def _target(request, emp_no, dept_no=None, **kwargs): if dept_no: # is manager of this department, go to department page target = request.route_url('show_dept', dept_no=dept_no) else: # non-manager target = request.route_url('show_empl', emp_no=emp_no) return http_exc.HTTPFound(location=target, **kwargs)
def add_new(request): form = NewEntry(request.POST) if request.POST and form.validate(): entry = Entry(title=form.title.data, text=form.text.data) DBSession.add(entry) DBSession.flush() return ex.HTTPFound(request.route_url('entry', entry=entry.id)) return {'form': form}
def contactme(request): with ContactForm() as form: form.save_data(request.POST.get('name'), request.POST.get('email'), request.POST.get('phone'), request.POST.get('best_time_to_contact')) request.session.flash("We'll reach out to you shortly to get started!", queue='contact_form') return exc.HTTPFound(request.route_url('home') + '#contact')
def __init__(self, request): print cfront_settings.get("maintenance_mode", False) if "job_key" in request.matchdict: set_request_job(request) if cfront_settings.get("maintenance_mode", False): if not "sorry" in request.url: raise exc.HTTPFound(request.route_url("maintainance"))
def loginPOST(self): invalidAlert = [{\ "title":"Ow no, unable to log in!",\ "text":"The information provided is invalid.",\ "type":"error"}] # Collect the posted information from the login form try: username = self.request.params['username'] password = self.request.params['password'] except: self.request.session["alerts"] = invalidAlert raise exc.HTTPFound(self.request.route_url("login")) # Collect from the database the salt and password for the user try: salt, storedPassword = db.executeOne("User_Password",[username]) except Exception as e: self.request.session["username"] = username self.request.session["alerts"] = invalidAlert raise exc.HTTPFound(self.request.route_url("login")) _, password = Helper.hashPassword(password, salt) if password == storedPassword: # Collect relevant user information user = db.executeOne("User_Info", [username]) # Store the information as session variables. self.request.session["authority"] = user["permission"] self.request.session["status"] = 1 self.request.session["username"] = username self.request.session["firstname"] = user["firstname"] self.request.session["lastname"] = user["lastname"] self.request.session["avatar"] = user["avatar"] self.request.session["alerts"] = [] self.request.session["email"] = user["email"] # Redirect the client to the new page location = self.request.session.get("intended_route",self.request.route_url("index")) raise exc.HTTPFound(location) self.request.session["username"] = username self.request.session["alerts"] = invalidAlert raise exc.HTTPFound(self.request.route_url("login"))
def auth_only(*args, **kwargs): if len(args) == 1: args = args[0] # print "auth uid is", request.authenticated_userid if args[1].authenticated_userid is None: print "Not logged in!" raise exc.HTTPFound(location='/login') return func(args[1], **kwargs)
def via_redirect(context, request): url = request.params.get('url') if url is None: raise httpexceptions.HTTPBadRequest('"url" parameter missing') via_link = 'https://via.hypothes.is/{}'.format(url) raise httpexceptions.HTTPFound(location=via_link)
def go(request, route, message=None): if "message" in request.session: del request.session["message"] if message is not None: request.session["message"] = message raise exc.HTTPFound(request.route_url(route))
def add_group_plugin(request): # make sure the users are in the group: # only a site admin or group admin can do this gid = request.matchdict['group_id'] can_modify_group(request, gid) plugins = request.POST.get('plugins', None) # print request.POST.values() if plugins is None: return exc.HTTPFound(location='/group/' + gid) for plugin in request.POST.values(): scheduled_plugin = LedSchedule(led_group_id=gid, led_plugin_id=int(plugin), duration=30, enabled=True, position=9) try: request.db_session.add(scheduled_plugin) except sql_exc.DatabaseError as e: print scheduled_plugin, "already in scheduled" return exc.HTTPFound(location='/group/' + gid)
def site_list(request): auth_check_pass = Auth.check_user_session(request.session) if not auth_check_pass: raise exc.HTTPFound(request.route_url("login")) site_list = Site.get_list_of_site() return site_list
def site_add(request): auth_check_pass = Auth.check_user_session(request.session) if not auth_check_pass: raise exc.HTTPFound(request.route_url("login")) return { 'project': 'PAY CALCULATOR', 'username': request.session['username'] }
def fetch_employee(request): auth_check_pass = Auth.check_user_session(request.session) if not auth_check_pass: raise exc.HTTPFound(request.route_url("login")) firstname = request.params.get('firstname') security_license = request.params.get('security_license') data = Employee.find_employee(firstname, security_license) return json.dumps(data)
def get_when_not_logged_in(self): """ Handle a request for a user activation link. Checks if the activation code passed is valid, and (as a safety check) that it is an activation for the passed user id. If all is well, activate the user and redirect them. """ code = self.request.matchdict.get("code") id_ = self.request.matchdict.get("id") try: id_ = int(id_) except ValueError as err: raise httpexceptions.HTTPNotFound() from err activation = models.Activation.get_by_code(self.request.db, code) if activation is None: self.request.session.flash( jinja2.Markup( _("We didn't recognize that activation link. " "Have you already activated your account? " "If so, try logging in using the username " "and password that you provided."), ), "error", ) return httpexceptions.HTTPFound( location=self.request.route_url("login")) user = models.User.get_by_activation(self.request.db, activation) if user is None or user.id != id_: raise httpexceptions.HTTPNotFound() user.activate() self.request.session.flash( jinja2.Markup( _("Your account has been activated! " "You can now log in using the password you provided."), ), "success", ) self.request.registry.notify(ActivationEvent(self.request, user)) return httpexceptions.HTTPFound(location=self.request.route_url( "login", _query={"username": user.username}))
def timers_view(self): """ Retrieve the timers page or redirect to index if not signed in. """ if not self.logged_in: raise exc.HTTPFound(self.request.route_url("index")) return {}
def get_when_not_logged_in(self): """ Handle a request for a user activation link. Checks if the activation code passed is valid, and (as a safety check) that it is an activation for the passed user id. If all is well, activate the user and redirect them to the stream. """ code = self.request.matchdict.get('code') id_ = self.request.matchdict.get('id') try: id_ = int(id_) except ValueError: raise httpexceptions.HTTPNotFound() activation = Activation.get_by_code(code) if activation is None: self.request.session.flash( jinja2.Markup( _("We didn't recognize that activation link. " "Perhaps you've already activated your account? " 'If so, try <a href="{url}">signing in</a> using the username ' 'and password that you provided.').format( url=self.request.route_url('login'))), 'error') return httpexceptions.HTTPFound( location=self.request.route_url('index')) user = User.get_by_activation(activation) if user is None or user.id != id_: raise httpexceptions.HTTPNotFound() user.activate() self.request.session.flash( jinja2.Markup( _('Your account has been activated! ' 'You can now <a href="{url}">sign in</a> using the password you ' 'provided.').format(url=self.request.route_url('login'))), 'success') self.request.registry.notify(ActivationEvent(self.request, user)) return httpexceptions.HTTPFound( location=self.request.route_url('index'))
def delete_group_user(request): gid = request.matchdict['group_id'] can_modify_group(request, gid) user_id = request.POST['user_id'] request.db_session.query(LedGroupUser).filter(and_(LedGroupUser.led_group_id == gid, LedGroupUser.led_user_id == user_id)).delete() log(request, 'Removed from <a href="/group/{0}">group {0}</a>: {1}'.format(gid, get_user_by_id(request, user_id).email)) return exc.HTTPFound(location='/group/' + gid)
def save_leave(request): auth_check_pass = Auth.check_user_session(request.session) if not auth_check_pass: raise exc.HTTPFound(request.route_url("login")) pay = request.POST['payslip_data'] pay = json.loads(pay) Pay.save_leave_data(pay) return "Saved successfully"
def index(request): user_id = cookie_auth.get_user_id_via_auth_cookie(request) user = user_service.find_user_by_id(user_id) if not user: x.HTTPFound('/account/login') return { 'user': user }
def login(self): if self.request.authenticated_userid is not None: return httpexceptions.HTTPFound(location=self.login_redirect) err, appstruct = validate_form(self.form, self.request.POST.items()) if err is not None: return err user = appstruct['user'] user.last_login_date = datetime.datetime.utcnow() self.request.registry.notify(LoginEvent(self.request, user)) userid = 'acct:{}@{}'.format(user.username, self.request.domain) headers = remember(self.request, userid) return httpexceptions.HTTPFound(location=self.login_redirect, headers=headers)
def login_post(request: Request): vm = LoginViewModel(request) vm.validate() if vm.error: return vm.to_dict() cookie_auth.set_auth(request, vm.user.id) return x.HTTPFound('/account')
def add_post(self): if self.request.authenticated_userid != 'Administrator': raise exc.HTTPForbidden() author = self.request.authenticated_userid title = self.request.params['title'] content = self.request.params['content'] post = Post(title, content, author) DB.save(post) raise exc.HTTPFound(self.request.route_url('post', id=post.id))
def edit_existing(request): post_id = request.matchdict['entry'] this_entry = DBSession.query(Entry).filter(Entry.id == post_id).first() form = NewEntry(request.POST, this_entry) if request.POST and form.validate(): form.populate_obj(this_entry) return ex.HTTPFound(request.route_url('entry', entry=post_id)) return {'form': form}
def route_by_content(context, request): """Routes the request according to the Content-Type header.""" mime_type, status_code = get_url_details(context.url(), request.headers) # Can PDF mime types get extra info on the end like "encoding=?" if mime_type in ("application/x-pdf", "application/pdf"): # Unless we have some very baroque error messages they shouldn't # really be returning PDFs redirect_url = request.route_url("view_pdf", _query=request.params) return exc.HTTPFound(redirect_url, headers=_caching_headers(max_age=300)) via_url = _get_legacy_via_url(request) headers = _cache_headers_for_http(status_code) return exc.HTTPFound(via_url, headers=headers)
def get_appointments_alternate_view(request): if "login_verification" not in request.session: request.session["last_stop"] = get_appointments_alternate_route_name() raise exc.HTTPFound( request.route_url(get_login_verification_route_name())) # request.route_url( ()), if "username" in request.session and "permissions_dict" in request.session: return { "branding": get_branding(), "name": get_appointments_alternate_route_name(), "username": get_username(request), "route_prefix": get_clientside_path_offset(), "apps": get_apps_list(request.session["permissions_dict"]), "apis": { "appointments": request.route_url(get_api_test_appointments_route_name()), "appt_users": request.route_url(get_api_test_appt_users_route_name()), "current_user": request.route_url(get_api_test_current_user_route_name()), "filters": request.route_url(get_api_test_filters_route_name()), "reassign": request.route_url(get_api_test_reassign_route_name()), "takebegin": request.route_url(get_api_test_take_begin_route_name()), "update_condition": request.route_url(get_api_test_update_condition_route_name()), "users": request.route_url(get_api_test_users_route_name()), }, "external_links": [ # {"url": "#", "name": "Link1"}, # {"url": "#", "name": "Link2"}, ], } else: raise exc.HTTPFound(request.route_url(get_login_route_name()))
def post(self): """Log the user in and redirect them.""" self._redirect_if_logged_in() data = self.request.POST.items() username = get_from_tuple(data, 'username') password = get_from_tuple(data, 'password') log = getPlazzaLogin(username, password) if (log): try: appstruct = self.form.validate(self.request.POST.items()) user = appstruct['user'] headers = self._login(user) return httpexceptions.HTTPFound( location=self._login_redirect(), headers=headers) except deform.ValidationFailure: infoUser = json.loads(getUserPlazza(username, password)) displayName = infoUser["displayName"] display = "" unaccented_string = unidecode.unidecode(displayName) for item in unaccented_string: if item != " ": display = display + item else: display = display + "_" print("display") print(display) signup_service = self.request.find_service(name='user_signup') user = signup_service.signup(username=display, email=username, password=password) headers = self._login(user) group = self.request.db.query(Group).filter_by( pubid="__world__").one() groups_service = self.request.find_service(name='group') groups_service.member_join(group, self.request.authenticated_userid) return httpexceptions.HTTPFound( location=self._login_redirect(), headers=headers) else: return {'form': self.form.render()}
def register_activate(request): pid, code = validasi_activation( request.matchdict['code']) # LOG.debug((pid, code)) # link = request.route_url( # 'register_activate', # code='-'.join( # [text_type(pid), # code])) # LOG.debug(link) if (pid and code) is not None: # cek exist code activation dan cari user berdasarkan nya Activation = request.find_model('membership.activation') activation = Activation.get_by_code(request.db, code) if activation is None: request.session.flash(_( "We didn't recognize that activation link. " "Perhaps you've already activated your account? " 'If so, try <a href="{url}">signing in</a> using the username ' 'and password that you provided.').format( url=request.route_url('_register_view')), 'error') return httpexceptions.HTTPFound( location=request.base_url) User = request.find_model('membership.user') user = User.get_by_activation(request.db, activation) if user is None or user.pid != pid: raise httpexceptions.HTTPNotFound() user.activate() request.session.flash(_( 'Your account has been activated! ' 'You can now <a href="{url}">sign in</a> using the password you ' 'provided.').format(url=request.route_url('_register_view')), 'success') request.registry.notify(ActivationEvent(request, user)) return httpexceptions.HTTPFound( location=request.base_url) return httpexceptions.HTTPNotFound()
def login_complete(request): """This view is hit after a visitor has successfully authenticated with one of the registered identity providers. The successfully authenticated visitor will be remembered (given a cookie) and redirected either to their profile page or back to the remote service the came from. See ``capture_requesting_service`` for details on the information put into a remote service redirect. """ context = request.context identifier = discover_uid(context) # Create user and identity entries if none are found. try: identity = DBSession.query(Identity) \ .filter(Identity.identifier==identifier) \ .filter(Identity.name==context.provider_name) \ .filter(Identity.type==context.provider_type) \ .first() if not identity: # So we have a new identity and potentially a new user, but # that is unknown at this time. user = acquire_user(request) if user.id is None: # We need the user id to make the relationship. DBSession.flush() identity = Identity(identifier, context.provider_name, context.provider_type, json.dumps(context.profile), json.dumps(context.credentials), user=user) DBSession.add(identity) user = identity.user except DBAPIError: raise httpexceptions.HTTPServiceUnavailable( connection_error_message, content_type='text/plain', ) # Remember the authenticated user for future requests. auth_headers = remember(request, str(user.id)) # Check the session for endpoint redirection otherwise pop the # user over to their user profile /user/{id} if REFERRER_SESSION_KEY in request.session: token = str(uuid.uuid4()) store = get_token_store() value = user.id store.store(token, value) # XXX Never expires. # Send the user back to the service with the token and # information about where they came from. referrer_info = request.session.get(REFERRER_SESSION_KEY) location = generate_service_validation_url(referrer_info, token) else: location = request.route_url('www-get-user', id=user.id) return httpexceptions.HTTPFound(location=location, headers=auth_headers)
def source_dir_contest_new(request): try: check_capability(request, 'manage_contest') contest_id, course_id = map(int, request.matchdict['contest'].split('-')) request.session['basket'] = Basket(contest_id, course_id) return exc.HTTPFound(request.route_url('source.dir.home')) except Exception as e: return exc.HTTPForbidden() if e.__str__( ) == 'Access denied' else exc.HTTPInternalServerError()
def add_comment(self): post_id = int(self.request.matchdict['id']) post = DB.get(Post, post_id) author = self.request.params['author'] message = self.request.params['message'] comment = Comment(message, author, post_id) DB.save(comment) post.comment_ids.append(comment.id) DB.save(post) raise exc.HTTPFound(self.request.route_url('post', id=post_id))
def ident_hash_missing_version(exc, request): try: version = get_latest_version(exc.id) except httpexceptions.HTTPNotFound as e: return e route_name = request.matched_route.name route_args = request.matchdict.copy() route_args['ident_hash'] = join_ident_hash(exc.id, version) return httpexceptions.HTTPFound( request.route_path(route_name, _query=request.params, **route_args))