def forgot(request): _ = request.translate if request.method != 'POST' or 'username' not in request.POST: return {} u = DBSession.query(User) \ .filter_by(username=request.POST['username']) \ .first() if not u: request.messages.error(_('Unknown username.')) request.response.status_code = HTTPBadRequest.code return {} if not u.email: request.messages.error(_('No e-mail address associated with username.')) request.response.status_code = HTTPBadRequest.code return {} token = PasswordResetToken(u) DBSession.add(token) DBSession.flush() mailer = get_mailer(request) body = render('mail/password_reset.mako', { 'user': u, 'requested_by': request.remote_addr, 'url': request.route_url('account_reset', token=token.token) }, request=request) message = Message(subject=_('CCVPN: Password reset request'), recipients=[u.email], body=body) mailer.send(message) request.messages.info(_('We sent a reset link. Check your emails.')) return {}
def order_post(request): _ = request.translate code = request.POST.get('code') if code: return order_post_gc(request, code) times = (1, 3, 6, 12) try: method_name = request.POST.get('method') time_months = int(request.POST.get('time')) except (ValueError, TypeError): return HTTPSeeOther(location=request.route_url('account')) if method_name == 'admin' and request.user.is_admin: time = datetime.timedelta(days=30 * time_months) request.user.add_paid_time(time) return HTTPSeeOther(location=request.route_url('account')) method = request.payment_methods.get(method_name) if not method or time_months not in times: return HTTPBadRequest('Invalid method/time') time = datetime.timedelta(days=30 * time_months) o = method.init(request.user, time) DBSession.add(o) DBSession.flush() return method.start(request, o)
def forgot(request): _ = request.translate if request.method != 'POST' or 'username' not in request.POST: return {} u = DBSession.query(User) \ .filter_by(username=request.POST['username']) \ .first() if not u: request.messages.error(_('Unknown username.')) request.response.status_code = HTTPBadRequest.code return {} if not u.email: request.messages.error( _('No e-mail address associated with username.')) request.response.status_code = HTTPBadRequest.code return {} token = PasswordResetToken(u) DBSession.add(token) DBSession.flush() mailer = get_mailer(request) body = render('mail/password_reset.mako', { 'user': u, 'requested_by': request.remote_addr, 'url': request.route_url('account_reset', token=token.token) }, request=request) message = Message(subject=_('CCVPN: Password reset request'), recipients=[u.email], body=body) mailer.send(message) request.messages.info(_('We sent a reset link. Check your emails.')) return {}
def order_callback(request): id = int(request.matchdict['hexid'], 16) o = DBSession.query(Order).filter_by(id=id).first() if not o: return HTTPNotFound() method = methods.METHOD_IDS[o.method] ret = method().callback(request, o) DBSession.flush() return ret
def order_callback(request): _ = request.translate id = int(request.matchdict['hexid'], 16) o = DBSession.query(Order).filter_by(id=id).first() if not o: return HTTPNotFound() method = request.payment_methods.get(o.method) r = method.callback(request, o) DBSession.flush() return r
def account_post(request): _ = request.translate redirect = HTTPSeeOther(location=request.route_url('account')) profiles_limit = 10 profile_name = request.POST.get('profilename') profile_delete = request.POST.get('delete') if profile_name: p = Profile() if not p.validate_name(profile_name): request.messages.error(_('Invalid name.')) return redirect # Check if the name is already used used = DBSession.query(Profile).filter_by(uid=request.user.id) \ .filter_by(name=profile_name).first() if used: request.messages.error(_('Name already used.')) return redirect # Check if this user's under the profile number limit profiles_count = DBSession.query(func.count(Profile.id)) \ .filter_by(uid=request.user.id).scalar() if profiles_count > profiles_limit: request.messages.error(_('You have too many profiles.')) return redirect p.name = profile_name p.uid = request.user.id DBSession.add(p) DBSession.flush() return HTTPSeeOther( location=request.route_url('account_profiles_edit', id=p.id)) if profile_delete: try: profile_delete = int(profile_delete) except ValueError: return redirect p = DBSession.query(Profile) \ .filter_by(id=int(profile_delete)) \ .filter(Profile.name != '') \ .filter_by(uid=request.user.id) \ .first() if not p: request.messages.error(_('Unknown profile.')) return redirect DBSession.delete(p) return redirect
def account_post(request): _ = request.translate redirect = HTTPSeeOther(location=request.route_url('account')) profiles_limit = 10 profile_name = request.POST.get('profilename') profile_delete = request.POST.get('delete') if profile_name: p = Profile() if not p.validate_name(profile_name): request.messages.error(_('Invalid name.')) return redirect # Check if the name is already used used = DBSession.query(Profile).filter_by(uid=request.user.id) \ .filter_by(name=profile_name).first() if used: request.messages.error(_('Name already used.')) return redirect # Check if this user's under the profile number limit profiles_count = DBSession.query(func.count(Profile.id)) \ .filter_by(uid=request.user.id).scalar() if profiles_count > profiles_limit: request.messages.error(_('You have too many profiles.')) return redirect p.name = profile_name p.uid = request.user.id DBSession.add(p) DBSession.flush() return HTTPSeeOther(location=request.route_url('account_profiles_edit', id=p.id)) if profile_delete: try: profile_delete = int(profile_delete) except ValueError: return redirect p = DBSession.query(Profile) \ .filter_by(id=int(profile_delete)) \ .filter(Profile.name != '') \ .filter_by(uid=request.user.id) \ .first() if not p: request.messages.error(_('Unknown profile.')) return redirect DBSession.delete(p) return redirect
def order_post_gc(request, code): try: gc = GiftCode.one(code=code) gc.use(request.user) time = gc.time.days request.messages.info('OK! Added %d days to your account.' % time) DBSession.flush() except (NoResultFound, MultipleResultsFound): request.messages.error('Unknown code.') except AlreadyUsedGiftCode: request.messages.error('Already used code') return HTTPSeeOther(location=request.route_url('account'))
def signup(request): ## TODO: seriously needs refactoring _ = request.translate if request.method != 'POST': return {} errors = [] try: username = request.POST.get('username') password = request.POST.get('password') password2 = request.POST.get('password2') email = request.POST.get('email') if not User.validate_username(username): errors.append(_('Invalid username.')) if not User.validate_password(password): errors.append(_('Invalid password.')) if email and not User.validate_email(email): errors.append(_('Invalid email address.')) if password != password2: errors.append(_('Both passwords do not match.')) assert not errors used = User.is_used(username, email) if used[0] > 0: errors.append(_('Username already registered.')) if used[1] > 0 and email: errors.append(_('E-mail address already registered.')) assert not errors with transaction.manager: u = User(username=username, email=email, password=password) if request.referrer: u.referrer_id = request.referrer.id DBSession.add(u) DBSession.flush() dp = Profile(uid=u.id, name='') DBSession.add(dp) request.session['uid'] = u.id return HTTPSeeOther(location=request.route_url('account')) except AssertionError: for error in errors: request.messages.error(error) fields = ('username', 'password', 'password2', 'email') request.response.status_code = HTTPBadRequest.code return {k: request.POST[k] for k in fields}
def order_post_gc(request, code): _ = request.translate try: gc = GiftCode.one(code=code) gc.use(request.user) time = gc.time.days request.messages.info(_('OK! Added ${time} days to your account.', mapping={'time': time})) DBSession.flush() except (NoResultFound, MultipleResultsFound): request.messages.error(_('Unknown gift code.')) except AlreadyUsedGiftCode: request.messages.error(_('Gift code already used.')) return HTTPSeeOther(location=request.route_url('account'))
def tickets_new(request): _ = request.translate if request.method != 'POST': return {} try: subject = request.POST['subject'] body = request.POST['message'] subscribe = 'subscribe' in request.POST except KeyError: return {} errors = [] if len(subject) < 1: errors.append(_('Subject empty')) if len(subject) > 40: errors.append(_('Subject too long')) if len(body) < 1: errors.append(_('Message empty')) if len(body) > 2000: errors.append(_('Message too long')) if errors: for e in errors: request.messages.error(e) return {'subject': subject, 'message': body} ticket = Ticket() ticket.user_id = request.user.id ticket.subject = subject ticket.notify_owner = subscribe DBSession.add(ticket) DBSession.flush() message = TicketMessage() message.ticket_id = ticket.id message.user_id = request.user.id message.content = body DBSession.add(message) url = request.route_url('tickets_view', id=ticket.id) return HTTPSeeOther(location=url)
def post_item(self): if 'id' in self.request.POST and self.request.POST['id'] != '': item = self.get_item(self.request.POST['id']) item_id = self.request.POST['id'] item = DBSession.query(self.model).filter_by(id=item_id).first() if not item: item = self.model() DBSession.add(item) else: item = self.model() DBSession.add(item) try: self.assign_from_form(item) except: DBSession.rollback() raise DBSession.flush() self.request.session.flash(('info', 'Saved!')) route_name = 'admin_' + self.model.__name__.lower() + 's' location = self.request.route_url(route_name, _query={'id': item.id}) return HTTPSeeOther(location=location)
def post(self, request): if self.id: query = DBSession.query(self.model).filter_by(id=self.id) parent = self.parent while parent: if not isinstance(parent, AdminBaseModel): break query = query.filter(parent.model.id == parent.id) parent = parent.parent self.item = query.first() or self.model() self.post_edit(request) else: self.item = self.model() self.post_add(request) DBSession.add(self.item) DBSession.flush() request.messages.info('Saved!') location = request.resource_url(self) DBSession.expire_all() return HTTPSeeOther(location=location)
def order_post(request): code = request.POST.get('code') if code: return order_post_gc(request, code) times = (1, 3, 6, 12) try: method_name = request.POST.get('method') time_months = int(request.POST.get('time')) except ValueError: return HTTPBadRequest('invalid POST data') if method_name not in methods.METHODS or time_months not in times: return HTTPBadRequest('Invalid method/time') time = datetime.timedelta(days=30 * time_months) o = Order(user=request.user, time=time, amount=0, method=0) o.close_date = datetime.datetime.now() + datetime.timedelta(days=7) o.paid = False o.payment = {} method = methods.METHODS[method_name]() method.init(request, o) DBSession.add(o) DBSession.flush() return method.start(request, o)
def account_post(request): _ = request.translate # TODO: Fix that. split in two functions or something. errors = [] try: if 'profilename' in request.POST: p = Profile() p.validate_name(request.POST['profilename']) or \ errors.append(_('Invalid name.')) assert not errors name_used = DBSession.query(Profile) \ .filter_by(uid=request.user.id, name=request.POST['profilename']) \ .first() if name_used: errors.append(_('Name already used.')) profiles_count = DBSession.query(func.count(Profile.id)) \ .filter_by(uid=request.user.id).scalar() if profiles_count > 10: errors.append(_('You have too many profiles.')) assert not errors p.name = request.POST['profilename'] p.askpw = 'askpw' in request.POST and request.POST['askpw'] == '1' p.uid = request.user.id if not p.askpw: p.password = random_access_token() DBSession.add(p) DBSession.flush() return account(request) if 'profiledelete' in request.POST: p = DBSession.query(Profile) \ .filter_by(id=int(request.POST['profiledelete'])) \ .filter_by(uid=request.user.id) \ .first() assert p or errors.append(_('Unknown profile.')) DBSession.delete(p) DBSession.flush() return account(request) u = request.user if request.POST['password'] != '': u.validate_password(request.POST['password']) or \ errors.append(_('Invalid password.')) if request.POST['password'] != request.POST['password2']: errors.append(_('Both passwords do not match.')) if request.POST['email'] != '': u.validate_email(request.POST['email']) or \ errors.append(_('Invalid email address.')) assert not errors new_email = request.POST.get('email') if new_email and new_email != request.user.email: c = DBSession.query(func.count(User.id).label('ec')) \ .filter_by(email=new_email).first() if c.ec > 0: errors.append(_('E-mail address already registered.')) assert not errors if request.POST['password'] != '': u.set_password(request.POST['password']) if request.POST['email'] != '': u.email = request.POST['email'] request.messages.info(_('Saved!')) DBSession.flush() except KeyError: return HTTPBadRequest() except AssertionError: for error in errors: request.session.flash(('error', error)) return account(request)
def account_post(request): # TODO: Fix that. split in two functions or something. errors = [] try: if 'profilename' in request.POST: p = Profile() p.validate_name(request.POST['profilename']) or \ errors.append('Invalid name.') assert not errors name_used = DBSession.query(Profile) \ .filter_by(uid=request.user.id, name=request.POST['profilename']) \ .first() if name_used: errors.append('Name already used.') profiles_count = DBSession.query(func.count(Profile.id)) \ .filter_by(uid=request.user.id).scalar() if profiles_count > 10: errors.append('You have too many profiles.') assert not errors p.name = request.POST['profilename'] p.askpw = 'askpw' in request.POST and request.POST['askpw'] == '1' p.uid = request.user.id if not p.askpw: p.password = random_access_token() DBSession.add(p) DBSession.flush() return account(request) if 'profiledelete' in request.POST: p = DBSession.query(Profile) \ .filter_by(id=int(request.POST['profiledelete'])) \ .filter_by(uid=request.user.id) \ .first() assert p or errors.append('Unknown profile.') DBSession.delete(p) DBSession.flush() return account(request) u = request.user if request.POST['password'] != '': u.validate_password(request.POST['password']) or \ errors.append('Invalid password.') if request.POST['password'] != request.POST['password2']: errors.append('Both passwords do not match.') if request.POST['email'] != '': u.validate_email(request.POST['email']) or \ errors.append('Invalid email address.') assert not errors new_email = request.POST.get('email') if new_email and new_email != request.user.email: c = DBSession.query(func.count(User.id).label('ec')) \ .filter_by(email=new_email).first() if c.ec > 0: errors.append('E-mail address already registered.') assert not errors if request.POST['password'] != '': u.set_password(request.POST['password']) if request.POST['email'] != '': u.email = request.POST['email'] request.session.flash(('info', 'Saved!')) DBSession.flush() except KeyError: return HTTPBadRequest() except AssertionError: for error in errors: request.session.flash(('error', error)) return account(request)