def security_check():
request.user = l.get_user(session.get('userid'))
if request.user and not request.user.approved:
session.clear()
return redirect(url_for('login'))
path = request.path
if (request.user and path.startswith('/admin')
and request.user.email not in _ADMIN_EMAILS):
abort(403)
if path.startswith('/screening') and THIS_IS_BATCH:
abort(403)
if path.startswith('/batch') and not THIS_IS_BATCH:
if request.user and request.user.email not in _ADMIN_EMAILS:
abort(403)
if request.user:
return
safe_prefixes = ('/static', '/user', '/feedback', '/confirmation')
for prefix in safe_prefixes:
if path.startswith(prefix):
return
return redirect(url_for('login'))
def security_check():
request.user = l.get_user(session.get('userid'))
if request.user and not request.user.approved:
session.clear()
return redirect(url_for('login'))
path = request.path
if (request.user and path.startswith('/admin')
and request.user.email not in _ADMIN_EMAILS):
abort(403)
if path.startswith('/screening') and THIS_IS_BATCH:
abort(403)
if path.startswith('/batch') and not THIS_IS_BATCH:
if request.user and request.user.email not in _ADMIN_EMAILS:
abort(403)
if request.user:
return
safe_prefixes = ('/static', '/user', '/feedback', '/confirmation')
for prefix in safe_prefixes:
if path.startswith(prefix):
return
return redirect(url_for('login'))
def test_user_basics():
for n in range(20):
assert l.add_user(u'{}@example.com'.format(n), u'Name {}'.format(n),
u'pw{}'.format(n))
email = u'*****@*****.**'
name = u'Ned Jackson Lovely'
pw = u'password'
assert not l.check_pw(email, pw)
uid = l.add_user(email, name, pw)
assert len(l.list_users()) == 21
for user in l.list_users():
assert not user.approved_on
l.approve_user(uid)
for user in l.list_users():
assert not user.approved_on if user.id != uid else user.approved_on
assert l.get_user(uid).display_name == name
assert l.check_pw(email, pw)
assert l.check_pw(email.upper(), pw)
assert not l.check_pw(email, pw.upper())
pw2 = u'\u2603'
l.change_pw(uid, pw2)
assert not l.check_pw(email, pw)
assert l.check_pw(email, pw2)
def test_user_basics():
for n in range(20):
assert l.add_user(u"{}@example.com".format(n), u"Name {}".format(n), u"pw{}".format(n))
email = u"*****@*****.**"
name = u"Ned Jackson Lovely"
pw = u"password"
assert not l.check_pw(email, pw)
uid = l.add_user(email, name, pw)
assert len(l.list_users()) == 21
for user in l.list_users():
assert not user.approved_on
l.approve_user(uid)
for user in l.list_users():
assert not user.approved_on if user.id != uid else user.approved_on
assert l.get_user(uid).display_name == name
assert l.check_pw(email, pw)
assert l.check_pw(email.upper(), pw)
assert not l.check_pw(email, pw.upper())
pw2 = u"\u2603"
l.change_pw(uid, pw2)
assert not l.check_pw(email, pw)
assert l.check_pw(email, pw2)
def approve_user(uid):
l.approve_user(uid)
user = l.get_user(uid)
flash('Approved user {}'.format(user.email))
l.email_approved(uid)
requests.post('https://slack.com/api/users.admin.invite',
data = dict(token=os.environ['SLACK_TOKEN'], email=user.email))
return redirect(url_for('admin.list_users'))
def approve_user(uid):
l.approve_user(uid)
user = l.get_user(uid)
flash('Approved user {}'.format(user.email))
l.email_approved(uid)
requests.post('https://slack.com/api/users.admin.invite',
data=dict(token=os.environ['SLACK_TOKEN'], email=user.email))
return redirect(url_for('admin.list_users'))
def get_user():
user_id = request.args.get('user_id')
if not user_id:
return {'success':False,'error':env_constants.INVALID_REQUEST_ERROR}
user = logic.get_user(user_id)
if not user:
return {'success':False,'error':'No such user exists'}
return {'success':True, 'user':user}
def login_post():
uid = l.check_pw(request.values.get("email"), request.values.get("pw"))
if not uid:
flash("Bad email or password.")
return redirect(url_for("login"))
user = l.get_user(uid)
if not user.approved:
flash("You have not yet been approved.")
return redirect(url_for("login"))
session["userid"] = uid
return redirect("/")
def login_post():
uid = l.check_pw(request.values.get('email'), request.values.get('pw'))
if not uid:
flash('Bad email or password.')
return redirect(url_for('login'))
user = l.get_user(uid)
if not user.approved:
flash('You have not yet been approved.')
return redirect(url_for('login'))
session['userid'] = uid
return redirect('/')
def login_post():
uid = l.check_pw(request.values.get('email'),
request.values.get('pw'))
if not uid:
flash('Bad email or password.')
return redirect(url_for('login'))
user = l.get_user(uid)
if not user.approved:
flash('You have not yet been approved.')
return redirect(url_for('login'))
session['userid'] = uid
return redirect('/')
def edit(request):
""" Edit the user's own profile """
user = logic.get_user(request)
if request.method == "POST":
form = UserForm(request.POST, instance=user)
# check whether it's valid:
if form.is_valid():
m = form.save()
m.save()
return HttpResponseRedirect('/users/show/' + str(user.user_key))
else:
return render(request, 'users/edit_profile.html',
{'form': UserForm(instance=user),
'user': user,
'nanodegree_choices': NANODEGREE_CHOICES})
def show(request, user_key):
""" Show user's profile, and the project's they have created. """
user = logic.get_user(request, user_key=user_key)
problems = logic.get_user_submitted_problems(user)
solutions = logic.get_user_submitted_solutions(user)
liked_problems = logic.get_user_liked_problems(user)
liked_solutions = logic.get_user_liked_solutions(user)
return render(request,
'users/show_profile.html',
{'user': user,
'problems': problems,
'solutions': solutions,
'current_user': request.session['email'],
'liked_problems': liked_problems,
'liked_solutions': liked_solutions
})
def get(self):
user = users.get_current_user()
if not user:
self.redirect(users.create_login_url(self.request.uri))
return
user = logic.get_user(user.email())
logout_url = users.create_logout_url('/')
context = {
'user': user,
'logout_url': logout_url
}
self.response.write(render_to_string('testpage.html', context))
def admin(request):
guser = users.get_current_user()
if not guser:
return redirect(users.create_login_url(request.path))
logic.init_mbank()
logout_url = users.create_logout_url('/')
user = logic.get_user(guser.email())
peoples = gmodels.MUser.all().run(limit = 100)
admin = users.is_current_user_admin()
peoples = list(peoples)
# peoples_new_bill = list(peoples)
# peoples_topup = list(peoples)
return render_to_response('admin.html', locals())
def get(self):
self.response.headers['Content-Type'] = 'text/plain'
user = users.get_current_user()
if not user:
self.redirect(users.create_login_url(self.request.uri))
return
email = user.email()
user = logic.get_user(email)
records = logic.get_recent_record(user)
for record in records:
self.response.write('%s \r\n' % record)
def get(self):
user_id = tornado.escape.xhtml_escape(self.current_user)
template = 'afterlogintemplate.html'
topic = logic.get_current_topic(tornado.escape.xhtml_escape(self.current_user))
location = logic.get_current_location(tornado.escape.xhtml_escape(self.current_user))
relevant_locations = logic.get_relevant_locations()
user = logic.get_user(user_id)
auth_url = logic.get_twitter_auth_url()
variables = {
'title': "My Profile",
'type': "profile",
'username': user['username'],
'country': user['country'],
'alerts': logic.get_topic_list(user_id),
'topic': topic,
'location': location,
'relevant_locations': relevant_locations,
'auth_url': auth_url[0]
}
self.set_secure_cookie("request_token", str(auth_url[1]))
content = self.render_template(template, variables)
self.write(content)
def home(request):
guser = users.get_current_user()
if not guser:
return redirect(users.create_login_url(request.path))
user = logic.get_user(guser.email())
logout_url = users.create_logout_url('/')
admin = users.is_current_user_admin()
peoples = gmodels.MUser.all().run(limit = 100)
records = gmodels.SumRecord.all().order('-date').run(limit = 20)
drecords = []
for r in records:
nr = {};
nr['date'] = format_date(r.date)
nr['amount'] = r.amount
nr['balance'] = r.balance
nr['details'] = r.details
drecords.append(nr)
records = gmodels.BillingRecord.all().ancestor(user).order('-date').run(limit = 15)
precords = []
for r in records:
nr = {};
nr['date'] = format_date(r.date)
nr['amount'] = r.amount
nr['balance'] = r.balance
nr['details'] = r.extra
precords.append(nr)
return render_to_response('home.html', locals())
def security_check():
request.user = l.get_user(session.get("userid"))
if request.user and not request.user.approved:
session.clear()
return redirect(url_for("login"))
path = request.path
if request.user and path.startswith("/admin") and request.user.email not in _ADMIN_EMAILS:
abort(403)
if path.startswith("/screening") and THIS_IS_BATCH:
abort(403)
if path.startswith("/batch") and not THIS_IS_BATCH:
abort(403)
if request.user:
return
for prefix in ("/static", "/user", "/feedback"):
if path.startswith(prefix):
return
return redirect(url_for("login"))
def approve_user(uid):
l.approve_user(uid)
user = l.get_user(uid)
flash("Approved user {}".format(user.email))
return redirect(url_for("list_users"))
def get_user():
user = logic.get_user(user_id)
if not user:
return {'success':False,'error':'No such user exists'}
return {'success':True, 'user':user}
def approve_user(uid):
l.approve_user(uid)
user = l.get_user(uid)
flash('Approved user {}'.format(user.email))
l.email_approved(uid)
return redirect(url_for('list_users'))
def get(self, id):
"""Returns the user json based on id"""
return get_user(id)
