def load_user(id): from chalicepoints.models.user import User try: return User.get(User.id == id) except: return None
def eventIdAction(id): if request.method == 'DELETE': try: event = Event.get(Event.id == id) event.delete_instance() except DoesNotExist: abort(404) return jsonify(success=1) elif request.method == 'PUT': data = request.json data['source'] = data['source']['id'] data['target'] = data['target']['id'] data.pop('type', None) if data['source'] != current_user.id and current_user.elder == 0: abort(403) target = None try: target = User.get(User.id == data['target']) except DoesNotExist: abort(403) if target.disabled and current_user.elder == 0: abort(403) data['amount'] = max(min(current_user.max_points, data['amount']), 1) event = Event(**data) event.save() return jsonify(success=1) abort(404)
def userNameAction(id): if request.method == 'GET': try: user = User.get_user(id, include_points=True) except DoesNotExist: abort(404) return Response(json.dumps(user, cls=Encoder), mimetype='application/json') elif request.method == 'PUT': if not current_user.elder: abort(403) data = request.json data['settings'] = json.dumps(data['settings']) if 'settings' in data else '{}' user = User(**data) user.save() return jsonify(success=1) elif request.method == 'DELETE': if not current_user.elder: abort(403) try: user = User.get(User.id == id) user.delete_instance() except DoesNotExist: abort(404) return jsonify(success=1)
def userNameAction(id): if request.method == 'GET': try: user = User.get_user(id, include_points=True) except DoesNotExist: abort(404) return Response(json.dumps(user, cls=Encoder), mimetype='application/json') elif request.method == 'PUT': if not current_user.elder: abort(403) data = request.json data['settings'] = json.dumps( data['settings']) if 'settings' in data else '{}' user = User(**data) user.save() return jsonify(success=1) elif request.method == 'DELETE': if not current_user.elder: abort(403) try: user = User.get(User.id == id) user.delete_instance() except DoesNotExist: abort(404) return jsonify(success=1)
def userTimelineAction(id): try: user = User.get(User.id == id) except DoesNotExist: abort(404) events = user.get_timeline() return Response(json.dumps(events, cls=Encoder), mimetype='application/json')
def mergeUser(id, target): Event.update(source=target).where(Event.source == id).execute() Event.update(target=target).where(Event.target == id).execute() try: user = User.get(User.id == id) user.delete_instance() except DoesNotExist: abort(404) return jsonify(success=1)
def eventAction(): data = request.json data.pop('id', None) if data['target'] == current_user.id: abort(403) target = User() try: target = User.get(User.id == data['target']) except DoesNotExist: abort(403) if target.disabled: abort(403) data['amount'] = max(min(current_user.max_points, int(data['amount'])), 1) event = Event(**data) event.source = current_user.id event.add() return jsonify(success=1)
def auth(): session_csrf_token = session.pop('csrf_token', None) csrf_token = request.args.get('state', None) code = request.args.get('code') if not session_csrf_token or not csrf_token: raise WebException('Missing CSRF token') if not code: raise WebException('Missing authorization code') if csrf_token != session_csrf_token: raise WebException('CSRF Token Mismatch') flow = OAuth2WebServerFlow( client_id=current_app.config['GOOGLE_API_CLIENT_ID'], client_secret=current_app.config['GOOGLE_API_CLIENT_SECRET'], scope=current_app.config['GOOGLE_API_SCOPE'], redirect_uri=current_app.config['SITE_URL'] + '/auth') credentials = flow.step2_exchange(code) http = credentials.authorize(httplib2.Http()) id_token = credentials.id_token if not validate_id_token(id_token): raise WebException('Invalid ID Token') (headers, content) = http.request('https://www.googleapis.com/oauth2/v3/userinfo', 'GET') if headers['status'] != '200': raise WebException('Unable to retrieve user info', 500) try: userinfo = json.loads(content) except ValueError: raise WebException('Unable to parse user info', 500) email = string.lower(userinfo['email']) try: user = User.get(User.email == email) user.name = userinfo['name'] user.save() except DoesNotExist: user = User() user.name = userinfo['name'] user.email = email user.api_key = str(uuid4()) user.gravatar = hashlib.md5(email.strip().lower()).hexdigest() user.url = id_token['sub'] user.save() if not user: raise WebException('Unable to upsert user', 500) login_user(user) return redirect(url_for('site.index'))