Exemple #1
0
    def handler(req):
        cookie = PoorSession(req)
        if 'login' not in cookie.data:
            req.log_error('Login cookie not found.', state.LOG_INFO)
            redirect(req, '/', text='Login required')

        return fn(req)
Exemple #2
0
def admin_orders_action(req, id):
    check_login(req)
    check_token(req, req.form.get('token'))
    check_right(req, module_right)

    if req.uri.endswith('/storno'):
        ostate = STATE_STORNED
    elif req.uri.endswith('/process'):
        ostate = STATE_PROCESS
    elif req.uri.endswith('/sent'):
        ostate = STATE_SENT
    elif req.uri.endswith('/close'):
        ostate = STATE_CLOSED
    elif req.uri.endswith('/wait_for_paid'):
        ostate = STATE_WAIT_FOR_PAID
    elif req.uri.endswith('/wait_for_pick_up'):
        ostate = STATE_WAIT_FOR_PICK_UP
    else:
        raise SERVER_RETURN(state.HTTP_BAD_REQUEST)

    note = req.form.getfirst('note', '', uni)

    order = Order(id)
    if order.set_state(req, ostate, note) is None:
        raise SERVER_RETURN(state.HTTP_NOT_FOUND)

    if ostate != STATE_CLOSED:
        send_order_status(req, order)

    redirect(req, '/admin/eshop/orders/%d' % id)
Exemple #3
0
def logout(req):
    req.log_error("Input cookies: %s" % repr(req.cookies), state.LOG_DEBUG)
    cookie = PoorSession(req)
    cookie.destroy()
    cookie.header(req, req.headers_out)
    req.log_error("Output headers: %s" % req.headers_out, state.LOG_DEBUG)
    redirect(req, '/')
Exemple #4
0
def login(req):
    # password check is missing !
    cookie = PoorSession(req)
    cookie.data['hash'] = random_string()
    # cookie data are crypted with poorwsgi secret key
    cookie.header(req, req.headers_out)
    redirect(req, '/')
Exemple #5
0
def admin_pages_regenerate_all(req):
    check_login(req, '/log_in?referer=/admin/pages')
    check_right(req, 'pages_modify')

    Page.regenerate_all(req)

    # TODO: redirect to same page
    redirect(req, '/admin/pages?error=%d' % SUCCESS)
Exemple #6
0
def check_origin(req, redirect=None):
    if not do_check_origin(req):
        req.log_error("Origin not check", state.LOG_ALERT)
        if redirect:
            redirect(req, redirect)
        req.precondition = Object()
        req.precondition.origin = "%s://%s" % (req.scheme, req.hostname)
        raise SERVER_RETURN(state.HTTP_PRECONDITION_FAILED)
Exemple #7
0
def admin_pages_del(req, pid):
    check_login(req, '/log_in?referer=/admin/jopbs')
    check_right(req, 'super')
    check_referer(req, '/admin/jobs')

    job = Job(pid=pid)
    job.delete(req)
    redirect(req, '/admin/jobs')
Exemple #8
0
def redirect_ruri(req, *args):
    item = Redirect()
    item.src = req.uri_rule
    item.get(req, key='src')
    dst = item.dst.format(*args)
    print args
    redirect(req, dst,
             permanent=int(item.code == state.HTTP_MOVED_PERMANENTLY))
Exemple #9
0
def check_token(req, token, redirect=None, uri=None):
    if not do_check_token(req, token, uri):
        req.log_error("Token {0!r} not check".format(token), state.LOG_ALERT)
        if redirect:
            redirect(req, redirect)
        req.precondition = Object()
        req.precondition.csrf = True
        raise SERVER_RETURN(state.HTTP_PRECONDITION_FAILED)
Exemple #10
0
def check_referer(req, uri, redirect=None):
    full_referer = create_referer(req, uri)
    if not req.referer or full_referer != req.referer.split("?")[0]:
        req.log_error("Referer %s not check" % uri, state.LOG_ALERT)
        if redirect:
            redirect(req, redirect)
        req.precondition = Object()
        req.precondition.referer = full_referer
        raise SERVER_RETURN(state.HTTP_PRECONDITION_FAILED)
Exemple #11
0
def articles_comment(req, arg):
    id = arg if isinstance(arg, int) else None
    uri = arg if isinstance(arg, unicode) else None

    article, rv = articles_comment_internal(req, uri, id)
    if hasattr(rv, 'reason'):
        return articles_detail_internal(req, article, error=rv, form=req.form)
    elif rv is None:
        raise SERVER_RETURN(state.HTTP_INTERNAL_SERVER_ERROR)
    redirect(req, req.uri+'#comment_%s' % rv.id)
Exemple #12
0
def verify(req, servis_hash):
    login = Login()
    status = login.verify(req, servis_hash)
    if status is True:
        do_login(req, login.simple())
        redirect(req, "/")
    elif status == OK:
        return generate_page(req, "/login/email_verificated.html")
    else:
        return generate_page(req, "/login/email_verificated.html", error=status, item=login)
Exemple #13
0
def admin_logins_enable(req, id):
    check_login(req, "/log_in?referer=/admin/logins")
    check_right(req, R_ADMIN)
    check_token(req, req.form.get("token"))

    login = Login(id)
    if req.login.id == login.id:  # not good idea to
        raise SERVER_RETURN(state.HTTP_FORBIDDEN)  # disable himself

    login.enabled = int(req.uri.endswith("/enable"))
    login.enable(req)
    redirect(req, "/admin/logins")
Exemple #14
0
 def handler(req):
     session = PoorSession(app.secret_key)
     try:
         session.load(req.cookies)
     except SessionError:
         pass
     if 'login' not in session.data:
         log.info('Login cookie not found.')
         redirect(
             "/",
             message="Login required",
         )
     return fun(req)
Exemple #15
0
def admin_pages_del(req, id):
    """ Delete page, could:
            * author of page if have still pages_author right
            * admin with pages_modify
    """

    check_login(req, '/log_in?referer=/admin/pages')
    match_right(req, ('pages_author', 'pages_modify'))
    check_token(req, req.form.get('token'))

    page = Page(id)
    if not page.check_right(req):
        raise SERVER_RETURN(state.HTTP_FORBIDDEN)

    page.delete(req)
    # TODO: redirect to same page
    redirect(req, '/admin/pages?error=%d' % SUCCESS)
Exemple #16
0
def root(req):
    check_login(req)
    check_right(req, 'admin')

    no_section = Menu('')
    no_section.items = list(item for item in admin_sections if isitem(item))

    x_menu = Menu(admin_sections.label)
    x_menu.append(no_section)
    x_menu.items += [item for item in admin_sections if ismenu(item)]

    x_menu = correct_menu(req, x_menu)

    # if there is only one link, redirect to it
    if len(x_menu) == 1 and len(x_menu[0]) == 1:
        redirect(req, x_menu[0][0].uri)
    return generate_page(req, "admin/admin.html", admin_sections=x_menu)
Exemple #17
0
def admin_news_add(req):
    check_login(req)
    match_right(req, module_rights)

    new = New()
    if req.method == "POST":
        new.bind(req.form, req.login.id)
        error = new.add(req)

        if error:
            return generate_page(req, "admin/news_mod.html", new=new, error=error)

        redirect(req, "/admin/news/%d" % new.id)
    # end

    new.state = 2 if do_check_right(req, "news_editor") else 1
    return generate_page(req, "admin/news_mod.html", new=new)
Exemple #18
0
def root(req):
    check_login(req)

    no_section = Menu("")
    no_section.items = list(item for item in user_sections if isitem(item))

    x_menu = Menu(user_sections.label)
    x_menu.append(no_section)
    x_menu.items += [item for item in user_sections if ismenu(item)]

    x_menu = correct_menu(req, x_menu)

    # if there is only one link, redirect to it
    if len(x_menu) == 1 and len(x_menu[0]) == 1:
        redirect(req, x_menu[0][0].uri)

    return generate_page(req, "user/user.html", user_sections=x_menu)
Exemple #19
0
def admin_item_state(req, id):
    check_login(req, '/log_in?referer=/admin/eshop/store')
    check_right(req, module_right)
    check_token(req, req.form.get('token'), uri='/admin/eshop/store')

    item = Item(id)
    if not item.get(req):
        raise SERVER_RETURN(state.HTTP_NOT_FOUND)

    if req.uri.endswith('/visible'):
        item.set_state(req, STATE_VISIBLE)
    elif req.uri.endswith('/hidden'):
        item.set_state(req, STATE_HIDDEN)
    else:
        item.set_state(req, STATE_DISABLED)

    redirect(req, req.referer)
Exemple #20
0
def admin_articles_add(req):
    check_login(req)
    match_right(req, module_rights)

    article = Article()
    if req.method == 'POST':
        article.bind(req.form, req.login.id)
        error = article.add(req)

        if error:
            return generate_page(req, "admin/articles_mod.html",
                                 article=article, error=error)

        redirect(req, '/admin/articles/%d' % article.id)
    # end

    article.state = 2 if do_check_right(req, right_editor) else 1
    return generate_page(req, "admin/articles_mod.html", article=article)
Exemple #21
0
def user_orders_storno(req, id):
    check_login(req)
    # TODO: check_token
    check_referer(req, '/eshop/orders/%d' % id)

    message = req.form.getfirst('message', '', uni)

    order = Order(id)
    if order.get(req) is None:
        raise SERVER_RETURN(state.HTTP_NOT_FOUND)
    if order.client_id != req.login.id:
        raise SERVER_RETURN(state.HTTP_FORBIDDEN)

    if order.set_state(req, STATE_STORNED, usernote=message) is None:
        raise SERVER_RETURN(state.HTTP_NOT_FOUND)

    send_order_status(req, order)
    redirect(req, '/eshop/orders/%d' % id)
Exemple #22
0
def admin_news_enable(req, id):
    check_login(req, "/log_in?referer=/admin/news")
    match_right(req, module_rights)
    check_referer(req, "/admin/news")

    new = New(id)
    if not new.get(req):
        raise SERVER_RETURN(state.HTTP_NOT_FOUND)

    if (not do_check_right(req, "news_editor")) and (
        not (new.author_id == req.login.id and new.public_date.year == 1970)
    ):
        raise SERVER_RETURN(state.HTTP_FORBIDDEN)

    n_state = int(req.uri.endswith("/enable"))
    n_state = (n_state * 2) if new.public_date.year > 1970 else n_state
    new.set_state(req, n_state)

    redirect(req, "/admin/news")
Exemple #23
0
def admin_articles_enable(req, id):
    check_login(req, '/log_in?referer=/admin/articles')
    match_right(req, module_rights)
    check_referer(req, '/admin/articles')

    article = Article(id)
    if not article.get(req):
        raise SERVER_RETURN(state.HTTP_NOT_FOUND)

    if (not do_check_right(req, right_editor)) \
            and (not (article.author_id == req.login.id
                 and article.public_date.year == 1970)):
        raise SERVER_RETURN(state.HTTP_FORBIDDEN)

    n_state = int(req.uri.endswith('/enable'))
    n_state = (n_state * 2) if article.public_date.year > 1970 else n_state
    article.set_state(req, n_state)

    redirect(req, '/admin/articles')
Exemple #24
0
def admin_item_add(req):
    check_login(req)
    check_right(req, module_right)

    item = Item()
    if req.method == 'POST':
        check_token(req, req.form.get('token'), uri='/admin/eshop/store/add')
        item.bind(req.form)
        error = item.add(req)

        if error != item:
            return generate_page(req, "admin/eshop/item_mod.html",
                                 item=item, error=error)

        redirect(req, '/admin/eshop/store/%d' % item.id)
    # endif

    return generate_page(req, "admin/eshop/item_mod.html",
                         token=create_token(req), item=item)
Exemple #25
0
def admin_pagse_add(req):
    check_login(req)
    match_right(req, ('pages_author', 'pages_modify'))
    token = do_create_token(req, '/admin/pages/add')

    if req.method == 'POST':
        check_token(req, req.form.get('token'))
        page = Page()
        page.bind(req.form, req.login.id)
        error = page.add(req)

        if error:
            return generate_page(req, "admin/pages_mod.html", token=token,
                                 rights=rights, page=page, error=error)

        redirect(req, '/admin/pages/%d' % page.id)
    # end

    return generate_page(req, "admin/pages_mod.html", token=token,
                         rights=rights)
Exemple #26
0
def login(req):
    referer = req.args.getfirst("referer", "", str)

    data = Object(referer=referer, email="")

    if req.method == "POST":
        login = Login()
        login.bind(req.form, req.cfg.login_rounds)

        ip = "ip" in req.form
        if login.find(req):
            do_login(req, login.simple(), ip)
            if referer:
                redirect(req, referer)
            if "admin" in login.rights or "super" in login.rights:
                redirect(req, "/admin")
            redirect(req, "/")

        data.ip = ip
        data.email = login.email
        data.error = BAD_LOGIN

    return generate_page(
        req, "login.html", data=data, sign_up=req.cfg.login_sign_up, password_link=req.cfg.login_forget_password_link
    )
Exemple #27
0
def admin_logins_add(req):
    check_login(req)
    check_right(req, R_ADMIN)
    token = do_create_token(req, "/admin/logins/add")

    if req.method == "POST":
        check_token(req, req.form.get("token"))
        login = Login()
        login.bind(req.form, req.cfg.login_rounds)
        if not req.cfg.login_created_verify_link:
            login.enabled = 1
        login.rights = ["user"]
        error = login.add(req)

        if error:
            return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, error=error)

        if req.cfg.login_created_verify_link:
            send_login_created(req, login)
        redirect(req, "/admin/logins/%d" % login.id)
    # endif

    return generate_page(req, "admin/logins_mod.html", token=token, rights=rights)
Exemple #28
0
def eshop_cart_pay_and_order(req):
    do_check_mgc(req)
    check_token(req, req.form.get('token'), uri='/eshop/cart/recapitulation')
    cart = ShoppingCart(req)
    # TODO: payment page if could be (paypal, card, transfer)
    order = Order.from_cart(cart)
    if not order:
        redirect(req, '/eshop')
    order.client_id = req.login.id if req.login else None
    retval = order.add(req)
    if retval == order:
        cart.clean(req)
        send_order_status(req, order)
        return generate_page(req, "eshop/shopping_accept.html",
                             order=order)
    if retval[0] == EMPTY_ITEMS:
        redirect(req, '/eshop')
    if retval[0] == NOT_ENOUGH_ITEMS:
        cart.set_not_enought(retval[1])
        cart.store(req)
        redirect(req, '/eshop/cart')
Exemple #29
0
def check_right(req, right, redirect_uri=None):
    if not do_check_right(req, right):
        req.log_error("Right %s not check" % right, state.LOG_ALERT)
        if redirect_uri:
            redirect(req, redirect_uri)
        raise SERVER_RETURN(state.HTTP_FORBIDDEN)
Exemple #30
0
def root(req):
    redirect(req, '/index.html', text="static index")
Exemple #31
0
def match_right(req, rights, redirect_uri=None):
    if not do_match_right(req, rights):
        req.log_error("Rights %s not match" % rights, state.LOG_ALERT)
        if redirect_uri:
            redirect(req, redirect_uri)
        raise SERVER_RETURN(state.HTTP_FORBIDDEN)