def user_reset(token=None):
user_db = model.User.get_by('token', token)
if not user_db:
flask.flash(__('That link is either invalid or expired.'), category='danger')
return flask.redirect(flask.url_for('welcome'))
if auth.is_logged_in():
login.logout_user()
return flask.redirect(flask.request.path)
form = UserResetForm()
if form.validate_on_submit():
user_db.password_hash = util.password_hash(user_db, form.new_password.data)
user_db.token = util.uuid()
user_db.verified = True
user_db.put()
flask.flash(__('Your password was changed succesfully.'), category='success')
return auth.signin_user_db(user_db)
return flask.render_template(
'user/user_reset.html',
title='Reset Password',
html_class='user-reset',
form=form,
user_db=user_db,
)
def duration_choices():
choices = [
("4", "4 %s" % __("Hours")),
("8", "8 %s" % __("Hours")),
("16", "16 %s" % __("Hours")),
("24", "24 %s" % __("Hours")),
]
return choices
class LoginForm(Form):
""" Login page view model """
username = TextField(__('Username'),
[validators.Length(min=4,
max=25,
message=__('Username should contain between 4 and 20 characters'))])
password = PasswordField(__('Password'),
[validators.Required(message=__('Password is required'))])
def duration_choices():
choices = [
('4', '4 %s' % __('Hours')),
('8', '8 %s' % __('Hours')),
('16', '16 %s' % __('Hours')),
('24', '24 %s' % __('Hours'))
]
return choices
def user_verify(token):
user_db = auth.current_user_db()
if user_db.token != token:
flask.flash(__('That link is either invalid or expired.'), category='danger')
return flask.redirect(flask.url_for('profile'))
user_db.verified = True
user_db.token = util.uuid()
user_db.put()
flask.flash(__('Hooray! Your email is now verified.'), category='success')
return flask.redirect(flask.url_for('profile'))
def signin():
next_url = util.get_next_url()
form = None
if config.CONFIG_DB.has_email_authentication:
form = form_with_recaptcha(SignInForm())
save_request_params()
if form.validate_on_submit():
result = get_user_db_from_email(form.email.data, form.password.data)
if result:
cache.reset_auth_attempt()
return signin_user_db(result)
if result is None:
form.email.errors.append(__('Email or Password do not match'))
if result is False:
return flask.redirect(flask.url_for('welcome'))
if not form.errors:
form.next_url.data = next_url
if form and form.errors:
cache.bump_auth_attempt()
return flask.render_template(
'auth/auth.html',
title=_('Sign in'),
html_class='auth',
next_url=next_url,
form=form,
form_type='signin' if config.CONFIG_DB.has_email_authentication else '',
**urls_for_oauth(next_url)
)
def profile_password():
if not config.CONFIG_DB.has_email_authentication:
flask.abort(418)
user_db = auth.current_user_db()
form = ProfilePasswordForm(obj=user_db)
if not user_db.password_hash:
del form.old_password
if form.validate_on_submit():
errors = False
old_password = form.old_password.data if form.old_password else None
new_password = form.new_password.data
if new_password or old_password:
if user_db.password_hash:
if util.password_hash(user_db, old_password) != user_db.password_hash:
form.old_password.errors.append(_('Invalid current password'))
errors = True
if not (form.errors or errors):
user_db.password_hash = util.password_hash(user_db, new_password)
flask.flash(__('Your password has been changed.'), category='success')
if not (form.errors or errors):
user_db.put()
return flask.redirect(flask.url_for('profile'))
return flask.render_template(
'profile/profile_password.html',
title=user_db.name,
html_class='profile-password',
form=form,
user_db=user_db,
)
def signup():
next_url = util.get_next_url()
form = None
if config.CONFIG_DB.has_email_authentication:
form = form_with_recaptcha(SignUpForm())
save_request_params()
if form.validate_on_submit():
user_db = model.User.get_by('email', form.email.data)
if user_db:
form.email.errors.append(__('This email is already taken.'))
if not form.errors:
user_db = create_user_db(
None,
util.create_name_from_email(form.email.data),
form.email.data,
form.email.data,
)
user_db.put()
task.activate_user_notification(user_db)
cache.bump_auth_attempt()
return flask.redirect(flask.url_for('welcome'))
if form and form.errors:
cache.bump_auth_attempt()
title = _('Sign up') if config.CONFIG_DB.has_email_authentication else _('Sign in')
return flask.render_template(
'auth/auth.html',
title=title,
html_class='auth',
next_url=next_url,
form=form,
**urls_for_oauth(next_url)
)
def profile(username):
user = User.query.filter_by(username=username).first_or_404()
if user.role.name == 'client':
return render_template('user/client_profile.html', user=user)
elif user.role.name == 'escort':
tags = user.escort_profile.service_tags.all()
cover = EscortPhoto.query.filter_by(
profile_id=user.escort_profile_id,
is_cover=True
).first()
if not cover:
flash(_('Choose a photo for your profile, <a href="%(url)s" class="alert-link">Click here</a>.', url=url_for('user.edit_photos')), 'alert-info')
cover = 'choose/cb8c260efa71923e651caf7ffc47e653.jpg'
else:
cover = cover.key
classified_tags = {}
if len(tags) != 0:
for tag in tags:
classified_tags.setdefault(tag.category, [])
classified_tags[tag.category].append(__(tag.tag_en))
return render_template(
'user/escort_profile.html',
user=user,
profile=user.escort_profile,
tags=classified_tags,
domain=current_app.config['QN_DOMAIN'],
cover=cover
)
def user_activate(token):
if auth.is_logged_in():
login.logout_user()
return flask.redirect(flask.request.path)
user_db = model.User.get_by('token', token)
if not user_db:
flask.flash(__('That link is either invalid or expired.'), category='danger')
return flask.redirect(flask.url_for('welcome'))
form = UserActivateForm(obj=user_db)
if form.validate_on_submit():
form.populate_obj(user_db)
user_db.password_hash = util.password_hash(user_db, form.password.data)
user_db.token = util.uuid()
user_db.verified = True
user_db.put()
return auth.signin_user_db(user_db)
return flask.render_template(
'user/user_activate.html',
title='Activate Account',
html_class='user-activate',
user_db=user_db,
form=form,
)
def signup():
next_url = util.get_next_url()
form = None
if config.CONFIG_DB.has_email_authentication:
form = form_with_recaptcha(SignUpForm())
save_request_params()
if form.validate_on_submit():
user_db = model.User.get_by('email', form.email.data)
if user_db:
form.email.errors.append(__('This email is already taken.'))
if not form.errors:
user_db = create_user_db(
None,
util.create_name_from_email(form.email.data),
form.email.data,
form.email.data,
)
user_db.put()
task.activate_user_notification(user_db)
cache.bump_auth_attempt()
return flask.redirect(flask.url_for('welcome'))
if form and form.errors:
cache.bump_auth_attempt()
title = _('Sign up') if config.CONFIG_DB.has_email_authentication else _('Sign in')
return flask.render_template(
'auth/auth.html',
title=title,
html_class='auth',
next_url=next_url,
form=form,
**urls_for_oauth(next_url)
)
def profile_password():
if not config.CONFIG_DB.has_email_authentication:
flask.abort(418)
user_db = auth.current_user_db()
form = ProfilePasswordForm(obj=user_db)
if form.validate_on_submit():
errors = False
old_password = form.old_password.data
new_password = form.new_password.data
if new_password or old_password:
if user_db.password_hash:
if util.password_hash(user_db, old_password) != user_db.password_hash:
form.old_password.errors.append(_('Invalid current password'))
errors = True
if not errors and old_password and not new_password:
form.new_password.errors.append(_('This field is required.'))
errors = True
if not (form.errors or errors):
user_db.password_hash = util.password_hash(user_db, new_password)
flask.flash(__('Your password has been changed.'), category='success')
if not (form.errors or errors):
user_db.put()
return flask.redirect(flask.url_for('profile'))
return flask.render_template(
'profile/profile_password.html',
title=user_db.name,
html_class='profile-password',
form=form,
user_db=user_db,
)
def signin():
next_url = util.get_next_url()
form = None
if config.CONFIG_DB.has_email_authentication:
form = form_with_recaptcha(SignInForm())
save_request_params()
if form.validate_on_submit():
result = get_user_db_from_email(form.email.data, form.password.data)
if result:
cache.reset_auth_attempt()
return signin_user_db(result)
if result is None:
form.email.errors.append(__('Email or Password do not match'))
if result is False:
return flask.redirect(flask.url_for('welcome'))
if not form.errors:
form.next_url.data = next_url
if form and form.errors:
cache.bump_auth_attempt()
return flask.render_template(
'auth/auth.html',
title=_('Sign in'),
html_class='auth',
next_url=next_url,
form=form,
form_type='signin' if config.CONFIG_DB.has_email_authentication else '',
**urls_for_oauth(next_url)
)
def signin_user_db(user_db):
if not user_db:
return flask.redirect(flask.url_for('signin'))
flask_user_db = FlaskUser(user_db)
if login.login_user(flask_user_db):
user_db.put_async()
response = flask.redirect(util.get_next_url())
util.set_locale(user_db.locale, response)
flask.flash(__(
'Hello %(name)s, welcome to %(brand)s.',
name=user_db.name, brand=config.CONFIG_DB.brand_name,
), category='success')
return response
else:
flask.flash(__('Sorry, but you could not sign in.'), category='danger')
return flask.redirect(flask.url_for('signin'))
def google_authorized():
google_user = users.get_current_user()
if google_user is None:
flask.flash(__('You denied the request to sign in.'))
return flask.redirect(util.get_next_url())
user_db = retrieve_user_from_google(google_user)
return signin_user_db(user_db)
def facebook_authorized(resp):
if resp is None:
flask.flash(__('You denied the request to sign in.'))
return flask.redirect(util.get_next_url())
flask.session['oauth_token'] = (resp['access_token'], '')
me = facebook.get('/me')
user_db = retrieve_user_from_facebook(me.data)
return signin_user_db(user_db)
def signin_user_db(user_db):
if not user_db:
return flask.redirect(flask.url_for('signin'))
flask_user_db = FlaskUser(user_db)
auth_params = flask.session.get('auth-params', {
'next': flask.url_for('welcome'),
'remember': False,
})
if login.login_user(flask_user_db, remember=auth_params['remember']):
user_db.put_async()
response = flask.redirect(auth_params['next'])
util.set_locale(user_db.locale, response)
flask.flash(__(
'Hello %(name)s, welcome to %(brand)s.',
name=user_db.name, brand=config.CONFIG_DB.brand_name,
), category='success')
return response
flask.flash(__('Sorry, but you could not sign in.'), category='danger')
return flask.redirect(flask.url_for('signin'))
def facebook_authorized():
response = facebook.authorized_response()
if response is None:
flask.flash(__('You denied the request to sign in.'))
return flask.redirect(util.get_next_url())
flask.session['oauth_token'] = (response['access_token'], '')
me = facebook.get('/me?fields=name,email')
user_db = retrieve_user_from_facebook(me.data)
return auth.signin_user_db(user_db)
def google_authorized():
response = google.authorized_response()
if response is None:
flask.flash(__('You denied the request to sign in.'))
return flask.redirect(util.get_next_url())
flask.session['oauth_token'] = (response['access_token'], '')
me = google.get('me', data={'access_token': response['access_token']})
user_db = retrieve_user_from_google(me.data)
return auth.signin_user_db(user_db)
def __call__(self, form, field):
if form.xiamitype.data is False and form.banyungongtype.data is False \
and form.zimuzutype.data is False and form.packtype.data is False:
if self.message is None:
message = __(u'Plz select at least one type')
else:
message = self.message
field.errors[:] = []
raise StopValidation(message)
def account_check():
form = LoginForm()
if request.method == 'POST':
if form.validate_on_submit():
account = form.account.data
password = form.password.data
remember = form.remember.data
work = {
(XiamiLogin, XiamiUser): form.xiamitype.data,
(BanyungongLogin, BanyungongUser): form.banyungongtype.data,
(ZimuzuLogin, ZimuzuUser): form.zimuzutype.data,
(PacktLogin, PacktUser): form.packtype.data,
}
for (job_klass, model_klass), jobstatus in work.items():
if jobstatus is True:
login_request = job_klass(app.logger)
user_klass = model_klass
result = login_request.login(account, password)
cookie = login_request.dump_cookie()
if result is None: # Successful
user = user_klass.query.filter_by(
account=account).first()
if user is None:
user = user_klass()
user.account = account
user.cookie = cookie
if remember:
user.passwd = password
db.session.add(user)
else:
user.cookie = cookie
if remember:
user.passwd = password
db.session.commit()
msg = '%s %s added for daily checkin' % (
login_request.tag, account)
flash(msg)
app.logger.info(msg)
else:
msg = __("Error: %(originator)s: %(result)s",
originator=login_request.tag,
result=result)
flash(msg)
app.logger.info(msg)
return render('secret/login.html', form=form)
def twitter_authorized(resp):
if resp is None:
flask.flash(__('You denied the request to sign in.'))
return flask.redirect(util.get_next_url())
flask.session['oauth_token'] = (
resp['oauth_token'],
resp['oauth_token_secret'],
)
user_db = retrieve_user_from_twitter(resp)
return signin_user_db(user_db)
def signin_twitter():
flask.session.pop('oauth_token', None)
save_request_params()
try:
return twitter.authorize(callback=flask.url_for('twitter_authorized'))
except:
flask.flash(
__('Something went wrong with Twitter sign in. Please try again.'),
category='danger',
)
return flask.redirect(flask.url_for('signin', next=util.get_next_url()))
def signin_user_db(user_db):
if not user_db:
return flask.redirect(flask.url_for('signin'))
flask_user_db = FlaskUser(user_db)
auth_params = flask.session.get('auth-params', {
'next': flask.url_for('welcome'),
'remember': False,
})
flask.session.pop('auth-params', None)
if login.login_user(flask_user_db, remember=auth_params['remember']):
user_db.put_async()
return flask.redirect(util.get_next_url(auth_params['next']))
flask.flash(__('Sorry, but you could not sign in.'), category='danger')
return flask.redirect(flask.url_for('signin'))
def signin_user_db(user_db):
if not user_db:
return flask.redirect(flask.url_for('signin'))
flask_user_db = FlaskUser(user_db)
auth_params = flask.session.get('auth-params', {
'next': flask.url_for('welcome'),
'remember': False,
})
flask.session.pop('auth-params', None)
if login.login_user(flask_user_db, remember=auth_params['remember']):
user_db.put_async()
return flask.redirect(util.get_next_url(auth_params['next']))
flask.flash(__('Sorry, but you could not sign in.'), category='danger')
return flask.redirect(flask.url_for('signin'))
class LoginForm(Form):
account = StringField(__(u'Account'), validators=[DataRequired(__(u'This field is required'))])
password = PasswordField(__(u'Password'), validators=[DataRequired(__(u'This field is required'))])
remember = BooleanField(__(u'I can save password in DB'))
xiamitype = BooleanField(u'Xiami')
banyungongtype = BooleanField(u'Banyungong')
packtype = BooleanField(u'PacktPub')
zimuzutype = BooleanField(u'Zimuzu', validators=[AccountTypeRequired()])
submit = SubmitField(__(u'Add My Account'))
def get_user_db_from_email(email, password):
user_dbs, cursors = model.User.get_dbs(email=email, active=True, limit=2)
if not user_dbs:
return None
if len(user_dbs) > 1:
flask.flash(__('''We are sorry but it looks like there is a conflict with
your account. Our support team is already informed and we will get
back to you as soon as possible.'''), category='danger')
task.email_conflict_notification(email)
return False
user_db = user_dbs[0]
if user_db.password_hash == util.password_hash(user_db, password):
return user_db
return None
def get_user_db_from_email(email, password):
user_dbs, cursors = model.User.get_dbs(email=email, active=True, limit=2)
if not user_dbs:
return None
if len(user_dbs) > 1:
flask.flash(__('''We are sorry but it looks like there is a conflict with
your account. Our support team is already informed and we will get
back to you as soon as possible.'''), category='danger')
task.email_conflict_notification(email)
return False
user_db = user_dbs[0]
if user_db.password_hash == util.password_hash(user_db, password):
return user_db
return None
def feedback():
if not config.CONFIG_DB.feedback_email:
return flask.abort(418)
form = FeedbackForm(obj=auth.current_user_db())
if form.validate_on_submit():
body = '%s\n\n%s' % (form.message.data, form.email.data)
kwargs = {'reply_to': form.email.data} if form.email.data else {}
task.send_mail_notification(form.subject.data, body, **kwargs)
flask.flash(__('Thank you for your feedback!'), category='success')
return flask.redirect(flask.url_for('welcome'))
return flask.render_template(
'feedback.html',
title=_('Feedback'),
html_class='feedback',
form=form,
)
def feedback():
if not config.CONFIG_DB.feedback_email:
return flask.abort(418)
form = FeedbackForm(obj=auth.current_user_db())
if form.validate_on_submit():
body = '%s\n\n%s' % (form.message.data, form.email.data)
kwargs = {'reply_to': form.email.data} if form.email.data else {}
task.send_mail_notification(form.subject.data, body, **kwargs)
flask.flash(__('Thank you for your feedback!'), category='success')
return flask.redirect(flask.url_for('welcome'))
return flask.render_template(
'feedback.html',
title=_('Feedback'),
html_class='feedback',
form=form,
)
class EditUserForm(Form):
""" User modification page view model """
username = TextField(__('Username'),
[validators.Length(min=4,
max=25,
message=__('Username should contain between 4 and 20 characters'))])
password = PasswordField(__('Password'))
confirm_password = PasswordField(__('Confirm password'),
[validators.EqualTo('password', message=__('Passwords must match'))])
is_super_admin = BooleanField(__('Super Administrator'))
is_disabled = BooleanField(__('Disabled'))
shinken_contact = SelectField(__('Shinken contact'))
def __init__(self, formvalues):
super(EditUserForm, self).__init__(formvalues)
# Contacts drop down list
clist = [(c, c) for c in livestatus.contacts]
clist.insert(0, ('None', 'None'))
self.shinken_contact.choices = clist
class CreateTaskForm(Form):
tpl = SelectField(u'Templates')
submit = SubmitField(__(u'Submit'))
def custom_form_factory(form, field_types=[], field_slugs=[],
excluded_field_types=[],
registration_fields=False):
fields = (CustomField.query.filter_by(meeting_id=g.meeting.id)
.order_by(CustomField.sort))
form_attrs = {
'_custom_fields': OrderedMultiDict({c.slug: c for c in fields}),
}
if field_types:
fields = fields.filter(CustomField.field_type.in_(field_types))
if field_slugs:
fields = fields.filter(CustomField.slug.in_(field_slugs))
if excluded_field_types:
fields = fields.filter(
~CustomField.field_type.in_(excluded_field_types))
if registration_fields:
fields = fields.for_registration()
if getattr(form, 'CUSTOM_FIELDS_TYPE', None):
fields = fields.filter_by(custom_field_type=form.CUSTOM_FIELDS_TYPE)
for f in fields:
attrs = {'label': unicode(CustomFieldLabel(f.label)),
'validators': [],
'description': f.hint}
data = _CUSTOM_FIELDS_MAP[f.field_type.code]
# overwrite data if _CUSTOM_FIELDS_MAP attribute is present on form
form_fields_map = getattr(form, '_CUSTOM_FIELDS_MAP', None)
if form_fields_map:
try:
data = form_fields_map[f.field_type.code]
except KeyError:
pass
if f.required:
attrs['validators'].append(DataRequired())
attrs['validators'].extend(data.get('validators', []))
if f.max_length:
attrs['validators'].append(Length(max=f.max_length))
if f.field_type.code == CustomField.SELECT:
query = CustomFieldChoice.query.filter_by(custom_field=f)
attrs['choices'] = [(unicode(c.value), __(c.value.english))
for c in query]
if not f.required:
attrs['choices'] = [('', '---')] + attrs['choices']
attrs['coerce'] = unicode
if f.field_type.code == CustomField.LANGUAGE:
attrs['choices'] = [i for i in Participant.LANGUAGE_CHOICES
if i[0].lower() in app.config['TRANSLATIONS']]
if not f.required:
attrs['choices'] = [('', '---')] + attrs['choices']
attrs['coerce'] = unicode
if f.field_type.code == CustomField.CATEGORY:
query = Category.get_categories_for_meeting(
form.CUSTOM_FIELDS_TYPE)
if registration_fields:
query = query.filter_by(visible_on_registration_form=True)
attrs['choices'] = [(c.id, c) for c in query]
attrs['coerce'] = int
if f.field_type.code in (CustomField.MULTI_CHECKBOX,CustomField.RADIO):
query = CustomFieldChoice.query.filter_by(custom_field=f)
attrs['choices'] = [(unicode(c.value), c.value) for c in query]
attrs['coerce'] = unicode
# set field to form
# _set_rules_for_custom_fields(f, attrs)
field = data['field'](**attrs)
setattr(field, 'field_type', f.field_type.code)
form_attrs[f.slug] = field
form_attrs['rules'] = Rule.get_rules_for_fields(fields)
return type(form)(form.__name__, (form,), form_attrs)
class HarForm(Form):
har_file = FileField(__(u'Upload'))
submit = SubmitField(__(u'Submit'))
# -*- coding: utf-8 -*-
from flask.ext.babel import lazy_gettext as __
from flask_wtf import Form
from wtforms import SelectField, SubmitField
# Some fields need to know
name = __(u'username')
class CreateTaskForm(Form):
tpl = SelectField(u'Templates')
submit = SubmitField(__(u'Submit'))
def signout():
login.logout_user()
flask.flash(__('You have been signed out.'), category='success')
return flask.redirect(flask.url_for('welcome'))