def logout(user_social_auth=None):
"""
Log a user out.
Param `user_social_auth`: a `UserSocialAuth` instance. `None` most of the time, except when a user
is coming from the `user.account_delete` view. This param is intended to be passed when the view
is called directly as a Python function, i.e. not with a `redirect()`.
"""
if not current_user.is_authenticated:
return redirect(url_for('root.home'))
logged_with_peam = session.get(
'social_auth_last_login_backend') == PEAMOpenIdConnect.name
if logged_with_peam and not user_social_auth:
user_social_auth = get_user_social_auth(current_user.id)
# Log the user out and destroy the LBB session.
activity.log('deconnexion')
logout_user()
# Clean the session: drop Python Social Auth info because it isn't done by `logout_user`.
if 'social_auth_last_login_backend' in session:
# Some backends have a `backend-name_state` stored in session as required by e.g. Oauth2.
social_auth_state_key = '%s_state' % session[
'social_auth_last_login_backend']
if social_auth_state_key in session:
session.pop(social_auth_state_key)
session.pop('social_auth_last_login_backend')
# Log the user out from PEAM and destroy the PEAM session.
if logged_with_peam and user_social_auth:
params = {
'id_token_hint':
user_social_auth.extra_data['id_token'],
'redirect_uri':
url_for('auth.logout_from_peam_callback', _external=True),
}
peam_logout_url = '%s/compte/deconnexion?%s' % (
settings.PEAM_AUTH_BASE_URL, urlencode(params))
# After this redirect, the user will be redirected to the LBB website `logout_from_peam_callback` route.
return redirect(peam_logout_url)
return redirect(url_for('root.home'))
def details(siret):
"""
Display the details of an office.
In case the context of a rome_code is given, display appropriate score value for this rome_code
"""
fix_csrf_session()
rome_code = request.args.get('rome_code', None)
company = Office.query.filter_by(siret=siret).first()
if not company:
abort(404)
# Check if company is hidden by SAVE
if not company.score:
abort(404)
context = {
'company': company,
'rome_code': rome_code,
}
activity.log('details', siret=siret)
return render_template('office/details.html', **context)
def details(siret):
"""
Display the details of an office.
In case the context of a rome_code is given, display appropriate score value for this rome_code
This code is very similar to the code in labonneboite/web/api/views.py
"""
fix_csrf_session()
rome_code = request.args.get('rome_code', None)
company = Office.query.filter_by(siret=siret).first()
if not company:
abort(404)
# Alternance case
alternance = 'contract' in request.args and request.args['contract'] == 'alternance'
# If an office score equals 0 it means it is not supposed
# to be shown on LBB frontend/api
# and/or it was specifically removed via SAVE,
# and thus it should not be accessible by siret.
if not alternance and not company.score:
# The company is hidden by SAVE
abort(404)
# Offices having score_alternance equal 0 may still be accessed
# by siret in case of LBA offices from the visible market (i.e. having
# at least one job offer obtained from the API Offers V2).
# However we should not show them if they were specifically removed via SAVE.
if alternance and company.is_removed_from_lba:
abort(404)
context = {
'company': company,
'rome_code': rome_code,
'next_url_modal': url_for('jepostule.application', siret=siret, rome_code=rome_code),
}
activity.log(
event_name='details',
siret=siret,
)
return render_template('office/details.html', **context)
def favorites_add(siret):
"""
Add an office to the favorites of a user.
"""
# Since we are not using a FlaskForm but a hidden input with the token in the
# form, CSRF validation has to be done manually.
# CSRF validation can be disabled globally (e.g. in unit tests), so ensure that
# `WTF_CSRF_ENABLED` is enabled before.
if current_app.config['WTF_CSRF_ENABLED']:
csrf.validate_csrf(request.form.get('csrf_token'))
office = Office.query.filter_by(siret=siret).first()
if not office:
abort(404)
UserFavoriteOffice.add_favorite(user=current_user, office=office)
message = '"%s - %s" a été ajouté à vos favoris !' % (office.name,
office.city)
flash(Markup(message), 'success')
activity.log('ajout-favori', siret=siret)
return get_redirect_after_favorite_operation()
def favorites_delete(siret):
"""
Delete an office from the favorites of a user.
"""
# Since we are not using a FlaskForm but a hidden input with the token in the
# form, CSRF validation has to be done manually.
# CSRF validation can be disabled globally (e.g. in unit tests), so ensure that
# `WTF_CSRF_ENABLED` is enabled before.
if current_app.config['WTF_CSRF_ENABLED']:
csrf.validate_csrf(request.form.get('csrf_token'))
fav = UserFavoriteOffice.query.filter_by(office_siret=siret,
user_id=current_user.id).first()
if not fav:
abort(404)
fav.delete()
message = '"%s - %s" a été supprimé de vos favoris !' % (fav.office.name,
fav.office.city)
flash(message, 'success')
activity.log('suppression-favori', siret=siret)
return get_redirect_after_favorite_operation()
def complete(self, *args, **kwargs):
user = super().complete(*args, **kwargs)
activity.log('connexion', user=user)
return user
