def login():
if request.method == "POST":
form = tools.LoginForm(request.form)
if form.validate():
email = form.email.data
password = form.password.data
try:
user = db.get_user_with_email(email)
if bcrypt_sha256.verify(password, user['password']):
session['logged_in'] = True
session['id'] = user['id']
session['email'] = email
return redirect(
url_for(
'admin',
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in()))
else:
flash(
"Failed to login, please check both email and password are correct"
)
return render_template('register.html', FORGOT_PASS=True)
except Exception as e:
flash(
"Failed to login, please check both email and password are correct"
)
return redirect(
url_for('register',
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in()))
else:
return render_template(
'register.html',
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in())
def change_password():
if request.method == "GET":
token = request.args.get("t")
if token is None:
return render_template('register.html')
return render_template(
'change_password.html',
TOKEN=token,
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in())
elif request.method == "POST":
try:
form = tools.ChangePasswordForm(request.form)
password = bcrypt_sha256.using(salt=config.salt).hash(
str(form.password.data))
db.change_password(form.token.data, password)
flash("You have successfully changed your password")
return render_template(
"register.html",
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in())
except Exception as e:
flash(
"Your password was not changed, please contact us at %s and we will assist you promptly."
% config.email_config["admin_email"])
return render_template(
'change_password.html',
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in())
def register_form():
form = tools.RegisterForm(request.form)
if form.validate():
first_name = form.first_name.data
surname = form.surname.data
email = form.email.data
password = bcrypt_sha256.using(salt=config.salt).hash(
str(form.password.data))
token = tools.token_generator()
try:
db.create_user(first_name, surname, email, password, token,
"photo-opt-in" in request.form)
link = config.url + "/register-confirmation?t=" + token
subject, body = mail_client.create_registration_completion_email(
first_name, surname, link)
email_sent = mail_client.send_email(subject, body, email)
except Exception as e:
flash("User email already registered, sign in?")
return redirect(
url_for('register',
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in()))
flash(
"""We have sent a verification email to you, please confirm so you can access your account"""
)
return render_template(
"register.html",
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in())
def delete_submission():
user = db.get_user_with_email(session['email'])
try:
user_directory = app.config['UPLOAD_FOLDER'] + "/" + str(user["id"])
db.remove_file_entry(session['email'])
tools.delete_users_submission_directory(user_directory)
flash("Successfully deleted your submission")
return redirect(
url_for('admin',
SUBMISSION_OPEN=config.SUBMISSION_OPEN,
CONFIRMED=db.is_confirmed(session['email']),
FIRST_NAME=user['first_name'],
SUBMITTED=user["file_submitted"],
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in()))
except Exception as e:
flash(
"Experienced an error processing your request, please contact us at %s"
% config.email_config["admin_email"])
return render_template(
'admin.html',
SUBMISSION_OPEN=config.SUBMISSION_OPEN,
CONFIRMED=db.is_confirmed(session['email']),
FIRST_NAME=user['first_name'],
SUBMITTED=user["file_submitted"],
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in())
def writeBodyParts(self):
wr = self.writeln
if is_logged_in(self.session()):
wr('<div id="header">')
wr('<span class="button"><a href="Main" title="Address Book"><i class="fa fa-home"></i></a></span>')
wr('<span class="button"><a href="Form" title="Add New Contact"><i class="fa fa-plus"></i><i class="fa fa-user"></i></a></span>')
wr('<span class="button"><a href="Xmas" title="Xmas Lists"><i class="fa fa-tree"></i></a></span>')
contacts = get_all_contacts()
sns = contacts.keys()
sns.sort()
snls = []
for surname in sns:
snl = surname[0]
if snl not in snls:
snls.append(snl)
activelets = self.navLets(snls)
wr(activelets)
wr('<span class="button"><a href="Archived" title="Archived"><i class="fa fa-archive"></i></a></span>')
wr('<div class="flr"><span class="button"><a href="Logout" title="Log out"><i class="fa fa-sign-out"></i></a></span></div>')
wr('</div>')
wr('<div id="content">')
self.writeContent()
wr('</div>')
else:
self.response().sendRedirect('Login')
def confirm_registration():
token = request.args.get("t")
try:
db.confirm_token(token)
flash(
"Congratulations you are now fully registered, login to make a submission"
)
return render_template(
"register.html",
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in())
except Exception as e:
return render_template(
"register.html",
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in())
def writeContent(self):
wr = self.writeln
if self.request()._environ.get('REQUEST_METHOD') == 'POST':
form = self.request().fields()
if ismatch(form.get('username'), form.get('password')):
self.session().setValue('username', form.get('username'))
self.session().setValue('loggedin', True)
self.session().setTimeout(3600)
self.response().sendRedirect('Main')
else:
wr('<h2>Nope.</h2>')
else:
if is_logged_in(self.session()):
self.response().sendRedirect('Main')
else:
wr('<h2>Log In</h2>')
wr('<form method="POST" action="Login">')
wr('<P>')
wr('Username:<br />')
wr('<input type="text" name="username" value="">')
wr('<P>')
wr('Password:<br />')
wr('<input type="password" name="password" value="">')
wr('<P>')
wr('<input type="submit" value="Log In">')
wr('</form>')
def admin():
try:
user = db.get_user_with_email(session['email'])
return render_template(
"admin.html",
SUBMISSION_OPEN=config.SUBMISSION_OPEN,
CONFIRMED=db.is_confirmed(session['email']),
FIRST_NAME=user['first_name'],
SUBMITTED=user["file_submitted"],
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in())
except Exception as e:
flash("An issue has occurred")
return redirect(
url_for('register',
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in()))
def logout():
accepted_policy = tools.show_cookies_policy()
session.clear()
session['accepted_policy'] = accepted_policy
flash('You are now logged out')
return redirect(
url_for('register',
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in()))
def send_verification_code():
email = session['email']
token = tools.token_generator()
link = config.url + "/register-confirmation?t=" + token
user = db.get_user_with_email(email)
subject, body = mail_client.create_registration_completion_email(
user['first_name'], user['surname'], link)
db.add_confirmation_token(email, token)
email_sent = mail_client.send_email(subject, body, email)
flash("Verification link is sent to your email.")
return render_template('admin.html',
CONFIRMED=db.is_confirmed(email),
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in())
def makehtml(data, navbar=-1):
inserts = [
'getacc.py', 'login', 'nav-button', 'nav-button', 'nav-button',
'nav-button', data
]
try:
db = ssdb.SSDatabase('db/secretsanta.db')
if navbar >= 0 and navbar <= 3:
inserts[navbar + 2] = 'nav-button-active'
if tools.is_logged_in():
inserts[0] = 'logout.py'
inserts[1] = 'logout'
except:
pass
return HTML_PAGE.format(*inserts)
def forgotten_password():
if request.method == "POST":
email = request.form["email"]
token = tools.token_generator()
try:
db.add_change_password_token(email, token)
user = db.get_user_with_email(email)
link = config.url + "/change-password?t=" + token
subject, body = mail_client.create_change_password_email(
user['first_name'], user['surname'], link)
email_sent = mail_client.send_email(subject, body, email)
flash("We have sent emailed you a link to change your password")
return render_template(
'register.html',
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in())
except db.FailedToAddChangePasswordToken as e:
flash(
"An issue has occured, make sure you have inputted the correct email"
)
return render_template(
'register.html',
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in())
def delete_account():
try:
user = db.get_user_with_email(session['email'])
user_directory = app.config['UPLOAD_FOLDER'] + "/" + str(user["id"])
db.remove_file_entry(session['email'])
tools.delete_users_submission_directory(user_directory)
flash("Successfully deleted your submission")
db.delete_user_given_email(session['email'])
flash("Successfully deleted your account")
accepted_policy = tools.show_cookies_policy()
session.clear()
session['accepted_policy'] = accepted_policy
return redirect(url_for('register'))
except Exception as e:
flash("We apologise, and issue has occured, please contact us at %s" %
config.email_config["admin_email"])
return redirect(
url_for('admin',
CONFIRMED=db.is_confirmed(session['email']),
FIRST_NAME=user['first_name'],
SUBMITTED=user["file_submitted"],
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in()))
def register():
return render_template("register.html",
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in())
def home():
return render_template("index.html",
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in(),
SCORES=USER_SCORES)
def data_protection():
return render_template("privacy.html",
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in())
def upload_file():
if 'file' not in request.files:
flash('No file submitted')
return redirect(
url_for("admin",
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in()))
else:
file = request.files['file']
if file.filename == '':
flash('No file submitted')
return redirect(url_for("admin"))
elif len(file.filename) > 100:
flash('Filename is too long, must be less than 100 characters')
return redirect(
url_for("admin",
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in()))
try:
user = db.get_user_with_email(session['email'])
if not tools.allowed_file(file.filename):
flash("File must have .csv extension!")
return redirect(
url_for('admin',
CONFIRMED=db.is_confirmed(session['email']),
FIRST_NAME=user['first_name'],
SUBMITTED=user["file_submitted"],
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in()))
try:
errors_in_file, file_df = tools.errors_in_submission_file(file)
if len(errors_in_file) is not 0:
flash("File contains errors, please fix them:")
for error in errors_in_file:
flash(error)
return redirect(
url_for(
'admin',
CONFIRMED=db.is_confirmed(session['email']),
FIRST_NAME=user['first_name'],
SUBMITTED=user["file_submitted"],
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in()))
except Exception as e:
flash("File contains errors, please fix them:")
flash(str(e))
return redirect(
url_for('admin',
CONFIRMED=db.is_confirmed(session['email']),
FIRST_NAME=user['first_name'],
SUBMITTED=user["file_submitted"],
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in()))
if file:
filename = secure_filename(file.filename)
user_directory = app.config['UPLOAD_FOLDER'] + "/" + str(
user["id"])
tools.delete_users_submission_directory(user_directory)
os.makedirs(user_directory)
file_df.to_csv(os.path.join(user_directory + "/", filename))
db.add_file_submitted(session["email"], filename)
return redirect(
url_for("admin",
CONFIRMED=db.is_confirmed(session['email']),
FIRST_NAME=user['first_name'],
SUBMITTED=file.filename,
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in()))
except Exception as e:
flash(
"An issue has occurred, please try another time, or contact us at %s"
% config.email_config["admin_email"])
return redirect(
url_for('admin',
COOKIES_NOTIFICATION=tools.show_cookies_policy(),
LOGGED_IN=tools.is_logged_in()))