id' not in p or p['section_id'] == '': return {'stories': [], 'success': False, 'code': 'ENOSECTION'} if 'url' in p and p['url'] != '' and p['url'] is not None: p['url'] = general.strip_all_html(p['url']) if not re.match(r'http[s]*:\/\/', p['url']): p['url'] = 'http://' + p['url'] else: # set to None so that NULL goes into the database p['url'] = None if route_name == 'new_page': render_type = p['render_type'] slug = p['slug'] # if we can find this slug already, kill submission here. try: s = dbsession.query(Submission).filter(Submission.slug == slug).one() s['message'] = 'This slug is already taken.' success = False except sqlalchemy.orm.exc.NoResultFound: pass else: slug = '' render_type = 'story_md' if 'section_id' in p: sub = Submission(p['title'][:100], p['description'], p['url'], s['users.id'], section = p['section_id']) else: sub = Submission(p['title'][:100], p['description'], p['url'], s['users.id']) sub.render_type = render_type # slug octet no longer derived from story's actual id if slug == '': slug = u"{title}-{uuid_first_octet}".format( title = slugify.slugify(unicode(p['title'][:100])), uuid_first_octet = str(general.gen_uuid())[:8]) sub.slug = slug dbsession.add(sub) dbsession.flush() # add notify if general.check_notify_default(s['users.id'], r): notify_queries.create_notify(s['users.id'], sub.id, s['users.id']) v = Vote(sub.id, s['users.id'], 1, "submission", None) v.direction = 1 dbsession.add(v) s['message'] = "Added." try: if request.registry.solr_conn: # we flush here to ensure we have a vaild id object when added to solr # we use this if statement so that the exception will be raised before # dbsession is flushed, hence avoiding an unnecessary flush if the site # is not using solr. dbsession.flush() request.registry.solr_conn.add({'id': sub.id, 'title': sub.title, 'description': sub.description}) request.registry.solr_conn.commit() except AttributeError: #solr is not configured for this connection pass return HTTPFound(r.route_url('home')) return {'stories': stories, 'success': True, 'code': 0, 'new_url_text': new_url_text, 'new_title_text': new_title_text, 'sections': sections}