def POST(self):
form = self._email_form()
if form.validates():
user_email = form['email'].value
sess = session.get_session()
user_id = sess['tw_user_id']
db = database.get_db()
if user_id:
db.update(tables='users',
where='id=$user_id',
vars={'user_id': user_id},
email=user_email)
else:
values = {
'name': sess['tw_name'],
'username': sess['tw_username'],
'twitter': sess['tw_twitter'],
'login_source': auth.LOGIN_SOURCE_TWITTER,
'email': user_email,
}
user_id = db.insert(tablename='users', **values)
auth.login_user(session.get_session(), user_id)
web.seeother(url='/register/after-signup', absolute=True)
else:
return template.ltpl('register/twitter/email',
form,
msg=_('Please provide an email'))
def GET(self):
data = web.input(page=1, dir='desc', sort='pins.timestamp')
sess = session.get_session()
reset_offset = sess.get('search_reset_offset', False)
if reset_offset:
self.page = 0
sess['search_reset_offset'] = False
else:
self.page = int(data.page) - 1
self.sort = data.sort
self.sort_direction = data.dir
where_clause = build_where(self)
db = database.get_db()
results = db.query('''select
pins.*,
case when users.username is null then '---' else users.username end as username
from pins
left join users on pins.user_id=users.id
where {where_clause}
order by {sort_ord} {sort_dir}
limit {limit} offset {offset}
'''.format(where_clause=' and '.join(where_clause), sort_ord=self.sort, sort_dir=self.sort_direction, limit=PAGE_SIZE, offset=(PAGE_SIZE * self.page)))
pins = []
for row in results:
pins.append(row)
if pins:
return web.template.frender('t/admin/pin_search_list.html')(pins, date)
else:
return web.template.frender('t/admin/pin_search_list.html')([], date)
def GET(self):
sess = session.get_session()
if sess.get('user_id', False):
return web.seeother(url='/', absolute=True)
message = web.input(msg=None)['msg']
form = self.UsernameForm()
return template.ltpl('recover_password/start', form, message)
def POST(self):
""" Change user password and get/store new logintoken
:param str csid_from_client: Csid string from client
:param str logintoken: Logintoken
:param str old_password: current password of the user
:param str new_password, new_password2: The new password typed 2 times
:response_data: new clinet token
:to test:
"""
request_data = web.input()
save_api_request(request_data)
client_token = request_data.get("logintoken")
status, response_or_user = self.authenticate_by_token(client_token)
if not status:
return response_or_user
old_password = request_data.get("old_password")
new_password = request_data.get("new_password")
new_password2 = request_data.get("new_password2")
pw_salt = response_or_user['pw_salt']
pw_hash = response_or_user['pw_hash']
status, error = self.passwords_validation(pw_salt, pw_hash,
old_password, new_password,
new_password2,
response_or_user["username"],
response_or_user["email"])
if status:
new_password_hash = self.create_password(pw_salt, new_password)
db.update('users',
pw_hash=new_password_hash,
vars={'id': response_or_user["id"]},
where="id=$id")
# re_login user with new password
sess = session.get_session()
auth.login_user(sess, response_or_user["id"])
user = db.select('users', {'id': response_or_user["id"]},
where='id=$id')[0]
response = api_response(
client_token=user.get('logintoken'),
csid_from_client=request_data.get("csid_from_client"),
csid_from_server=user.get('seriesid'))
else:
data = {}
user = db.select('users', {'id': response_or_user["id"]},
where='id=$id')[0]
csid_from_server = user.get('seriesid')
csid_from_client = request_data.get("csid_from_client")
response = api_response(data=data,
status=400,
error_code=error,
csid_from_client=csid_from_client,
csid_from_server=csid_from_server)
return response
def POST(self, pin_id):
form = self.get_form()
if form.validates():
web.header('Content-Type', 'application/json')
sess = session.get_session()
auth.force_login(sess)
db = database.get_db()
price = form.d.price or None
pin_utils.update_base_pin_information(db, pin_id, sess.user_id,
form.d.title,
form.d.description,
form.d.link, form.d.tags,
price, form.d.product_url,
form.d.price_range)
categories = [int(c) for c in form.d.categories.split(',')]
pin_utils.update_pin_into_categories(db, pin_id, categories)
if form.d.imageurl:
try:
image_filename, _ = urllib.urlretrieve(form.d.imageurl)
pin_utils.update_pin_images(db, pin_id, sess.user_id,
image_filename)
except Exception as e:
logger.error(
'Could not save the image for pin: {} from URL: {}'.
format(pin_id, form.d.imageurl),
exc_info=True)
return json.dumps({'status': str(e)})
return json.dumps({'status': 'ok'})
else:
return web.notfound()
def POST(self):
sess = session.get_session()
auth.force_login(sess)
form = self._form()
if form.validates():
pin_id_list = list(set([int(x) for x in form.d.ids.split(',')]))
pins_to_delte = ','.join(str(x) for x in pin_id_list)
category_id_list = [int(x) for x in form.d.categories.split(',')]
values_to_insert = [{
'pin_id': pin_id,
'category_id': category_id
} for pin_id, category_id in itertools.product(
pin_id_list, category_id_list)]
db = database.get_db()
transaction = db.transaction()
try:
db.delete(table='pins_categories',
where='pin_id in ({})'.format(pins_to_delte))
db.multiple_insert(tablename='pins_categories',
values=values_to_insert)
transaction.commit()
return json.dumps({'status': 'ok'})
except Exception:
logger.error('Failed to update categories', exc_info=True)
transaction.rollback()
return json.dumps({'status': 'error'})
else:
return json.dumps({'status': 'error'})
def GET(self):
error = web.input(error=None)['error']
if error:
error = web.input(error_description='')['error_description']
full_error = _(
'There was a problem with login with Facebook. You can try again or user another login method: {}'
).format(error)
return redirect_to_register(full_error)
else:
self.code = web.input(code=None)['code']
if self.code:
if not self._check_state_parameter():
return redirect_to_register(
_('Detected a possible request forge'))
if not self._exchange_code_for_access_token():
return redirect_to_register(_('Invalid facebook login'))
if not self._obtain_user_profile():
return redirect_to_register(_('Invalid facebook login'))
user_id = self._get_user_from_db()
if not user_id:
# user not registered, let's register
web.seeother(url='/register/')
else:
sess = session.get_session()
auth.login_user(sess, user_id)
web.seeother(url='/{}'.format(self.username),
absolute=True)
else:
error = _(
'Failure in the OAuth protocol with Facebook. You can try again or user another login method'
)
return redirect_to_register(error)
def POST(self, user_id, token_id, token):
user_id = int(user_id)
token_id = int(token_id)
form = self.PwdResetForm()
if form.validates():
sess = session.get_session()
if sess['pwdrecov_token_id'] != token_id or sess[
'pwdrecov_user_id'] != user_id or sess[
'pwdrecov_token'] != token:
message = _(
'Sorry! We cannot verify that this user requested a password reset. Please try to reset your passord again.'
)
return web.seeother(
url='/recover_password?msg={}'.format(message),
absolute=True)
password = form.d.pwd1
auth.chage_user_password(user_id, password)
db = database.get_db()
db.update(tables='password_change_tokens',
where='id=$id',
vars={'id': token_id},
used=True,
used_on=datetime.datetime.now())
auth.login_user(sess, user_id)
self.send_email()
return web.seeother('/recover_password_complete/')
else:
return template.ltpl('recover_password/change_pwd_form', form)
def POST(self, name=None):
"""
Updates social media accounts.
"""
sess = session.get_session()
force_login(sess)
logintoken = convert_to_logintoken(sess.user_id)
form = self._form()
if not form.validates():
return 'bad input'
if logintoken:
data = {
"logintoken": logintoken,
"csid_from_client": "",
"facebook": form.d.facebook,
"linkedin": form.d.linkedin,
"twitter": form.d.twitter,
"gplus": form.d.gplus
}
data = api_request("api/profile/userinfo/update", data=data)
if data['status'] == 200:
raise web.seeother('/social-media')
else:
mgs = data['error_code']
raise web.seeother('/profile?msg=%s' % msg)
def GET(self):
db = database.get_db()
sess = session.get_session()
results = db.where('users', what='username', id=sess.user_id)
for row in results:
username = row.username
return template.ltpl('recover_password/complete', username)
def POST(self, name=None):
"""
Responsible for handing profile editing calls
"""
sess = session.get_session()
force_login(sess)
logintoken = convert_to_logintoken(sess.user_id)
form = self._form()
if not form.validates():
return 'you need to fill in everything'
if logintoken:
data = {
"name": form.d.name,
"about": form.d.about,
"website": form.d.website,
"country": form.d.country,
"hometown": form.d.hometown,
"city": form.d.city,
"csid_from_client": 'None',
"logintoken": logintoken
}
data = api_request("api/profile/userinfo/update", "POST", data)
if data['status'] == 200:
raise web.seeother('/profile')
else:
msg = data['error_code']
raise web.seeother('/profile?msg=%s' % msg)
get_input = web.input(_method='get')
if 'user_profile' in get_input:
raise web.seeother('/%s?editprofile=1' % user.username)
def GET(self, pin_id=None):
sess = session.get_session()
auth.force_login(sess)
db = database.get_db()
results = db.query('''select pins.*
from pins
where pins.id=$id and user_id=$user_id''',
vars={
'id': pin_id,
'user_id': sess.user_id
})
for row in results:
web.header('Content-Type', 'application/json')
row.price = str(row.price)
row.price_range_repr = '$' * row.price_range if row.price_range < 5 else '$$$$+'
results = db.select(
tables=['categories', 'pins_categories'],
where=
'categories.id = pins_categories.category_id and pins_categories.pin_id=$id',
vars={'id': pin_id})
row['categories'] = [{
'id': catrow.id,
'name': catrow.name
} for catrow in results]
results = db.where(table='tags', pin_id=pin_id)
tags = [r.tags for r in results]
row['tags'] = tags
return json.dumps(row)
raise web.notfound()
def ltpl(*params):
sess = session.get_session()
if auth.logged_in(sess):
logintoken = convert_to_logintoken(sess.user_id)
# Getting profile of a given user
profile_url = "/api/profile/userinfo/info"
profile_owner_context = {
"csid_from_client": "1",
"id": sess.user_id,
"logintoken": logintoken}
user = api_request(profile_url, data=profile_owner_context)\
.get("data", [])
if len(user) == 0:
return u"Profile was not found"
user = pin_utils.dotdict(user)
db = database.get_db()
acti_needed = user.activation
notif_count = db.select('notifs', what='count(*)', where='user_id = $id', vars={'id': sess.user_id})
# all_albums = list(db.select('albums', where="user_id=%s" % (sess.user_id), order='id'))
all_albums = []
boards = list(db.where(table='boards', order='name', user_id=sess.user_id))
categories_to_select = list(cached_models.get_categories_with_children(db))
return tpl('layout', tpl(*params), cached_models.get_categories(), boards, all_albums, user, acti_needed, notif_count[0].count, csrf_token,categories_to_select )
return tpl('layout', tpl(*params), cached_models.get_categories())
def grab_and_insert_profile_picture(self):
sess = session.get_session()
db = database.get_db()
album_id = db.insert(tablename='albums',
name=_('Profile Pictures'),
user_id=self.user_id)
photo_id = db.insert(tablename='photos', album_id=album_id)
picture_url = 'https://graph.facebook.com/{0}/picture'.format(
sess.fb_profile['username'])
picture_filename = 'static/pics/{0}.png'.format(photo_id)
try:
filename, headers = urllib.urlretrieve(url=picture_url)
if filename.endswith('.png'):
os.renames(old=filename, new=picture_filename)
else:
img = Image.open(filename)
img.save(picture_filename)
os.unlink(filename)
img = Image.open(picture_filename)
width, height = img.size
ratio = 80.0 / float(width)
width = 80
height *= ratio
img.thumbnail((width, height), Image.ANTIALIAS)
picture_thumb_filename = 'static/pics/userthumb{0}.png'.format(
photo_id)
img.save(picture_thumb_filename)
db.update(tables='users',
where='id=$id',
vars={'id': self.user_id},
pic=photo_id)
except:
# no problem, we can live without the profile picture
logger.info('Could not obtain faceboog profile picture',
exc_info=True)
def GET(self):
'''
Manages the return from the facebook login. On success returns to the root
of the server url. Else prints a message
'''
sess = session.get_session()
error = web.input(error=None)['error']
if error:
error = web.input(error_description='')['error_description']
full_error = _(
'There was a problem with login with Facebook. You can try'
' again or user another login method: {}').format(error)
return redirect_to_register(full_error)
else:
self.code = web.input(code=None)['code']
if self.code:
if not self._check_state_parameter():
return redirect_to_register(
_('Detected a possible request forge'))
if not self._exchange_code_for_access_token():
return redirect_to_register(_('Invalid facebook login'))
if not self._obtain_user_profile():
return redirect_to_register(_('Invalid facebook login'))
user_id = self._get_user_from_db()
if not user_id:
sess['fb_profile'] = self.profile
web.seeother(url='/username', absolute=False)
else:
# user already registered, perform a login instead of registration
web.seeother(url='/login/')
else:
error = _(
'Failure in the OAuth protocol with Facebook. You can try again'
' or user another login method')
return redirect_to_register(error)
def GET(self):
sess = session.get_session()
auth.force_login(sess)
params = web.input(tag='')
sess['pin_loaders_tag_filter'] = params.tag
sess['reset_page_offset'] = True
return ''
def GET(self):
sess = session.get_session()
auth.force_login(sess)
params = web.input(size=PIN_LIST_LIMIT)
size = int(params.size)
sess['pin_loaders_item_added_page_size'] = size
sess['reset_page_offset'] = True
return ''
def _save_profile_in_session(self):
sess = session.get_session()
if hasattr(self, 'user_id') and self.user_id:
sess['tw_user_id'] = self.user_id
else:
sess['tw_user_id'] = None
sess['tw_name'] = self.credentials['name']
sess['tw_username'] = self.credentials['screen_name']
sess['tw_twitter'] = self.credentials['screen_name']
def GET(self, board_id):
self.board_id = int(board_id)
self.offset = int(web.input(offset=0).offset)
sess = session.get_session()
auth.logged_in(sess)
pins = self.get_items()
json_pins = json.dumps(pins)
return json_pins
def GET(self):
sess = session.get_session()
if self.username_already_exists(sess.fb_profile['username']):
username = self.suggest_a_username(sess.fb_profile['username'])
else:
username = sess.fb_profile['username']
form = self.username_form()
form['username'].set_value(username.lower())
form['email'].set_value(sess.fb_profile['email'])
return template.ltpl('register/username', form)
def GET(self):
sess = session.get_session()
auth.force_login(sess)
params = web.input(category='0')
if params.category:
sess['pin_loaders_category_filter'] = int(params.category)
else:
sess['pin_loaders_category_filter'] = 0
sess['reset_page_offset'] = True
return ''
def DELETE(self, pin_id):
sess = session.get_session()
category = sess['category']
db = database.get_db()
db.delete(table='pins_categories',
where='pin_id=$pinid and category_id=$catid',
vars={
'pinid': pin_id,
'catid': category
})
return 'ok'
def DELETE(self, pin_id):
try:
sess = session.get_session()
auth.force_login(sess)
db = database.get_db()
pin_utils.delete_pin_from_db(db, pin_id, sess.user_id)
web.header('Content-Type', 'application/json')
return json.dumps({'status': 'ok'})
except:
logger.info('Cannot delete a pin: {}'.format(pin_id),
exc_info=True)
return web.notfound()
def _insert_user_to_db(self):
sess = session.get_session()
values = {
'name': sess['tw_name'],
'username': self.username,
'twitter': sess['tw_twitter'],
'login_source': auth.LOGIN_SOURCE_TWITTER,
'email': self.email,
}
db = database.get_db()
self.user_id = db.insert(tablename='users', **values)
return self.user_id
def get_items(self):
sess = session.get_session()
start = web.input(start=False).start
if start:
offset = 1
self.sess['offset'] = 1
else:
offset = self.sess.get('offset', 1)
if offset == 0:
return []
logintoken = convert_to_logintoken(self.sess.get('user_id'))
data = {
"csid_from_client": '',
"logintoken": logintoken,
"page": offset,
"query_type": "range",
"items_per_page": settings.PIN_COUNT
}
if self.category['id'] != 0:
results = self.db.where(table='categories',
parent=self.category['id'])
data['category_id_list'] = [self.category['id']]
for row in results:
data['category_id_list'].append(str(row.id))
data = api_request("api/image/query/category", "POST", data)
if data['status'] == 200:
if offset >= data['data']['pages_count']:
self.sess['offset'] = 0
data_for_image_query = {
"csid_from_client": '',
"logintoken": logintoken,
"query_params": data['data']['image_id_list']
}
data_from_image_query = api_request("api/image/query", "POST",
data_for_image_query)
if data_from_image_query['status'] == 200:
set_of_seen_items = self.sess['seen_items']
items_without_duplicates = []
for item in data_from_image_query['data']['image_data_list']:
itemid = item['id']
if itemid not in set_of_seen_items:
set_of_seen_items.add(itemid)
items_without_duplicates.append(item)
return items_without_duplicates
return []
def GET(self):
sess = session.get_session()
twitter = twython.Twython(
app_key=settings.TWITTER['api_key'],
app_secret=settings.TWITTER['api_secret'],
oauth_token=sess['oauth_token'],
oauth_token_secret=sess['oauth_token_secret'])
oauth_verifier = web.input(oauth_verifier=None)['oauth_verifier']
try:
final_step = twitter.get_authorized_tokens(oauth_verifier)
except:
logger.error('Twitter authoriation failed', exc_info=True)
return template.lmsg(_('Twitter authentication failed'))
if oauth_verifier:
self.oauth_token = sess['oauth_token'] = final_step['oauth_token']
self.oauth_toke_secret = sess['oauth_token_secret'] = final_step[
'oauth_token_secret']
if not self._get_user_credentials():
return template.lmsg(_('Invalid twitter login'))
user_id, email = self._get_user_data_from_db()
if not user_id:
self._save_profile_in_session()
if self.username_already_exists(
self.credentials['screen_name']):
sess['tw_username'] = self.suggest_a_username(
self.credentials['screen_name'])
raise web.seeother(url='/username', absolute=False)
raise web.seeother(url='/email', absolute=False)
if email:
auth.login_user(session.get_session(), user_id)
# username is set in _get_user_data_from_db()
raise web.seeother(url='/register/after-signup', absolute=True)
else:
self._save_profile_in_session()
raise web.seeother(url='/email', absolute=False)
else:
logger.error('No oauth_verifyer %s', web.input())
return template.lmsg(_("User not authenticated"))
def send_email(self):
db = database.get_db()
sess = session.get_session()
results = db.where('users', id=sess.user_id)
for row in results:
self.user = row
html_message = str(
web.template.frender('t/recover_password/email_pwd_changed.html')(
self.user))
web.sendmail('*****@*****.**',
self.user.email,
'Your MyPinnings password has been changed',
html_message,
headers={'Content-Type': 'text/html;charset=utf-8'})
def GET(self, name=None):
sess = session.get_session()
force_login(sess)
logintoken = convert_to_logintoken(sess.user_id)
profile_url = "/api/profile/userinfo/get"
profile_owner_context = {
"csid_from_client": "",
"logintoken": logintoken
}
user = api_request(profile_url, data=profile_owner_context).get("data")
user = dotdict(user)
msg = web.input(msg=None)['msg']
return ltpl('editprofile', user, settings.COUNTRIES, name, msg)
def _check_state_parameter(self):
'''
Check that the state we send to facebook is the same that facebook
returns back.
'''
try:
sess = session.get_session()
state = sess['state']
returned_state = web.input(state=None)['state']
return state == returned_state
except:
logger.error(
'Session has no state value to check. Possible request forgery'
)
return False
def POST(self, pin_id):
input_values = web.input(category_check=[])
form_data = self.form(input_values)
if form_data.validates():
if not form_data.d.link and not form_data.d.product_url:
return "Invalid url for the product"
if not form_data.d.board_id and not form_data.d.board_name:
return "Invalid board"
if form_data.d.board_id:
board = form_data.d.board_id
else:
board = db.insert('boards', name=form_data.d.board_name)
sess = session.get_session()
logintoken = convert_to_logintoken(sess.user_id)
data = {
'image_id': pin_id,
"csid_from_client": '',
"logintoken": logintoken
}
data = api_request("api/image/query/hashtags", "POST", data)
hash_tag_remove_list = []
if data['status'] == 200:
hash_tag_remove_list = data['data']['hashtag_list']
data = {
'image_id': pin_id,
'image_title': form_data.d.title,
'image_desc': form_data.d.description,
'link': form_data.d.link,
'price': form_data.d.price or None,
'product_url': form_data.d.product_url,
'price_range': form_data.d.price_range,
'board_id': board,
'hash_tag_remove_list': hash_tag_remove_list,
'hash_tag_add_list': form_data.d.tags.split(),
"csid_from_client": '',
"logintoken": logintoken
}
data = api_request("api/image/mp", "POST", data)
if data['status'] == 200:
return web.seeother(url='/p/{}'.format(
data['data']['external_id']),
absolute=True)
return "Invalid data"
