Exemplo n.º 1
0
    def post(self):
        if self.user:
            if not self.check_state():
                logging.warning("Possible CSRF attack detected!")
                self.redirect("/")
                return

            # Get user input
            input_current_password = self.request.get('current_password')
            input_password = self.request.get('password')
            input_verify_password = self.request.get('verify_password')

            # Check input and set error messages. 
            error_current_password=""
            error_password=""
            error_verify_password=""

            have_error = False

            if not valid_pw(self.user.email, input_current_password, self.user.pw_hash):
                # Set the error-message: incorrect password.
                error_current_password = True
                have_error = True
            if not valid_password(input_password):
                # Set the error-message: not a valid password.
                error_password = True
                have_error = True
            if not valid_verify(input_password, input_verify_password):
                # Set the error-message: passwords do not match.
                error_verify_password = True
                have_error = True
 
            if have_error:
                state = self.make_state()
                # Render page with error-messages.
                self.render('change_password.html',
                            user = self.user,
                            error_current_password = error_current_password,
                            error_password = error_password,
                            error_verify_password = error_verify_password,
                            state = state)
            else:
                # Generate password-hash and store in DB
                pw_hash = make_pw_hash(self.user.email, input_password)
                self.user.pw_hash = pw_hash
                self.user.put()
                # Update memcache
                User.update_user_cache(self.user)

                state = self.make_state()
                # Render page with success message.
                self.render('change_password.html', 
                            user = self.user, 
                            success_message = True,
                            state = state)
        else:
            # Prompt user to login.
            self.render('message.html', 
                        message_user_settings_1 = True)
Exemplo n.º 2
0
    def post(self):
        if self.user:
            if not self.check_state():
                logging.warning("Possible CSRF attack detected!")
                self.redirect("/")
                return

            # Get user input
            input_username = self.request.get('username')

            # Check input and set error messages. 
            error_username=""
            error_username_exists=""

            have_error = False

            if not valid_username(input_username):
                # Set the error-message: not a valid username.
                error_username = True
                have_error = True

            if have_error == False:
                u = User.by_name(input_username)
                if u:
                    # Set the error-message: username already taken.
                    error_username_exists = True
                    have_error = True
 
            if have_error:
                state = self.make_state()
                # Render page with error-messages.
                self.render('change_username.html',
                            user = self.user,
                            username = input_username,
                            error_username = error_username,
                            error_username_exists = error_username_exists,
                            state = state)
            else:
                # Store new username in DB
                self.user.name = input_username
                self.user.put()
                # Update memcache
                User.update_user_cache(self.user)

                # Render page success message
                state = self.make_state()
                self.render('change_username.html', 
                            user = self.user, 
                            success_message = True,
                            state = state)

        else:
            # Prompt user to login.
            self.render('message.html', message_user_settings_1 = True)
Exemplo n.º 3
0
    def post(self):
        user_query = User.query().filter(
            User.first_name == self.request.get('fname')
            and User.last_name == self.request.get('lname')).fetch()
        if not len(user_query) == 0 and user_query[0].is_doctor == False:
            doctor = User.query().filter(
                User.id == str(users.get_current_user().user_id())).fetch()[0]
            doctor.list.append(user_query[0].id)
            doctor.put()

        self.redirect('/doctor-homepage')
Exemplo n.º 4
0
    def post(self):
        if self.user:
            if not self.check_state():
                self.redirect("/")
                return

            # Get user input
            input_username = self.request.get('username')

            # Check input and set error messages. 
            error_username=""
            error_username_exists=""

            have_error = False

            if not valid_username(input_username):
                # Set the error-message: not a valid username.
                error_username = True
                have_error = True

            if have_error == False:
                u = User.by_name(input_username)
                if u:
                    # Set the error-message: username already taken.
                    error_username_exists = True
                    have_error = True
 
            if have_error:
                state = self.make_state()
                # Render page with error-messages.
                self.render('change_username.html',
                            user = self.user,
                            username = input_username,
                            error_username = error_username,
                            error_username_exists = error_username_exists,
                            state = state)
            else:
                # Update user object in DB and memcache
                User.update(self.user, name=input_username)

                # Render page success message
                state = self.make_state()
                self.render('change_username.html', 
                            user = self.user, 
                            success_message = True,
                            state = state)

        else:
            # Prompt user to login.
            self.session.add_flash('message_user_settings_1', 
                                   key='homepage_flashes')
            self.redirect("/")
Exemplo n.º 5
0
    def post(self):
        if self.user:
            if not self.check_state():
                self.redirect("/")
                return

            # Deactivate account by deleting from User database and 
            # adding to the DeactAccounts database.
            d = DeactAccounts.create(self.user.key().id(), 
                                     self.user.name,
                                     self.user.email)

            # Delete user
            User.remove(self.user.key().id())

            # Genrate list of article-keys for the deleted user.
            article_key_list = Article.keys_by_author(self.user.key().id())

            for key in article_key_list:
                # Store article in DeletdArticle DB
                article = Article.by_id(key.id())
                del_art = DeletdArticle.create(article.title,
                                               article.body, 
                                               article.author)
                del_art.put()
                # Delete article from Article DB
                Article.remove(key.id())
            
            # Logout (delete coockie)
            self.logout()

            # Send email notification
            self.send_email(d.email, 
                            'email_subject.html', 
                            'email_account_deleted.html', 
                            subject_type = 'account_deleted')


            # Render page with message that account was deleted
            self.session.add_flash('message_delete_account_1', 
                                   key='homepage_flashes')
            self.session.add_flash(d.email, key='deleted_email')
            self.redirect("/")

        else:
            # Prompt user to login.
            self.session.add_flash('message_user_settings_1', 
                                   key='homepage_flashes')
            self.redirect("/")
Exemplo n.º 6
0
    def get(self):
        template_vars = {}

        doctor = User.query().filter(
            User.id == str(users.get_current_user().user_id())).fetch()[0]
        code = ""

        for id in doctor.list:
            patient = User.query().filter(User.id == str(id)).fetch()[0]
            code += "<option value='" + patient.id + "'>" + patient.first_name + " " + patient.last_name + "</option>"
        template_vars['code'] = code
        template_vars['name'] = doctor.first_name + " " + doctor.last_name
        home_template = current_jinja_environment.get_template(
            'templates/send-message.html')
        self.response.write(home_template.render(template_vars))
Exemplo n.º 7
0
    def post(self):
        if self.user:
            if not self.check_state():
                self.redirect("/")
                return

            # Get user input
            input_password = self.request.get('password')
            input_verify_password = self.request.get('verify_password')

            # Check input and set error messages. 
            error_password=""
            error_verify_password=""

            have_error = False

            if not valid_password(input_password):
                # Set the error-message: not a valid password.
                error_password = True
                have_error = True
            if not valid_verify(input_password, input_verify_password):
                # Set the error-message: passwords do not match.
                error_verify_password = True
                have_error = True
 
            if have_error:
                state = self.make_state()
                # Render page with error-messages.
                self.render('change_password.html',
                            user = self.user,
                            error_password = error_password,
                            error_verify_password = error_verify_password,
                            state = state)
            else:
                # Update user object in DB and memcache
                User.update(self.user, pw=input_password)

                state = self.make_state()
                # Render page with success message.
                self.render('change_password.html', 
                            user = self.user, 
                            success_message = True,
                            state = state)
        else:
            # Prompt user to login.
            self.session.add_flash('message_user_settings_1', 
                                   key='homepage_flashes')
            self.redirect("/")
Exemplo n.º 8
0
    def post(self):
        if self.user:
            # Prompt user to log out.
            self.render('message.html', 
                        user = self.user, 
                        message_login_1 = True)
        else:
            if not self.check_state():
                logging.warning("Possible CSRF attack detected!")
                self.redirect("/")
                return

            input_email = self.request.get('email').lower()
            input_password = self.request.get('password')

            error=""

            u = User.login_by_email(input_email, input_password)
            if u:
                self.login(u)
                self.redirect('/')
            else:
                state = self.make_state()
                # Render page with error-messages.
                self.render('login.html', 
                            error = True, 
                            email_form = input_email,
                            state = state)
Exemplo n.º 9
0
def fbconnect():
    print(request)
    name = request.json.get("name")
    id = request.json.get("id")
    email = request.json.get("email")
    gender = request.json.get("gender")
    auth_token = request.json.get("auth_token")

    print(name)
    print(id)
    print(email)
    print(gender)
    print(auth_token)

    url = (
        'https://graph.facebook.com/oauth/access_token?client_id=%s&client_secret=%s&grant_type=fb_exchange_token&fb_exchange_token=%s' % (
            appid, appsecret, auth_token))

    h = httplib2.Http()
    header, result = h.request(url, 'GET')
    token = json.loads(result)['access_token']
    UserEntry = User(userid=id, displayname=name, emailid=email, photouri="", gender=gender, accesstoken=token)
    session.add(UserEntry)
    session.commit()

    return 'SUCCESS'
Exemplo n.º 10
0
    def get(self):
        article_list = Article.recent(100)
        for article in article_list:
            t = article.created.isoformat()
            article.time = t
            author = User.by_id(article.author)
            if author:
                article.author_name = author.name
            else:
                article.author_name = 'Unknown'
        flashes = self.session.get_flashes('homepage_flashes')
        input_email = self.session.get_flashes('input_email')
        if input_email:
            input_email = input_email.pop()[0]
        deleted_email = self.session.get_flashes('deleted_email')
        if deleted_email:
            deleted_email = deleted_email.pop()[0]

        if self.user:
            self.render('homepage.html',
                        user = self.user, 
                        article_list = article_list,
                        flashes = flashes,
                        input_email = input_email,
                        deleted_email = deleted_email)
        else:
            self.render('homepage.html', 
                        article_list = article_list,
                        flashes = flashes,
                        input_email = input_email,
                        deleted_email = deleted_email)
Exemplo n.º 11
0
def scan_tickets(binary='zbarcam', signer=None):
    import subprocess, sys
    process = subprocess.Popen(binary, bufsize=1, stdout=subprocess.PIPE)
    if signer is None:
        signer = ticket_security.TicketSigner()
    while True:
        stdout = process.stdout.readline().strip()
        if stdout.startswith('QR-Code:'):
            data = stdout[8:]
            # Ticket of doom
            if sha256(data).hexdigest(
            ) == '6640cc0c536901fbc7c9f0fbe508a09c80be74656cb3ab915ec668503d54f91d':
                import webbrowser
                webbrowser.open('http://nyan.cat')
                continue
            try:
                user = signer.verify(data)
                un = User.get(user)
                if un is None:
                    yield False, "user not found in DB"
                    continue
                if not un.media_consent:
                    yield False, "user has not signed media consent"
                    continue
                if un.checked_in:
                    yield False, "user already granted entry"
                    continue
                un.mark_checked_in()
                yield True, "{0} - {1} ({2})".format(un.organisation,
                                                     un.fullname, un.username)
            except ValueError:
                yield False, "ticket is not valid"
Exemplo n.º 12
0
 def _get_user_fields(self):
     user_details = User.get(self.username)
     if not user_details:
         raise KeyError("username is unknown")
     elif not user_details.media_consent:
         raise ValueError("user has not signed a media consent form")
     self.name = user_details.fullname
     self.school = user_details.organisation
Exemplo n.º 13
0
 def get(self):
     template_vars = {}
     template_vars['logout_link'] = users.create_logout_url('/')
     template_vars['username'] = User.query().filter(User.id == str(
         users.get_current_user().user_id())).fetch()[0].last_name
     home_template = current_jinja_environment.get_template(
         'templates/doctor-homepage.html')
     self.response.write(home_template.render(template_vars))
Exemplo n.º 14
0
 def post(self):
     user = User.query().filter(
         User.id == str(self.request.get('patient-id'))).fetch()[0]
     user.list.append(
         self.request.get('doctor-name') + " - " +
         self.request.get('message'))
     user.put()
     self.redirect('/doctor-homepage')
Exemplo n.º 15
0
    def get(self):
        if self.user:
            # Prompt user to logout
            self.session.add_flash('message_reset_password_1', 
                                   key='homepage_flashes')
            self.redirect("/")
        else:
            # Get token from URL
            input_token = self.request.get('token')

            # Check if format of token is valid 
            TOKEN_RE = re.compile(r"^([0-9]{1,30})\-.{3,20}$")
            if not TOKEN_RE.match(input_token):
                # Set invalid reset_id so that a normal error message is sent
                reset_id = 1
            else:
                # Split token to obtain reset_id and temp_pw.
                reset_id = int(input_token.split('-')[0])
                temp_pw = input_token.split('-')[1]

            # Use reset_id to find entry in ResetPasswordRequest DB.
            self.r = ResetPasswordRequest.by_id(reset_id)
            # Check if entry exists 
            if not self.r:
                # Show message that link is not valid.
                self.session.add_flash('message_reset_password_2', 
                                       key='homepage_flashes')
                self.redirect("/")

            # Check if entry is not older than one hour.
            elif datetime.datetime.now() - datetime.timedelta(hours = 1) > self.r.created:
                # Show message that too much time has passed.
                self.session.add_flash('message_reset_password_3', 
                                       key='homepage_flashes')
                self.redirect("/")

            # Check if temp_pw is valid
            elif not ResetPasswordRequest.check_for_valid_request(self.r.email, temp_pw):
                # Show message that the link is not valid.
                self.session.add_flash('message_reset_password_4', 
                                       key='homepage_flashes')
                self.redirect("/")

            # If no error, get user by_email, 
            # log in and render reset_password.html 
            else:
                email = self.r.email
                self.user = User.by_email(email)
                self.login(self.user)
                state = self.make_state()
                self.render('reset_password.html', 
                            user = self.user, 
                            token = input_token,
                            state = state) 
Exemplo n.º 16
0
    def post(self):
        if self.user:
            # Prompt user to log out.
            self.render('message.html', 
                        user = self.user, 
                        message_forgot_password_1 = True)
        else:
            if not self.check_state():
                logging.warning("Possible CSRF attack detected!")
                self.redirect("/")
                return
            # Receive input from web-page: eamil
            input_email = self.request.get('email').lower()

            error = ''
            self.user = User.by_email(input_email)
            if not self.user:
                state = self.make_state()
                # Render page with error-message.
                self.render('forgot_password.html', 
                            form_email = input_email, 
                            error = True,
                            state = state)
            else:
                # Generate new temporary random password
                length = 10
                temp_pw = ''.join(random.choice(ascii_letters)for x in xrange(length))

                # Create entry in ResetPasswordRequest DB
                u = ResetPasswordRequest.create_request(input_email, temp_pw)
                u.put()

                # Send email with a link to the ResetPassword page. 
                # The link includes email and temporary password to 
                # authenticate the user.
                # ADAPT LINK TO GAE URL
                resetToken = str(u.key().id())+"-"+temp_pw
                link = "http://PROJECT_ID.appspot.com/reset_pw/?token=%s" %(resetToken)

                self.send_email(self.user.email, 
                                'email_subject.html', 
                                'email_forgot_password.html', 
                                subject_type = 'forgot_password', 
                                username = self.user.name, 
                                link = link)

                # Render message-page with message that email was sent
                self.render('message.html', 
                            input_email = input_email, 
                            message_forgot_password_2 = True)
Exemplo n.º 17
0
    def get(self):
        if User.query().filter(User.id == str(
                users.get_current_user().user_id())).fetch()[0].is_doctor:
            self.redirect('/doctor-homepage')
        template_vars = {}
        template_vars['logout_link'] = users.create_logout_url('/')
        template_vars['username'] = User.query().filter(User.id == str(
            users.get_current_user().user_id())).fetch()[0].first_name
        print(User.query().filter(User.id == str(
            users.get_current_user().user_id())).fetch()[0].first_name)
        html = ""
        message_query = User.query().filter(
            User.id == str(users.get_current_user().user_id())).fetch()[0].list
        logging.info(len(message_query))
        for message in message_query:
            html += "<tr>"
            html += "<td><i class='fa fa-user w3-text-blue w3-large'></i></td>"
            html += "<td>" + message + "</td>"
            html += "</tr>"
        template_vars['code'] = html

        home_template = current_jinja_environment.get_template(
            'templates/home.html')
        self.response.write(home_template.render(template_vars))
Exemplo n.º 18
0
    def dispatch(self):
        # Get a session store for this request.
        self.session_store = sessions.get_store(request=self.request)

        # Check if user is logged in
        uid = self.session.get('user_id')
        self.user = uid and User.by_id(int(uid))
        # self.user is either set to None (if there is no user_id-cookie)
        # or to the entity returned from the Datastore (possibly None)

        try:
            # Dispatch the request.
            webapp2.RequestHandler.dispatch(self)
        finally:
            # Save all sessions.
            self.session_store.save_sessions(self.response)
Exemplo n.º 19
0
    def get(self):
        article_list = Article.recent(100)
        for article in article_list:
            t = article.created.isoformat()
            article.time = t
            author = User.by_id(article.author)
            if author:
                article.author_name = author.name
            else:
                article.author_name = 'Unknown'

        if self.user:
            self.render('homepage.html',
                        user = self.user, 
                        article_list = article_list)
        else:
            self.render('homepage.html', article_list = article_list)
Exemplo n.º 20
0
    def post(self):
        if self.user:
            # Prompt user to log out.
            self.session.add_flash('message_login_1', key='homepage_flashes')
            self.redirect("/")
        else:
            if not self.check_state():
                self.redirect("/")
                return

            input_email = self.request.get('email').lower()
            input_password = self.request.get('password')
            input_captcha = self.request.get('g-recaptcha-response')

            have_error = False

            if not valid_captcha(input_captcha):
                # Show generic login error-message.
                have_error = True

            if not valid_email(input_email):
                # Show generic login error-message.
                have_error = True
            if not valid_password(input_password):
                # Show generic login error-message.
                have_error = True

            if have_error == False:
                u = User.login_by_email(input_email, input_password)
                if not u:
                    # Show generic login error-message.
                    have_error = True

            if have_error == False:
                # Start session and add welcome flash for homepage
                self.session['provider'] = 'blog'
                self.login(u)
                self.session.add_flash('message_login_2', key='homepage_flashes')
                self.redirect('/')
            else:
                state = self.make_state()
                # Render page with error-messages.
                self.render('login.html', 
                            error = True, 
                            email_form = input_email,
                            state = state)
Exemplo n.º 21
0
    def get(self):
        loggedin_user = users.get_current_user()

        if loggedin_user:
            current_users = User.query().filter(
                User.id == str(loggedin_user.user_id())).fetch()
            x = []
            if current_users == x:
                template = current_jinja_environment.get_template(
                    'templates/signup.html')
                self.response.write(template.render())
            else:
                #template = current_jinja_environment.get_template('templates/home.html')
                #self.response.write(template.render({'logout_link': users.create_logout_url('/')}))
                self.redirect('/homepage')
        else:
            login_prompt_template = current_jinja_environment.get_template(
                'templates/login.html')
            self.response.write(
                login_prompt_template.render(
                    {'login_link': users.create_login_url('/login-page')}))
Exemplo n.º 22
0
 def post(self):
     if self.request.get('person') == "patient":
         user = User(id=str(users.get_current_user().user_id()),
                     first_name=self.request.get('fname'),
                     last_name=self.request.get('lname'),
                     is_doctor=False,
                     list=[],
                     exit_date=datetime.utcnow())
     else:
         user = User(id=str(users.get_current_user().user_id()),
                     first_name=self.request.get('fname'),
                     last_name=self.request.get('lname'),
                     is_doctor=True,
                     list=[])
     user.put()
     time.sleep(4)
     self.redirect('/homepage')
Exemplo n.º 23
0
    def _check_user(self, username, id_confirm):
        """Checks user details, moving into the wristbanding state on success"""
        try:
            user = User.get(username)
            self.current_username = username
            self.current_user = user

            if user is None:
                self._error_state("User '{}' not found".format(username))

            elif not user.media_consent:
                self._error_state("User '{}' ({}) has no media consent "
                                  "{}".format(
                                      user.fullname, username,
                                      "or doesn't exist"
                                      if user.fullname == username else ""))

            elif user.checked_in:
                self._error_state("User '{}' ({}) already checked-in".format(
                    user.fullname, username))

            else:
                if id_confirm:
                    self._set_message("Waiting for identity confirmation...",
                                      GOOD)
                    self._can_scan = False
                    if not self._confirm_identity_dialog():
                        self._ready_state()
                        return

                self._wristband_state(
                    "\nUser '{}' ({}) can be wristbanded".format(
                        user.fullname, username))

        except ValueError as e:
            self._error_state(str(e))
Exemplo n.º 24
0
    def post(self):
        if self.user:
            if not self.check_state():
                self.redirect("/")
                return

            # Get user input
            input_email = self.request.get('email').lower()
            input_verify_email = self.request.get('verify_email').lower()

            # Check input and set error messages. 
            error_email=""
            error_verify_email=""
            error_user_exists=""

            have_error = False

            if not valid_email(input_email):
                # Set the error-message: not a valid email.
                error_email = True
                have_error = True
            if not valid_verify(input_email, input_verify_email):
                # Set the error-message: emails do not match.
                error_verify_email = True
                have_error = True

            if have_error == False:
                u = User.by_email(input_email)
                if u:
                    # Set the error-message: email already assigned.
                    error_user_exists = True
                    have_error = True
 
            if have_error:
                state = self.make_state()
                # Render page with error-messages.
                self.render('change_email.html',
                            user = self.user,
                            email = input_email,
                            error_email = error_email,
                            error_verify_email = error_verify_email,
                            error_user_exists = error_user_exists,
                            state = state)
            else:
                # Update user object in DB and memcache
                User.update(self.user, email=input_email)

                # Send email notification to new address
                self.send_email(self.user.email, 
                                'email_subject.html', 
                                'email_email_changed.html', 
                                subject_type = 'email_changed', 
                                username = self.user.name, 
                                user_email = self.user.email)
                
                # Render page with message that email was sent
                state = self.make_state()
                self.render('change_email.html', 
                            user = self.user, 
                            success_message = True,
                            state = state)
        else:
            # Prompt user to login.
            self.session.add_flash('message_user_settings_1', 
                                   key='homepage_flashes')
            self.redirect("/")
Exemplo n.º 25
0
 def initialize(self, *a, **kw):
     webapp2.RequestHandler.initialize(self, *a, **kw)
     uid = self.read_secure_cookie('user_id')
     self.user = uid and User.by_id(int(uid))
Exemplo n.º 26
0
    def post(self):
        if self.user:
            if not self.check_state():
                self.redirect("/")
                return

            # Get user input: password and verify_password
            input_password = self.request.get('password')
            input_verify_password = self.request.get('verify_password')
            # Get token from web page
            input_token = self.request.get('token')

            # Check if token is valid
            TOKEN_RE = re.compile(r"^([0-9]{1,30})\-.{3,20}$")
            if not TOKEN_RE.match(input_token):
                # Set invalid reset_id so that a normal error message is sent
                reset_id = 1
            else:
                reset_id = int(input_token.split('-')[0])
                temp_pw = input_token.split('-')[1]

            # Use reset_id to find entry in ResetPasswordRequest DB.
            self.r = ResetPasswordRequest.by_id(reset_id)
            # Check if entry exists 
            if not self.r:
                # Show message to contact via email
                self.session.add_flash('message_reset_password_5', 
                                       key='homepage_flashes')
                self.redirect("/")

            #Check if entry is not older than one hour.
            elif datetime.datetime.now() - datetime.timedelta(hours = 1) > self.r.created:
                # Show message that too much time has passed.
                self.session.add_flash('message_reset_password_3', 
                                       key='homepage_flashes')
                self.redirect("/")

            #Check if temp_pw is valid
            elif not ResetPasswordRequest.check_for_valid_request(self.r.email, temp_pw):
                # Show message to contact via email
                self.session.add_flash('message_reset_password_5', 
                                       key='homepage_flashes')
                self.redirect("/")
            else:
                # Check if password and verify_password are valid. 
                # Set error-messages. 
                error_password=""
                error_verify_password=""

                have_error = False

                if not valid_password(input_password):
                    # Show the error-message: not a valid password.
                    error_password = True
                    have_error = True
                if not valid_verify(input_password, input_verify_password):
                    # Show the error-message: passwords do not match.
                    error_verify_password = True
                    have_error = True

                if have_error:
                    state = self.make_state()
                    # Render page with error-messages.
                    self.render('reset_password.html',
                                user = self.user,
                                token = input_token,
                                error_password = error_password,
                                error_verify_password = error_verify_password,
                                state = state)
                else:
                    # Update user object in DB and memcache
                    User.update(self.user, pw=input_password)

                    # Invalidate entity in ResetPasswordRequest db
                    ResetPasswordRequest.update(self.r, temp_pw_hash = "deactivated")

                    # Show message that the password has been changed.
                    self.session.add_flash('message_reset_password_7', 
                                           key='homepage_flashes')
                    self.redirect("/")


        else:
            # Show message to use the link in the email.
            self.session.add_flash('message_reset_password_6', 
                                   key='homepage_flashes')
            self.redirect("/")
Exemplo n.º 27
0
    def post(self):
        if self.user:
            # Prompt user to log out.
            self.session.add_flash('message_forgot_password_1', 
                                   key='homepage_flashes')
            self.redirect("/")
        else:
            if not self.check_state():
                self.redirect("/")
                return
            # Receive input from web-page: eamil
            input_email = self.request.get('email').lower()

            have_error = False
            if not valid_email(input_email):
                # Show the error-message: not a valid email.
                have_error = True

            if have_error:
                state = self.make_state()
                # Render page with error-message.
                self.render('forgot_password.html', 
                            form_email = input_email, 
                            error = True,
                            state = state)
                return

            self.user = User.by_email(input_email)
            if not self.user:
                logging.warning('Unknown email from forgot password page received!')
                # Redirect to "/". Flash message that email was sent.
                self.session.add_flash('message_forgot_password_2', 
                                       key='homepage_flashes')
                self.session.add_flash(input_email, key='input_email')
                self.redirect("/")

            else:
                # Generate new temporary random password
                length = 10
                temp_pw = ''.join(random.choice(ascii_letters)for x in xrange(length))

                # Create entry in ResetPasswordRequest DB
                r = ResetPasswordRequest.create(input_email, temp_pw)

                # Send email with a link to the ResetPassword page. 
                # The link includes email and temporary password to 
                # authenticate the user.
                # ADAPT LINK TO GAE URL
                resetToken = str(r.key().id())+"-"+temp_pw
                link = "http://YOUR_APP_ID.appspot.com/reset_pw/?token=%s" %(resetToken)

                self.send_email(self.user.email, 
                                'email_subject.html', 
                                'email_forgot_password.html', 
                                subject_type = 'forgot_password', 
                                username = self.user.name, 
                                link = link)

                # Redirect to "/". Flash message that email was sent.
                self.session.add_flash('message_forgot_password_2', 
                                       key='homepage_flashes')
                self.session.add_flash(input_email, key='input_email')
                self.redirect("/")
Exemplo n.º 28
0
    def get(self):

        # Step 3: Once the consumer has redirected the user back to the oauth_callback
        # URL you can request the access token the user has approved. You use the 
        # request token to sign this request. After this is done you throw away the
        # request token and use the access token returned. You should store this 
        # access token somewhere safe, like a database, for future use.

        access_token_url = 'https://api.twitter.com/oauth/access_token'

        consumer_key = json.loads(open('twitter_client_secrets.json', 'r').read())['web']['consumer_key']
        consumer_secret = json.loads(open('twitter_client_secrets.json', 'r').read())['web']['consumer_secret']

        consumer = oauth.Consumer(consumer_key, consumer_secret)
 
        input_oauth_token = self.request.get('oauth_token')
        input_oauth_verifier = self.request.get('oauth_verifier')
        if not input_oauth_verifier:
            raise Exception("No oauth_verifier received.")

        request_token = self.session.get('request_token')
        logging.error(request_token['oauth_token'])
        if not input_oauth_token == request_token['oauth_token']:
            raise Exception("Invalid request_token.")

        token = oauth.Token(request_token['oauth_token'], request_token['oauth_token_secret'])
        token.set_verifier(input_oauth_verifier)
        client = oauth.Client(consumer, token)

        resp, content = client.request(access_token_url, "POST")
        if resp['status'] != '200':
            raise Exception("Invalid response %s." % resp['status'])

        access_token = dict(urlparse.parse_qsl(content))

        logging.error('TWITTER ACCESS TOKEN:')
        logging.error(access_token)

        # Set the API endpoint 
        url = "https://api.twitter.com/1.1/account/verify_credentials.json?include_email=true&skip_status=true&include_entities=false"

        token = oauth.Token(access_token['oauth_token'], access_token['oauth_token_secret'])

        client = oauth.Client(consumer, token)

        resp, content = client.request(url, "GET")
        if resp['status'] != '200':
            raise Exception("Invalid response %s." % resp['status'])

        user_credentials = json.loads(content)
        self.session['twitter_id'] = user_credentials["id"]
        self.session['provider'] = 'twitter'

        # The access_token must be stored in the login_session in order to properly logout
        self.session['access_token'] = access_token


        logging.error('TWITTER CREDENTIALS:')
        logging.error(content)
        logging.error(user_credentials['email'])

        # see if user exists, if it doesn't make a new one
        u = User.by_email(user_credentials['email'])
        if not u:
            # turn name from Twitter into a unique username
            # replace spaces with underscores
            u_name = str(user_credentials['name'].replace(" ","_"))
            # check if username exists
            # add a random number
            while User.by_name(u_name):
                u_name = u_name + str(randint(0,9))
            
            u = User.register(u_name,
                              None,
                              user_credentials['email'])

            #Send confirmation email
            self.send_email(u.email, 
                            'email_subject.html', 
                            'email_welcome_fb.html', 
                            subject_type = 'welcome', 
                            username = u.name, 
                            user_email = u.email)
            
            #Set session and add a flash welcome message
            self.login(u)
            self.session.add_flash('message_signup_2', 
                               key='homepage_flashes')
   
        else:
            self.login(u)
            self.session.add_flash('message_login_2', 
                               key='homepage_flashes')

        self.redirect('/')
Exemplo n.º 29
0
    def post(self):
        if self.user:
            # Prompt user to log out.
            self.session.add_flash('message_signup_1', key='homepage_flashes')
            self.redirect("/")
        else:
            if not self.check_state():
                self.redirect("/")
                return

            input_username = self.request.get('username')
            input_password = self.request.get('password')
            input_verify_password = self.request.get('verify_password')
            input_email = self.request.get('email').lower()
            input_verify_email = self.request.get('verify_email').lower()
            input_captcha = self.request.get('g-recaptcha-response')

            error_username=""
            error_password=""
            error_verify_password=""
            error_email=""
            error_verify_email=""
            error_username_exists=""
            error_user_exists=""
            error_captcha=""

            have_error = False

            if not valid_captcha(input_captcha):
                # Show the error-message: captcha not resolved.
                error_captcha = True
                have_error = True

            if not valid_username(input_username):
                # Show the error-message: not a valid username.
                error_username = True
                have_error = True
            if not valid_password(input_password):
                # Show the error-message: not a valid password.
                error_password = True
                have_error = True
            if not valid_verify(input_password, input_verify_password):
                # Show the error-message: passwords do not match.
                error_verify_password = True
                have_error = True
            if not valid_email(input_email):
                # Show the error-message: not a valid email.
                error_email = True
                have_error = True
            if not valid_verify(input_email, input_verify_email):
                # Show the error-message: emails do not match.
                error_verify_email = True
                have_error = True
            if have_error == False:
                u = User.by_name(input_username)
                if u:
                    # Show the error-message: username is already taken.
                    error_username_exists = True
                    have_error = True
                    
                u = User.by_email(input_email)
                if u:
                    # Show the error-message: email already used.
                    error_user_exists = True
                    have_error = True

            if have_error:
                state = self.make_state()
                # Render page with error-messages.
                self.render('signup.html',
                            error_username = error_username,
                            error_username_exists = error_username_exists,
                            error_password = error_password,
                            error_verify_password = error_verify_password,
                            error_email = error_email,
                            error_verify_email = error_verify_email,
                            error_user_exists = error_user_exists,
                            error_captcha = error_captcha,
                            username_form = input_username,
                            email_form = input_email,
                            verify_email_form = input_verify_email,
                            state = state)
            else:
                #Create new entry in the User-DB.
                u = User.register(input_username, input_password, input_email)

                #Send confirmation email
                self.send_email(u.email, 
                                'email_subject.html', 
                                'email_welcome.html', 
                                subject_type = 'welcome', 
                                username = u.name, 
                                user_email = u.email)
                
                # Start session and add welcome flash for homepage
                self.session['provider'] = 'blog'
                self.login(u)
                self.session.add_flash('message_signup_2', 
                                       key='homepage_flashes')
                self.redirect("/")
Exemplo n.º 30
0
    def post(self):
        # Validate state token
        if not self.check_state():
            self.response.set_status(401)
            self.response.headers["Content-Type"] = 'text/html'
            self.response.out.write('Invalid state parameter.')
            return

        # Obtain fb_exchange_token
        fb_exchange_token = self.request.body
        logging.error('Request data from Facebook (fb_exchange_token):')
        logging.error(fb_exchange_token)

        # Upgrade the fb_exchange_token into an access_token to get user info from API
        app_id = json.loads(open('fb_client_secrets.json', 'r').read())[
            'web']['app_id']
        app_secret = json.loads(
            open('fb_client_secrets.json', 'r').read())['web']['app_secret']
        url = 'https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id=%s&client_secret=%s&fb_exchange_token=%s' % (
            app_id, app_secret, fb_exchange_token)
        h = httplib2.Http()
        result = h.request(url, 'GET')[1]

        # Use access_token to get user info from API
        # strip expire tag from access_token
        access_token = result.split("&")[0]

        url = 'https://graph.facebook.com/v2.4/me?%s&fields=name,id,email' % access_token
        h = httplib2.Http()
        result = h.request(url, 'GET')[1]
        data_profile = json.loads(result)
        self.session['facebook_id'] = data_profile["id"]
        self.session['provider'] = 'facebook'

        # The access_token must be stored in the login_session in order to properly logout, let's strip out the information before the equals sign in our access_token
        stored_access_token = access_token.split("=")[1]
        self.session['access_token'] = stored_access_token

        # Get user picture
        url = 'https://graph.facebook.com/v2.4/me/picture?%s&redirect=0&height=200&width=200' % access_token
        h = httplib2.Http()
        result = h.request(url, 'GET')[1]
        data_picture = json.loads(result)

        # see if user exists, if it doesn't make a new one
        u = User.by_email(data_profile['email'])
        if not u:
            # turn name from FB into a unique username
            # replace spaces with underscores
            u_name = str(data_profile['name'].replace(" ","_"))
            # check if username exists
            # add a random number
            while User.by_name(u_name):
                u_name = u_name + str(randint(0,9))
            
            u = User.register(u_name,
                              None,
                              data_profile['email'])

            #Send confirmation email
            self.send_email(u.email, 
                            'email_subject.html', 
                            'email_welcome_fb.html', 
                            subject_type = 'welcome', 
                            username = u.name, 
                            user_email = u.email)
            
            #Set session and add a flash welcome message
            self.login(u)
            self.session.add_flash('message_signup_2', 
                               key='homepage_flashes')
   
        else:
            self.login(u)
            self.session.add_flash('message_login_2', 
                               key='homepage_flashes')

        output = ''
        output += '<h1>Welcome, '
        output += data_profile["name"]

        output += '!</h1>'
        output += '<img src="'
        output += data_picture["data"]["url"]
        output += ' " style = "width: 300px; height: 300px;border-radius: 150px;-webkit-border-radius: 150px;-moz-border-radius: 150px;"> '
        self.response.set_status(200)
        self.response.headers["Content-Type"] = 'text/html'
        self.response.out.write(output)
Exemplo n.º 31
0
    def post(self):
        # Validate state token
        if not self.check_state():
            self.response.set_status(401)
            self.response.headers["Content-Type"] = 'text/html'
            self.response.out.write('Invalid state parameter.')
            return
        # Obtain authorization code
        code = self.request.body
        logging.error('Request data from Google (Authorization code):')
        logging.error(code)

        try:
            # Upgrade the authorization code into a credentials object
            oauth_flow = flow_from_clientsecrets('client_secrets.json', scope='')
            oauth_flow.redirect_uri = 'postmessage'
            credentials = oauth_flow.step2_exchange(code)
            logging.error('User credentials recieved from Google (Access token, ...):')
            for attr in dir(credentials):
                logging.error("obj.%s = %s" % (attr, getattr(credentials, attr)))
           
        except FlowExchangeError:
            self.response.set_status(401)
            self.response.headers["Content-Type"] = 'text/html'
            self.response.out.write('Failed to upgrade the authorization code.')
            return

        # Check that the access token is valid.
        access_token = credentials.access_token
        logging.error('In gconnect access token is %s', access_token)
        url = ('https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s'
               % access_token)
        h = httplib2.Http()
        result = json.loads(h.request(url, 'GET')[1])
        logging.error('Check Access token. Result: ')
        logging.error(result)
        # If there was an error in the access token info, abort.
        if result.get('error') is not None:
            self.response.set_status(500)
            self.response.headers["Content-Type"] = 'text/html'
            self.response.out.write(result.get('error'))
            return

        # Verify that the access token is used for the intended user.
        gplus_id = credentials.id_token['sub']
        if result['user_id'] != gplus_id:
            self.response.set_status(401)
            self.response.headers["Content-Type"] = 'text/html'
            self.response.out.write("Token's user ID doesn't match given user ID.")
            return

        # Verify that the access token is valid for this app.
        if result['issued_to'] != self.CLIENT_ID:
            logging.error("Token's client ID does not match app's.")
            self.response.set_status(401)
            self.response.headers["Content-Type"] = 'text/html'
            self.response.out.write("Token's client ID does not match app's.")
            return

        # Store the access token in the session for later use.
        self.session['access_token'] = credentials.access_token
        self.session['gplus_id'] = gplus_id

        # Get user info
        url_userinfo = ('https://www.googleapis.com/oauth2/v1/userinfo?access_token=%s&alt=json'
               % access_token)
        h = httplib2.Http()
        data = json.loads(h.request(url_userinfo, 'GET')[1])
       

        # ADD PROVIDER TO LOGIN SESSION
        self.session['provider'] = 'google'

        # see if user exists, if it doesn't make a new one
        u = User.by_email(data['email'])
        if not u:
            # turn name from Google+ into a unique username
            # replace spaces with underscores
            u_name = str(data['name'].replace(" ","_"))
            # check if username exists
            # add a random number
            while User.by_name(u_name):
                u_name = u_name + str(randint(0,9))
                # SET FLASH MESSAGE THAT USERNAME CAN BE EDITED.
            
            u = User.register(u_name,
                              None,
                              data['email'])

            #Send confirmation email
            self.send_email(u.email, 
                            'email_subject.html', 
                            'email_welcome_gplus.html', 
                            subject_type = 'welcome', 
                            username = u.name, 
                            user_email = u.email)
            
            #Set session and add a flash welcome message
            self.login(u)
            self.session.add_flash('message_signup_2', 
                               key='homepage_flashes')
   
        else:
            self.login(u)
            self.session.add_flash('message_login_2', 
                               key='homepage_flashes')

        output = ''
        output += '<h1>Welcome, '
        output += data['name']
        output += '!</h1>'
        output += '<img src="'
        output += data['picture']
        output += ' " style = "width: 300px; height: 300px;border-radius: 150px;-webkit-border-radius: 150px;-moz-border-radius: 150px;"> '
        self.response.set_status(200)
        self.response.headers["Content-Type"] = 'text/html'
        self.response.out.write(output)
Exemplo n.º 32
0
    def post(self):
        if self.user:
            if not self.check_state():
                logging.warning("Possible CSRF attack detected!")
                self.redirect("/")
                return

            # Get user input: password and verify_password
            input_password = self.request.get('password')
            input_verify_password = self.request.get('verify_password')
            # Get token from web page
            input_token = self.request.get('token')

            # Check if token is valid
            TOKEN_RE = re.compile(r"^([0-9]{1,30})\-.{3,20}$")
            if not TOKEN_RE.match(input_token):
                # Set invalid reset_id so that a normal error message is sent
                reset_id = 1
            else:
                reset_id = int(input_token.split('-')[0])
                temp_pw = input_token.split('-')[1]

            # Use reset_id to find entry in ResetPasswordRequest DB.
            self.p = ResetPasswordRequest.by_id(reset_id)
            # Check if entry exists 
            if not self.p:
                # Show message to contact via email
                self.render('message.html', 
                            user = self.user, 
                            message_reset_password_5 = True)

            #Check if entry is not older than one hour.
            elif datetime.datetime.now() - datetime.timedelta(hours = 1) > self.p.created:
                # Show message that too much time has passed.
                self.render('message.html', 
                            user = self.user, 
                            message_reset_password_3 = True)

            #Check if temp_pw is valid
            elif not ResetPasswordRequest.check_for_valid_request(self.p.email, temp_pw):
                # Show message to contact via email
                self.render('message.html', 
                            user = self.user, 
                            message_reset_password_5 = True)
            else:
                # Check if password and verify_password are valid. 
                # Set error-messages. 
                error_password=""
                error_verify_password=""

                have_error = False

                if not valid_password(input_password):
                    # Show the error-message: not a valid password.
                    error_password = True
                    have_error = True
                if not valid_verify(input_password, input_verify_password):
                    # Show the error-message: passwords do not match.
                    error_verify_password = True
                    have_error = True

                if have_error:
                    state = self.make_state()
                    # Render page with error-messages.
                    self.render('reset_password.html',
                                user = self.user,
                                token = input_token,
                                error_password = error_password,
                                error_verify_password = error_verify_password,
                                state = state)
                else:
                    # Generate password-hash and store in DB
                    pw_hash = make_pw_hash(self.user.email, input_password)
                    self.user.pw_hash = pw_hash
                    self.user.put()
                    # Update memcache
                    User.update_user_cache(self.user)

                    # Invalidate entity in ResetPasswordRequest db
                    self.p = ResetPasswordRequest.by_email(self.user.email)
                    self.p.temp_pw_hash = "deactivated"
                    self.p.put()

                    # Show message that the password has been changed.
                    self.render('message.html', 
                                user = self.user, 
                                message_reset_password_7 = True)


        else:
            # Show message to use the linke in the email.
            self.render('message.html', 
                        user = self.user, 
                        message_reset_password_6 = True)
Exemplo n.º 33
0
    def post(self):
        if self.user:
            # Prompt user to log out.
            self.render('message.html', 
                        user = self.user, 
                        message_signup_1 = True)
        else:
            if not self.check_state():
                logging.warning("Possible CSRF attack detected!")
                self.redirect("/")
                return

            input_username = self.request.get('username')
            input_password = self.request.get('password')
            input_verify_password = self.request.get('verify_password')
            input_email = self.request.get('email').lower()
            input_verify_email = self.request.get('verify_email').lower()

            error_username=""
            error_password=""
            error_verify_password=""
            error_email=""
            error_verify_email=""
            error_username_exists=""
            error_user_exists=""

            have_error = False

            if not valid_username(input_username):
                # Show the error-message: not a valid username.
                error_username = True
                have_error = True
            if not valid_password(input_password):
                # Show the error-message: not a valid password.
                error_password = True
                have_error = True
            if not valid_verify(input_password, input_verify_password):
                # Show the error-message: passwords do not match.
                error_verify_password = True
                have_error = True
            if not valid_email(input_email):
                # Show the error-message: not a valid email.
                error_email = True
                have_error = True
            if not valid_verify(input_email, input_verify_email):
                # Show the error-message: emails do not match.
                error_verify_email = True
                have_error = True
            if have_error == False:
                u = User.by_name(input_username)
                if u:
                    # Show the error-message: username is already taken.
                    error_username_exists = True
                    have_error = True
                    
                u = User.by_email(input_email)
                if u:
                    # Show the error-message: email already used.
                    error_user_exists = True
                    have_error = True

            if have_error:
                state = self.make_state()
                # Render page with error-messages.
                self.render('signup.html',
                            error_username = error_username,
                            error_username_exists = error_username_exists,
                            error_password = error_password,
                            error_verify_password = error_verify_password,
                            error_email = error_email,
                            error_verify_email = error_verify_email,
                            error_user_exists = error_user_exists,
                            username_form = input_username,
                            email_form = input_email,
                            verify_email_form = input_verify_email,
                            state = state)
            else:
                #Create new entry in the User-DB.
                u = User.register(input_username, input_password, input_email)
                u.put()
                #update memcache
                User.update_user_cache(u)

                #Send confirmation email
                self.send_email(u.email, 
                                'email_subject.html', 
                                'email_welcome.html', 
                                subject_type = 'welcome', 
                                username = u.name, 
                                user_email = u.email)
                
                #Set cookie and render message page with welcome
                self.login(u)
                self.render('message.html', user = u, message_signup_2 = True)
Exemplo n.º 34
0
    def post(self):
        if self.user:
            if not self.check_state():
                logging.warning("Possible CSRF attack detected!")
                self.redirect("/")
                return

            # Get user input
            input_current_password = self.request.get('current_password')
            input_email = self.request.get('email').lower()
            input_verify_email = self.request.get('verify_email').lower()

            # Check input and set error messages. 
            error_current_password=""
            error_email=""
            error_verify_email=""
            error_user_exists=""

            have_error = False

            if not valid_pw(self.user.email, input_current_password, self.user.pw_hash):
                # Set the error-message: incorrect password.
                error_current_password = True
                have_error = True
            if not valid_email(input_email):
                # Set the error-message: not a valid email.
                error_email = True
                have_error = True
            if not valid_verify(input_email, input_verify_email):
                # Set the error-message: emails do not match.
                error_verify_email = True
                have_error = True

            if have_error == False:
                u = User.by_email(input_email)
                if u:
                    # Set the error-message: email already assigned.
                    error_user_exists = True
                    have_error = True
 
            if have_error:
                state = self.make_state()
                # Render page with error-messages.
                self.render('change_email.html',
                            user = self.user,
                            email = input_email,
                            error_current_password = error_current_password,
                            error_email = error_email,
                            error_verify_email = error_verify_email,
                            error_user_exists = error_user_exists,
                            state = state)
            else:
                # Generate password-hash
                # Store new email and password-hash in DB
                pw_hash = make_pw_hash(input_email, input_current_password)
                self.user.pw_hash = pw_hash
                self.user.email = input_email
                self.user.put()
                # Update memcache
                User.update_user_cache(self.user)

                # Send email notification to new address
                self.send_email(self.user.email, 
                                'email_subject.html', 
                                'email_email_changed.html', 
                                subject_type = 'email_changed', 
                                username = self.user.name, 
                                user_email = self.user.email)
                
                # Render page with message that email was sent
                state = self.make_state()
                self.render('change_email.html', 
                            user = self.user, 
                            success_message = True,
                            state = state)
        else:
            # Prompt user to login.
            self.render('message.html', message_user_settings_1 = True)
Exemplo n.º 35
0
    def post(self):
        if self.user:
            if not self.check_state():
                logging.warning("Possible CSRF attack detected!")
                self.redirect("/")
                return

            # Get user input
            input_password = self.request.get('password')

            # Check input and set error messages. 
            error_password=""

            have_error = False

            if not valid_pw(self.user.email, input_password, self.user.pw_hash):
                # Set the error-message: incorrect password.
                error_password = True
                have_error = True

            if have_error:
                state = self.make_state()
                # Render page with error-messages.
                self.render('delete_account.html',
                            user = self.user,
                            error_password = error_password,
                            state = state)
            else:
                # Deactivate account by deleting from User database and 
                # adding to the DeactAccounts database.
                d = DeactAccounts.create(self.user.key().id(), 
                                         self.user.name,
                                         self.user.email)
                d.put()

                # Delete user
                User.remove(self.user.key().id())

                # Genrate list of article-keys for the deleted user.
                article_key_list = Article.keys_by_author(self.user.key().id())

                for key in article_key_list:
                    # Store article in DeletdArticle DB
                    article = Article.by_id(key.id())
                    del_art = DeletdArticle.create(article.title,
                                                   article.body, 
                                                   article.author)
                    del_art.put()
                    # Delete article from Article DB
                    Article.remove(key.id())
                
                # Logout (delete coockie)
                self.logout()

                # Send email notification
                self.send_email(d.email, 
                                'email_subject.html', 
                                'email_account_deleted.html', 
                                subject_type = 'account_deleted')


                # Render page with message that account was deleted
                self.render('message.html', 
                            message_delete_account_1 = True, 
                            deleted_email = d.email)

        else:
            # Prompt user to login.
            self.render('message.html', message_user_settings_1 = True)