def register(**params):
if request.method == "GET":
return render_template_with_translations("public/auth/register.html",
**params)
elif request.method == "POST":
email_address = request.form.get("registration-email")
first_name = request.form.get("registration-first-name")
last_name = request.form.get("registration-last-name")
if email_address and first_name and last_name:
success, user, message = User.create(email_address=email_address,
first_name=first_name,
last_name=last_name)
if success:
# send magic login link
locale = get_locale(
) # get the language that the user currently uses on the website
success, message = User.send_magic_login_link(
email_address=email_address, locale=locale)
if success:
return render_template_with_translations(
"public/auth/register_success.html", **params)
else:
return abort(403, description=message)
else:
params["register_error_message"] = message
return render_template_with_translations(
"public/auth/register_error.html", **params)
def reset_password_enter_email(**params):
if request.method == "GET":
return render_template_with_translations(
"public/auth/reset_password_enter_email.html", **params)
elif request.method == "POST":
email_address = request.form.get("reset-password-email")
locale = get_locale(
) # get the language that the user currently uses on the website
success, message = User.password_reset_link_send(
email_address=email_address, locale=locale)
if success:
# Delete the current session cookie (if it exists)
response = make_response(
render_template_with_translations(
"public/auth/reset_password_link_sent.html", **params))
# on localhost don't make the cookie secure and http-only (but on production it should be)
cookie_secure_httponly = False
if not is_local():
cookie_secure_httponly = True
# set the session cookie value to an empty value which effectively "deletes" it
response.set_cookie(key="my-web-app-session",
value="",
secure=cookie_secure_httponly,
httponly=cookie_secure_httponly)
return response
else:
return abort(403, description=message)
def init(**params):
"""Initialize the web app if there's no admin user yet. This is only needed once."""
# find a user with admin privileges - if such user exists, the web app is already initialized
if User.is_there_any_admin():
return "The web app has already been initialized. <a href='/'>Return back to index</a>."
# else proceed with initialization
if request.method == "GET":
params["app_settings"] = AppSettings.get()
return render_template_with_translations("public/auth/init.html",
**params)
elif request.method == "POST":
sendgrid_api_key = request.form.get("init-sendgrid")
email_address = request.form.get("init-email")
if email_address and sendgrid_api_key:
AppSettings.update(sendgrid_api_key=sendgrid_api_key)
User.create(email_address=email_address, admin=True)
return render_template_with_translations(
"public/auth/init_success.html", **params)
else:
return abort(403)
def reset_password_enter_password(token, **params):
if request.method == "GET":
success, result = User.password_reset_token_validate(reset_token=token)
if success:
return render_template_with_translations(
"public/auth/reset_password_enter_password.html", **params)
else:
return abort(403, description=result)
elif request.method == "POST":
new_password = request.form.get("reset-password-new-password")
repeat_password = request.form.get("reset-password-repeat-password")
if new_password == repeat_password:
success, result = User.password_reset(reset_token=token,
password=new_password)
if success:
return render_template_with_translations(
"public/auth/reset_password_success.html", **params)
else:
return abort(403, description=result)
else:
return abort(
403, description="Passwords that you've entered don't match.")
def send_email(recipient_email, email_template, email_params, email_subject, sender_email=None, sender_name=None,
unsubscribe_group=None, attachment_content_b64=None, attachment_filename=None, attachment_filetype=None):
if not sender_email:
sender_email = os.environ.get("MY_APP_EMAIL") # set this in app.yaml
if not sender_name:
sender_name = os.environ.get("MY_APP_NAME") # set this in app.yaml
# send web app URL data by default to every email template
if is_local():
email_params["app_root_url"] = "http://localhost:8080"
else:
email_params["app_root_url"] = os.environ.get("MY_APP_URL") # set this in app.yaml
email_params["my_app_name"] = os.environ.get("MY_APP_NAME")
# render the email HTML body
email_body = render_template_with_translations(email_template, **email_params)
# params sent to the background task
payload = {"recipient_email": recipient_email, "email_subject": email_subject, "sender_email": sender_email,
"email_body": email_body, "unsubscribe_group": unsubscribe_group, "sender_name": sender_name,
"attachment_content_b64": attachment_content_b64, "attachment_filename": attachment_filename,
"attachment_filetype": attachment_filetype}
run_background_task(relative_path=url_for("tasks.send_email_task.send_email_via_sendgrid"),
payload=payload, queue="email", project=os.environ.get("GOOGLE_CLOUD_PROJECT"),
location=os.environ.get("MY_GAE_REGION"))
def login_password(**params): # Rok: logging with password
if request.method == "GET":
return render_template_with_translations("public/auth/login.html", **params)
elif request.method == "POST":
login_password = request.form.get("login-password")
if User.suspended == login_password: # checking if current logging user is suspended
return "You can't login because you are suspended by administrator."
locale = get_locale() # locale ne vem kako bi ga vključil nazaj; get the language that the user currently uses on the website
success, message = User.login_password(password=login_password)
if success:
return render_template_with_translations("public/auth/login-magic-link-sent.html", **params)
else:
return abort(403, description=message)
def login_via_password(**params):
if request.method == "GET":
return render_template_with_translations(
"public/auth/login_password.html", **params)
elif request.method == "POST":
email_address = request.form.get("login-email")
password = request.form.get("login-password")
success, result = User.validate_password_login(
email_address=email_address, password=password, request=request)
if success:
# result is session token, store it in a cookie
# prepare a response and then store the token in a cookie
response = make_response(
redirect(url_for("profile.main.my_details")))
# on localhost don't make the cookie secure and http-only (but on production it should be)
cookie_secure_httponly = False
if not is_local():
cookie_secure_httponly = True
# store the token in a cookie
response.set_cookie(key="my-web-app-session",
value=result,
secure=cookie_secure_httponly,
httponly=cookie_secure_httponly)
return response
else:
# result is an error message
return abort(403, description=result)
def login(**params):
if request.method == "GET":
return render_template_with_translations("public/auth/login.html", **params)
elif request.method == "POST":
email_address = request.form.get("login-email")
if User.suspended == email_address: # Rok: checking if current logging user is suspended
return "You can't login because you are suspended by administrator."
locale = get_locale() # get the language that the user currently uses on the website
success, message = User.send_magic_login_link(email_address=email_address, locale=locale)
if success:
return render_template_with_translations("public/auth/login-magic-link-sent.html", **params)
else:
return abort(403, description=message)
def login(**params):
if request.method == "GET":
return render_template_with_translations("public/auth/login.html",
**params)
elif request.method == "POST":
email_address = request.form.get("login-email")
locale = get_locale(
) # get the language that the user currently uses on the website
success, message = User.send_magic_login_link(
email_address=email_address, locale=locale)
if success:
return render_template_with_translations(
"public/auth/login-magic-link-sent.html", **params)
else:
return abort(403, description=message)
def change_email_post(**params):
email_address = request.form.get("email-address")
user = params["user"]
if email_address:
success, result = User.user_change_own_email(
user=user, new_email_address=email_address)
if success:
# note that when the user clicks on the link in the received email, it will be processed by a handler in
# handlers/public/auth/
return render_template_with_translations(
"profile/main/change_email_check_inbox.html", **params)
else:
return abort(403, description=result)
else:
return abort(403, description="Please enter a new email address.")
def users_list(**params):
cursor_arg = request.args.get('cursor')
if cursor_arg:
cursor = Cursor(urlsafe=cursor_arg.encode())
else:
cursor = None
params["users"], params["next_cursor"], params["more"] = User.fetch(limit=10, cursor=cursor)
if not cursor_arg:
# normal browser get request
return render_template_with_translations("admin/users/list.html", **params)
else:
# get request via JavaScript script: admin-load-more-users.js
users_dicts = []
for user in params["users"]:
users_dicts.append({"get_id": user.get_id, "email_address": user.email_address, "created": user.created,
"first_name": user.first_name, "last_name": user.last_name, "admin": user.admin})
return json.dumps({"users": users_dicts, "next_cursor": params["next_cursor"], "more": params["more"]},
default=str) # default=str helps to avoid issues with datetime (converts datetime to str)
def user_edit_get(user_id, **params):
params["selected_user"] = User.get_user_by_id(user_id)
return render_template_with_translations("admin/users/edit.html", **params)
def change_email_get(**params):
if request.method == "GET":
return render_template_with_translations(
"profile/main/change_email.html", **params)
def my_details(**params):
if request.method == "GET":
return render_template_with_translations(
"profile/main/my_details.html", **params)
def edit_profile_get(**params):
return render_template_with_translations("profile/main/edit_profile.html",
**params)
def sessions_list(**params):
if request.method == "GET":
return render_template_with_translations("profile/sessions/sessions_list.html", **params)
def index(**params):
return render_template_with_translations("public/main/index.html",
**params)
def index(**params):
return render_template_with_translations(
"public/business_users/index.html", **params)
def index(**params):
return render_template_with_translations(
"public/sports_providers/index.html", **params)
def del_user(): # Rok: admin deletes (marks as delete) user from database
delete = request.get("user-delete")
User.delete(user=delete, permanently=False)
return render_template_with_translations("admin/users/list.html")
