def index(self):
user = auth(session, required=True)
current_session = session['session']
[db.session.delete(s) for s in user.sessions if s.session_id == current_session]
session['session'] = ''
log("%s logged out." % user.username)
return redirect('/')
def recv_connect(self):
user = auth(self.request)
if not user:
self.request_reconnect()
# self.user = AnonUser()
else:
log("Received chat connection from %s" % user.username)
self.user = user
def get(self, url):
user = auth(session, required=not app.config['OPEN_PROXY'])
revision = fetch.get("http://"+url, request.user_agent, user)
if revision.bcontent and not revision.content:
return {"response":"A wild binary."}, 200
data = parser.parse(revision.content, 'http://' + url)
return {"response":data}, revision.status
def post(self, username):
"""
Account modification
"""
parser = reqparse.RequestParser()
parser.add_argument("password", type=str)
parser.add_argument("email", type=str)
parser.add_argument("admin", type=bool, default=None)
parser.add_argument("public", type=bool, default=None)
parser.add_argument("active", type=bool, default=None)
parser.add_argument("can_store", type=bool, default=None)
args = parser.parse_args()
calling_user = auth(session, required=True)
if calling_user.username != username and not calling_user.admin:
return {}, 403
user = User.query.filter(User.username == username).first()
if not user:
return {}, 404
should_commit = False
if args.password:
user.change_password(args.password)
should_commit = True
if args.email:
user.email = args.email
should_commit = True
if args.public:
user.public = args.public != None
should_commit = True
if calling_user.admin and args.admin != None:
user.admin = True
should_commit = True
if calling_user.admin and args.active != None:
user.active = args.active
should_commit = True
if calling_user.admin and args.can_store != none:
user.can_store = args.can_store
should_commit = True
if should_commit:
db.session.add(user)
db.session.commit()
return user.jsonify()
def recv_connect(self):
user = auth(self.request)
if user:
log("Received activity stream connection from %s" % user.username)
self.user = user
# if not can(user.username, "chat"):
# body = {"message":"Your user group doesn't have permission to chat"}
# self.emit("disconnect", body)
# self.send("disconnect")
# log("%s isn't permitted to chat." % user.username)
# else:
self.user = AnonUser()
def get(self, username):
"Permit administrators to view other users"
requesting_user = auth(session, required=True)
user = User.query.filter(User.username == username).first()
if not user:
return {}, 404
if requesting_user != user and not requesting_user.admin:
return {}, 403
return user.jsonify(sessions=True)
def get(self, url):
user = auth(session, required=not app.config['OPEN_PROXY'])
revision = fetch.get("http://"+url, request.user_agent, user)
response = Response(mimetype=revision.mimetype)
if not "text" in revision.mimetype:
return send_file(revision.bcontent, mimetype=revision.mimetype)
else:
if 'html' in revision.mimetype:
response.data = parser.parse(revision.content, 'http://' + url)
else:
response.data = revision.content
return response
def get(self, username):
"""
View user, or, if you're an admin, other users.
"""
user = auth(session, required=True)
if user.username != username and not user.admin:
return {}, 403
user = User.query.filter(User.username == username).first()
if not user:
return {}, 404
return user.jsonify()
def delete(self, username):
"Delete a session for a user"
user = auth(session, required=True)
parser = reqparse.RequestParser()
parser.add_argument("timestamp", type=int, help="session timestamp", required=True)
args = parser.parse_args()
for s in user.sessions:
if time.mktime(s.created.timetuple()) == args.timestamp:
db.session.delete(s)
db.session.commit()
log("%s logged out." % user.username)
return {}, 204
def get(self):
"""
Paginated access to users
"""
user = auth(session, required=True)
parser = reqparse.RequestParser()
parser.add_argument("me", type=bool, help="Email.", default=None)
args = parser.parse_args()
if args.me:
return user.jsonify()
if not user.admin:
return {}, 403
return {}
def delete(self, username):
"""
Account deletion
"""
user = auth(session, required=True)
if user.username != username and not user.admin:
return {}, 403
user = User.query.filter(User.username == username).first()
if not user:
return {}, 404
db.session.delete(user)
db.session.commit()
return {}, 204
