def register(**params): if request.method == "GET": return render_template_with_translations("public/auth/register.html", **params) elif request.method == "POST": email_address = request.form.get("registration-email") first_name = request.form.get("registration-first-name") last_name = request.form.get("registration-last-name") if email_address and first_name and last_name: success, user, message = User.create(email_address=email_address, first_name=first_name, last_name=last_name) if success: # send magic login link locale = get_locale( ) # get the language that the user currently uses on the website success, message = User.send_magic_login_link( email_address=email_address, locale=locale) if success: return render_template_with_translations( "public/auth/register_success.html", **params) else: return abort(403, description=message) else: params["register_error_message"] = message return render_template_with_translations( "public/auth/register_error.html", **params)
def reset_password_enter_email(**params): if request.method == "GET": return render_template_with_translations( "public/auth/reset_password_enter_email.html", **params) elif request.method == "POST": email_address = request.form.get("reset-password-email") locale = get_locale( ) # get the language that the user currently uses on the website success, message = User.password_reset_link_send( email_address=email_address, locale=locale) if success: # Delete the current session cookie (if it exists) response = make_response( render_template_with_translations( "public/auth/reset_password_link_sent.html", **params)) # on localhost don't make the cookie secure and http-only (but on production it should be) cookie_secure_httponly = False if not is_local(): cookie_secure_httponly = True # set the session cookie value to an empty value which effectively "deletes" it response.set_cookie(key="my-web-app-session", value="", secure=cookie_secure_httponly, httponly=cookie_secure_httponly) return response else: return abort(403, description=message)
def init(**params): """Initialize the web app if there's no admin user yet. This is only needed once.""" # find a user with admin privileges - if such user exists, the web app is already initialized if User.is_there_any_admin(): return "The web app has already been initialized. <a href='/'>Return back to index</a>." # else proceed with initialization if request.method == "GET": params["app_settings"] = AppSettings.get() return render_template_with_translations("public/auth/init.html", **params) elif request.method == "POST": sendgrid_api_key = request.form.get("init-sendgrid") email_address = request.form.get("init-email") if email_address and sendgrid_api_key: AppSettings.update(sendgrid_api_key=sendgrid_api_key) User.create(email_address=email_address, admin=True) return render_template_with_translations( "public/auth/init_success.html", **params) else: return abort(403)
def reset_password_enter_password(token, **params): if request.method == "GET": success, result = User.password_reset_token_validate(reset_token=token) if success: return render_template_with_translations( "public/auth/reset_password_enter_password.html", **params) else: return abort(403, description=result) elif request.method == "POST": new_password = request.form.get("reset-password-new-password") repeat_password = request.form.get("reset-password-repeat-password") if new_password == repeat_password: success, result = User.password_reset(reset_token=token, password=new_password) if success: return render_template_with_translations( "public/auth/reset_password_success.html", **params) else: return abort(403, description=result) else: return abort( 403, description="Passwords that you've entered don't match.")
def send_email(recipient_email, email_template, email_params, email_subject, sender_email=None, sender_name=None, unsubscribe_group=None, attachment_content_b64=None, attachment_filename=None, attachment_filetype=None): if not sender_email: sender_email = os.environ.get("MY_APP_EMAIL") # set this in app.yaml if not sender_name: sender_name = os.environ.get("MY_APP_NAME") # set this in app.yaml # send web app URL data by default to every email template if is_local(): email_params["app_root_url"] = "http://localhost:8080" else: email_params["app_root_url"] = os.environ.get("MY_APP_URL") # set this in app.yaml email_params["my_app_name"] = os.environ.get("MY_APP_NAME") # render the email HTML body email_body = render_template_with_translations(email_template, **email_params) # params sent to the background task payload = {"recipient_email": recipient_email, "email_subject": email_subject, "sender_email": sender_email, "email_body": email_body, "unsubscribe_group": unsubscribe_group, "sender_name": sender_name, "attachment_content_b64": attachment_content_b64, "attachment_filename": attachment_filename, "attachment_filetype": attachment_filetype} run_background_task(relative_path=url_for("tasks.send_email_task.send_email_via_sendgrid"), payload=payload, queue="email", project=os.environ.get("GOOGLE_CLOUD_PROJECT"), location=os.environ.get("MY_GAE_REGION"))
def login_password(**params): # Rok: logging with password if request.method == "GET": return render_template_with_translations("public/auth/login.html", **params) elif request.method == "POST": login_password = request.form.get("login-password") if User.suspended == login_password: # checking if current logging user is suspended return "You can't login because you are suspended by administrator." locale = get_locale() # locale ne vem kako bi ga vključil nazaj; get the language that the user currently uses on the website success, message = User.login_password(password=login_password) if success: return render_template_with_translations("public/auth/login-magic-link-sent.html", **params) else: return abort(403, description=message)
def login_via_password(**params): if request.method == "GET": return render_template_with_translations( "public/auth/login_password.html", **params) elif request.method == "POST": email_address = request.form.get("login-email") password = request.form.get("login-password") success, result = User.validate_password_login( email_address=email_address, password=password, request=request) if success: # result is session token, store it in a cookie # prepare a response and then store the token in a cookie response = make_response( redirect(url_for("profile.main.my_details"))) # on localhost don't make the cookie secure and http-only (but on production it should be) cookie_secure_httponly = False if not is_local(): cookie_secure_httponly = True # store the token in a cookie response.set_cookie(key="my-web-app-session", value=result, secure=cookie_secure_httponly, httponly=cookie_secure_httponly) return response else: # result is an error message return abort(403, description=result)
def login(**params): if request.method == "GET": return render_template_with_translations("public/auth/login.html", **params) elif request.method == "POST": email_address = request.form.get("login-email") if User.suspended == email_address: # Rok: checking if current logging user is suspended return "You can't login because you are suspended by administrator." locale = get_locale() # get the language that the user currently uses on the website success, message = User.send_magic_login_link(email_address=email_address, locale=locale) if success: return render_template_with_translations("public/auth/login-magic-link-sent.html", **params) else: return abort(403, description=message)
def login(**params): if request.method == "GET": return render_template_with_translations("public/auth/login.html", **params) elif request.method == "POST": email_address = request.form.get("login-email") locale = get_locale( ) # get the language that the user currently uses on the website success, message = User.send_magic_login_link( email_address=email_address, locale=locale) if success: return render_template_with_translations( "public/auth/login-magic-link-sent.html", **params) else: return abort(403, description=message)
def change_email_post(**params): email_address = request.form.get("email-address") user = params["user"] if email_address: success, result = User.user_change_own_email( user=user, new_email_address=email_address) if success: # note that when the user clicks on the link in the received email, it will be processed by a handler in # handlers/public/auth/ return render_template_with_translations( "profile/main/change_email_check_inbox.html", **params) else: return abort(403, description=result) else: return abort(403, description="Please enter a new email address.")
def users_list(**params): cursor_arg = request.args.get('cursor') if cursor_arg: cursor = Cursor(urlsafe=cursor_arg.encode()) else: cursor = None params["users"], params["next_cursor"], params["more"] = User.fetch(limit=10, cursor=cursor) if not cursor_arg: # normal browser get request return render_template_with_translations("admin/users/list.html", **params) else: # get request via JavaScript script: admin-load-more-users.js users_dicts = [] for user in params["users"]: users_dicts.append({"get_id": user.get_id, "email_address": user.email_address, "created": user.created, "first_name": user.first_name, "last_name": user.last_name, "admin": user.admin}) return json.dumps({"users": users_dicts, "next_cursor": params["next_cursor"], "more": params["more"]}, default=str) # default=str helps to avoid issues with datetime (converts datetime to str)
def user_edit_get(user_id, **params): params["selected_user"] = User.get_user_by_id(user_id) return render_template_with_translations("admin/users/edit.html", **params)
def change_email_get(**params): if request.method == "GET": return render_template_with_translations( "profile/main/change_email.html", **params)
def my_details(**params): if request.method == "GET": return render_template_with_translations( "profile/main/my_details.html", **params)
def edit_profile_get(**params): return render_template_with_translations("profile/main/edit_profile.html", **params)
def sessions_list(**params): if request.method == "GET": return render_template_with_translations("profile/sessions/sessions_list.html", **params)
def index(**params): return render_template_with_translations("public/main/index.html", **params)
def index(**params): return render_template_with_translations( "public/business_users/index.html", **params)
def index(**params): return render_template_with_translations( "public/sports_providers/index.html", **params)
def del_user(): # Rok: admin deletes (marks as delete) user from database delete = request.get("user-delete") User.delete(user=delete, permanently=False) return render_template_with_translations("admin/users/list.html")