def tfa_generate_recovery_codes_verify_password_post_(request): userid, status = login.authenticate_bcrypt(define.get_display_name(request.userid), request.params['password'], request=None) # The user's password failed to authenticate if status == "invalid": return Response(define.webpage( request.userid, "control/2fa/generate_recovery_codes_verify_password.html", ["password"], title="Generate Recovery Codes: Verify Password" )) # The user has authenticated, so continue with generating the new recovery codes. else: # Edge case prevention: Stop the user from having two Weasyl sessions open and trying # to proceed through the generation process with two sets of recovery codes. invalidate_other_sessions(request.userid) # Edge case prevention: Do we have existing (and recent) codes on this session? Prevent # a user from confusing themselves if they visit the request page twice. sess = request.weasyl_session gen_rec_codes = True if '2fa_recovery_codes_timestamp' in sess.additional_data: # Are the codes on the current session < 30 minutes old? tstamp = sess.additional_data['2fa_recovery_codes_timestamp'] if arrow.now().timestamp - tstamp < 1800: # We have recent codes on the session, use them instead of generating fresh codes. recovery_codes = sess.additional_data['2fa_recovery_codes'].split(',') gen_rec_codes = False if gen_rec_codes: # Either this is a fresh request to generate codes, or the timelimit was exceeded. recovery_codes = tfa.generate_recovery_codes() _set_recovery_codes_on_session(','.join(recovery_codes)) return Response(define.webpage(request.userid, "control/2fa/generate_recovery_codes.html", [ recovery_codes, None ], title="Generate Recovery Codes: Save New Recovery Codes"))
def tfa_init_verify_post_(request): # Extract parameters from the form verify_checkbox = 'verify' in request.params tfasecret = _get_totp_code_from_session() tfaresponse = request.params['tfaresponse'] tfarecoverycodes = _get_recovery_codes_from_session() # Does the user want to proceed with enabling 2FA? if verify_checkbox and tfa.store_recovery_codes(request.userid, tfarecoverycodes): # Strip any spaces from the TOTP code (some authenticators display the digits like '123 456') tfaresponse = request.params['tfaresponse'].replace(' ', '') # TOTP+2FA Secret validates (activate & redirect to status page) if tfa.activate(request.userid, tfasecret, tfaresponse): # Invalidate all other login sessions invalidate_other_sessions(request.userid) # Clean up the stored session variables _cleanup_session() raise HTTPSeeOther(location="/control/2fa/status") # TOTP+2FA Secret did not validate else: return Response(define.webpage(request.userid, "control/2fa/init_verify.html", [ tfarecoverycodes.split(','), "2fa" ], title="Enable 2FA: Final Step")) # The user didn't check the verification checkbox (despite HTML5's client-side check); regenerate codes & redisplay elif not verify_checkbox: return Response(define.webpage(request.userid, "control/2fa/init_verify.html", [ tfarecoverycodes.split(','), "verify" ], title="Enable 2FA: Final Step"))
def tfa_generate_recovery_codes_post_(request): # Extract parameters from the form verify_checkbox = 'verify' in request.params tfaresponse = request.params['tfaresponse'] tfarecoverycodes = _get_recovery_codes_from_session() # Does the user want to save the new recovery codes? if verify_checkbox: if tfa.verify(request.userid, tfaresponse, consume_recovery_code=False): if tfa.store_recovery_codes(request.userid, tfarecoverycodes): # Clean up the stored session variables _cleanup_session() # Successfuly stored new recovery codes. raise HTTPSeeOther(location="/control/2fa/status") else: # Recovery code string was corrupted or otherwise altered. raise WeasylError("Unexpected") else: return Response(define.webpage(request.userid, "control/2fa/generate_recovery_codes.html", [ tfarecoverycodes.split(','), "2fa" ], title="Generate Recovery Codes: Save New Recovery Codes")) elif not verify_checkbox: return Response(define.webpage(request.userid, "control/2fa/generate_recovery_codes.html", [ tfarecoverycodes.split(','), "verify" ], title="Generate Recovery Codes: Save New Recovery Codes"))
def admin_render_page(template_path, args=()): userid = d.get_userid() status = d.common_status_check(userid) if status: return d.common_status_page(userid, status) elif not userid: return d.webpage(userid) elif userid not in staff.ADMINS: return d.webpage(userid, errorcode.permission) else: return d.webpage(userid, template_path, args)
def manage_alias_get_(request): status = define.common_status_check(request.userid) if status: return Response(define.common_status_page(request.userid, status)) elif not request.userid: return Response(define.webpage(request.userid)) return Response(define.webpage(request.userid, "manage/alias.html", [ # Alias useralias.select(request.userid), ]))
def GET(self): status = define.common_status_check(self.user_id) if status: return define.common_status_page(self.user_id, status) elif not self.user_id: return define.webpage(self.user_id) return define.webpage(self.user_id, "manage/alias.html", [ # Alias useralias.select(self.user_id), ])
def manage_friends_(request): form = request.web_input(feature="", backid="", nextid="") form.backid = define.get_int(form.backid) form.nextid = define.get_int(form.nextid) if form.feature == "pending": return Response(define.webpage(request.userid, "manage/friends_pending.html", [ frienduser.select_requests(request.userid, 20, backid=form.backid, nextid=form.nextid), ])) else: return Response(define.webpage(request.userid, "manage/friends_accepted.html", [ # Friends frienduser.select_accepted(request.userid, 20, backid=form.backid, nextid=form.nextid), ]))
def GET(self): form = web.input(feature="", backid="", nextid="") form.backid = define.get_int(form.backid) form.nextid = define.get_int(form.nextid) if form.feature == "pending": return define.webpage(self.user_id, "manage/friends_pending.html", [ frienduser.select_requests(self.user_id, 20, backid=form.backid, nextid=form.nextid), ]) else: return define.webpage(self.user_id, "manage/friends_accepted.html", [ # Friends frienduser.select_accepted(self.user_id, 20, backid=form.backid, nextid=form.nextid), ])
def signin_2fa_auth_get_(request): sess = define.get_weasyl_session() # Only render page if the session exists //and// the password has # been authenticated (we have a UserID stored in the session) if not sess.additional_data or '2fa_pwd_auth_userid' not in sess.additional_data: return Response(define.errorpage(request.userid, errorcode.permission)) tfa_userid = sess.additional_data['2fa_pwd_auth_userid'] # Maximum secondary authentication time: 5 minutes session_life = arrow.now( ).timestamp - sess.additional_data['2fa_pwd_auth_timestamp'] if session_life > 300: _cleanup_2fa_session() return Response( define.errorpage( request.userid, errorcode. error_messages['TwoFactorAuthenticationAuthenticationTimeout'], [["Sign In", "/signin"], ["Return to the Home Page", "/"]])) else: ref = request.params["referer"] if "referer" in request.params else "/" return Response( define.webpage( request.userid, "etc/signin_2fa_auth.html", [ define.get_display_name(tfa_userid), ref, two_factor_auth.get_number_of_recovery_codes(tfa_userid), None ], title="Sign In - 2FA"))
def site_update_edit_(request): updateid = int(request.matchdict['update_id']) update = SiteUpdate.query.get_or_404(updateid) return Response( d.webpage(request.userid, "admincontrol/siteupdate.html", (update, ), title="Edit Site Update"))
def admincontrol_finduser_post_(request): row_offset = int(request.params.get('row_offset', 0)) # Redirect negative row offsets (PSQL errors on negative offset values) if row_offset < 0: raise HTTPSeeOther("/admincontrol/finduser") form = { 'targetid': request.params.get('targetid', ''), 'username': request.params.get('username', '').strip(), 'email': request.params.get('email', '').strip(), 'excludebanned': request.params.get('excludebanned', ''), 'excludesuspended': request.params.get('excludesuspended', ''), 'excludeactive': request.params.get('excludeactive', ''), 'dateafter': request.params.get('dateafter', ''), 'datebefore': request.params.get('datebefore', ''), 'ipaddr': request.params.get('ipaddr', ''), 'row_offset': row_offset, } return Response( d.webpage( request.userid, "admincontrol/finduser.html", [ # Search results moderation.finduser(**form), # Pass the form and row offset in to enable pagination form, row_offset ], title="Search Users: Results"))
def manage_thumbnail_get_(request): form = request.web_input(submitid="", charid="", auto="") submitid = define.get_int(form.submitid) charid = define.get_int(form.charid) if submitid and request.userid not in staff.ADMINS and request.userid != define.get_ownerid(submitid=submitid): return Response(define.errorpage(request.userid, errorcode.permissions)) elif charid and request.userid not in staff.ADMINS and request.userid != define.get_ownerid(charid=charid): return Response(define.errorpage(request.userid, errorcode.permissions)) elif not submitid and not charid: return Response(define.errorpage(request.userid)) if charid: source_path = define.url_make(charid, "char/.thumb", root=True) if os.path.exists(source_path): source = define.url_make(charid, "char/.thumb") else: source = define.url_make(charid, "char/cover") else: try: source = thumbnail.thumbnail_source(submitid)['display_url'] except WeasylError: source = None return Response(define.webpage(request.userid, "manage/thumbnail.html", [ # Feature "submit" if submitid else "char", # Targetid define.get_targetid(submitid, charid), # Thumbnail source, # Exists bool(source), ], options=['imageselect'], title="Select Thumbnail"))
def control_username_get_(request): latest_change = define.engine.execute( "SELECT username, active, extract(epoch from now() - replaced_at)::int8 AS seconds" " FROM username_history" " WHERE userid = %(user)s" " AND NOT cosmetic" " ORDER BY historyid DESC LIMIT 1", user=request.userid, ).first() if latest_change is None: existing_redirect = None days = None else: existing_redirect = latest_change.username if latest_change.active else None days = latest_change.seconds // (3600 * 24) return Response( define.webpage( request.userid, "control/username.html", (define.get_display_name(request.userid), existing_redirect, days if days is not None and days < 30 else None), title="Change Username", ))
def POST(self): form = web.input(username="", password="", referer="", sfwmode="nsfw") form.referer = form.referer or '/index' logid, logerror = login.authenticate_bcrypt(form.username, form.password) if logid and logerror == 'unicode-failure': raise web.seeother('/signin/unicode-failure') elif logid and logerror is None: if form.sfwmode == "sfw": web.setcookie("sfwmode", "sfw", 31536000) raise web.seeother(form.referer) elif logerror == "invalid": return define.webpage(self.user_id, template.etc_signin, [True, form.referer]) elif logerror == "banned": reason = moderation.get_ban_reason(logid) return define.errorpage( self.user_id, "Your account has been permanently banned and you are no longer allowed " "to sign in.\n\n%s\n\nIf you believe this ban is in error, please " "contact [email protected] for assistance." % (reason,)) elif logerror == "suspended": suspension = moderation.get_suspension(logid) return define.errorpage( self.user_id, "Your account has been temporarily suspended and you are not allowed to " "be logged in at this time.\n\n%s\n\nThis suspension will be lifted on " "%s.\n\nIf you believe this suspension is in error, please contact " "[email protected] for assistance." % (suspension.reason, define.convert_date(suspension.release))) elif logerror == "address": return "IP ADDRESS TEMPORARILY BLOCKED" return define.errorpage(self.user_id)
def edit_submission_get_(request): form = request.web_input(submitid="", anyway="") form.submitid = define.get_int(form.submitid) detail = submission.select_view(request.userid, form.submitid, ratings.EXPLICIT.code, False, anyway=form.anyway) if request.userid != detail['userid'] and request.userid not in staff.MODS: return Response(define.errorpage(request.userid, errorcode.permission)) submission_category = detail['subtype'] // 1000 * 1000 return Response( define.webpage( request.userid, "edit/submission.html", [ # Submission detail detail, # Folders folder.select_list(detail['userid'], "drop/all"), # Subtypes [ i for i in macro.MACRO_SUBCAT_LIST if submission_category <= i[0] < submission_category + 1000 ], profile.get_user_ratings(detail['userid']), ], title="Edit Submission"))
def tfa_generate_recovery_codes_verify_password_get_(request): return Response(define.webpage( request.userid, "control/2fa/generate_recovery_codes_verify_password.html", [None], title="Generate Recovery Codes: Verify Password" ))
def POST(self): form = web.input(userid="", username="", email="") return define.webpage(self.user_id, "modcontrol/finduser.html", [ # Search results moderation.finduser(self.user_id, form) ])
def GET(self): return define.webpage(self.user_id, "manage/tagfilters.html", [ # Blocked tags blocktag.select(self.user_id), # filterable ratings profile.get_user_ratings(self.user_id), ])
def tfa_generate_recovery_codes_verify_password_get_(request): return Response(define.webpage( request.userid, "control/2fa/generate_recovery_codes_verify_password.html", [None], title="Generate Recovery Codes: Verify Password" ))
def followed_(request): form = request.web_input(userid="", name="", backid=None, nextid=None) form.name = request.matchdict.get('name', form.name) form.userid = define.get_int(form.userid) otherid = profile.resolve(request.userid, form.userid, form.name) if not otherid: raise WeasylError("userRecordMissing") elif not request.userid and "h" in define.get_config(otherid): raise WeasylError('noGuests') userprofile = profile.select_profile(otherid, viewer=request.userid) return Response( define.webpage( request.userid, "user/followed.html", [ # Profile information userprofile, # User information profile.select_userinfo(otherid, config=userprofile['config']), # Relationship profile.select_relation(request.userid, otherid), # Followed followuser.select_followed(request.userid, otherid, limit=44, backid=define.get_int(form.backid), nextid=define.get_int(form.nextid)), ]))
def manage_ignore_(request): return Response( define.webpage(request.userid, "manage/ignore.html", [ ignoreuser.select(request.userid), ], title="Ignored Users"))
def control_tagrestrictions_get_(request): return Response( define.webpage( request.userid, "control/edit_tagrestrictions.html", (sorted(searchtag.query_user_restricted_tags(request.userid)), ), title="Edit Community Tagging Restrictions"))
def collection_options_get_(request): jsonb_settings = define.get_profile_settings(request.userid) form_settings = { "allow_request": jsonb_settings.allow_collection_requests, "allow_notification": jsonb_settings.allow_collection_notifs, } return Response(define.webpage(request.userid, "manage/collection_options.html", [form_settings], title="Collection Options"))
def POST(self): userid = d.get_userid() status = d.common_status_check(userid) if status: return d.common_status_page(userid, status) elif not userid: return d.webpage(userid) elif userid not in staff.MODS: return d.webpage(userid, d.errorcode.permission) form = web.input(title="", content="") create(userid, form) raise web.seeother("/admincontrol")
def admincontrol_finduser_post_(request): form = request.web_input(userid="", username="", email="", excludebanned="", excludesuspended="", excludeactive="", dateafter="", datebefore="", row_offset=0, ipaddr="") # Redirect negative row offsets (PSQL errors on negative offset values) if int(form.row_offset) < 0: raise HTTPSeeOther("/admincontrol/finduser") return Response( d.webpage( request.userid, "admincontrol/finduser.html", [ # Search results moderation.finduser(request.userid, form), # Pass the form and row offset in to enable pagination form, int(form.row_offset) ], title="Search Users: Results"))
def submit_character_get_(request): return Response( define.webpage(request.userid, "submit/character.html", [ profile.get_user_ratings(request.userid), ], title="Character Profile"))
def signin_post_(request): form = request.web_input(username="", password="", referer="", sfwmode="nsfw") form.referer = form.referer or '/' logid, logerror = login.authenticate_bcrypt(form.username, form.password) if logid and logerror == 'unicode-failure': raise HTTPSeeOther(location='/signin/unicode-failure') elif logid and logerror is None: if form.sfwmode == "sfw": request.set_cookie_on_response("sfwmode", "sfw", 31536000) # Invalidate cached versions of the frontpage to respect the possibly changed SFW settings. index.template_fields.invalidate(logid) raise HTTPSeeOther(location=form.referer) elif logerror == "invalid": return Response(define.webpage(request.userid, "etc/signin.html", [True, form.referer])) elif logerror == "banned": reason = moderation.get_ban_reason(logid) return Response(define.errorpage( request.userid, "Your account has been permanently banned and you are no longer allowed " "to sign in.\n\n%s\n\nIf you believe this ban is in error, please " "contact [email protected] for assistance." % (reason,))) elif logerror == "suspended": suspension = moderation.get_suspension(logid) return Response(define.errorpage( request.userid, "Your account has been temporarily suspended and you are not allowed to " "be logged in at this time.\n\n%s\n\nThis suspension will be lifted on " "%s.\n\nIf you believe this suspension is in error, please contact " "[email protected] for assistance." % (suspension.reason, define.convert_date(suspension.release)))) elif logerror == "address": return Response("IP ADDRESS TEMPORARILY BLOCKED") return Response(define.errorpage(request.userid))
def followed_(request): cachename = "user/followed.html" form = request.web_input(userid="", name="", backid=None, nextid=None) form.name = request.matchdict.get('name', form.name) form.userid = define.get_int(form.userid) otherid = profile.resolve(request.userid, form.userid, form.name) if not otherid: raise WeasylError("userRecordMissing") elif not request.userid and "h" in define.get_config(otherid): return Response(define.errorpage(request.userid, errorcode.no_guest_access)) userprofile = profile.select_profile(otherid, images=True, viewer=request.userid) return Response(define.webpage(request.userid, cachename, [ # Profile information userprofile, # User information profile.select_userinfo(otherid, config=userprofile['config']), # Relationship profile.select_relation(request.userid, otherid), # Followed followuser.select_followed(request.userid, otherid, limit=44, backid=define.get_int(form.backid), nextid=define.get_int(form.nextid)), ]))
def help_reports_(request): return Response( define.webpage(request.userid, "help/reports.html", [ report.select_reported_list(request.userid), ], title="My Reports"))
def site_update_(request): updateid = int(request.matchdict['update_id']) update = SiteUpdate.query.get_or_404(updateid) myself = profile.select_myself(request.userid) comments = comment.select(request.userid, updateid=updateid) return Response(define.webpage(request.userid, 'etc/site_update.html', (myself, update, comments), title="Site Update"))
def GET(self): extras = { "title": "Streaming", } rating = define.get_rating(self.user_id) return define.webpage(self.user_id, 'etc/streaming.html', [profile.select_streaming(self.user_id, rating, 300, order_by="start_time desc")], **extras)
def help_verification_(request): username = define.get_display_name(request.userid) return Response( define.webpage(request.userid, "help/verification.html", [username], title="Account Verification"))
def GET(self, name=""): cachename = "user/followed.html" form = web.input(userid="", name="", backid=None, nextid=None) form.name = name if name else form.name form.userid = define.get_int(form.userid) otherid = profile.resolve(self.user_id, form.userid, form.name) if not otherid: raise WeasylError("userRecordMissing") elif not self.user_id and "h" in define.get_config(otherid): return define.errorpage(self.user_id, errorcode.no_guest_access) userprofile = profile.select_profile(otherid, images=True, viewer=self.user_id) return define.webpage(self.user_id, cachename, [ # Profile information userprofile, # User information profile.select_userinfo(otherid, config=userprofile['config']), # Relationship profile.select_relation(self.user_id, otherid), # Followed followuser.select_followed(self.user_id, otherid, limit=44, backid=define.get_int(form.backid), nextid=define.get_int(form.nextid)), ])
def submit_character_get_(request): if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") return Response(define.webpage(request.userid, "submit/character.html", [ profile.get_user_ratings(request.userid), ], title="Character Profile"))
def GET(self): jsonb_settings = define.get_profile_settings(self.user_id) form_settings = { "allow_request": jsonb_settings.allow_collection_requests, "allow_notification": jsonb_settings.allow_collection_notifs, } return define.webpage(self.user_id, "manage/collection_options.html", [form_settings])
def admincontrol_finduser_post_(request): form = request.web_input(userid="", username="", email="") return Response(d.webpage(request.userid, "admincontrol/finduser.html", [ # Search results moderation.finduser(request.userid, form) ], title="Search Users: Results"))
def POST(self): userid = d.get_userid() status = d.common_status_check(userid) if status: return d.common_status_page(userid, status) elif not userid: return d.webpage(userid) elif userid not in staff.MODS: return d.webpage(userid, d.errorcode.permission) form = web.input(title="", content="") create(userid, form) raise web.seeother("/admincontrol")
def control_editemailpassword_get_(request): return Response(define.webpage( request.userid, "control/edit_emailpassword.html", [profile.select_manage(request.userid)["email"]], title="Edit Password and Email Address" ))
def collection_options_get_(request): jsonb_settings = define.get_profile_settings(request.userid) form_settings = { "allow_request": jsonb_settings.allow_collection_requests, "allow_notification": jsonb_settings.allow_collection_notifs, } return Response(define.webpage(request.userid, "manage/collection_options.html", [form_settings], title="Collection Options"))
def manage_tagfilters_get_(request): return Response(define.webpage(request.userid, "manage/tagfilters.html", [ # Blocked tags blocktag.select(request.userid), # filterable ratings profile.get_user_ratings(request.userid), ]))
def control_editprofile_put_(request): form = request.web_input( full_name="", catchphrase="", profile_text="", set_commish="", set_trade="", set_request="", set_stream="", stream_url="", stream_text="", show_age="", gender="", country="", profile_display="", site_names=[], site_values=[]) if len(form.site_names) != len(form.site_values): raise WeasylError('Unexpected') if 'more' in form: form.sorted_user_links = [(name, [value]) for name, value in zip(form.site_names, form.site_values)] form.settings = form.set_commish + form.set_trade + form.set_request form.config = form.profile_display return Response(define.webpage(request.userid, "control/edit_profile.html", [form, form])) p = orm.Profile() p.full_name = form.full_name p.catchphrase = form.catchphrase p.profile_text = form.profile_text set_trade = profile.get_exchange_setting(profile.EXCHANGE_TYPE_TRADE, form.set_trade) set_request = profile.get_exchange_setting(profile.EXCHANGE_TYPE_REQUEST, form.set_request) set_commission = profile.get_exchange_setting(profile.EXCHANGE_TYPE_COMMISSION, form.set_commish) profile.edit_profile(request.userid, p, set_trade=set_trade, set_request=set_request, set_commission=set_commission, profile_display=form.profile_display) profile.edit_userinfo(request.userid, form) raise HTTPSeeOther(location="/control")
def notes_compose_get_(request): form = request.web_input(recipient="") return Response(define.webpage(request.userid, "note/compose.html", [ # Recipient form.recipient.strip(), profile.select_myself(request.userid), ]))
def manage_friends_(request): feature = request.params.get("feature") if feature == "pending": return Response( define.webpage(request.userid, "manage/friends_pending.html", [ frienduser.select_requests(request.userid), ], title="Pending Friend Requests")) else: return Response( define.webpage(request.userid, "manage/friends_accepted.html", [ frienduser.select_accepted(request.userid), ], title="Friends"))
def GET(self): form = web.input(recipient="") return define.webpage(self.user_id, "note/compose.html", [ # Recipient form.recipient.strip(), profile.select_myself(self.user_id), ])
def manage_ignore_(request): form = request.web_input(feature="", backid="", nextid="") form.backid = define.get_int(form.backid) form.nextid = define.get_int(form.nextid) return Response(define.webpage(request.userid, "manage/ignore.html", [ ignoreuser.select(request.userid, 20, backid=form.backid, nextid=form.nextid), ]))
def control_editprofile_get_(request): userinfo = profile.select_userinfo(request.userid) return Response(define.webpage(request.userid, "control/edit_profile.html", [ # Profile profile.select_profile(request.userid, commish=False), # User information userinfo, ]))
def manage_ignore_(request): form = request.web_input(feature="", backid="", nextid="") form.backid = define.get_int(form.backid) form.nextid = define.get_int(form.nextid) return Response(define.webpage(request.userid, "manage/ignore.html", [ ignoreuser.select(request.userid, 20, backid=form.backid, nextid=form.nextid), ], title="Ignored Users"))
def control_editprofile_get_(request): userinfo = profile.select_userinfo(request.userid) return Response(define.webpage(request.userid, "control/edit_profile.html", [ # Profile profile.select_profile(request.userid, commish=False), # User information userinfo, ], title="Edit Profile"))
def control_editfolder_get_(request): folderid = int(request.matchdict['folderid']) if not folder.check(request.userid, folderid): return Response(define.errorpage(request.userid, errorcode.permission)) return Response(define.webpage(request.userid, "manage/folder_options.html", [ folder.select_info(folderid), ], title="Edit Folder Options"))
def signin_get_(request): return Response( define.webpage(request.userid, "etc/signin.html", [ False, request.environ.get('HTTP_REFERER', ''), ], title="Sign In"))
def modcontrol_suspenduser_get_(request): return Response( define.webpage( request.userid, "modcontrol/suspenduser.html", [moderation.BAN_TEMPLATES, json.dumps(moderation.BAN_TEMPLATES)], title="User Suspensions"))
def tfa_status_get_(request): return Response( define.webpage(request.userid, "control/2fa/status.html", [ tfa.is_2fa_enabled(request.userid), tfa.get_number_of_recovery_codes(request.userid) ], title="2FA Status"))
def control_editfolder_get_(request): folderid = int(request.matchdict['folderid']) if not folder.check(request.userid, folderid): return Response(define.errorpage(request.userid, errorcode.permission)) return Response(define.webpage(request.userid, "manage/folder_options.html", [ folder.select_info(folderid), ]))
def control_editcommissionsettings_(request): return Response(define.webpage(request.userid, "control/edit_commissionsettings.html", [ # Commission prices commishinfo.select_list(request.userid), commishinfo.CURRENCY_CHARMAP, commishinfo.PRESET_COMMISSION_CLASSES, profile.select_profile(request.userid) ], title="Edit Commission Settings"))
def GET(self): return define.webpage( self.user_id, "control/edit_commissionprices.html", [ # Commission prices commishinfo.select_list(self.user_id), ])
def submit_literary_get_(request): return Response(define.webpage(request.userid, "submit/literary.html", [ # Folders folder.select_list(request.userid, "drop/all"), # Subtypes [i for i in macro.MACRO_SUBCAT_LIST if 2000 <= i[0] < 3000], profile.get_user_ratings(request.userid), ]))
def GET(self, folderid): folderid = int(folderid) if not folder.check(self.user_id, folderid): return define.errorpage(self.user_id, errorcode.permission) return define.webpage(self.user_id, "manage/folder_options.html", [ folder.select_info(folderid), ])
def control_apikeys_get_(request): return Response( define.webpage(request.userid, "control/edit_apikeys.html", [ api.get_api_keys(request.userid), oauth2.get_consumers_for_user(request.userid), ], title="API Keys"))
def GET(self): return define.webpage( self.user_id, "control/control.html", [ # Premium define.get_premium(self.user_id), ])
def GET(self): return define.webpage( self.user_id, "manage/folders.html", [ # Folders dropdown folder.select_list(self.user_id, "drop/all"), ])