def POST(self): form = self._email_form() if form.validates(): user_email = form['email'].value sess = session.get_session() user_id = sess['tw_user_id'] db = database.get_db() if user_id: db.update(tables='users', where='id=$user_id', vars={'user_id': user_id}, email=user_email) else: values = { 'name': sess['tw_name'], 'username': sess['tw_username'], 'twitter': sess['tw_twitter'], 'login_source': auth.LOGIN_SOURCE_TWITTER, 'email': user_email, } user_id = db.insert(tablename='users', **values) auth.login_user(session.get_session(), user_id) web.seeother(url='/register/after-signup', absolute=True) else: return template.ltpl('register/twitter/email', form, msg=_('Please provide an email'))
def GET(self): data = web.input(page=1, dir='desc', sort='pins.timestamp') sess = session.get_session() reset_offset = sess.get('search_reset_offset', False) if reset_offset: self.page = 0 sess['search_reset_offset'] = False else: self.page = int(data.page) - 1 self.sort = data.sort self.sort_direction = data.dir where_clause = build_where(self) db = database.get_db() results = db.query('''select pins.*, case when users.username is null then '---' else users.username end as username from pins left join users on pins.user_id=users.id where {where_clause} order by {sort_ord} {sort_dir} limit {limit} offset {offset} '''.format(where_clause=' and '.join(where_clause), sort_ord=self.sort, sort_dir=self.sort_direction, limit=PAGE_SIZE, offset=(PAGE_SIZE * self.page))) pins = [] for row in results: pins.append(row) if pins: return web.template.frender('t/admin/pin_search_list.html')(pins, date) else: return web.template.frender('t/admin/pin_search_list.html')([], date)
def GET(self): sess = session.get_session() if sess.get('user_id', False): return web.seeother(url='/', absolute=True) message = web.input(msg=None)['msg'] form = self.UsernameForm() return template.ltpl('recover_password/start', form, message)
def POST(self): """ Change user password and get/store new logintoken :param str csid_from_client: Csid string from client :param str logintoken: Logintoken :param str old_password: current password of the user :param str new_password, new_password2: The new password typed 2 times :response_data: new clinet token :to test: """ request_data = web.input() save_api_request(request_data) client_token = request_data.get("logintoken") status, response_or_user = self.authenticate_by_token(client_token) if not status: return response_or_user old_password = request_data.get("old_password") new_password = request_data.get("new_password") new_password2 = request_data.get("new_password2") pw_salt = response_or_user['pw_salt'] pw_hash = response_or_user['pw_hash'] status, error = self.passwords_validation(pw_salt, pw_hash, old_password, new_password, new_password2, response_or_user["username"], response_or_user["email"]) if status: new_password_hash = self.create_password(pw_salt, new_password) db.update('users', pw_hash=new_password_hash, vars={'id': response_or_user["id"]}, where="id=$id") # re_login user with new password sess = session.get_session() auth.login_user(sess, response_or_user["id"]) user = db.select('users', {'id': response_or_user["id"]}, where='id=$id')[0] response = api_response( client_token=user.get('logintoken'), csid_from_client=request_data.get("csid_from_client"), csid_from_server=user.get('seriesid')) else: data = {} user = db.select('users', {'id': response_or_user["id"]}, where='id=$id')[0] csid_from_server = user.get('seriesid') csid_from_client = request_data.get("csid_from_client") response = api_response(data=data, status=400, error_code=error, csid_from_client=csid_from_client, csid_from_server=csid_from_server) return response
def POST(self, pin_id): form = self.get_form() if form.validates(): web.header('Content-Type', 'application/json') sess = session.get_session() auth.force_login(sess) db = database.get_db() price = form.d.price or None pin_utils.update_base_pin_information(db, pin_id, sess.user_id, form.d.title, form.d.description, form.d.link, form.d.tags, price, form.d.product_url, form.d.price_range) categories = [int(c) for c in form.d.categories.split(',')] pin_utils.update_pin_into_categories(db, pin_id, categories) if form.d.imageurl: try: image_filename, _ = urllib.urlretrieve(form.d.imageurl) pin_utils.update_pin_images(db, pin_id, sess.user_id, image_filename) except Exception as e: logger.error( 'Could not save the image for pin: {} from URL: {}'. format(pin_id, form.d.imageurl), exc_info=True) return json.dumps({'status': str(e)}) return json.dumps({'status': 'ok'}) else: return web.notfound()
def POST(self): sess = session.get_session() auth.force_login(sess) form = self._form() if form.validates(): pin_id_list = list(set([int(x) for x in form.d.ids.split(',')])) pins_to_delte = ','.join(str(x) for x in pin_id_list) category_id_list = [int(x) for x in form.d.categories.split(',')] values_to_insert = [{ 'pin_id': pin_id, 'category_id': category_id } for pin_id, category_id in itertools.product( pin_id_list, category_id_list)] db = database.get_db() transaction = db.transaction() try: db.delete(table='pins_categories', where='pin_id in ({})'.format(pins_to_delte)) db.multiple_insert(tablename='pins_categories', values=values_to_insert) transaction.commit() return json.dumps({'status': 'ok'}) except Exception: logger.error('Failed to update categories', exc_info=True) transaction.rollback() return json.dumps({'status': 'error'}) else: return json.dumps({'status': 'error'})
def GET(self): error = web.input(error=None)['error'] if error: error = web.input(error_description='')['error_description'] full_error = _( 'There was a problem with login with Facebook. You can try again or user another login method: {}' ).format(error) return redirect_to_register(full_error) else: self.code = web.input(code=None)['code'] if self.code: if not self._check_state_parameter(): return redirect_to_register( _('Detected a possible request forge')) if not self._exchange_code_for_access_token(): return redirect_to_register(_('Invalid facebook login')) if not self._obtain_user_profile(): return redirect_to_register(_('Invalid facebook login')) user_id = self._get_user_from_db() if not user_id: # user not registered, let's register web.seeother(url='/register/') else: sess = session.get_session() auth.login_user(sess, user_id) web.seeother(url='/{}'.format(self.username), absolute=True) else: error = _( 'Failure in the OAuth protocol with Facebook. You can try again or user another login method' ) return redirect_to_register(error)
def POST(self, user_id, token_id, token): user_id = int(user_id) token_id = int(token_id) form = self.PwdResetForm() if form.validates(): sess = session.get_session() if sess['pwdrecov_token_id'] != token_id or sess[ 'pwdrecov_user_id'] != user_id or sess[ 'pwdrecov_token'] != token: message = _( 'Sorry! We cannot verify that this user requested a password reset. Please try to reset your passord again.' ) return web.seeother( url='/recover_password?msg={}'.format(message), absolute=True) password = form.d.pwd1 auth.chage_user_password(user_id, password) db = database.get_db() db.update(tables='password_change_tokens', where='id=$id', vars={'id': token_id}, used=True, used_on=datetime.datetime.now()) auth.login_user(sess, user_id) self.send_email() return web.seeother('/recover_password_complete/') else: return template.ltpl('recover_password/change_pwd_form', form)
def POST(self, name=None): """ Updates social media accounts. """ sess = session.get_session() force_login(sess) logintoken = convert_to_logintoken(sess.user_id) form = self._form() if not form.validates(): return 'bad input' if logintoken: data = { "logintoken": logintoken, "csid_from_client": "", "facebook": form.d.facebook, "linkedin": form.d.linkedin, "twitter": form.d.twitter, "gplus": form.d.gplus } data = api_request("api/profile/userinfo/update", data=data) if data['status'] == 200: raise web.seeother('/social-media') else: mgs = data['error_code'] raise web.seeother('/profile?msg=%s' % msg)
def GET(self): db = database.get_db() sess = session.get_session() results = db.where('users', what='username', id=sess.user_id) for row in results: username = row.username return template.ltpl('recover_password/complete', username)
def POST(self, name=None): """ Responsible for handing profile editing calls """ sess = session.get_session() force_login(sess) logintoken = convert_to_logintoken(sess.user_id) form = self._form() if not form.validates(): return 'you need to fill in everything' if logintoken: data = { "name": form.d.name, "about": form.d.about, "website": form.d.website, "country": form.d.country, "hometown": form.d.hometown, "city": form.d.city, "csid_from_client": 'None', "logintoken": logintoken } data = api_request("api/profile/userinfo/update", "POST", data) if data['status'] == 200: raise web.seeother('/profile') else: msg = data['error_code'] raise web.seeother('/profile?msg=%s' % msg) get_input = web.input(_method='get') if 'user_profile' in get_input: raise web.seeother('/%s?editprofile=1' % user.username)
def GET(self, pin_id=None): sess = session.get_session() auth.force_login(sess) db = database.get_db() results = db.query('''select pins.* from pins where pins.id=$id and user_id=$user_id''', vars={ 'id': pin_id, 'user_id': sess.user_id }) for row in results: web.header('Content-Type', 'application/json') row.price = str(row.price) row.price_range_repr = '$' * row.price_range if row.price_range < 5 else '$$$$+' results = db.select( tables=['categories', 'pins_categories'], where= 'categories.id = pins_categories.category_id and pins_categories.pin_id=$id', vars={'id': pin_id}) row['categories'] = [{ 'id': catrow.id, 'name': catrow.name } for catrow in results] results = db.where(table='tags', pin_id=pin_id) tags = [r.tags for r in results] row['tags'] = tags return json.dumps(row) raise web.notfound()
def ltpl(*params): sess = session.get_session() if auth.logged_in(sess): logintoken = convert_to_logintoken(sess.user_id) # Getting profile of a given user profile_url = "/api/profile/userinfo/info" profile_owner_context = { "csid_from_client": "1", "id": sess.user_id, "logintoken": logintoken} user = api_request(profile_url, data=profile_owner_context)\ .get("data", []) if len(user) == 0: return u"Profile was not found" user = pin_utils.dotdict(user) db = database.get_db() acti_needed = user.activation notif_count = db.select('notifs', what='count(*)', where='user_id = $id', vars={'id': sess.user_id}) # all_albums = list(db.select('albums', where="user_id=%s" % (sess.user_id), order='id')) all_albums = [] boards = list(db.where(table='boards', order='name', user_id=sess.user_id)) categories_to_select = list(cached_models.get_categories_with_children(db)) return tpl('layout', tpl(*params), cached_models.get_categories(), boards, all_albums, user, acti_needed, notif_count[0].count, csrf_token,categories_to_select ) return tpl('layout', tpl(*params), cached_models.get_categories())
def grab_and_insert_profile_picture(self): sess = session.get_session() db = database.get_db() album_id = db.insert(tablename='albums', name=_('Profile Pictures'), user_id=self.user_id) photo_id = db.insert(tablename='photos', album_id=album_id) picture_url = 'https://graph.facebook.com/{0}/picture'.format( sess.fb_profile['username']) picture_filename = 'static/pics/{0}.png'.format(photo_id) try: filename, headers = urllib.urlretrieve(url=picture_url) if filename.endswith('.png'): os.renames(old=filename, new=picture_filename) else: img = Image.open(filename) img.save(picture_filename) os.unlink(filename) img = Image.open(picture_filename) width, height = img.size ratio = 80.0 / float(width) width = 80 height *= ratio img.thumbnail((width, height), Image.ANTIALIAS) picture_thumb_filename = 'static/pics/userthumb{0}.png'.format( photo_id) img.save(picture_thumb_filename) db.update(tables='users', where='id=$id', vars={'id': self.user_id}, pic=photo_id) except: # no problem, we can live without the profile picture logger.info('Could not obtain faceboog profile picture', exc_info=True)
def GET(self): ''' Manages the return from the facebook login. On success returns to the root of the server url. Else prints a message ''' sess = session.get_session() error = web.input(error=None)['error'] if error: error = web.input(error_description='')['error_description'] full_error = _( 'There was a problem with login with Facebook. You can try' ' again or user another login method: {}').format(error) return redirect_to_register(full_error) else: self.code = web.input(code=None)['code'] if self.code: if not self._check_state_parameter(): return redirect_to_register( _('Detected a possible request forge')) if not self._exchange_code_for_access_token(): return redirect_to_register(_('Invalid facebook login')) if not self._obtain_user_profile(): return redirect_to_register(_('Invalid facebook login')) user_id = self._get_user_from_db() if not user_id: sess['fb_profile'] = self.profile web.seeother(url='/username', absolute=False) else: # user already registered, perform a login instead of registration web.seeother(url='/login/') else: error = _( 'Failure in the OAuth protocol with Facebook. You can try again' ' or user another login method') return redirect_to_register(error)
def GET(self): sess = session.get_session() auth.force_login(sess) params = web.input(tag='') sess['pin_loaders_tag_filter'] = params.tag sess['reset_page_offset'] = True return ''
def GET(self): sess = session.get_session() auth.force_login(sess) params = web.input(size=PIN_LIST_LIMIT) size = int(params.size) sess['pin_loaders_item_added_page_size'] = size sess['reset_page_offset'] = True return ''
def _save_profile_in_session(self): sess = session.get_session() if hasattr(self, 'user_id') and self.user_id: sess['tw_user_id'] = self.user_id else: sess['tw_user_id'] = None sess['tw_name'] = self.credentials['name'] sess['tw_username'] = self.credentials['screen_name'] sess['tw_twitter'] = self.credentials['screen_name']
def GET(self, board_id): self.board_id = int(board_id) self.offset = int(web.input(offset=0).offset) sess = session.get_session() auth.logged_in(sess) pins = self.get_items() json_pins = json.dumps(pins) return json_pins
def GET(self): sess = session.get_session() if self.username_already_exists(sess.fb_profile['username']): username = self.suggest_a_username(sess.fb_profile['username']) else: username = sess.fb_profile['username'] form = self.username_form() form['username'].set_value(username.lower()) form['email'].set_value(sess.fb_profile['email']) return template.ltpl('register/username', form)
def GET(self): sess = session.get_session() auth.force_login(sess) params = web.input(category='0') if params.category: sess['pin_loaders_category_filter'] = int(params.category) else: sess['pin_loaders_category_filter'] = 0 sess['reset_page_offset'] = True return ''
def DELETE(self, pin_id): sess = session.get_session() category = sess['category'] db = database.get_db() db.delete(table='pins_categories', where='pin_id=$pinid and category_id=$catid', vars={ 'pinid': pin_id, 'catid': category }) return 'ok'
def DELETE(self, pin_id): try: sess = session.get_session() auth.force_login(sess) db = database.get_db() pin_utils.delete_pin_from_db(db, pin_id, sess.user_id) web.header('Content-Type', 'application/json') return json.dumps({'status': 'ok'}) except: logger.info('Cannot delete a pin: {}'.format(pin_id), exc_info=True) return web.notfound()
def _insert_user_to_db(self): sess = session.get_session() values = { 'name': sess['tw_name'], 'username': self.username, 'twitter': sess['tw_twitter'], 'login_source': auth.LOGIN_SOURCE_TWITTER, 'email': self.email, } db = database.get_db() self.user_id = db.insert(tablename='users', **values) return self.user_id
def get_items(self): sess = session.get_session() start = web.input(start=False).start if start: offset = 1 self.sess['offset'] = 1 else: offset = self.sess.get('offset', 1) if offset == 0: return [] logintoken = convert_to_logintoken(self.sess.get('user_id')) data = { "csid_from_client": '', "logintoken": logintoken, "page": offset, "query_type": "range", "items_per_page": settings.PIN_COUNT } if self.category['id'] != 0: results = self.db.where(table='categories', parent=self.category['id']) data['category_id_list'] = [self.category['id']] for row in results: data['category_id_list'].append(str(row.id)) data = api_request("api/image/query/category", "POST", data) if data['status'] == 200: if offset >= data['data']['pages_count']: self.sess['offset'] = 0 data_for_image_query = { "csid_from_client": '', "logintoken": logintoken, "query_params": data['data']['image_id_list'] } data_from_image_query = api_request("api/image/query", "POST", data_for_image_query) if data_from_image_query['status'] == 200: set_of_seen_items = self.sess['seen_items'] items_without_duplicates = [] for item in data_from_image_query['data']['image_data_list']: itemid = item['id'] if itemid not in set_of_seen_items: set_of_seen_items.add(itemid) items_without_duplicates.append(item) return items_without_duplicates return []
def GET(self): sess = session.get_session() twitter = twython.Twython( app_key=settings.TWITTER['api_key'], app_secret=settings.TWITTER['api_secret'], oauth_token=sess['oauth_token'], oauth_token_secret=sess['oauth_token_secret']) oauth_verifier = web.input(oauth_verifier=None)['oauth_verifier'] try: final_step = twitter.get_authorized_tokens(oauth_verifier) except: logger.error('Twitter authoriation failed', exc_info=True) return template.lmsg(_('Twitter authentication failed')) if oauth_verifier: self.oauth_token = sess['oauth_token'] = final_step['oauth_token'] self.oauth_toke_secret = sess['oauth_token_secret'] = final_step[ 'oauth_token_secret'] if not self._get_user_credentials(): return template.lmsg(_('Invalid twitter login')) user_id, email = self._get_user_data_from_db() if not user_id: self._save_profile_in_session() if self.username_already_exists( self.credentials['screen_name']): sess['tw_username'] = self.suggest_a_username( self.credentials['screen_name']) raise web.seeother(url='/username', absolute=False) raise web.seeother(url='/email', absolute=False) if email: auth.login_user(session.get_session(), user_id) # username is set in _get_user_data_from_db() raise web.seeother(url='/register/after-signup', absolute=True) else: self._save_profile_in_session() raise web.seeother(url='/email', absolute=False) else: logger.error('No oauth_verifyer %s', web.input()) return template.lmsg(_("User not authenticated"))
def send_email(self): db = database.get_db() sess = session.get_session() results = db.where('users', id=sess.user_id) for row in results: self.user = row html_message = str( web.template.frender('t/recover_password/email_pwd_changed.html')( self.user)) web.sendmail('*****@*****.**', self.user.email, 'Your MyPinnings password has been changed', html_message, headers={'Content-Type': 'text/html;charset=utf-8'})
def GET(self, name=None): sess = session.get_session() force_login(sess) logintoken = convert_to_logintoken(sess.user_id) profile_url = "/api/profile/userinfo/get" profile_owner_context = { "csid_from_client": "", "logintoken": logintoken } user = api_request(profile_url, data=profile_owner_context).get("data") user = dotdict(user) msg = web.input(msg=None)['msg'] return ltpl('editprofile', user, settings.COUNTRIES, name, msg)
def _check_state_parameter(self): ''' Check that the state we send to facebook is the same that facebook returns back. ''' try: sess = session.get_session() state = sess['state'] returned_state = web.input(state=None)['state'] return state == returned_state except: logger.error( 'Session has no state value to check. Possible request forgery' ) return False
def POST(self, pin_id): input_values = web.input(category_check=[]) form_data = self.form(input_values) if form_data.validates(): if not form_data.d.link and not form_data.d.product_url: return "Invalid url for the product" if not form_data.d.board_id and not form_data.d.board_name: return "Invalid board" if form_data.d.board_id: board = form_data.d.board_id else: board = db.insert('boards', name=form_data.d.board_name) sess = session.get_session() logintoken = convert_to_logintoken(sess.user_id) data = { 'image_id': pin_id, "csid_from_client": '', "logintoken": logintoken } data = api_request("api/image/query/hashtags", "POST", data) hash_tag_remove_list = [] if data['status'] == 200: hash_tag_remove_list = data['data']['hashtag_list'] data = { 'image_id': pin_id, 'image_title': form_data.d.title, 'image_desc': form_data.d.description, 'link': form_data.d.link, 'price': form_data.d.price or None, 'product_url': form_data.d.product_url, 'price_range': form_data.d.price_range, 'board_id': board, 'hash_tag_remove_list': hash_tag_remove_list, 'hash_tag_add_list': form_data.d.tags.split(), "csid_from_client": '', "logintoken": logintoken } data = api_request("api/image/mp", "POST", data) if data['status'] == 200: return web.seeother(url='/p/{}'.format( data['data']['external_id']), absolute=True) return "Invalid data"