def _sign_in_user(user): login_user(user, remember=True) if newsletter.ask_user_to_subscribe(user): return redirect_content_type(url_for('account.newsletter_subscribe', next=request.args.get('next'))) return redirect_content_type(request.args.get("next") or url_for("home.home"))
def del_category(id): """Delete a category.""" try: category = project_repo.get_category(id) if category: if len(cached_cat.get_all()) > 1: ensure_authorized_to('delete', category) if request.method == 'GET': response = dict(template='admin/del_category.html', title=gettext('Delete Category'), category=category, form=dict(csrf=generate_csrf())) return handle_content_type(response) if request.method == 'POST': project_repo.delete_category(category) msg = gettext("Category deleted") flash(msg, 'success') cached_cat.reset() return redirect_content_type(url_for(".categories")) else: msg = gettext('Sorry, it is not possible to delete the only' ' available category. You can modify it, ' ' click the edit button') flash(msg, 'warning') return redirect_content_type(url_for('.categories')) else: abort(404) except HTTPException: raise except Exception as e: # pragma: no cover current_app.logger.error(e) return abort(500)
def _sign_in_user(user, next_url=None): brand = current_app.config['BRAND'] if not user: flash( gettext('There was a problem signing you in. ' 'Please contact your {} administrator.'.format(brand)), 'error') return redirect(url_for('home.home')) if not user.enabled: flash( gettext('Your account is disabled. ' 'Please contact your {} administrator.'.format(brand)), 'error') return redirect(url_for('home.home')) login_user(user, remember=False) user.last_login = model.make_timestamp() user_repo.update(user) next_url = (next_url or is_own_url_or_else(request.args.get('next'), url_for('home.home')) or url_for('home.home')) if (current_app.config.get('MAILCHIMP_API_KEY') and newsletter.ask_user_to_subscribe(user)): return redirect_content_type( url_for('account.newsletter_subscribe', next=next_url)) return redirect_content_type(next_url)
def images(short_name): (project, owner, n_tasks, n_task_runs, overall_progress, last_activity, n_results) = project_by_shortname(short_name) pro=pro_features() project_button = add_custom_contrib_button_to(project, get_user_id_or_ip()) feature_handler = ProFeatureHandler(current_app.config.get('PRO_FEATURES')) autoimporter_enabled = feature_handler.autoimporter_enabled_for(current_user) project_sanitized, owner_sanitized = sanitize_project_owner(project_button, owner, current_user) if(session.get("question") is None): return redirect_content_type(url_for('.success',short_name=short_name)) if request.method == 'POST': type_q="normal" answer=[] if(request.form.get('question','')==""): flash("Atleast 1 question is required","warning") return render_template('images.html',project=project_sanitized, pro_features=pro) if(request.form.get('checkbox','')!=""): if(request.form.getlist('answer')[0]=="" or request.form.getlist('answer')[1]==""): flash("Atleast 2 answers are required","warning") return render_template('images.html',project=project_sanitized, pro_features=pro) else: type_q="mcqs" answer=request.form.getlist('answer') dictobj={"questionString":request.form.get('question'),"answers":answer,"type":type_q} session["question"]["images"].append(dictobj) if(request.form.get('submit','')=="submit"): p=draft_project(project) if(p!="-1"): return redirect_content_type(url_for('.'+p.lower(),short_name=short_name)) else: return redirect_content_type(url_for('.success',short_name=short_name)) return render_template('images.html',project=project_sanitized,pro_features=pro) #we are going to tags.html
def newsletter_subscribe(): """ Register method for subscribing user to PYBOSSA newsletter. Returns a Jinja2 template """ # Save that we've prompted the user to sign up in the newsletter if newsletter.is_initialized() and current_user.is_authenticated(): next_url = request.args.get('next') or url_for('home.home') user = user_repo.get(current_user.id) if current_user.newsletter_prompted is False: user.newsletter_prompted = True user_repo.update(user) if request.args.get('subscribe') == 'True': newsletter.subscribe_user(user) flash("You are subscribed to our newsletter!", 'success') return redirect_content_type(next_url) elif request.args.get('subscribe') == 'False': return redirect_content_type(next_url) else: response = dict(template='account/newsletter.html', title=gettext("Subscribe to our Newsletter"), next=next_url) return handle_content_type(response) else: return abort(404)
def add_admin(user_id=None): """Add admin flag for user_id.""" try: if user_id: user = user_repo.get(user_id) if not user: return format_error('User not found', 404) if not user.enabled: markup = Markup('<strong>{}</strong> {} <strong>{}</strong>') flash( markup.format(gettext('User account '), user.fullname, gettext(' is disabled'))) return redirect_content_type(url_for(".users")) if not can_have_super_user_access(user): markup = Markup('<strong>{} {}</strong> {} {}') flash( markup.format(gettext('Denied admin privileges to'), user.fullname, user.email_addr, 'disqualify for admin access.')) return redirect_content_type(url_for(".users")) ensure_authorized_to('update', user) user.admin = True user_repo.update(user) msg = generate_invitation_email_for_admins_subadmins(user, "Admin") if msg: mail_queue.enqueue(send_mail, msg) return redirect_content_type(url_for(".users")) except Exception as e: # pragma: no cover current_app.logger.error(e) return abort(500)
def del_category(id): """Delete a category.""" try: category = project_repo.get_category(id) if category: if len(cached_cat.get_all()) > 1: ensure_authorized_to('delete', category) if request.method == 'GET': response = dict(template='admin/del_category.html', title=gettext('Delete Category'), category=category, form=dict(csrf=generate_csrf())) return handle_content_type(response) if request.method == 'POST': project_repo.delete_category(category) msg = gettext("Category deleted") flash(msg, 'success') cached_cat.reset() return redirect_content_type(url_for(".categories")) else: msg = gettext('Sorry, it is not possible to delete the only' ' available category. You can modify it, ' ' click the edit button') flash(msg, 'warning') return redirect_content_type(url_for('.categories')) else: abort(404) except HTTPException: raise except Exception as e: # pragma: no cover current_app.logger.error(e) return abort(500)
def signin(): """ Signin method for PYBOSSA users. Returns a Jinja2 template with the result of signing process. """ form = LoginForm(request.body) if request.method == 'POST' and form.validate(): password = form.password.data email_addr = form.email.data.lower() user = user_repo.search_by_email(email_addr=email_addr) if user and not user.enabled: flash(gettext('Your account is disabled. ' 'Please contact your GIGwork administrator.'), 'error') return redirect(url_for('home.home')) if user and user.check_password(password): if not current_app.config.get('ENABLE_TWO_FACTOR_AUTH'): msg_1 = gettext('Welcome back') + ' ' + user.fullname flash(msg_1, 'success') return _sign_in_user(user) else: _email_two_factor_auth(user) url_token = otp.generate_url_token(user.email_addr) return redirect_content_type(url_for('account.otpvalidation', token=url_token, next=request.args.get('next'))) elif user: msg, method = get_user_signup_method(user) if method == 'local': msg = gettext('Ooops, Incorrect email/password') flash(msg, 'error') else: flash(msg, 'info') else: msg = gettext("Ooops, we didn't find you in the system, \ did you sign up?") flash(msg, 'info') if request.method == 'POST' and not form.validate(): flash(gettext('Please correct the errors'), 'error') auth = {'twitter': False, 'facebook': False, 'google': False} if current_user.is_anonymous(): # If Twitter is enabled in config, show the Twitter Sign in button if ('twitter' in current_app.blueprints): # pragma: no cover auth['twitter'] = True if ('facebook' in current_app.blueprints): # pragma: no cover auth['facebook'] = True if ('google' in current_app.blueprints): # pragma: no cover auth['google'] = True response = dict(template='account/signin.html', title="Sign in", form=form, auth=auth, next=request.args.get('next')) return handle_content_type(response) else: # User already signed in, so redirect to home page return redirect_content_type(url_for("home.home"))
def newsletter_subscribe(): """ Register method for subscribing user to PYBOSSA newsletter. Returns a Jinja2 template """ # Save that we've prompted the user to sign up in the newsletter if newsletter.is_initialized() and current_user.is_authenticated(): next_url = request.args.get('next') or url_for('home.home') user = user_repo.get(current_user.id) if current_user.newsletter_prompted is False: user.newsletter_prompted = True user_repo.update(user) if request.args.get('subscribe') == 'True': newsletter.subscribe_user(user) flash("You are subscribed to our newsletter!", 'success') return redirect_content_type(next_url) elif request.args.get('subscribe') == 'False': return redirect_content_type(next_url) else: response = dict(template='account/newsletter.html', title=gettext("Subscribe to our Newsletter"), next=next_url) return handle_content_type(response) else: return abort(404)
def redirect_profile(): """Redirect method for profile.""" if current_user.is_anonymous(): # pragma: no cover return redirect_content_type(url_for('.signin'), status='not_signed_in') if (request.headers.get('Content-Type') == 'application/json') and current_user.is_authenticated(): return _show_own_profile(current_user) else: return redirect_content_type(url_for('.profile', name=current_user.name))
def redirect_profile(): """Redirect method for profile.""" if current_user.is_anonymous(): # pragma: no cover return redirect_content_type(url_for('.signin'), status='not_signed_in') if (request.headers.get('Content-Type') == 'application/json') and current_user.is_authenticated(): return _show_own_profile(current_user) else: return redirect_content_type(url_for('.profile', name=current_user.name))
def _sign_in_user(user): login_user(user, remember=True) if (current_app.config.get('MAILCHIMP_API_KEY') and newsletter.ask_user_to_subscribe(user)): return redirect_content_type(url_for('account.newsletter_subscribe', next=request.args.get('next'))) return redirect_content_type(request.args.get("next") or url_for("home.home"))
def _sign_in_user(user): login_user(user, remember=True) if (current_app.config.get('MAILCHIMP_API_KEY') and newsletter.ask_user_to_subscribe(user)): return redirect_content_type(url_for('account.newsletter_subscribe', next=request.args.get('next'))) return redirect_content_type(request.args.get("next") or url_for("home.home"))
def _sign_in_user(user): login_user(user, remember=False) user.last_login = model.make_timestamp() user_repo.update(user) if newsletter.ask_user_to_subscribe(user): return redirect_content_type(url_for('account.newsletter_subscribe', next=request.args.get('next'))) return redirect_content_type(request.args.get("next") or url_for("home.home"))
def audios_edit(short_name): (project, owner, n_tasks, n_task_runs, overall_progress, last_activity, n_results) = project_by_shortname(short_name) pro=pro_features() project_button = add_custom_contrib_button_to(project, get_user_id_or_ip()) feature_handler = ProFeatureHandler(current_app.config.get('PRO_FEATURES')) autoimporter_enabled = feature_handler.autoimporter_enabled_for(current_user) project_sanitized, owner_sanitized = sanitize_project_owner(project_button, owner, current_user) if request.method == 'POST': session_count=len(session["edit_question"]["audios"]); session["edit_question"]["audios"]=[] for j in range(1,session_count+1): ans=[] type_q="normal" print str(j)+'_question' if(request.form.get(str(j)+'_question','')!=""): que=request.form.get(str(j)+'_question') if(request.form.get(str(j)+'_divcheckbox','')!=""): type_q="mcqs" if(request.form.get(str(j)+'_answer','')!=""): ans=request.form.getlist(str(j)+'_answer') dictobj={"questionString":request.form.get(str(j)+'_question'),"answers":ans,"type":type_q} session["edit_question"]["audios"].append(dictobj) if(request.form.get('submit','')=="submit"): p=edit_draft_question(project) project.info["questionSet"]["audios"]=session["edit_question"]["audios"] project_repo.update(project) if(p!="-1"): return redirect_content_type(url_for('.'+p.lower()+"_edit",short_name=short_name)) else: return redirect_content_type(url_for('.edit_success',short_name=short_name)) else: type_q="normal" answer=[] if(request.form.get('question','')==""): flash("Question field is Empty","warning") return render_template('audios_edit.html',project=project_sanitized, pro_features=pro) if(request.form.get('checkbox','')!=""): if(request.form.getlist('answer')[0]=="" or request.form.getlist('answer')[1]==""): flash("Atleast 2 answers are required","warning") return render_template('audios_edit.html',project=project_sanitized, pro_features=pro) else: type_q="mcqs" answer=request.form.getlist('answer') dictobj={"questionString":request.form.get('question'),"answers":answer,"type":type_q} session["edit_question"]["audios"].append(dictobj) return render_template('audios_edit.html',project=project_sanitized,pro_features=pro) #we are going to tags.html
def _sign_in_user(user): login_user(user, remember=False) user.last_login = model.make_timestamp() user_repo.update(user) next_url = (is_own_url_or_else(request.args.get('next'), url_for('home.home')) or url_for('home.home')) if (current_app.config.get('MAILCHIMP_API_KEY') and newsletter.ask_user_to_subscribe(user)): return redirect_content_type( url_for('account.newsletter_subscribe', next=next_url)) return redirect_content_type(next_url)
def redirect_profile(): """Redirect method for profile.""" if current_user.is_anonymous(): # pragma: no cover return redirect_content_type(url_for('.signin'), status='not_signed_in') if (request.headers.get('Content-Type') == 'application/json') and current_user.is_authenticated(): form = None if current_app.config.upref_mdata: form_data = cached_users.get_user_pref_metadata(current_user.name) form = UserPrefMetadataForm(**form_data) form.set_upref_mdata_choices() return _show_own_profile(current_user, form) else: return redirect_content_type(url_for('.profile', name=current_user.name))
def redirect_profile(): """Redirect method for profile.""" if current_user.is_anonymous: # pragma: no cover return redirect_content_type(url_for('.signin'), status='not_signed_in') if (request.headers.get('Content-Type') == 'application/json') and current_user.is_authenticated: form = None if current_app.config.upref_mdata: form_data = cached_users.get_user_pref_metadata(current_user.name) form = UserPrefMetadataForm(**form_data) form.set_upref_mdata_choices() return _show_own_profile(current_user, form, current_user) else: return redirect_content_type(url_for('.profile', name=current_user.name))
def new_announcement(): """Create new announcement.""" def respond(): response = dict(template='admin/new_announcement.html', title=gettext("Write a new post"), form=form) return handle_content_type(response) form = AnnouncementForm() del form.id # project_sanitized, owner_sanitized = sanitize_project_owner(project, owner, current_user) if request.method != 'POST': ensure_authorized_to('create', Announcement()) return respond() if not form.validate(): flash(gettext('Please correct the errors'), 'error') return respond() announcement = Announcement(title=form.title.data, body=form.body.data, published=form.published.data, media_url=form.media_url.data, user_id=current_user.id) ensure_authorized_to('create', announcement) announcement_repo.save(announcement) msg_1 = gettext('Annnouncement created!') markup = Markup('<i class="icon-ok"></i> {}') flash(markup.format(msg_1), 'success') return redirect_content_type(url_for('admin.announcement'))
def callback(): global auth0 try: auth0.authorize_access_token() except Exception: pass msg_1 = gettext( u"Se ha producido un error al iniciar sesión con su cuenta. Los datos introducidos son incorrectos. Por favor, vuelva a intentarlo, pulsando de nuevo sobre “Iniciar sesión”." ) flash(msg_1, 'error') return redirect_content_type(url_for("home.home")) resp = auth0.get('userinfo') userinfo = resp.json() auth_user_id = userinfo['sub'] user = user_repo.get_by(auth_user_id=auth_user_id) if user: msg_1 = gettext(u"Bienvenido") + " " + user.fullname flash(msg_1, 'success') return _sign_in_user(user) else: account = dict(fullname=userinfo['nickname'], name=userinfo['nickname'], email_addr=userinfo['email'], auth_user_id=auth_user_id) return _create_account_Auth(account)
def password_reset_key(): form = PasswordResetKeyForm(request.body) if request.method == 'GET' or not form.validate_on_submit(): response = dict(template='/account/password_reset_key.html', form=form) else: return redirect_content_type(url_for('account.reset_password', key=form.password_reset_key.data)) return handle_content_type(response)
def edit_question(short_name): (project, owner, n_tasks, n_task_runs, overall_progress, last_activity, n_results) = project_by_shortname(short_name) pro=pro_features() project_button = add_custom_contrib_button_to(project, get_user_id_or_ip()) feature_handler = ProFeatureHandler(current_app.config.get('PRO_FEATURES')) autoimporter_enabled = feature_handler.autoimporter_enabled_for(current_user) project_sanitized, owner_sanitized = sanitize_project_owner(project_button, owner, current_user) print project_button["contrib_button"] if "importer_type" in project.info.keys(): if(project.info["importer_type"]=="frg"): if(project_button["contrib_button"]=="draft"): if("questionSet" in project.info.keys()): session["edit_question_list"]=[] session["edit_question"]={"images":[],"documents":[],"videos":[],"audios":[]} for i in ["images","documents","videos","audios"]: if(len(project.info["questionSet"][i])>0): session["edit_question_list"].append(i) p=edit_draft_question(project) print "see"+p if(p!="-1"): return redirect_content_type(url_for('.'+p+"_edit",short_name=short_name)) else: return "-1" #return render_template('select_type.html',project=project_sanitized,pro_features=pro) else: return ("Sorry, You Edit the questions for draft project only.","alert") return "Sorry , You did not imported questions from Fundamenta Research"
def new_announcement(): """Create new announcement.""" def respond(): response = dict( template='', # template='admin/new_announcement.html', title=gettext("Write a new post"), form=form) return handle_content_type(response) form = AnnouncementForm() del form.id # project_sanitized, owner_sanitized = sanitize_project_owner(project, owner, current_user) if request.method != 'POST': ensure_authorized_to('create', Announcement()) return respond() if not form.validate(): flash(gettext('Please correct the errors'), 'error') return respond() announcement = Announcement(title=form.title.data, body=form.body.data, user_id=current_user.id) ensure_authorized_to('create', announcement) announcement_repo.save(announcement) msg_1 = gettext('Annnouncement created!') flash('<i class="icon-ok"></i> ' + msg_1, 'success') return redirect_content_type(url_for('admin.announcement'))
def register(): """ Register method for creating a PYBOSSA account. Returns a Jinja2 template """ if current_app.config.get('LDAP_HOST', False): return abort(404) if not app_settings.upref_mdata: form = RegisterForm(request.body) else: form = RegisterFormWithUserPrefMetadata(request.body) form.set_upref_mdata_choices() form.project_slug.choices = get_project_choices() msg = "I accept receiving emails from %s" % current_app.config.get('BRAND') form.consent.label = msg if request.method == 'POST': form.generate_password() if request.method == 'POST' and form.validate(): if app_settings.upref_mdata: user_pref, metadata = get_user_pref_and_metadata(form.name.data, form) account = dict(fullname=form.fullname.data, name=form.name.data, email_addr=form.email_addr.data, password=form.password.data, consent=form.consent.data, user_type=form.user_type.data) account['user_pref'] = user_pref account['metadata'] = metadata else: account = dict(fullname=form.fullname.data, name=form.name.data, email_addr=form.email_addr.data, password=form.password.data, consent=form.consent.data) ensure_user_data_access_assignment_from_form(account, form) confirm_url = get_email_confirmation_url(account) if current_app.config.get('ACCOUNT_CONFIRMATION_DISABLED'): project_slugs=form.project_slug.data create_account(account, project_slugs=project_slugs) flash(gettext('Created user successfully!'), 'success') return redirect_content_type(url_for("home.home")) msg = dict(subject='Welcome to %s!' % current_app.config.get('BRAND'), recipients=[account['email_addr']], body=render_template('/account/email/validate_account.md', user=account, confirm_url=confirm_url)) msg['html'] = markdown(msg['body']) mail_queue.enqueue(send_mail, msg) data = dict(template='account/account_validation.html', title=gettext("Account validation"), status='sent') return handle_content_type(data) if request.method == 'POST' and not form.validate(): flash(gettext('Please correct the errors'), 'error') del form.password del form.confirm data = dict(template='account/register.html', title=gettext("Register"), form=form) return handle_content_type(data)
def confirm_email(): """Send email to confirm user email.""" acc_conf_dis = current_app.config.get('ACCOUNT_CONFIRMATION_DISABLED') if acc_conf_dis: return abort(404) if current_user.valid_email is False: user = user_repo.get(current_user.id) account = dict(fullname=current_user.fullname, name=current_user.name, email_addr=current_user.email_addr) confirm_url = get_email_confirmation_url(account) subject = ('Verify your email in %s' % current_app.config.get('BRAND')) msg = dict(subject=subject, recipients=[current_user.email_addr], body=render_template('/account/email/validate_email.md', user=account, confirm_url=confirm_url)) msg['html'] = render_template('/account/email/validate_email.html', user=account, confirm_url=confirm_url) mail_queue.enqueue(send_mail, msg) msg = gettext("An e-mail has been sent to \ validate your e-mail address.") flash(msg, 'info') user.confirmation_email_sent = True user_repo.update(user) return redirect_content_type(url_for('.profile', name=current_user.name))
def edit_question(short_name): (project, owner, n_tasks, n_task_runs, overall_progress, last_activity, n_results) = project_by_shortname(short_name) pro = pro_features() project_button = add_custom_contrib_button_to(project, get_user_id_or_ip()) feature_handler = ProFeatureHandler(current_app.config.get('PRO_FEATURES')) autoimporter_enabled = feature_handler.autoimporter_enabled_for( current_user) project_sanitized, owner_sanitized = sanitize_project_owner( project_button, owner, current_user) print project_button["contrib_button"] if (project_button["contrib_button"] == "draft"): if ("questionSet" not in project.info.keys()): project.info.update({ "questionSet": { "images": [], "videos": [], "audios": [], "documents": [] } }) project_repo.update(project) session["edit_question"] = { "images": [], "documents": [], "videos": [], "audios": [] } return redirect_content_type( url_for('.images_edit', short_name=short_name)) else: return ("Sorry, You Edit the questions for draft project only.", "alert")
def update_announcement(id): announcement = announcement_repo.get_by(id=id) if announcement is None: raise abort(404) def respond(): response = dict( template='', # template='admin/update_announcement.html', title=gettext("Edit a post"), form=form) return handle_content_type(response) form = AnnouncementForm() if request.method != 'POST': ensure_authorized_to('update', announcement) form = AnnouncementForm(obj=announcement) return respond() if not form.validate(): flash(gettext('Please correct the errors'), 'error') return respond() ensure_authorized_to('update', announcement) announcement = Announcement(id=form.id.data, title=form.title.data, body=form.body.data, user_id=current_user.id) announcement_repo.update(announcement) msg_1 = gettext('Announcement updated!') flash('<i class="icon-ok"></i> ' + msg_1, 'success') return redirect_content_type(url_for('admin.announcement'))
def _create_account_Auth(user_data): new_user = model.user.User(fullname=user_data['fullname'], name=user_data['name'], email_addr=user_data['email_addr'], valid_email=True, auth_user_id=user_data['auth_user_id'], admin=False) password = GenPasswd2(8, string.digits) + GenPasswd2( 15, string.ascii_letters) new_user.set_password(password) userxemail = user_repo.get_by(email_addr=user_data['email_addr']) if userxemail: if userxemail.auth_user_id is None: new_user = userxemail new_user.auth_user_id = user_data['auth_user_id'] user_repo.update(new_user) flash(gettext(u'Bienvenido') + " " + new_user.fullname, 'success') return _sign_in_user(new_user) else: flash( gettext( u'El email ya está registrado en nuestro sistema bajo otra cuenta con otras credenciales. No ha sido posible iniciar sesión. Inicie sesión utilizando la cuenta original que uso para registrarse por primera vez con esta dirección de correo.' ), 'error') return redirect_content_type(url_for("home.home")) else: userduplicatename = user_repo.get_by_name(name=new_user.name) if userduplicatename: new_user.name = new_user.name + GenRandomString( 6, string.ascii_lowercase) user_repo.save(new_user) flash(gettext(u'Gracias por registrarte.'), 'success') return _sign_in_user(new_user)
def register(): """ Register method for creating a PYBOSSA account. Returns a Jinja2 template """ form = RegisterForm(request.body) form.project_slug.choices = get_project_choices() if request.method == 'POST' and form.validate(): account = dict(fullname=form.fullname.data, name=form.name.data, email_addr=form.email_addr.data, password=form.password.data) confirm_url = get_email_confirmation_url(account) if current_app.config.get('ACCOUNT_CONFIRMATION_DISABLED'): project_slugs=form.project_slug.data create_account(account, project_slugs=project_slugs) flash(gettext('Created user succesfully!'), 'success') return redirect_content_type(url_for("home.home")) msg = dict(subject='Welcome to %s!' % current_app.config.get('BRAND'), recipients=[account['email_addr']], body=render_template('/account/email/validate_account.md', user=account, confirm_url=confirm_url)) msg['html'] = markdown(msg['body']) mail_queue.enqueue(send_mail, msg) data = dict(template='account/account_validation.html', title=gettext("Account validation"), status='sent') return handle_content_type(data) if request.method == 'POST' and not form.validate(): flash(gettext('Please correct the errors'), 'error') data = dict(template='account/register.html', title=gettext("Register"), form=form) return handle_content_type(data)
def new(category_short_name): """Create a LibCrowds project for a given category.""" category = project_repo.get_category_by(short_name=category_short_name) if not category: # pragma: no cover abort(404) ensure_authorized_to('create', Project) templates = category.info.get('templates', []) volumes = category.info.get('volumes', []) # Check for a valid task presenter presenter = category.info.get('presenter') if presenter not in ['z3950', 'iiif-annotation']: err_msg = 'Invalid task presenter, please contact an administrator' flash(err_msg, 'error') return redirect_content_type(url_for('home.home')) form = ProjectForm(request.body) form.volume_id.choices = [(v['id'], v['name']) for v in volumes] form.template_id.choices = [(t['id'], t['name']) for t in templates] if request.method == 'POST' and form.validate(): tmpl = [t for t in templates if t['id'] == form.template_id.data][0] volume = [v for v in volumes if v['id'] == form.volume_id.data][0] handle_valid_project_form(form, tmpl, volume, category) else: # pragma: no cover flash('Please correct the errors', 'error') built_projects = get_built_projects(category) response = dict(form=form, built_projects=built_projects) return handle_content_type(response)
def delete_announcement(id): announcement = announcement_repo.get_by(id=id) if announcement is None: raise abort(404) ensure_authorized_to('delete', announcement) announcement_repo.delete(announcement) flash('<i class="icon-ok"></i> ' + 'Announcement deleted!', 'success') return redirect_content_type(url_for('admin.announcement'))
def test_redirect_content_type_json(self, mocklast, mockjsonify, mockrender, mockrequest): mockrequest.headers.__getitem__.return_value = 'application/json' mockjsonify.side_effect = myjsonify res = util.redirect_content_type('http://next.uri') err_msg = "next URI is wrong in redirction" assert res.get('next') == 'http://next.uri', err_msg err_msg = "jsonify should be called" assert mockjsonify.called, err_msg
def signout(): """ Signout PYBOSSA users. Returns a redirection to PYBOSSA home page. """ logout_user() flash(gettext('You are now signed out'), SUCCESS) return redirect_content_type(url_for('home.home'), status=SUCCESS)
def signout(): """ Signout PYBOSSA users. Returns a redirection to PYBOSSA home page. """ logout_user() flash(gettext('You are now signed out'), SUCCESS) return redirect_content_type(url_for('home.home'), status=SUCCESS)
def test_redirect_content_type_json_html(self, mockjsonify, mockrender, mockrequest): mockrequest.headers.__getitem__.return_value = 'text/html' mockjsonify.side_effect = myjsonify res = util.redirect_content_type('/') err_msg = "redirect 302 should be the response" assert res.status_code == 302, err_msg err_msg = "redirect to / should be done" assert res.location == "/", err_msg err_msg = "jsonify should not be called" assert mockjsonify.called is False, err_msg
def generate_tasks(project, import_data, template): """Generate the tasks.""" try: msg = _import_tasks(project, template, **import_data) flash(msg, 'success') except BulkImportException as err: # pragma: no cover project_repo.delete(project) flash(err.message, 'error') return redirect_content_type(url_for('home.home')) except Exception as inst: # pragma: no cover success = False current_app.logger.error(inst) print inst project_repo.delete(project) flash(str(inst), 'error') return redirect_content_type(url_for('home.home')) auditlogger.add_log_entry(None, project, current_user) task_repo.update_tasks_redundancy(project, template['min_answers']) return redirect_content_type(url_for('home.home'))
def delete_announcement(id): announcement = announcement_repo.get_by(id=id) if announcement is None: raise abort(404) ensure_authorized_to('delete', announcement) announcement_repo.delete(announcement) msg_1 = gettext('Announcement deleted!') markup = Markup('<i class="icon-ok"></i> {}') flash(markup.format(msg_1), 'success') return redirect_content_type(url_for('admin.announcement'))
def delete_announcement(id): announcement = announcement_repo.get_by(id=id) if announcement is None: raise abort(404) ensure_authorized_to('delete', announcement) announcement_repo.delete(announcement) msg_1 = gettext('Announcement deleted!') markup = Markup('<i class="icon-ok"></i> {}') flash(markup.format(msg_1), 'success') return redirect_content_type(url_for('admin.announcement'))
def test_redirect_content_type_json_html( self, mockjsonify, mockrender, mockrequest): fake_d = {'Content-Type': 'text/html'} mockrequest.headers.__getitem__.side_effect = fake_d.__getitem__ mockrequest.headers.get.side_effect = fake_d.get mockrequest.headers.__iter__.side_effect = fake_d.__iter__ mockjsonify.side_effect = myjsonify res = util.redirect_content_type('/') err_msg = "redirect 302 should be the response" assert res.status_code == 302, err_msg err_msg = "redirect to / should be done" assert res.location == "/", err_msg err_msg = "jsonify should not be called" assert mockjsonify.called is False, err_msg
def test_redirect_content_type_json_message( self, mocklast, mockjsonify, mockrender, mockrequest): mocklast.return_value = None fake_d = {'Content-Type': 'application/json'} mockrequest.headers.__getitem__.side_effect = fake_d.__getitem__ mockrequest.headers.get.side_effect = fake_d.get mockrequest.headers.__iter__.side_effect = fake_d.__iter__ mockjsonify.side_effect = myjsonify res = util.redirect_content_type('http://next.uri', status='hallo123') err_msg = "next URI is wrong in redirction" assert res.get('next') == 'http://next.uri', err_msg err_msg = "jsonify should be called" assert mockjsonify.called, err_msg err_msg = "status should exist" assert res.get('status') == 'hallo123', err_msg
def add_admin(user_id=None): """Add admin flag for user_id.""" try: if user_id: user = user_repo.get(user_id) if user: ensure_authorized_to('update', user) user.admin = True user_repo.update(user) return redirect_content_type(url_for(".users")) else: msg = "User not found" return format_error(msg, 404) except Exception as e: # pragma: no cover current_app.logger.error(e) return abort(500)
def test_redirect_content_type_json( self, mocklast, mockjsonify, mockrender, mockrequest): fake_d = {'Content-Type': 'application/json'} mockrequest.headers.__getitem__.side_effect = fake_d.__getitem__ mockrequest.headers.get.side_effect = fake_d.get mockrequest.headers.__iter__.side_effect = fake_d.__iter__ mockjsonify.side_effect = myjsonify res = util.redirect_content_type('http://next.uri') err_msg = "next URI is wrong in redirction" assert res.get('next') == 'http://next.uri', err_msg err_msg = "jsonify should be called" assert mockjsonify.called, err_msg
def start_export(name): """ Starts a export of all user data according to EU GDPR Data will be available on GET /export after it is processed """ user = user_repo.get_by_name(name) if not user: return abort(404) if user.id != current_user.id: return abort(403) ensure_authorized_to('update', user) export_queue.enqueue(export_userdata, user_id=user.id) msg = gettext('GDPR export started') flash(msg, 'success') return redirect_content_type(url_for('account.profile', name=name))
def del_admin(user_id=None): """Del admin flag for user_id.""" try: if user_id: user = user_repo.get(user_id) if user: ensure_authorized_to('update', user) user.admin = False user_repo.update(user) return redirect_content_type(url_for('.users')) else: msg = "User.id not found" return format_error(msg, 404) else: # pragma: no cover msg = "User.id is missing for method del_admin" return format_error(msg, 415) except Exception as e: # pragma: no cover current_app.logger.error(e) return abort(500)
def update_category(id): """Update a category.""" try: category = project_repo.get_category(id) if category: ensure_authorized_to('update', category) form = CategoryForm(obj=category) form.populate_obj(category) if request.method == 'GET': response = dict(template='admin/update_category.html', title=gettext('Update Category'), category=category, form=form) return handle_content_type(response) if request.method == 'POST': form = CategoryForm(request.body) if form.validate(): slug = form.name.data.lower().replace(" ", "") new_category = Category(id=form.id.data, name=form.name.data, short_name=slug) project_repo.update_category(new_category) cached_cat.reset() msg = gettext("Category updated") flash(msg, 'success') return redirect_content_type(url_for(".categories")) else: msg = gettext("Please correct the errors") flash(msg, 'success') response = dict(template='admin/update_category.html', title=gettext('Update Category'), category=category, form=form) return handle_content_type(response) else: abort(404) except HTTPException: raise except Exception as e: # pragma: no cover current_app.logger.error(e) return abort(500)
def reset_api_key(name): """ Reset API-KEY for user. Returns a Jinja2 template. """ if request.method == 'POST': user = user_repo.get_by_name(name) if not user: return abort(404) ensure_authorized_to('update', user) user.api_key = model.make_uuid() user_repo.update(user) cached_users.delete_user_summary(user.name) msg = gettext('New API-KEY generated') flash(msg, 'success') return redirect_content_type(url_for('account.profile', name=name)) else: csrf = dict(form=dict(csrf=generate_csrf())) return jsonify(csrf)
def otpvalidation(token): email = otp.retrieve_email_for_token(token) if not email: flash(gettext('Please sign in.'), 'error') return redirect_content_type(url_for('account.signin')) form = OTPForm(request.body) user_otp = form.otp.data user = user_repo.get_by(email_addr=email) current_app.logger.info('validating otp for user email: {}'.format(email)) if request.method == 'POST' and form.validate(): otp_code = otp.retrieve_user_otp_secret(email) if otp_code is not None: if otp_code == user_otp: msg = gettext('OTP verified. You are logged in to the system') flash(msg, 'success') otp.expire_token(token) return _sign_in_user(user) else: msg = gettext('Invalid one time password, a newly generated ' 'one time password was sent to your email.') flash(msg, 'error') else: msg = gettext('Expired one time password, a newly generated one ' 'time password was sent to your email.') flash(msg, 'error') current_app.logger.info(('Invalid OTP. retrieved: {}, submitted: {}, ' 'email: {}').format(otp_code, user_otp, email)) _email_two_factor_auth(user, True) form.otp.data = '' response = dict(template='/account/otpvalidation.html', title='Verify OTP', form=form, user=user.to_public_json(), next=request.args.get('next'), token=token) return handle_content_type(response)
def update_announcement(id): announcement = announcement_repo.get_by(id=id) if announcement is None: raise abort(404) def respond(): response = dict(template='admin/new_announcement.html', title=gettext("Edit a post"), form=form) return handle_content_type(response) form = AnnouncementForm() if request.method != 'POST': ensure_authorized_to('update', announcement) form = AnnouncementForm(obj=announcement) return respond() if not form.validate(): flash(gettext('Please correct the errors'), 'error') return respond() ensure_authorized_to('update', announcement) announcement = Announcement(id=form.id.data, title=form.title.data, body=form.body.data, published=form.published.data, media_url=form.media_url.data, user_id=current_user.id) announcement_repo.update(announcement) msg_1 = gettext('Announcement updated!') markup = Markup('<i class="icon-ok"></i> {}') flash(markup.format(msg_1), 'success') return redirect_content_type(url_for('admin.announcement'))
def confirm_email(): """Send email to confirm user email.""" acc_conf_dis = current_app.config.get('ACCOUNT_CONFIRMATION_DISABLED') if acc_conf_dis: return abort(404) if current_user.valid_email is False: user = user_repo.get(current_user.id) account = dict(fullname=current_user.fullname, name=current_user.name, email_addr=current_user.email_addr) confirm_url = get_email_confirmation_url(account) subject = ('Verify your email in %s' % current_app.config.get('BRAND')) msg = dict(subject=subject, recipients=[current_user.email_addr], body=render_template('/account/email/validate_email.md', user=account, confirm_url=confirm_url)) msg['html'] = render_template('/account/email/validate_email.html', user=account, confirm_url=confirm_url) mail_queue.enqueue(send_mail, msg) msg = gettext("An e-mail has been sent to \ validate your e-mail address.") flash(msg, 'info') user.confirmation_email_sent = True user_repo.update(user) return redirect_content_type(url_for('.profile', name=current_user.name))
def update_profile(name): """ Update user's profile. Returns Jinja2 template. """ user = user_repo.get_by_name(name) if not user: return abort(404) ensure_authorized_to('update', user) show_passwd_form = True if user.twitter_user_id or user.google_user_id or user.facebook_user_id or user.wechat_user_id or user.weibo_user_id: show_passwd_form = False usr = cached_users.get_user_summary(name) # Extend the values user.rank = usr.get('rank') user.score = usr.get('score') btn = request.body.get('btn', 'None').capitalize() if btn != 'Profile': update_form = UpdateProfileForm(formdata=None, obj=user) else: update_form = UpdateProfileForm(obj=user) update_form.set_locales(current_app.config['LOCALES']) avatar_form = AvatarUploadForm() password_form = ChangePasswordForm() title_msg = "Update your profile: %s" % user.fullname if request.method == 'POST': # Update user avatar succeed = False btn = request.body.get('btn', 'None').capitalize() if btn == 'Upload': succeed = _handle_avatar_update(user, avatar_form) # Update user profile elif btn == 'Profile': succeed = _handle_profile_update(user, update_form) # Update user password elif btn == 'Password': succeed = _handle_password_update(user, password_form) # Update user external services elif btn == 'External': succeed = _handle_external_services_update(user, update_form) # Otherwise return 415 else: return abort(415) if succeed: cached_users.delete_user_summary(user.name) return redirect_content_type(url_for('.update_profile', name=user.name), status=SUCCESS) else: data = dict(template='/account/update.html', form=update_form, upload_form=avatar_form, password_form=password_form, title=title_msg, show_passwd_form=show_passwd_form) return handle_content_type(data) data = dict(template='/account/update.html', form=update_form, upload_form=avatar_form, password_form=password_form, title=title_msg, show_passwd_form=show_passwd_form) return handle_content_type(data)
def signin(): """ Signin method for PYBOSSA users. Returns a Jinja2 template with the result of signing process. """ form = LoginForm(request.body) isLdap = current_app.config.get('LDAP_HOST', False) if (request.method == 'POST' and form.validate() and isLdap is False): password = form.password.data email = form.email.data user = user_repo.get_by(email_addr=email) if user and user.check_password(password): if not current_app.config.get('ENABLE_TWO_FACTOR_AUTH'): msg_1 = gettext("Welcome back") + " " + user.fullname flash(msg_1, 'success') return _sign_in_user(user) else: _email_two_factor_auth(user) url_token = otp.generate_url_token(user.email_addr) return redirect_content_type(url_for('account.otpvalidation', token=url_token, next=request.args.get('next'))) elif user: msg, method = get_user_signup_method(user) if method == 'local': msg = gettext("Ooops, Incorrect email/password") flash(msg, 'error') else: flash(msg, 'info') else: msg = gettext("Ooops, we didn't find you in the system, \ did you sign up?") flash(msg, 'info') if (request.method == 'POST' and form.validate() and isLdap): password = form.password.data cn = form.email.data ldap_user = None if ldap.bind_user(cn, password): ldap_user = ldap.get_object_details(cn) key = current_app.config.get('LDAP_USER_FILTER_FIELD') value = ldap_user[key][0] user_db = user_repo.get_by(ldap=value) if (user_db is None): keyfields = current_app.config.get('LDAP_PYBOSSA_FIELDS') user_data = dict(fullname=ldap_user[keyfields['fullname']][0], name=ldap_user[keyfields['name']][0], email_addr=ldap_user[keyfields['email_addr']][0], valid_email=True, ldap=value, consent=False) _create_account(user_data, ldap_disabled=False) else: login_user(user_db, remember=True) else: msg = gettext("User LDAP credentials are wrong.") flash(msg, 'info') if request.method == 'POST' and not form.validate(): flash(gettext('Please correct the errors'), 'error') auth = {'twitter': False, 'facebook': False, 'google': False, 'wechat': False, 'weibo' : False} if current_user.is_anonymous(): # If Twitter is enabled in config, show the Twitter Sign in button if (isLdap is False): for isp in OAuthProviders: if (isp in current_app.blueprints): # pragma: no cover auth[isp] = True response = dict(template='account/signin.html', title="Sign in", form=form, auth=auth, next=request.args.get('next')) return handle_content_type(response) else: # User already signed in, so redirect to home page return redirect_content_type(url_for("home.home"))