def get(self, user_id): # Session request handler current_session = Session(self) JINJA_ENVIRONMENT.globals['session'] = current_session # Language request handler Language.language(self) # Retrieved user_id to integer user_id = int(user_id) # Retrieve user data user = database.UserManager.select_by_id(user_id) # Check if user can see the profile photo if user.photo is not None: profilePhoto = database.PhotosManager.get_photo_by_id(int(user.photo)) if current_session.get_id() is None: profilePhotoAllowed = False else: requestUser = database.UserManager.select_by_id(current_session.get_id()) if security.PhotoSecurity.user_is_allowed_to_watch_photo(profilePhoto, requestUser): profilePhotoAllowed = True else: profilePhotoAllowed = False else: profilePhotoAllowed = False # Prompt page template = JINJA_ENVIRONMENT.get_template('static/templates/profile.html') self.response.write(template.render(user=user, profilePhotoAllowed=profilePhotoAllowed))
def get(self, token_id): # Session request handler current_session = Session(self) JINJA_ENVIRONMENT.globals['session'] = current_session # Language request handler Language.language(self) # Load jinja template template = JINJA_ENVIRONMENT.get_template('static/templates/activation.html') # Check if token is expired token = database.TokenManager.select_token_by_id(int(token_id)) if token and (datetime.datetime.now() - datetime.timedelta(days=1) < token.date) and (not token.used): # Activate user user = token.user.get() # Check if user is already activated if user.role_level > 0: errorMessage = _("AccountAlreadyActivated") else: errorMessage = None database.UserManager.modify_user(user.key, role_level=1) # Set token as used database.TokenManager.set_used_token(token.key) else: errorMessage = _("ExpiredTokenOrNotExist") # Prompt activation result self.response.write(template.render(error=errorMessage))
def get(self): # Session request handler current_session = Session(self) JINJA_ENVIRONMENT.globals['session'] = current_session # Language request handler Language.language(self) template = JINJA_ENVIRONMENT.get_template('static/templates/welcome.html') self.response.write(template.render())
def get(self): # Session request handler current_session = Session(self) JINJA_ENVIRONMENT.globals['session'] = current_session # Language request handler Language.language(self) # Check if user is already logged in if current_session.get_id() is not None: self.redirect("/") return None template = JINJA_ENVIRONMENT.get_template('static/templates/register.html') self.response.write(template.render())
def get(self): # Session request handler current_session = Session(self) JINJA_ENVIRONMENT.globals['session'] = current_session # Language request handler Language.language(self) # Retrieve key f = open("key/googlemaps.key") key = f.read() # Render template template = JINJA_ENVIRONMENT.get_template('static/templates/map.html') self.response.write(template.render(googleApiKey=key))
def get(self): # Session request handler current_session = Session(self) JINJA_ENVIRONMENT.globals['session'] = current_session # Language request handler Language.language(self) # Check if user has session started if current_session.get_id() is None: self.redirect("/") # Logout user current_session.logout(self) # Prompt logout page JINJA_ENVIRONMENT.globals['session'] = current_session template = JINJA_ENVIRONMENT.get_template('static/templates/logout.html') self.response.write(template.render())
def get(self): # Session request handler current_session = Session(self) JINJA_ENVIRONMENT.globals['session'] = current_session # Language request handler Language.language(self) # Check if user is admin if (current_session.get_role_level() < 3): self.redirect("/") return None # Retrieve users users = database.UserManager.select() # Render template template = JINJA_ENVIRONMENT.get_template('static/templates/users.html') self.response.write(template.render(users=users))
def get(self, token_id): # Session request handler current_session = Session(self) JINJA_ENVIRONMENT.globals['session'] = current_session # Language request handler Language.language(self) token = database.TokenManager.select_token_by_id(int(token_id)) if token and (datetime.datetime.now() - datetime.timedelta(days=1) < token.date) and (not token.used): # Present web page template = JINJA_ENVIRONMENT.get_template('static/templates/changeProfile.html') user = token.user.get() self.response.write(template.render(user=user, token_id=token_id)) else: self.redirect("/")
def post(self): # Session request handler current_session = Session(self) JINJA_ENVIRONMENT.globals['session'] = current_session # Language request handler Language.language(self) # Check if user is already logged in if current_session.get_id() is not None: self.redirect("/") # Language task Language.language(self) # Load form template = JINJA_ENVIRONMENT.get_template('static/templates/login.html') # Check user and password submitted_username = cgi.escape(self.request.get("username")) submitted_password = hashlib.sha1(cgi.escape(self.request.get("password"))).hexdigest() user = database.UserManager.select_by_username(submitted_username) # Check user exists if user is not None: # Check if user account is blocked or not if user.attempts < 3: # Check if user and password matches if submitted_username == user.name and submitted_password == user.password: # Session initialization current_session.set(self, user.key.id()) # Login attempts to zero database.UserManager.modify_user(user.key, attempts=0) # Redirection to initial page self.redirect("/") else: # Add an attempt to user login database.UserManager.modify_user(user.key, attempts=user.attempts+1) self.response.write(template.render(error=_("InvalidUsernameOrPassword"))) else: self.response.write(template.render(error=_("AccountBlocked"))) else: self.response.write(template.render(error=_("InvalidUsernameOrPassword")))
def post(self): # Session request handler current_session = Session(self) JINJA_ENVIRONMENT.globals['session'] = current_session # Language request handler Language.language(self) # Check if user is already logged in if current_session.get_id() is not None: self.redirect("/") return None # Retrieve request data username = cgi.escape(self.request.get('username')) password1 = cgi.escape(self.request.get('password1')) password2 = cgi.escape(self.request.get('password2')) email = cgi.escape(self.request.get('email')) # Load success and fail templates register_template = JINJA_ENVIRONMENT.get_template('static/templates/register.html') registered_template = JINJA_ENVIRONMENT.get_template('static/templates/registered.html') # Check email is well formed if not re.match(r"[^@]+@[^@]+\.[^@]+", email): self.response.write(register_template.render(error=_("BadEmail."))) return None # Check passwords min size is 6 if len(password1) < 6: self.response.write(register_template.render(error=_("PasswordMinLengthNotReached."))) return None # Check passwords match if password1 != password2: self.response.write(register_template.render(error=_("PasswordMissmatch"))) return None # Username not empty if len(username) < 1: self.response.write(register_template.render(error=_("EmptyUsername."))) return None # Check user exists user = database.UserManager.select_by_username(username) if user is not None: self.response.write(register_template.render(error=_("UsernameExists"))) return None # Check email exists user = database.UserManager.select_by_email(email) if user is not None: self.response.write(register_template.render(error=_("EmailExists"))) return None # Save new user in DB user_key = database.UserManager.create(username, password1, email) if user_key: # Create activation token token_key = database.TokenManager.create_token(user_key) # Send activation email email_handler.Email.send_activation(username, str(token_key.id()), email) # Autologin new user current_session.set(self, user_key.id()) JINJA_ENVIRONMENT.globals['session'] = current_session self.response.write(registered_template.render(username=username)) else: self.response.write(register_template.render(error=_("DatabaseError"))) return None
def get(self, photo_id): # Session request handler current_session = Session(self) JINJA_ENVIRONMENT.globals['session'] = current_session # Language request handler Language.language(self) # Load jinja template template = JINJA_ENVIRONMENT.get_template('static/templates/photo.html') # Check permission photo = database.PhotosManager.get_photo_by_id(int(photo_id)) if current_session.get_id() is None: request_user = None else: request_user = database.UserManager.select_by_id(current_session.get_id()) if not security.PhotoSecurity.user_is_allowed_to_watch_photo(photo, request_user): self.redirect("/") # Get photo info to display user = photo.owner.get() privacy = photo.privacy date = photo.date # Check if user can edit photo attributes edition_permission = (current_session.get_role_level() is 3) or (photo.owner == current_session.get_user_key()) # Get user allowed to watch photo if privacy == 1: allowed_users = database.PhotoUserPermissionManager.get_allowed_users_by_photo(photo) else: allowed_users = None # Count photo visited by user if current_session.get_id() is None: database.PhotoViewManager.newView(photo, None) else: database.PhotoViewManager.newView(photo, current_session.user) # Photo visualization count photo_views = database.PhotoViewManager.select_users_by_photo(photo) views_counter = {} for photo_view in photo_views: if photo_view.user is None: if "Anonymous" in views_counter: views_counter["Anonymous"]['count'] += 1 else: views_counter["Anonymous"] = {'count':1, 'name':"Anonymous", 'id': None} else: photo_view_user = photo_view.user if photo_view_user.get().name in views_counter: views_counter[photo_view_user.get().name]['count'] += 1 else: views_counter[photo_view_user.get().name] = {'count':1, 'name':photo_view_user.get().name, 'id': photo_view_user.id()} # Response page self.response.write(template.render( photo_id=photo_id, owner=user, name=photo.name, edition_permission= edition_permission, date= date, privacy=privacy, views=views_counter, every_user_list=database.UserManager.select(), allowed_users=allowed_users ))
def post(self, token_id): # Session request handler current_session = Session(self) JINJA_ENVIRONMENT.globals['session'] = current_session # Language request handler Language.language(self) # Load templates change_template = JINJA_ENVIRONMENT.get_template('static/templates/changeProfile.html') token = database.TokenManager.select_token_by_id(int(token_id)) if not(token and (datetime.datetime.now() - datetime.timedelta(days=1) < token.date) and (not token.used)): self.redirect("/") user = token.user.get() # Check username username = cgi.escape(self.request.get('username')) # If username is modified if username != user.name: # Username not empty if len(username) < 1: self.response.write(change_template.render(user=user, error=_("EmptyUsername."))) return None # Check username not taken dbusername = database.UserManager.select_by_username(username) if dbusername is not None: self.response.write(change_template.render(user=user, error=_("UsernameExists"))) return None # Check email email = cgi.escape(self.request.get('email')) # If email is modified if email != user.email: # Check email is well formed if not re.match(r"[^@]+@[^@]+\.[^@]+", email): self.response.write(change_template.render(user=user, error=_("BadEmail."))) return None # Check email not taken dbuseremail = database.UserManager.select_by_email(email) if dbuseremail is not None: self.response.write(change_template.render(user=user, error=_("EmailExists"))) return None # Check passwords request_password1 = self.request.get('password1', None) request_password2 = self.request.get('password2', None) password1 = cgi.escape(request_password1) password2 = cgi.escape(request_password2) # Save user and email if passwords are not changed if len(password1) < 1 or len(password2) < 1: database.UserManager.modify_user(user.key, username=username, email=email) else: # Check passwords before modify user data if len(password1) < 6: self.response.write(change_template.render(user=user, error=_("PasswordMinLengthNotReached."))) return None # Check passwords match if password1 != password2: self.response.write(change_template.render(user=user, error=_("PasswordMissmatch"))) return None database.UserManager.modify_user(user.key, username=username, password=password1, email=email) # If data is changed, set token as used database.TokenManager.set_used_token(token.key) # Response changed values self.redirect("/profile/"+str(user.key.id()))