Пример #1
0
    def post(self, user):
        # grab the form
        form = PostDeleteForm(self.request.params)

        # validate csrf
        if not self.validate_csrf(form.csrf_token.data):
            form.csrf_token.data = self.generate_csrf()
            self.r(form, flashes=flash('Please submit the form again.'))
            return

        # get the post please
        try:
            post = Key(urlsafe=form.key.data).get()
        except:
            post = None

        # as usual, this really shouldn't
        # be None unless unnatural navigation
        if post is None:
            self.redirect('/')
            return

        # the post exists, is it owned by the user?
        if post.author != user:
            self.redirect('/')
            return

        # check if the user is the owner or not
        if post.author != user:
            self.redirect('/')
            return

        # everything checks out so let's remove the post
        # first though, we need to remove the comments
        # assoc with the post and the likes
        # TODO query these entities to make sure they are removed
        comments = Comment.query(ancestor=post.key).fetch()
        ks = put_multi(comments)
        delete_multi(ks)

        likes = Like.query(Like.post == post.key).fetch()
        ks = put_multi(likes)
        delete_multi(ks)

        # got everything else removed, let's
        # remove the post
        try:
            post.key.delete()
            self.redirect('/')
            return
        except Exception as e:
            # let them try again
            form.csrf_token.data = self.generate_csrf()
            self.r(form, post, flashes=flash())
            return
Пример #2
0
    def post(self):
        user = self.validate_user()
        if user is not None:
            self.redirect('/')
            return

        form = RegisterForm(self.request.params)

        # validate form
        if not form.validate():
            self.r(form)
            return

        # validate csrf
        if not self.validate_csrf(form.csrf_token.data):
            form.csrf_token.data = self.generate_csrf()
            self.r(form, flashes=flash('Please submit the form again'))
            return

        # check for an existing account
        # using the lowercase username as a key
        # to ensure users are unique
        username = form.username.data
        username = re.sub(
            r'[\!\@\#\$\%\^\&\*\-_=\+\?<>,\.\"\':;\{\}\[\]|\\~\/`]', '',
            username)

        try:
            user = Key("User", lower(username)).get()
        except:
            user = None

        if user is not None:
            self.r(form, flashes=flash('That username is taken'))
            return

        # create the user
        try:
            user = User(
                username=username,
                password=pw.gen_hash(form.password.data),
            )
            user.key = Key("User", lower(user.username))
            user.put()
            # create a hash with our secret so we know the cookie is legit later
            self.generate_sig(user.username)
            self.redirect('/?welcome=%s' % user.username)
            return
        except:  # guess something happened eh?
            self.r(form, flashes=flash())
            return
Пример #3
0
def index():
    form = SecretForm()
    if form.validate_on_submit():
        secret = Secret(secret_value=form.secret.data, ttl=form.ttl.data, passphrase=form.passphrase.data)
        try:
            RedisRegistry(secret).save()
            admin = Admin.create_admin(secret)
            RedisRegistry(admin).save()
        except ConnectionError as e:
            current_app.logger.error(e)
            return 500
        flash('Secret created!')
        return redirect(url_for('secret.secret_admin', admin_id=admin.obj_id))
    return render_template('secrets/index.html', title=_('Create your secret now!'), form=form)
Пример #4
0
    def post(self, user):
        # grab the form
        form = PostForm(self.request.params)

        # check if the person exists in the db or not
        try:
            user = Key("User", lower(user)).get()
        except:
            user = None

        # shouldn't be None if we got this far
        # but check anyway
        if user is None:
            self.invalidate_sig()
            self.redirect('/user/login')
            return

        # validate form
        if not form.validate():
            self.r(form)
            return

        # validate csrf
        if not self.validate_csrf(form.csrf_token.data):
            form.csrf_token.data = self.generate_csrf()
            self.r(form, flashes=flash('Please submit the form again.'))
            return

        t = form.title.data

        try:
            # let's create the post
            post = Post(
                title=t,
                author=user.username,
                author_lower=lower(user.username),
                subject=form.subject.data,
                content=form.content.data
            )
            post.put()
            # maybe they want to create another post?
            self.r(PostForm(data={'csrf_token': self.generate_csrf()}),
                   flashes=flash('Your new post can be viewed <a href="/post/view?key=%s">here</a>.' % post.key.urlsafe(), 'success'))
            return
        except Exception as e:
            # give them another chance
            form.csrf_token.data = self.generate_csrf()
            self.r(form)
            return
Пример #5
0
    def post(self):
        user = self.validate_user()
        if user is not None:
            self.redirect('/')
            return

        form = RegisterForm(self.request.params)

        # validate form
        if not form.validate():
            self.r(form)
            return

        # validate csrf
        if not self.validate_csrf(form.csrf_token.data):
            form.csrf_token.data = self.generate_csrf()
            self.r(form, flashes=flash('Please submit the form again'))
            return

        # check for an existing account
        # using the lowercase username as a key
        # to ensure users are unique
        username = form.username.data
        username = re.sub(r'[\!\@\#\$\%\^\&\*\-_=\+\?<>,\.\"\':;\{\}\[\]|\\~\/`]', '', username)

        try:
            user = Key("User", lower(username)).get()
        except:
            user = None

        if user is not None:
            self.r(form, flashes=flash('That username is taken'))
            return

        # create the user
        try:
            user = User(
                username=username,
                password=pw.gen_hash(form.password.data),
            )
            user.key = Key("User", lower(user.username))
            user.put()
            # create a hash with our secret so we know the cookie is legit later
            self.generate_sig(user.username)
            self.redirect('/?welcome=%s' % user.username)
            return
        except:  # guess something happened eh?
            self.r(form, flashes=flash())
            return
Пример #6
0
def set_password(token):
    if current_user.is_authenticated:
        flash(_('Looks like you have already activated your account.'))
        return redirect(url_for('secret.index'))
    user = User.verify_set_password_token(token)
    if not user:
        abort(404)

    form = SetPasswordForm()
    if form.validate_on_submit():
        user.set_password(form.password.data)
        db.session.commit()
        flash(_('Your password has been setup.'))
        return redirect(url_for('auth.login'))
    return render_template('auth/set_password.html', form=form)
Пример #7
0
def reset_password_request():
    if current_app.config['LOGIN_DISABLED']:
        abort(404)
    if current_user.is_authenticated:
        return redirect(url_for('secret.index'))
    form = ResetPasswordRequestForm()
    if form.validate_on_submit():
        user = User.query.filter_by(email=form.email.data).first()
        if user:
            send_password_reset_email(user)
        flash(
            _('Check your email for the instructions to reset your password'))
        return redirect(url_for('auth.login'))
    return render_template('auth/reset_password_request.html',
                           title=_('Reset Password'),
                           form=form)
Пример #8
0
    def get(self, user):
        # get the title of the post
        k = self.request.get('key', None)
        if k is None:
            self.redirect('/')
            return

        try:
            # get the post please
            post = Key(urlsafe=k).get()
        except:
            # key is invalid
            post = None

        # unnatural nav
        if post is None:
            self.r(flashes=flash('Post does not exist'))
            return

        # check if the user is the owner or not
        if post.author != user:
            self.redirect('/')
            return

        # get the form ready
        form = PostEditForm(data={
            'csrf_token': self.generate_csrf(),
            'key': k,
            'title': post.title,
            'subject': post.subject,
            'content': post.content
        })

        self.r(form, post)
Пример #9
0
def register():
    if current_app.config['REGISTRATION_DISABLED'] or current_app.config[
            'LOGIN_DISABLED']:
        abort(404)

    if current_user.is_authenticated:
        return redirect(url_for('secret.index'))
    form = RegistrationForm()
    if form.validate_on_submit():
        user = User(username=form.username.data, email=form.email.data)
        db.session.add(user)
        db.session.commit()
        send_account_activation_token(user)
        flash(
            _('Congratulations, you are now a registered user! Check your e-mail to activate account.'
              ))
        return redirect(url_for('auth.login'))
    return render_template('auth/register.html',
                           title=_('Register'),
                           form=form)
Пример #10
0
    def post(self):
        user = self.validate_user()
        if user is not None:
            self.redirect('/')
            return

        form = LoginForm(self.request.params)

        # validate form
        if not form.validate():
            self.r(form)
            return

        # validate csrf
        if not self.validate_csrf(form.csrf_token.data):
            form.csrf_token.data = self.generate_csrf()
            self.r(form, flashes=flash('Please submit the form again'))
            return

        # check whether user account exists
        username = form.username.data

        try:
            user = Key("User", lower(username)).get()
        except:
            user = None

        if user is None:
            self.r(form, flashes=flash('Could not sign in. Verify username and password are correct and try again.'))
            return

        # check whether passwords are correct or not
        if not pw.is_pw(form.password.data, user.password):
            self.r(form, flashes=flash('Could not sign in. Verify username and password are correct and try again.'))
            return

        # create a hash with our secret so we know the cookie is legit later
        self.generate_sig(user.username)
        self.redirect('/?welcome=%s' % user.username)
        return
Пример #11
0
def secret_admin(admin_id):
    admin = RedisRegistry.load(admin_id, Admin)
    secret = RedisRegistry.load(admin.secret_id, Secret) if admin else False
    if secret:
        sms_form = SendPassphrase()
        email_form = SendSecretLink()
        burn_form = BurnSecretForm()
        if sms_form.submit_sms.data and sms_form.validate():
            flash('SMS sent!')
        if email_form.submit_email.data and email_form.validate():
            flash('Email sent!')
            send_secret_link_email(recivers=[email_form.email.data], secret=secret)
        if burn_form.submit.data and burn_form.validate():
            if RedisRegistry(secret).destroy():
                current_app.logger.debug(request.form)
                flash('Secret destroyed!')
                return redirect(url_for('secret.index'))
        return render_template('secrets/secret_admin.html',
                               secret=secret,
                               secret_id=secret.obj_id,
                               admin_id=admin_id,
                               email_form=email_form,
                               sms_form=sms_form,
                               burn_form=burn_form
                               )
    abort(404)
Пример #12
0
def login():
    if current_app.config['LOGIN_DISABLED']:
        abort(404)

    if current_user.is_authenticated:
        return redirect(url_for('secret.index'))
    form = LoginForm()
    if form.validate_on_submit():
        user = User.query.filter_by(username=form.username.data).first()
        if user is None or not user.check_password(form.password.data):
            flash(_('Invalid username or password'), category='danger')
            return redirect(url_for('auth.login'))
        login_user(user, remember=form.remember_me.data)
        next_page = request.args.get('next')
        if not next_page or url_parse(next_page).netloc != '':
            next_page = url_for('secret.index')
        return redirect(next_page)
    return render_template(
        'auth/login.html',
        title=_('Sign In'),
        form=form,
        not_register=current_app.config['REGISTRATION_DISABLED'])
Пример #13
0
    def get(self):
        welcome = self.request.get('welcome', None)
        flashes = []
        limit = 10
        offset = self.request.get_range('offset',
                                        min_value=0,
                                        max_value=100000,
                                        default=0)

        # let's get the most recent posts
        posts = Post.query().order(-Post.created).fetch(limit, offset=offset)

        if len(posts) is 0 and offset > 0:
            flashes = flash('No more posts available.')
            offset -= limit
            posts = Post.query().order(-Post.created).fetch(limit,
                                                            offset=offset)

        if welcome is not None:
            flashes = flash('Welcome, %s!' % welcome, 'success', flashes)

        self.r(posts, offset, limit, flashes=flashes)
Пример #14
0
    def post(self, user):
        # grab the form
        form = PostEditForm(self.request.params)

        # validate csrf
        if not self.validate_csrf(form.csrf_token.data):
            form.csrf_token.data = self.generate_csrf()
            self.r(form, flashes=flash('Please submit the form again.'))
            return

        # validate form
        if not form.validate():
            self.r(form)
            return

        # get the post please
        post = Key(urlsafe=form.key.data).get()
        if post is None:
            self.r(flashes=flash('Post does not exist'))
            return

        # check if the user is the owner or not
        if post.author != user:
            self.redirect('/')
            return

        try:
            t = form.title.data
            post.title = t
            post.title_lower = lower(t)
            post.subject = form.subject.data
            post.content = form.content.data
            post.put()
            self.redirect('/author/%s' % post.author)
            return
        except Exception as e:
            form.csrf_token.data = self.generate_csrf()
            self.r(form)
            return
Пример #15
0
    def post(self, user):
        # grab the form
        form = CommentForm(self.request.params)

        if not form.validate():
            form.csrf_token.data = self.generate_csrf()
            self.r(form)
            return

        # get the comment
        try:
            comment = Key(urlsafe=form.key.data).get()
        except:
            # invalid key
            comment = None

        if comment is None:
            self.redirect('/')
            return

        if comment.author != user:
            self.redirect('/')
            return

        # better be a post here or else!
        post = comment.key.parent().get()
        if post is None:
            self.redirect('/')
            return

        # update the comment
        try:
            comment.content = form.comment.data
            comment.put()
            self.redirect('/post/view?key=%s' % post.key.urlsafe())
            return
        except:
            # let's give them another chance
            form.csrf_token.data = self.generate_csrf()
            self.r(form, flashes=flash())
            return
Пример #16
0
    def get(self):
        flashes = []
        limit = 10
        offset = self.request.get_range('offset',
                                        min_value=0,
                                        max_value=100000,
                                        default=0)
        user = self.request.path.split('/')[2]
        user = unquote(user)

        # let's get the most recent posts
        posts = Post.query(
            Post.author_lower == lower(user)).order(-Post.created).fetch(
                limit, offset=offset)

        if len(posts) is 0 and offset > 0:
            flashes = flash('No more posts available.')
            offset -= limit
            posts = Post.query().order(-Post.created).fetch(limit,
                                                            offset=offset)

        self.r(posts, offset, limit, user, flashes=flashes)
Пример #17
0
    def post(self, user):
        # let's get the form
        form = CommentDeleteForm(self.request.params)

        # validate the form please
        if not form.validate():
            self.redirect(self.request.referer)
            return

        try:
            # grab the comment
            comment = Key(urlsafe=form.key.data).get()
        except:
            # really this shouldn't be None
            # unless unnatural nav
            comment = None

        # go back home
        if comment is None:
            self.redirect('/')
            return

        # this isn't the users comment!
        if comment.author != user:
            self.redirect('/')
            return

        # alright let's delete the comment
        try:
            comment.key.delete()
            self.redirect('/')
            return
        except Exception as e:
            # we'll give them another chance
            form.csrf_token.data = self.generate_csrf()
            self.r(form, comment, flashes=flash())
            return
Пример #18
-1
    def post(self, user):
        # grab the form
        form = CommentForm(self.request.params)

        if not form.validate():
            form.csrf_token.data = self.generate_csrf()
            self.r(form)
            return

        # get the comment
        try:
            comment = Key(urlsafe=form.key.data).get()
        except:
            # invalid key
            comment = None

        if comment is None:
            self.redirect('/')
            return

        if comment.author != user:
            self.redirect('/')
            return

        # better be a post here or else!
        post = comment.key.parent().get()
        if post is None:
            self.redirect('/')
            return

        # update the comment
        try:
            comment.content = form.comment.data
            comment.put()
            self.redirect('/post/view?key=%s' % post.key.urlsafe())
            return
        except:
            # let's give them another chance
            form.csrf_token.data = self.generate_csrf()
            self.r(form, flashes=flash())
            return