Esempio n. 1
0
def claim_listing(permalink):
    """Allow a seller to claim a listing whose email they have lost."""

    # Look up the existing listing used for this person.
    listing = helpers.lookup_listing(permalink)
    if not listing:
        abort(404)

    # Prevent button spamming.
    seller = listing.seller
    title = listing.title
    if (dos.rate_limit(listing.seller, 4, 60) or
            dos.rate_limit(listing.key().name, 2, 60)):
        seller = "*****@*****.**"
        title = "SPAM REQUEST: " + listing.title

    # Send the user an email to let them edit the listing.
    email.send_mail(
        to=seller,
        subject="Marketplace Listing \"{}\"".format(title),
        html=render_template("email/welcome.html", listing=listing),
        text=render_template("email/welcome.txt", listing=listing)
    )

    flash("We've emailed you a link to edit this listing.")

    return redirect(url_for("show_listing", permalink=listing.permalink))
Esempio n. 2
0
def place_inquiry(listing, buyer, message):
    """
    Control the creation of inquiries for each listing.
    """

    # Block addresses commonly used for posting spam.
    block(is_from_tor())

    # Block users that are banned from Marketplace.
    block(is_banned(buyer))

    # Make sure the user only submits a fixed count at given time.
    principal = [buyer, listing.permalink, request.remote_addr]
    block(is_too_frequent(principal, [(4, 60), (100, 24 * 3600)]))

    # Send a message to the user with a link to edit the listing.
    is_signed_in = signed_in(listing)
    email.send_mail(
        to=listing.seller,
        reply_to=buyer,
        subject=u"Re: Marketplace Listing \"{}\"".format(listing.title),
        html=render_template("email/inquiry.html", **locals()),
        text=render_template("email/inquiry.txt", **locals()),
    )

    # Post to Slack about this listing.
    slack.send_chat(text="Inquiry by {}".format(buyer),
                    username=listing.title,
                    icon_url=(photos.public_url(listing.photos[0], "small")
                              if listing.photos else None))
Esempio n. 3
0
def place_inquiry(listing, buyer, message):
    """
    Control the creation of inquiries for each listing.
    """

    # Block addresses commonly used for posting spam.
    block(is_from_tor())

    # Block users that are banned from Marketplace.
    block(is_banned(buyer))

    # Make sure the user only submits a fixed count at given time.
    principal = [buyer, listing.permalink, request.remote_addr]
    block(is_too_frequent(principal, [(4, 60), (100, 24 * 3600)]))

    # Send a message to the user with a link to edit the listing.
    is_signed_in = signed_in(listing)
    email.send_mail(
        to=listing.seller,
        reply_to=buyer,
        subject=u"Re: Marketplace Listing \"{}\"".format(listing.title),
        html=render_template("email/inquiry.html", **locals()),
        text=render_template("email/inquiry.txt", **locals()),
    )

    # Post to Slack about this listing.
    slack.send_chat(
        text="Inquiry by {}".format(buyer),
        username=listing.title,
        icon_url=(photos.public_url(listing.photos[0], "small")
                    if listing.photos else None)
    )
Esempio n. 4
0
def claim_listing(listing):
    """
    Control the creation of new listings.
    """

    # Block inquiries from non-UChicago email addresses.
    block(not is_campus_address(listing.seller),
        error="Please only post listings with a UChicago email address.")

    # Block addresses commonly used for posting spam.
    block(is_from_tor())

    # Make sure the user only submits a fixed count at given time.
    block(is_too_frequent([listing.permalink], [(1, 24 * 3600)]))
    block(is_too_frequent([request.remote_addr], [(4, 60)]))

    # Send a message to the user with a link to edit the listing.
    is_signed_in = signed_in(listing)
    email.send_mail(
        to=listing.seller,
        subject=u"Marketplace Listing \"{}\"".format(listing.title),
        html=render_template("email/welcome.html", **locals()),
        text=render_template("email/welcome.txt", **locals()),
    )

    # Inform the moderators about the new listing.
    link = url_for("show_listing", permalink=listing.permalink,
                                   key=listing.admin_key, _external=True)
    slack.send_chat(
        text="Posted by {listing.seller} (<{link}|approve>)".format(**locals()),
        username=listing.title,
        icon_url=(photos.public_url(listing.photos[0], "small")
                    if listing.photos else None)
    )
Esempio n. 5
0
def claim_listing(listing):
    """
    Control the creation of new listings.
    """

    # Block inquiries from non-UChicago email addresses.
    block(not is_campus_address(listing.seller),
          error="Please only post listings with a UChicago email address.")

    # Block addresses commonly used for posting spam.
    block(is_from_tor())

    # Make sure the user only submits a fixed count at given time.
    block(is_too_frequent([listing.permalink], [(1, 24 * 3600)]))
    block(is_too_frequent([request.remote_addr], [(4, 60)]))

    # Send a message to the user with a link to edit the listing.
    is_signed_in = signed_in(listing)
    email.send_mail(
        to=listing.seller,
        subject=u"Marketplace Listing \"{}\"".format(listing.title),
        html=render_template("email/welcome.html", **locals()),
        text=render_template("email/welcome.txt", **locals()),
    )

    # Inform the moderators about the new listing.
    link = url_for("show_listing",
                   permalink=listing.permalink,
                   key=listing.admin_key,
                   _external=True)
    slack.send_chat(
        text="Posted by {listing.seller} (<{link}|approve>)".format(
            **locals()),
        username=listing.title,
        icon_url=(photos.public_url(listing.photos[0], "small")
                  if listing.photos else None))
Esempio n. 6
0
def show_listing(permalink):
    """View a particular listing and provide links to place an inquiry."""

    # Retrieve the listing by key.
    listing = helpers.lookup_listing(permalink)
    if not listing:
        abort(404)

    # If the listing isn't yet published, check the URL key and update session.
    if request.args.get("key") == listing.admin_key and listing.admin_key:
        session["email"] = listing.seller
        if not listing.posting_time:
            listing.posting_time = time.time()
            listing.put()
            helpers.invalidate_listing(listing)

            flash("Your listing has been published.")
            return redirect(url_for("show_listing", permalink=permalink,
                                    q=request.args.get("q")))

    # Otherwise, hide the listing.
    elif not listing.posting_time:
        abort(404)

    # Display a form for buyers to place an offer.
    buyer_form = forms.BuyerForm()

    # Handle submissions on the form.
    if buyer_form.validate_on_submit():
        buyer = buyer_form.buyer.data
        message = buyer_form.message.data
        seller = listing.seller

        # Track what requests are sent to which people.
        helpers.add_inqury(listing, buyer, message)

        # Block spam inquiries.
        if (buyer.strip() == "*****@*****.**" or
                buyer.strip() == "*****@*****.**" or
                dos.rate_limit(buyer.strip(), 4, 60) or
                dos.rate_limit(request.remote_addr, 4, 60) or
                dos.rate_limit(listing.seller, 20, 3600 * 24)):

            message = "MESSAGE BLOCKED!\n\n" + str(message)
            seller = "*****@*****.**"

        # Send a listing to the person.
        email.send_mail(
            to=seller,
            reply_to=buyer,
            subject="Re: Marketplace Listing \"{}\"".format(listing.title),
            html=render_template("email/inquiry.html", **locals()),
            text=render_template("email/inquiry.txt", **locals()),
        )

        return redirect(url_for("show_listing", permalink=permalink))

    # Have the form email default to the value from the session.
    if not buyer_form.buyer.data:
        buyer_form.buyer.data = session.get("email")

    # Display the resulting template.
    return render_template("listing_show.html", listing=listing,
                           buyer_form=buyer_form)
Esempio n. 7
0
def new_listing():
    """Creates or removes this listing."""

    # Populate a form to create a listing.
    form = forms.NewListingForm()

    # Create a temporary listing so that photos can be uploaded.
    listing = entities.Listing(
        key_name=str(uuid.uuid4()),  # FIXME: add proper permalink generator.
        title=form.title.data,
        price=int(form.price.data * 100) if form.price.data else 0,
        body=form.description.data,
        categories=form.categories.data or [],
        seller=form.seller.data,
        posting_time=(time.time() if session.get("email") else 0.0),
        admin_key=str(uuid.uuid4())
    )

    # Allow uploading and saving the given request.
    is_valid = form.validate_on_submit()
    if request.method == "POST":
        photos = []
        for photo in form.photos:
            if not photo.data:
                continue
            image = photo.data["image"]
            if not image or(
                    hasattr(image, "filename") and not image.filename):
                continue
            photos.append(image)

        listing.photos = photos

    # Allow anyone to create listings.
    if is_valid:
        listing.title = form.title.data
        listing.body = form.description.data
        listing.categories = form.categories.data
        listing.price = int(form.price.data * 100)
        listing.put()

        helpers.invalidate_listing(listing)

        # Send the user an email to let them edit the listing.
        email.send_mail(
            to=listing.seller,
            subject="Marketplace Listing \"{}\"".format(listing.title),
            html=render_template("email/welcome.html", listing=listing),
            text=render_template("email/welcome.txt", listing=listing)
        )

        # If running locally, print a link to this listing.
        print url_for("show_listing", permalink=listing.key().name(),
                      key=listing.admin_key, _external=True)

        # Only allow the user to see the listing if they are signed in.
        if session.get("email") == listing.seller:
            flash("Your listing has been published.")
            return redirect(url_for("show_listing",
                                    permalink=listing.permalink))
        else:
            flash("Your listing has been created. "
                  "Click the link in your email to publish it.")
            return redirect(url_for("search_listings"))

    # Have the form email default to the value from the session.
    if not form.seller.data:
        form.seller.data = session.get("email")

    # Display the photo URL of any uploaded photos.
    for index, entry in enumerate(form.photos.entries):
        if index < len(listing.photos):
            entry["image"].data = listing.photos[index]
        else:
            entry["image"].data = None

    return render_template("listing_form.html", type="New", form=form)