def complete_auth(request, auth_toks): # create a twython object with our request-specific tokens # these tokens are used only to learn if the user accepted our request # for permissions. tmp_twit = Twython( twitter_token=request.registry.settings['twitter.app_key'], twitter_secret=request.registry.settings['twitter.app_secret'], oauth_token=auth_toks['oauth_token'], oauth_token_secret=auth_toks['oauth_token_secret']) final_toks = tmp_twit.get_authorized_tokens() # create a session-permanent twython object containing the permanent tokens for this user. # this object must be used to read any data from the user's account. u_twit = Twython( twitter_token=request.registry.settings['twitter.app_key'], twitter_secret=request.registry.settings['twitter.app_secret'], oauth_token=final_toks['oauth_token'], oauth_token_secret=final_toks['oauth_token_secret']) request.session['u_twit'] = u_twit username = "******".format(final_toks['oauth_token']) screen_name = final_toks['screen_name'] # check if user already exists; if not, please create try: u = users.get_user_by_name(username) #@TODO: add something to ensure we are in sync with the twitter profile picture # unless specifically overridden by the user except sqlalchemy.orm.exc.NoResultFound: u = users.create_user(origination='twitter', username=username, remote_object=final_toks) import urllib2 image_data = urllib2.urlopen( "http://api.twitter.com/1/users/profile_image/{0}.json".format( screen_name)) orig_filename = "{0}-twitter-pic.png".format(screen_name) up_dir = request.registry.settings['user.picture_upload_directory'] u.picture = users.add_user_picture(orig_filename, str(u.id)[:7], up_dir, image_data) dbsession.add(u) return {'final_toks': final_toks, 'u': u}
def complete_auth(request, auth_toks): # create a twython object with our request-specific tokens # these tokens are used only to learn if the user accepted our request # for permissions. tmp_twit = Twython(twitter_token = request.registry.settings['twitter.app_key'], twitter_secret = request.registry.settings['twitter.app_secret'], oauth_token = auth_toks['oauth_token'], oauth_token_secret = auth_toks['oauth_token_secret']) final_toks = tmp_twit.get_authorized_tokens() # create a session-permanent twython object containing the permanent tokens for this user. # this object must be used to read any data from the user's account. u_twit = Twython(twitter_token = request.registry.settings['twitter.app_key'], twitter_secret = request.registry.settings['twitter.app_secret'], oauth_token = final_toks['oauth_token'], oauth_token_secret = final_toks['oauth_token_secret']) request.session['u_twit'] = u_twit username = "******".format(final_toks['oauth_token']) screen_name = final_toks['screen_name'] # check if user already exists; if not, please create try: u = users.get_user_by_name(username) #@TODO: add something to ensure we are in sync with the twitter profile picture # unless specifically overridden by the user except sqlalchemy.orm.exc.NoResultFound: u = users.create_user(origination='twitter', username=username, remote_object=final_toks) import urllib2 image_data = urllib2.urlopen("http://api.twitter.com/1/users/profile_image/{0}.json".format(screen_name)) orig_filename = "{0}-twitter-pic.png".format(screen_name) up_dir = request.registry.settings['user.picture_upload_directory'] u.picture = users.add_user_picture(orig_filename, str(u.id)[:7], up_dir, image_data) dbsession.add(u) return {'final_toks': final_toks, 'u': u}
def ban(request): r = request s = request.session p = s['safe_post'] if 'logged_in_admin' not in s or s['logged_in_admin'] == False: return HTTPNotFound() if 'ip' in p: if p['ip'].strip() == '': ip = None else: ip = p['ip'] if p['username'].strip() == '': username = None user_id = None else: username = p['username'] if p['duration'].strip() == 'infinite': duration = None else: duration = "timedelta({0})".format(p['duration']) duration = eval(duration) if username: user_id = users.get_user_by_name(username).id b = Ban(ip=ip, username=username, duration=duration, user_id=user_id, added_by=s['users.id']) dbsession = DBSession() dbsession.add(b) bans = general.list_bans() return {'bans': bans}
def test_get_user_by_name(self): u = users.create_user(username = '******', password='******') res = users.get_user_by_name(u.name) assert u.id == res.id
def login(request): #@FIXME: this uses a request handling method with success with which I was experimenting # it is not used elsewhere and is a pain to read and write # success = False causes a page to stop drawing and "error out" # some error conditions therefore don't set success to false because it's more convenient # to draw the rest of the page. # # someone should adapt this to be less success-centric and read less branchy. s = request.session success = True # check for facebook login, provided by Facebook's JS SDK try: fb_cookie = fb.extract_from_cookie(request) try: u = users.get_user_by_name(fb_cookie['local_username']) except sqlalchemy.orm.exc.NoResultFound: u = fb.create_local_user(fb_cookie['info'], fb_cookie['local_username'], request=request) try: users.login_user(request, u, None, bypass_password=True) except LoginAdapterExc: pass except LoginAdapterExc: pass if 'logout' in request.session['safe_params']: if 'logged_in' in s: del s['logged_in'] del s['users.id'] if 'u_fbgraph' in s: del s['u_fbgraph'] del s['u_fbinfo'] if 'u_twit' in s: del s['u_twit'] s['message'] = "You have been logged out, thanks." success = True else: s['message'] = "You are not logged in." success = True else: logged_in = False if 'logged_in' in s: s['message'] = "You are already logged in." logged_in = True else: if 'message' not in s: if 'last_login_status' in s: s['message'] = s['last_login_status'] del s['last_login_status'] else: s['message'] = "Please log in." p = request.session['safe_post'] prm = request.session['safe_params'] username = None if 'username' in prm: username = general.strip_all_html(prm['username']) if p: dbsession = DBSession() if request.session['safe_get']['act'] == 'register': if logged_in: try: u = users.get_user_by_id(s['users.id']) if u.temporary: users.create_user(temp_to_perm=True, extant_id=s['users.id'], username=username, password=p['password'], email=p['email'], origination='site') s['message'] = "Your anonymous profile has been converted, thanks." else: s['message'] = "You can't register while you're logged in." except sqlalchemy.exc.IntegrityError: s['message'] = "This username is already registered, sorry." dbsession.rollback() else: try: users.create_user(username=username, password=p['password'], email=p['email'], origination='site') s['message'] = "Successfully registered." success = True except sqlalchemy.exc.IntegrityError: s['message'] = "This username is already registered, sorry." success = False dbsession.rollback() elif request.session['safe_get']['act'] == 'update_pw': if p['new_password'] != p['new_password_confirm']: s['message'] = 'New password doesn\'t match confirmation, please try again.' else: u = None if s['logged_in_admin']: if 'user_id' in prm: u = users.get_user_by_id(prm['user_id']) if u == None: u = users.get_user_by_id(s['users.id']) if u.verify_pw(p['old_password']) or s['logged_in_admin']: u.password = u.hash_pw(p['new_password']) dbsession.add(u) s['message'] = 'Password updated.' success = True else: s['message'] = 'Old password invalid.' elif request.session['safe_get']['act'] == 'forgot_pass': user = users.get_user_by_email(p['email']) if not user: s['message'] = "That email isn't registered" else: s['message'] = "Check your mail for a confirmation message." users.send_lost_password_verify_email(request, user) else: try: u = users.get_user_by_name(username) try: users.login_user(request, u, p['password']) s['message'] = "Good, logged in" success = True return HTTPFound(request.route_url('post')) except LoginAdapterExc: s['message'] = "Incorrect password." success = False except sqlalchemy.orm.exc.NoResultFound: s['message'] = "Sorry, I don't know you." success = False return { 'success': success, }
def test_get_user_by_name(self): u = users.create_user(username='******', password='******') res = users.get_user_by_name(u.name) assert u.id == res.id
def get_epistle_by_recipient_name(name): user = users.get_user_by_name(name) return get_epistle_by_recipient_id(user.id)
def get_epistle_by_sender_name(name): user = users.get_user_by_name(name) return get_epistle_by_sender_id(user.id)
def epistle(request): message = '' dbsession = DBSession() s = request.session p = request.session['safe_post'] if 'logged_in' not in s: s['message'] = 'Sorry, you must be logged in to use the messaging feature.' return {'success': False, 'code': 'ENOLOGIN'} if p and 'recipient' in p: if p['recipient'] == '' and p['recipient-name'] == '': s['message'] = "No recipient provided." return {'code': 'ENORECP', 'success': False} if p['recipient'] == '': # look up recipient-name try: recp = users.get_user_by_name(p['recipient-name']) except sqlalchemy.orm.exc.NoResultFound: #@TODO: discuss facebook name sending implications s['message'] = "Could not find that user." return {'code': 'ENORECP', 'success': False} else: try: recp = users.get_user_by_id(p['recipient']) except: s['message'] = "Could not find that user." return {'code': 'ENORECP', 'success': False} if p['subject'] == '': subject = None else: subject = p['subject'] if 'parent_id' not in p or p['parent_id'] == '': parent_id = None parent_type = 'epistle' else: parent_id = p['parent_id'] parent_obj = general.find_by_id(parent_id) if isinstance(parent_obj, Comment): parent_type = 'comment' c = Comment(parent_obj.submission_id, s['users.id'], parent_obj.id, p['body'], in_reply_to = parent_obj.user_id) dbsession.add(c) else: parent_type = 'reply' if parent_type != 'comment': ep = Epistle(recp.id, s['users.id'], p['body'], parent=parent_id, parent_type=parent_type, subject=subject) dbsession.add(ep) message = 'Message sent.' box = request.matchdict['box'] if box == 'in': comments = epistle_queries.get_unread_comments_by_user_id(s['users.id']) elif box == 'comments': comments = epistle_queries.get_read_comments_by_user_id(s['users.id']) else: comments = [] if box != 'comments': ep = epistle_queries.get_epistle_roots(id=s['users.id'], target=box) epistle_children = {} for e in ep: e_id = str(e.id) epistle_children[e_id] = epistle_queries.get_epistle_children(e.id) flat_eps = [] [flat_eps.append(e) for e in _unwrap_list(ep)] [flat_eps.append(e) for e in _unwrap_list(epistle_children.values())] for e in flat_eps: if str(e.recipient) == s['users.id']: epistle_queries.mark_epistle_read(e) e = _assign_epistle_parent(e) for c in comments: epistle_queries.mark_comment_read(c) else: ep = {} epistle_children = {} return {'epistles': {'roots': ep, 'children': epistle_children}, 'comments': comments, 'success': True, 'code': 0,}
def epistle(request): message = '' dbsession = DBSession() s = request.session p = request.session['safe_post'] if 'logged_in' not in s: s['message'] = 'Sorry, you must be logged in to use the messaging feature.' return {'success': False, 'code': 'ENOLOGIN'} if p and 'recipient' in p: if p['recipient'] == '' and p['recipient-name'] == '': s['message'] = "No recipient provided." return {'code': 'ENORECP', 'success': False} if p['recipient'] == '': # look up recipient-name try: recp = users.get_user_by_name(p['recipient-name']) except sqlalchemy.orm.exc.NoResultFound: #@TODO: discuss facebook name sending implications s['message'] = "Could not find that user." return {'code': 'ENORECP', 'success': False} else: try: recp = users.get_user_by_id(p['recipient']) except: s['message'] = "Could not find that user." return {'code': 'ENORECP', 'success': False} if p['subject'] == '': subject = None else: subject = p['subject'] if 'parent_id' not in p or p['parent_id'] == '': parent_id = None parent_type = 'epistle' else: parent_id = p['parent_id'] parent_obj = general.find_by_id(parent_id) if isinstance(parent_obj, Comment): parent_type = 'comment' c = Comment(parent_obj.submission_id, s['users.id'], parent_obj.id, p['body'], in_reply_to=parent_obj.user_id) dbsession.add(c) else: parent_type = 'reply' if parent_type != 'comment': ep = Epistle(recp.id, s['users.id'], p['body'], parent=parent_id, parent_type=parent_type, subject=subject) dbsession.add(ep) message = 'Message sent.' box = request.matchdict['box'] if box == 'in': comments = epistle_queries.get_unread_comments_by_user_id( s['users.id']) elif box == 'comments': comments = epistle_queries.get_read_comments_by_user_id(s['users.id']) else: comments = [] if box != 'comments': ep = epistle_queries.get_epistle_roots(id=s['users.id'], target=box) epistle_children = {} for e in ep: e_id = str(e.id) epistle_children[e_id] = epistle_queries.get_epistle_children(e.id) flat_eps = [] [flat_eps.append(e) for e in _unwrap_list(ep)] [flat_eps.append(e) for e in _unwrap_list(epistle_children.values())] for e in flat_eps: if str(e.recipient) == s['users.id']: epistle_queries.mark_epistle_read(e) e = _assign_epistle_parent(e) for c in comments: epistle_queries.mark_comment_read(c) else: ep = {} epistle_children = {} return { 'epistles': { 'roots': ep, 'children': epistle_children }, 'comments': comments, 'success': True, 'code': 0, }