def purchase_do(request, product): if not product: raise Http404("Product cannot be found") if UserProduct.get_product(auth.get_current_user(request), product): return render_to_response('store/details.html', {'p': product, 'msg': "You already own this application - to associate with a different device please contact support or use another account."}, RequestContext(request)) if request.method == "POST": form = PurchaseForm(data=request.POST) if form.is_valid(): data = form.cleaned_data pin = data["pin"] email = data["email"] user = auth.get_current_user(request) user.preferred_email = email user.put() else: return render_to_response('store/purchase_info.html', { 'form': form }, RequestContext(request)) else: pin = request.GET.get("pin", None) email = auth.get_current_user(request).preferred_email if not (pin and email): form = PurchaseForm(data={'email': email, 'pin': pin}) return render_to_response('store/purchase_info.html', { 'form': form, 'product': product }, RequestContext(request)) tx = PaypalRequest.prepare(product, auth.get_current_user(request), pin) return render_to_response('store/purchase.html', {'product': product, 'pin': pin, 'txid': tx.key() }, RequestContext(request))
def get(self): user = get_current_user(self.request) if (user.permissions == wmodels.DEACTIVATED_USER or user.permissions == wmodels.PENDING_USER): self.redirect('/') return item_id = ndb.Key(urlsafe=self.request.get('item_id')) item = item_id.get() item = findUpdatedItem(item_id) user = get_current_user(self.request) template = JINJA_ENVIRONMENT.get_template('templates/edit_item.html') page = template.render({'item': item, 'user':user}) page = page.encode('utf-8') self.response.write(validateHTML(page))
def post(self): user = get_current_user(self.request) l = ndb.Key(urlsafe=self.request.get('list')).get() if l.owner == user.key: l.public = self.request.get('public') == 'public' l.put() self.redirect('/view_list?list=' + l.key.urlsafe())
def createSpot(request): user = auth.get_current_user(request) all_clear = False if request.method == 'POST': spot_form = forms.SpotForm(request.POST, {'author': user}) constraint_form = forms.SpotConstraintForm(request.POST) if constraint_form.is_valid() and spot_form.is_valid(): constraint_keys = saveConstraint(constraint_form.cleaned_data) spot = spot_form.save() spot.author = user AutoRetry(spot).put() connectConstraintsAndSpot(constraint_keys, spot.key()) all_clear = True else: spot_form = forms.SpotForm() constraint_form = forms.SpotConstraintForm() if all_clear: return HttpResponseRedirect(reverse('traffic_log.listSpots')) return render_to_response('traffic_log/create_edit_spot.html', context(spot=spot_form, constraint_form=constraint_form, Author=user, formaction="/traffic_log/spot/create/"), context_instance=RequestContext(request))
def post(self): user = get_current_user(self.request) name = self.request.get('name') public = self.request.get('public') == 'public' l = List(name=name, owner=user.key, public=public) k = l.put() self.redirect('/view_lists')
def show_product(): productId = int(request.args.get('productId')) form = ProductForm(request.form) product = Product.query.get(productId) dto = ProductDetailDTO(product) if request.method == 'POST': if not get_current_user().isAdmin: return Response('', status=401) if form.validate(): product = Product.query.get(productId) product.price = form.price.data product.name = form.name.data if form.hidden.data == "1": photo = request.files['photo'] photo.save(os.getenv('photo_dir') + fr'\{product.code}.jpg') db.session.commit() return flask.redirect(url_for('products')) return render_template('product.html', product=dto, form=form) form.price.default = product.price form.name.default = product.name form.process() return render_template('product.html', product=dto, form=form)
def post(self): if get_current_user(self.request).permissions == "Standard user": self.redirect('/') return if self.request.get('revert') == "True": selected_item = ndb.Key(urlsafe=self.request.get('item_id')) si = selected_item.get() si.approved = True si.outdated = False si.child = None si.put() discarded_item = ndb.Key(urlsafe=self.request.get('newest_id')) while discarded_item != selected_item: next_item = discarded_item.parent() discarded_item.delete() discarded_item = next_item else: item = ndb.Key(urlsafe=self.request.get('item_id')).get() for thing in item.suggested_edits: thing.delete() item.suggested_edits = [] item.approved = True item.put() #sleep(0.1) self.redirect('/review_edits')
def createSpot(request): user = auth.get_current_user(request) all_clear = False if request.method == 'POST': spot_form = forms.SpotForm(request.POST, {'author':user}) constraint_form = forms.SpotConstraintForm(request.POST) if constraint_form.is_valid() and spot_form.is_valid(): constraint_keys = saveConstraint(constraint_form.cleaned_data) spot = spot_form.save() spot.author = user AutoRetry(spot).put() connectConstraintsAndSpot(constraint_keys, spot.key()) all_clear = True else: spot_form = forms.SpotForm() constraint_form = forms.SpotConstraintForm() if all_clear: return HttpResponseRedirect(reverse('traffic_log.listSpots')) return render_to_response('traffic_log/create_edit_spot.html', context(spot=spot_form, constraint_form=constraint_form, Author=user, formaction="/traffic_log/spot/create/" ), context_instance=RequestContext(request))
def filter_entities(entity, entitiesList): """ Return the list entities filtered if privateData is on for the entities. """ onlyUsersEntities = False if auth_enabled: # If auth_enabled is true, getting the current user becomes # possible because authentification_verify decorator has been # already checked. currentUser = get_current_user() onlyUsersEntities = check_private_data_for_entity( currentUser, entity) if onlyUsersEntities: # if private data is applied and the entities' owner is different from # current user, then the entities will not be added to the list to # show if auth disabled, onlyUsersEntities becomes always False and all # the entities are added to the list to show return dict((k, v) for k, v in entitiesList.iteritems() if ((entity == 'reservations' and currentUser.login in v['users']) or (entity == 'jobs' and currentUser.login == v['login']))) return entitiesList
def editSpot(request, spot_key=None): spot = AutoRetry(models.Spot).get(spot_key) user = auth.get_current_user(request) if request.method == 'POST': spot_form = forms.SpotForm(request.POST) constraint_form = forms.SpotConstraintForm(request.POST) # check if spot is changed # check if new constraint to be added if spot_form.is_valid(): for field in spot_form.fields.keys(): setattr(spot,field,spot_form.cleaned_data[field]) spot.author = user AutoRetry(models.Spot).put(spot) if constraint_form.is_valid(): connectConstraintsAndSpot( saveConstraint(constraint_form.cleaned_data), spot.key() ) return HttpResponseRedirect('/traffic_log/spot/%s'%spot.key()) else: return render_to_response('traffic_log/create_edit_spot.html', context(spot=forms.SpotForm(instance=spot), spot_key=spot_key, constraints=spot.constraints, constraint_form=forms.SpotConstraintForm(), edit=True, dow_dict=constants.DOW_DICT, formaction="/traffic_log/spot/edit/%s"%spot.key() ), context_instance=RequestContext(request))
def editSpot(request, spot_key=None): spot = AutoRetry(models.Spot).get(spot_key) user = auth.get_current_user(request) if request.method == 'POST': spot_form = forms.SpotForm(request.POST) constraint_form = forms.SpotConstraintForm(request.POST) # check if spot is changed # check if new constraint to be added if spot_form.is_valid(): for field in spot_form.fields.keys(): setattr(spot, field, spot_form.cleaned_data[field]) spot.author = user AutoRetry(models.Spot).put(spot) if constraint_form.is_valid(): connectConstraintsAndSpot( saveConstraint(constraint_form.cleaned_data), spot.key()) return HttpResponseRedirect('/traffic_log/spot/%s' % spot.key()) else: return render_to_response( 'traffic_log/create_edit_spot.html', context(spot=forms.SpotForm(instance=spot), spot_key=spot_key, constraints=spot.constraints, constraint_form=forms.SpotConstraintForm(), edit=True, dow_dict=constants.DOW_DICT, formaction="/traffic_log/spot/edit/%s" % spot.key()), context_instance=RequestContext(request))
def post(self): user = get_current_user(self.request) l = ndb.Key(urlsafe=self.request.get('list')).get() updateList(l) codes = [i.get().qr_code for i in l.items] item = ndb.Key(urlsafe=self.request.get('item')).get() if (l.public and user.permissions in [wmodels.TRUSTED_USER, wmodels.ADMIN]) or user.key == l.owner: if item.qr_code in codes: removeFromList(l.key, i)
def create_post(): form = forms.ComposePostForm() if form.validate_on_submit(): try: query.save_post(form.title.data, form.text.data, auth.get_current_user().id) return redirect(url_for("routes.posts")) except: flash("Something went wrong!") return render_template("create_post.html", form=form)
def post(self): if get_current_user(self.request).permissions == "Standard user": self.redirect('/') return item = ndb.Key(urlsafe=self.request.get('item_id')).get() item.approved = False item.put() #sleep(0.1) self.redirect('/review_edits')
def get(self): user = get_current_user(self.request) firebase_name = auth.get_user_name(self.request) # Rare case that someone changed their name. if user.name != firebase_name: user.name = firebase_name # TODO: search all edits by this user and change the names there. user.put() self.redirect('/')
def post(self): user = get_current_user(self.request) l = ndb.Key(urlsafe=self.request.get('list')).get() if l.public and user.permissions in [wmodels.TRUSTED_USER, wmodels.ADMIN]: l.key.delete() elif l.owner == user.key: l.key.delete() self.redirect('/view_lists')
def finishReadingSpotCopy(request, spot_copy_key=None): dow, hour, slot = _get_slot_from_request(request) # Check if a single spot constraint exists for the dow, hour, slot. q = (models.SpotConstraint.all() .filter("dow =", dow) .filter("hour =", hour) .filter("slot =", slot)) count = AutoRetry(q).count(1) if count == 0: raise ValueError("No spot constraint found for dow=%r, hour=%r, slot=%r" % ( dow, hour, slot)) elif count > 1: # kumar: not sure if this will actually happen raise ValueError("Multiple spot constraints found for dow=%r, hour=%r, slot=%r" % ( dow, hour, slot)) constraint = AutoRetry(q).fetch(1)[0] spot_copy = AutoRetry(models.SpotCopy).get(spot_copy_key) # Check if spot has already been read (i.e., logged). today = time_util.chicago_now().date() q = (models.TrafficLogEntry.all() .filter("log_date =", today) .filter("spot =", spot_copy.spot) .filter("dow =", dow) .filter("hour =", hour) .filter("slot =", slot)) if AutoRetry(q).count(1): existing_logged_spot = AutoRetry(q).fetch(1)[0] raise RuntimeError("This spot %r at %r has already been read %s" % ( spot_copy.spot, constraint, existing_logged_spot.reader)) # Remove spot copy from the spot's list. spot_copy.spot.finish_spot_copy() # Log spot read. logged_spot = models.TrafficLogEntry( log_date = today, spot = spot_copy.spot, spot_copy = spot_copy, dow = dow, hour = hour, slot = slot, scheduled = constraint, readtime = time_util.chicago_now(), reader = auth.get_current_user(request) ) AutoRetry(logged_spot).put() return { 'spot_copy_key': str(spot_copy.key()), 'spot_constraint_key': str(constraint.key()), 'logged_spot': str(logged_spot.key()) }
def create(request, keyname): "Backdoor to create a new entity" u = auth.get_current_user(request) if u.is_admin: p = Product(key_name=keyname) p.name = "New Product" p.description = "The description" p.put() return HttpResponseRedirect(reverse('store-edit', args=(p.key(),))) return HttpResponseRedirect(reverse('store-index'))
def get(self): user = get_current_user(self.request) lists = List.query(ndb.OR( List.owner == user.key, List.public == True, )).fetch() template = JINJA_ENVIRONMENT.get_template('templates/view_lists.html') page = template.render({'lists': lists, 'user': user}) page = page.encode('utf-8') self.response.write(validateHTML(page))
def finishReadingSpotCopy(request, spot_copy_key=None): dow, hour, slot = _get_slot_from_request(request) # Check if a single spot constraint exists for the dow, hour, slot. q = (models.SpotConstraint.all().filter("dow =", dow).filter( "hour =", hour).filter("slot =", slot)) count = AutoRetry(q).count(1) if count == 0: raise ValueError( "No spot constraint found for dow=%r, hour=%r, slot=%r" % (dow, hour, slot)) elif count > 1: # kumar: not sure if this will actually happen raise ValueError( "Multiple spot constraints found for dow=%r, hour=%r, slot=%r" % (dow, hour, slot)) constraint = AutoRetry(q).fetch(1)[0] spot_copy = AutoRetry(models.SpotCopy).get(spot_copy_key) # Check if spot has already been read (i.e., logged). today = time_util.chicago_now().date() q = (models.TrafficLogEntry.all().filter("log_date =", today).filter( "spot =", spot_copy.spot).filter("dow =", dow).filter("hour =", hour).filter("slot =", slot)) if AutoRetry(q).count(1): existing_logged_spot = AutoRetry(q).fetch(1)[0] raise RuntimeError( "This spot %r at %r has already been read %s" % (spot_copy.spot, constraint, existing_logged_spot.reader)) # Remove spot copy from the spot's list. spot_copy.spot.finish_spot_copy() # Log spot read. logged_spot = models.TrafficLogEntry(log_date=today, spot=spot_copy.spot, spot_copy=spot_copy, dow=dow, hour=hour, slot=slot, scheduled=constraint, readtime=time_util.chicago_now(), reader=auth.get_current_user(request)) AutoRetry(logged_spot).put() return { 'spot_copy_key': str(spot_copy.key()), 'spot_constraint_key': str(constraint.key()), 'logged_spot': str(logged_spot.key()) }
def delete_post(id): post = query.get_post_by_id(id) if post.user_id.id == auth.get_current_user().id: try: query.delete_post(id) return redirect(url_for("routes.posts")) except: flash("Something went wrong!") abort(500) else: abort(403)
def update_rating(self, productId, rating): userId = get_current_user().id vote = Vote.query.filter_by(productId=productId, userId=userId).first() or \ Vote(productId=productId, userId=userId) vote.vote = rating db.session.add(vote) db.session.commit() return Product.query.get(productId).get_formatted_votes()
def get_vars(request): current_user = auth.get_current_user(request) if request.method == "POST": form = PlaylistTrackForm(data=request.POST) else: form = PlaylistTrackForm() form.current_user = current_user vars = {"form": form, "playlist": form.playlist} vars.update(common_context) return vars
def delete_event(request, event_key): e = None try: e = AutoRetry(PlaylistEvent).get(event_key) except BadKeyError: pass else: if e and e.selector.key() == auth.get_current_user(request).key(): e.delete() playlist_event_listeners.delete(event_key) return HttpResponseRedirect(reverse('playlists_landing_page'))
def handle_upload(request): form = UploadForm(request.POST, request.FILES) if form.is_valid(): user = auth.get_current_user(request) q = ImportList.gql("where user = :1", user) for result in q: result.delete() lst = ImportList() lst.user = user lst.data = request.FILES['file'].read() lst.put() return form
def get_vars(request): current_user = auth.get_current_user(request) if request.method == 'POST': form = PlaylistTrackForm(data=request.POST) else: form = PlaylistTrackForm() form.current_user = current_user vars = {'form': form, 'playlist': form.playlist} vars.update(common_context) return vars
def post(self): name = flask.request.form.get('name') url = flask.request.form.get('url') secondary_url = flask.request.form.get('secondary_url') if name is None or url is None: return '"name" and "url" params required', 400 shortcut = Shortcut.query.filter(Shortcut.name == name).first() if not shortcut: return flask.redirect('/?error=%s+does+not+exist' % name) shortcut.url = url shortcut.secondary_url = secondary_url if auth.get_current_user() != shortcut.owner: # Transfer 'ownership'. # TODO: Email notification. shortcut.owner = auth.get_current_user() db.session.add(shortcut) db.session.commit() return flask.redirect('/?edited=%s' % name)
def delete_event(request, event_key): e = None try: e = AutoRetry(PlaylistEvent).get(event_key) except BadKeyError: pass else: if e and e.selector.key() == auth.get_current_user(request).key(): e.delete() playlist_event_listeners.delete(event_key) return HttpResponseRedirect(reverse("playlists_landing_page"))
def get(self): user = get_current_user(self.request) l = ndb.Key(urlsafe=self.request.get('list')).get() updateList(l) if not l.public and user.key != l.owner: self.redirect('/view_lists') return items = [k.get() for k in l.items] template = JINJA_ENVIRONMENT.get_template('templates/view_list.html') page = template.render({'list': l, 'items': items, 'user': user}) page = page.encode('utf-8') self.response.write(validateHTML(page))
def put(self, is_guest=False): """User could be built from sessions, need write through these users""" super(User, self).put() if is_guest: return from auth import get_current_user, update_current_user user = get_current_user() if user and user.username == self.username: update_current_user(self)
def get(self): # logging.info("View Item Details") user = get_current_user(self.request) template = JINJA_ENVIRONMENT.get_template('templates/item_details.html') item = ndb.Key(urlsafe=self.request.get('item_id')).get() pending_edit = (len(item.suggested_edits) > 0) lists = List.query(ndb.OR(List.owner == user.key, List.public == True)).fetch() page = template.render({'item':item, 'pending_edit':pending_edit, 'user':user, 'lists':lists}) page = page.encode('utf-8') self.response.write(validateHTML(page))
def put(self, is_guest=False): """User could be built from sessions, need write through these users""" super(User, self).put() if is_guest: return from auth import get_current_user, update_current_user user = get_current_user() if user and user.username == self.username: update_current_user(self)
def get(self): user = get_current_user(self.request) template = JINJA_ENVIRONMENT.get_template('templates/index.html') lists = List.query(ndb.OR(List.owner == user.key, List.public == True)).fetch() item_name_filter = self.request.get('filter_by_name') item_type_filter = self.request.get('filter_by_item_type') item_condition_filter = self.request.get_all('filter_by_condition') item_color_filter = self.request.get_all('filter_by_color') item_color_grouping_filter = self.request.get('filter_by_color_grouping') item_article_filter = self.request.get('filter_by_article') costume_size_string_filter = self.request.get('filter_by_costume_size_string') costume_size_number_min = self.request.get('filter_by_costume_size_min') costume_size_number_max = self.request.get('filter_by_costume_size_max') if not costume_size_number_max: costume_size_number_max = "26" if not costume_size_number_min: costume_size_number_min = "0" exclude_unknown_size = self.request.get('excludeUnknownSize', '') == "true" tags_filter = self.request.get('filter_by_tags') tags_grouping_filter = self.request.get('filter_by_tag_grouping') availability_filter = self.request.get('filter_by_availability') user_id = auth.get_user_id(self.request) items = filterItems( user_id, item_name_filter, item_type_filter, item_condition_filter, item_color_filter, item_color_grouping_filter, item_article_filter, costume_size_string_filter, costume_size_number_min, costume_size_number_max, exclude_unknown_size, tags_filter, tags_grouping_filter, availability_filter, outdated=False) # send to display page = template.render({ 'lists': lists, 'user': user, 'items': items, 'user_id': user_id}) page = page.encode('utf-8') self.response.write(validateHTML(page))
def post(self): user = auth.get_user_id(self.request) to_check_out = self.request.get_all('keys') reason = self.request.get('reason') while to_check_out: urlsafe_key = to_check_out.pop() item = ndb.Key(urlsafe=urlsafe_key).get() if item.key.parent() != None: to_check_out.append(item.key.parent().urlsafe()) item.checked_out = True item.checked_out_by = user item.checked_out_by_name = get_current_user(self.request).name item.checked_out_reason = reason item.put() self.redirect("/")
def update_post(id): form = forms.ComposePostForm() post = query.get_post_by_id(id) if post.user_id.id == auth.get_current_user().id: if form.validate_on_submit(): try: query.update_post(id, form.title.data, form.text.data) return redirect(url_for("routes.posts")) except: flash("Something went wrong!") form.title.data = post.title form.text.data = post.text return render_template("update_post.html", id=id, form=form) else: abort(403)
def delete_event(request, event_key): e = None try: e = AutoRetry(PlaylistEvent).get(event_key) except BadKeyError: pass else: if e and e.selector.key() == auth.get_current_user(request).key(): e.delete() # This avoids seeing dupes after deleting the last # submitted track. memcache.delete('playlist.last_track') playlist_event_listeners.delete(event_key) return HttpResponseRedirect(reverse('playlists_landing_page'))
def get(self): # logging.info("Manage Deletions") user = get_current_user(self.request) if (user.permissions == "Standard user"): self.redirect('/') return template = JINJA_ENVIRONMENT.get_template('templates/review_deletions.html') items = Item.query().order(-Item.updated).fetch() deleted = [] for item in items: if (item.marked_for_deletion or item.deleted) and item.child == None: deleted.append(item) page = template.render({'deleted':deleted}) page = page.encode('utf-8') self.response.write(validateHTML(page))
def download(request): user = auth.get_current_user(request) if not user: pin = request.GET["pin"].upper() code = request.GET["code"] product = Product.get_by_key_name("ContactLoader") userproduct = UserProduct.gql("where product = :1 and pin = :2", product, pin).get() if not userproduct or not userproduct.validate_code(code): raise Http404("Could not find activation data") user = userproduct.parent() lst = ImportList.gql("where user = :1", user).get() if not lst: raise Http404("No list has been uploaded on the account yet") return HttpResponse(lst.data, "text/csv")
def delete_event(request, event_key): e = None try: e = AutoRetry(PlaylistEvent).get(event_key) except BadKeyError: pass else: if e and e.selector.key() == auth.get_current_user(request).key(): e.delete() # This avoids seeing dupes after deleting the last # submitted track. memcache.delete('playlist.last_track') playlist_event_listeners.delete(event_key) return HttpResponseRedirect(reverse('playlists_landing_page'))
def createEditSpotCopy(request, spot_copy_key=None, spot_key=None): if spot_copy_key: spot_copy = AutoRetry(models.SpotCopy).get(spot_copy_key) spot_key = spot_copy.spot.key( ) # so that dropdown box is selected when editing formaction = reverse('traffic_log.editSpotCopy', args=(spot_copy_key, )) else: if spot_key: formaction = reverse('traffic_log.views.addCopyForSpot', args=(spot_key, )) else: formaction = reverse('traffic_log.createSpotCopy') spot_copy = None user = auth.get_current_user(request) if request.method == 'POST': spot_copy_form = forms.SpotCopyForm(request.POST, { 'author': user, 'spot_key': spot_key }, instance=spot_copy) if spot_copy_form.is_valid(): spot_copy = spot_copy_form.save() old_spot = spot_copy.spot spot_copy.author = user spot_copy.spot = AutoRetry(models.Spot).get( spot_copy_form['spot_key'].data) # Add spot copy to spot's list of shuffled spot copies. spot_copy.spot.add_spot_copy(spot_copy) AutoRetry(spot_copy).put() if old_spot: # just in case this copy was moved from one spot # to another, bust the old cache of spot copies # See Issue 124 old_spot.shuffle_spot_copies() AutoRetry(old_spot).save() return HttpResponseRedirect(reverse('traffic_log.listSpots')) else: spot_copy_form = forms.SpotCopyForm(initial={'spot_key': spot_key}, instance=spot_copy) return render_to_response('traffic_log/create_edit_spot_copy.html', context(spot_copy=spot_copy_form, formaction=formaction), context_instance=RequestContext(request))
def post(self): #template = JINJA_ENVIRONMENT.get_template('templates/index.html') item_key = ndb.Key(urlsafe=self.request.get('item_id')) user = get_current_user(self.request) try: commitDelete(item_key, user) removeFromAllLists(item_key) except TransactionFailedError as e: # TODO: Expose this message to the user. logging.info('could not delete the item, please try again') # Redirect back to items view. #sleep(0.1) if user.permissions == "Standard user": self.redirect('/item_details?'+urllib.urlencode({'item_id':item_key.urlsafe()})) else: self.redirect("/search_and_browse")
def edit(request, id): u = auth.get_current_user(request) if u.is_admin: p = Product.get(id) if not p: raise Http404("Product cannot be found") elif request.method == "POST": form = ProductForm(data=request.POST, instance=p) if form.is_valid(): form.save() else: form = ProductForm(instance=p) return render_to_response('store/edit.html', { 'form': form }, RequestContext(request)) return HttpResponseRedirect(reverse('store-index'))
def index(request): user = auth.get_current_user(request) product = Product.get_by_key_name("ContactLoader") lst = None form = None reg = UserProduct.get_product(user, product) if reg: if request.method == "POST": form = handle_upload(request) else: form = UploadForm() lst = ImportList.gql("where user = :1", user).get() return render_to_response('contactloader/index.html', {'lst': lst, 'reg': reg, 'product': product, 'form': form }, RequestContext(request))
def test_get_current_user(self): # Set up a test user. email = '*****@*****.**' user = User(email=email) user.save() # Create some security tokens. expired_token = auth._create_security_token(user) self.now += 0.75 * auth._TOKEN_TIMEOUT_S stale_token = auth._create_security_token(user) self.now += 0.75 * auth._TOKEN_TIMEOUT_S good_token = auth._create_security_token(user) # Create a test HttpRequest, and test using it against our # various tokens. request = http.HttpRequest() request.COOKIES[auth._CHIRP_SECURITY_TOKEN_COOKIE] = expired_token self.assertEqual(None, auth.get_current_user(request)) request.COOKIES[auth._CHIRP_SECURITY_TOKEN_COOKIE] = stale_token user = auth.get_current_user(request) self.assertEqual(email, user.email) self.assertTrue(user._credentials.security_token_is_stale) request.COOKIES[auth._CHIRP_SECURITY_TOKEN_COOKIE] = good_token user = auth.get_current_user(request) self.assertEqual(email, user.email) self.assertFalse(user._credentials.security_token_is_stale) # Test that a password reset token can be used to authenticate # when POSTed in a variable named CHIRP_Auth. request = http.HttpRequest() request.method = "POST" self.assertEqual(None, auth.get_current_user(request)) request.POST["CHIRP_Auth"] = base64.urlsafe_b64encode(expired_token) self.assertEqual(None, auth.get_current_user(request)) request.POST["CHIRP_Auth"] = "bogus!!!" self.assertEqual(None, auth.get_current_user(request)) request.POST["CHIRP_Auth"] = base64.urlsafe_b64encode(good_token) user = auth.get_current_user(request) self.assertEqual(email, user.email) # Check that we will reject an inactive user. user.is_active = False user.save() self.assertRaises(auth.UserNotAllowedError, auth.get_current_user, request) user.is_active = True user.save()
def user_change_password(user_id): user = db.User.find_one_or_404({'_id': user_id}) current_user = get_current_user() @redirect_on_false_decorator(user == current_user or has_role('ROLE_ADMIN', user=current_user)) def action(): error = None if request.method == 'POST': if verify_password_change(user): change_password_for_user(user) flash('Your password was changed!') return redirect(url_for('index')) else: error = 'Incorrect form data' return render_template('user/change_password.html', user=user, error=error) return action()
def createEditSpotCopy(request, spot_copy_key=None, spot_key=None): if spot_copy_key: spot_copy = AutoRetry(models.SpotCopy).get(spot_copy_key) spot_key = spot_copy.spot.key() # so that dropdown box is selected when editing formaction = reverse('traffic_log.editSpotCopy', args=(spot_copy_key,)) else: if spot_key: formaction = reverse('traffic_log.views.addCopyForSpot', args=(spot_key,)) else: formaction = reverse('traffic_log.createSpotCopy') spot_copy = None user = auth.get_current_user(request) if request.method == 'POST': spot_copy_form = forms.SpotCopyForm(request.POST, { 'author':user, 'spot_key':spot_key }, instance=spot_copy) if spot_copy_form.is_valid(): spot_copy = spot_copy_form.save() old_spot = spot_copy.spot spot_copy.author = user spot_copy.spot = AutoRetry(models.Spot).get(spot_copy_form['spot_key'].data) # Add spot copy to spot's list of shuffled spot copies. spot_copy.spot.add_spot_copy(spot_copy) AutoRetry(spot_copy).put() if old_spot: # just in case this copy was moved from one spot # to another, bust the old cache of spot copies # See Issue 124 old_spot.shuffle_spot_copies() AutoRetry(old_spot).save() return HttpResponseRedirect(reverse('traffic_log.listSpots')) else: spot_copy_form = forms.SpotCopyForm(initial={'spot_key':spot_key}, instance=spot_copy) return render_to_response('traffic_log/create_edit_spot_copy.html', context(spot_copy=spot_copy_form, formaction=formaction ), context_instance=RequestContext(request))
def process_request(self, request): # lazy import to make sure we have the right Django! from django import http from django.conf import settings for prefix in settings.PUBLIC_TOP_LEVEL_URLS: if request.path.startswith(prefix): # These are special URLs that do not need login protection. return None try: user = auth.get_current_user(request) except auth.UserNotAllowedError: return http.HttpResponseForbidden('Access Denied!') # Un-logged-in users are not redirected away from the /auth/ # namespace. This ensures that the log-in and related pages # are reachable. if user is None and not request.path.startswith('/auth/'): login_url = auth.create_login_url(request.path) return http.HttpResponseRedirect(login_url) # Attach the user to the request. request.user = user return None
def bucketlist(): """ Return a JSON response with all bucketlists """ user_id = auth.get_current_user() results_data = None if request.method == 'GET': # pagination limit results = BucketList.get_all(user_id) limit = request.args.get('limit', 20) q = request.args.get('q') page = request.args.get('page', 1) if page < 1: raise NotFound('Please specify a valid page (positive number)') if results.all(): results_data = results limit = 100 if int(limit) > 100 else limit if q: results_data = results.filter( BucketList.name.ilike('%{0}%'.format(q))) # serialize result objects to json result_list = [] for item in results_data.paginate( page, int(limit), False).items: if callable(getattr(item, 'to_json')): result = item.to_json() result_list.append(result) return {'message': result_list} raise NotFound('User has no bucketlist') else: name = request.form.get("name") bucketlist = BucketList(created_by=user_id, name=name) bucketlist.save() return { "message": "Bucketlist was created successfully", "bucketlist": bucketlist.to_json()}, 201
def logout(request): if get_current_user(request): return HttpResponseRedirect(get_logout_url(request)) return HttpResponseRedirect(request.build_absolute_uri("/"))
def user_profile(): user = get_current_user() return render_template('user/profile.html', user=user)