def user_details(self): user = User.by_uuid(self.get_argument('uuid', '')) print user if user is not None: self.write(user.to_dict()) else: self.write({})
def get(self, *args, **kwargs): """ Display the default user page """ user = self.get_current_user() if user: admin = user.is_admin() else: admin = False uuid = self.get_argument("id", None) display_user = User.by_uuid(uuid) visitor = False if not user and (options.scoreboard_visibility != "public" or not display_user): self.redirect("/login") return elif display_user and (not user or display_user != user): user = display_user visitor = True if not user: self.redirect("/login") return if uuid is None and user.is_admin(): self.timer() self.render("admin/home.html", user=user) else: game_started = self.application.settings[ "game_started"] or user.is_admin() self.render("user/home.html", user=user, game_started=game_started, visitor=visitor)
def post(self, *args, **kwargs): user_uuid = self.get_argument('uuid', '') user = User.by_uuid(user_uuid) if user is not None: errors = [] username = self.get_argument('username', None) password = self.get_argument('password', None) if password is not None: if 12 <= len(password) <= 100: self.change_user_password(user) else: errors.append("Password invalid length (12-100)") if username is not None and username != user.username: if 3 <= len(username) <= 15: if User.by_username(username) is None: user.username = username dbsession.add(user) dbsession.flush() else: errors.append("Username already exists") else: errors.append("Username is an invalid length (3-15)") self.render("admin/manage_users.html", errors=errors) else: self.render("admin/manage_users.html", errors=["User does not exist"])
def get(self, *args, **kwargs): """ Validates Email and renders login page """ if len(options.mail_host) > 0: error = None info = None try: user_uuid = decode( urlsafe_b64decode(self.get_argument("u", ""))) token = sha256(urlsafe_b64decode(self.get_argument( "t", ""))).hexdigest() except: user_uuid = urlsafe_b64decode( encode(self.get_argument("u", ""))) token = sha256( urlsafe_b64decode(encode(self.get_argument( "t", "")))).hexdigest() user = User.by_uuid(user_uuid) if user: if user.is_email_valid() is True: pass elif user.validate_email(token) is True: info = [ "Successfully validated email for %s" % user.handle ] user.locked = False self.dbsession.add(user) self.dbsession.commit() self.event_manager.user_joined_team(user) else: error = ["Faield to validate email for %s" % user.handle] elif len(user_uuid) > 0 and not user: error = ["Invalid user for email validation"] self.render("public/login.html", info=info, errors=error) else: self.redirect("public/404")
def user_details(self): user = User.by_uuid(self.get_argument("uuid", "")) # print(user) if user is not None: self.write(user.to_dict()) else: self.write({})
def post(self, *args, **kwargs): ''' Toggle account lock ''' user = User.by_uuid(self.get_argument('uuid', '')) if user is not None: user.locked = False if user.locked else True self.dbsession.add(user) self.dbsession.commit() self.redirect('/admin/users')
def post(self, *args, **kwargs): """ Toggle account lock """ user = User.by_uuid(self.get_argument("uuid", "")) if user is not None: user.locked = False if user.locked else True self.dbsession.add(user) self.dbsession.commit() self.redirect("/admin/users")
def post(self, *args, **kwargs): ''' Toggle account lock ''' uuid = self.get_argument('uuid', '') user = User.by_uuid(uuid) if user is not None: user.locked = False if user.locked else True dbsession.add(user) dbsession.flush() self.redirect('/admin')
def lock_user(self): """ Toggle account lock """ user = User.by_uuid(self.get_argument("uuid", "")) if user is not None: user.locked = False if user.locked else True self.dbsession.add(user) self.dbsession.commit() self.redirect("/admin/users") else: self.render("public/404.html")
def get(self, *args, **kwargs): uuid = self.get_argument('uuid', '') user = User.by_uuid(uuid) if user is not None: self.write({ 'username': user.username, }) else: self.write({'Error': 'User does not exist.'}) self.finish()
def get_current_user(self): """ Get current user object from database """ if self.session is not None: try: return User.by_uuid(self.session["user_uuid"]) except KeyError: logging.exception("Malformed session: %r" % self.session) except: logging.exception("Failed call to get_current_user()") return None
def get(self, uuid=None): ''' Get a specific user or all users ''' if uuid is None: response = json.dumps([user.to_dict() for user in User.all()]) else: user = User.by_uuid(uuid) if user is not None: response = user.to_dict() else: self.set_status(BAD_REQUEST) response = {"error": "User not found"} self.write(response)
def del_user(self): ''' Delete user objects in the database, you cannot delete yourself. ''' user = User.by_uuid(self.get_argument('uuid', '')) if user is not None and user != self.get_current_user(): logging.info("Deleted User: '******'" % str(user.handle)) self.dbsession.delete(user) self.dbsession.commit() self.redirect("/admin/users") else: self.render("admin/view/users.html", errors=["User is not exist"])
def post(self): user = User.by_uuid(self.get_argument('uuid', '')) delete = self.get_argument('delete', '') if delete == 'delete': self.db.delete(user) self.db.commit() self.redirect('/') elif user: user.username=self.get_argument('username', '') self.db.add(user) self.db.commit() self.redirect('/') else: self.write('error no')
def del_user(self): """ Delete user objects in the database, you cannot delete yourself. """ user = User.by_uuid(self.get_argument("uuid", "")) if user is not None and user != self.get_current_user(): logging.info("Deleted User: '******'" % str(user.handle)) EventManager.instance().deauth(user) self.dbsession.delete(user) self.dbsession.commit() self.event_manager.push_score_update() self.redirect("/admin/users") else: self.render("admin/view/users.html", errors=["User does not exist"])
def edit_user(self): ''' Update user objects in the database ''' try: user = User.by_uuid(self.get_argument('uuid', '')) if user is None: raise ValidationError("User does not exist") handle = self.get_argument('handle', '') if user.handle != handle: if User.by_handle(handle) is None: logging.info("Updated user handle %s -> %s" % ( user.handle, handle )) user.handle = handle else: raise ValidationError("Handle is already in use") hash_algorithm = self.get_argument('hash_algorithm', '') if hash_algorithm != user.algorithm: if hash_algorithm in user.algorithms: if 0 < len(self.get_argument('bank_password', '')): logging.info("Updated %s's hashing algorithm %s -> %s" % ( user.handle, user.algorithm, hash_algorithm, )) user.algorithm = hash_algorithm else: raise ValidationError( "You must provide a new bank password when updating the hashing algorithm") else: raise ValidationError("Not a valid hash algorithm") user.password = self.get_argument('password', '') if len(self.get_argument('bank_password', '')): user.bank_password = self.get_argument('bank_password', '') team = Team.by_uuid(self.get_argument('team_uuid', '')) if team is not None: if user not in team.members: logging.info("Updated %s's team %s -> %s" % ( user.handle, user.team_id, team.name )) user.team_id = team.id else: raise ValidationError("Team does not exist in database") self.dbsession.add(user) self.dbsession.commit() self.redirect('/admin/users') except ValidationError as error: self.render("admin/view/users.html", errors=[str(error), ] )
def put(self, uuid=None): ''' Edit existing users ''' try: if uuid is None: raise ValidationError("Missing uuid parameter") user = User.by_uuid(uuid) if user is None: raise ValidationError("User not found") if self.get_argument("is_admin", False) is True: self._make_admin(user) if self.get_argument("password", None) is not None: self._change_user_password(user) if self.get_argument("name", None) is not None: self._change_user_name(user) except ValidationError as error: self.set_status(BAD_REQUEST) self.write({"error": str(error)})
def get(self, *args, **kwargs): ''' Toggle account lock ''' uuid = self.get_argument('uuid', '') user = User.by_uuid(uuid) if user is not None: if user.locked: user.locked = False dbsession.add(user) self.write({'success': 'unlocked'}) else: user.locked = True dbsession.add(user) self.write({'success': 'locked'}) else: self.write({'error': 'User does not exist'}) dbsession.flush() self.finish()
def post(self, *args, **kwargs): """ Validate user arguments for SWAT request """ target = User.by_uuid(self.get_argument("uuid", "")) if target is not None and not target.is_admin(): if not Swat.user_is_pending( target) and not Swat.user_is_in_progress(target): user = self.get_current_user() if target not in user.team.members: if Swat.get_price(target) <= user.team.money: self.create_swat(user, target) self.redirect("/swat") else: self.render_page("You cannot afford this bribe") else: self.render_page("You cannot SWAT your own team") else: self.render_page("A bribe is already exists for this player") else: self.render_page("Target user does not exist")
def post(self, *args, **kwargs): ''' Validate user arguments for SWAT request ''' target = User.by_uuid(self.get_argument('uuid', '')) if target is not None and not target.has_permission(ADMIN_PERMISSION): if not Swat.user_is_pending( target) and not Swat.user_is_in_progress(target): user = self.get_current_user() if not target in user.team.members: if Swat.get_price(target) <= user.team.money: self.create_swat(user, target) self.redirect('/swat') else: self.render_page("You cannot afford this bribe") else: self.render_page("You cannot SWAT your own team") else: self.render_page("A bribe is already exists for this player") else: self.render_page("Target user does not exist")
def get(self, *args, **kwargs): state = args = self.get_argument("state") code = self.get_argument("code") code_flow = self.memcached.get(state) self.memcached.delete(state) args = {"code": code, "state": state} result = azuread_app.acquire_token_by_auth_code_flow(code_flow, args) if "error" in result: self.redirect("/403") return claims = result.get("id_token_claims") # Admin is defined by the Azure AD AppRole "Admin" hasAdminRole = self.is_admin(claims) # Get the team code (if set) would have come from the Join Team page. team_code = None if "teamcode" in code_flow: team_code = code_flow["teamcode"] # Look up user the Azure AD object id (Guid) user = User.by_uuid(claims["oid"]) # If user is not admin and not part of a team or new, they need to join a team. # Redirect to the join team page here, if needed, before the user is created in the db. if self.needs_team(hasAdminRole, user, team_code): self.redirect("/jointeam?upn=" + claims["upn"]) return # New user if user is None: user = self.add_user(claims, team_code) self.update_permissions(user, hasAdminRole) self.dbsession.commit() self.create_login_session(user) self.redirect("/user")
def get(self): user = User.by_uuid(self.get_argument('uuid', '')) self.db.delete(user) self.db.commit() self.redirect('/')
def edit_user(self): """ Update user objects in the database """ try: user = User.by_uuid(self.get_argument("uuid", "")) if user is None: raise ValidationError("User does not exist") handle = self.get_argument("handle", "") if user.handle != handle: if User.by_handle(handle) is None: logging.info("Updated user handle %s -> %s" % (user.handle, handle)) user.handle = handle else: raise ValidationError("Handle is already in use") name = self.get_argument("name", "") email = self.get_argument("email", "") if user.name != name: logging.info("Updated user Name %s -> %s" % (user.name, name)) user.name = name if user.email != email: logging.info("Updated user Email %s -> %s" % (user.email, email)) user.email = email if options.banking: hash_algorithm = self.get_argument("hash_algorithm", "") if hash_algorithm != user.algorithm: if hash_algorithm in user.algorithms: if 0 < len(self.get_argument("bank_password", "")): logging.info( "Updated %s's hashing algorithm %s -> %s" % (user.handle, user.algorithm, hash_algorithm)) user.algorithm = hash_algorithm else: raise ValidationError( "You must provide a new bank password when updating the hashing algorithm" ) else: raise ValidationError("Not a valid hash algorithm") if len(self.get_argument("bank_password", "")): user.bank_password = self.get_argument("bank_password", "") password = self.get_argument("password", "") if password and len(password) > 0: user.password = password if hasattr(self.request, "files") and "avatarfile" in self.request.files: user.avatar = self.request.files["avatarfile"][0]["body"] else: avatar = self.get_argument("avatar", user.avatar) # allow for default without setting user._avatar = avatar team = Team.by_uuid(self.get_argument("team_uuid", "")) if team is not None: if user not in team.members: logging.info("Updated %s's team %s -> %s" % (user.handle, user.team_id, team.name)) user.team_id = team.id elif options.teams: raise ValidationError("Team does not exist in database") self.dbsession.add(user) admin = self.get_argument("admin", "false") if admin == "true" and not user.is_admin(): permission = Permission() permission.name = ADMIN_PERMISSION permission.user_id = user.id self.dbsession.add(permission) elif admin == "false" and user.is_admin(): permissions = Permission.by_user_id(user.id) for permission in permissions: if permission.name == ADMIN_PERMISSION: self.dbsession.delete(permission) self.dbsession.commit() self.redirect("/admin/users") except ValidationError as error: self.render("admin/view/users.html", errors=[str(error)])
def get(self, *args, **kwargs): uuid = self.get_argument("uuid", None) user = User.by_uuid(uuid) self.render("admin/view/user_stats.html", user=user, errors=None)
def edit_user(self): ''' Update user objects in the database ''' try: user = User.by_uuid(self.get_argument('uuid', '')) if user is None: raise ValidationError("User does not exist") handle = self.get_argument('handle', '') if user.handle != handle: if User.by_handle(handle) is None: logging.info("Updated user handle %s -> %s" % (user.handle, handle)) user.handle = handle else: raise ValidationError("Handle is already in use") name = self.get_argument('name', '') email = self.get_argument('email', '') if user.name != name: logging.info("Updated user Name %s -> %s" % (user.name, name)) user.name = name if user.email != email: logging.info("Updated user Email %s -> %s" % (user.email, email)) user.email = email if options.banking: hash_algorithm = self.get_argument('hash_algorithm', '') if hash_algorithm != user.algorithm: if hash_algorithm in user.algorithms: if 0 < len(self.get_argument('bank_password', '')): logging.info( "Updated %s's hashing algorithm %s -> %s" % ( user.handle, user.algorithm, hash_algorithm, )) user.algorithm = hash_algorithm else: raise ValidationError( "You must provide a new bank password when updating the hashing algorithm" ) else: raise ValidationError("Not a valid hash algorithm") if len(self.get_argument('bank_password', '')): user.bank_password = self.get_argument('bank_password', '') password = self.get_argument('password', '') if password and len(password) > 0: user.password = password if hasattr(self.request, 'files') and 'avatarfile' in self.request.files: user.avatar = self.request.files['avatarfile'][0]['body'] else: avatar = self.get_argument('avatar', user.avatar) #allow for default without setting user._avatar = avatar team = Team.by_uuid(self.get_argument('team_uuid', '')) if team is not None: if user not in team.members: logging.info("Updated %s's team %s -> %s" % (user.handle, user.team_id, team.name)) user.team_id = team.id elif options.teams: raise ValidationError("Team does not exist in database") self.dbsession.add(user) self.dbsession.commit() self.redirect('/admin/users') except ValidationError as error: self.render("admin/view/users.html", errors=[ str(error), ])