def link_account(): data = verify_jwt(request.args.get("token", "")) form = BlankForm() uid = data["uid"] pid = data["pid"] email = data["email"] provider = data["provider"] if form.validate_on_submit(): if provider == "Google": GoogleLinks.add(uid=uid, gid=pid) elif provider == "GitHub": GithubLinks.add(uid=uid, gid=pid) db_commit() set_user(Users.query.filter_by(id=uid).first()) flash("Your account is now connected. Welcome back!", category="SUCCESS") return redirect("/", code=303) # TODO GitHub flash_form_errors(form) return render_template("account/link-account.html", uid=uid, provider=provider, email=email, form=form)
def serve_user_sudo_edit_request(uid): if user.roles.users <= UserRoles.default: abort(403) try: uid = int(uid) except: return error_page( 404, message="/admin/user must be loaded with the user ID.") target = Users.query.filter_by(id=uid).first() if not target: return error_page(404, message="There is no user with this ID.") if UserRoles.admin > user.roles.users <= target.roles.users: abort(403) form = UserSudoAdminForm( ) if user.roles.users >= UserRoles.admin else UserSudoModeratorForm() if form.validate_on_submit(): flash("Successfully updated user!", category="SUCCESS") user_sudo_edit(target, form) else: flash_form_errors(form, "Changes were not saved!") return render_template("adminpages/user.html", sudo=True, active="users", target=target, form=form)
def serve_lesson_edit(org, id): lesson = Lessons.query.filter_by(oid=get_org_id(), id=id).first() if not lesson: return error_page(404, "There is no lesson with the ID %d." % id) if not (user.organization_roles.lessons >= LessonRoles.admin or user.organization_roles.lessons >= LessonRoles.default and lesson.has_author(user.id)): abort(403) form = LessonEditForm(lesson) if form.validate_on_submit(): if lesson_edit(lesson, form): flash("Successfully deleted lesson!", category="SUCCESS") return redirect("/organization/%s/admin/lessons/" % org, code=303) flash("Successfully updated lesson!", category="SUCCESS") else: flash_form_errors(form, "Changes were not saved!") return render_template("adminpages/lesson-edit.html", sudo=True, active="lessons", lesson=lesson, form=form)
def serve_topic_sudo_create_request(ptid): if user.roles.topics <= TopicRoles.default: abort(403) parent_tid = "" if ptid: parent_tid = Topics.query.filter_by(id=ptid).first_or_404().tid form = TopicSudoCreateForm() if form.validate_on_submit(): Topics.add(ptid=ptid or None, tid=form.tid.data, name=form.name.data, desc=form.description.data) db_commit() return redirect("/admin/topics/", code=303) flash_form_errors(form) return render_template("adminpages/topic_create.html", sudo=True, active="topics", form=form, ptid=parent_tid)
def serve_topic_sudo_edit_request(id): if user.roles.topics <= TopicRoles.default: abort(403) topic = Topics.query.filter_by(id = id).first_or_404() form = TopicSudoEditForm(topic) if form.validate_on_submit(): topic.tid = form.tid.data topic.name = form.name.data topic.desc = form.description.data db_commit() flash("Successfully updated topic!", category = "SUCCESS") flash_form_errors(form) if form.tid.data is None: form.tid.data = topic.tid if form.name.data is None: form.name.data = topic.name if form.description.data is None: form.description.data = topic.desc return render_template("adminpages/topic_edit.html", sudo = True, active = "topics", form = form)
def serve_create_account_request(): if user: return redirect(get_next_page(), code=303) try: email = get_email_from_token() except RedirectError as e: return e.response u = Users.query.filter_by(email=email).first() if u: set_user(u) flash( "Welcome back! This email address already owns an account. If you wish to add/change your password, go to the Edit Profile page.", category="SUCCESS") return redirect(get_next_page(), code=303) form = CreateAccountForm() if form.validate_on_submit(): return serve_create_account(form) form.legal_agreement.checked = False flash_form_errors(form) return render_template("account/create-account.html", active="Sign Up", form=form, email=email, next_page=get_next_page())
def serve_change_password_request(): form = ChangePasswordForm() if form.validate_on_submit(): return serve_change_password(form) flash_form_errors(form) return render_template("account/change-password.html", active="Account", form=form)
def serve_edit_profile_request(): form = EditProfileForm(user) if form.validate_on_submit(): edit_profile(form) flash_form_errors(form, "Changes were not saved!") return render_template("account/edit-profile.html", active="Account", form=form)
def serve_login_request(): reauth = request.args.get("reauth", "") == "yes" if user and not reauth: return redirect(get_next_page(), code = 303) use_username = request.args.get("id", "username") == "username" form = UsernameLoginForm() if use_username else EmailLoginForm() if form.validate_on_submit(): return serve_login(form, use_username, reauth) else: flash_form_errors(form) return serve_login_page(form, use_username, reauth)
def serve_news_sudo_create_request(org): if user.organization_roles.news <= NewsRoles.default: abort(403) form = NewsSudoCreateForm() if form.validate_on_submit(): flash("Successfully created news item!", category = "SUCCESS") news_sudo_create(form, org) return redirect("/organization/%s/admin/news/" % org, code = 303) else: flash_form_errors(form) return render_template("adminpages/news-create.html", sudo = True, active = "news", form = form)
def oauth_create_account(): if user: return redirect(get_next_page(), code=303) try: data = verify_jwt(request.args.get("token", "")) except (InvalidJWT, ExpiredJWT): return error_page( code=400, message="Invalid token in request. Please contact us.", errorname="Bad Request") form = OAuthCreateAccountForm() if form.email.data is None and "email" in data: form.email.data = data["email"] if form.username.data is None and "username" in data: form.username.data = data["username"] if form.real_name.data is None and "real_name" in data: form.real_name.data = data["real_name"] if form.validate_on_submit(): new_user = create_blank_account(form.email.data, form.username.data, form.real_name.data, form.subscribed.data) if data["provider"] == "Google": GoogleLinks.add(uid=new_user.id, gid=data["pid"]) elif data["provider"] == "GitHub": GithubLinks.add(uid=new_user.id, gid=data["pid"]) db_commit() set_user(new_user) flash("Welcome!", category="SUCCESS") return redirect(get_next_page(), code=303) flash_form_errors(form) form.legal_agreement.checked = False return render_template("account/oauth-create-account.html", active="Sign Up", form=form, next_page=get_next_page(), provider=data["provider"])
def reset_password(): if user: return redirect(get_next_page(), code=303) form = ResetPasswordForm() if form.validate_on_submit(): email = form.email.data send_reset_email(email) return redirect("/reset-limbo/?email=%s" % email) flash_form_errors(form) return render_template("account/reset-password.html", active="Log In", form=form)
def serve_organization_landing(org): form = OrganizationJoinByCodeForm() organization = Organizations.query.filter_by(id=get_org_id()).first() if form.validate_on_submit(): organization.add_user(user) db_commit() flash("Joined %s!" % organization.name, category="SUCCESS") flash_form_errors(form) return render_template("organizations/landing.html", active="Organizations", organization=organization, form=form)
def serve_lesson_create_request(org): if user.organization_roles.lessons <= LessonRoles.default: abort(403) form = LessonCreateForm() if form.validate_on_submit(): flash("Successfully created lesson item!", category="SUCCESS") lesson_admin_create(form, org) return redirect("/organization/%s/admin/lessons/" % org, code=303) else: flash_form_errors(form) return render_template("adminpages/lesson-create.html", sudo=True, active="lessons", form=form)
def serve_signup_request(): if user: return redirect("/", code=303) form = SignupForm() if form.validate_on_submit(): email = form.email.data.strip() if Users.query.filter_by(email=email).count() > 0: link_email(email, get_next_page()) else: verify_email(email, get_next_page()) return redirect("/signup-limbo/?email=%s" % email, code=303) flash_form_errors(form) return render_template("account/signup.html", active="Sign Up", next_page=get_next_page(), form=form)
def serve_attendance(org): form = AttendanceForm() if form.validate_on_submit(): AttendanceRecords.add(cid=AttendanceCodes.query.filter_by( code=form.attendance_code.data.strip()).first().id, oid=get_org_id(), uid=user.id, time=get_time()) db_commit() flash("Your attendance was confirmed!", category="SUCCESS") flash_form_errors(form) return render_template( "account/attendance.html", form=form, off=(AttendanceCodes.query.filter_by(oid=get_org_id()).count() == 0))
def serve_news_sudo_edit_request(org, id): article = News.query.filter_by(oid = get_org_id(), id = id).first() if not article: return error_page(404, "There is no news item with the ID %d." % id) if not (user.organization_roles.news >= NewsRoles.moderator or user.organization_roles.news >= NewsRoles.default and article.has_author(user.id)): abort(403) form = NewsSudoEditForm(article) if form.validate_on_submit(): if news_sudo_edit(article, form): flash("Successfully deleted news item!", category = "SUCCESS") return redirect("/organization/%s/admin/news/" % org, code = 303) flash("Successfully updated news item!", category = "SUCCESS") else: flash_form_errors(form, "Changes were not saved!") return render_template("adminpages/news-edit.html", sudo = True, active = "news", article = article, form = form)
def serve_organization_sudo(org): if user.organization_roles.admin < OrganizationManagerRoles.admin: abort(403) form = OrganizationSudoForm() organization = Organizations.query.filter_by(id=get_org_id()).first() if form.validate_on_submit(): organization.name = form.name.data organization.desc = form.description.data organization.join_code = form.join_code.data organization.can_join_code = form.can_join_code.data organization.can_apply = form.can_apply.data db_commit() flash("Successfully updated organization!", category="SUCCESS") if form.name.data is None: form.name.data = organization.name if form.description.data is None: form.description.data = organization.desc if form.join_code.data is None: form.join_code.data = organization.join_code form.can_join_code.data = organization.can_join_code form.can_apply.data = organization.can_apply flash_form_errors(form) return render_template("adminpages/organization.html", sudo=True, active="organization", form=form)