예제 #1
0
def add_user():
    try:
        email = request.form.get('email')
        password = request.form.get('password')
        client_id = request.form.get('client_id')

        try:
            client = Client.objects.get(client_id=client_id)
        except DoesNotExist:
            logging.info("Client not found.")
            return abort(400)

        if not client.has_password_credential_permission:
            return abort(400)

        salt = gen_salt(40)
        hashed_password = hashlib.sha512(password + salt).hexdigest()
        user = User(
            email=email,
            password=hashed_password,
            salt=salt
        )
        user.save()
        return jsonify({"user": user.to_mongo()})
    except NotUniqueError:
        logging.info("Duplicate user.")
        return abort(400)
    except TypeError:
        return abort(400)
    except Exception as e:
        logging.error(e.args[0])
        return abort(500)
예제 #2
0
def signup():
    if not missing_session(): return go_user_home()

    form = SignupForm()

    if form.validate_on_submit():
        user = User(email=form.email.data,
                    username=form.username.data,
                    password=form.password.data)

        if form.avatar.data is not None:
            user.avatar = form.save_avatar()

        try:
            user.save()

            create_session(user)

            return redirect(url_for('user.profile', user_id=user.id))
        except Exception as e:
            field = str(e).split('.')[2].split('[')[0]

            flash('Please choose a unique ' + field, 'error')

    return render_template('user/signup.html', form=form, session=session)
예제 #3
0
def register():
    """
    Register a new user with the backend
    
    Example:
    --------
    curl -k -L -XPOST -i -H "Content-Type:application/x-www-form-urlencoded" -d "[email protected]&password=jay" https:/webpool.csf.asu.edu/pysalrest/user/register/
    
    """
    print request.form
    print type(request.form)
    email = request.form.get('email')
    password = request.form.get('password')
    name = email.split('@')[0]
    user = User(name=name, email=email)
    user.hashpwd(password)
    db.session.add(user)
    db.session.commit()

    token = user.generate_auth_token()
    uid = user.id

    return jsonify({
        'username': user.name,
        'token': token.decode('ascii'),
        'uid': uid
    })
예제 #4
0
def user_create():
    req = request.get_json(force=True)

    user = User.query.filter_by(email=req['email']).first()

    # === request checking ===
    # email used
    if user:
        return jsonify({'message': 'This email has been used'}), 400
    # required fields
    if not req.keys() >= {'username', 'email', 'password'}:
        return jsonify({
            'message':
            'Fields \'username\', \'email\' and \'password\' required'
        }), 400

    user = User(username=req['username'], email=req['email'])
    user.set_password(req['password'])

    db.session.add(user)
    db.session.commit()

    res = make_response({'id': user.id, 'message': 'Success'})

    return res, 200
예제 #5
0
def login():
    form = LoginForm()
    if request.method == 'POST':
        if form.validate_on_submit():
            email = request.form.get('email')
            password = request.form.get('password')

            token = api.get_token(email, password)['access_token']

            res = api.get('/user/', token=token)

            user_id = res['user']['_id']
            email = res['user']['email']

            user = User(user_id)
            user.email = email

            session[str(user_id)] = user

            login_user(user)

            next = request.args.get('next')

            if not next_is_valid(next):
                return abort(401)
            return redirect(next or url_for('user.user'))
        return abort(400)
    return render_template('auth/login.html', form=form)
예제 #6
0
def load_user(username, password, client, request, *args, **kwargs):
    if re.match(r"[^@]+@[^@]+\.[^@]+", username):
        if not client.has_password_credential_permission:
            return None
        try:
            user = User.objects.get(email=username)
        except DoesNotExist:
            logging.info("User not found.")
            return None
        if not user.validate_password(password):
            return None

        return user
    elif username.isdigit():
        if not client.has_facebook_credential_permission:
            return None

        try:
            facebook = Facebook(password)
            me = facebook.get('/me', params={'fields': 'id,name,email,link'})
        except client.OAuthException:
            return None
        except Exception as e:
            logging.error(e)
            return None

        try:
            user = User.objects.get(facebook_id=username)
            user.facebook_access_token = password
            user.save()
        except DoesNotExist:
            facebook_id = me['id']
            email = me['email']
            name = me['name']
            user = User(
                facebook_id=facebook_id,
                email=email,
                name=name,
                facebook_access_token=password,
                password=None,
                salt=None,
            )
            user.save()

        return user
    else:
        logging.warning("Username not recognized.")
        return None
예제 #7
0
파일: views.py 프로젝트: JackNeus/lampPost
def edit_event(id):
    if not request.is_json:
        return gen_error_response("Request was not JSON.")
    try:
        data = request.get_json()
    except Exception as e:
        return gen_failure_response("Request was malformatted.")

    # Make sure creator matches authorized user.
    try:
        event = controller.get_event(id)

        if event is None:
            return gen_error_response(event_dne_text)
        user = User.get_user_in_token(request)
        if user is None:
            return gen_error_response("Invalid authorization.")
        if user.netid != event.creator:
            return gen_error_response(
                "Attempted to edit event for different user.")
        if controller.is_banned(user):
            return gen_error_response(banned_text)

        updated_event = controller.edit_event(id, data)
    except Exception as e:
        return gen_error_response(error_handler.main_handler(e))

    if updated_event is None:
        return gen_error_response(event_dne_text)
    return gen_data_response(get_raw_event(updated_event))
예제 #8
0
파일: views.py 프로젝트: JackNeus/lampPost
def delete_event(id):
    try:
        event = controller.get_event(id)

        if event is None:
            return gen_error_response("No event with that id exists.")

        # Make sure it is the creator that is deleting the event.
        event_creator_netid = controller.get_event_creator(id)
        try:
            user = User.get_user_in_token(request)
            if user is None:
                return gen_error_response("Invalid authorization.")
            if user.netid != event_creator_netid:
                return gen_error_response(
                    "Attempted to delete event for different user.")
        except AuthorizationError:
            return gen_error_response("Invalid authorization.")

        event = controller.delete_event(id)
        if event is None:
            return gen_error_response(event_dne_text)
        return gen_data_response(get_raw_event(event))
    except Exception as e:
        return gen_error_response(error_handler.main_handler(e))
예제 #9
0
파일: views.py 프로젝트: JackNeus/lampPost
def remove_event_fav(userid, eventid):
    try:
        event = controller.get_event(eventid)
        user = controller.get_user_by_uid(userid)
        if event is None:
            return gen_error_response("No event with that id exists.")
        elif user is None:
            return gen_error_response("No user with that id exists.")

        # Make sure favoriter matches authorized user.
        try:
            token_user = User.get_user_in_token(request)
            if token_user is None or token_user.netid != user.netid:
                return gen_error_response(
                    "Attempted to remove a favorite for different user.")
        except AuthorizationError:
            return gen_error_response("Invalid authorization.")

        if eventid in user.favorites:
            controller.remove_user_favorite(user, eventid)
        else:
            return gen_error_response(
                "You can't un-favorite an event that isn't in your favorites!")
        return gen_data_response(event.favorites)
    except Exception as e:
        return gen_error_response(error_handler.main_handler(e))
예제 #10
0
파일: views.py 프로젝트: JackNeus/lampPost
def get_user_in_token(request):
    user = None
    try:
        user = User.get_user_in_token(request)
    except AuthorizationError:
        pass
    return user
예제 #11
0
파일: views.py 프로젝트: JackNeus/lampPost
def add_event():
    if not request.is_json:
        return gen_error_response("Request was not JSON.")

    try:
        data = request.get_json()
        if isinstance(data, str):
            # TODO: better error message
            return gen_failure_response("Request must be JSON, not string.")
    except:
        return gen_error_response("Request was malformatted.")

    try:
        # Check that the correct parameters have been given.
        missing_fields = get_missing_fields(data)
        if len(missing_fields) > 0:
            return gen_error_response("Request was missing %s parameter(s)." %
                                      ",".join(missing_fields))

        # Make sure creator matches authorized user.
        user = User.get_user_in_token(request)
        if user is None:
            return gen_error_response("Invalid authorization.")
        if user.netid != data["creator"]:
            return gen_error_response(
                "Attempted to create event for different user.")
        if controller.is_banned(user):
            return gen_error_response(banned_text)

        # Try to add new event.
        new_event = controller.add_event(data)
        # Return id of newly added event.
        return gen_data_response({"id": str(new_event.id)})
    except Exception as e:
        return gen_error_response(error_handler.main_handler(e))
예제 #12
0
def verify_password(username_or_token, password):
    print username_or_token
    user = User.verify_auth_token(username_or_token)
    if not user:
        user = User.query.filter_by(email=username_or_token).first()
        if not user or not user.verifypwd(password):
            return False
    g.user = user
    return True
예제 #13
0
파일: views.py 프로젝트: JackNeus/lampPost
def verify_token(token):
    # TODO: Make this less scary.
    if CONFIG["DEBUG"] and CONFIG["BYPASS_API_AUTH"]:
        return True

    user = User.verify_auth_token(token)
    if user is None:
        return False
    return True
예제 #14
0
def register():
	form = RegistrationForm()
	if form.validate_on_submit():
		user = User(email = form.email.data, username = form.username.data, password = form.password.data)
		db.session.add(user)
		db.session.commit()
		flash("You have succesfully registered! You may now login")
		return redirect(url_for('mod_auth.login'))
	return render_template('mod_auth/register.html',form = form, title = "Register")
예제 #15
0
def facebook_authorized():
    resp = facebook.authorized_response()
    if resp is None:
        # return 'Access denied: reason=%s error=%s' % (
        #     request.args['error_reason'],
        #     request.args['error_description']
        # )
        return abort(401)
    if isinstance(resp, OAuthException):
        # return 'Access denied: %s' % resp.message
        return abort(401)

    access_token = resp['access_token']

    session['facebook_token'] = (access_token, '')
    try:
        me = facebook.get('/me?fields=id')
        facebook_id = me.data['id']

        token = api.get_token(facebook_id, access_token)['access_token']

        res = api.get('/user/', token=token)

        user_id = res['user']['_id']
        email = res['user']['email']

        user = User(user_id)
        user.email = email

        login_user(user)
        session[str(user_id)] = user
    except client.OAuthException:
        return abort(401)

    # client_id = request.args.get('client_id')
    # scope = request.args.get('scope')
    # redirect_uri = request.args.get('redirect_uri')
    # response_type = request.args.get('response_type')

    return redirect(request.args.get('next'))
예제 #16
0
def patch_files():
    res = {}

    try:
        id = request.args.get('id')
        current_id = str(session['user_id'])

        file = request.files['files[0]']
        file_type = mime(file).split('/')[0]

        if file_type == 'image' and current_id == id:
            user = User.lookup_id(id)

            filename = secure_filename(file.filename)
            parts = filename.split('.')
            filename = '.'.join(parts[:-1]) + str(current_id) + '.' + parts[-1]

            destination = os.path.join(app.config['UPLOAD_FOLDER'],
                                       'avatars/' + filename)
            file.save(destination)

            old_avatar = user.avatar
            user.avatar = filename
            user.update()

            try:
                if old_avatar != 'default.png':
                    target = os.path.join(app.config['UPLOAD_FOLDER'],
                                          'avatars/' + old_avatar)
                    os.remove(target)
            except Exception:
                pass

            res = {'upload_success': True}
        elif current_id == id:
            res = {'upload_success': False, 'error': 'Invalid file type'}
        else:
            res = {
                'upload_success': False,
                'error':
                "You do not have permission to change this user's avatar"
            }

    except Exception:
        res = {
            'upload_success': False,
            'error': 'There was an error uploading your file'
        }

    return res, 200
예제 #17
0
def post():
    form = request.json
    res = {}

    try:
        user = User(email=form.get('email'),
                    username=form.get('username'),
                    first_name=form.get('first_name'),
                    last_name=form.get('last_name'),
                    password=form.get('password'),
                    instructor=form.get('instructor'),
                    admin=False)
        user.save()

        global session
        session, res = gen_session(user, session)
    except Exception as e:
        try:
            res = {'error': 'Please choose a unique ' + get_field(e.orig)}
        except Exception:
            res = {'error': 'There was an error creating your account'}

    return jsonify(res), 200
예제 #18
0
def delete():
    id = request.args.get('id')
    user = User.lookup_id(id)
    res = {}
    status = 200

    if user and id == str(session['user_id']):
        try:
            user.delete()
            res = {'data': user}
        except Exception:
            res = {'error': 'Error deleting user'}
            status = 500

    return jsonify(res), status
예제 #19
0
def oauth_callback(provider):
    if not current_user.is_anonymous():
        return redirect(url_for('user.index'))
    oauth = OAuthSignIn.get_provider(provider)
    social_id, username, email = oauth.callback()
    if social_id is None:
        flash('Authentication failed.')
        return redirect(url_for('user.index'))
    user = User.query.filter_by(social_id=social_id).first()
    if not user:
        user = User(social_id=social_id, nickname=username, email=email)
        db.session.add(user)
        db.session.commit()
    login_user(user, True)
    return redirect(url_for('api_root'))
예제 #20
0
def login():
    if not missing_session(): return go_user_home()

    form = LoginForm(request.form)

    if form.validate_on_submit():
        user = User.find_by_email_or_username(form.emailOrUsername.data)

        if user and user.password == form.password.data:
            create_session(user)

            return redirect(url_for('user.profile', user_id=user.id))

        flash('Wrong username or password', 'error')

    return render_template('user/login.html', form=form, session=session)
예제 #21
0
def patch():
    user = User.lookup_id(request.args.get('id'))
    form = request.json
    res = {}

    if user:
        del form['avatar']
        user = assign(form, user)

        try:
            user.update()
            res = {'data': user.as_dict()}
        except Exception:
            res = {'error': 'There was an error updating your account'}

    return jsonify(res), 200
예제 #22
0
def get():
    try:
        id = int(request.args.get('id'))
        user = User.lookup_id(id)
        res = {}

        if user:
            user = user.as_dict()

            if session.get('user_id') != id:
                del user['email']
                del user['password']

            res = {'data': user}

    except Exception as e:
        res = {'error': 'There was an error finding this user'}

    return jsonify(res), 200
예제 #23
0
    def save(self, warned):
        credentials = User.lookup_id(self.user_id)
        prerequisites = Course.lookup_id(self.course_id).prerequisites

        conflict = None
        if not warned:

            for prerequisite in prerequisites:
                matched = [
                    c for c in credentials
                    if c.id == prerequisite.credential_id
                ]

                if matched.length == 0:
                    conflict = prerequisite.id
                    break

        if conflict:
            return "Missing prerequisite: " + Credential.lookup_id(
                conflict).name
        else:
            Base.save(self)
예제 #24
0
def auth():
    form = request.json
    if form is None:
        form = {}

    res = {}

    try:
        identifier = form.get('identifier')
        password = form.get('password')
        user = User.lookup(identifier)

        if user and user.password == password:
            global session
            session, res = gen_session(user, session)
        else:
            res = {'error': 'Incorrect credentials'}
    except Exception as e:
        res = {'error': 'There was an error logging you in' + str(e)}

    out = jsonify(res)

    return out, 200
예제 #25
0
파일: views.py 프로젝트: JackNeus/lampPost
def get_favorites(userid):
    try:
        user = controller.get_user_by_uid(userid)
        if user is None:
            return gen_error_response("No user with that id exists.")

        # Make sure caller matches authorized user.
        try:
            token_user = User.get_user_in_token(request)
            if token_user is None or token_user.netid != user.netid:
                return gen_error_response(
                    "Attempted to get a different user's favorites.")
        except AuthorizationError:
            return gen_error_response("Invalid authorization.")

        try:
            events = controller.get_favorite_events(user.favorites)
            events = [get_raw_event(event) for event in events]
            return gen_data_response(events)
        except Exception as e:
            return gen_error_response(error_handler.main_handler(e))
    except Exception as e:
        return gen_error_response(error_handler.main_handler(e))
예제 #26
0
파일: views.py 프로젝트: JackNeus/lampPost
def report_event(eventid):
    try:
        if not request.is_json:
            return gen_error_response("Request was not JSON.")

        try:
            data = request.get_json()
        except Exception as e:
            return gen_error_response("JSON was malformatted.")

        if "reason" not in data:
            return gen_error_response("Request was missing field 'reason'.")

        try:
            user = User.get_user_in_token(request)
            report = controller.add_report(user, data["reason"], eventid)
        except RateError as e:
            return gen_error_response(str(e))

        return gen_data_response(report)
    except ValidationError as e:
        return gen_error_response(str(e))
    except Exception as e:
        return gen_error_response(error_handler.main_handler(e))
예제 #27
0
파일: views.py 프로젝트: JackNeus/lampPost
def add_event_fav(userid, eventid):
    try:
        event = controller.get_event(eventid)
        user = controller.get_user_by_uid(userid)
        if event is None:
            return gen_error_response("No event with that id exists.")
        elif user is None:
            return gen_error_response("No user with that id exists.")

        # Make sure favoriter matches authorized user.
        try:
            token_user = User.get_user_in_token(request)
            if token_user is None or token_user.netid != user.netid:
                return gen_error_response(
                    "Attempted to add a favorite for different user.")
        except AuthorizationError:
            return gen_error_response("Invalid authorization.")

        if eventid not in user.favorites:
            controller.add_user_favorite(user, eventid)
        return gen_data_response(
            event.favorites)  # need to return something or views gets angry
    except Exception as e:
        return gen_error_response(error_handler.main_handler(e))
예제 #28
0
파일: views.py 프로젝트: JackNeus/lampPost
def get_created_events(userid, include_past):
    try:
        user = controller.get_user_by_uid(userid)
        if user is None:
            return gen_error_response("No user with that id exists.")

        # Make sure creator matches authorized user.
        try:
            token_user = User.get_user_in_token(request)
            if token_user is None or token_user.netid != user.netid:
                return gen_error_response(
                    "Attempted to get created events for different user.")
        except AuthorizationError:
            return gen_error_response("Invalid authorization.")
        if isinstance(include_past, str):
            # include_past defaults to True when an invalid value is passed.
            include_past = include_past != "False"
        events = controller.get_events_by_creator(str(user.netid),
                                                  include_past)
        events = [get_raw_event(event) for event in events]

        return gen_data_response(events)
    except Exception as e:
        return gen_error_response(error_handler.main_handler(e))
def is_admin(id):
    user = User.lookup_id(id)

    return user.admin
예제 #30
0
def missing_session():
    return not User.matches_id(id())