def _sign_in_user(user):
login_user(user, remember=True)
if newsletter.ask_user_to_subscribe(user):
return redirect_content_type(url_for('account.newsletter_subscribe',
next=request.args.get('next')))
return redirect_content_type(request.args.get("next") or
url_for("home.home"))
def del_category(id):
"""Delete a category."""
try:
category = project_repo.get_category(id)
if category:
if len(cached_cat.get_all()) > 1:
ensure_authorized_to('delete', category)
if request.method == 'GET':
response = dict(template='admin/del_category.html',
title=gettext('Delete Category'),
category=category,
form=dict(csrf=generate_csrf()))
return handle_content_type(response)
if request.method == 'POST':
project_repo.delete_category(category)
msg = gettext("Category deleted")
flash(msg, 'success')
cached_cat.reset()
return redirect_content_type(url_for(".categories"))
else:
msg = gettext('Sorry, it is not possible to delete the only'
' available category. You can modify it, '
' click the edit button')
flash(msg, 'warning')
return redirect_content_type(url_for('.categories'))
else:
abort(404)
except HTTPException:
raise
except Exception as e: # pragma: no cover
current_app.logger.error(e)
return abort(500)
def _sign_in_user(user, next_url=None):
brand = current_app.config['BRAND']
if not user:
flash(
gettext('There was a problem signing you in. '
'Please contact your {} administrator.'.format(brand)),
'error')
return redirect(url_for('home.home'))
if not user.enabled:
flash(
gettext('Your account is disabled. '
'Please contact your {} administrator.'.format(brand)),
'error')
return redirect(url_for('home.home'))
login_user(user, remember=False)
user.last_login = model.make_timestamp()
user_repo.update(user)
next_url = (next_url or is_own_url_or_else(request.args.get('next'),
url_for('home.home'))
or url_for('home.home'))
if (current_app.config.get('MAILCHIMP_API_KEY')
and newsletter.ask_user_to_subscribe(user)):
return redirect_content_type(
url_for('account.newsletter_subscribe', next=next_url))
return redirect_content_type(next_url)
def images(short_name):
(project, owner, n_tasks, n_task_runs,
overall_progress, last_activity,
n_results) = project_by_shortname(short_name)
pro=pro_features()
project_button = add_custom_contrib_button_to(project, get_user_id_or_ip())
feature_handler = ProFeatureHandler(current_app.config.get('PRO_FEATURES'))
autoimporter_enabled = feature_handler.autoimporter_enabled_for(current_user)
project_sanitized, owner_sanitized = sanitize_project_owner(project_button, owner, current_user)
if(session.get("question") is None):
return redirect_content_type(url_for('.success',short_name=short_name))
if request.method == 'POST':
type_q="normal"
answer=[]
if(request.form.get('question','')==""):
flash("Atleast 1 question is required","warning")
return render_template('images.html',project=project_sanitized,
pro_features=pro)
if(request.form.get('checkbox','')!=""):
if(request.form.getlist('answer')[0]=="" or request.form.getlist('answer')[1]==""):
flash("Atleast 2 answers are required","warning")
return render_template('images.html',project=project_sanitized,
pro_features=pro)
else:
type_q="mcqs"
answer=request.form.getlist('answer')
dictobj={"questionString":request.form.get('question'),"answers":answer,"type":type_q}
session["question"]["images"].append(dictobj)
if(request.form.get('submit','')=="submit"):
p=draft_project(project)
if(p!="-1"):
return redirect_content_type(url_for('.'+p.lower(),short_name=short_name))
else:
return redirect_content_type(url_for('.success',short_name=short_name))
return render_template('images.html',project=project_sanitized,pro_features=pro) #we are going to tags.html
def newsletter_subscribe():
"""
Register method for subscribing user to PYBOSSA newsletter.
Returns a Jinja2 template
"""
# Save that we've prompted the user to sign up in the newsletter
if newsletter.is_initialized() and current_user.is_authenticated():
next_url = request.args.get('next') or url_for('home.home')
user = user_repo.get(current_user.id)
if current_user.newsletter_prompted is False:
user.newsletter_prompted = True
user_repo.update(user)
if request.args.get('subscribe') == 'True':
newsletter.subscribe_user(user)
flash("You are subscribed to our newsletter!", 'success')
return redirect_content_type(next_url)
elif request.args.get('subscribe') == 'False':
return redirect_content_type(next_url)
else:
response = dict(template='account/newsletter.html',
title=gettext("Subscribe to our Newsletter"),
next=next_url)
return handle_content_type(response)
else:
return abort(404)
def add_admin(user_id=None):
"""Add admin flag for user_id."""
try:
if user_id:
user = user_repo.get(user_id)
if not user:
return format_error('User not found', 404)
if not user.enabled:
markup = Markup('<strong>{}</strong> {} <strong>{}</strong>')
flash(
markup.format(gettext('User account '), user.fullname,
gettext(' is disabled')))
return redirect_content_type(url_for(".users"))
if not can_have_super_user_access(user):
markup = Markup('<strong>{} {}</strong> {} {}')
flash(
markup.format(gettext('Denied admin privileges to'),
user.fullname, user.email_addr,
'disqualify for admin access.'))
return redirect_content_type(url_for(".users"))
ensure_authorized_to('update', user)
user.admin = True
user_repo.update(user)
msg = generate_invitation_email_for_admins_subadmins(user, "Admin")
if msg:
mail_queue.enqueue(send_mail, msg)
return redirect_content_type(url_for(".users"))
except Exception as e: # pragma: no cover
current_app.logger.error(e)
return abort(500)
def del_category(id):
"""Delete a category."""
try:
category = project_repo.get_category(id)
if category:
if len(cached_cat.get_all()) > 1:
ensure_authorized_to('delete', category)
if request.method == 'GET':
response = dict(template='admin/del_category.html',
title=gettext('Delete Category'),
category=category,
form=dict(csrf=generate_csrf()))
return handle_content_type(response)
if request.method == 'POST':
project_repo.delete_category(category)
msg = gettext("Category deleted")
flash(msg, 'success')
cached_cat.reset()
return redirect_content_type(url_for(".categories"))
else:
msg = gettext('Sorry, it is not possible to delete the only'
' available category. You can modify it, '
' click the edit button')
flash(msg, 'warning')
return redirect_content_type(url_for('.categories'))
else:
abort(404)
except HTTPException:
raise
except Exception as e: # pragma: no cover
current_app.logger.error(e)
return abort(500)
def signin():
"""
Signin method for PYBOSSA users.
Returns a Jinja2 template with the result of signing process.
"""
form = LoginForm(request.body)
if request.method == 'POST' and form.validate():
password = form.password.data
email_addr = form.email.data.lower()
user = user_repo.search_by_email(email_addr=email_addr)
if user and not user.enabled:
flash(gettext('Your account is disabled. '
'Please contact your GIGwork administrator.'),
'error')
return redirect(url_for('home.home'))
if user and user.check_password(password):
if not current_app.config.get('ENABLE_TWO_FACTOR_AUTH'):
msg_1 = gettext('Welcome back') + ' ' + user.fullname
flash(msg_1, 'success')
return _sign_in_user(user)
else:
_email_two_factor_auth(user)
url_token = otp.generate_url_token(user.email_addr)
return redirect_content_type(url_for('account.otpvalidation',
token=url_token,
next=request.args.get('next')))
elif user:
msg, method = get_user_signup_method(user)
if method == 'local':
msg = gettext('Ooops, Incorrect email/password')
flash(msg, 'error')
else:
flash(msg, 'info')
else:
msg = gettext("Ooops, we didn't find you in the system, \
did you sign up?")
flash(msg, 'info')
if request.method == 'POST' and not form.validate():
flash(gettext('Please correct the errors'), 'error')
auth = {'twitter': False, 'facebook': False, 'google': False}
if current_user.is_anonymous():
# If Twitter is enabled in config, show the Twitter Sign in button
if ('twitter' in current_app.blueprints): # pragma: no cover
auth['twitter'] = True
if ('facebook' in current_app.blueprints): # pragma: no cover
auth['facebook'] = True
if ('google' in current_app.blueprints): # pragma: no cover
auth['google'] = True
response = dict(template='account/signin.html',
title="Sign in",
form=form,
auth=auth,
next=request.args.get('next'))
return handle_content_type(response)
else:
# User already signed in, so redirect to home page
return redirect_content_type(url_for("home.home"))
def newsletter_subscribe():
"""
Register method for subscribing user to PYBOSSA newsletter.
Returns a Jinja2 template
"""
# Save that we've prompted the user to sign up in the newsletter
if newsletter.is_initialized() and current_user.is_authenticated():
next_url = request.args.get('next') or url_for('home.home')
user = user_repo.get(current_user.id)
if current_user.newsletter_prompted is False:
user.newsletter_prompted = True
user_repo.update(user)
if request.args.get('subscribe') == 'True':
newsletter.subscribe_user(user)
flash("You are subscribed to our newsletter!", 'success')
return redirect_content_type(next_url)
elif request.args.get('subscribe') == 'False':
return redirect_content_type(next_url)
else:
response = dict(template='account/newsletter.html',
title=gettext("Subscribe to our Newsletter"),
next=next_url)
return handle_content_type(response)
else:
return abort(404)
def redirect_profile():
"""Redirect method for profile."""
if current_user.is_anonymous(): # pragma: no cover
return redirect_content_type(url_for('.signin'), status='not_signed_in')
if (request.headers.get('Content-Type') == 'application/json') and current_user.is_authenticated():
return _show_own_profile(current_user)
else:
return redirect_content_type(url_for('.profile', name=current_user.name))
def redirect_profile():
"""Redirect method for profile."""
if current_user.is_anonymous(): # pragma: no cover
return redirect_content_type(url_for('.signin'), status='not_signed_in')
if (request.headers.get('Content-Type') == 'application/json') and current_user.is_authenticated():
return _show_own_profile(current_user)
else:
return redirect_content_type(url_for('.profile', name=current_user.name))
def _sign_in_user(user):
login_user(user, remember=True)
if (current_app.config.get('MAILCHIMP_API_KEY') and
newsletter.ask_user_to_subscribe(user)):
return redirect_content_type(url_for('account.newsletter_subscribe',
next=request.args.get('next')))
return redirect_content_type(request.args.get("next") or
url_for("home.home"))
def _sign_in_user(user):
login_user(user, remember=True)
if (current_app.config.get('MAILCHIMP_API_KEY') and
newsletter.ask_user_to_subscribe(user)):
return redirect_content_type(url_for('account.newsletter_subscribe',
next=request.args.get('next')))
return redirect_content_type(request.args.get("next") or
url_for("home.home"))
def _sign_in_user(user):
login_user(user, remember=False)
user.last_login = model.make_timestamp()
user_repo.update(user)
if newsletter.ask_user_to_subscribe(user):
return redirect_content_type(url_for('account.newsletter_subscribe',
next=request.args.get('next')))
return redirect_content_type(request.args.get("next") or
url_for("home.home"))
def audios_edit(short_name):
(project, owner, n_tasks, n_task_runs,
overall_progress, last_activity,
n_results) = project_by_shortname(short_name)
pro=pro_features()
project_button = add_custom_contrib_button_to(project, get_user_id_or_ip())
feature_handler = ProFeatureHandler(current_app.config.get('PRO_FEATURES'))
autoimporter_enabled = feature_handler.autoimporter_enabled_for(current_user)
project_sanitized, owner_sanitized = sanitize_project_owner(project_button, owner, current_user)
if request.method == 'POST':
session_count=len(session["edit_question"]["audios"]);
session["edit_question"]["audios"]=[]
for j in range(1,session_count+1):
ans=[]
type_q="normal"
print str(j)+'_question'
if(request.form.get(str(j)+'_question','')!=""):
que=request.form.get(str(j)+'_question')
if(request.form.get(str(j)+'_divcheckbox','')!=""):
type_q="mcqs"
if(request.form.get(str(j)+'_answer','')!=""):
ans=request.form.getlist(str(j)+'_answer')
dictobj={"questionString":request.form.get(str(j)+'_question'),"answers":ans,"type":type_q}
session["edit_question"]["audios"].append(dictobj)
if(request.form.get('submit','')=="submit"):
p=edit_draft_question(project)
project.info["questionSet"]["audios"]=session["edit_question"]["audios"]
project_repo.update(project)
if(p!="-1"):
return redirect_content_type(url_for('.'+p.lower()+"_edit",short_name=short_name))
else:
return redirect_content_type(url_for('.edit_success',short_name=short_name))
else:
type_q="normal"
answer=[]
if(request.form.get('question','')==""):
flash("Question field is Empty","warning")
return render_template('audios_edit.html',project=project_sanitized,
pro_features=pro)
if(request.form.get('checkbox','')!=""):
if(request.form.getlist('answer')[0]=="" or request.form.getlist('answer')[1]==""):
flash("Atleast 2 answers are required","warning")
return render_template('audios_edit.html',project=project_sanitized,
pro_features=pro)
else:
type_q="mcqs"
answer=request.form.getlist('answer')
dictobj={"questionString":request.form.get('question'),"answers":answer,"type":type_q}
session["edit_question"]["audios"].append(dictobj)
return render_template('audios_edit.html',project=project_sanitized,pro_features=pro) #we are going to tags.html
def _sign_in_user(user):
login_user(user, remember=False)
user.last_login = model.make_timestamp()
user_repo.update(user)
next_url = (is_own_url_or_else(request.args.get('next'),
url_for('home.home'))
or url_for('home.home'))
if (current_app.config.get('MAILCHIMP_API_KEY')
and newsletter.ask_user_to_subscribe(user)):
return redirect_content_type(
url_for('account.newsletter_subscribe', next=next_url))
return redirect_content_type(next_url)
def redirect_profile():
"""Redirect method for profile."""
if current_user.is_anonymous(): # pragma: no cover
return redirect_content_type(url_for('.signin'), status='not_signed_in')
if (request.headers.get('Content-Type') == 'application/json') and current_user.is_authenticated():
form = None
if current_app.config.upref_mdata:
form_data = cached_users.get_user_pref_metadata(current_user.name)
form = UserPrefMetadataForm(**form_data)
form.set_upref_mdata_choices()
return _show_own_profile(current_user, form)
else:
return redirect_content_type(url_for('.profile', name=current_user.name))
def redirect_profile():
"""Redirect method for profile."""
if current_user.is_anonymous: # pragma: no cover
return redirect_content_type(url_for('.signin'), status='not_signed_in')
if (request.headers.get('Content-Type') == 'application/json') and current_user.is_authenticated:
form = None
if current_app.config.upref_mdata:
form_data = cached_users.get_user_pref_metadata(current_user.name)
form = UserPrefMetadataForm(**form_data)
form.set_upref_mdata_choices()
return _show_own_profile(current_user, form, current_user)
else:
return redirect_content_type(url_for('.profile', name=current_user.name))
def new_announcement():
"""Create new announcement."""
def respond():
response = dict(template='admin/new_announcement.html',
title=gettext("Write a new post"),
form=form)
return handle_content_type(response)
form = AnnouncementForm()
del form.id
# project_sanitized, owner_sanitized = sanitize_project_owner(project, owner, current_user)
if request.method != 'POST':
ensure_authorized_to('create', Announcement())
return respond()
if not form.validate():
flash(gettext('Please correct the errors'), 'error')
return respond()
announcement = Announcement(title=form.title.data,
body=form.body.data,
published=form.published.data,
media_url=form.media_url.data,
user_id=current_user.id)
ensure_authorized_to('create', announcement)
announcement_repo.save(announcement)
msg_1 = gettext('Annnouncement created!')
markup = Markup('<i class="icon-ok"></i> {}')
flash(markup.format(msg_1), 'success')
return redirect_content_type(url_for('admin.announcement'))
def callback():
global auth0
try:
auth0.authorize_access_token()
except Exception:
pass
msg_1 = gettext(
u"Se ha producido un error al iniciar sesión con su cuenta. Los datos introducidos son incorrectos. Por favor, vuelva a intentarlo, pulsando de nuevo sobre “Iniciar sesión”."
)
flash(msg_1, 'error')
return redirect_content_type(url_for("home.home"))
resp = auth0.get('userinfo')
userinfo = resp.json()
auth_user_id = userinfo['sub']
user = user_repo.get_by(auth_user_id=auth_user_id)
if user:
msg_1 = gettext(u"Bienvenido") + " " + user.fullname
flash(msg_1, 'success')
return _sign_in_user(user)
else:
account = dict(fullname=userinfo['nickname'],
name=userinfo['nickname'],
email_addr=userinfo['email'],
auth_user_id=auth_user_id)
return _create_account_Auth(account)
def password_reset_key():
form = PasswordResetKeyForm(request.body)
if request.method == 'GET' or not form.validate_on_submit():
response = dict(template='/account/password_reset_key.html', form=form)
else:
return redirect_content_type(url_for('account.reset_password', key=form.password_reset_key.data))
return handle_content_type(response)
def edit_question(short_name):
(project, owner, n_tasks, n_task_runs,
overall_progress, last_activity,
n_results) = project_by_shortname(short_name)
pro=pro_features()
project_button = add_custom_contrib_button_to(project, get_user_id_or_ip())
feature_handler = ProFeatureHandler(current_app.config.get('PRO_FEATURES'))
autoimporter_enabled = feature_handler.autoimporter_enabled_for(current_user)
project_sanitized, owner_sanitized = sanitize_project_owner(project_button, owner, current_user)
print project_button["contrib_button"]
if "importer_type" in project.info.keys():
if(project.info["importer_type"]=="frg"):
if(project_button["contrib_button"]=="draft"):
if("questionSet" in project.info.keys()):
session["edit_question_list"]=[]
session["edit_question"]={"images":[],"documents":[],"videos":[],"audios":[]}
for i in ["images","documents","videos","audios"]:
if(len(project.info["questionSet"][i])>0):
session["edit_question_list"].append(i)
p=edit_draft_question(project)
print "see"+p
if(p!="-1"):
return redirect_content_type(url_for('.'+p+"_edit",short_name=short_name))
else:
return "-1"
#return render_template('select_type.html',project=project_sanitized,pro_features=pro)
else:
return ("Sorry, You Edit the questions for draft project only.","alert")
return "Sorry , You did not imported questions from Fundamenta Research"
def new_announcement():
"""Create new announcement."""
def respond():
response = dict(
template='', # template='admin/new_announcement.html',
title=gettext("Write a new post"),
form=form)
return handle_content_type(response)
form = AnnouncementForm()
del form.id
# project_sanitized, owner_sanitized = sanitize_project_owner(project, owner, current_user)
if request.method != 'POST':
ensure_authorized_to('create', Announcement())
return respond()
if not form.validate():
flash(gettext('Please correct the errors'), 'error')
return respond()
announcement = Announcement(title=form.title.data,
body=form.body.data,
user_id=current_user.id)
ensure_authorized_to('create', announcement)
announcement_repo.save(announcement)
msg_1 = gettext('Annnouncement created!')
flash('<i class="icon-ok"></i> ' + msg_1, 'success')
return redirect_content_type(url_for('admin.announcement'))
def register():
"""
Register method for creating a PYBOSSA account.
Returns a Jinja2 template
"""
if current_app.config.get('LDAP_HOST', False):
return abort(404)
if not app_settings.upref_mdata:
form = RegisterForm(request.body)
else:
form = RegisterFormWithUserPrefMetadata(request.body)
form.set_upref_mdata_choices()
form.project_slug.choices = get_project_choices()
msg = "I accept receiving emails from %s" % current_app.config.get('BRAND')
form.consent.label = msg
if request.method == 'POST':
form.generate_password()
if request.method == 'POST' and form.validate():
if app_settings.upref_mdata:
user_pref, metadata = get_user_pref_and_metadata(form.name.data, form)
account = dict(fullname=form.fullname.data, name=form.name.data,
email_addr=form.email_addr.data,
password=form.password.data,
consent=form.consent.data,
user_type=form.user_type.data)
account['user_pref'] = user_pref
account['metadata'] = metadata
else:
account = dict(fullname=form.fullname.data, name=form.name.data,
email_addr=form.email_addr.data,
password=form.password.data,
consent=form.consent.data)
ensure_user_data_access_assignment_from_form(account, form)
confirm_url = get_email_confirmation_url(account)
if current_app.config.get('ACCOUNT_CONFIRMATION_DISABLED'):
project_slugs=form.project_slug.data
create_account(account, project_slugs=project_slugs)
flash(gettext('Created user successfully!'), 'success')
return redirect_content_type(url_for("home.home"))
msg = dict(subject='Welcome to %s!' % current_app.config.get('BRAND'),
recipients=[account['email_addr']],
body=render_template('/account/email/validate_account.md',
user=account, confirm_url=confirm_url))
msg['html'] = markdown(msg['body'])
mail_queue.enqueue(send_mail, msg)
data = dict(template='account/account_validation.html',
title=gettext("Account validation"),
status='sent')
return handle_content_type(data)
if request.method == 'POST' and not form.validate():
flash(gettext('Please correct the errors'), 'error')
del form.password
del form.confirm
data = dict(template='account/register.html',
title=gettext("Register"), form=form)
return handle_content_type(data)
def confirm_email():
"""Send email to confirm user email."""
acc_conf_dis = current_app.config.get('ACCOUNT_CONFIRMATION_DISABLED')
if acc_conf_dis:
return abort(404)
if current_user.valid_email is False:
user = user_repo.get(current_user.id)
account = dict(fullname=current_user.fullname,
name=current_user.name,
email_addr=current_user.email_addr)
confirm_url = get_email_confirmation_url(account)
subject = ('Verify your email in %s' % current_app.config.get('BRAND'))
msg = dict(subject=subject,
recipients=[current_user.email_addr],
body=render_template('/account/email/validate_email.md',
user=account,
confirm_url=confirm_url))
msg['html'] = render_template('/account/email/validate_email.html',
user=account,
confirm_url=confirm_url)
mail_queue.enqueue(send_mail, msg)
msg = gettext("An e-mail has been sent to \
validate your e-mail address.")
flash(msg, 'info')
user.confirmation_email_sent = True
user_repo.update(user)
return redirect_content_type(url_for('.profile', name=current_user.name))
def edit_question(short_name):
(project, owner, n_tasks, n_task_runs, overall_progress, last_activity,
n_results) = project_by_shortname(short_name)
pro = pro_features()
project_button = add_custom_contrib_button_to(project, get_user_id_or_ip())
feature_handler = ProFeatureHandler(current_app.config.get('PRO_FEATURES'))
autoimporter_enabled = feature_handler.autoimporter_enabled_for(
current_user)
project_sanitized, owner_sanitized = sanitize_project_owner(
project_button, owner, current_user)
print project_button["contrib_button"]
if (project_button["contrib_button"] == "draft"):
if ("questionSet" not in project.info.keys()):
project.info.update({
"questionSet": {
"images": [],
"videos": [],
"audios": [],
"documents": []
}
})
project_repo.update(project)
session["edit_question"] = {
"images": [],
"documents": [],
"videos": [],
"audios": []
}
return redirect_content_type(
url_for('.images_edit', short_name=short_name))
else:
return ("Sorry, You Edit the questions for draft project only.",
"alert")
def update_announcement(id):
announcement = announcement_repo.get_by(id=id)
if announcement is None:
raise abort(404)
def respond():
response = dict(
template='', # template='admin/update_announcement.html',
title=gettext("Edit a post"),
form=form)
return handle_content_type(response)
form = AnnouncementForm()
if request.method != 'POST':
ensure_authorized_to('update', announcement)
form = AnnouncementForm(obj=announcement)
return respond()
if not form.validate():
flash(gettext('Please correct the errors'), 'error')
return respond()
ensure_authorized_to('update', announcement)
announcement = Announcement(id=form.id.data,
title=form.title.data,
body=form.body.data,
user_id=current_user.id)
announcement_repo.update(announcement)
msg_1 = gettext('Announcement updated!')
flash('<i class="icon-ok"></i> ' + msg_1, 'success')
return redirect_content_type(url_for('admin.announcement'))
def _create_account_Auth(user_data):
new_user = model.user.User(fullname=user_data['fullname'],
name=user_data['name'],
email_addr=user_data['email_addr'],
valid_email=True,
auth_user_id=user_data['auth_user_id'],
admin=False)
password = GenPasswd2(8, string.digits) + GenPasswd2(
15, string.ascii_letters)
new_user.set_password(password)
userxemail = user_repo.get_by(email_addr=user_data['email_addr'])
if userxemail:
if userxemail.auth_user_id is None:
new_user = userxemail
new_user.auth_user_id = user_data['auth_user_id']
user_repo.update(new_user)
flash(gettext(u'Bienvenido') + " " + new_user.fullname, 'success')
return _sign_in_user(new_user)
else:
flash(
gettext(
u'El email ya está registrado en nuestro sistema bajo otra cuenta con otras credenciales. No ha sido posible iniciar sesión. Inicie sesión utilizando la cuenta original que uso para registrarse por primera vez con esta dirección de correo.'
), 'error')
return redirect_content_type(url_for("home.home"))
else:
userduplicatename = user_repo.get_by_name(name=new_user.name)
if userduplicatename:
new_user.name = new_user.name + GenRandomString(
6, string.ascii_lowercase)
user_repo.save(new_user)
flash(gettext(u'Gracias por registrarte.'), 'success')
return _sign_in_user(new_user)
def register():
"""
Register method for creating a PYBOSSA account.
Returns a Jinja2 template
"""
form = RegisterForm(request.body)
form.project_slug.choices = get_project_choices()
if request.method == 'POST' and form.validate():
account = dict(fullname=form.fullname.data, name=form.name.data,
email_addr=form.email_addr.data,
password=form.password.data)
confirm_url = get_email_confirmation_url(account)
if current_app.config.get('ACCOUNT_CONFIRMATION_DISABLED'):
project_slugs=form.project_slug.data
create_account(account, project_slugs=project_slugs)
flash(gettext('Created user succesfully!'), 'success')
return redirect_content_type(url_for("home.home"))
msg = dict(subject='Welcome to %s!' % current_app.config.get('BRAND'),
recipients=[account['email_addr']],
body=render_template('/account/email/validate_account.md',
user=account, confirm_url=confirm_url))
msg['html'] = markdown(msg['body'])
mail_queue.enqueue(send_mail, msg)
data = dict(template='account/account_validation.html',
title=gettext("Account validation"),
status='sent')
return handle_content_type(data)
if request.method == 'POST' and not form.validate():
flash(gettext('Please correct the errors'), 'error')
data = dict(template='account/register.html',
title=gettext("Register"), form=form)
return handle_content_type(data)
def new(category_short_name):
"""Create a LibCrowds project for a given category."""
category = project_repo.get_category_by(short_name=category_short_name)
if not category: # pragma: no cover
abort(404)
ensure_authorized_to('create', Project)
templates = category.info.get('templates', [])
volumes = category.info.get('volumes', [])
# Check for a valid task presenter
presenter = category.info.get('presenter')
if presenter not in ['z3950', 'iiif-annotation']:
err_msg = 'Invalid task presenter, please contact an administrator'
flash(err_msg, 'error')
return redirect_content_type(url_for('home.home'))
form = ProjectForm(request.body)
form.volume_id.choices = [(v['id'], v['name']) for v in volumes]
form.template_id.choices = [(t['id'], t['name']) for t in templates]
if request.method == 'POST' and form.validate():
tmpl = [t for t in templates if t['id'] == form.template_id.data][0]
volume = [v for v in volumes if v['id'] == form.volume_id.data][0]
handle_valid_project_form(form, tmpl, volume, category)
else: # pragma: no cover
flash('Please correct the errors', 'error')
built_projects = get_built_projects(category)
response = dict(form=form, built_projects=built_projects)
return handle_content_type(response)
def delete_announcement(id):
announcement = announcement_repo.get_by(id=id)
if announcement is None:
raise abort(404)
ensure_authorized_to('delete', announcement)
announcement_repo.delete(announcement)
flash('<i class="icon-ok"></i> ' + 'Announcement deleted!', 'success')
return redirect_content_type(url_for('admin.announcement'))
def test_redirect_content_type_json(self, mocklast, mockjsonify,
mockrender, mockrequest):
mockrequest.headers.__getitem__.return_value = 'application/json'
mockjsonify.side_effect = myjsonify
res = util.redirect_content_type('http://next.uri')
err_msg = "next URI is wrong in redirction"
assert res.get('next') == 'http://next.uri', err_msg
err_msg = "jsonify should be called"
assert mockjsonify.called, err_msg
def signout():
"""
Signout PYBOSSA users.
Returns a redirection to PYBOSSA home page.
"""
logout_user()
flash(gettext('You are now signed out'), SUCCESS)
return redirect_content_type(url_for('home.home'), status=SUCCESS)
def signout():
"""
Signout PYBOSSA users.
Returns a redirection to PYBOSSA home page.
"""
logout_user()
flash(gettext('You are now signed out'), SUCCESS)
return redirect_content_type(url_for('home.home'), status=SUCCESS)
def test_redirect_content_type_json_html(self, mockjsonify, mockrender,
mockrequest):
mockrequest.headers.__getitem__.return_value = 'text/html'
mockjsonify.side_effect = myjsonify
res = util.redirect_content_type('/')
err_msg = "redirect 302 should be the response"
assert res.status_code == 302, err_msg
err_msg = "redirect to / should be done"
assert res.location == "/", err_msg
err_msg = "jsonify should not be called"
assert mockjsonify.called is False, err_msg
def generate_tasks(project, import_data, template):
"""Generate the tasks."""
try:
msg = _import_tasks(project, template, **import_data)
flash(msg, 'success')
except BulkImportException as err: # pragma: no cover
project_repo.delete(project)
flash(err.message, 'error')
return redirect_content_type(url_for('home.home'))
except Exception as inst: # pragma: no cover
success = False
current_app.logger.error(inst)
print inst
project_repo.delete(project)
flash(str(inst), 'error')
return redirect_content_type(url_for('home.home'))
auditlogger.add_log_entry(None, project, current_user)
task_repo.update_tasks_redundancy(project, template['min_answers'])
return redirect_content_type(url_for('home.home'))
def delete_announcement(id):
announcement = announcement_repo.get_by(id=id)
if announcement is None:
raise abort(404)
ensure_authorized_to('delete', announcement)
announcement_repo.delete(announcement)
msg_1 = gettext('Announcement deleted!')
markup = Markup('<i class="icon-ok"></i> {}')
flash(markup.format(msg_1), 'success')
return redirect_content_type(url_for('admin.announcement'))
def delete_announcement(id):
announcement = announcement_repo.get_by(id=id)
if announcement is None:
raise abort(404)
ensure_authorized_to('delete', announcement)
announcement_repo.delete(announcement)
msg_1 = gettext('Announcement deleted!')
markup = Markup('<i class="icon-ok"></i> {}')
flash(markup.format(msg_1), 'success')
return redirect_content_type(url_for('admin.announcement'))
def test_redirect_content_type_json_html(
self, mockjsonify, mockrender, mockrequest):
fake_d = {'Content-Type': 'text/html'}
mockrequest.headers.__getitem__.side_effect = fake_d.__getitem__
mockrequest.headers.get.side_effect = fake_d.get
mockrequest.headers.__iter__.side_effect = fake_d.__iter__
mockjsonify.side_effect = myjsonify
res = util.redirect_content_type('/')
err_msg = "redirect 302 should be the response"
assert res.status_code == 302, err_msg
err_msg = "redirect to / should be done"
assert res.location == "/", err_msg
err_msg = "jsonify should not be called"
assert mockjsonify.called is False, err_msg
def test_redirect_content_type_json_message(
self, mocklast, mockjsonify, mockrender, mockrequest):
mocklast.return_value = None
fake_d = {'Content-Type': 'application/json'}
mockrequest.headers.__getitem__.side_effect = fake_d.__getitem__
mockrequest.headers.get.side_effect = fake_d.get
mockrequest.headers.__iter__.side_effect = fake_d.__iter__
mockjsonify.side_effect = myjsonify
res = util.redirect_content_type('http://next.uri', status='hallo123')
err_msg = "next URI is wrong in redirction"
assert res.get('next') == 'http://next.uri', err_msg
err_msg = "jsonify should be called"
assert mockjsonify.called, err_msg
err_msg = "status should exist"
assert res.get('status') == 'hallo123', err_msg
def add_admin(user_id=None):
"""Add admin flag for user_id."""
try:
if user_id:
user = user_repo.get(user_id)
if user:
ensure_authorized_to('update', user)
user.admin = True
user_repo.update(user)
return redirect_content_type(url_for(".users"))
else:
msg = "User not found"
return format_error(msg, 404)
except Exception as e: # pragma: no cover
current_app.logger.error(e)
return abort(500)
def test_redirect_content_type_json(
self,
mocklast,
mockjsonify,
mockrender,
mockrequest):
fake_d = {'Content-Type': 'application/json'}
mockrequest.headers.__getitem__.side_effect = fake_d.__getitem__
mockrequest.headers.get.side_effect = fake_d.get
mockrequest.headers.__iter__.side_effect = fake_d.__iter__
mockjsonify.side_effect = myjsonify
res = util.redirect_content_type('http://next.uri')
err_msg = "next URI is wrong in redirction"
assert res.get('next') == 'http://next.uri', err_msg
err_msg = "jsonify should be called"
assert mockjsonify.called, err_msg
def start_export(name):
"""
Starts a export of all user data according to EU GDPR
Data will be available on GET /export after it is processed
"""
user = user_repo.get_by_name(name)
if not user:
return abort(404)
if user.id != current_user.id:
return abort(403)
ensure_authorized_to('update', user)
export_queue.enqueue(export_userdata,
user_id=user.id)
msg = gettext('GDPR export started')
flash(msg, 'success')
return redirect_content_type(url_for('account.profile', name=name))
def del_admin(user_id=None):
"""Del admin flag for user_id."""
try:
if user_id:
user = user_repo.get(user_id)
if user:
ensure_authorized_to('update', user)
user.admin = False
user_repo.update(user)
return redirect_content_type(url_for('.users'))
else:
msg = "User.id not found"
return format_error(msg, 404)
else: # pragma: no cover
msg = "User.id is missing for method del_admin"
return format_error(msg, 415)
except Exception as e: # pragma: no cover
current_app.logger.error(e)
return abort(500)
def update_category(id):
"""Update a category."""
try:
category = project_repo.get_category(id)
if category:
ensure_authorized_to('update', category)
form = CategoryForm(obj=category)
form.populate_obj(category)
if request.method == 'GET':
response = dict(template='admin/update_category.html',
title=gettext('Update Category'),
category=category,
form=form)
return handle_content_type(response)
if request.method == 'POST':
form = CategoryForm(request.body)
if form.validate():
slug = form.name.data.lower().replace(" ", "")
new_category = Category(id=form.id.data,
name=form.name.data,
short_name=slug)
project_repo.update_category(new_category)
cached_cat.reset()
msg = gettext("Category updated")
flash(msg, 'success')
return redirect_content_type(url_for(".categories"))
else:
msg = gettext("Please correct the errors")
flash(msg, 'success')
response = dict(template='admin/update_category.html',
title=gettext('Update Category'),
category=category,
form=form)
return handle_content_type(response)
else:
abort(404)
except HTTPException:
raise
except Exception as e: # pragma: no cover
current_app.logger.error(e)
return abort(500)
def reset_api_key(name):
"""
Reset API-KEY for user.
Returns a Jinja2 template.
"""
if request.method == 'POST':
user = user_repo.get_by_name(name)
if not user:
return abort(404)
ensure_authorized_to('update', user)
user.api_key = model.make_uuid()
user_repo.update(user)
cached_users.delete_user_summary(user.name)
msg = gettext('New API-KEY generated')
flash(msg, 'success')
return redirect_content_type(url_for('account.profile', name=name))
else:
csrf = dict(form=dict(csrf=generate_csrf()))
return jsonify(csrf)
def otpvalidation(token):
email = otp.retrieve_email_for_token(token)
if not email:
flash(gettext('Please sign in.'), 'error')
return redirect_content_type(url_for('account.signin'))
form = OTPForm(request.body)
user_otp = form.otp.data
user = user_repo.get_by(email_addr=email)
current_app.logger.info('validating otp for user email: {}'.format(email))
if request.method == 'POST' and form.validate():
otp_code = otp.retrieve_user_otp_secret(email)
if otp_code is not None:
if otp_code == user_otp:
msg = gettext('OTP verified. You are logged in to the system')
flash(msg, 'success')
otp.expire_token(token)
return _sign_in_user(user)
else:
msg = gettext('Invalid one time password, a newly generated '
'one time password was sent to your email.')
flash(msg, 'error')
else:
msg = gettext('Expired one time password, a newly generated one '
'time password was sent to your email.')
flash(msg, 'error')
current_app.logger.info(('Invalid OTP. retrieved: {}, submitted: {}, '
'email: {}').format(otp_code, user_otp, email))
_email_two_factor_auth(user, True)
form.otp.data = ''
response = dict(template='/account/otpvalidation.html',
title='Verify OTP',
form=form,
user=user.to_public_json(),
next=request.args.get('next'),
token=token)
return handle_content_type(response)
def update_announcement(id):
announcement = announcement_repo.get_by(id=id)
if announcement is None:
raise abort(404)
def respond():
response = dict(template='admin/new_announcement.html',
title=gettext("Edit a post"),
form=form)
return handle_content_type(response)
form = AnnouncementForm()
if request.method != 'POST':
ensure_authorized_to('update', announcement)
form = AnnouncementForm(obj=announcement)
return respond()
if not form.validate():
flash(gettext('Please correct the errors'), 'error')
return respond()
ensure_authorized_to('update', announcement)
announcement = Announcement(id=form.id.data,
title=form.title.data,
body=form.body.data,
published=form.published.data,
media_url=form.media_url.data,
user_id=current_user.id)
announcement_repo.update(announcement)
msg_1 = gettext('Announcement updated!')
markup = Markup('<i class="icon-ok"></i> {}')
flash(markup.format(msg_1), 'success')
return redirect_content_type(url_for('admin.announcement'))
def confirm_email():
"""Send email to confirm user email."""
acc_conf_dis = current_app.config.get('ACCOUNT_CONFIRMATION_DISABLED')
if acc_conf_dis:
return abort(404)
if current_user.valid_email is False:
user = user_repo.get(current_user.id)
account = dict(fullname=current_user.fullname, name=current_user.name,
email_addr=current_user.email_addr)
confirm_url = get_email_confirmation_url(account)
subject = ('Verify your email in %s' % current_app.config.get('BRAND'))
msg = dict(subject=subject,
recipients=[current_user.email_addr],
body=render_template('/account/email/validate_email.md',
user=account, confirm_url=confirm_url))
msg['html'] = render_template('/account/email/validate_email.html',
user=account, confirm_url=confirm_url)
mail_queue.enqueue(send_mail, msg)
msg = gettext("An e-mail has been sent to \
validate your e-mail address.")
flash(msg, 'info')
user.confirmation_email_sent = True
user_repo.update(user)
return redirect_content_type(url_for('.profile', name=current_user.name))
def update_profile(name):
"""
Update user's profile.
Returns Jinja2 template.
"""
user = user_repo.get_by_name(name)
if not user:
return abort(404)
ensure_authorized_to('update', user)
show_passwd_form = True
if user.twitter_user_id or user.google_user_id or user.facebook_user_id or user.wechat_user_id or user.weibo_user_id:
show_passwd_form = False
usr = cached_users.get_user_summary(name)
# Extend the values
user.rank = usr.get('rank')
user.score = usr.get('score')
btn = request.body.get('btn', 'None').capitalize()
if btn != 'Profile':
update_form = UpdateProfileForm(formdata=None, obj=user)
else:
update_form = UpdateProfileForm(obj=user)
update_form.set_locales(current_app.config['LOCALES'])
avatar_form = AvatarUploadForm()
password_form = ChangePasswordForm()
title_msg = "Update your profile: %s" % user.fullname
if request.method == 'POST':
# Update user avatar
succeed = False
btn = request.body.get('btn', 'None').capitalize()
if btn == 'Upload':
succeed = _handle_avatar_update(user, avatar_form)
# Update user profile
elif btn == 'Profile':
succeed = _handle_profile_update(user, update_form)
# Update user password
elif btn == 'Password':
succeed = _handle_password_update(user, password_form)
# Update user external services
elif btn == 'External':
succeed = _handle_external_services_update(user, update_form)
# Otherwise return 415
else:
return abort(415)
if succeed:
cached_users.delete_user_summary(user.name)
return redirect_content_type(url_for('.update_profile',
name=user.name),
status=SUCCESS)
else:
data = dict(template='/account/update.html',
form=update_form,
upload_form=avatar_form,
password_form=password_form,
title=title_msg,
show_passwd_form=show_passwd_form)
return handle_content_type(data)
data = dict(template='/account/update.html',
form=update_form,
upload_form=avatar_form,
password_form=password_form,
title=title_msg,
show_passwd_form=show_passwd_form)
return handle_content_type(data)
def signin():
"""
Signin method for PYBOSSA users.
Returns a Jinja2 template with the result of signing process.
"""
form = LoginForm(request.body)
isLdap = current_app.config.get('LDAP_HOST', False)
if (request.method == 'POST' and form.validate()
and isLdap is False):
password = form.password.data
email = form.email.data
user = user_repo.get_by(email_addr=email)
if user and user.check_password(password):
if not current_app.config.get('ENABLE_TWO_FACTOR_AUTH'):
msg_1 = gettext("Welcome back") + " " + user.fullname
flash(msg_1, 'success')
return _sign_in_user(user)
else:
_email_two_factor_auth(user)
url_token = otp.generate_url_token(user.email_addr)
return redirect_content_type(url_for('account.otpvalidation',
token=url_token,
next=request.args.get('next')))
elif user:
msg, method = get_user_signup_method(user)
if method == 'local':
msg = gettext("Ooops, Incorrect email/password")
flash(msg, 'error')
else:
flash(msg, 'info')
else:
msg = gettext("Ooops, we didn't find you in the system, \
did you sign up?")
flash(msg, 'info')
if (request.method == 'POST' and form.validate()
and isLdap):
password = form.password.data
cn = form.email.data
ldap_user = None
if ldap.bind_user(cn, password):
ldap_user = ldap.get_object_details(cn)
key = current_app.config.get('LDAP_USER_FILTER_FIELD')
value = ldap_user[key][0]
user_db = user_repo.get_by(ldap=value)
if (user_db is None):
keyfields = current_app.config.get('LDAP_PYBOSSA_FIELDS')
user_data = dict(fullname=ldap_user[keyfields['fullname']][0],
name=ldap_user[keyfields['name']][0],
email_addr=ldap_user[keyfields['email_addr']][0],
valid_email=True,
ldap=value,
consent=False)
_create_account(user_data, ldap_disabled=False)
else:
login_user(user_db, remember=True)
else:
msg = gettext("User LDAP credentials are wrong.")
flash(msg, 'info')
if request.method == 'POST' and not form.validate():
flash(gettext('Please correct the errors'), 'error')
auth = {'twitter': False, 'facebook': False, 'google': False, 'wechat': False, 'weibo' : False}
if current_user.is_anonymous():
# If Twitter is enabled in config, show the Twitter Sign in button
if (isLdap is False):
for isp in OAuthProviders:
if (isp in current_app.blueprints): # pragma: no cover
auth[isp] = True
response = dict(template='account/signin.html',
title="Sign in",
form=form,
auth=auth,
next=request.args.get('next'))
return handle_content_type(response)
else:
# User already signed in, so redirect to home page
return redirect_content_type(url_for("home.home"))
