def view(id):
authz.require(id == current_user.id or authz.is_admin())
user = obj_or_404(User.by_id(id))
data = user.to_dict()
if user.id != current_user.id:
del data['email']
return jsonify(data)
def update(id):
user = obj_or_404(User.by_id(id))
authz.require(user.id == current_user.id or authz.is_admin())
user.update(request_data())
db.session.add(user)
db.session.commit()
return jsonify(user)
def index():
authz.require(authz.is_admin())
users = []
for user in User.all():
data = user.to_dict()
del data['email']
users.append(data)
return jsonify({'results': users, 'total': len(users)})
def ooemail_authorized():
'''
This is a callback for when we are returning from the
external auth provider.
So, we use this to handle our sign-in
'''
usr = User.by_email(request.args.get('email'))
if usr is None:
abort(403)
ok = usr.check_pw(request.args.get('password'))
if ok:
login_user(usr)
return 'oo email authorized'
else:
abort(403)
def facebook_authorized(resp):
next_url = session.get('next_url', url_for('ui'))
if resp is None or 'access_token' not in resp:
return redirect(next_url)
session['facebook_token'] = (resp.get('access_token'), '')
profile = PROVIDERS.get('facebook').get('/me').data
data = {
'display_name': profile.get('name'),
'email': profile.get('email'),
'facebook_id': profile.get('id')
}
user = User.load(data)
db.session.commit()
login_user(user, remember=True)
return redirect(next_url)
def ooemail_authorized():
'''
This is a callback for when we are returning from the
external auth provider.
So, we use this to handle our sign-in
'''
usr = User.by_email(request.args.get('email'))
if usr is None:
abort(403)
ok = usr.check_pw(request.args.get('password'))
if ok:
login_user(usr)
return 'oo email authorized'
else:
abort(403)
def facebook_authorized(resp):
next_url = session.get('next_url', url_for('ui'))
if resp is None or 'access_token' not in resp:
return redirect(next_url)
session['facebook_token'] = (resp.get('access_token'), '')
profile = PROVIDERS.get('facebook').get('/me').data
data = {
'display_name': profile.get('name'),
'email': profile.get('email'),
'facebook_id': profile.get('id')
}
user = User.load(data)
db.session.commit()
login_user(user, remember=True)
return redirect(next_url)
def twitter_authorized(resp):
next_url = session.get('next_url', url_for('ui'))
if resp is None or 'oauth_token' not in resp:
return redirect(next_url)
session['twitter_token'] = (resp['oauth_token'],
resp['oauth_token_secret'])
provider = PROVIDERS.get('twitter')
res = provider.get('users/show.json?user_id=%s' % resp.get('user_id'))
data = {
'display_name': res.data.get('name'),
'twitter_id': res.data.get('id')
}
user = User.load(data)
db.session.commit()
login_user(user, remember=True)
return redirect(next_url)
def twitter_authorized(resp):
next_url = session.get('next_url', url_for('ui'))
if resp is None or 'oauth_token' not in resp:
return redirect(next_url)
session['twitter_token'] = (resp['oauth_token'],
resp['oauth_token_secret'])
provider = PROVIDERS.get('twitter')
res = provider.get('users/show.json?user_id=%s' % resp.get('user_id'))
data = {
'display_name': res.data.get('name'),
'twitter_id': res.data.get('id')
}
user = User.load(data)
db.session.commit()
login_user(user, remember=True)
return redirect(next_url)
def google_authorized(resp):
next_url = session.get('next_url', url_for('ui'))
if resp is None or 'access_token' not in resp:
return redirect(next_url)
session['google_token'] = (resp.get('access_token'), '')
profile_url = 'https://www.googleapis.com/plus/v1/people/me'
google = PROVIDERS.get('google')
headers = {'Authorization': 'Bearer ' + google.get_request_token().key}
profile = google.get(profile_url, headers=headers).data
data = {
'display_name': profile.get('displayName'),
'email': profile.get('emails')[0]['value'],
'google_id': profile.get('id')
}
user = User.load(data)
db.session.commit()
login_user(user, remember=True)
return redirect(next_url)
def ooemail_register():
user = User.create_by_email(request.args.get('email'), request.args.get('pw'))
alerts.mail_welcome_email(user)
login_user(user)
return 'created oo email'
def view(id):
user = obj_or_404(User.by_id(id))
data = user.to_dict()
if user.id != current_user.id:
del data['email']
return jsonify(data)
def load_user_from_request(request):
api_key = request.headers.get('X-API-Key') \
or request.args.get('api_key')
if api_key is not None:
return User.by_api_key(api_key)
def ooemail_register():
user = User.create_by_email(request.args.get('email'),
request.args.get('pw'))
login_user(user)
return 'created oo email'
