def sso(app_key, user_login):
"""Simple SSO API."""
app = get_app(app_key)
require_userinfo = request.values.get('with') == 'userinfo'
error_ignored = request.values.get('error') == 'ignore'
success = None
if User.LOGIN_PATTERN.match(user_login):
try:
user = langdev.web.user.get_user(user_login)
except werkzeug.exceptions.NotFound:
if not error_ignored:
raise
success = False
else:
try:
user = g.session.query(User).filter_by(email=user_login).one()
except sqlalchemy.orm.exc.NoResultFound:
if error_ignored:
success = False
else:
abort(404)
except sqlalchemy.orm.exc.MultipleResultsFound:
success = False
if success is None:
success = app.hmac(user.password) == request.values['password']
if success and require_userinfo:
result = user
# workaround to include ``email`` attribute in the response.
# see also :func:`langdev.objsimplify.transform`.
g.current_user = user
else:
result = success
return render('thirdparty/sso', result, success=success)
def signin_form(form=None, return_url=None):
if not form:
form = SignInForm()
return_url = return_url or request.values.get('return_url')
if return_url:
form.return_url.data = return_url
return render('user/signin_form', form, form=form)
def sso(app_key, user_login):
"""Simple SSO API."""
app = get_app(app_key)
require_userinfo = request.values.get("with") == "userinfo"
error_ignored = request.values.get("error") == "ignore"
success = None
if User.LOGIN_PATTERN.match(user_login):
try:
user = langdev.web.user.get_user(user_login)
except werkzeug.exceptions.NotFound:
if not error_ignored:
raise
success = False
else:
try:
user = g.session.query(User).filter_by(email=user_login).one()
except sqlalchemy.orm.exc.NoResultFound:
if error_ignored:
success = False
else:
abort(404)
except sqlalchemy.orm.exc.MultipleResultsFound:
success = False
if success is None:
success = app.hmac(user.password) == request.values["password"]
if success and require_userinfo:
result = user
# workaround to include ``email`` attribute in the response.
# see also :func:`langdev.objsimplify.transform`.
g.current_user = user
else:
result = success
return render("thirdparty/sso", result, success=success)
def signin_form(form=None, return_url=None):
if not form:
form = SignInForm()
return_url = return_url or request.values.get('return_url')
if return_url:
form.return_url.data = return_url
return render('user/signin_form', form, form=form)
def request_find_password(user_login):
user = get_user(user_login, orm.undefer_group('profile'))
if user.email:
token, expired_at = generate_token(user)
url = url_for('.change_password_form',
user_login=user.login,
token=token,
_external=True)
expired_at = datetime.datetime.utcfromtimestamp(expired_at)
msg = Message('[LangDev.org] Change your password: '******'''
You can change your password through the following link:
{url}
But the above link will be expired at {expired_at} UTC.
''').format(url=url, expired_at=expired_at)
current_app.mail.send(msg)
email = hide_email(user.email)
result = Result(user=user, email=email)
status_code = 201
else:
result = Result(user=user, error='Has no email address')
status_code = 403
response = render('user/request_find_password', result, **result)
response.status_code = status_code
return response
def request_find_password(user_login):
user = get_user(user_login, orm.undefer_group('profile'))
if user.email:
token, expired_at = generate_token(user)
url = url_for('.change_password_form',
user_login=user.login, token=token, _external=True)
expired_at = datetime.datetime.utcfromtimestamp(expired_at)
msg = Message('[LangDev.org] Change your password: '******'''
You can change your password through the following link:
{url}
But the above link will be expired at {expired_at} UTC.
''').format(url=url, expired_at=expired_at)
current_app.mail.send(msg)
email = hide_email(user.email)
result = Result(user=user, email=email)
status_code = 201
else:
result = Result(user=user, error='Has no email address')
status_code = 403
response = render('user/request_find_password', result, **result)
response.status_code = status_code
return response
def posts():
"""Show a list of posts.
:query view: one of ``summary`` or ``table``. default is ``table``
:query next: id of the next post what you want to fetch.
It can be useful for calling API, or infinite scroll.
:query offset: offset from a latest post.
:query limit: number of posts to show. default is 20, maximum is 100.
:status 200: no error.
:status 404: ``next`` post is not exists.
"""
posts = g.session.query(Post) \
.order_by(Post.sticky.desc(), Post.created_at.desc())
cnt = posts.count()
view = request.args.get('view', 'table')
next_id = request.args.get('next')
offset = int(request.args.get('offset', 0))
limit = min(int(request.args.get('limit', 20)), 100)
if next_id:
basis = g.session.query(Post).get(next_id)
if not basis:
abort(404)
posts = posts.filter(~Post.sticky) \
.filter(Post.created_at <= basis.created_at)
paged_posts = posts.offset(offset).limit(limit)
next = posts.offset(offset+limit).first()
pager = langdev.web.pager.Pager(math.ceil(cnt / float(limit)),
1 + offset / limit)
return render('forum/posts', posts,
view=view, next=next,
posts=paged_posts, pager=pager, limit=limit)
def change_password(user_login, token):
user = get_user(user_login)
form = ChangePasswordForm()
if not is_token_expired(user, token) and form.validate():
with g.session.begin():
form.populate_obj(user)
return render('user/change_password', user, user=user)
return change_password_form(user_login=user_login, token=token, form=form)
def change_password(user_login, token):
user = get_user(user_login)
form = ChangePasswordForm()
if not is_token_expired(user, token) and form.validate():
with g.session.begin():
form.populate_obj(user)
return render('user/change_password', user, user=user)
return change_password_form(user_login=user_login, token=token, form=form)
def comment(post_id, comment_id):
comment = get_comment(comment_id, post_id)
response = render('forum/base', comment, comment=comment)
if re.match(r'^(application/xhtml\+xml|text/html)\s*($|;)',
response.content_type):
return redirect(url_for('.post', post_id=post_id) +
'#comment-{0}'.format(comment.id))
return response
def signup_form(form=None):
form = form or SignUpForm.get_instance()
response = render('user/signup_form', form, form=form)
# ReCAPTCHA doesn't work on application/xhtml+xml.
if ('RECAPTCHA_PUBLIC_KEY' in current_app.config
and 'RECAPTCHA_PRIVATE_KEY' in current_app.config and re.match(
r'^application/xhtml\+xml(;|$)', response.content_type)):
response.content_type = 'text/html'
return response
def comment(post_id, comment_id):
comment = get_comment(comment_id, post_id)
response = render('forum/base', comment, comment=comment)
if re.match(r'^(application/xhtml\+xml|text/html)\s*($|;)',
response.content_type):
return redirect(
url_for('.post', post_id=post_id) +
'#comment-{0}'.format(comment.id))
return response
def change_password_form(user_login, token, form=None):
user = get_user(user_login)
expired = is_token_expired(user, token)
form = form or ChangePasswordForm()
response = render('user/change_password_form', form,
form=form, user=user, token=token, expired=expired)
if expired:
response.status_code = 403
return response
def signup_form(form=None):
form = form or SignUpForm.get_instance()
response = render('user/signup_form', form, form=form)
# ReCAPTCHA doesn't work on application/xhtml+xml.
if ('RECAPTCHA_PUBLIC_KEY' in current_app.config and
'RECAPTCHA_PRIVATE_KEY' in current_app.config and
re.match(r'^application/xhtml\+xml(;|$)', response.content_type)):
response.content_type = 'text/html'
return response
def change_password_form(user_login, token, form=None):
user = get_user(user_login)
expired = is_token_expired(user, token)
form = form or ChangePasswordForm()
response = render('user/change_password_form',
form,
form=form,
user=user,
token=token,
expired=expired)
if expired:
response.status_code = 403
return response
def posts():
"""Show a list of posts.
:query view: one of ``summary`` or ``table``. default is ``table``
:query next: id of the next post what you want to fetch.
It can be useful for calling API, or infinite scroll.
:query offset: offset from a latest post.
:query limit: number of posts to show. default is 20, maximum is 100.
:status 200: no error.
:status 404: ``next`` post is not exists.
"""
posts = g.session.query(Post) \
.order_by(Post.sticky.desc(), Post.created_at.desc())
cnt = posts.count()
view = request.args.get('view', 'table')
next_id = request.args.get('next')
offset = int(request.args.get('offset', 0))
limit = min(int(request.args.get('limit', 20)), 100)
if next_id:
basis = g.session.query(Post).get(next_id)
if not basis:
abort(404)
posts = posts.filter(~Post.sticky) \
.filter(Post.created_at <= basis.created_at)
paged_posts = posts.offset(offset).limit(limit)
next = posts.offset(offset + limit).first()
pager = langdev.web.pager.Pager(math.ceil(cnt / float(limit)),
1 + offset / limit)
return render('forum/posts',
posts,
view=view,
next=next,
posts=paged_posts,
pager=pager,
limit=limit)
def write_form(form=None):
langdev.web.user.ensure_signin()
form = form or PostForm()
return render('forum/write_form', form, form=form)
def find_password_form(form=None):
form = form or PasswordFindingForm()
return render('user/find_password_form', form, form=form)
def request_find_password_form(user_login):
user = get_user(user_login)
return render('user/request_find_password_form', user, user=user)
def find_password_form(form=None):
form = form or PasswordFindingForm()
return render('user/find_password_form', form, form=form)
def request_find_password_form(user_login):
user = get_user(user_login)
return render('user/request_find_password_form', user, user=user)
def profile(user_login, form=None):
"""User profile page."""
user = get_user(user_login)
if g.current_user == user and not form:
form = ProfileForm(request.form, user)
return render('user/profile', user, user=user, form=form)
def posts(user_login):
"""Posts a user wrote."""
user = get_user(user_login)
posts = user.posts
return render('user/posts', posts, user=user, posts=posts)
def edit_form(post_id, form=None):
post = get_post(post_id)
langdev.web.user.ensure_signin(post.author)
form = form or PostForm(request.form, post)
return render('forum/edit_form', form, form=form, post=post)
def register_form(form=None):
"""Third-party application registration form."""
langdev.web.user.ensure_signin()
form = form or ApplicationForm()
return render('thirdparty/register_form', form, form=form)
def post(post_id, comment_form=None):
post = get_post(post_id)
if not comment_form:
comment_form = CommentForm()
comment_form.fill_comments(post)
return render('forum/post', post, post=post, comment_form=comment_form)
def app(app_key):
"""Application detail information."""
app = get_app(app_key)
langdev.web.user.ensure_signin(app.owner)
return render("thirdparty/app", app, app=app)
def posts(user_login):
"""Posts a user wrote."""
user = get_user(user_login)
posts = user.posts
return render('user/posts', posts, user=user, posts=posts)
def write_form(form=None):
langdev.web.user.ensure_signin()
form = form or PostForm()
return render('forum/write_form', form, form=form)
def app(app_key):
"""Application detail information."""
app = get_app(app_key)
langdev.web.user.ensure_signin(app.owner)
return render('thirdparty/app', app, app=app)
def profile(user_login, form=None):
"""User profile page."""
user = get_user(user_login)
if g.current_user == user and not form:
form = ProfileForm(request.form, user)
return render('user/profile', user, user=user, form=form)
def edit_form(post_id, form=None):
post = get_post(post_id)
langdev.web.user.ensure_signin(post.author)
form = form or PostForm(request.form, post)
return render('forum/edit_form', form, form=form, post=post)
def post(post_id, comment_form=None):
post = get_post(post_id)
if not comment_form:
comment_form = CommentForm()
comment_form.fill_comments(post)
return render('forum/post', post, post=post, comment_form=comment_form)
def register_form(form=None):
"""Third-party application registration form."""
langdev.web.user.ensure_signin()
form = form or ApplicationForm()
return render("thirdparty/register_form", form, form=form)
