def reset_password(token):
"""
Handles the reset password process.
"""
if not current_user.is_anonymous():
return redirect(url_for("blog.index"))
form = ResetPasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
expired, invalid, data = user.verify_reset_token(form.token.data)
if invalid:
flash(_("Your password token is invalid."), "danger")
return redirect(url_for("auth.forgot_password"))
if expired:
flash(_("Your password token is expired."), "danger")
return redirect(url_for("auth.forgot_password"))
if user and data:
user.password = form.password.data
user.save()
flash(_("Your password has been updated."), "success")
return redirect(url_for("auth.login"))
form.token.data = token
return render_template("auth/reset_password.html", form=form)
def view_post(post_id, slug=None):
post = Post.query.filter_by(id=post_id).first()
# abort if no post is found
if not post:
abort(404)
# if you do not initialize the form, it will raise an error when user is
# not registered
form = None
# check if the current user is authenticated
if current_user.is_authenticated():
# assign the `form` variable the `CommentForm` class
form = CommentForm()
# check if the form has any errors and is a `POST` request
if form.validate_on_submit():
# save the post
form.save(current_user, post)
flash(_("Your comment has been saved!"), "success")
# and finally redirect to the post
return redirect(url_for("blog.view_post", post_id=post.id,
slug=post.slug))
return render_template("blog/post.html", post=post, form=form)
def edit_post(post_id, slug=None):
post = Post.query.filter_by(id=post_id).first()
# abort if no post is found
if not post:
abort(404)
# check if the user has the right permissions to edit this post
if not can_modify(post, current_user):
flash(_("You are not allowed to delete this post."), "danger")
return redirect(url_for("blog.index"))
form = PostForm()
if form.validate_on_submit():
# this will update the changed attributes
form.populate_obj(post)
post.save()
flash(_("This post has been edited"), "success")
return redirect(url_for("blog.view_post", post_id=post.id,
slug=post.slug))
else:
form.title.data = post.title
form.content.data = post.content
return render_template("blog/post_form.html", post=post, form=form,
mode="edit")
def new_bin():
form = BinForm()
if form.validate_on_submit():
pastebin = form.save(current_user)
flash(_("Your paste-bin has been saved!"), "success")
return redirect(url_for("paste.view_bin", bin_id=pastebin.id, slug=pastebin.slug))
return render_template("paste/bin_form.html", form=form, mode="new")
def new_post():
form = PostForm()
if form.validate_on_submit():
post = form.save(current_user)
flash(_("Your post has been saved!"), "success")
return redirect(url_for("blog.view_post", post_id=post.id))
return render_template("blog/post_form.html", form=form, mode="new")
def change_password():
form = ChangePasswordForm()
if form.validate_on_submit():
current_user.password = form.new_password.data
current_user.save()
flash(_("Your password has been updated!"), "success")
return redirect(url_for("user.change_password"))
return render_template("user/change_password.html", form=form)
def change_email():
form = ChangeEmailForm(current_user)
if form.validate_on_submit():
current_user.email = form.new_email.data
current_user.save()
flash(_("Your email has been updated!"), "success")
return redirect(url_for("user.change_email"))
return render_template("user/change_email.html", form=form)
def profile(username):
user = User.query.filter_by(username=username).first()
# if no user is found, abort with a 404 page
if not user:
abort(404)
# only show public pastes in the profile
pastes = user.pastes.filter_by(is_public=True)
return render_template("user/profile.html", user=user, pastes=pastes)
def view_bin(bin_id, slug=None):
pastebin = Bin.query.filter_by(id=bin_id).first()
if not pastebin:
abort(404)
# Check if post is private and send user to login
# if yes and user not logged in
if not pastebin.is_public and not current_user.is_authenticated():
return redirect(url_for("auth.login"))
return render_template("paste/bin.html", pastebin=pastebin)
def new_comment(post_id):
post = Post.query.filter_by(id=post_id).first()
if not post:
abort(404)
form = CommentForm()
if form.validate_on_submit():
form.save(current_user, post)
flash(_("Your comment has been saved!"), "success")
return redirect(url_for("blog.view_post", post_id=post.id,
slug=post.slug))
return render_template("blog/comment_form.html", post=post, form=form,
mode="new")
def reauth():
"""
Reauthenticates a user
"""
if not login_fresh():
form = ReauthForm(request.form)
if form.validate_on_submit():
confirm_login()
flash(_("Reauthenticated"), "success")
return redirect(request.args.get("next") or
url_for("user.profile"))
return render_template("auth/reauth.html", form=form)
return redirect(request.args.get("next") or
url_for("user.profile", username=current_user.username))
def register():
"""
Register a new user
"""
if current_user is not None and current_user.is_authenticated():
return redirect(url_for("user.profile"))
form = RegisterForm(request.form)
if form.validate_on_submit():
user = form.save(theme=current_app.config["DEFAULT_THEME"],
language=current_app.config["BABEL_DEFAULT_LOCALE"])
login_user(user)
flash(_("Thanks for registering"), "success")
return redirect(url_for("user.profile", username=current_user.username))
return render_template("auth/register.html", form=form)
def login():
"""
Logs the user in
"""
if current_user is not None and current_user.is_authenticated():
return redirect(url_for("user.profile"))
form = LoginForm(request.form)
if form.validate_on_submit():
user, authenticated = User.authenticate(form.login.data,
form.password.data)
if user and authenticated:
login_user(user, remember=form.remember_me.data)
return redirect(request.args.get("next") or
url_for("blog.index"))
flash(_("Wrong username or password"), "danger")
return render_template("auth/login.html", form=form)
def change_user_details():
form = ChangeUserDetailsForm()
if form.validate_on_submit():
form.populate_obj(current_user)
current_user.save()
flash(_("Your details have been updated!"), "success")
return redirect(url_for("user.change_user_details"))
else:
form.birthday.data = current_user.birthday
form.gender.data = current_user.gender
form.firstname.data = current_user.firstname
form.lastname.data = current_user.lastname
form.location.data = current_user.location
form.website.data = current_user.website
form.avatar.data = current_user.avatar
form.about_me.data = current_user.about_me
return render_template("user/change_user_details.html", form=form)
def change_other():
form = ChangeOtherForm()
form.language.choices = [(locale, name)
for locale, name in
current_app.config["AVAILABLE_LANGUAGES"].
iteritems()]
form.theme.choices = [(theme.identifier, theme.name)
for theme in get_themes_list()]
if form.validate_on_submit():
form.populate_obj(current_user)
current_user.save()
flash(_("Your settings have been updated."), "success")
return redirect(url_for("user.change_other"))
else:
form.theme.data = current_user.theme
form.language.data = current_user.language
return render_template("user/change_other.html", form=form)
def edit_comment(comment_id):
comment = Comment.query.filter_by(id=comment_id).first()
if not comment:
abort(404)
if not can_modify(comment, current_user):
flash(_("You are not allowed to edit this comment"), "danger")
return redirect(url_for("blog.view_post", post_id=comment.post.id,
slug=comment.post.slug))
form = CommentForm()
if form.validate_on_submit():
form.populate_obj(comment)
comment.save()
flash(_("Your comment has been edited."), "success")
return redirect(url_for("blog.view_post", post_id=comment.post.id,
slug=comment.post.slug))
else:
form.content.data = comment.content
return render_template("blog/comment_form.html", form=form, mode="edit")
def forgot_password():
"""
Sends a reset password token to the user.
"""
if not current_user.is_anonymous():
return redirect(url_for("blog.index"))
form = ForgotPasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user:
token = user.make_reset_token()
send_reset_token(user, token=token)
flash(_("E-Mail sent! Please check your inbox."), "info")
return redirect(url_for("auth.forgot_password"))
else:
flash(_("You have entered an username or email that is not linked \
with your account"), "error")
return render_template("auth/forgot_password.html", form=form)
def edit_bin(bin_id, slug=None):
pastebin = Bin.query.filter_by(id=bin_id).first()
if not pastebin:
abort(404)
# Edit is more or less the same as creating a new one
# You can not actually overwrite the existing one
# You can just generate a new edited copy of it
# Every user can edit a pastebin because you do not override the original one
# Default Language is the one of the original (current/to edit) post
form = BinForm(lang=pastebin.lang)
if form.validate_on_submit():
pastebin = form.save(current_user)
flash(_("Your paste-bin has been saved!"), "success")
return redirect(url_for("paste.view_bin", bin_id=pastebin.id, slug=pastebin.slug))
else:
form.description.data = "{}*".format(pastebin.description)
form.content.data = pastebin.content
return render_template("paste/bin_form.html", pastebin=pastebin, form=form, mode="edit")
def forbidden_page(error):
return render_template("errors/forbidden_page.html"), 403
def server_error_page(error):
return render_template("errors/server_error.html"), 500
def index():
public_pastes = Bin.query.filter_by(is_public=True).order_by(Bin.id.desc()).all()
return render_template("paste/index.html", pastes=public_pastes)
def page_not_found(error):
return render_template("errors/page_not_found.html"), 404
def index():
posts = Post.query.order_by(Post.id.desc()).all()
return render_template("blog/index.html", posts=posts)
