Esempio n. 1
0
 def _configure_POST(github):
     valid = Validation(request)
     repo = valid.require("repo")
     if not valid.ok:
         return "quit yo hackin bullshit"
     repo = github.get_repo(repo)
     if not repo:
         return "quit yo hackin bullshit"
     task = Task()
     task.name = "{}::github_pr_to_build".format(repo.full_name)
     task.user_id = current_user.id
     task._taskdef = "github_pr_to_build"
     db.session.add(task)
     db.session.flush()
     record = GitHubPRToBuild._GitHubPRToBuildRecord()
     record.id = uuid4()
     record.user_id = current_user.id
     record.task_id = task.id
     record.github_webhook_id = -1
     record.repo = repo.full_name
     db.session.add(record)
     db.session.flush()
     hook = repo.create_hook("web", {
         "url":
         _root +
         url_for("github_pr_to_build._webhook", record_id=record.id),
         "content_type":
         "json",
     }, ["pull_request"],
                             active=True)
     record.github_webhook_id = hook.id
     db.session.commit()
     return redirect(url_for("html.edit_task", task_id=task.id))
 def _webhook(record_id):
     record_id = UUID(record_id)
     hook = GitHubCommitToBuild._GitHubCommitToBuildRecord.query.filter(
         GitHubCommitToBuild._GitHubCommitToBuildRecord.id ==
         record_id).one_or_none()
     if not hook:
         return "Unknown hook " + str(record_id), 404
     valid = Validation(request)
     commit = valid.require("head_commit")
     repo = valid.require("repository")
     ref = valid.require("ref")
     if not valid.ok:
         return "Got request, but it has no commits"
     return submit_github_build(
         "commits",
         hook,
         repo,
         commit,
         env={
             "GITHUB_DELIVERY": request.headers.get("X-GitHub-Delivery"),
             "GITHUB_EVENT": request.headers.get("X-GitHub-Event"),
             "GITHUB_REF": ref,
             "GITHUB_REPO": repo["full_name"],
         },
         secrets=hook.secrets)
Esempio n. 3
0
 def _webhook(record_id):
     record_id = UUID(record_id)
     hook = GitHubPRToBuild._GitHubPRToBuildRecord.query.filter(
         GitHubPRToBuild._GitHubPRToBuildRecord.id == record_id).first()
     if not hook:
         return "Unknown hook " + str(record_id), 404
     valid = Validation(request)
     pr = valid.require("pull_request")
     action = valid.require("action")
     if not valid.ok:
         return "Got request, but it has no commits"
     if action not in ["opened", "synchronize"]:
         return "Got update, but there are no new commits"
     head = pr["head"]
     base = pr["base"]
     base_repo = base["repo"]
     head_repo = head["repo"]
     auth = GitHubAuthorization.query.filter(
         GitHubAuthorization.user_id == hook.user_id).first()
     if not auth:
         return ("You have not authorized us to access your GitHub account",
                 401)
     return submit_build(hook,
                         head_repo,
                         head,
                         base_repo,
                         secrets=False,
                         extras={
                             "automerge": hook.automerge,
                             "pr": pr["number"]
                         })
    def _webhook(record_id):
        record_id = UUID(record_id)
        hook = GitLabCommitToBuild._GitLabCommitToBuildRecord.query.filter(
                GitLabCommitToBuild._GitLabCommitToBuildRecord.id == record_id
            ).one_or_none()
        if not hook:
            return "Unknown hook " + str(record_id), 404
        auth = GitLabAuthorization.query.filter(
                GitLabAuthorization.user_id == hook.user_id,
                GitLabAuthorization.upstream == hook.upstream,
            ).first()
        if not auth:
            return "Invalid authorization for this hook"
        gitlab = Gitlab(f"https://{hook.upstream}",
                oauth_token=auth.oauth_token)

        valid = Validation(request)
        commit = valid.require("after")
        ref = valid.require("ref")
        if not valid.ok:
            return "Unexpected hook payload"

        try:
            project = gitlab.projects.get(hook.repo_id)
            commit = project.commits.get(commit)
        except:
            return "Unable to fetch commit information"

        urls = submit_gitlab_build("commits", auth, hook, project, commit, env={
            "GITLAB_REF": ref,
        })
        if isinstance(urls, str):
            return urls
        return "Submitted:\n\n" + "\n".join([f"{n}: {u}" for n, u in urls])
Esempio n. 5
0
def authorize():
    valid = Validation(request)
    client_id = request.headers.get("X-OAuth-ID")
    client_secret = request.headers.get("X-OAuth-Secret")
    valid.expect(client_id and client_secret,
                 "Required X-OAuth-ID and X-OAuth-Secret headers missing")
    if not valid.ok:
        return valid.response

    client = (OAuthClient.query.filter(
        OAuthClient.client_id == client_id).one_or_none())
    valid.expect(client is not None, "Unknown X-OAuth-ID")
    if not valid.ok:
        return valid.response

    client_secret_hash = hashlib.sha512(client_secret.encode()).hexdigest()
    valid.expect(client_secret_hash == client.client_secret_hash,
                 "Incorrect X-OAuth-Secret")
    if not valid.ok:
        return valid.response

    valid.expect(
        client.preauthorized,
        "This feature is only available to first-party OAuth clients")
    if not valid.ok:
        return valid.response

    g.oauth_client = client
Esempio n. 6
0
def tracker_labels_POST(owner, name):
    tracker, access = get_tracker(owner, name)
    is_owner = current_user.id == tracker.owner_id
    if not tracker:
        abort(404)
    if not is_owner:
        abort(403)

    valid = Validation(request)
    label_name = valid.require("name")
    label_color = valid.require("color")
    if not valid.ok:
        return render_template("tracker-labels.html",
                               tracker=tracker,
                               access=access,
                               is_owner=is_owner,
                               **valid.kwargs), 400

    valid.expect(2 < len(label_name) < 50,
                 "Must be between 2 and 50 characters",
                 field="name")
    valid.expect(color.valid_hex_color_code(label_color),
                 "Invalid hex color code",
                 field="color")
    if not valid.ok:
        return render_template("tracker-labels.html",
                               tracker=tracker,
                               access=access,
                               is_owner=is_owner,
                               **valid.kwargs), 400

    existing_label = (Label.query.filter(
        Label.tracker_id == tracker.id).filter(
            Label.name == label_name)).first()
    valid.expect(not existing_label,
                 "A label with this name already exists",
                 field="name")
    if not valid.ok:
        return render_template("tracker-labels.html",
                               tracker=tracker,
                               access=access,
                               is_owner=is_owner,
                               **valid.kwargs), 400

    # Determine a foreground color to use
    label_color_rgb = color.color_from_hex(label_color)
    text_color_rgb = color.get_text_color(label_color_rgb)
    text_color = color.color_to_hex(text_color_rgb)

    label = Label()
    label.tracker_id = tracker.id
    label.name = label_name
    label.color = label_color
    label.text_color = text_color
    db.session.add(label)
    db.session.commit()

    return redirect(url_for(".tracker_labels_GET", owner=owner, name=name))
 def edit_POST(task):
     record = GitLabCommitToBuild._GitLabCommitToBuildRecord.query.filter(
         GitLabCommitToBuild._GitLabCommitToBuildRecord.task_id == task.id
     ).one_or_none()
     valid = Validation(request)
     secrets = valid.optional("secrets", cls=bool, default=False)
     record.secrets = bool(secrets)
     db.session.commit()
     return redirect(url_for("html.edit_task", task_id=task.id))
Esempio n. 8
0
 def edit_POST(task):
     record = GitHubPRToBuild._GitHubPRToBuildRecord.query.filter(
         GitHubPRToBuild._GitHubPRToBuildRecord.task_id ==
         task.id).one_or_none()
     valid = Validation(request)
     automerge = valid.optional("automerge", cls=bool, default=False)
     record.automerge = bool(automerge)
     db.session.commit()
     return redirect(url_for("html.edit_task", task_id=task.id))
Esempio n. 9
0
 def edit_POST(task):
     record = GitLabMRToBuild._GitLabMRToBuildRecord.query.filter(
         GitLabMRToBuild._GitLabMRToBuildRecord.task_id ==
         task.id).one_or_none()
     valid = Validation(request)
     # TODO: Check if the repo is public/private and enable secrets if so
     secrets = valid.optional("secrets", cls=bool, default=False)
     record.secrets = bool(secrets)
     db.session.commit()
     return redirect(url_for("html.edit_task", task_id=task.id))
Esempio n. 10
0
def ssh_keys_POST():
    user = User.query.get(current_user.id)
    valid = Validation(request)

    ssh_key = valid.require("ssh-key")
    if valid.ok:
        try:
            parsed_key = ssh.SSHKey(ssh_key)
            valid.expect(parsed_key.bits, "This is not a valid SSH key",
                         "ssh-key")
        except:
            valid.error("This is not a valid SSH key", "ssh-key")
    if valid.ok:
        fingerprint = parsed_key.hash_md5()[4:]
        valid.expect(SSHKey.query\
            .filter(SSHKey.fingerprint == fingerprint) \
            .count() == 0, "We already have this SSH key on file.", "ssh-key")

    if not valid.ok:
        return render_template("keys.html",
                               current_user=user,
                               ssh_key=ssh_key,
                               valid=valid)

    key = SSHKey(user, ssh_key, fingerprint, parsed_key.comment)
    db.session.add(key)
    audit_log("ssh key added", 'Added SSH key {}'.format(fingerprint))
    db.session.commit()
    return redirect("/keys")
Esempio n. 11
0
def create():
    if not current_app.repo_api:
        abort(501)
    valid = Validation(request)
    repo = current_app.repo_api.create_repo(valid, current_user)
    if not valid.ok:
        return render_template("create.html", **valid.kwargs)
    another = valid.optional("another")
    if another == "on":
        return redirect("/create?another")
    else:
        return redirect("/~{}/{}".format(current_user.username, repo.name))
Esempio n. 12
0
def settings_info_POST(owner_name, repo_name):
    owner, repo = check_access(owner_name, repo_name, UserAccess.manage)
    if isinstance(repo, BaseRedirectMixin):
        repo = repo.new_repo
    valid = Validation(request)
    desc = valid.optional("description", default=repo.description)
    visibility = valid.optional("visibility",
                                cls=RepoVisibility,
                                default=repo.visibility)
    repo.visibility = visibility
    repo.description = desc
    db.session.commit()
    return redirect("/{}/{}/settings/info".format(owner_name, repo_name))
 def _webhook(record_id):
     record_id = UUID(record_id)
     hook = GitHubCommitToBuild._GitHubCommitToBuildRecord.query.filter(
             GitHubCommitToBuild._GitHubCommitToBuildRecord.id == record_id
         ).one_or_none()
     if not hook:
         return "Unknown hook " + str(record_id), 404
     valid = Validation(request)
     commit = valid.require("head_commit")
     repo = valid.require("repository")
     if not valid.ok:
         return "Got request, but it has no commits"
     return submit_build(hook, repo, commit, secrets=hook.secrets)
Esempio n. 14
0
def ticket_edit_POST(owner, name, ticket_id):
    tracker, _ = get_tracker(owner, name)
    if not tracker:
        abort(404)
    ticket, access = get_ticket(tracker, ticket_id)
    if not ticket:
        abort(404)
    if not TicketAccess.edit in access:
        abort(401)

    valid = Validation(request)
    title = valid.require("title", friendly_name="Title")
    desc = valid.optional("description")

    valid.expect(not title or 3 <= len(title) <= 2048,
                 "Title must be between 3 and 2048 characters.",
                 field="title")
    valid.expect(not desc or len(desc) < 16384,
                 "Description must be no more than 16384 characters.",
                 field="description")

    if not valid.ok:
        return render_template("edit_ticket.html",
                               tracker=tracker,
                               ticket=ticket,
                               **valid.kwargs)

    ticket.title = title
    ticket.description = desc
    db.session.commit()

    return redirect(ticket_url(ticket))
Esempio n. 15
0
def submit_POST():
    valid = Validation(request)
    _manifest = valid.require("manifest", friendly_name="Manifest")
    max_len = Job.manifest.prop.columns[0].type.length
    note = valid.optional("note", default="Submitted on the web")
    valid.expect(not _manifest or len(_manifest) < max_len,
                 "Manifest must be less than {} bytes".format(max_len),
                 field="manifest")
    if not valid.ok:
        return render_template("submit.html", **valid.kwargs)
    try:
        manifest = Manifest(yaml.safe_load(_manifest))
    except Exception as ex:
        valid.error(str(ex), field="manifest")
        return render_template("submit.html", **valid.kwargs)
    job = Job(current_user, _manifest)
    job.note = note
    db.session.add(job)
    db.session.flush()
    for task in manifest.tasks:
        t = Task(job, task.name)
        db.session.add(t)
        db.session.flush()  # assigns IDs for ordering purposes
    queue_build(job, manifest)  # commits the session
    return redirect("/~" + current_user.username + "/job/" + str(job.id))
Esempio n. 16
0
def ticket_add_label(owner, name, ticket_id):
    tracker, _ = get_tracker(owner, name)
    if not tracker:
        abort(404)
    ticket, access = get_ticket(tracker, ticket_id)
    if not ticket:
        abort(404)
    if not TicketAccess.edit in access:
        abort(401)

    valid = Validation(request)
    label_id = valid.require("label_id", friendly_name="A label")
    if not valid.ok:
        ctx = get_ticket_context(ticket, tracker, access)
        return render_template("ticket.html", **ctx, **valid.kwargs)

    valid.expect(re.match(r"^\d+$", label_id),
                 "Label ID must be numeric",
                 field="label_id")
    if not valid.ok:
        ctx = get_ticket_context(ticket, tracker, access)
        return render_template("ticket.html", **ctx, **valid.kwargs)

    label_id = int(request.form.get('label_id'))
    label = Label.query.filter(Label.id == label_id).first()
    if not label:
        abort(404)

    ticket_label = (TicketLabel.query.filter(
        TicketLabel.label_id == label.id).filter(
            TicketLabel.ticket_id == ticket.id)).first()

    if not ticket_label:
        ticket_label = TicketLabel()
        ticket_label.ticket_id = ticket.id
        ticket_label.label_id = label.id
        ticket_label.user_id = current_user.id

        event = Event()
        event.event_type = EventType.label_added
        event.user_id = current_user.id
        event.ticket_id = ticket.id
        event.label_id = label.id

        db.session.add(ticket_label)
        db.session.add(event)
        db.session.commit()

    return redirect(ticket_url(ticket))
Esempio n. 17
0
def settings_access_POST(owner, name):
    tracker, access = get_tracker(owner, name)
    if not tracker:
        abort(404)
    if current_user.id != tracker.owner_id:
        abort(403)

    valid = Validation(request)
    perm_anon = parse_html_perms('anon', valid)
    perm_user = parse_html_perms('user', valid)
    perm_submit = parse_html_perms('submit', valid)
    # TODO: once repos are linked
    #perm_commit = parse_html_perms('commit', valid)

    if not valid.ok:
        return render_template("tracker-access.html",
                               tracker=tracker,
                               access_type_list=TicketAccess,
                               access_help_map=access_help_map,
                               **valid.kwargs), 400

    tracker.default_anonymous_perms = perm_anon
    tracker.default_user_perms = perm_user
    tracker.default_submitter_perms = perm_submit
    #tracker.default_committer_perms = perm_commit

    db.session.commit()
    return redirect(tracker_url(tracker))
Esempio n. 18
0
def repos_POST():
    if not current_app.repo_api:
        abort(501)
    valid = Validation(request)
    repo = current_app.repo_api.create_repo(valid, current_token.user)
    if not valid.ok:
        return valid.response
    return repo_json(repo)
Esempio n. 19
0
def forgot_POST():
    valid = Validation(request)
    email = valid.require("email", friendly_name="Email")
    if not valid.ok:
        return render_template("forgot.html", **valid.kwargs)
    user = User.query.filter(User.email == email).first()
    valid.expect(user, "No account found with this email address.")
    if not valid.ok:
        return render_template("forgot.html", **valid.kwargs)
    factors = (UserAuthFactor.query.filter(
        UserAuthFactor.user_id == user.id)).all()
    valid.expect(
        not any(f for f in factors
                if f.factor_type in [FactorType.totp, FactorType.u2f]),
        "This account has two-factor authentication enabled, contact support.")
    if not valid.ok:
        return render_template("forgot.html", **valid.kwargs)
    rh = user.gen_reset_hash()
    db.session.commit()
    send_email(
        'reset_pw',
        user.email,
        'Reset your password on {}'.format(site_name),
        headers={
            "From":
            f"{cfg('sr.ht', 'owner-name')} <*****@*****.**>",
            "To":
            "{} <{}>".format(user.username, user.email),
            "Reply-To":
            f"{cfg('sr.ht', 'owner-name')} <{cfg('sr.ht', 'owner-email')}>",
        },
        user=user)
    audit_log("password reset requested", user=user)
    return render_template("forgot.html", done=True)
Esempio n. 20
0
def user_webhooks_POST():
    valid = Validation(request)
    sub = UserWebhook.Subscription(valid,
            current_token.client_id, current_token.user_id)
    if not valid.ok:
        return valid.response
    db.session.add(sub)
    db.session.commit()
    return sub.to_dict()
Esempio n. 21
0
def repos_by_name_PUT(owner, name):
    user, repo = check_repo(owner, name, authorized=current_token.user)
    if isinstance(repo, BaseRedirectMixin):
        abort(404)
    valid = Validation(request)
    prop(valid, repo, "visibility", cls=RepoVisibility)
    prop(valid, repo, "description", cls=str)
    db.session.commit()
    return repo_json(repo)
 def _webhook(record_id):
     record_id = UUID(record_id)
     hook = GitHubPRToBuild._GitHubPRToBuildRecord.query.filter(
         GitHubPRToBuild._GitHubPRToBuildRecord.id == record_id).first()
     if not hook:
         return "Unknown hook " + str(record_id), 404
     valid = Validation(request)
     pr = valid.require("pull_request")
     action = valid.require("action")
     if not valid.ok:
         return "Got request, but it has no commits"
     if action not in ["opened", "synchronize"]:
         return "Got update, but there are no new commits"
     head = pr["head"]
     base = pr["base"]
     base_repo = base["repo"]
     head_repo = head["repo"]
     auth = GitHubAuthorization.query.filter(
         GitHubAuthorization.user_id == hook.user_id).first()
     if not auth:
         return ("You have not authorized us to access your GitHub account",
                 401)
     secrets = hook.secrets
     if not base_repo["private"]:
         secrets = False
     return submit_github_build(
         "pulls",
         hook,
         head_repo,
         head,
         base_repo,
         secrets=secrets,
         extras={
             "automerge": hook.automerge,
             "pr": pr["number"]
         },
         env={
             "GITHUB_DELIVERY": request.headers.get("X-GitHub-Delivery"),
             "GITHUB_EVENT": request.headers.get("X-GitHub-Event"),
             "GITHUB_PR_NUMBER": str(pr["number"]),
             "GITHUB_PR_TITLE": pr["title"],
             "GITHUB_BASE_REPO": base_repo["full_name"],
             "GITHUB_HEAD_REPO": head_repo["full_name"],
         })
Esempio n. 23
0
def ticket_comment_POST(owner, name, ticket_id):
    tracker, access = get_tracker(owner, name)
    if not tracker:
        abort(404)
    ticket, access = get_ticket(tracker, ticket_id)
    if not ticket:
        abort(404)

    valid = Validation(request)
    text = valid.optional("comment")
    resolve = valid.optional("resolve")
    resolution = valid.optional("resolution")
    reopen = valid.optional("reopen")

    valid.expect(not text or 3 <= len(text) <= 16384,
                 "Comment must be between 3 and 16384 characters.",
                 field="comment")
    valid.expect(text or resolve or reopen,
                 "Comment is required",
                 field="comment")

    if (resolve or reopen) and TicketAccess.edit not in access:
        abort(403)

    if resolve:
        try:
            resolution = TicketResolution(int(resolution))
        except Exception as ex:
            abort(400, "Invalid resolution")
    else:
        resolution = None

    if not valid.ok:
        ctx = get_ticket_context(ticket, tracker, access)
        return render_template("ticket.html", **ctx, **valid.kwargs)

    comment = add_comment(current_user,
                          ticket,
                          text=text,
                          resolve=resolve,
                          resolution=resolution,
                          reopen=reopen)

    return redirect(ticket_url(ticket, comment))
Esempio n. 24
0
    def _webhook(record_id):
        record_id = UUID(record_id)
        hook = GitLabMRToBuild._GitLabMRToBuildRecord.query.filter(
            GitLabMRToBuild._GitLabMRToBuildRecord.id ==
            record_id).one_or_none()
        if not hook:
            return "Unknown hook " + str(record_id), 404
        auth = GitLabAuthorization.query.filter(
            GitLabAuthorization.user_id == hook.user_id,
            GitLabAuthorization.upstream == hook.upstream,
        ).first()
        if not auth:
            return "Invalid authorization for this hook"
        gitlab = Gitlab(f"https://{hook.upstream}",
                        oauth_token=auth.oauth_token)

        valid = Validation(request)
        object_attrs = valid.require("object_attributes")
        if not valid.ok:
            return "Unexpected hook payload"
        source = object_attrs["source"]
        last_commit = object_attrs["last_commit"]

        project = gitlab.projects.get(hook.repo_id)
        source = gitlab.projects.get(source["id"])
        commit = project.commits.get(last_commit["id"])
        merge_req = project.mergerequests.get(object_attrs["iid"])

        urls = submit_gitlab_build(
            "mrs", auth, hook, project, commit, source, {
                "GITLAB_MR_NUMBER": object_attrs["iid"],
                "GITLAB_MR_TITLE": object_attrs["title"],
                "GITLAB_BASE_REPO": project.attributes["name_with_namespace"],
                "GITLAB_HEAD_REPO": source.attributes["name_with_namespace"],
            })
        if isinstance(urls, str):
            return urls

        summary = "\n\nbuilds.sr.ht jobs:\n\n" + ("\n".join(
            [f"[{n}]({url}): :clock1: running" for n, u in urls]))
        merge_req.description += summary
        merge_req.save()
        return
Esempio n. 25
0
def settings_POST(owner_name, list_name):
    owner, ml, access = get_list(owner_name, list_name)
    if not ml:
        abort(404)
    if ml.owner_id != current_user.id:
        abort(401)

    valid = Validation(request)
    list_desc = valid.optional("list_desc")
    if list_desc == "":
        list_desc = None
    valid.expect(not list_desc or 16 < len(list_desc) < 2048,
                 "Description must be between 16 and 2048 characters.",
                 field="list_desc")

    if not valid.ok:
        return render_template("list-settings.html",
                               list=ml,
                               owner=owner,
                               access_type_list=ListAccess,
                               access_help_map=access_help_map,
                               **valid.kwargs)

    def process(perm):
        bitfield = ListAccess.none
        for access in ListAccess:
            if access in [ListAccess.none]:
                continue
            if valid.optional("perm_{}_{}".format(perm, access.name)) != None:
                bitfield |= access
        return bitfield

    ml.description = list_desc
    ml.nonsubscriber_permissions = process("nonsub")
    ml.subscriber_permissions = process("sub")
    ml.account_permissions = process("account")

    db.session.commit()

    return redirect(
        url_for("archives.archive", owner_name=owner_name,
                list_name=list_name))
Esempio n. 26
0
def settings_details_POST(owner, name):
    tracker, access = get_tracker(owner, name)
    if not tracker:
        abort(404)
    if current_user.id != tracker.owner_id:
        abort(403)

    valid = Validation(request)
    desc = valid.optional("tracker_desc", default=tracker.description)
    valid.expect(not desc or len(desc) < 4096,
                 "Must be less than 4096 characters",
                 field="tracker_desc")
    if not valid.ok:
        return render_template("tracker-details.html",
                               tracker=tracker,
                               **valid.kwargs), 400

    tracker.description = desc
    db.session.commit()
    return redirect(tracker_url(tracker))
Esempio n. 27
0
def secret_delete_POST():
    valid = Validation(request)

    uuid = valid.require("uuid")
    if not uuid:
        abort(404)

    secret = Secret.query.filter(Secret.uuid == uuid).first()
    if not secret:
        abort(404)
    if secret.user_id != current_user.id:
        abort(401)

    name = secret.name
    db.session.delete(secret)
    db.session.commit()

    session["message"] = "Successfully removed secret {}{}.".format(
        uuid, " ({})".format(name) if name else "")
    return redirect("/secrets")
Esempio n. 28
0
def new_payment_POST():
    valid = Validation(request)
    term = valid.require("term")
    token = valid.require("stripe-token")
    if not valid.ok:
        return "Invalid form submission", 400
    if not current_user.stripe_customer:
        new_customer = True
        try:
            customer = stripe.Customer.create(
                    description="~" + current_user.username,
                    email=current_user.email,
                    card=token)
            current_user.stripe_customer = customer.id
            current_user.payment_due = datetime.utcnow() + timedelta(seconds=-1)
        except stripe.error.CardError as e:
            details = e.json_body["error"]["message"]
            return render_template("new-payment.html",
                    amount=current_user.payment_cents, error=details)
    else:
        new_customer = False
        try:
            customer = stripe.Customer.retrieve(current_user.stripe_customer)
            source = customer.sources.create(source=token)
            customer.default_source = source.stripe_id
            customer.save()
        except stripe.error.CardError as e:
            details = e.json_body["error"]["message"]
            return render_template("new-payment.html",
                    amount=current_user.payment_cents, error=details)
    audit_log("billing", "New payment method handed")
    current_user.payment_interval = PaymentInterval(term)
    success, details = charge_user(current_user)
    if not success:
        return render_template("new-payment.html",
                amount=current_user.payment_cents, error=details)
    db.session.commit()
    if new_customer:
        return redirect(onboarding_redirect)
    session["message"] = "Your payment method was updated."
    return redirect(url_for("billing.billing_GET"))
Esempio n. 29
0
def privacy_POST():
    valid = Validation(request)

    key_id = valid.require("pgp-key")
    key_id = key_id if key_id != "null" else None
    key = None

    if key_id:
        key = PGPKey.query.get(int(key_id))
        valid.expect(key.user_id == current_user.id, "Invalid PGP key")

    if not valid.ok:
        return redirect("/privacy")

    user = User.query.get(current_user.id)
    user.pgp_key = key
    audit_log("changed pgp key",
            "Set default PGP key to {}".format(key.key_id if key else None))
    db.session.commit()

    return redirect("/privacy")
Esempio n. 30
0
def reset_POST(token):
    user = User.query.filter(User.reset_hash == token).first()
    if not user:
        abort(404)
    if user.reset_expiry < datetime.utcnow():
        abort(404)
    valid = Validation(request)
    password = valid.require("password", friendly_name="Password")
    if not valid.ok:
        return render_template("reset.html", valid=valid)
    valid.expect(8 <= len(password) <= 512,
                 "Password must be between 8 and 512 characters.", "password")
    if not valid.ok:
        return render_template("reset.html", valid=valid)
    user.password = bcrypt.hashpw(password.encode('utf-8'),
                                  salt=bcrypt.gensalt()).decode('utf-8')
    audit_log("password reset", user=user)
    db.session.commit()
    login_user(user, remember=True)
    metrics.meta_pw_resets.inc()
    return redirect("/")