def order_post(request): _ = request.translate code = request.POST.get('code') if code: return order_post_gc(request, code) times = (1, 3, 6, 12) try: method_name = request.POST.get('method') time_months = int(request.POST.get('time')) except (ValueError, TypeError): return HTTPSeeOther(location=request.route_url('account')) if method_name == 'admin' and request.user.is_admin: time = datetime.timedelta(days=30 * time_months) request.user.add_paid_time(time) return HTTPSeeOther(location=request.route_url('account')) method = request.payment_methods.get(method_name) if not method or time_months not in times: return HTTPBadRequest('Invalid method/time') time = datetime.timedelta(days=30 * time_months) o = method.init(request.user, time) DBSession.add(o) DBSession.flush() return method.start(request, o)
def api_gateway_connect(request): try: fullname = request.POST['username'] client_addr = request.POST['remote_addr'] except KeyError: return HTTPBadRequest('Require username/remote_addr') if '/' in fullname: username, profilename = fullname.split('/', 1) else: username = fullname profilename = None user = DBSession.query(User).filter_by(username=username).first() if not user or not user.is_active or not user.is_paid: return HTTPForbidden('Invalid account') sess = VPNSession() sess.gateway_id = request.gw.id sess.gateway_version = request.gw_version sess.user_id = user.id sess.remote_addr = client_addr if profilename: profile = DBSession.query(Profile) \ .filter_by(name=profilename, uid=user.id).first() if not profile: return HTTPForbidden('Unknown profile') sess.profile_id = profile.id DBSession.add(sess) params = {} return HTTPOk(body=json.dumps(params))
def forgot(request): if request.method != 'POST' or 'username' not in request.POST: return {} u = DBSession.query(User) \ .filter_by(username=request.POST['username']) \ .first() if not u: request.messages.error('Unknown username.') request.response.status_code = HTTPBadRequest.code return {} if not u.email: request.messages.error('No e-mail address associated with username.') request.response.status_code = HTTPBadRequest.code return {} token = PasswordResetToken(u) with transaction.manager: DBSession.add(token) mailer = get_mailer(request) body = render('mail/password_reset.mako', { 'user': u, 'requested_by': request.remote_addr, 'url': request.route_url('account_reset', token=token.token) }) message = Message(subject='CCVPN: Password reset request', recipients=[u.email], body=body) mailer.send(message) request.messages.info('We sent a reset link. Check your emails.') return {}
def initialize_db(): Base.metadata.create_all(DBSession.bind.engine) if not DBSession.query(User).filter_by(username='******').count(): with transaction.manager: admin = User(username='******', is_admin=True) admin.set_password('admin') DBSession.add(admin)
def forgot(request): _ = request.translate if request.method != 'POST' or 'username' not in request.POST: return {} u = DBSession.query(User) \ .filter_by(username=request.POST['username']) \ .first() if not u: request.messages.error(_('Unknown username.')) request.response.status_code = HTTPBadRequest.code return {} if not u.email: request.messages.error( _('No e-mail address associated with username.')) request.response.status_code = HTTPBadRequest.code return {} token = PasswordResetToken(u) DBSession.add(token) DBSession.flush() mailer = get_mailer(request) body = render('mail/password_reset.mako', { 'user': u, 'requested_by': request.remote_addr, 'url': request.route_url('account_reset', token=token.token) }, request=request) message = Message(subject=_('CCVPN: Password reset request'), recipients=[u.email], body=body) mailer.send(message) request.messages.info(_('We sent a reset link. Check your emails.')) return {}
def setUp(self): self.config = testing.setUp() self.session = setup_database() with transaction.manager: self.u = User(username='******', password='******') DBSession.add(self.u) self.pu = User(username='******', password='******') self.pu.add_paid_time(datetime.timedelta(days=30)) DBSession.add(self.pu)
def account_post(request): _ = request.translate redirect = HTTPSeeOther(location=request.route_url('account')) profiles_limit = 10 profile_name = request.POST.get('profilename') profile_delete = request.POST.get('delete') if profile_name: p = Profile() if not p.validate_name(profile_name): request.messages.error(_('Invalid name.')) return redirect # Check if the name is already used used = DBSession.query(Profile).filter_by(uid=request.user.id) \ .filter_by(name=profile_name).first() if used: request.messages.error(_('Name already used.')) return redirect # Check if this user's under the profile number limit profiles_count = DBSession.query(func.count(Profile.id)) \ .filter_by(uid=request.user.id).scalar() if profiles_count > profiles_limit: request.messages.error(_('You have too many profiles.')) return redirect p.name = profile_name p.uid = request.user.id DBSession.add(p) DBSession.flush() return HTTPSeeOther( location=request.route_url('account_profiles_edit', id=p.id)) if profile_delete: try: profile_delete = int(profile_delete) except ValueError: return redirect p = DBSession.query(Profile) \ .filter_by(id=int(profile_delete)) \ .filter(Profile.name != '') \ .filter_by(uid=request.user.id) \ .first() if not p: request.messages.error(_('Unknown profile.')) return redirect DBSession.delete(p) return redirect
def setUp(self): self.config = testing.setUp() self.session = setup_database() self.u = User(username='******', password='******') DBSession.add(self.u) self.session.flush() self.pu = User(username='******', password='******') self.pu.add_paid_time(datetime.timedelta(days=30)) DBSession.add(self.pu) self.session.flush()
def setUp(self): super().setUp() self.u = User(username='******', password='******') DBSession.add(self.u) self.session.flush() self.pu = User(username='******', password='******') self.pu.add_paid_time(datetime.timedelta(days=30)) DBSession.add(self.pu) self.session.flush()
def setUp(self): super().setUp() self.u = User(username='******', password='******') DBSession.add(self.u) self.session.flush() self.pu = User(username='******', password='******') self.pu.add_paid_time(datetime.timedelta(days=30)) DBSession.add(self.pu) self.session.flush()
def add(args): t = APIAccessToken() t.label = args.label if args.token == '-': args.token = input('Token (empty=random): ') if args.token: t.token = args.token if args.remote_addr: t.remote_addr = args.remote_addr DBSession.add(t) DBSession.commit() print('Inserted. token=%s' % t.token)
def add(args): t = Gateway() t.label = args.label if args.token == '-': args.token = input('Token (empty=random): ') if args.token: t.token = args.token if args.remote_addr: t.remote_addr = args.remote_addr DBSession.add(t) DBSession.commit() print('Inserted. token=%s' % t.token)
def account_post(request): _ = request.translate redirect = HTTPSeeOther(location=request.route_url('account')) profiles_limit = 10 profile_name = request.POST.get('profilename') profile_delete = request.POST.get('delete') if profile_name: p = Profile() if not p.validate_name(profile_name): request.messages.error(_('Invalid name.')) return redirect # Check if the name is already used used = DBSession.query(Profile).filter_by(uid=request.user.id) \ .filter_by(name=profile_name).first() if used: request.messages.error(_('Name already used.')) return redirect # Check if this user's under the profile number limit profiles_count = DBSession.query(func.count(Profile.id)) \ .filter_by(uid=request.user.id).scalar() if profiles_count > profiles_limit: request.messages.error(_('You have too many profiles.')) return redirect p.name = profile_name p.uid = request.user.id DBSession.add(p) DBSession.flush() return HTTPSeeOther(location=request.route_url('account_profiles_edit', id=p.id)) if profile_delete: try: profile_delete = int(profile_delete) except ValueError: return redirect p = DBSession.query(Profile) \ .filter_by(id=int(profile_delete)) \ .filter(Profile.name != '') \ .filter_by(uid=request.user.id) \ .first() if not p: request.messages.error(_('Unknown profile.')) return redirect DBSession.delete(p) return redirect
def signup(request): ## TODO: seriously needs refactoring _ = request.translate if request.method != 'POST': return {} errors = [] try: username = request.POST.get('username') password = request.POST.get('password') password2 = request.POST.get('password2') email = request.POST.get('email') if not User.validate_username(username): errors.append(_('Invalid username.')) if not User.validate_password(password): errors.append(_('Invalid password.')) if email and not User.validate_email(email): errors.append(_('Invalid email address.')) if password != password2: errors.append(_('Both passwords do not match.')) assert not errors used = User.is_used(username, email) if used[0] > 0: errors.append(_('Username already registered.')) if used[1] > 0 and email: errors.append(_('E-mail address already registered.')) assert not errors with transaction.manager: u = User(username=username, email=email, password=password) if request.referrer: u.referrer_id = request.referrer.id DBSession.add(u) DBSession.flush() dp = Profile(uid=u.id, name='') DBSession.add(dp) request.session['uid'] = u.id return HTTPSeeOther(location=request.route_url('account')) except AssertionError: for error in errors: request.messages.error(error) fields = ('username', 'password', 'password2', 'email') request.response.status_code = HTTPBadRequest.code return {k: request.POST[k] for k in fields}
def signup(request): ## TODO: seriously needs refactoring _ = request.translate if request.method != 'POST': return {} errors = [] try: username = request.POST.get('username') password = request.POST.get('password') password2 = request.POST.get('password2') email = request.POST.get('email') if not User.validate_username(username): errors.append(_('Invalid username.')) if not User.validate_password(password): errors.append(_('Invalid password.')) if email and not User.validate_email(email): errors.append(_('Invalid email address.')) if password != password2: errors.append(_('Both passwords do not match.')) assert not errors used = User.is_used(username, email) if used[0] > 0: errors.append(_('Username already registered.')) if used[1] > 0 and email: errors.append(_('E-mail address already registered.')) assert not errors with transaction.manager: u = User(username=username, email=email, password=password) if request.referrer: u.referrer_id = request.referrer.id DBSession.add(u) DBSession.flush() dp = Profile(uid=u.id, name='') DBSession.add(dp) request.session['uid'] = u.id return HTTPSeeOther(location=request.route_url('account')) except AssertionError: for error in errors: request.messages.error(error) fields = ('username', 'password', 'password2', 'email') request.response.status_code = HTTPBadRequest.code return {k: request.POST[k] for k in fields}
def tickets_new(request): _ = request.translate if request.method != 'POST': return {} try: subject = request.POST['subject'] body = request.POST['message'] subscribe = 'subscribe' in request.POST except KeyError: return {} errors = [] if len(subject) < 1: errors.append(_('Subject empty')) if len(subject) > 40: errors.append(_('Subject too long')) if len(body) < 1: errors.append(_('Message empty')) if len(body) > 2000: errors.append(_('Message too long')) if errors: for e in errors: request.messages.error(e) return {'subject': subject, 'message': body} ticket = Ticket() ticket.user_id = request.user.id ticket.subject = subject ticket.notify_owner = subscribe DBSession.add(ticket) DBSession.flush() message = TicketMessage() message.ticket_id = ticket.id message.user_id = request.user.id message.content = body DBSession.add(message) url = request.route_url('tickets_view', id=ticket.id) return HTTPSeeOther(location=url)
def tickets_new(request): _ = request.translate if request.method != 'POST': return {} try: subject = request.POST['subject'] body = request.POST['message'] subscribe = 'subscribe' in request.POST except KeyError: return {} errors = [] if len(subject) < 1: errors.append(_('Subject empty')) if len(subject) > 40: errors.append(_('Subject too long')) if len(body) < 1: errors.append(_('Message empty')) if len(body) > 2000: errors.append(_('Message too long')) if errors: for e in errors: request.messages.error(e) return {'subject': subject, 'message': body} ticket = Ticket() ticket.user_id = request.user.id ticket.subject = subject ticket.notify_owner = subscribe DBSession.add(ticket) DBSession.flush() message = TicketMessage() message.ticket_id = ticket.id message.user_id = request.user.id message.content = body DBSession.add(message) url = request.route_url('tickets_view', id=ticket.id) return HTTPSeeOther(location=url)
def post_item(self): if 'id' in self.request.POST and self.request.POST['id'] != '': item = self.get_item(self.request.POST['id']) item_id = self.request.POST['id'] item = DBSession.query(self.model).filter_by(id=item_id).first() if not item: item = self.model() DBSession.add(item) else: item = self.model() DBSession.add(item) try: self.assign_from_form(item) except: DBSession.rollback() raise DBSession.flush() self.request.session.flash(('info', 'Saved!')) route_name = 'admin_' + self.model.__name__.lower() + 's' location = self.request.route_url(route_name, _query={'id': item.id}) return HTTPSeeOther(location=location)
def api_gateway_connect(request): try: fullname = request.POST['username'] client_addr = request.POST['remote_addr'] internal_ip4 = request.POST['internal_ip4'] internal_ip6 = request.POST['internal_ip6'] except KeyError: return HTTPBadRequest('Require username/remote_addr') if '/' in fullname: username, profilename = fullname.split('/', 1) else: username = fullname profilename = None user = DBSession.query(User).filter_by(username=username).first() if not user or not user.is_active or not user.is_paid: return HTTPForbidden('Invalid account') sess = VPNSession() sess.gateway_id = request.gw.id sess.gateway_version = request.gw_version sess.user_id = user.id sess.remote_addr = client_addr sess.internal_ip4 = internal_ip4 sess.internal_ip6 = internal_ip6 if profilename: profile = DBSession.query(Profile) \ .filter_by(name=profilename, uid=user.id).first() if not profile: return HTTPForbidden('Unknown profile') sess.profile_id = profile.id DBSession.add(sess) params = {} return HTTPOk(body=json.dumps(params))
def post(self, request): if self.id: query = DBSession.query(self.model).filter_by(id=self.id) parent = self.parent while parent: if not isinstance(parent, AdminBaseModel): break query = query.filter(parent.model.id == parent.id) parent = parent.parent self.item = query.first() or self.model() self.post_edit(request) else: self.item = self.model() self.post_add(request) DBSession.add(self.item) DBSession.flush() request.messages.info('Saved!') location = request.resource_url(self) DBSession.expire_all() return HTTPSeeOther(location=location)
def post(self, request): if self.id: query = DBSession.query(self.model).filter_by(id=self.id) parent = self.parent while parent: if not isinstance(parent, AdminBaseModel): break query = query.filter(parent.model.id == parent.id) parent = parent.parent self.item = query.first() or self.model() self.post_edit(request) else: self.item = self.model() self.post_add(request) DBSession.add(self.item) DBSession.flush() request.messages.info('Saved!') location = request.resource_url(self) DBSession.expire_all() return HTTPSeeOther(location=location)
def order_post(request): code = request.POST.get('code') if code: return order_post_gc(request, code) times = (1, 3, 6, 12) try: method_name = request.POST.get('method') time_months = int(request.POST.get('time')) except ValueError: return HTTPBadRequest('invalid POST data') if method_name not in methods.METHODS or time_months not in times: return HTTPBadRequest('Invalid method/time') time = datetime.timedelta(days=30 * time_months) o = Order(user=request.user, time=time, amount=0, method=0) o.close_date = datetime.datetime.now() + datetime.timedelta(days=7) o.paid = False o.payment = {} method = methods.METHODS[method_name]() method.init(request, o) DBSession.add(o) DBSession.flush() return method.start(request, o)
def account_post(request): _ = request.translate # TODO: Fix that. split in two functions or something. errors = [] try: if 'profilename' in request.POST: p = Profile() p.validate_name(request.POST['profilename']) or \ errors.append(_('Invalid name.')) assert not errors name_used = DBSession.query(Profile) \ .filter_by(uid=request.user.id, name=request.POST['profilename']) \ .first() if name_used: errors.append(_('Name already used.')) profiles_count = DBSession.query(func.count(Profile.id)) \ .filter_by(uid=request.user.id).scalar() if profiles_count > 10: errors.append(_('You have too many profiles.')) assert not errors p.name = request.POST['profilename'] p.askpw = 'askpw' in request.POST and request.POST['askpw'] == '1' p.uid = request.user.id if not p.askpw: p.password = random_access_token() DBSession.add(p) DBSession.flush() return account(request) if 'profiledelete' in request.POST: p = DBSession.query(Profile) \ .filter_by(id=int(request.POST['profiledelete'])) \ .filter_by(uid=request.user.id) \ .first() assert p or errors.append(_('Unknown profile.')) DBSession.delete(p) DBSession.flush() return account(request) u = request.user if request.POST['password'] != '': u.validate_password(request.POST['password']) or \ errors.append(_('Invalid password.')) if request.POST['password'] != request.POST['password2']: errors.append(_('Both passwords do not match.')) if request.POST['email'] != '': u.validate_email(request.POST['email']) or \ errors.append(_('Invalid email address.')) assert not errors new_email = request.POST.get('email') if new_email and new_email != request.user.email: c = DBSession.query(func.count(User.id).label('ec')) \ .filter_by(email=new_email).first() if c.ec > 0: errors.append(_('E-mail address already registered.')) assert not errors if request.POST['password'] != '': u.set_password(request.POST['password']) if request.POST['email'] != '': u.email = request.POST['email'] request.messages.info(_('Saved!')) DBSession.flush() except KeyError: return HTTPBadRequest() except AssertionError: for error in errors: request.session.flash(('error', error)) return account(request)
def setUp(self): self.config = testing.setUp() self.session = setup_database() u = User(username='******', email='test@host', password='******') DBSession.add(u) self.session.flush()
def tickets_view(request): _ = request.translate id = request.matchdict.get('id') try: ticket_q = DBSession.query(Ticket).filter_by(id=id) if not request.user.is_admin: ticket_q = ticket_q.filter_by(user_id=request.user.id) ticket = ticket_q.one() except NoResultFound: return HTTPNotFound() if request.method != 'POST': return {'ticket': ticket} redirect = HTTPSeeOther(location=request.route_url('tickets_view', id=id)) try: body = request.POST['message'] close = 'close' in request.POST subscribe = 'subscribe' in request.POST except KeyError: return redirect if body: errors = [] if len(body) < 1: errors.append(_('Message empty')) if len(body) > 2000: errors.append(_('Message too long')) if errors: for e in errors: request.messages.error(e) return {'ticket': ticket} message = TicketMessage() message.user_id = request.user.id message.content = body message.ticket_id = ticket.id DBSession.add(message) if ticket.close: # We re-open it ticket.closed = False if ticket.notify_owner and ticket.user_id != message.user_id and ticket.user.email: mailer = get_mailer(request) body = render( 'mail/tickets_updated.mako', { 'user': ticket.user, 'ticket': ticket, 'url': request.route_url('tickets_view', id=ticket.id), }, request=request) message = Message(subject=_('CCVPN: Ticket update'), recipients=[ticket.user.email], body=body) mailer.send(message) if request.user.id == ticket.user_id: ticket.notify_owner = subscribe if not ticket.closed and close: ticket.close() return redirect
def tickets_view(request): _ = request.translate id = request.matchdict.get('id') try: ticket_q = DBSession.query(Ticket).filter_by(id=id) if not request.user.is_admin: ticket_q = ticket_q.filter_by(user_id=request.user.id) ticket = ticket_q.one() except NoResultFound: return HTTPNotFound() if request.method != 'POST': return {'ticket': ticket} redirect = HTTPSeeOther(location=request.route_url('tickets_view', id=id)) try: body = request.POST['message'] close = 'close' in request.POST subscribe = 'subscribe' in request.POST except KeyError: return redirect if body: errors = [] if len(body) < 1: errors.append(_('Message empty')) if len(body) > 2000: errors.append(_('Message too long')) if errors: for e in errors: request.messages.error(e) return {'ticket': ticket} message = TicketMessage() message.user_id = request.user.id message.content = body message.ticket_id = ticket.id DBSession.add(message) if ticket.close: # We re-open it ticket.closed = False if ticket.notify_owner and ticket.user_id != message.user_id and ticket.user.email: mailer = get_mailer(request) body = render('mail/tickets_updated.mako', { 'user': ticket.user, 'ticket': ticket, 'url': request.route_url('tickets_view', id=ticket.id), }, request=request) message = Message(subject=_('CCVPN: Ticket update'), recipients=[ticket.user.email], body=body) mailer.send(message) if request.user.id == ticket.user_id: ticket.notify_owner = subscribe if not ticket.closed and close: ticket.close() return redirect
def setUp(self): super().setUp() u = User(username='******', email='test@host', password='******') DBSession.add(u) self.session.flush()
def account_post(request): # TODO: Fix that. split in two functions or something. errors = [] try: if 'profilename' in request.POST: p = Profile() p.validate_name(request.POST['profilename']) or \ errors.append('Invalid name.') assert not errors name_used = DBSession.query(Profile) \ .filter_by(uid=request.user.id, name=request.POST['profilename']) \ .first() if name_used: errors.append('Name already used.') profiles_count = DBSession.query(func.count(Profile.id)) \ .filter_by(uid=request.user.id).scalar() if profiles_count > 10: errors.append('You have too many profiles.') assert not errors p.name = request.POST['profilename'] p.askpw = 'askpw' in request.POST and request.POST['askpw'] == '1' p.uid = request.user.id if not p.askpw: p.password = random_access_token() DBSession.add(p) DBSession.flush() return account(request) if 'profiledelete' in request.POST: p = DBSession.query(Profile) \ .filter_by(id=int(request.POST['profiledelete'])) \ .filter_by(uid=request.user.id) \ .first() assert p or errors.append('Unknown profile.') DBSession.delete(p) DBSession.flush() return account(request) u = request.user if request.POST['password'] != '': u.validate_password(request.POST['password']) or \ errors.append('Invalid password.') if request.POST['password'] != request.POST['password2']: errors.append('Both passwords do not match.') if request.POST['email'] != '': u.validate_email(request.POST['email']) or \ errors.append('Invalid email address.') assert not errors new_email = request.POST.get('email') if new_email and new_email != request.user.email: c = DBSession.query(func.count(User.id).label('ec')) \ .filter_by(email=new_email).first() if c.ec > 0: errors.append('E-mail address already registered.') assert not errors if request.POST['password'] != '': u.set_password(request.POST['password']) if request.POST['email'] != '': u.email = request.POST['email'] request.session.flash(('info', 'Saved!')) DBSession.flush() except KeyError: return HTTPBadRequest() except AssertionError: for error in errors: request.session.flash(('error', error)) return account(request)
def setUp(self): self.config = testing.setUp() self.session = setup_database() u = User(username='******', email='test@host', password='******') DBSession.add(u) self.session.flush()
def setUp(self): self.config = testing.setUp() self.session = setup_database() with transaction.manager: u = User(username='******', email='test@host', password='******') DBSession.add(u)
def setUp(self): super().setUp() u = User(username='******', email='test@host', password='******') DBSession.add(u) self.session.flush()