def install_rootuser(request):
# requires an admin
user = users.get_current_user()
if not user:
return http.HttpResponseRedirect(users.create_login_url('/install'))
else:
if not users.is_current_user_admin():
return http.HttpResponseRedirect('/')
try:
root_user = api.actor_get(api.ROOT, settings.ROOT_NICK)
except:
root_user = None
if request.POST:
try:
logging.warning('Making root user: %s', settings.ROOT_NICK)
validate.nonce(request, 'create_root')
root_user = api.user_create_root(api.ROOT)
return util.RedirectFlash('/install', 'Root user created')
except:
exception.handle_exception(request)
redirect_to = '/'
c = template.RequestContext(request, locals())
t = loader.get_template('rootuser.html')
return http.HttpResponse(t.render(c))
def test_good_nonces(self):
fake_user = "******"
action = "some_action"
nonce = util.create_nonce(fake_user, action)
params = {"_nonce": nonce}
validate.nonce(test_util.FakeRequest(user=fake_user, post=params), action)
validate.nonce(test_util.FakeRequest(user=fake_user, get=params), action)
def test_slightly_old_nonces(self):
fake_user = "******"
action = "some_action"
nonce = util.create_nonce(fake_user, action, offset=-1)
validate.nonce(test_util.FakeRequest(user=fake_user, post={"_nonce": nonce}), action)
old_nonce = util.create_nonce(fake_user, action, offset=-2)
def _old_nonce():
validate.nonce(test_util.FakeRequest(user=fake_user, post={"_nonce": old_nonce}), action)
self.assertRaises(exception.ValidationError, _old_nonce)
def join_welcome_contacts(request):
"""
if we have an access token for this user attempt to fetch the contacts
else if we have a request token attempt to get an access token
if we have neither
if we are trying to authorize, grab a request token and redirect to authorize page
else
show the page
"""
redirect_to = request.REQUEST.get("redirect_to", "/")
next = "/welcome/done"
# these are for the find more contacts bits
start_index = int(request.REQUEST.get("index", 1))
max = 100
token = request.REQUEST.get("token")
contacts_more = int(request.REQUEST.get("contacts_more", 0))
# this won't be seen unless contacts_more is positive,
# so no worries about the possible negative value
contacts_so_far = contacts_more - 1
try:
if not settings.GOOGLE_CONTACTS_IMPORT_ENABLED:
raise exception.FeatureDisabledError("Google Contacts import is currently disabled")
if "lookup_remote_contacts" in request.POST:
validate.nonce(request, "lookup_remote_contacts")
next_url = util.qsa(
util.here(request),
{
"redirect_to": redirect_to,
"upgrade_auth_token": "",
"_nonce": util.create_nonce(request.user, "upgrade_auth_token"),
},
)
auth_url = google_contacts.auth_sub_url(next_url)
return http.HttpResponseRedirect(auth_url)
elif "actor_add_contacts" in request.POST:
validate.nonce(request, "actor_add_contacts")
targets = request.POST.getlist("targets")
owner = request.POST.get("owner", "")
rv = api.actor_add_contacts(request.user, owner, targets)
next_url = util.qsa(
util.here(request),
{"redirect_to": redirect_to, "contacts_more": contacts_more, "index": start_index, "token": token},
)
return util.RedirectFlash(next_url, "Contacts added.")
elif "upgrade_auth_token" in request.GET:
validate.nonce(request, "upgrade_auth_token")
auth_token = google_contacts.auth_sub_token_from_request(request)
session_token = google_contacts.upgrade_to_session_token(auth_token)
next_url = util.qsa(
util.here(request),
{
"redirect_to": redirect_to,
"fetch_contacts": "",
"token": session_token.get_token_string(),
"_nonce": util.create_nonce(request.user, "fetch_contacts"),
},
)
return http.HttpResponseRedirect(next_url)
elif "fetch_contacts" in request.REQUEST:
validate.nonce(request, "fetch_contacts")
# start_index and max are gathered above
session_token = google_contacts.auth_sub_token_from_request(request)
# check for the "My Contacts" group, otherwise, fetch it
my_contacts = memcache.client.get("%s/my_contacts" % token)
if not my_contacts:
my_contacts = google_contacts.get_system_group(session_token, "Contacts")
memcache.client.set("%s/my_contacts" % token, my_contacts)
rv, more = google_contacts.get_contacts_emails(session_token, group=my_contacts, index=start_index, max=max)
contacts = []
for name, email in rv:
logging.info('looking up "%s" %s', name, email)
contacts.append(api.actor_lookup_email(request.user, email))
contacts = [x for x in contacts if x]
# for the template
contacts_found = True
contacts_more = more
contacts_so_far = contacts_more - 1
token = session_token.get_token_string()
contacts_emails = rv
# if no contacts were found and more are available, try some more
if not contacts and contacts_more:
next_url = util.qsa(
util.here(request),
{
"fetch_contacts": "",
"contacts_more": contacts_more,
"index": contacts_more,
"token": token,
"_nonce": util.create_nonce(request.user, "fetch_contacts"),
"redirect_to": redirect_to,
},
)
# TODO(termie): this can take a really long time, probably not really
# viable until we can do it with javascript
# return util.MetaRefresh(next_url, message='Still working...', second=1)
# return http.HttpResponseRedirect(next_url)
except:
exception.handle_exception(request)
# set the progress
welcome_photo = True
welcome_mobile = True
view = request.user
page = "contacts"
area = "welcome"
c = template.RequestContext(request, locals())
t = loader.get_template("welcome_%s.html" % page)
return http.HttpResponse(t.render(c))
def _old_nonce():
validate.nonce(test_util.FakeRequest(user=fake_user, post={"_nonce": old_nonce}), action)
def _notany_nonce():
validate.nonce(test_util.FakeRequest(user=None, post={"_nonce": notany_nonce}), action)
def _notme_nonce():
validate.nonce(test_util.FakeRequest(user="******", post={"_nonce": notme_nonce}), action)
def _madeup_nonce():
validate.nonce(test_util.FakeRequest(user=fake_user, post={"_nonce": "TEST"}), action)
def actor_settings(request, nick, page='index'):
""" just a static page that links to the rest"""
nick = clean.nick(nick)
view = api.actor_lookup_nick(api.ROOT, nick)
handled = common_views.handle_view_action(
request,
{
'activation_activate_mobile': view.url('/settings/mobile'),
'activation_request_email': view.url('/settings/email'),
'activation_request_mobile': view.url('/settings/mobile'),
'settings_change_notify': view.url('/settings/notifications'),
'settings_change_privacy': request.path,
'settings_update_account': view.url('/settings/profile'),
'actor_remove': '/logout',
#'oauth_remove_consumer': request.path,
#'oauth_remove_access_token': request.path
}
)
if handled:
return handled
# TODO(tyler/termie): This conflicts with the global settings import.
# Also, this seems fishy. Do none of the settings.* items work in templates?
import settings
# TODO(tyler): Merge this into handle_view_action, if possible
if 'password' in request.POST:
try:
validate.nonce(request, 'change_password')
password = request.POST.get('password', '')
confirm = request.POST.get('confirm', '')
validate.password_and_confirm(password, confirm, field = 'password')
api.settings_change_password(request.user, nick, password)
response = util.RedirectFlash(view.url() + '/settings/password',
'password updated')
request.user.password = password
# TODO(mikie): change when cookie-auth is changed
user.set_user_cookie(response, request.user)
return response
except:
exception.handle_exception(request)
if page == 'feeds':
try:
if not settings.FEEDS_ENABLED:
raise exception.DisabledFeatureError('Feeds are currently disabled')
except:
exception.handle_exception(request)
if page == 'photo':
redirect_to = view.url() + '/settings/photo'
handled = common_views.common_photo_upload(request, redirect_to)
if handled:
return handled
area = 'settings'
full_page = page.capitalize()
if page == 'mobile':
full_page = 'Mobile Number'
mobile = api.mobile_get_actor(request.user, request.user.nick)
sms_notify = view.extra.get('sms_notify', False)
elif page == 'im':
full_page = 'IM Address'
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get('im_notify', False)
elif page == 'index':
email = api.email_get_actor(request.user, view.nick)
email_notify = view.extra.get('email_notify', False)
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get('im_notify', False)
elif page == 'feeds':
full_page = 'Web Feeds'
elif page == 'email':
full_page = 'Email Address'
email_notify = view.extra.get('email_notify', False)
# check if we already have an email
email = api.email_get_actor(request.user, view.nick)
# otherwise look for an unconfirmed one
if not email:
unconfirmeds = api.activation_get_actor_email(api.ROOT, view.nick)
if unconfirmeds:
unconfirmed_email = unconfirmeds[0].content
elif page == 'design':
handled = common_views.common_design_update(request, nick)
if handled:
return handled
full_page = 'Look and Feel'
elif page == 'notifications':
email = api.email_get_actor(request.user, view.nick)
email_notify = view.extra.get('email_notify', False)
im_address = api.im_get_actor(request.user, view.nick)
im_notify = view.extra.get('im_notify', False)
mobile = api.mobile_get_actor(request.user, request.user.nick)
sms_notify = view.extra.get('sms_notify', False)
sms_confirm = sms_notify and not view.extra.get('sms_confirmed', False)
# TODO(termie): remove this once we can actually receive sms
sms_confirm = False
elif page == 'profile':
# check if we already have an email
email = api.email_get_actor(request.user, view.nick)
# otherwise look for an unconfirmed one
if not email:
unconfirmeds = api.activation_get_actor_email(api.ROOT, view.nick)
if unconfirmeds:
unconfirmed_email = unconfirmeds[0].content
elif page == 'photo':
avatars = display.DEFAULT_AVATARS
small_photos = api.image_get_all_keys(request.user, view.nick, size='f')
# TODO(tyler): Fix this avatar nonsense!
own_photos = [{
'path' : small_photo.key().name(),
'name' : small_photo.key().name()[len('image/'):-len('_f.jpg')],
} for small_photo in small_photos
]
elif page == 'privacy':
PRIVACY_PUBLIC = api.PRIVACY_PUBLIC
PRIVACY_CONTACTS = api.PRIVACY_CONTACTS
elif page == 'jsbadge':
full_page = 'Javascript Badges'
elif page == 'badge':
badges = [{'id': 'badge-stream',
'width': '200',
'height': '300',
'src': '%sglobal/themes/%s/badge.swf' % (settings.MEDIA_URL, settings.DEFAULT_THEME),
'title': 'Stream',
},
{'id': 'badge-map',
'width': '200',
'height': '255',
'src': '%sglobal/themes/%s/badge-map.swf' % (settings.MEDIA_URL, settings.DEFAULT_THEME),
'title': 'Map',
},
{'id': 'badge-simple',
'width': '200',
'height': '200',
'src': '%sglobal/themes/%s/badge-simple.swf' % (settings.MEDIA_URL, settings.DEFAULT_THEME),
'title': 'Simple',
},
]
elif page in ['password', 'delete']:
# Catch for remaining pages before we generate a 404.
pass
else:
return common_views.common_404(request)
# rendering
c = template.RequestContext(request, locals())
t = loader.get_template('settings_%s.html' % page)
return http.HttpResponse(t.render(c))