def successful_login(self, user, assumed_by=None):
login_rec = model.Login(user)
login_rec.successful = True
login_rec.session_id = str(uuid.uuid4())
login_rec.assumed_by = assumed_by
#session_id = "session_id:{}".format(login_rec.session_id)
session_id_signature = actual_hmac_creation(login_rec.session_id)
session_id_signed = login_rec.session_id + ":" + session_id_signature
logger.debug("session_id_signed:", session_id_signed)
session = dict(login_time = time.time(),
user_id = user.id,
user_email_address = user.email_address)
key = UserSession.cookie_name + ":" + login_rec.session_id
logger.debug("Key when signing:", key)
Redis.hmset(key, session)
if self.remember_me:
expire_time = self.remember_time
else:
expire_time = THREE_DAYS
Redis.expire(key, expire_time)
db_session.add(login_rec)
db_session.commit()
return session_id_signed
def add_traits(self, params, collection_name):
print("---> params are:", params.keys())
print(" type(params):", type(params))
if collection_name=="Default":
uc = g.user_session.user_ob.get_collection_by_name("Default")
# Doesn't exist so we'll create it
if not uc:
return create_new("Default")
else:
uc = model.UserCollection.query.get(params['existing_collection'])
members = uc.members_as_set() #set(json.loads(uc.members))
len_before = len(members)
traits = process_traits(params['traits'])
members_now = list(members | traits)
len_now = len(members_now)
uc.members = json.dumps(members_now)
uc.changed_timestamp = datetime.datetime.utcnow()
db_session.commit()
print("added to existing, now set is:" + str(uc.members))
report_change(len_before, len_now)
# Probably have to change that
return redirect(url_for('view_collection', uc_id=uc.id))
def remove_traits():
params = request.form
print("params are:", params)
if "uc_id" in params:
uc_id = params['uc_id']
uc = model.UserCollection.query.get(uc_id)
traits_to_remove = params.getlist('traits[]')
print("traits_to_remove are:", traits_to_remove)
traits_to_remove = process_traits(traits_to_remove)
print("\n\n after processing, traits_to_remove:", traits_to_remove)
all_traits = uc.members_as_set()
print(" all_traits:", all_traits)
members_now = all_traits - traits_to_remove
print(" members_now:", members_now)
print("Went from {} to {} members in set.".format(len(all_traits), len(members_now)))
uc.members = json.dumps(list(members_now))
uc.changed_timestamp = datetime.datetime.utcnow()
db_session.commit()
else:
members_now = AnonCollection().remove_traits(params)
# We need to return something so we'll return this...maybe in the future
# we can use it to check the results
return str(len(members_now))
def add_traits(self, params, collection_name):
print("---> params are:", params.keys())
print(" type(params):", type(params))
if collection_name == "Default":
uc = g.user_session.user_ob.get_collection_by_name("Default")
# Doesn't exist so we'll create it
if not uc:
return create_new("Default")
else:
uc = model.UserCollection.query.get(params['existing_collection'])
members = uc.members_as_set() #set(json.loads(uc.members))
len_before = len(members)
traits = process_traits(params['traits'])
members_now = list(members | traits)
len_now = len(members_now)
uc.members = json.dumps(members_now)
uc.changed_timestamp = datetime.datetime.utcnow()
db_session.commit()
print("added to existing, now set is:" + str(uc.members))
report_change(len_before, len_now)
# Probably have to change that
return redirect(url_for('view_collection', uc_id=uc.id))
def password_reset_step2():
logger.debug("in password_reset request.url is:", request.url)
errors = []
user_encode = request.form['user_encode']
verification_code, separator, hmac = user_encode.partition(':')
hmac_verified = actual_hmac_creation(verification_code)
logger.debug("locals are:", locals())
assert hmac == hmac_verified, "Someone has been naughty"
user = DecodeUser.actual_get_user(ForgotPasswordEmail.key_prefix, verification_code)
logger.debug("user is:", user)
password = request.form['password']
set_password(password, user)
db_session.commit()
flash("Password changed successfully. You can now sign in.", "alert-info")
response = make_response(redirect(url_for('login')))
return response
def password_reset_step2():
logger.debug("in password_reset request.url is:", request.url)
errors = []
user_encode = request.form['user_encode']
verification_code, separator, hmac = user_encode.partition(':')
hmac_verified = actual_hmac_creation(verification_code)
logger.debug("locals are:", locals())
assert hmac == hmac_verified, "Someone has been naughty"
user = DecodeUser.actual_get_user(ForgotPasswordEmail.key_prefix,
verification_code)
logger.debug("user is:", user)
password = request.form['password']
set_password(password, user)
db_session.commit()
flash("Password changed successfully. You can now sign in.", "alert-info")
response = make_response(redirect(url_for('login')))
return response
def successful_login(self, user, assumed_by=None):
login_rec = model.Login(user)
login_rec.successful = True
login_rec.session_id = str(uuid.uuid4())
login_rec.assumed_by = assumed_by
#session_id = "session_id:{}".format(login_rec.session_id)
session_id_signature = actual_hmac_creation(login_rec.session_id)
session_id_signed = login_rec.session_id + ":" + session_id_signature
logger.debug("session_id_signed:", session_id_signed)
session = dict(login_time=time.time(),
user_id=user.id,
user_email_address=user.email_address)
key = UserSession.cookie_name + ":" + login_rec.session_id
logger.debug("Key when signing:", key)
Redis.hmset(key, session)
if self.remember_me:
expire_time = self.remember_time
else:
expire_time = THREE_DAYS
Redis.expire(key, expire_time)
db_session.add(login_rec)
db_session.commit()
return session_id_signed
def remove_traits():
params = request.form
print("params are:", params)
if "uc_id" in params:
uc_id = params['uc_id']
uc = model.UserCollection.query.get(uc_id)
traits_to_remove = params.getlist('traits[]')
print("traits_to_remove are:", traits_to_remove)
traits_to_remove = process_traits(traits_to_remove)
print("\n\n after processing, traits_to_remove:", traits_to_remove)
all_traits = uc.members_as_set()
print(" all_traits:", all_traits)
members_now = all_traits - traits_to_remove
print(" members_now:", members_now)
print("Went from {} to {} members in set.".format(
len(all_traits), len(members_now)))
uc.members = json.dumps(list(members_now))
uc.changed_timestamp = datetime.datetime.utcnow()
db_session.commit()
else:
members_now = AnonCollection().remove_traits(params)
# We need to return something so we'll return this...maybe in the future
# we can use it to check the results
return str(len(members_now))
def add_to_existing():
params = request.args
print("---> params are:", params.keys())
print(" type(params):", type(params))
uc = model.UserCollection.query.get(params['existing_collection'])
members = set(json.loads(uc.members))
len_before = len(members)
traits = process_traits(params['traits'])
members_now = list(members | traits)
len_now = len(members_now)
uc.members = json.dumps(members_now)
uc.changed_timestamp = datetime.datetime.utcnow()
db_session.commit()
print("added to existing, now set is:" + str(uc.members))
new_length = len_now - len_before
if new_length:
flash("We've added {} to your collection.".format(
numify(new_length, 'new trait', 'new traits')))
else:
flash("No new traits were added.")
return redirect(url_for('view_collection', uc_id=uc.id))
def delete_collection():
params = request.form
print("params:", params)
if g.user_session.logged_in:
uc_id = params['uc_id']
if len(uc_id.split(":")) > 1:
for this_uc_id in uc_id.split(":"):
uc = model.UserCollection.query.get(this_uc_id)
collection_name = uc.name
db_session.delete(uc)
db_session.commit()
else:
uc = model.UserCollection.query.get(uc_id)
# Todo: For now having the id is good enough since it's so unique
# But might want to check ownership in the future
collection_name = uc.name
db_session.delete(uc)
db_session.commit()
else:
collection_name = params['collection_name']
user_manager.AnonUser().delete_collection(collection_name)
flash("We've deleted the collection: {}.".format(collection_name), "alert-info")
return redirect(url_for('list_collections'))
def __init__(self, kw):
self.thank_you_mode = False
self.errors = []
self.user = Bunch()
self.user.email_address = kw.get('email_address', '').strip()
if not (5 <= len(self.user.email_address) <= 50):
self.errors.append(
'Email Address needs to be between 5 and 50 characters.')
self.user.full_name = kw.get('full_name', '').strip()
if not (5 <= len(self.user.full_name) <= 50):
self.errors.append(
'Full Name needs to be between 5 and 50 characters.')
self.user.organization = kw.get('organization', '').strip()
if self.user.organization and not (5 <= len(self.user.organization) <=
50):
self.errors.append(
'Organization needs to be empty or between 5 and 50 characters.'
)
password = str(kw.get('password', ''))
if not (6 <= len(password)):
self.errors.append('Password needs to be at least 6 characters.')
if kw.get('password_confirm') != password:
self.errors.append("Passwords don't match.")
if self.errors:
return
logger.debug("No errors!")
set_password(password, self.user)
self.user.registration_info = json.dumps(basic_info(), sort_keys=True)
self.new_user = model.User(**self.user.__dict__)
db_session.add(self.new_user)
try:
db_session.commit()
except sqlalchemy.exc.IntegrityError:
# This exception is thrown if the email address is already in the database
# To do: Perhaps put a link to sign in using an existing account here
self.errors.append(
"An account with this email address already exists. "
"Click the button above to sign in using an existing account.")
return
logger.debug("Adding verification email to queue")
#self.send_email_verification()
VerificationEmail(self.new_user)
logger.debug("Added verification email to queue")
self.thank_you_mode = True
def make_superuser():
super_only()
params = request.args
user_id = params['user_id']
user = model.User.query.get(user_id)
superuser_info = basic_info()
superuser_info['crowned_by'] = g.user_session.user_id
user.superuser = json.dumps(superuser_info, sort_keys=True)
db_session.commit()
flash("We've made {} a superuser!".format(user.name_and_org))
return redirect(url_for("manage_users"))
def make_superuser():
super_only()
params = request.args
user_id = params['user_id']
user = model.User.query.get(user_id)
superuser_info = basic_info()
superuser_info['crowned_by'] = g.user_session.user_id
user.superuser = json.dumps(superuser_info, sort_keys=True)
db_session.commit()
flash("We've made {} a superuser!".format(user.name_and_org))
return redirect(url_for("manage_users"))
def verify_email():
user = DecodeUser(VerificationEmail.key_prefix).user
user.confirmed = json.dumps(basic_info(), sort_keys=True)
db_session.commit()
# As long as they have access to the email account
# We might as well log them in
session_id_signed = LoginUser().successful_login(user)
response = make_response(render_template("new_security/thank_you.html"))
response.set_cookie(UserSession.cookie_name, session_id_signed)
return response
def verify_email():
user = DecodeUser(VerificationEmail.key_prefix).user
user.confirmed = json.dumps(basic_info(), sort_keys=True)
db_session.commit()
# As long as they have access to the email account
# We might as well log them in
session_id_signed = LoginUser().successful_login(user)
response = make_response(render_template("new_security/thank_you.html"))
response.set_cookie(UserSession.cookie_name, session_id_signed)
return response
def import_traits_to_user(self):
collections_list = json.loads(Redis.get(self.key))
for collection in collections_list:
uc = model.UserCollection()
uc.name = collection['name']
collection_exists = g.user_session.user_ob.get_collection_by_name(uc.name)
if collection_exists:
continue
else:
uc.user = g.user_session.user_id
uc.members = json.dumps(collection['members'])
db_session.add(uc)
db_session.commit()
def import_traits_to_user(self):
collections_list = json.loads(Redis.get(self.key))
for collection in collections_list:
uc = model.UserCollection()
uc.name = collection['name']
collection_exists = g.user_session.user_ob.get_collection_by_name(uc.name)
if collection_exists:
continue
else:
uc.user = g.user_session.user_id
uc.members = json.dumps(collection['members'])
db_session.add(uc)
db_session.commit()
def delete_collection():
params = request.form
print("params:", params)
uc_id = params['uc_id']
uc = model.UserCollection.query.get(uc_id)
# Todo: For now having the id is good enough since it's so unique
# But might want to check ownership in the future
collection_name = uc.name
db_session.delete(uc)
db_session.commit()
flash("We've deletet the collection: {}.".format(collection_name), "alert-info")
return redirect(url_for('list_collections'))
def __init__(self, kw):
self.thank_you_mode = False
self.errors = []
self.user = Bunch()
self.user.email_address = kw.get('email_address', '').strip()
if not (5 <= len(self.user.email_address) <= 50):
self.errors.append('Email Address needs to be between 5 and 50 characters.')
self.user.full_name = kw.get('full_name', '').strip()
if not (5 <= len(self.user.full_name) <= 50):
self.errors.append('Full Name needs to be between 5 and 50 characters.')
self.user.organization = kw.get('organization', '').strip()
if self.user.organization and not (5 <= len(self.user.organization) <= 50):
self.errors.append('Organization needs to be empty or between 5 and 50 characters.')
password = str(kw.get('password', ''))
if not (6 <= len(password)):
self.errors.append('Password needs to be at least 6 characters.')
if kw.get('password_confirm') != password:
self.errors.append("Passwords don't match.")
if self.errors:
return
logger.debug("No errors!")
set_password(password, self.user)
self.user.registration_info = json.dumps(basic_info(), sort_keys=True)
self.new_user = model.User(**self.user.__dict__)
db_session.add(self.new_user)
try:
db_session.commit()
except sqlalchemy.exc.IntegrityError:
# This exception is thrown if the email address is already in the database
# To do: Perhaps put a link to sign in using an existing account here
self.errors.append("An account with this email address already exists. "
"Click the button above to sign in using an existing account.")
return
logger.debug("Adding verification email to queue")
#self.send_email_verification()
VerificationEmail(self.new_user)
logger.debug("Added verification email to queue")
self.thank_you_mode = True
def delete_collection():
params = request.form
print("params:", params)
uc_id = params['uc_id']
uc = model.UserCollection.query.get(uc_id)
# Todo: For now having the id is good enough since it's so unique
# But might want to check ownership in the future
collection_name = uc.name
db_session.delete(uc)
db_session.commit()
flash("We've deletet the collection: {}.".format(collection_name),
"alert-info")
return redirect(url_for('list_collections'))
def create_new(collection_name):
params = request.args
uc = model.UserCollection()
uc.name = collection_name
print("user_session:", g.user_session.__dict__)
uc.user = g.user_session.user_id
unprocessed_traits = params['traits']
traits = process_traits(unprocessed_traits)
uc.members = json.dumps(list(traits))
print("traits are:", traits)
db_session.add(uc)
db_session.commit()
print("Created: " + uc.name)
return redirect(url_for('view_collection', uc_id=uc.id))
def create_new(collection_name):
params = request.args
uc = model.UserCollection()
uc.name = collection_name
print("user_session:", g.user_session.__dict__)
uc.user = g.user_session.user_id
unprocessed_traits = params['traits']
traits = process_traits(unprocessed_traits)
uc.members = json.dumps(list(traits))
print("traits are:", traits)
db_session.add(uc)
db_session.commit()
print("Created: " + uc.name)
return redirect(url_for('view_collection', uc_id=uc.id))
def __init__(self, kw):
self.thank_you_mode = False
self.errors = []
self.user = Bunch()
self.user.email_address = kw.get('email_address', '').strip()
if not (5 <= len(self.user.email_address) <= 50):
self.errors.append('Email Address needs to be between 5 and 50 characters.')
self.user.full_name = kw.get('full_name', '').strip()
if not (5 <= len(self.user.full_name) <= 50):
self.errors.append('Full Name needs to be between 5 and 50 characters.')
self.user.organization = kw.get('organization', '').strip()
if self.user.organization and not (5 <= len(self.user.organization) <= 50):
self.errors.append('Organization needs to be empty or between 5 and 50 characters.')
password = str(kw.get('password', ''))
if not (6 <= len(password)):
self.errors.append('Password needs to be at least 6 characters.')
if kw.get('password_confirm') != password:
self.errors.append("Passwords don't match.")
if self.errors:
return
print("No errors!")
set_password(password, self.user)
self.user.registration_info = json.dumps(basic_info(), sort_keys=True)
self.new_user = model.User(**self.user.__dict__)
db_session.add(self.new_user)
db_session.commit()
print("Adding verification email to queue")
#self.send_email_verification()
VerificationEmail(self.new_user)
print("Added verification email to queue")
self.thank_you_mode = True
def create_new(collection_name):
params = request.args
unprocessed_traits = params['traits']
traits = process_traits(unprocessed_traits)
if g.user_session.logged_in:
uc = model.UserCollection()
uc.name = collection_name
print("user_session:", g.user_session.__dict__)
uc.user = g.user_session.user_id
uc.members = json.dumps(list(traits))
db_session.add(uc)
db_session.commit()
return redirect(url_for('view_collection', uc_id=uc.id))
else:
current_collections = user_manager.AnonUser().get_collections()
ac = AnonCollection(collection_name)
ac.changed_timestamp = datetime.datetime.utcnow().strftime('%b %d %Y %I:%M%p')
ac.add_traits(params)
return redirect(url_for('view_collection', collection_id=ac.id))
def create_new(collection_name):
params = request.args
unprocessed_traits = params['traits']
traits = process_traits(unprocessed_traits)
if g.user_session.logged_in:
uc = model.UserCollection()
uc.name = collection_name
print("user_session:", g.user_session.__dict__)
uc.user = g.user_session.user_id
uc.members = json.dumps(list(traits))
db_session.add(uc)
db_session.commit()
return redirect(url_for('view_collection', uc_id=uc.id))
else:
current_collections = user_manager.AnonUser().get_collections()
ac = AnonCollection(collection_name)
ac.changed_timestamp = datetime.datetime.utcnow().strftime('%b %d %Y %I:%M%p')
ac.add_traits(params)
return redirect(url_for('view_collection', collection_id=ac.id))
def unsuccessful_login(self, user):
login_rec = model.Login(user)
login_rec.successful = False
db_session.add(login_rec)
db_session.commit()
def unsuccessful_login(self, user):
login_rec = model.Login(user)
login_rec.successful = False
db_session.add(login_rec)
db_session.commit()