def set(self, environ, params):
try:
Controller().checkToken()
req = Controller().getRequest()
router = Controller().getRouter()
u = UserFactory.get(params["uid"])
if not u:
output.error("user not found", 404)
cT = req.headers["Content-Type"] or "application/octet-stream"
blobId = BlobFactory.getBlobIds(user=params["uid"], release="published", type="avatar")
if not len(blobId):
blobId = BlobFactory.insert("avatar", "published", req.body, cT, user=params["uid"])
else:
blobId = blobId[0]
BlobFactory.update(blobId, "avatar", "published", req.body, cT, user=params["uid"])
UserFactory.setAvatar(u.uid, True)
resultUrl = router.getRoute(
"graph.Blob.fetch", {"version": params["version"], "bid": str(blobId), "release": "published"}
)
output.success({"url": resultUrl, "blobId": str(blobId)}, 201)
except Error:
pass
return Controller().getResponse(True)
def save(self, environ, params):
try:
req = Controller().getRequest()
router = Controller().getRouter()
a = ActivityFactory.get(params['rid'])
if not a:
output.error('activity not found', 404)
cT = req.headers['Content-Type'] or 'application/octet-stream'
blobId = BlobFactory.insert(
'attachments',
'draft',
req.body,
cT,
activity=params['rid']
)
resultUrl = router.getRoute('graph.Blob.fetch', {
'version': params['version'],
'bid': str(blobId),
'release': 'draft'
})
output.success({
'url': resultUrl,
'blobId': str(blobId)
}, 201)
except Error:
pass
return Controller().getResponse(True)
def set(self, environ, params):
try:
Controller().checkToken()
#relation = Controller().getRelation()
me = Controller().getUid()
if Controller().getApiType() != 1:
output.error(
'#ApiKeyUnauthorized : none of your business', 403)
# if relation != 2:
# output.error('#UserUnauthorized : none of your business', 403)
data = Controller().getPostJson()
if not data:
output.error('bad json format', 400)
Db().get('settings').update({'uid': me}, {
'datas': data,
'uid': me,
'updated': datetime.datetime.utcnow()
}, True)
#Let's flush a few stuff
#FlushRequest().request('users.Settings.[get]', {'uid': me})
output.success('settings updated', 200)
except Error:
pass
return Controller().getResponse(True)
def update(self, environ, params):
try:
req = Controller().getRequest()
router = Controller().getRouter()
b = BlobFactory.get(params['bid'])
if not b:
output.error('blob not found', 404)
cT = req.headers['Content-Type'] or 'application/octet-stream'
BlobFactory.update(
params['bid'],
b.type,
'draft',
req.body,
cT,
activity=b.activity
)
resultUrl = router.getRoute('graph.Blob.fetch', {
'version': params['version'],
'bid': params['bid'],
'release': 'draft'
})
output.success({
'url': resultUrl,
'blobId': params['bid']
}, 202)
except Error:
pass
return Controller().getResponse(True)
def get(self, key):
try:
data = None
data = storage.Memcache().get(key, 'access')
except Exception:
pass
if not data:
try:
storage.Db().get('auth_access').ensure_index(
[('key', storage.ASCENDING)],
{'unique': True, 'background': True}
)
data = storage.Db().get('auth_access').find_one({"key": key})
storage.Memcache().set(key, data, 'access')
except storage.DbError:
output.error('cannot access db', 503)
except:
pass
if not data:
return None
return ApiKey(**data)
def update(self, environ, params):
try:
req = app.Controller().getRequest()
uid = req.POST.get("uid")
login = req.POST.get("login")
password = req.POST.get("password")
if not uid or not login or not password:
output.error("invalid format", 400)
login = login.lower()
user = users.Factory.get(login)
if (not user) or (user.uid != uid):
output.error("unknown acess", 404)
user.setDigest(password)
storage.Db().get("auth_users").update({"login": login, "uid": uid}, user)
storage.Memcache().delete(login, "auth")
output.success("user updated", 200)
except app.Error:
pass
return app.Controller().getResponse(True)
def create(self, environ, params):
try:
req = app.Controller().getRequest()
keyid = req.POST.get('keyid')
isAdmin = req.POST.get('xxxadmin')
hosts = req.POST.get('hosts').split(',')
secret = req.POST.get('secret')
if not keyid:
output.error('invalid format', 400)
exists = access.KeyFactory().get(keyid)
if exists:
output.error('already exists', 403)
apiKey = access.ApiKey()
apiKey.key = keyid
apiKey.hosts = hosts
if not secret:
apiKey.generateSecret()
else:
apiKey.secret = secret
if isAdmin:
apiKey.admin = True
access.KeyFactory().new(apiKey)
output.success(apiKey.secret, 201)
except app.Error:
pass
return app.Controller().getResponse(True)
def list(self, environ, params):
try:
Controller().checkToken()
me = Controller().getUid()
apikey = Controller().getApiKey()
u = UserFactory.get(me)
if u.level < 3:
output.error('forbidden', 403)
users, total = UserFactory.getAllUsers()
result = []
for user in users:
profile = user.getProfile()
uObject = user.toObject()
uObject['profile'] = profile['datas']
result.append(uObject)
output.success(result, 200)
except Error:
pass
return Controller().getResponse(True)
def set(self, environ, params):
try:
Controller().checkToken()
#relation = Controller().getRelation()
me = Controller().getUid()
apikey = Controller().getApiKey()
if Controller().getApiType() != 1:
output.error('Not your api business', 403)
me = UserFactory.get(me)
if me.level < 3:
output.error('forbidden', 403)
user = UserFactory.get(params['uid'])
newLevel = params['role']
if newLevel == 'admin':
user.level = 3
elif newLevel == 'reviewer':
user.level = 2
else :
user.level = 1
Db().get('users').update({'uid': user.uid}, user)
output.success('acl changed', 200)
except Error:
pass
return Controller().getResponse(True)
def reminderSend(self, environ, params):
try:
email = Controller().getRequest().GET['email']
if not email:
output.error('need email', 400)
user = UserFactory.get({'email': email})
if user is None:
output.error('unknown user', 400)
user.generatePasswordReminder()
Db().get('users').update({'uid': user.uid}, user)
#send mail
AsyncMailer(
template_name='password-reminder',
template_content=[{
'name': 'validation_code',
'content': user.password_reminder
}],
global_merge_vars=[
],
message={
'subject': 'Mot de passe perdu Éducation et Numérique',
'from_email': '*****@*****.**',
'from_name': 'Education & Numérique',
'headers': {},
'to': [
{
'email': user.email,
'name': user.username
}
],
'metadata': {
'uid': user.uid,
'email_validation_code': user.password_reminder
},
'tags': ['password-reminder'],
'google_analytics_domains': ['beta.lxxl.com'],
'google_analytics_campaign': [
'internal_password_reminder'
],
'auto_text': True,
'track_opens': True,
'track_clicks': True
}
).start()
output.success('reminder send', 200)
except Error:
pass
return Controller().getResponse(True)
def fetch(self, environ, params):
try:
req = Controller().getRequest()
a = ActivityFactory.get(params['rid'])
if not a:
output.error('not found', 404)
output.success(a.toObject(), 200)
except Error:
pass
return Controller().getResponse(True)
def seen(self, environ, params):
try:
a = ActivityFactory.get(params['rid'])
if not a:
output.error('not found', 404)
ActivityFactory.incSeen(a)
output.success(a.toObject(), 200)
except Error:
pass
return Controller().getResponse(True)
def delete(self, environ, params):
try:
a = ActivityFactory.get(params['rid'])
if not a:
output.error('not found', 404)
ActivityFactory.delete(a)
output.success('Activity deleted', 200)
except Error:
pass
return Controller().getResponse(True)
def delete(self, environ, params):
try:
b = BlobFactory.get(params['bid'])
if not b:
output.error('blob not found', 404)
BlobFactory.delete(params['bid'])
output.success('blob deleted', 202)
except Error:
pass
return Controller().getResponse(True)
def unreport(self, environ, params):
try:
a = ActivityFactory.get(params['rid'])
if not a:
output.error('not found', 404)
a.isReported = False
ActivityFactory.update(a)
output.success(a.toObject(), 200)
except Error:
pass
return Controller().getResponse(True)
def findByLogin(self, environ, params):
try:
user = users.Factory.get(params["login"])
if not user:
output.error("unknown acess", 404)
resp = app.Controller().getResponse()
resp.status = 200
resp.text = '{"uid" : "%s", "activate" : %s }' % (user.uid, int(user.activate))
except app.Error:
pass
return app.Controller().getResponse(True)
def fetch(self, environ, params):
try:
req = Controller().getRequest()
b = BlobFactory.get(params['bid'], params['release'])
if not b:
output.error('blob not found', 404)
resp = Controller().getResponse()
resp.headers['Content-Type'] = b.content_type
resp.body = b.read()
except Error:
pass
return Controller().getResponse(True)
def get(self, environ, params):
try:
Controller().checkToken()
#relation = Controller().getRelation()
me = Controller().getUid()
# fix privacy
# if relation < 1:
# output.error('#ApiKeyUnauthorized', 403)
user = UserFactory.get(params['uid'])
if not user:
output.error('unknown user', 404)
#XXX uncomment me ?
# if user.activate == 0:
# output.error('unactivated user', 404)
result = {}
Db().get('profile').ensure_index(
[('uid', ASCENDING)], {'background': True})
profile = Db().get('profile').find_one({'uid': params['uid']})
if not profile:
profile = {}
profile['datas'] = {}
result['profile'] = profile['datas']
result['email'] = user.email
result['username'] = user.username
result['uid'] = user.uid
result['level'] = user.level
if user.hasAvatar is True:
result['hasAvatar'] = True
else:
result['hasAvatar'] = False
result['friends'] = user.friends_count
output.success(result, 200)
except Error:
pass
return Controller().getResponse(True)
def create(self, environ, params):
try:
req = Controller().getRequest()
if not req.json:
output.error('invalid json', 400)
a = Activity()
a.saveDraft(**req.json)
a.setAuthor(UserFactory.get(Controller().getUid()))
a.creationDate = int(time.time())
ActivityFactory.new(a)
output.success(a.toObject(), 201)
except Error:
pass
return Controller().getResponse(True)
def get(self, environ, params):
try:
req = Controller().getRequest()
blobId = BlobFactory.getBlobIds(user=params["uid"], release="published", type="avatar")
if not len(blobId):
output.error("avatar not found", 404)
blobId = blobId.pop()
b = BlobFactory.get(blobId, "published")
resp = Controller().getResponse()
resp.headers["Content-Type"] = b.content_type
resp.body = b.read()
except Error:
pass
return Controller().getResponse(True)
def publish(self, environ, params):
try:
req = Controller().getRequest()
a = ActivityFactory.get(params['rid'])
if not a:
output.error('not found', 404)
a.publish()
for (blobType, values) in a.published['blobs'].items():
for blobId in values:
BlobFactory.publish(blobId)
ActivityFactory.update(a)
output.success(a.toObject(), 200)
except Error:
pass
return Controller().getResponse(True)
def save(self, environ, params):
try:
req = Controller().getRequest()
if not req.json:
output.error('invalid json', 400)
a = ActivityFactory.get(params['rid'])
if not a:
output.error('not found', 404)
a.saveDraft(**req.json)
ActivityFactory.update(a)
output.success(a.toObject(), 200)
except Error:
pass
return Controller().getResponse(True)
def get(search):
try:
if isinstance(search, str):
search = {'uid': search}
else:
tmp = {}
for (key, value) in search.items():
tmp[key] = value.lower()
search = tmp
del tmp
data = Db().get(
'users').find_one(search, {'friends': {'$slice': 0}})
except DbError:
output.error('cannot access db', 503)
if data is None:
return None
return User(**data)
def deactivate(self, environ, params):
try:
Controller().checkToken()
me = Controller().getUid()
apikey = Controller().getApiKey()
u = UserFactory.get(me)
if u.level < 3:
output.error('forbidden', 403)
if u.uid == params['uid']:
output.error('cannot delete yourself', 403)
user = UserFactory.get(params['uid'])
if not user:
output.error('unknown user', 404)
user.activate = 0
user.deactivated = True
#Init account on admin service
try:
uri = '/1.0/user/' + user.uid + '/deactivate'
resp = AdminRequest().request(uri, {
'uid': user.uid,
'login': user.email
})
except AdminError as e:
output.error('Registration error : %s' % e, 500)
if resp is None or int(resp.getHeader('status')) != 200:
output.error('activation troubles ...', 500)
Db().get('users').update({'uid': user.uid}, user)
output.success('deactivated user', 200)
except Error:
pass
return Controller().getResponse(True)
def activate(self, environ, params):
try:
req = app.Controller().getRequest()
uid = req.POST.get("uid")
login = req.POST.get("login")
if not uid or not login:
output.error("invalid format", 400)
login = login.lower()
user = users.Factory.get(login)
##########################################################
# A reprende pour faire face aux différentes éventualités.
# Mais je ne cause pas Python, alors .... (JBT)
# if (not user):
# output.error('unknown access', 404) # "Ce compte n'existe pas"
#
# if (user) and (user.activate == 1):
# output.error('invalid format', 400) # "Votre compte est déjà activé"
# if (user) and (user.uid != uid):
# output.error('unknown access', 404) # "Ce code n'est pas valable"
##########################################################
if (not user) or (user.uid != uid):
output.error("unknown access", 404)
user.activate = 1
storage.Db().get("auth_users").update({"login": login, "uid": uid}, user)
storage.Memcache().delete(login, "auth")
output.success("user activated", 200)
except app.Error:
pass
return app.Controller().getResponse(True)
def delete(self, environ, params):
try:
Controller().checkToken()
if Controller().getApiType() != 1:
output.error("Not your api business", 403)
u = UserFactory.get(params["uid"])
if not u:
output.error("user not found", 404)
uid = params["uid"]
blobId = BlobFactory.getBlobIds(user=params["uid"], release="published", type="avatar")
if not len(blobId):
output.error("avatar not found", 404)
blobId = blobId.pop()
BlobFactory.delete(blobId, "published")
UserFactory.setAvatar(u.uid, False)
output.success("avatar deleted", 200)
except Error:
pass
return Controller().getResponse(True)
def get(login):
login = login.lower()
try:
data = None
data = storage.Memcache().get(login, 'auth')
except Exception:
pass
if not data:
try:
storage.Db().get('auth_users').ensure_index(
[('login', storage.ASCENDING)],
{'unique': True, 'background': True}
)
storage.Db().get('auth_users').ensure_index(
[('uid', storage.DESCENDING)],
{'unique': False, 'background': True}
)
if login == 'anonymous':
data = Factory.getAnonymous().__dict__
else:
data = storage.Db().get('auth_users').find_one(
{"login": login}
)
storage.Memcache().set(login, data, 'auth')
except storage.DbError:
output.error('cannot access db', 503)
except:
pass
if not data:
return None
return User(**data)
def addConnect(self, type, id):
self.connect[type] = id
if hasattr(self, '_id') and self._id:
return
try:
Db().get('users').ensure_index([
('connect.%s' % type, DESCENDING)],
{
'unique': True,
'background': False,
'sparse': True,
'dropDups': True
})
Db().get('users').update(
{'uid': self.uid},
{'$set': {'connect.%s' % type: id}}
)
except DbError:
output.error('cannot access db', 503)
def create(self, environ, params):
try:
req = app.Controller().getRequest()
uid = req.POST.get("uid")
login = req.POST.get("login")
password = req.POST.get("password")
if not uid or not login or not password:
output.error("invalid format", 400)
user = users.User()
user.uid = uid
user.login = login.lower()
user.realm = Config().get("realm")
user.activate = 0
user.setDigest(password)
users.Factory.new(user)
output.success("user created", 201)
except app.Error:
pass
return app.Controller().getResponse(True)
def set(self, environ, params):
try:
Controller().checkToken()
#relation = Controller().getRelation()
me = Controller().getUid()
apikey = Controller().getApiKey()
me = UserFactory.get(me)
if me.uid != params['uid'] and me.level < 3:
output.error('UserUnauthorized', 403)
if Controller().getApiType() != 1:
output.error('Not your api business', 403)
# if relation != 2:
# output.error(
# '#ApiKeyUnauthorized : none of your business', 403)
user = UserFactory.get(params['uid'])
if not user:
output.error('unknown user', 404)
data = Controller().getRequest().json
if not data:
output.error('bad json format', 400)
Db().get('profile').update({'uid': user.uid}, {
'datas': data,
'uid': user.uid,
'updated': datetime.datetime.utcnow()
}, True)
output.success('profile updated', 200)
except Error:
pass
return Controller().getResponse(True)
