Exemplo n.º 1
0
	def logout(self):
		username=cherrypy.session.get('username')

		if not username:
			flash("You haven't logged in.", 'error')
			return self.render(error_view, error_message="Please login before logging out, because you cannot logout before you have logged in.")
					
		cherrypy.session.clear()
		flash("Logged out successfully!", 'success')
		forward_url = cherrypy.request.headers.get("Referer", "/")
		raise cherrypy.HTTPRedirect(forward_url or "/")
Exemplo n.º 2
0
	def login(self, username=None, password=None):
		"""The login POST endpoint."""
		if cherrypy.request.method != "POST":
			raise cherrypy.HTTPError(404)

		if cherrypy.session.get('username'):
			flash("You have already logged in.")
			raise cherrypy.HTTPRedirect(cherrypy.request.headers.get("Referer", "/") or "/")

		valid = User.validate_credentials(username, password)
		status = User.get_user(username)['member_type']

		if not valid:
			flash("Invalid credentials.", 'error')
			raise cherrypy.HTTPRedirect(cherrypy.request.headers.get("Referer", "/") or "/")

		if status == 'banned':
			flash("You can't login, you are banned!", 'error')
			raise cherrypy.HTTPRedirect('/')

		User.log_visit(username)
		cherrypy.session['username'] = username
		cherrypy.session.save()
		flash("Logged in successfully!", 'success')

		# redirect user back to the page where login was entered
		raise cherrypy.HTTPRedirect(cherrypy.request.headers.get("Referer", "/") or "/")
Exemplo n.º 3
0
	def delete(username, songname):
		"""Attempts to delete a song."""

		if not cherrypy.session.get('username'):
			raise cherrypy.HTTPError(401)

		if cherrypy.request.method != 'POST':
			raise cherrypy.HTTPError(404) 

		current_user = cherrypy.session.get('username')
		user = User.get_user(current_user)

		if user['member_type'] != 'admin':
			if current_user != username:
				raise cherrypy.HTTPError(401)
			
		songid = Song.get_user_song(username, songname)
		Song.delete_song(songid)
		flash("Deleted '%s'" % (songname), 'success')
		raise cherrypy.HTTPRedirect("/users/" + username)
Exemplo n.º 4
0
	def users(self, who=None, **args):
		"""User detail page handler."""
		if not who:
			# TODO add user listing here?
			flash('Invalid user.', 'error')
			return self.render(error_view)

		person = User.get_user(who)

		if person == None:
			msg = "User '%s' not found!" % (str(who))
			return self.render(error_view, error_message=msg)

		if 'ban' in args:
			self.set_user_type(who, 'banned')
		elif 'unban' in args:
			self.set_user_type(who, 'member')

		sanitized = User.sanitize_user(person)
		songs = User.get_user_songs_detailed(person["username"])
		return self.render(user_view, user=sanitized, songs=songs)
Exemplo n.º 5
0
def restrictfunc(group="member", method=None):
    """
	An authentication function used to create a simple
	CherryPy compatible tool decorator.

	Checks if the current session satisfied the given
	conditions, if not the user is directed to a login page.
	"""

    if not cherrypy.session.get("username"):
        # raise cherrypy.HTTPError('401 Unauthorized')
        flash(restrict.error_message)
        raise cherrypy.HTTPRedirect(restrict.loginpath)

    if method:
        if cherrypy.request.method != method:
            raise cherrypy.HTTPError(404)  # TODO return 405 and a list of allowed methods

    if group == "member":
        return
    elif group == "admin":
        # TODO actually pull the user information from the DB and check status
        return
Exemplo n.º 6
0
	def set_user_type(self, target, status):
		"""
		Attempts to set user member_type.
		Checks the credentials of the current session.
		"""

		if not cherrypy.session.get('username'):
			raise cherrypy.HTTPError(401)

		username=cherrypy.session.get('username')
		user = User.get_user(username)

		if user['member_type'] != 'admin':
			raise cherrypy.HTTPError(401)
		
		try:
			User.set_user_type(target, status)
		except:
			flash("Can't set user status!", 'error')
		else:
			flash("User status set to %s!" % status, 'success')

		raise cherrypy.HTTPRedirect("/users/%s" % target)
Exemplo n.º 7
0
	def register(self, username=None, password=None, password2=None, email=None):
		"""Registration form page handler."""

		if cherrypy.request.method == 'GET':
			return self.render(register_view)

		if cherrypy.request.method != 'POST':
			raise cherrypy.HTTPError(404) 

		try:
			if password != password2:
				raise UserDetailException("Passwords do not match.")

			User.add_user(username=username, password=password, email=email)
		except UserDetailException as e:
			flash(str(e), 'error')
			return self.render(register_view)
		except UserAlreadyExistsException as e:
			flash("User already exists with that name.", 'error')
			return self.render(register_view)
		else:
			flash("Account created successfully! You can now log in.", 'success')
			raise cherrypy.HTTPRedirect('/')
Exemplo n.º 8
0
	def upload(self, songfile, influence, influence_type):
		"""Song upload POST endpoint."""

		username=cherrypy.session.get('username')

		if not songfile:
			flash('Invalid file.', 'error')
			raise cherrypy.HTTPRedirect("/uploadform")

		if not songfile.file:
			flash('Invalid file.', 'error')
			raise cherrypy.HTTPRedirect("/uploadform")
		
		songbytes = songfile.file.read()

		try:
			song = load_module(songbytes)
		except Exception as e:
			flash("%s is not a valid module, only ProTracker modules are supported." % songfile.filename
					, 'error')
			return self.render(upload_view)

		if influence and not influence_type:
			flash("Invalid influence type!")
			raise cherrypy.HTTPRedirect("/uploadform")

		songid = Song.add_song(song, songbytes, songfile, [username,])

		flash("Song uploaded successfully.", 'success')

		if influence and influence != 'empty':
			influence_id = None

			try:
				influence_id = Influence.get_song_id_from_url(influence)
			except Exception as e:
				flash("Cannot parse influence url!", 'error')
				flash("Error: " + str(e), 'error')

			try:
				Influence.add_internal_influence(influence_id, songid, influence_type)
			except Exception as e:
				flash("Song influences were not added.", 'notice')
				flash("Error: " + str(e), 'error')

		raise cherrypy.HTTPRedirect("/users/%s" % (username, ))