def invitation_retrieve(request, response_format='html'):
"Retrieve invitation and create account"
if request.user.username:
return HttpResponseRedirect('/')
email = request.REQUEST.get('email')
key = request.REQUEST.get('key')
if email and key:
try:
invitation = Invitation.objects.get(email=email, key=key)
except:
raise Http404
else:
raise Http404
if request.POST:
form = InvitationForm(invitation, request.POST)
if form.is_valid():
profile = form.save()
username = profile.user.username
password = form.cleaned_data['password']
user = authenticate(username=username, password=password)
if user:
invitation.delete()
login(request, user)
return HttpResponseRedirect('/')
else:
form = InvitationForm(invitation)
return render_to_response('core/invitation_retrieve',
{'invitation': invitation,
'form': form},
context_instance=RequestContext(request),
response_format=response_format)
def user_denied(request, message='', response_format='html'):
"User denied page"
response = render_to_response('core/user_denied',
{'message': message},
context_instance=RequestContext(request), response_format=response_format)
# response.status_code = 403
return response
def widget_welcome(request, response_format='html'):
"Quick start widget, which users see when they first log in"
trial = False
if settings.ANAF_SUBSCRIPTION_USER_LIMIT == 3:
trial = True
customization = settings.ANAF_SUBSCRIPTION_CUSTOMIZATION
return render_to_response('core/widgets/welcome', {'trial': trial, 'customization': customization},
context_instance=RequestContext(request), response_format=response_format)
def ajax_tag_lookup(request, response_format='html'):
"Returns a list of matching tags"
tags = []
if request.GET and 'term' in request.GET:
tags = Tag.objects.filter(name__icontains=request.GET['term'])
return render_to_response('core/ajax_tag_lookup',
{'tags': tags},
context_instance=RequestContext(request),
response_format=response_format)
def database_setup(request, response_format='html'):
if not User.objects.all().count():
if request.POST:
sql_form = SqlSettingsForm(data=request.POST)
if sql_form.is_valid():
sql_form.create_database()
if sql_form.is_valid():
return HttpResponseRedirect('/')
else:
sql_form = SqlSettingsForm()
return render_to_response('core/database_setup', {'sql_form': sql_form},
context_instance=RequestContext(request), response_format=response_format)
return HttpResponseRedirect('/')
def ajax_object_lookup(request, response_format='html'):
"Returns a list of matching objects"
objects = []
if request.GET and 'term' in request.GET:
objects = Object.filter_permitted(request.user.profile,
Object.objects.filter(
object_name__icontains=request.GET['term']),
mode='x')[:10]
return render_to_response('core/ajax_object_lookup',
{'objects': objects},
context_instance=RequestContext(request),
response_format=response_format)
def password_reset(request, response_format='html'):
"Password_reset sends the email with the new password"
if request.POST:
form = PasswordResetForm(request.POST)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse('password_reset_done'))
else:
form = PasswordResetForm()
return render_to_response('core/password_reset_form',
{'form': form},
context_instance=RequestContext(request),
response_format=response_format)
def help_page(request, url='/', response_format='html'):
"Returns a Help page from Evergreen"
source = settings.ANAF_HELP_SOURCE
if not url:
url = '/'
body = ''
try:
body = urllib2.urlopen(
source + url + '?domain=' + RequestSite(request).domain).read()
except:
pass
regexp = r"<!-- module_content_inner -->(?P<module_inner>.*?)<!-- /module_content_inner -->"
blocks = re.finditer(regexp, body, re.DOTALL)
for block in blocks:
body = smart_unicode(block.group('module_inner').strip())
return render_to_response('core/help_page', {'body': body},
context_instance=RequestContext(request),
response_format=response_format)
def password_reset_done(request, response_format='html'):
"Shows success message"
return render_to_response('core/password_reset_done',
context_instance=RequestContext(request),
response_format=response_format)
def user_login(request, response_format='html'):
"User login"
if request.user.username:
return HttpResponseRedirect(reverse('user_denied'))
next = request.GET.get('next', '/')
form = LoginForm(request.POST)
if request.POST:
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user and getattr(settings, 'HARDTREE_DISABLE_EVERGREEN_USERS', False) and 'evergreen_' in user.username[:10]:
user = None
if form.is_valid():
if user is not None:
try:
profile = user.profile
except:
profile = None
if not profile:
return render_to_response('core/user_login', {
'error_message': 'Username or password you entered is not valid', 'form': Markup(form)},
context_instance=RequestContext(request), response_format=response_format)
if profile.disabled:
return render_to_response('core/user_login', {
'error_message': 'Your account is disabled.',
'form': Markup(form)},
context_instance=RequestContext(request),
response_format=response_format)
if user.is_active and profile:
# Disable account with overdue payment
if settings.ANAF_SUBSCRIPTION_BLOCKED:
return render_to_response('core/user_login', {
'error_message': 'We are sorry to inform you but your account has been deactivated. Please login to your <a href="https://www.tree.io/login/">control panel</a> to see details.',
'form': Markup(form)},
context_instance=RequestContext(request),
response_format=response_format)
login(request, user)
# Prevent same user from logging in at 2 different machines
if settings.ANAF_MULTIPLE_LOGINS_DISABLED:
for ses in Session.objects.all():
if ses != request.session:
try:
data = ses.get_decoded()
if '_auth_user_id' in data and data['_auth_user_id'] == request.user.id:
ses.delete()
except Exception:
pass
if 'next' in request.POST:
return HttpResponseRedirect(request.POST['next'])
else:
return HttpResponseRedirect(next)
else:
return render_to_response('core/user_login_disabled',
context_instance=RequestContext(
request),
response_format=response_format)
else:
return render_to_response('core/user_login', {
'error_message': 'Username or password you entered is not valid', 'form': Markup(form)},
context_instance=RequestContext(request), response_format=response_format)
elif not form.is_valid() and user is None:
return render_to_response('core/user_login',
{'error_message': 'Username or password you entered is not valid', 'form': Markup(
form)},
context_instance=RequestContext(request), response_format=response_format)
else:
return render_to_response('core/user_login',
{'error_message': 'Please re-enter the text from the image',
'form': Markup(form)},
context_instance=RequestContext(request), response_format=response_format)
else:
return render_to_response('core/user_login', {'form': Markup(form)},
context_instance=RequestContext(request), response_format=response_format)
def iframe_close(request, response_format='html'):
"For third-party resources, when returned back to Anaf, close iframe"
return render_to_response('core/iframe_close', {},
context_instance=RequestContext(request),
response_format=response_format)
def ajax_popup(request, popup_id='', url='/'):
"Handles pop up forms and requests, by extracting only the required content from response content"
view, args, kwargs = resolve(url)
if not request.user.username:
return HttpResponseRedirect('/accounts/login')
modules = Module.objects.all()
active = None
for module in modules:
try:
import_name = module.name + "." + \
settings.ANAF_MODULE_IDENTIFIER
hmodule = __import__(import_name, fromlist=[str(module.name)])
urls = hmodule.URL_PATTERNS
for regexp in urls:
if re.match(regexp, url):
active = module
except ImportError:
pass
except AttributeError:
pass
response = None
if active and not request.user.profile.has_permission(active):
response = user_denied(request, "You do not have access to the {0!s} module".format(unicode(active)),
response_format='ajax')
if not response:
if view == ajax_popup:
raise Http404("OMG, I see myself!")
kwargs['request'] = request
kwargs['response_format'] = 'ajax'
response = view(*args, **kwargs)
# response = csrf().process_response(request, response)
module_inner = ""
regexp = r"<!-- module_content_inner -->(?P<module_inner>.*?)<!-- /module_content_inner -->"
blocks = re.finditer(regexp, response.content, re.DOTALL)
for block in blocks:
module_inner += block.group('module_inner').strip()
title = ""
regexp = r"<div class=\\\"title\\\">(?P<title>.*?)</div>"
blocks = re.finditer(regexp, response.content, re.DOTALL)
for block in blocks:
title += block.group('title').replace('\\n', '').strip()
if not title:
blocks = re.finditer(
r"<title>(?P<title>.*?)</title>", response.content, re.DOTALL)
for block in blocks:
title += block.group('title').replace('\\n', '').strip()
subtitle = ""
regexp = r"<div class=\\\"subtitle-block\\\">(?P<subtitle>.*?)</div>"
blocks = re.finditer(regexp, response.content, re.DOTALL)
for block in blocks:
subtitle += block.group('subtitle').replace('\\n', '').strip()
context = {'content': module_inner, 'title': title, 'subtitle': subtitle, 'popup_id': popup_id, 'url': request.path}
if settings.ANAF_RESPONSE_FORMATS['json'] in response.get('Content-Type', 'text/html'):
new_response = render_to_response('core/ajax_popup', context,
context_instance=RequestContext(request), response_format='json')
else:
new_response = HttpResponse(json.dumps({'popup': context}))
new_response.mimetype = settings.ANAF_RESPONSE_FORMATS['json']
try:
jsonresponse = json.loads(response.content)
if 'redirect' in jsonresponse:
new_response.status_code = 302
except Exception:
new_response.status_code = response.status_code
return new_response
