def login_user(request):
email = request.params.get('email', None)
password = request.params.get('password', None)
session = request.dbsession
if email is None or password is None:
return generateError('Invalid email and password combination')
try:
user = session.query(User).filter(User.email == email).one()
pwd = bcrypt.hashpw(password.encode('UTF_8'),
user.password.encode('UTF_8'))
if (pwd != user.password):
return generateError('Invalid email and password combination')
# todo: how this possibly could happen?
except MultipleResultsFound:
users = session.query(User).filter(User.email == email).all()
user = None
for u in users:
pwd = bcrypt.hashpw(password.encode('UTF_8'),
u.password.encode('UTF_8'))
if (pwd == u.password):
user = u
break
if user == None:
return generateError('Invalid email and password combination')
except NoResultFound:
return generateError('Invalid email and password combination')
return generateSuccess('Welcome, {}!'.format(user.name),
{'token': generateToken(user)})
def verify_user(request):
token = request.params.get('token', None)
if token is None:
return generateError('Token is missing', {'expired': False})
try:
payload = decode(token)
except jwt.ExpiredSignatureError:
return generateError('Token has expired', {'expired': True})
except:
return generateError('Token is invalid', {'expired': False})
return generateSuccess('Token is valid', {'expired': False})
def change_validation_status(request):
session = request.dbsession
user_id = request.matchdict['id']
status = request.params['status']
try:
attrib = session.query(ApplicantAttribute).filter(
ApplicantAttribute.applicant_id == user_id).one()
except:
return generateError('user id is invalid')
attrib.validation_status = status
return generateSuccess('Validation status saved')
def change_application_status(request):
session = request.dbsession
user_id = request.matchdict['id']
status = request.params['status']
try:
attrib = session.query(ApplicantAttribute).filter(
ApplicantAttribute.applicant_id == user_id).one()
except NoResultFound:
return generateError('User is not an applicant or no attribute found')
except:
return generateError('Unexpected Db error')
attrib.application_status = status
return generateSuccess('Application status saved')
def login_user(request):
email = request.params.get('email', None)
password = request.params.get('password', None)
form_start = request.params.get('date_start')
form_end = request.params.get('date_end')
user_form_start = request.params.get('date_created')
user_form_end = request.params.get('last_modified')
session = request.dbsession
#if user_form_start < form_start:
# return generateError('Form is not yet open')
if user_form_start != form_end:
return generateError(
'Form has closed, you can no longer submit your form online.')
if email is None or password is None:
return generateError('Invalid email and password combination')
try:
user = session.query(User).filter(User.email == email).one()
pwd = bcrypt.hashpw(password.encode('UTF_8'),
user.password.encode('UTF_8'))
if (pwd != user.password):
return generateError('Invalid email and password combination')
# todo: how this possibly could happen?
except MultipleResultsFound:
users = session.query(User).filter(User.email == email).all()
user = None
for u in users:
pwd = bcrypt.hashpw(password.encode('UTF_8'),
u.password.encode('UTF_8'))
if (pwd == u.password):
user = u
break
if user == None:
return generateError('Invalid email and password combination')
except NoResultFound:
return generateError('Invalid email and password combination')
return generateSuccess('Welcome, {}!'.format(user.name),
{'token': generateToken(user)})
def update_form(request):
id = request.params['id']
session = request.dbsession
form = session.query(Form) \
.filter(Form.id == id) \
.one()
name = request.params.get('name', None)
if name is not None:
form.name = name
date_start = request.params.get('date_start', None)
if date_start is not None:
form.date_start = date_start
date_end = request.params.get('date_end', None)
if date_end is not None:
form.date_end = date_end
form_type_id = request.params.get('form_type_id', None)
if form_type_id is not None:
form.form_type_id = form_type_id
return generateSuccess('Success')
def update_user(request):
session = request.dbsession
token = request.authorization[1]
payload = decode(token)
user_id = payload['sub']
try:
user = session.query(User) \
.filter(User.id == user_id) \
.one()
except:
return generateError('Db error. Contact site administrator')
submitted = request.params.get('submitted', None)
password = request.params.get('password', None)
appstat = request.params.get('application_status', None)
valstat = request.params.get('validation_status', None)
if not submitted is None:
user.submitted = submitted
return generateSuccess('user submission successful')
if not password is None:
user.password = bcrypt.hashpw(password, bcrypt.gensalt())
return generateSuccess('password successfully changed')
if not appstat is None:
user.application_status = appstat
return generateSuccess('application status successfully changed')
if not valstat is None:
user.validation_status = valstat
return generateSuccess('validation status successfully changed')
try:
user_attribs = session.query(ApplicantAttribute) \
.filter(ApplicantAttribute.applicant_id == user_id) \
.one()
except:
return generateError('Db error. Contact site administrator')
attribs = [
'level', 'program', 'program_type', 'student_type', 'choice_1',
'choice_2', 'choice_3', 'adviser', 'start_of_study', 'year',
'other_scholarship', 'other_scholarship_name'
]
for key in attribs:
value = request.params.get('user[{}]'.format(key))
if (key == 'level'):
user_attribs.level = value
if (key == 'program'):
user_attribs.program = value
if (key == 'program_type'):
user_attribs.program_type = value
if (key == 'student_type'):
user_attribs.student_type = value
if (key == 'choice_1'):
user_attribs.choice_1 = value
if (key == 'choice_2'):
user_attribs.choice_2 = value
if (key == 'choice_3'):
user_attribs.choice_3 = value
if (key == 'adviser'):
user_attribs.adviser = value
if (key == 'start_of_study'):
user_attribs.start_of_study = value
if (key == 'year'):
user_attribs.year = value
if (key == 'other_scholarship'):
user_attribs.other_scholarship = value
if (key == 'other_scholarship_name'):
user_attribs.other_scholarship_name = value
user_attribs.answered_pos = True
return {'success': True}
def create_user(request):
# check for required params, return error if incomplete
session = request.dbsession
email = request.params.get('email', None)
last = request.params.get('last', None)
given = request.params.get('given', None)
middlemaiden = request.params.get('middlemaiden', None)
level = request.params.get('level', None)
fullname = '{} {}'.format(given, last)
parsed = parseaddr(email)
if parsed[1] == "":
return generateError('Invalid email')
##########
# EDIT: may 31 - daisy
# generated_password = '******'
generated_password = password_generator()
# just for debugging purposes. will delete these lines eventually
file = open("passwords.txt", 'a')
file.write("email: " + email + " , password: "******"\n")
file.close()
password = bcrypt.hashpw(generated_password, bcrypt.gensalt())
if email is None or last is None or given is None or middlemaiden is None:
return generateError('Field is missing')
# check if user is not recommender email is linked to an account
u = session.query(User).filter(User.email == email).all()
if (level != 3 and len(u) > 0):
return generateError('E-mail is already in use')
try:
if level is None:
u = User(name=fullname, email=email, password=password)
else:
u = User(name=fullname,
email=email,
password=password,
user_type_id=int(level))
except:
return generateError('Something weird happened!')
# todo: add send status, move mail send to some queue
try:
mailer.send_credentials_email(request.mailer, given, email,
generated_password)
except:
pass
session.add(u)
session.flush()
if int(level) in [3, 4, 5]:
#######
# add a row in ApplicantAttribute Table
if level == '4':
row = ApplicantAttribute(scholarship=False, applicant_id=u.id)
elif level == '5':
row = ApplicantAttribute(scholarship=True, applicant_id=u.id)
if int(level) in [4, 5]:
session.add(row)
#######
# create answer
form_type = session.query(FormType).filter(
FormType.user_type_id == u.user_type_id).one()
# forms = session.query(Form).filter(Form.form_type_id == form_type.id).all()
# for f in forms:
# started = is_past(str(f.date_start))
# ended = is_past(str(f.date_end))
# status = 'idle' if (not started) else ( 'expired' if (ended) else 'ongoing' )
# if (status is 'ongoing'):
# form = f
# break
category_ids = form_type.page_sequence
questions = []
for category_id in category_ids:
toadd = session.query(Element).filter(
Element.klass == 'question').filter(
Element.category_id == category_id).all()
for entry in toadd:
questions.append(entry)
for question in questions:
answer = Answer(text='', element_id=question.id, user_id=u.id)
if question.default:
answer.text = question.default
session.add(answer)
# session.commit()
# initialize all status of categories_answered to False
for category_id in category_ids:
category_status = CategoryStatus(user_id=u.id,
category_id=category_id)
session.add(category_status)
return generateSuccess('Welcome, {}!'.format(fullname),
{'token': generateToken(u)})
def update_answer(request):
session = request.dbsession
user_id = request.params.get('user_id')
category_id = request.params.get('category_id')
data = request.params.get('data')
length = request.params.get('length')
try:
user = session.query(User).filter(User.id == user_id).one()
except:
return generateError('User id invalid')
# change category status to answered
category_status = session.query(CategoryStatus) \
.filter(CategoryStatus.user_id == user_id) \
.filter(CategoryStatus.category_id == category_id) \
.one()
category_status.status = True
for i in range(int(length)):
answer_id = request.params.get('data[{}][id]'.format(i))
text = request.params.get('data[{}][text]'.format(i))
answer = session.query(Answer) \
.filter(Answer.user_id == user_id) \
.filter(Answer.id == answer_id) \
.one()
answer.text = text
e = session.query(Element).filter(
Element.id == answer.element_id).one()
# if answer.element_id in [70, 71, 75, 76, 80, 81] and text != '':
if (e.text == "Recommender Name"
or e.text == "Recommender E-mail") and (text != ""):
# if hindi pa existing create a new recommender
# if answer.element_id in [70, 75, 80]:
if e.text == "Recommender Name":
recName = text
# elif answer.element_id in [71, 76, 81]:
elif e.text == "Recommender E-mail":
attr = session.query(ApplicantAttribute) \
.filter(ApplicantAttribute.applicant_id == user_id).one()
#### edit by daisy may 31
# generated_password = '******'
generated_password = password_generator()
file = open("passwords.txt", 'a')
file.write("email: " + text + " , password: "******"\n")
file.close()
####
password = bcrypt.hashpw(generated_password, bcrypt.gensalt())
rec = User(name=recName,
email=text,
password=password,
user_type_id='3')
# session.add(rec)
print answer.element_id
success = False
# if answer.element_id == 71 and attr.recommender_a == None:
if e.name == "rec1email" and attr.recommender_a == None:
session.add(rec)
attr.recommender_a = rec.id
success = True
# elif answer.element_id == 76 and attr.recommender_b == None:
elif e.name == "rec2email" and attr.recommender_b == None:
session.add(rec)
attr.recommender_b = rec.id
success = True
# elif answer.element_id == 81 and attr.recommender_c == None:
elif e.name == "rec3email" and attr.recommender_c == None:
session.add(rec)
attr.recommender_c = rec.id
success = True
if (success):
# todo: add send status, move mail send to some queue
try:
mailer.send_recommender_email(request.mailer, rec.name,
user.name, text,
generated_password)
except:
pass
form_type = session.query(FormType).filter(
FormType.user_type_id == rec.user_type_id).one()
category_ids = form_type.page_sequence
questions = []
for category_id in category_ids:
toadd = session.query(Element).filter(
Element.klass == 'question').filter(
Element.category_id == category_id).all()
for entry in toadd:
questions.append(entry)
for question in questions:
answer = Answer(text='',
element_id=question.id,
user_id=rec.id)
session.add(answer)
# initialize all status of categories_answered to False
for category_id in category_ids:
category_status = CategoryStatus(
user_id=rec.id, category_id=category_id)
session.add(category_status)
########
return generateSuccess('Successfully updated answer')
