def __logout(self): """ Do logout """ if constants.PERSISTENT_LOGIN_NAME in self.request.cookies: token_cookie = self.request.cookies[constants.PERSISTENT_LOGIN_NAME] token = LoginToken.get_token_data(token_cookie) if token is not None: token.delete() self.response.delete_cookie(constants.PERSISTENT_LOGIN_NAME, '/') if self.user_email is not None and self.user_email != '': user = User.getUser(self.user_email.lower()) if user is not None: user.logout() self.ok('/')
def _display_list(self, list_id): """ Displays the list with the given id if it belongs to the current user """ try: current_user = User.getUser(self.user_email) current_list = ShoppingList.get_by_id(int(list_id), current_user) if current_list is None: raise ValueError self._api_display_list_(current_list) except (TypeError, ValueError, ProtocolBufferEncodeError) as exc: logging.error(str(exc)) error_message = self.gettext("There's not such list, sorry.") self.set_error(constants.STATUS_BAD_REQUEST, message=error_message, url="/")
def _list_lists(self, api): """ Lists all shopping lists of current user """ current_user = User.getUser(self.user_email) query = ShoppingList.all() query.ancestor(current_user) if api is not None: all_lists = query.run() self._api_list_lists_(all_lists) else: template = self.jinja2_env.get_template('ang-base.html') template_values = { 'user_email': self.user_email } self.response.out.write(template.render(template_values))
def put(self, api, list_id): """ PUT method is used to change item rankings """ try: current_user = User.getUser(self.user_email) current_list = ShoppingList.get_by_id(int(list_id), current_user) items_json = self.request.get('items') self.response.out.write('Items json: ' + str(items_json)+ '\n') items_check = json.loads(items_json) current_list.items = items_json current_list.put() self.response.out.write('Ran with success') except (BadValueError, AttributeError) as exc: logging.error('Exception: ' + str(exc)) error_message = self.gettext('Error while storing new order.') self.set_error(constants.STATUS_BAD_REQUEST, message=error_message, url="/")
def authenticate_and_call(handler, *args, **kwargs): """ The decorator itself """ session = get_current_session() sessionid = session.get(constants.SESSION_ID) import logging logging.info('SessionID: ' + str(sessionid)) session_data = SessionData.get_session(sessionid) if not session_data or not session_data.is_valid(): # if persistent id is given: cookies = handler.request.cookies if constants.PERSISTENT_LOGIN_NAME in cookies: token_data = cookies[constants.PERSISTENT_LOGIN_NAME] token = LoginToken.get_token_data(token_data) # if persistent id is correct (email matches id following it): # peform login if token is not None: token.delete() token.tokenid = LoginToken.generate_id() token.put() cookie_value = token.get_cookie_value() days = constants.PERSISTENT_LOGIN_LIFETIME_DAYS expiration = datetime.utcnow() + timedelta(days=days) handler.response.set_cookie(constants.PERSISTENT_LOGIN_NAME, cookie_value, expires=expiration, path="/", httponly=False, secure=True) user = User.getUser(token.user) user.login(handler.request.remote_addr) success(handler) logging.info('User logging in (with persistent token): ' + str(user.email)) else: LoginToken.delete_user_tokens(token_data) error(handler) logging.info('Someone tried to authenticate with \ invalid token - email pair.') return else: error(handler) return else: success(handler) logging.info('User logging in: ' + str(handler.user_email)) return func(handler, *args, **kwargs)
def delete(self, api=None, list_id=None, item_id=None): """ DELETE request handler """ if api is not None: try: current_user = User.getUser(self.user_email) current_list = ShoppingList.get_by_id(int(list_id), current_user) current_list.delete_item(item_id) except (TypeError, ValueError, BadKeyError, BadValueError, ProtocolBufferEncodeError) as exc: logging.error('Exception: ' + str(exc)) error_message = self.gettext("There's no such item, sorry.") self.set_error(constants.STATUS_BAD_REQUEST, message=error_message, url="/")
def __send_verification(self, email): """ Send verification email to recipient """ user = User.getUser(email.lower()) if user is None or user.verified: self.set_error(constants.STATUS_BAD_REQUEST, message=None, url="/") return user.verificationCode = b64encode(CryptoUtil.get_verify_code(), "*$") template_values = { 'user_email': self.user_email, 'code': user.verificationCode, 'url': constants.VERIFICATION_URL } template = self.jinja2_env.get_template('verificationemail.jinja') message = mail.EmailMessage() message.sender = constants.SENDER_ADDRESS message.to = user.email message.subject = 'Please verify your address' message.body = template.render(template_values) message.send() user.put()
def post(self, api=None, list_id=None): """ POST request handler """ current_user = User.getUser(self.user_email) if api is not None: try: if list_id is None: list_name = self.request.get('name', None) new_list = ShoppingList.create_list(current_user, list_name) self._api_display_list_(new_list) except (ValueError) as exc: self.set_error(constants.STATUS_BAD_REQUEST) if list_id is not None: # Add item to list try: current_list = ShoppingList.get_by_id(int(list_id), current_user) if current_list is None: raise ValueError item = current_list.add_item(self.request.get('description', None), self.request.get('key', None), int(self.request.get('quantity', 1))) self.response.out.write(json.dumps(item.to_dict())) self.response.headers['Content-Type'] = 'application/json' self.ok('/Lists/'+str(list_id)) except (TypeError, ValueError, BadKeyError, BadValueError, ProtocolBufferEncodeError) as exc: logging.error('Exception: ' + str(exc)) error_message = self.gettext("There's not such list, sorry.") self.set_error(constants.STATUS_BAD_REQUEST, message=error_message, url="/")
def __login(self): """ Validate incoming parameters and log in user if all is ok """ # Validate email and get user from db email = self.request.get(constants.VAR_NAME_EMAIL) logging.info('User logging in: ' + str(email)) if not User.isEmailValid(email) or not User.isAlreadyRegistered(email): logging.error('Email mismatched or not registered') self.set_error(constants.STATUS_BAD_REQUEST, self.gettext('LOGIN_ERROR'), url=self.request.url) return user = User.getUser(email.lower()) # Calculate password hash password = self.request.get(constants.VAR_NAME_PASSWORD) if not User.isPasswordValid(password): logging.error('Invalid password') self.set_error(constants.STATUS_BAD_REQUEST, self.gettext('LOGIN_ERROR'), url=self.request.url) return key = CryptoUtil.getKey(password, user.salt) # Validate password if not user.password == key: logging.error('Incorrect password for email') self.set_error(constants.STATUS_BAD_REQUEST, self.gettext('LOGIN_ERROR'), url=self.request.url) return # Check remember me remember_string = self.request.get('remember').lower() remember = remember_string != '' and remember_string != 'false' if remember: token_id = LoginToken.generate_id() token = LoginToken() token.tokenid = token_id token.ip = self.request.remote_addr token.user = email token.put() cookie_value = token.get_cookie_value() delta = timedelta(days=constants.PERSISTENT_LOGIN_LIFETIME_DAYS) self.response.set_cookie(constants.PERSISTENT_LOGIN_NAME, cookie_value, expires=datetime.utcnow() + delta, path="/", httponly=True, secure=True) # Log in user if user.verified: user.login(self.request.remote_addr) session = get_current_session() url = session.pop(constants.VAR_NAME_REDIRECT) if url is None: url = "/" self.ok(url) else: logging.error('User unverified') self.set_error(constants.STATUS_FORBIDDEN, self.gettext('UNVERIFIED_PRE') + ' <a href=\"/User/Verify">' + self.gettext('UNVERIFIED_HERE') + '</a> ' + self.gettext('UNVERIFIED_POST'), url=self.request.url) return