def user_details(self):
user = User.by_uuid(self.get_argument('uuid', ''))
print user
if user is not None:
self.write(user.to_dict())
else:
self.write({})
def get(self, *args, **kwargs):
""" Display the default user page """
user = self.get_current_user()
if user:
admin = user.is_admin()
else:
admin = False
uuid = self.get_argument("id", None)
display_user = User.by_uuid(uuid)
visitor = False
if not user and (options.scoreboard_visibility != "public"
or not display_user):
self.redirect("/login")
return
elif display_user and (not user or display_user != user):
user = display_user
visitor = True
if not user:
self.redirect("/login")
return
if uuid is None and user.is_admin():
self.timer()
self.render("admin/home.html", user=user)
else:
game_started = self.application.settings[
"game_started"] or user.is_admin()
self.render("user/home.html",
user=user,
game_started=game_started,
visitor=visitor)
def post(self, *args, **kwargs):
user_uuid = self.get_argument('uuid', '')
user = User.by_uuid(user_uuid)
if user is not None:
errors = []
username = self.get_argument('username', None)
password = self.get_argument('password', None)
if password is not None:
if 12 <= len(password) <= 100:
self.change_user_password(user)
else:
errors.append("Password invalid length (12-100)")
if username is not None and username != user.username:
if 3 <= len(username) <= 15:
if User.by_username(username) is None:
user.username = username
dbsession.add(user)
dbsession.flush()
else:
errors.append("Username already exists")
else:
errors.append("Username is an invalid length (3-15)")
self.render("admin/manage_users.html", errors=errors)
else:
self.render("admin/manage_users.html",
errors=["User does not exist"])
def get(self, *args, **kwargs):
""" Validates Email and renders login page """
if len(options.mail_host) > 0:
error = None
info = None
try:
user_uuid = decode(
urlsafe_b64decode(self.get_argument("u", "")))
token = sha256(urlsafe_b64decode(self.get_argument(
"t", ""))).hexdigest()
except:
user_uuid = urlsafe_b64decode(
encode(self.get_argument("u", "")))
token = sha256(
urlsafe_b64decode(encode(self.get_argument(
"t", "")))).hexdigest()
user = User.by_uuid(user_uuid)
if user:
if user.is_email_valid() is True:
pass
elif user.validate_email(token) is True:
info = [
"Successfully validated email for %s" % user.handle
]
user.locked = False
self.dbsession.add(user)
self.dbsession.commit()
self.event_manager.user_joined_team(user)
else:
error = ["Faield to validate email for %s" % user.handle]
elif len(user_uuid) > 0 and not user:
error = ["Invalid user for email validation"]
self.render("public/login.html", info=info, errors=error)
else:
self.redirect("public/404")
def user_details(self):
user = User.by_uuid(self.get_argument("uuid", ""))
# print(user)
if user is not None:
self.write(user.to_dict())
else:
self.write({})
def post(self, *args, **kwargs):
''' Toggle account lock '''
user = User.by_uuid(self.get_argument('uuid', ''))
if user is not None:
user.locked = False if user.locked else True
self.dbsession.add(user)
self.dbsession.commit()
self.redirect('/admin/users')
def post(self, *args, **kwargs):
""" Toggle account lock """
user = User.by_uuid(self.get_argument("uuid", ""))
if user is not None:
user.locked = False if user.locked else True
self.dbsession.add(user)
self.dbsession.commit()
self.redirect("/admin/users")
def post(self, *args, **kwargs):
''' Toggle account lock '''
uuid = self.get_argument('uuid', '')
user = User.by_uuid(uuid)
if user is not None:
user.locked = False if user.locked else True
dbsession.add(user)
dbsession.flush()
self.redirect('/admin')
def lock_user(self):
""" Toggle account lock """
user = User.by_uuid(self.get_argument("uuid", ""))
if user is not None:
user.locked = False if user.locked else True
self.dbsession.add(user)
self.dbsession.commit()
self.redirect("/admin/users")
else:
self.render("public/404.html")
def get(self, *args, **kwargs):
uuid = self.get_argument('uuid', '')
user = User.by_uuid(uuid)
if user is not None:
self.write({
'username': user.username,
})
else:
self.write({'Error': 'User does not exist.'})
self.finish()
def get_current_user(self):
""" Get current user object from database """
if self.session is not None:
try:
return User.by_uuid(self.session["user_uuid"])
except KeyError:
logging.exception("Malformed session: %r" % self.session)
except:
logging.exception("Failed call to get_current_user()")
return None
def get(self, uuid=None):
''' Get a specific user or all users '''
if uuid is None:
response = json.dumps([user.to_dict() for user in User.all()])
else:
user = User.by_uuid(uuid)
if user is not None:
response = user.to_dict()
else:
self.set_status(BAD_REQUEST)
response = {"error": "User not found"}
self.write(response)
def del_user(self):
'''
Delete user objects in the database, you cannot delete yourself.
'''
user = User.by_uuid(self.get_argument('uuid', ''))
if user is not None and user != self.get_current_user():
logging.info("Deleted User: '******'" % str(user.handle))
self.dbsession.delete(user)
self.dbsession.commit()
self.redirect("/admin/users")
else:
self.render("admin/view/users.html", errors=["User is not exist"])
def post(self):
user = User.by_uuid(self.get_argument('uuid', ''))
delete = self.get_argument('delete', '')
if delete == 'delete':
self.db.delete(user)
self.db.commit()
self.redirect('/')
elif user:
user.username=self.get_argument('username', '')
self.db.add(user)
self.db.commit()
self.redirect('/')
else:
self.write('error no')
def del_user(self):
"""
Delete user objects in the database, you cannot delete yourself.
"""
user = User.by_uuid(self.get_argument("uuid", ""))
if user is not None and user != self.get_current_user():
logging.info("Deleted User: '******'" % str(user.handle))
EventManager.instance().deauth(user)
self.dbsession.delete(user)
self.dbsession.commit()
self.event_manager.push_score_update()
self.redirect("/admin/users")
else:
self.render("admin/view/users.html",
errors=["User does not exist"])
def edit_user(self):
''' Update user objects in the database '''
try:
user = User.by_uuid(self.get_argument('uuid', ''))
if user is None:
raise ValidationError("User does not exist")
handle = self.get_argument('handle', '')
if user.handle != handle:
if User.by_handle(handle) is None:
logging.info("Updated user handle %s -> %s" % (
user.handle, handle
))
user.handle = handle
else:
raise ValidationError("Handle is already in use")
hash_algorithm = self.get_argument('hash_algorithm', '')
if hash_algorithm != user.algorithm:
if hash_algorithm in user.algorithms:
if 0 < len(self.get_argument('bank_password', '')):
logging.info("Updated %s's hashing algorithm %s -> %s" % (
user.handle, user.algorithm, hash_algorithm,
))
user.algorithm = hash_algorithm
else:
raise ValidationError(
"You must provide a new bank password when updating the hashing algorithm")
else:
raise ValidationError("Not a valid hash algorithm")
user.password = self.get_argument('password', '')
if len(self.get_argument('bank_password', '')):
user.bank_password = self.get_argument('bank_password', '')
team = Team.by_uuid(self.get_argument('team_uuid', ''))
if team is not None:
if user not in team.members:
logging.info("Updated %s's team %s -> %s" % (
user.handle, user.team_id, team.name
))
user.team_id = team.id
else:
raise ValidationError("Team does not exist in database")
self.dbsession.add(user)
self.dbsession.commit()
self.redirect('/admin/users')
except ValidationError as error:
self.render("admin/view/users.html",
errors=[str(error), ]
)
def put(self, uuid=None):
''' Edit existing users '''
try:
if uuid is None:
raise ValidationError("Missing uuid parameter")
user = User.by_uuid(uuid)
if user is None:
raise ValidationError("User not found")
if self.get_argument("is_admin", False) is True:
self._make_admin(user)
if self.get_argument("password", None) is not None:
self._change_user_password(user)
if self.get_argument("name", None) is not None:
self._change_user_name(user)
except ValidationError as error:
self.set_status(BAD_REQUEST)
self.write({"error": str(error)})
def get(self, *args, **kwargs):
''' Toggle account lock '''
uuid = self.get_argument('uuid', '')
user = User.by_uuid(uuid)
if user is not None:
if user.locked:
user.locked = False
dbsession.add(user)
self.write({'success': 'unlocked'})
else:
user.locked = True
dbsession.add(user)
self.write({'success': 'locked'})
else:
self.write({'error': 'User does not exist'})
dbsession.flush()
self.finish()
def post(self, *args, **kwargs):
""" Validate user arguments for SWAT request """
target = User.by_uuid(self.get_argument("uuid", ""))
if target is not None and not target.is_admin():
if not Swat.user_is_pending(
target) and not Swat.user_is_in_progress(target):
user = self.get_current_user()
if target not in user.team.members:
if Swat.get_price(target) <= user.team.money:
self.create_swat(user, target)
self.redirect("/swat")
else:
self.render_page("You cannot afford this bribe")
else:
self.render_page("You cannot SWAT your own team")
else:
self.render_page("A bribe is already exists for this player")
else:
self.render_page("Target user does not exist")
def post(self, *args, **kwargs):
''' Validate user arguments for SWAT request '''
target = User.by_uuid(self.get_argument('uuid', ''))
if target is not None and not target.has_permission(ADMIN_PERMISSION):
if not Swat.user_is_pending(
target) and not Swat.user_is_in_progress(target):
user = self.get_current_user()
if not target in user.team.members:
if Swat.get_price(target) <= user.team.money:
self.create_swat(user, target)
self.redirect('/swat')
else:
self.render_page("You cannot afford this bribe")
else:
self.render_page("You cannot SWAT your own team")
else:
self.render_page("A bribe is already exists for this player")
else:
self.render_page("Target user does not exist")
def get(self, *args, **kwargs):
state = args = self.get_argument("state")
code = self.get_argument("code")
code_flow = self.memcached.get(state)
self.memcached.delete(state)
args = {"code": code, "state": state}
result = azuread_app.acquire_token_by_auth_code_flow(code_flow, args)
if "error" in result:
self.redirect("/403")
return
claims = result.get("id_token_claims")
# Admin is defined by the Azure AD AppRole "Admin"
hasAdminRole = self.is_admin(claims)
# Get the team code (if set) would have come from the Join Team page.
team_code = None
if "teamcode" in code_flow:
team_code = code_flow["teamcode"]
# Look up user the Azure AD object id (Guid)
user = User.by_uuid(claims["oid"])
# If user is not admin and not part of a team or new, they need to join a team.
# Redirect to the join team page here, if needed, before the user is created in the db.
if self.needs_team(hasAdminRole, user, team_code):
self.redirect("/jointeam?upn=" + claims["upn"])
return
# New user
if user is None:
user = self.add_user(claims, team_code)
self.update_permissions(user, hasAdminRole)
self.dbsession.commit()
self.create_login_session(user)
self.redirect("/user")
def get(self):
user = User.by_uuid(self.get_argument('uuid', ''))
self.db.delete(user)
self.db.commit()
self.redirect('/')
def edit_user(self):
""" Update user objects in the database """
try:
user = User.by_uuid(self.get_argument("uuid", ""))
if user is None:
raise ValidationError("User does not exist")
handle = self.get_argument("handle", "")
if user.handle != handle:
if User.by_handle(handle) is None:
logging.info("Updated user handle %s -> %s" %
(user.handle, handle))
user.handle = handle
else:
raise ValidationError("Handle is already in use")
name = self.get_argument("name", "")
email = self.get_argument("email", "")
if user.name != name:
logging.info("Updated user Name %s -> %s" % (user.name, name))
user.name = name
if user.email != email:
logging.info("Updated user Email %s -> %s" %
(user.email, email))
user.email = email
if options.banking:
hash_algorithm = self.get_argument("hash_algorithm", "")
if hash_algorithm != user.algorithm:
if hash_algorithm in user.algorithms:
if 0 < len(self.get_argument("bank_password", "")):
logging.info(
"Updated %s's hashing algorithm %s -> %s" %
(user.handle, user.algorithm, hash_algorithm))
user.algorithm = hash_algorithm
else:
raise ValidationError(
"You must provide a new bank password when updating the hashing algorithm"
)
else:
raise ValidationError("Not a valid hash algorithm")
if len(self.get_argument("bank_password", "")):
user.bank_password = self.get_argument("bank_password", "")
password = self.get_argument("password", "")
if password and len(password) > 0:
user.password = password
if hasattr(self.request,
"files") and "avatarfile" in self.request.files:
user.avatar = self.request.files["avatarfile"][0]["body"]
else:
avatar = self.get_argument("avatar", user.avatar)
# allow for default without setting
user._avatar = avatar
team = Team.by_uuid(self.get_argument("team_uuid", ""))
if team is not None:
if user not in team.members:
logging.info("Updated %s's team %s -> %s" %
(user.handle, user.team_id, team.name))
user.team_id = team.id
elif options.teams:
raise ValidationError("Team does not exist in database")
self.dbsession.add(user)
admin = self.get_argument("admin", "false")
if admin == "true" and not user.is_admin():
permission = Permission()
permission.name = ADMIN_PERMISSION
permission.user_id = user.id
self.dbsession.add(permission)
elif admin == "false" and user.is_admin():
permissions = Permission.by_user_id(user.id)
for permission in permissions:
if permission.name == ADMIN_PERMISSION:
self.dbsession.delete(permission)
self.dbsession.commit()
self.redirect("/admin/users")
except ValidationError as error:
self.render("admin/view/users.html", errors=[str(error)])
def get(self, *args, **kwargs):
uuid = self.get_argument("uuid", None)
user = User.by_uuid(uuid)
self.render("admin/view/user_stats.html", user=user, errors=None)
def edit_user(self):
''' Update user objects in the database '''
try:
user = User.by_uuid(self.get_argument('uuid', ''))
if user is None:
raise ValidationError("User does not exist")
handle = self.get_argument('handle', '')
if user.handle != handle:
if User.by_handle(handle) is None:
logging.info("Updated user handle %s -> %s" %
(user.handle, handle))
user.handle = handle
else:
raise ValidationError("Handle is already in use")
name = self.get_argument('name', '')
email = self.get_argument('email', '')
if user.name != name:
logging.info("Updated user Name %s -> %s" % (user.name, name))
user.name = name
if user.email != email:
logging.info("Updated user Email %s -> %s" %
(user.email, email))
user.email = email
if options.banking:
hash_algorithm = self.get_argument('hash_algorithm', '')
if hash_algorithm != user.algorithm:
if hash_algorithm in user.algorithms:
if 0 < len(self.get_argument('bank_password', '')):
logging.info(
"Updated %s's hashing algorithm %s -> %s" % (
user.handle,
user.algorithm,
hash_algorithm,
))
user.algorithm = hash_algorithm
else:
raise ValidationError(
"You must provide a new bank password when updating the hashing algorithm"
)
else:
raise ValidationError("Not a valid hash algorithm")
if len(self.get_argument('bank_password', '')):
user.bank_password = self.get_argument('bank_password', '')
password = self.get_argument('password', '')
if password and len(password) > 0:
user.password = password
if hasattr(self.request,
'files') and 'avatarfile' in self.request.files:
user.avatar = self.request.files['avatarfile'][0]['body']
else:
avatar = self.get_argument('avatar', user.avatar)
#allow for default without setting
user._avatar = avatar
team = Team.by_uuid(self.get_argument('team_uuid', ''))
if team is not None:
if user not in team.members:
logging.info("Updated %s's team %s -> %s" %
(user.handle, user.team_id, team.name))
user.team_id = team.id
elif options.teams:
raise ValidationError("Team does not exist in database")
self.dbsession.add(user)
self.dbsession.commit()
self.redirect('/admin/users')
except ValidationError as error:
self.render("admin/view/users.html", errors=[
str(error),
])
