def index(self): user = auth(session, required=True) current_session = session['session'] [db.session.delete(s) for s in user.sessions if s.session_id == current_session] session['session'] = '' log("%s logged out." % user.username) return redirect('/')
def recv_connect(self): user = auth(self.request) if not user: self.request_reconnect() # self.user = AnonUser() else: log("Received chat connection from %s" % user.username) self.user = user
def get(self, url): user = auth(session, required=not app.config['OPEN_PROXY']) revision = fetch.get("http://"+url, request.user_agent, user) if revision.bcontent and not revision.content: return {"response":"A wild binary."}, 200 data = parser.parse(revision.content, 'http://' + url) return {"response":data}, revision.status
def post(self, username): """ Account modification """ parser = reqparse.RequestParser() parser.add_argument("password", type=str) parser.add_argument("email", type=str) parser.add_argument("admin", type=bool, default=None) parser.add_argument("public", type=bool, default=None) parser.add_argument("active", type=bool, default=None) parser.add_argument("can_store", type=bool, default=None) args = parser.parse_args() calling_user = auth(session, required=True) if calling_user.username != username and not calling_user.admin: return {}, 403 user = User.query.filter(User.username == username).first() if not user: return {}, 404 should_commit = False if args.password: user.change_password(args.password) should_commit = True if args.email: user.email = args.email should_commit = True if args.public: user.public = args.public != None should_commit = True if calling_user.admin and args.admin != None: user.admin = True should_commit = True if calling_user.admin and args.active != None: user.active = args.active should_commit = True if calling_user.admin and args.can_store != none: user.can_store = args.can_store should_commit = True if should_commit: db.session.add(user) db.session.commit() return user.jsonify()
def recv_connect(self): user = auth(self.request) if user: log("Received activity stream connection from %s" % user.username) self.user = user # if not can(user.username, "chat"): # body = {"message":"Your user group doesn't have permission to chat"} # self.emit("disconnect", body) # self.send("disconnect") # log("%s isn't permitted to chat." % user.username) # else: self.user = AnonUser()
def get(self, username): "Permit administrators to view other users" requesting_user = auth(session, required=True) user = User.query.filter(User.username == username).first() if not user: return {}, 404 if requesting_user != user and not requesting_user.admin: return {}, 403 return user.jsonify(sessions=True)
def get(self, url): user = auth(session, required=not app.config['OPEN_PROXY']) revision = fetch.get("http://"+url, request.user_agent, user) response = Response(mimetype=revision.mimetype) if not "text" in revision.mimetype: return send_file(revision.bcontent, mimetype=revision.mimetype) else: if 'html' in revision.mimetype: response.data = parser.parse(revision.content, 'http://' + url) else: response.data = revision.content return response
def get(self, username): """ View user, or, if you're an admin, other users. """ user = auth(session, required=True) if user.username != username and not user.admin: return {}, 403 user = User.query.filter(User.username == username).first() if not user: return {}, 404 return user.jsonify()
def delete(self, username): "Delete a session for a user" user = auth(session, required=True) parser = reqparse.RequestParser() parser.add_argument("timestamp", type=int, help="session timestamp", required=True) args = parser.parse_args() for s in user.sessions: if time.mktime(s.created.timetuple()) == args.timestamp: db.session.delete(s) db.session.commit() log("%s logged out." % user.username) return {}, 204
def get(self): """ Paginated access to users """ user = auth(session, required=True) parser = reqparse.RequestParser() parser.add_argument("me", type=bool, help="Email.", default=None) args = parser.parse_args() if args.me: return user.jsonify() if not user.admin: return {}, 403 return {}
def delete(self, username): """ Account deletion """ user = auth(session, required=True) if user.username != username and not user.admin: return {}, 403 user = User.query.filter(User.username == username).first() if not user: return {}, 404 db.session.delete(user) db.session.commit() return {}, 204