def change_user_password(id): # Permissions check if id != request.user['user_id'] and not request.user['can_create_users']: raise KeyError("You must be an admin to change other users' passwords") # Parsing form data new_password = request.form['new_password'] try: old_password = request.form['old_password'] except KeyError: old_password = None # TODO: Fetching user by ID is silly if all we're using it for is a key # in change_password()... user = users.get_user_by_id(id) name = user['user_name'] # old_password = None tells change_password() to ignore the old # password check. As a result, it should only be None if the user # has administrative privileges, or an attack surface for account # hijacking exists. if old_password is None and not request.user['can_create_users']: raise ValueError("old_password is None, and you are not an admin.") users.change_password(name, new_password, old_password) return redirect(url_for('user_details', id=id))
def change_user_password(id): # Permissions check if id != request.user['user_id'] and not request.user['can_create_users']: raise KeyError("You must be an admin to change other users' passwords") # Parsing form data new_password = request.form['new_password'] try: old_password = request.form['old_password'] except KeyError: old_password = None # TODO: Fetching user by ID is silly if all we're using it for is a key # in change_password()... user = users.get_user_by_id(id) name = user['user_name'] # old_password = None tells change_password() to ignore the old # password check. As a result, it should only be None if the user # has administrative privileges, or an attack surface for account # hijacking exists. if old_password is None and not request.user['can_create_users']: raise ValueError("old_password is None, and you are not an admin.") users.change_password(name, new_password, old_password) return redirect(url_for('user_details', id=id))
def show(product_id): product = helpers.get_by(glob.products, product_id) if product is None : return 'No such product', 400 p = copy.deepcopy(product) iduser = p['user_id'] user = users.get_user_by_id(int(iduser)) p['user'] = user return jsonify( { 'product' : p } )
def get(self,path="/"): user_id_cv = self.request.cookies.get(str('user_id')) user_id = None if user_id_cv: user_id = utils.check_secure_val(user_id_cv) username = None if user_id: user = users.get_user_by_id(user_id) if user: username = user.login_name if username: #if valid user logged in wpages = get_page_history(path) self.show_history_page(username,wpages,path) else: self.redirect("/login")
def find_diff(u_id: str) -> Tuple[List[SkywardClass], List[SkywardClass]]: user_obj = users.get_user_by_id(u_id) mongo_grades_pkl = user_obj["grades"] mongo_grades = loads(mongo_grades_pkl) sky_data = user_obj["sky_data"] service = user_obj["service"] if sky_data == {}: raise SessionError("Session was destroyed.") try: curr_grades = SkywardAPI.from_session_data(service, sky_data).get_grades() users.update_user(u_id, {"grades": dumps(curr_grades)}) changed_grades = [] # type: List[SkywardClass] removed_grades = [] # type: List[SkywardClass] for curr_class, old_class in zip(curr_grades, mongo_grades): changed_grades.append(curr_class - old_class) removed_grades.append(old_class - curr_class) return (changed_grades, removed_grades) except SessionError: raise SessionError("Session was destroyed.")
def get(self,path="/"): user_id_cv = self.request.cookies.get(str('user_id')) user_id = None if user_id_cv: user_id = utils.check_secure_val(user_id_cv) username = None if user_id: user = users.get_user_by_id(user_id) if user: username = user.login_name if username: #if valid user logged in ver = self.request.get('v') if ver: page = get_page_by_id(ver) else: page = get_page(path,True) self.show_edit_page(username,page) else: self.redirect("/login")
def get(self,path="/"): user_id_cv = self.request.cookies.get(str('user_id')) user_id = None if user_id_cv: user_id = utils.check_secure_val(user_id_cv) username = None if user_id: #user logged in user = users.get_user_by_id(user_id) if user: username = user.login_name ## Check if page referred by the path exists ver = self.request.get('v') if ver: page = get_page_by_id(ver) else: page = get_page(path) if page: self.show_wiki_page(page,username) else: self.redirect("/_edit"+path)
def user_details(id): user = users.get_user_by_id(id) return render_template('user_details.html', user=user)
def load_user(uid): return users.get_user_by_id(get_db(), uid.encode('utf-8'))
def do_GET(self): self._set_headers(200) response = {} parsed = self.parse_url(self.path) if len(parsed) == 2: ( resource, id ) = parsed if resource == "users": if id is not None: response = get_user_by_id(id) else: response = get_all_users() if resource == "categories": if id is not None: pass else: response = get_all_categories() elif resource == "tags": if id is not None: pass else: response = get_all_tags() elif resource == "posts": if id is not None: response = get_post_by_id(id) else: response = get_all_posts() elif resource == "comments": if id is not None: pass else: response = get_all_comments() elif resource == "subscriptions": if id is not None: response = get_subscribed_posts_by_id(id) else: pass elif resource == "reactions": if id is not None: pass else: response = get_all_reactions() elif resource == "postreactions": if id is not None: response = get_postreactions_by_id(id) else: pass # Response from parse_url() is a tuple with 3 # items in it, which means the request was for # `/resource?parameter=value` elif len(parsed) == 3: ( resource, key, value ) = parsed if key == "user_id" and resource == "posts": response = get_posts_by_user_id(value) elif key.lower() == "isadmin" and resource == "users": response = get_users_by_profile_type(value) elif key == "category_id" and resource == "posts": response = get_posts_by_category_id(value) elif key == "tag_id" and resource == "posts": response = get_posts_by_tag_id(value) elif key == "q" and resource == "posts": response = get_posts_by_title_search(value) self.wfile.write(response.encode())
def user_details(id): user = users.get_user_by_id(id) return render_template('user_details.html', user=user)
def singleUser(id): return users.get_user_by_id(cursor, conn, request, id)