def gen_new_comment_admin_notification(request, article, comment):
"""
Generate new comment notification for the administrator.
"""
email = normalize_email(get_config('admin_notifications_email'))
if not email:
return None
# placeholders replacements
params = {
'site_title': get_config('site_title')
}
params.update(_extract_comment_sub(request, comment))
params.update(_extract_article_sub(request, comment.article))
n = Notification('admin_new_comment', email, params, request=request)
return n
def gen_comment_response_notification(request, article, comment, top_comment, email):
"""
Generate comment answer notification
"""
email = normalize_email(email)
if not email:
return None
# placeholders replacements
params = {
'site_title': get_config('site_title')
}
params.update(_extract_comment_sub(request, comment))
params.update(_extract_article_sub(request, article))
n = Notification('comment_response', email, params, request=request)
return n
def gen_email_verification_notification(request, email, verification_code):
"""
Generate email address verification notification.
"""
email = normalize_email(email)
if not email:
return None
# placeholders replacements
base_url = get_config('site_base_url')
q = urllib.parse.urlencode({'token': verification_code, 'email': email})
verify_url = base_url + '/verify-email?' + q
params = {
'site_title': get_config('site_title'),
'email': email,
'verify_url': verify_url
}
n = Notification('email_verification', email, params, request=request)
return n
def verify_email(request):
c = {}
fail = False
try:
email = normalize_email(request.GET['email'])
verification_code = request.GET['token']
dbsession = DBSession()
vf = dbsession.query(VerifiedEmail).filter(VerifiedEmail.email == email).first()
if vf is None or vf.verification_code != verification_code or vf.is_verified:
fail = True
else:
vf.is_verified = True
except KeyError:
fail = True
if fail:
c['result'] = _('Verification failed: email not found.')
return JSONResponse(httpcode.BadRequest, c)
else:
c['result'] = _('Email `{0}` has been confirmed.').format(email)
return c
def add_article_comment_ajax(request):
_ = request.translate
article_id = int(request.matchdict['article_id'])
dbsession = DBSession()
q = dbsession.query(Article).filter(Article.id == article_id)
user = request.user
if not user.has_role('editor') or not user.has_role('admin'):
q = q.filter(Article.is_draft==False)
article = q.first()
if article is None or not article.is_commentable:
return HTTPNotFound()
if 's' not in request.POST:
return HTTPBadRequest()
json = {}
key = request.POST['s']
# all data elements are constructed from the string "key" as substrings
body_ind = key[3:14]
parent_ind = key[4:12]
display_name_ind = key[0:5]
email_ind = key[13:25]
website_ind = key[15:21]
is_subscribed_ind = key[19:27]
for ind in (body_ind, parent_ind, display_name_ind, email_ind, website_ind):
if ind not in request.POST:
return HTTPBadRequest()
body = request.POST[body_ind]
if len(body) == 0:
return {'error': _('Empty comment body is not allowed.')}
comment = Comment()
comment.set_body(body)
user = request.user
if user.kind != 'anonymous':
comment.user_id = user.id
else:
# get "email", "display_name" and "website" arguments
comment.display_name = request.POST[display_name_ind]
comment.email = request.POST[email_ind]
comment.website = request.POST[website_ind]
# remember email, display_name and website in browser cookies
request.response.set_cookie('comment_display_name', comment.display_name, max_age=31536000)
request.response.set_cookie('comment_email', comment.email, max_age=31536000)
request.response.set_cookie('comment_website', comment.website, max_age=31536000)
# set parent comment
parent_id = request.POST[parent_ind]
try:
parent_id = int(parent_id)
except ValueError:
parent_id = None
if parent_id:
parent = dbsession.query(Comment).filter(Comment.id == parent_id)\
.filter(Comment.article_id == article_id).first()
if parent is not None:
if not parent.is_approved:
#
data = { 'error': _('Answering to not approved comment')}
return json.dumps(data)
comment.parent_id = parent_id
comment.article_id = article_id
if is_subscribed_ind in request.POST:
comment.is_subscribed = True
# this list contains notifications
ns = []
# if user has subscribed to answer then check is his/her email verified
# if doesn't send verification message to the email
if is_subscribed_ind in request.POST:
vrf_email = ''
if user.kind != 'anonymous':
vrf_email = user.email
elif request.POST[email_ind]:
vrf_email = request.POST[email_ind]
vrf_email = normalize_email(vrf_email)
if vrf_email:
# email looks ok so proceed
send_evn = False
vf = dbsession.query(VerifiedEmail).filter(VerifiedEmail.email == vrf_email).first()
vf_token = ''
if vf is not None:
if not vf.is_verified:
diff = time() - vf.last_verify_date
#if diff > 86400:
if diff > 1:
# delay between verifications requests must be more than 24 hours
send_evn = True
vf.last_verify_date = time()
vf_token = vf.verification_code
else:
send_evn = True
vf = VerifiedEmail(vrf_email)
vf_token = vf.verification_code
dbsession.add(vf)
if send_evn:
ns.append(notifications.gen_email_verification_notification(request, vrf_email, vf_token))
request.response.set_cookie('is_subscribed', 'true' if comment.is_subscribed else 'false', max_age=31536000)
# automatically approve comment if user has role "admin", "writer" or "editor"
if user.has_role('admin') or user.has_role('writer') \
or user.has_role('editor'):
comment.is_approved = True
# TODO: also automatically approve comment if it's considered as safe:
# i.e. without hyperlinks, spam etc
# check how much hyperlinks in the body string
if len(re.findall('https?://', body, flags=re.IGNORECASE)) <= 1:
comment.is_approved = True
# record commenter ip address
comment.ip_address = request.environ.get('REMOTE_ADDR', 'unknown')
comment.xff_ip_address = request.environ.get('X_FORWARDED_FOR', None)
dbsession.add(comment)
_update_comments_counters(dbsession, article)
dbsession.flush()
dbsession.expunge(comment) # remove object from the session, object state is preserved
dbsession.expunge(article)
transaction.commit() # to delete, probably
# comment added, now send notifications
loop_limit = 100
comment = dbsession.query(Comment).get(comment.id)
parent = comment.parent
admin_email = get_config('admin_notifications_email')
vf_q = dbsession.query(VerifiedEmail)
notifications_emails = []
while parent is not None and loop_limit > 0:
loop_limit -= 1
c = parent
parent = c.parent
# walk up the tree
if not c.is_subscribed:
continue
# find email
email = None
if c.user is None:
email = c.email
else:
email = c.user.email
if email is None or email == admin_email:
continue
email = normalize_email(email)
if email in notifications_emails:
continue
vf = vf_q.filter(VerifiedEmail.email == email).first()
if vf is not None and vf.is_verified:
# send notification to "email"
ns.append(notifications.gen_comment_response_notification(request, article, comment, c, email))
admin_notifications_email = normalize_email(get_config('admin_notifications_email'))
for nfn in ns:
if nfn is None:
continue
if nfn.to == admin_notifications_email:
continue
nfn.send()
# create special notification for the administrator
nfn = notifications.gen_new_comment_admin_notification(request, article, comment)
if nfn is not None:
nfn.send()
# cosntruct comment_id
# we're not using route_url() for the article because stupid Pyramid urlencodes fragments
comment_url = h.article_url(request, article) + '?commentid=' + str(comment.id)
# return rendered comment
data = {
'body': comment.rendered_body,
'approved': comment.is_approved,
'id': comment.id,
'url': comment_url
}
return data