def ping_send_group():
if ("ping" not in current_user.get_authgroups()) and ("ping-%s" % request.form["group"] not in current_user.get_authgroups()):
flash("You do not have the right to do that.", "danger")
return redirect("/ping")
count = pingbot.groupbroadcast(current_user.get_name(), "(|(authGroup={0}))".format(request.form["group"]), request.form["message"], request.form["group"])
flash("Broadcast sent to %d members in %s" % (count, request.form["group"]), "success")
return redirect("/ping")
def request_view():
if current_user.user_role == 'customer':
return redirect(url_for('index'))
from models import RequestList
lastNumber = False
lastDate = False
lastStatus = False
print(current_user.get_name())
queryA = RequestList.query.filter_by(
user_id=current_user.get_id()).order_by(
RequestList.table_id.desc()).limit(1)
lastNumber = 0
for row in queryA:
lastDate = row.request_date
lastNumber = row.number
lastStatus = row.status
pNumber = lastNumber + 1
if request.method == 'POST':
if request.form['cust_name']:
rl = RequestList(custname=request.form['cust_name'].upper(),
request_type=request.form['request_type'].upper(),
status=0,
number=pNumber,
user_id=current_user.get_id())
db.session.add(rl)
db.session.commit()
return jsonify({'data': [{'number': str(pNumber)}]})
return render_template('request.html')
def changePasswordForUser(username):
if not userManager.enabled:
return jsonify(SUCCESS)
if current_user is not None and not current_user.is_anonymous() and (
current_user.get_name() == username or current_user.is_admin()):
if not "application/json" in request.headers["Content-Type"]:
return make_response("Expected content-type JSON", 400)
try:
data = request.json
except BadRequest:
return make_response("Malformed JSON body in request", 400)
if not "password" in data.keys() or not data["password"]:
return make_response("password is missing from request", 400)
try:
userManager.changeUserPassword(username, data["password"])
except users.UnknownUser:
return make_response(("Unknown user: %s" % username, 404, []))
return jsonify(SUCCESS)
else:
return make_response(("Forbidden", 403, []))
def confirmation():
attendee = Attendee.lookup_from_account_id(
current_user.id).get_attendee_data()
if attendee['badge_name'] is None:
attendee['badge_name'] = current_user.get_name()
admit = Admit.lookup_from_account_id(current_user.id).get_admit_data()
admit['deadline'] = format_utc_datetime(
Admit.lookup_from_account_id(current_user.id).get_deadline(), eastern)
resume = {}
resume['policy_endpoint'] = '/accounts/' + str(
current_user.id) + '/resume/policy'
resume['resource_name'] = "PDF"
hacker = Hacker.lookup_from_account_id(current_user.id)
bus = (hacker.school_id in buses)
mit = (hacker.school_id == 166683)
travel = {}
travel['policy_endpoint'] = '/accounts/' + str(
current_user.id) + '/travel/policy'
travel['resource_name'] = "Travel Confirmation"
return render_full_template('confirmation.html',
attendee=attendee,
admit=admit,
s3=s3_config(),
resume=resume,
bus=bus,
mit=mit,
travel_reimbursement=travel)
def saveCustomerTurninDatabase(request, pNumber):
rl = RequestList(custname=current_user.get_name(),
request_type=request.form['description'],
status=0,
number=pNumber,
user_id=request.form['dealer_id'])
db.session.add(rl)
db.session.commit()
def find_user_from_current_user(self):
username = current_user.get_name()
self._logger.info("Current User: {0}".format(username))
user = self._user_manager.findUser(username)
self._logger.info("User: {0}".format(user))
# Unlike getAllUsers, findUser returns the actual user
# not a dict, so convert to a dict so it matches
# how we are handling the user.
return user.asDict()
def getSettingsForUser(username):
if not userManager.enabled:
return jsonify(SUCCESS)
if current_user is None or current_user.is_anonymous() or (current_user.get_name() != username and not current_user.is_admin()):
return make_response("Forbidden", 403)
try:
return jsonify(userManager.getAllUserSettings(username))
except users.UnknownUser:
return make_response("Unknown user: %s" % username, 404)
def generateApikeyForUser(username):
if not userManager.enabled:
return jsonify(SUCCESS)
if current_user is not None and not current_user.is_anonymous() and (current_user.get_name() == username or current_user.is_admin()):
try:
apikey = userManager.generateApiKey(username)
except users.UnknownUser:
return make_response(("Unknown user: %s" % username, 404, []))
return jsonify({"apikey": apikey})
else:
return make_response(("Forbidden", 403, []))
def deleteApikeyForUser(username):
if userManager is None:
return jsonify(SUCCESS)
if current_user is not None and not current_user.is_anonymous() and (current_user.get_name() == username or current_user.is_admin()):
try:
userManager.deleteApikey(username)
except users.UnknownUser:
return make_response(("Unknown user: %s" % username, 404, []))
return jsonify(SUCCESS)
else:
return make_response(("Forbidden", 403, []))
def getUser(username): if userManager is None: return jsonify(SUCCESS) if current_user is not None and not current_user.is_anonymous() and (current_user.get_name() == username or current_user.is_admin()): user = userManager.findUser(username) if user is not None: return jsonify(user.asDict()) else: abort(404) else: abort(403)
def getUser(username): if userManager is None: return jsonify(SUCCESS) if current_user is not None and not current_user.is_anonymous() and (current_user.get_name() == username or current_user.is_admin()): user = userManager.findUser(username) if user is not None: return jsonify(user.asDict()) else: abort(404) else: abort(403)
def generateApikeyForUser(username):
if not userManager.enabled:
return jsonify(SUCCESS)
if current_user is not None and not current_user.is_anonymous() and (
current_user.get_name() == username or current_user.is_admin()):
try:
apikey = userManager.generateApiKey(username)
except users.UnknownUser:
return make_response(("Unknown user: %s" % username, 404, []))
return jsonify({"apikey": apikey})
else:
return make_response(("Forbidden", 403, []))
def deleteApikeyForUser(username):
if userManager is None:
return jsonify(SUCCESS)
if current_user is not None and not current_user.is_anonymous() and (
current_user.get_name() == username or current_user.is_admin()):
try:
userManager.deleteApikey(username)
except users.UnknownUser:
return make_response(("Unknown user: %s" % username, 404, []))
return jsonify(SUCCESS)
else:
return make_response(("Forbidden", 403, []))
def getSettingsForUser(username):
if not userManager.enabled:
return jsonify(SUCCESS)
if current_user is None or current_user.is_anonymous() or (
current_user.get_name() != username
and not current_user.is_admin()):
return make_response("Forbidden", 403)
try:
return jsonify(userManager.getAllUserSettings(username))
except users.UnknownUser:
return make_response("Unknown user: %s" % username, 404)
def changePasswordForUser(username):
if userManager is None:
return jsonify(SUCCESS)
if current_user is not None and not current_user.is_anonymous() and (current_user.get_name() == username or current_user.is_admin()):
if "application/json" in request.headers["Content-Type"]:
data = request.json
if "password" in data.keys() and data["password"]:
try:
userManager.changeUserPassword(username, data["password"])
except users.UnknownUser:
return app.make_response(("Unknown user: %s" % username, 404, []))
return jsonify(SUCCESS)
else:
return app.make_response(("Forbidden", 403, []))
def changePasswordForUser(username):
if userManager is None:
return jsonify(SUCCESS)
if current_user is not None and not current_user.is_anonymous() and (current_user.get_name() == username or current_user.is_admin()):
if "application/json" in request.headers["Content-Type"]:
data = request.json
if "password" in data.keys() and data["password"]:
try:
userManager.changeUserPassword(username, data["password"])
except users.UnknownUser:
return make_response(("Unknown user: %s" % username, 404, []))
return jsonify(SUCCESS)
else:
return make_response(("Forbidden", 403, []))
def getCustomerAllTurn():
all_turn_user_id = []
responseDict = {}
customerTurn = 'select rl.table_id, u.username, u.id, rl.number from requestList rl '
customerTurn += 'inner join users u on rl.user_id = u.id '
customerTurn += 'where cust_name = "%s" ' % (current_user.get_name())
customerTurn += 'and status = 0 '
customerTurn += 'group by table_id '
cturn = db.engine.execute(customerTurn)
for row in cturn:
all_turn_user_id.append(row.id)
responseDict["%s-%s" % (row.table_id, row.id)] = [
row.username, row.id, row.number
]
return ','.join(map(str, all_turn_user_id)), responseDict
def test_login_logout(self):
"""Verify that user sessions are initiated and torn down properly."""
with self.client:
self.assertTrue(current_user.is_anonymous)
self.login('admin', 'default')
self.assertEqual(current_user.get_id(), 'admin')
self.assertTrue(
self.bcrypt.check_password_hash(
current_user.get_hash(), 'default'))
self.assertEqual(current_user.get_name(), 'Administrator')
self.assertTrue(current_user.is_authenticated())
self.assertTrue(current_user.is_active())
self.assertFalse(current_user.is_anonymous())
response = self.logout()
self.assertTrue(current_user.is_anonymous)
self.assertIn('You were logged out', response.data.decode('utf-8'))
def changeSettingsForUser(username):
if not userManager.enabled:
return jsonify(SUCCESS)
if current_user is None or current_user.is_anonymous() or (current_user.get_name() != username and not current_user.is_admin()):
return make_response("Forbidden", 403)
try:
data = request.json
except BadRequest:
return make_response("Malformed JSON body in request", 400)
try:
userManager.changeUserSettings(username, data)
return jsonify(SUCCESS)
except users.UnknownUser:
return make_response("Unknown user: %s" % username, 404)
def getWsToken():
publicKey = None
userLogged = settings().get(["cloudSlicer", "loggedUser"])
if userLogged:
if current_user.is_anonymous or current_user.get_name() != userLogged:
abort(401, "Unauthorized Access")
user = userManager.findUser(userLogged)
if user:
publicKey = user.publicKey
else:
abort(403, 'Invalid Logged User')
return Response(
json.dumps({'ws_token': create_ws_token(publicKey)}),
headers={'Access-Control-Allow-Origin': '*'}
if settings().getBoolean(['api', 'allowCrossOrigin']) else None)
def changeSettingsForUser(username):
if not userManager.enabled:
return jsonify(SUCCESS)
if current_user is None or current_user.is_anonymous() or (
current_user.get_name() != username
and not current_user.is_admin()):
return make_response("Forbidden", 403)
try:
data = request.json
except BadRequest:
return make_response("Malformed JSON body in request", 400)
try:
userManager.changeUserSettings(username, data)
return jsonify(SUCCESS)
except users.UnknownUser:
return make_response("Unknown user: %s" % username, 404)
def confirmation():
attendee = Attendee.lookup_from_account_id(current_user.id).get_attendee_data()
if attendee['badge_name'] is None:
attendee['badge_name'] = current_user.get_name()
admit = Admit.lookup_from_account_id(current_user.id).get_admit_data()
admit['deadline'] = format_utc_datetime(Admit.lookup_from_account_id(current_user.id).get_deadline(), eastern)
resume= {}
resume['policy_endpoint'] = '/accounts/' + str(current_user.id) + '/resume/policy'
resume['resource_name'] = "PDF"
hacker = Hacker.lookup_from_account_id(current_user.id)
bus = (hacker.school_id in buses)
mit = (hacker.school_id == 166683)
travel= {}
travel['policy_endpoint'] = '/accounts/' + str(current_user.id) + '/travel/policy'
travel['resource_name'] = "Travel Confirmation"
return render_full_template('confirmation.html', attendee=attendee, admit=admit, s3=s3_config(), resume=resume, bus=bus, mit=mit, travel_reimbursement=travel)
def changePasswordForUser(username):
if not userManager.enabled:
return jsonify(SUCCESS)
if current_user is not None and not current_user.is_anonymous() and (current_user.get_name() == username or current_user.is_admin()):
if not "application/json" in request.headers["Content-Type"]:
return make_response("Expected content-type JSON", 400)
try:
data = request.json
except BadRequest:
return make_response("Malformed JSON body in request", 400)
if not "password" in data.keys() or not data["password"]:
return make_response("password is missing from request", 400)
try:
userManager.changeUserPassword(username, data["password"])
except users.UnknownUser:
return make_response(("Unknown user: %s" % username, 404, []))
return jsonify(SUCCESS)
else:
return make_response(("Forbidden", 403, []))
def ping_send():
servers = map(lambda x:x + config["auth"]["domain"], ["allies.", "", "public."])
servers = filter(lambda x:x in request.form, servers)
pingbot.broadcast(current_user.get_name(),"All Online", request.form["message"], servers)
flash("Broadcast sent to All Online", "success")
return redirect("/ping")
def username():
return simplejson.dumps({
'username': (current_user.get_name() if current_user.get_id() else '')
})
def ping_send_advgroup():
ldap_filter = "("+request.form["filter"]+")"
message = request.form["message"]
count = pingbot.groupbroadcast(current_user.get_name(), ldap_filter, message, ldap_filter)
flash("Broadcast sent to %d members in %s" % (count, ldap_filter), "success")
return redirect("/ping")
def lottery():
name = current_user.get_name()
hacker = Hacker.lookup_from_account_id(current_user.id)
hacker_data = hacker.get_hacker_data()
return render_full_template('lottery.html', name=name, hacker=hacker_data)
def show(self, action):
UA = UserActions()
self.required_roles = []
template = ""
data = {}
try:
if current_user.is_authenticated():
data.update({"message": "You're already logged in."})
else:
data.update({
"login_form": LoginForm(),
"reg_form": RegistrationForm()
})
if action == "logout":
# Logout
if current_user.is_authenticated():
result = UA.logout()
if result["status"] == "success":
return redirect(
request.args.get("next")
or url_for("pages.index", name="home"))
else:
data.update({
"message":
"Unknown error occurred. Could not log user out."
})
else:
return redirect(url_for("user.index", action="login"))
elif action == "login":
# Login
template = "login"
if request.form:
lform = LoginForm(request.form)
if lform.validate():
result = UA.login(email=lform.email.data,
password=lform.password.data,
remember=False)
if result["status"] == "success":
nxt_url = request.args.get("next")
if not nxt_url or nxt_url == "/":
nxt_url = url_for("dashboard.index")
return redirect(nxt_url)
else:
data.update({
"status": "failed",
"message": result["message"]
})
else:
data.update({"login_form": lform})
elif action == "register" and request.form:
# User registration
rform = RegistrationForm(request.form)
elif action == "account" and current_user.is_authenticated():
# User account page
data.update({"message": "", "status": ""})
self.required_roles = [
"provider", "viewer", "subscriber", "buyer"
]
template = "account"
UUD = UpdateUserData(request.form)
if request.form:
if UUD.validate():
if UUD.password.data:
UUD.password.data = UA.encrypt_password(
UUD.password.data)
else:
UUD.password.data = current_user.password
current_user.password = UUD.password.data
current_user.update()
data.update({
"message":
"Successfully updated your account details",
"status": "success"
})
else:
UUD.name.data = current_user.get_name()
data.update({"update_form": UUD})
return self.render("user/" + template + ".html", data=data)
except Exception as e:
self.error_handle.get_error(
error=str(e), occurred_at="mad.modules.UserView.show()")
abort(401)
def show(self, action):
UA = UserActions()
self.required_roles = []
template = ""
data = {}
try:
if current_user.is_authenticated():
data.update({"message": "You're already logged in."})
else:
data.update({
"login_form": LoginForm(),
"reg_form": RegistrationForm()
})
if action=="logout":
# Logout
if current_user.is_authenticated():
result = UA.logout()
if result["status"]=="success":
return redirect(request.args.get("next") or url_for("pages.index", name="home"))
else:
data.update({"message": "Unknown error occurred. Could not log user out."})
else:
return redirect(url_for("user.index", action="login"))
elif action=="login":
# Login
template = "login"
if request.form:
lform = LoginForm(request.form)
if lform.validate():
result = UA.login(email=lform.email.data, password=lform.password.data, remember=False)
if result["status"]=="success":
nxt_url = request.args.get("next")
if not nxt_url or nxt_url == "/":
nxt_url = url_for("dashboard.index")
return redirect(nxt_url)
else:
data.update({"status": "failed", "message": result["message"]})
else:
data.update({"login_form": lform})
elif action=="register" and request.form:
# User registration
rform = RegistrationForm(request.form)
elif action=="account" and current_user.is_authenticated():
# User account page
data.update({"message": "", "status": ""})
self.required_roles = ["provider", "viewer", "subscriber", "buyer"]
template = "account"
UUD = UpdateUserData(request.form)
if request.form:
if UUD.validate():
if UUD.password.data:
UUD.password.data = UA.encrypt_password(UUD.password.data)
else:
UUD.password.data = current_user.password
current_user.password = UUD.password.data
current_user.update()
data.update({"message": "Successfully updated your account details", "status": "success"})
else:
UUD.name.data = current_user.get_name()
data.update({"update_form": UUD})
return self.render("user/"+template+".html", data=data)
except Exception as e:
self.error_handle.get_error(error=str(e), occurred_at="mad.modules.UserView.show()")
abort(401)
def lottery():
name = current_user.get_name()
hacker = Hacker.lookup_from_account_id(current_user.id)
hacker_data = hacker.get_hacker_data()
return render_full_template('lottery.html', name=name, hacker=hacker_data)
def get_current_user_name(self):
return current_user.get_name()
def get_current_user_name(self):
return current_user.get_name()
