def debug_login(): action = flask.request.args.get('action', None) if action == 'make': email = flask.request.args.get('email', '') try: user = models.User.objects(email=email).get() except: helpers.api_error(code=404, message='Invalid email') t = models.Ticket(user=user) t.save() dialog = open('./dialogs/utility-auth.txt', 'r').read() print(dialog.format(colorama, user, t)) return helpers.api_success() elif action == 'confirm': token = flask.request.args.get('token', None) ticket = models.Ticket.objects(id=token).get() user = ticket.user flask_login.login_user(user, fresh=True) return helpers.api_success() elif action == 'release': flask_login.logout_user() return helpers.api_success() else: helpers.api_error(code=400, message='Invalid utility-auth action')
def user_login(): """Log a user in and return their information""" uname = flask.request.args['username'].lower() passw = flask.request.args['password'] # Try and find the user user = None try: user = models.Provider.objects(username=uname).get() except DoesNotExist: return helpers.api_error( code=401, data='username', message='Username does not exist' ) # Check the password if user.password != passw: return helpers.api_error( code=401, data='password', message='Password is incorrect' ) # Log them in! flask_login.login_user(user) return helpers.api_success(data=user)
def api_document_put(document_name, document_id): '''Make changes to an existing document and save it to the database''' user = helpers.user_required(1) model = models.model_get(document_name) # get the dictionary of arguments args = flask.request.get_json() # get the document document = None try: document = model.objects.get(id=document_id) except mongoengine.errors.ValidationError: return helpers.api_error(message='No document found', code=404) # iterate through the args and screen them if args: for arg_name in args: print('PROCESSING ARG_NAME', arg_name) print('VALUE', args[arg_name]) # update the document and return a success document.update(**args) document.reload() if document._after_put(user): document.save() return helpers.api_success(message='Document updated.')
def api_document_post(document_name): '''Create a new document and insert it into the database''' user = helpers.user_required(1) model = models.model_get(document_name) # get the dictionary of arguments args = flask.request.get_json() # filter out fields based on access level try: for field_name in model._blacklist_postput[user.access]: args.pop(field_name, None) except IndexError: pass # some types need extra processing (e.g., datetime fields) model_fields = model._fields for arg_name in args: value = args[arg_name] if isinstance(model_fields.get(arg_name, None), mongoengine.fields.DateTimeField): args[arg_name] = dateutil.parser.parse(value) # put together the new document new = model(**args) # some models need special handling, so make sure to call the 'after' func new._after_post(user) # now save it and return it new.save() return helpers.api_success(data=new)
def api_image_upload(): # Require a user be logged in user = helpers.user_required() # Get the uploaded file from flask upload_file = flask.request.files['file'] # Determine the new S3 filename upload_id = uuid.uuid4().hex s3_path_full = upload_id + '.jpg' s3_path_thumb = upload_id + '_thumb.jpg' # Process the image into full and thumbnail variants image_full, image_thumb = image.process_image(upload_file) # Write both to buffer and upload them to S3 buffer_full = io.BytesIO() image_full.save(buffer_full, format='JPEG') s3_connection.upload(s3_path_full, buffer_full, 'clarityapp') buffer_thumb = io.BytesIO() image_thumb.save(buffer_thumb, format='JPEG') s3_connection.upload(s3_path_thumb, buffer_thumb, 'clarityapp') # return the final wallpaper document return helpers.api_success(data=upload_id)
def api_document_delete(document_name, document_id): """Delete an existing document from the database""" user = helpers.user_required(1) model = models.model_get(document_name) # get the document document = None try: document = model.objects.get(id=document_id) except mongoengine.errors.ValidationError: return helpers.api_error(message='No document found', code=404) # delete it! document.delete() return helpers.api_success(message='Document deleted.')
def user_get(): """Return the currently logged in user's information (or not).""" return helpers.api_success(data=helpers.user_required())
def api_document_get_by_id(document_name, document_id): """Get one specific document instance from an ID""" user = helpers.user_get() model = models.model_get(document_name) return helpers.api_success(data=model.objects.get(id=document_id))
def api_document_get(document_name): '''Query the database''' user = helpers.user_get() model = models.model_get(document_name) # filter the args args_listable = ['__order', '__field'] args_query = {} args_other = {} args = flask.request.args for arg_name in args: if arg_name.startswith('__'): if arg_name in args_listable: args_other[arg_name] = args.getlist(arg_name) else: args_other[arg_name] = args[arg_name] else: args_query[arg_name] = args[arg_name] # convert booleans model_fields = model._fields for arg_name in args_query: value = args_query[arg_name] if isinstance(model_fields.get(arg_name, None), mongoengine.fields.BooleanField): if value == 'true': args_query[arg_name] = True elif value == 'false': args_query[arg_name] = False else: raise ValueError('you dun fuked up') # args_query[arg_name] = True if value == 'true' else False # get the ball rolling, so to speak query = model.objects(**args_query) # We have to establish the access level of the user access_level = None # Check for anonymity, because anons won't have access fields if user.is_anonymous: access_level = 0 else: access_level = user.access # Exclude the blacklisted fields for field_name in model._blacklist_get.get(access_level, []): query = query.exclude(field_name) # sort the query if applicable if '__order' in args_other: query = query.order_by(*args_other['__order']) # limit the results offset = int(args_other.get('__offset', 0)) if offset: query = query.skip(offset) length = int(args_other.get('__length', 32)) query = query.limit(length) # perform a text search if necessary if '__search' in args_other: query = query.search_text(args_other['__search']) # filter out unwanted fields if '__field' in args_other: query = query.scalar(*args_other['__field']) # return the results # return helpers.api_success(list(query)) return helpers.api_success(data={ 'list': list(query), 'count': query.count() })
def user_logout(): """Log a user out. That's it.""" helpers.user_required() flask_login.logout_user() return helpers.api_success()