def user_create():
error = None
form = UserForm(request.form)
if request.method == 'POST' and form.validate(skip=['threshold']):
username = request.form.get('username')
password = werkzeug.generate_password_hash(request.form.get('password'))
email = request.form.get('email')
fullname = request.form.get('fullname')
user = User.find_one({'username':username})
if user:
error = 'User %s already exists' % username
else:
user = User()
user.update({'username':username, 'password':password, \
'email':email, 'fullname':fullname})
user.validate()
if user.validation_errors:
error = str([k for k in user.validation_errors]) + \
' fields not valid'
else:
user.save()
flash('User %s created.' % username, 'success')
return redirect(url_for('.users_display'))
flash(error, 'error')
return render_template('create_user.html', form=form)
def user_delete(username):
if username == 'admin':
return 'admin cannot be deleted'
user = User.find_one({'username':username})
user.delete()
flash('User %s deleted.' % username, 'success');
return redirect(url_for('admin.users_display'))
def get_my_conversations():
username = get_current_user().username
user = User.objects(username=username).first()
conversation_ids = user.conversations
return Conversation\
.objects(conversation_id__in=conversation_ids)\
.order_by('-timestamp')\
.select_related()
def make_rememberme_cookie():
username = session['username'] # search for username key in custom cookie
token = os.urandom(16).encode('hex')
cookie = make_cookie(username=username, token=token)
user = User.find_one({'username': username})
user['last_login'][token] = datetime.datetime.now()
user.save()
return cookie
def user_edit(username):
threshold = range(99)
if request.method == 'POST':
username = request.form.get('username')
if not username:
return "Invalid action"
user = User.find_one({'username':username})
if not user:
return 'User does not exist'
if session['username'] != 'admin' and username != session['username']:
return 'You are not allowed to perform that action'
form = UserForm(request.form)
skip = request.form.get('skip')
active = 'account'
if request.method == 'POST' and form.validate(skip=skip):
if request.form.get('password'):
logging.warn('password received')
active = 'password'
if session['username'] != 'admin':
previous_password = request.form.get('previous_password')
if previous_password:
if werkzeug.check_password_hash(user['password'], previous_password):
pass
else:
return render_template('edit_user.html', form=form, user=user, active=active)
user['password'] = werkzeug.generate_password_hash(request.form.get('password'))
elif request.form.get('email') and request.form.get('fullname'):
logging.warn('email and fullname received')
active = 'account'
user['email'] = request.form.get('email')
user['fullname'] = request.form.get('fullname')
elif request.form.get('copy_labels'):
logging.warn('labels received')
active = 'label'
user['labels'] = eval(request.form.get('copy_labels'))
elif request.form.get('threshold'):
logging.warn('settings received')
active = 'settings'
user['threshold'] = int(request.form.get('threshold'))
if user.validation_errors:
return str([k for k in user.validation_errors]) + ' fields not valid'
user.save()
flash('Information updated for user %s.' % username, 'success')
if form.password.errors:
active = 'password'
return render_template('edit_user.html', form=form, user=user, threshold=threshold, active=active)
def logout():
me = session.pop('username', None)
if me:
response_body = redirect(url_for('base.login'))
response = app.make_response(response_body)
if request.cookies.get('TK'):
cookie = unserialize_cookie(request.cookies['TK'])
user = User.find_one({'username': me})
if user and user['last_login'].get(cookie['token']):
user['last_login'].pop(cookie['token'])
user.save()
response.delete_cookie('TK')
return response
return render_template('dashboard.html')
def login():
error = None
remember = False
cookie_flag = False
next_url = request.args.get('next')
if next_url:
response_body = redirect(next_url)
else:
response_body = redirect(url_for("base.dashboard"))
response = app.make_response(response_body)
if request.method == 'POST':
username = request.form.get('username')
password = request.form.get('password')
remember_me = request.form.get('remember_me')
if username and password:
me = User.find_one({'username':username})
if me:
hash_password = me.get('password', '')
if werkzeug.check_password_hash(hash_password, password):
session['username'] = me['username']
if remember_me:
remember = True
else:
error = 'Invalid password'
else:
error = 'Invalid username'
logger.warning('Invalid username')
return render_template('login.html', error=error)
else:
error = "username and password fields are required."
logger.warning("username and password fields are required")
return render_template('login.html', error=error)
if not session.get('username'):
username = check_login_cookies(request.cookies)
if username:
cookie_flag = True
session['username'] = username
if session.get('username'):
if remember or cookie_flag:
response.set_cookie('TK', make_rememberme_cookie(), 2592000) # 30 days
logger.info("login successful")
return response
else:
return render_template('login.html', error=error)
def get_user_prefs():
"""
"""
label_scale = [None for i in range(100)]
user = User.find_one({'username': session['username']})
labels = user['labels']
threshold = user['threshold']
for label, value in labels.iteritems():
ran, color = value
start, end = ran.split('-')
intermediate_values = range(int(start) + 1, int(end) + 1)
for i in intermediate_values:
label_scale[i-1] = label
return labels, label_scale, threshold
def check_login_cookies(cookie):
if not cookie.get('TK'):
return
username_random = unserialize_cookie(cookie['TK'])
username = username_random['username']
token = username_random['token']
user = User.find_one({'username': username})
if user['last_login'].get(token):
if (user['last_login'].get(token) + datetime.timedelta(days=30)) < datetime.datetime.now():
return
user['last_login'].pop(token, None)
user.save()
return username
return
def users_display():
users = User.find()
return render_template('display_users.html', users=users)
def get_current_user_obj():
username = get_current_user().username
return User.objects(username=username).first()