def logout(self): username=cherrypy.session.get('username') if not username: flash("You haven't logged in.", 'error') return self.render(error_view, error_message="Please login before logging out, because you cannot logout before you have logged in.") cherrypy.session.clear() flash("Logged out successfully!", 'success') forward_url = cherrypy.request.headers.get("Referer", "/") raise cherrypy.HTTPRedirect(forward_url or "/")
def login(self, username=None, password=None): """The login POST endpoint.""" if cherrypy.request.method != "POST": raise cherrypy.HTTPError(404) if cherrypy.session.get('username'): flash("You have already logged in.") raise cherrypy.HTTPRedirect(cherrypy.request.headers.get("Referer", "/") or "/") valid = User.validate_credentials(username, password) status = User.get_user(username)['member_type'] if not valid: flash("Invalid credentials.", 'error') raise cherrypy.HTTPRedirect(cherrypy.request.headers.get("Referer", "/") or "/") if status == 'banned': flash("You can't login, you are banned!", 'error') raise cherrypy.HTTPRedirect('/') User.log_visit(username) cherrypy.session['username'] = username cherrypy.session.save() flash("Logged in successfully!", 'success') # redirect user back to the page where login was entered raise cherrypy.HTTPRedirect(cherrypy.request.headers.get("Referer", "/") or "/")
def delete(username, songname): """Attempts to delete a song.""" if not cherrypy.session.get('username'): raise cherrypy.HTTPError(401) if cherrypy.request.method != 'POST': raise cherrypy.HTTPError(404) current_user = cherrypy.session.get('username') user = User.get_user(current_user) if user['member_type'] != 'admin': if current_user != username: raise cherrypy.HTTPError(401) songid = Song.get_user_song(username, songname) Song.delete_song(songid) flash("Deleted '%s'" % (songname), 'success') raise cherrypy.HTTPRedirect("/users/" + username)
def users(self, who=None, **args): """User detail page handler.""" if not who: # TODO add user listing here? flash('Invalid user.', 'error') return self.render(error_view) person = User.get_user(who) if person == None: msg = "User '%s' not found!" % (str(who)) return self.render(error_view, error_message=msg) if 'ban' in args: self.set_user_type(who, 'banned') elif 'unban' in args: self.set_user_type(who, 'member') sanitized = User.sanitize_user(person) songs = User.get_user_songs_detailed(person["username"]) return self.render(user_view, user=sanitized, songs=songs)
def restrictfunc(group="member", method=None): """ An authentication function used to create a simple CherryPy compatible tool decorator. Checks if the current session satisfied the given conditions, if not the user is directed to a login page. """ if not cherrypy.session.get("username"): # raise cherrypy.HTTPError('401 Unauthorized') flash(restrict.error_message) raise cherrypy.HTTPRedirect(restrict.loginpath) if method: if cherrypy.request.method != method: raise cherrypy.HTTPError(404) # TODO return 405 and a list of allowed methods if group == "member": return elif group == "admin": # TODO actually pull the user information from the DB and check status return
def set_user_type(self, target, status): """ Attempts to set user member_type. Checks the credentials of the current session. """ if not cherrypy.session.get('username'): raise cherrypy.HTTPError(401) username=cherrypy.session.get('username') user = User.get_user(username) if user['member_type'] != 'admin': raise cherrypy.HTTPError(401) try: User.set_user_type(target, status) except: flash("Can't set user status!", 'error') else: flash("User status set to %s!" % status, 'success') raise cherrypy.HTTPRedirect("/users/%s" % target)
def register(self, username=None, password=None, password2=None, email=None): """Registration form page handler.""" if cherrypy.request.method == 'GET': return self.render(register_view) if cherrypy.request.method != 'POST': raise cherrypy.HTTPError(404) try: if password != password2: raise UserDetailException("Passwords do not match.") User.add_user(username=username, password=password, email=email) except UserDetailException as e: flash(str(e), 'error') return self.render(register_view) except UserAlreadyExistsException as e: flash("User already exists with that name.", 'error') return self.render(register_view) else: flash("Account created successfully! You can now log in.", 'success') raise cherrypy.HTTPRedirect('/')
def upload(self, songfile, influence, influence_type): """Song upload POST endpoint.""" username=cherrypy.session.get('username') if not songfile: flash('Invalid file.', 'error') raise cherrypy.HTTPRedirect("/uploadform") if not songfile.file: flash('Invalid file.', 'error') raise cherrypy.HTTPRedirect("/uploadform") songbytes = songfile.file.read() try: song = load_module(songbytes) except Exception as e: flash("%s is not a valid module, only ProTracker modules are supported." % songfile.filename , 'error') return self.render(upload_view) if influence and not influence_type: flash("Invalid influence type!") raise cherrypy.HTTPRedirect("/uploadform") songid = Song.add_song(song, songbytes, songfile, [username,]) flash("Song uploaded successfully.", 'success') if influence and influence != 'empty': influence_id = None try: influence_id = Influence.get_song_id_from_url(influence) except Exception as e: flash("Cannot parse influence url!", 'error') flash("Error: " + str(e), 'error') try: Influence.add_internal_influence(influence_id, songid, influence_type) except Exception as e: flash("Song influences were not added.", 'notice') flash("Error: " + str(e), 'error') raise cherrypy.HTTPRedirect("/users/%s" % (username, ))