def complete_auth(request, auth_toks):
# create a twython object with our request-specific tokens
# these tokens are used only to learn if the user accepted our request
# for permissions.
tmp_twit = Twython(
twitter_token=request.registry.settings['twitter.app_key'],
twitter_secret=request.registry.settings['twitter.app_secret'],
oauth_token=auth_toks['oauth_token'],
oauth_token_secret=auth_toks['oauth_token_secret'])
final_toks = tmp_twit.get_authorized_tokens()
# create a session-permanent twython object containing the permanent tokens for this user.
# this object must be used to read any data from the user's account.
u_twit = Twython(
twitter_token=request.registry.settings['twitter.app_key'],
twitter_secret=request.registry.settings['twitter.app_secret'],
oauth_token=final_toks['oauth_token'],
oauth_token_secret=final_toks['oauth_token_secret'])
request.session['u_twit'] = u_twit
username = "******".format(final_toks['oauth_token'])
screen_name = final_toks['screen_name']
# check if user already exists; if not, please create
try:
u = users.get_user_by_name(username)
#@TODO: add something to ensure we are in sync with the twitter profile picture
# unless specifically overridden by the user
except sqlalchemy.orm.exc.NoResultFound:
u = users.create_user(origination='twitter',
username=username,
remote_object=final_toks)
import urllib2
image_data = urllib2.urlopen(
"http://api.twitter.com/1/users/profile_image/{0}.json".format(
screen_name))
orig_filename = "{0}-twitter-pic.png".format(screen_name)
up_dir = request.registry.settings['user.picture_upload_directory']
u.picture = users.add_user_picture(orig_filename,
str(u.id)[:7], up_dir, image_data)
dbsession.add(u)
return {'final_toks': final_toks, 'u': u}
def complete_auth(request, auth_toks):
# create a twython object with our request-specific tokens
# these tokens are used only to learn if the user accepted our request
# for permissions.
tmp_twit = Twython(twitter_token = request.registry.settings['twitter.app_key'],
twitter_secret = request.registry.settings['twitter.app_secret'],
oauth_token = auth_toks['oauth_token'],
oauth_token_secret = auth_toks['oauth_token_secret'])
final_toks = tmp_twit.get_authorized_tokens()
# create a session-permanent twython object containing the permanent tokens for this user.
# this object must be used to read any data from the user's account.
u_twit = Twython(twitter_token = request.registry.settings['twitter.app_key'],
twitter_secret = request.registry.settings['twitter.app_secret'],
oauth_token = final_toks['oauth_token'],
oauth_token_secret = final_toks['oauth_token_secret'])
request.session['u_twit'] = u_twit
username = "******".format(final_toks['oauth_token'])
screen_name = final_toks['screen_name']
# check if user already exists; if not, please create
try:
u = users.get_user_by_name(username)
#@TODO: add something to ensure we are in sync with the twitter profile picture
# unless specifically overridden by the user
except sqlalchemy.orm.exc.NoResultFound:
u = users.create_user(origination='twitter', username=username, remote_object=final_toks)
import urllib2
image_data = urllib2.urlopen("http://api.twitter.com/1/users/profile_image/{0}.json".format(screen_name))
orig_filename = "{0}-twitter-pic.png".format(screen_name)
up_dir = request.registry.settings['user.picture_upload_directory']
u.picture = users.add_user_picture(orig_filename, str(u.id)[:7], up_dir, image_data)
dbsession.add(u)
return {'final_toks': final_toks, 'u': u}
def ban(request):
r = request
s = request.session
p = s['safe_post']
if 'logged_in_admin' not in s or s['logged_in_admin'] == False:
return HTTPNotFound()
if 'ip' in p:
if p['ip'].strip() == '':
ip = None
else:
ip = p['ip']
if p['username'].strip() == '':
username = None
user_id = None
else:
username = p['username']
if p['duration'].strip() == 'infinite':
duration = None
else:
duration = "timedelta({0})".format(p['duration'])
duration = eval(duration)
if username:
user_id = users.get_user_by_name(username).id
b = Ban(ip=ip,
username=username,
duration=duration,
user_id=user_id,
added_by=s['users.id'])
dbsession = DBSession()
dbsession.add(b)
bans = general.list_bans()
return {'bans': bans}
def test_get_user_by_name(self):
u = users.create_user(username = '******', password='******')
res = users.get_user_by_name(u.name)
assert u.id == res.id
def login(request):
#@FIXME: this uses a request handling method with success with which I was experimenting
# it is not used elsewhere and is a pain to read and write
# success = False causes a page to stop drawing and "error out"
# some error conditions therefore don't set success to false because it's more convenient
# to draw the rest of the page.
#
# someone should adapt this to be less success-centric and read less branchy.
s = request.session
success = True
# check for facebook login, provided by Facebook's JS SDK
try:
fb_cookie = fb.extract_from_cookie(request)
try:
u = users.get_user_by_name(fb_cookie['local_username'])
except sqlalchemy.orm.exc.NoResultFound:
u = fb.create_local_user(fb_cookie['info'],
fb_cookie['local_username'],
request=request)
try:
users.login_user(request, u, None, bypass_password=True)
except LoginAdapterExc:
pass
except LoginAdapterExc:
pass
if 'logout' in request.session['safe_params']:
if 'logged_in' in s:
del s['logged_in']
del s['users.id']
if 'u_fbgraph' in s:
del s['u_fbgraph']
del s['u_fbinfo']
if 'u_twit' in s:
del s['u_twit']
s['message'] = "You have been logged out, thanks."
success = True
else:
s['message'] = "You are not logged in."
success = True
else:
logged_in = False
if 'logged_in' in s:
s['message'] = "You are already logged in."
logged_in = True
else:
if 'message' not in s:
if 'last_login_status' in s:
s['message'] = s['last_login_status']
del s['last_login_status']
else:
s['message'] = "Please log in."
p = request.session['safe_post']
prm = request.session['safe_params']
username = None
if 'username' in prm:
username = general.strip_all_html(prm['username'])
if p:
dbsession = DBSession()
if request.session['safe_get']['act'] == 'register':
if logged_in:
try:
u = users.get_user_by_id(s['users.id'])
if u.temporary:
users.create_user(temp_to_perm=True,
extant_id=s['users.id'],
username=username,
password=p['password'],
email=p['email'],
origination='site')
s['message'] = "Your anonymous profile has been converted, thanks."
else:
s['message'] = "You can't register while you're logged in."
except sqlalchemy.exc.IntegrityError:
s['message'] = "This username is already registered, sorry."
dbsession.rollback()
else:
try:
users.create_user(username=username,
password=p['password'],
email=p['email'],
origination='site')
s['message'] = "Successfully registered."
success = True
except sqlalchemy.exc.IntegrityError:
s['message'] = "This username is already registered, sorry."
success = False
dbsession.rollback()
elif request.session['safe_get']['act'] == 'update_pw':
if p['new_password'] != p['new_password_confirm']:
s['message'] = 'New password doesn\'t match confirmation, please try again.'
else:
u = None
if s['logged_in_admin']:
if 'user_id' in prm:
u = users.get_user_by_id(prm['user_id'])
if u == None:
u = users.get_user_by_id(s['users.id'])
if u.verify_pw(p['old_password']) or s['logged_in_admin']:
u.password = u.hash_pw(p['new_password'])
dbsession.add(u)
s['message'] = 'Password updated.'
success = True
else:
s['message'] = 'Old password invalid.'
elif request.session['safe_get']['act'] == 'forgot_pass':
user = users.get_user_by_email(p['email'])
if not user:
s['message'] = "That email isn't registered"
else:
s['message'] = "Check your mail for a confirmation message."
users.send_lost_password_verify_email(request, user)
else:
try:
u = users.get_user_by_name(username)
try:
users.login_user(request, u, p['password'])
s['message'] = "Good, logged in"
success = True
return HTTPFound(request.route_url('post'))
except LoginAdapterExc:
s['message'] = "Incorrect password."
success = False
except sqlalchemy.orm.exc.NoResultFound:
s['message'] = "Sorry, I don't know you."
success = False
return {
'success': success,
}
def test_get_user_by_name(self):
u = users.create_user(username='******', password='******')
res = users.get_user_by_name(u.name)
assert u.id == res.id
def get_epistle_by_recipient_name(name):
user = users.get_user_by_name(name)
return get_epistle_by_recipient_id(user.id)
def get_epistle_by_sender_name(name):
user = users.get_user_by_name(name)
return get_epistle_by_sender_id(user.id)
def get_epistle_by_recipient_name(name):
user = users.get_user_by_name(name)
return get_epistle_by_recipient_id(user.id)
def get_epistle_by_sender_name(name):
user = users.get_user_by_name(name)
return get_epistle_by_sender_id(user.id)
def epistle(request):
message = ''
dbsession = DBSession()
s = request.session
p = request.session['safe_post']
if 'logged_in' not in s:
s['message'] = 'Sorry, you must be logged in to use the messaging feature.'
return {'success': False, 'code': 'ENOLOGIN'}
if p and 'recipient' in p:
if p['recipient'] == '' and p['recipient-name'] == '':
s['message'] = "No recipient provided."
return {'code': 'ENORECP', 'success': False}
if p['recipient'] == '':
# look up recipient-name
try:
recp = users.get_user_by_name(p['recipient-name'])
except sqlalchemy.orm.exc.NoResultFound:
#@TODO: discuss facebook name sending implications
s['message'] = "Could not find that user."
return {'code': 'ENORECP', 'success': False}
else:
try:
recp = users.get_user_by_id(p['recipient'])
except:
s['message'] = "Could not find that user."
return {'code': 'ENORECP', 'success': False}
if p['subject'] == '':
subject = None
else:
subject = p['subject']
if 'parent_id' not in p or p['parent_id'] == '':
parent_id = None
parent_type = 'epistle'
else:
parent_id = p['parent_id']
parent_obj = general.find_by_id(parent_id)
if isinstance(parent_obj, Comment):
parent_type = 'comment'
c = Comment(parent_obj.submission_id, s['users.id'], parent_obj.id, p['body'], in_reply_to = parent_obj.user_id)
dbsession.add(c)
else:
parent_type = 'reply'
if parent_type != 'comment':
ep = Epistle(recp.id, s['users.id'], p['body'], parent=parent_id, parent_type=parent_type, subject=subject)
dbsession.add(ep)
message = 'Message sent.'
box = request.matchdict['box']
if box == 'in':
comments = epistle_queries.get_unread_comments_by_user_id(s['users.id'])
elif box == 'comments':
comments = epistle_queries.get_read_comments_by_user_id(s['users.id'])
else:
comments = []
if box != 'comments':
ep = epistle_queries.get_epistle_roots(id=s['users.id'], target=box)
epistle_children = {}
for e in ep:
e_id = str(e.id)
epistle_children[e_id] = epistle_queries.get_epistle_children(e.id)
flat_eps = []
[flat_eps.append(e) for e in _unwrap_list(ep)]
[flat_eps.append(e) for e in _unwrap_list(epistle_children.values())]
for e in flat_eps:
if str(e.recipient) == s['users.id']:
epistle_queries.mark_epistle_read(e)
e = _assign_epistle_parent(e)
for c in comments:
epistle_queries.mark_comment_read(c)
else:
ep = {}
epistle_children = {}
return {'epistles': {'roots': ep, 'children': epistle_children}, 'comments': comments, 'success': True, 'code': 0,}
def epistle(request):
message = ''
dbsession = DBSession()
s = request.session
p = request.session['safe_post']
if 'logged_in' not in s:
s['message'] = 'Sorry, you must be logged in to use the messaging feature.'
return {'success': False, 'code': 'ENOLOGIN'}
if p and 'recipient' in p:
if p['recipient'] == '' and p['recipient-name'] == '':
s['message'] = "No recipient provided."
return {'code': 'ENORECP', 'success': False}
if p['recipient'] == '':
# look up recipient-name
try:
recp = users.get_user_by_name(p['recipient-name'])
except sqlalchemy.orm.exc.NoResultFound:
#@TODO: discuss facebook name sending implications
s['message'] = "Could not find that user."
return {'code': 'ENORECP', 'success': False}
else:
try:
recp = users.get_user_by_id(p['recipient'])
except:
s['message'] = "Could not find that user."
return {'code': 'ENORECP', 'success': False}
if p['subject'] == '':
subject = None
else:
subject = p['subject']
if 'parent_id' not in p or p['parent_id'] == '':
parent_id = None
parent_type = 'epistle'
else:
parent_id = p['parent_id']
parent_obj = general.find_by_id(parent_id)
if isinstance(parent_obj, Comment):
parent_type = 'comment'
c = Comment(parent_obj.submission_id,
s['users.id'],
parent_obj.id,
p['body'],
in_reply_to=parent_obj.user_id)
dbsession.add(c)
else:
parent_type = 'reply'
if parent_type != 'comment':
ep = Epistle(recp.id,
s['users.id'],
p['body'],
parent=parent_id,
parent_type=parent_type,
subject=subject)
dbsession.add(ep)
message = 'Message sent.'
box = request.matchdict['box']
if box == 'in':
comments = epistle_queries.get_unread_comments_by_user_id(
s['users.id'])
elif box == 'comments':
comments = epistle_queries.get_read_comments_by_user_id(s['users.id'])
else:
comments = []
if box != 'comments':
ep = epistle_queries.get_epistle_roots(id=s['users.id'], target=box)
epistle_children = {}
for e in ep:
e_id = str(e.id)
epistle_children[e_id] = epistle_queries.get_epistle_children(e.id)
flat_eps = []
[flat_eps.append(e) for e in _unwrap_list(ep)]
[flat_eps.append(e) for e in _unwrap_list(epistle_children.values())]
for e in flat_eps:
if str(e.recipient) == s['users.id']:
epistle_queries.mark_epistle_read(e)
e = _assign_epistle_parent(e)
for c in comments:
epistle_queries.mark_comment_read(c)
else:
ep = {}
epistle_children = {}
return {
'epistles': {
'roots': ep,
'children': epistle_children
},
'comments': comments,
'success': True,
'code': 0,
}
