def serve_user_sudo_edit_request(uid):
if user.roles.users <= UserRoles.default:
abort(403)
try:
uid = int(uid)
except:
return error_page(
404, message="/admin/user must be loaded with the user ID.")
target = Users.query.filter_by(id=uid).first()
if not target:
return error_page(404, message="There is no user with this ID.")
if UserRoles.admin > user.roles.users <= target.roles.users:
abort(403)
form = UserSudoAdminForm(
) if user.roles.users >= UserRoles.admin else UserSudoModeratorForm()
if form.validate_on_submit():
flash("Successfully updated user!", category="SUCCESS")
user_sudo_edit(target, form)
else:
flash_form_errors(form, "Changes were not saved!")
return render_template("adminpages/user.html",
sudo=True,
active="users",
target=target,
form=form)
def serve_user(uid):
try:
uid = int(uid)
except:
return error_page(404, message = "Invalid user id: '%s'. Please note that user ids are integers." % uid)
displayuser = Users.query.filter_by(id = uid).first()
if not displayuser:
return error_page(404, message = "There is no user with this ID.")
return get_user_page(displayuser, uid)
def serve_lesson_edit(org, id):
lesson = Lessons.query.filter_by(oid=get_org_id(), id=id).first()
if not lesson:
return error_page(404, "There is no lesson with the ID %d." % id)
if not (user.organization_roles.lessons >= LessonRoles.admin
or user.organization_roles.lessons >= LessonRoles.default
and lesson.has_author(user.id)):
abort(403)
form = LessonEditForm(lesson)
if form.validate_on_submit():
if lesson_edit(lesson, form):
flash("Successfully deleted lesson!", category="SUCCESS")
return redirect("/organization/%s/admin/lessons/" % org, code=303)
flash("Successfully updated lesson!", category="SUCCESS")
else:
flash_form_errors(form, "Changes were not saved!")
return render_template("adminpages/lesson-edit.html",
sudo=True,
active="lessons",
lesson=lesson,
form=form)
def serve_lesson(lid, oid = "main"):
lesson = Lessons.query.filter_by(lid = lid).join(Organizations).filter(Organizations.oid == oid).first()
if lesson is None:
return error_page(404, message = "No such lesson with code '%s'." % lid)
return render_template("learn/lesson.html", lesson = lesson, active = "Lessons")
def oauth_create_account():
if user:
return redirect(get_next_page(), code=303)
try:
data = verify_jwt(request.args.get("token", ""))
except (InvalidJWT, ExpiredJWT):
return error_page(
code=400,
message="Invalid token in request. Please contact us.",
errorname="Bad Request")
form = OAuthCreateAccountForm()
if form.email.data is None and "email" in data:
form.email.data = data["email"]
if form.username.data is None and "username" in data:
form.username.data = data["username"]
if form.real_name.data is None and "real_name" in data:
form.real_name.data = data["real_name"]
if form.validate_on_submit():
new_user = create_blank_account(form.email.data, form.username.data,
form.real_name.data,
form.subscribed.data)
if data["provider"] == "Google":
GoogleLinks.add(uid=new_user.id, gid=data["pid"])
elif data["provider"] == "GitHub":
GithubLinks.add(uid=new_user.id, gid=data["pid"])
db_commit()
set_user(new_user)
flash("Welcome!", category="SUCCESS")
return redirect(get_next_page(), code=303)
flash_form_errors(form)
form.legal_agreement.checked = False
return render_template("account/oauth-create-account.html",
active="Sign Up",
form=form,
next_page=get_next_page(),
provider=data["provider"])
def serve_news_sudo_edit_request(org, id):
article = News.query.filter_by(oid = get_org_id(), id = id).first()
if not article:
return error_page(404, "There is no news item with the ID %d." % id)
if not (user.organization_roles.news >= NewsRoles.moderator or user.organization_roles.news >= NewsRoles.default and article.has_author(user.id)):
abort(403)
form = NewsSudoEditForm(article)
if form.validate_on_submit():
if news_sudo_edit(article, form):
flash("Successfully deleted news item!", category = "SUCCESS")
return redirect("/organization/%s/admin/news/" % org, code = 303)
flash("Successfully updated news item!", category = "SUCCESS")
else:
flash_form_errors(form, "Changes were not saved!")
return render_template("adminpages/news-edit.html", sudo = True, active = "news", article = article, form = form)
def serve500(e):
return error_page(500)
def serve404(e):
return error_page(404)
def serve403(e):
return error_page(403)
def serveError(code):
return error_page(code)
def authorize_google():
if user:
next_url = request.args.get("next")
if next_url is None:
try:
if 'state' in session:
state = session['state']
else:
state = request.args.get("state", "")
data = verify_jwt(state)
next_url = data.get("next", "/")
except (InvalidJWT, ExpiredJWT):
next_url = "/"
return redirect(next_url, code=303)
if 'state' not in session:
return error_page(
400,
message=
"No state was provided! Please return to /login to retrieve a valid state."
)
state = request.args.get('state', '')
sess_state = session.get('state')
del session['state']
if state != sess_state:
return error_page(
400,
message=
"The provided state is invalid! Please return to /login to retrieve a new state."
)
try:
next_url = verify_jwt(sess_state).get("next", "/")
except (InvalidJWT, ExpiredJWT):
return error_page(
400,
message=
"The provided state is invalid! Please return to /login to retrieve a new state."
)
code = request.args.get('code', '')
userinfo = google_oauth_client.get_userinfo(code)
gid = str(userinfo.id)
email = userinfo.raw["email"]
link = GoogleLinks.query.filter_by(gid=gid).first()
if link is None:
link_user = Users.query.filter_by(email=email).first()
if link_user is not None:
link_token = make_jwt({
"provider": "Google",
"pid": gid,
"email": email,
"uid": link_user.id
})
return render_template("account/link-accounts.html",
provider="Google",
matches=[(email, link_user, link_token)],
no_signup=True,
pid=gid)
else:
connect_token = make_jwt({
"provider": "Google",
"pid": gid,
"email": email,
"real_name": userinfo.raw["name"]
})
return redirect("/oauth-create-account/?next=%s&token=%s" %
(next_url, connect_token))
else:
set_user(Users.query.filter_by(id=link.uid).first_or_404())
flash("Welcome back!", category="SUCCESS")
return redirect(next_url, code=303)