def _target(request, emp_no, dept_no=None, **kwargs):
if dept_no:
# is manager of this department, go to department page
target = request.route_url('show_dept', dept_no=dept_no)
else:
# non-manager
target = request.route_url('show_empl', emp_no=emp_no)
return http_exc.HTTPFound(location=target, **kwargs)
def add_new(request):
form = NewEntry(request.POST)
if request.POST and form.validate():
entry = Entry(title=form.title.data, text=form.text.data)
DBSession.add(entry)
DBSession.flush()
return ex.HTTPFound(request.route_url('entry', entry=entry.id))
return {'form': form}
def contactme(request):
with ContactForm() as form:
form.save_data(request.POST.get('name'), request.POST.get('email'),
request.POST.get('phone'),
request.POST.get('best_time_to_contact'))
request.session.flash("We'll reach out to you shortly to get started!",
queue='contact_form')
return exc.HTTPFound(request.route_url('home') + '#contact')
def __init__(self, request):
print cfront_settings.get("maintenance_mode", False)
if "job_key" in request.matchdict:
set_request_job(request)
if cfront_settings.get("maintenance_mode", False):
if not "sorry" in request.url:
raise exc.HTTPFound(request.route_url("maintainance"))
def loginPOST(self):
invalidAlert = [{\
"title":"Ow no, unable to log in!",\
"text":"The information provided is invalid.",\
"type":"error"}]
# Collect the posted information from the login form
try:
username = self.request.params['username']
password = self.request.params['password']
except:
self.request.session["alerts"] = invalidAlert
raise exc.HTTPFound(self.request.route_url("login"))
# Collect from the database the salt and password for the user
try:
salt, storedPassword = db.executeOne("User_Password",[username])
except Exception as e:
self.request.session["username"] = username
self.request.session["alerts"] = invalidAlert
raise exc.HTTPFound(self.request.route_url("login"))
_, password = Helper.hashPassword(password, salt)
if password == storedPassword:
# Collect relevant user information
user = db.executeOne("User_Info", [username])
# Store the information as session variables.
self.request.session["authority"] = user["permission"]
self.request.session["status"] = 1
self.request.session["username"] = username
self.request.session["firstname"] = user["firstname"]
self.request.session["lastname"] = user["lastname"]
self.request.session["avatar"] = user["avatar"]
self.request.session["alerts"] = []
self.request.session["email"] = user["email"]
# Redirect the client to the new page
location = self.request.session.get("intended_route",self.request.route_url("index"))
raise exc.HTTPFound(location)
self.request.session["username"] = username
self.request.session["alerts"] = invalidAlert
raise exc.HTTPFound(self.request.route_url("login"))
def auth_only(*args, **kwargs):
if len(args) == 1:
args = args[0]
# print "auth uid is", request.authenticated_userid
if args[1].authenticated_userid is None:
print "Not logged in!"
raise exc.HTTPFound(location='/login')
return func(args[1], **kwargs)
def via_redirect(context, request):
url = request.params.get('url')
if url is None:
raise httpexceptions.HTTPBadRequest('"url" parameter missing')
via_link = 'https://via.hypothes.is/{}'.format(url)
raise httpexceptions.HTTPFound(location=via_link)
def go(request, route, message=None):
if "message" in request.session:
del request.session["message"]
if message is not None:
request.session["message"] = message
raise exc.HTTPFound(request.route_url(route))
def add_group_plugin(request):
# make sure the users are in the group:
# only a site admin or group admin can do this
gid = request.matchdict['group_id']
can_modify_group(request, gid)
plugins = request.POST.get('plugins', None)
# print request.POST.values()
if plugins is None:
return exc.HTTPFound(location='/group/' + gid)
for plugin in request.POST.values():
scheduled_plugin = LedSchedule(led_group_id=gid, led_plugin_id=int(plugin), duration=30, enabled=True, position=9)
try:
request.db_session.add(scheduled_plugin)
except sql_exc.DatabaseError as e:
print scheduled_plugin, "already in scheduled"
return exc.HTTPFound(location='/group/' + gid)
def site_list(request):
auth_check_pass = Auth.check_user_session(request.session)
if not auth_check_pass:
raise exc.HTTPFound(request.route_url("login"))
site_list = Site.get_list_of_site()
return site_list
def site_add(request):
auth_check_pass = Auth.check_user_session(request.session)
if not auth_check_pass:
raise exc.HTTPFound(request.route_url("login"))
return {
'project': 'PAY CALCULATOR',
'username': request.session['username']
}
def fetch_employee(request):
auth_check_pass = Auth.check_user_session(request.session)
if not auth_check_pass:
raise exc.HTTPFound(request.route_url("login"))
firstname = request.params.get('firstname')
security_license = request.params.get('security_license')
data = Employee.find_employee(firstname, security_license)
return json.dumps(data)
def get_when_not_logged_in(self):
"""
Handle a request for a user activation link.
Checks if the activation code passed is valid, and (as a safety check)
that it is an activation for the passed user id. If all is well,
activate the user and redirect them.
"""
code = self.request.matchdict.get("code")
id_ = self.request.matchdict.get("id")
try:
id_ = int(id_)
except ValueError as err:
raise httpexceptions.HTTPNotFound() from err
activation = models.Activation.get_by_code(self.request.db, code)
if activation is None:
self.request.session.flash(
jinja2.Markup(
_("We didn't recognize that activation link. "
"Have you already activated your account? "
"If so, try logging in using the username "
"and password that you provided."), ),
"error",
)
return httpexceptions.HTTPFound(
location=self.request.route_url("login"))
user = models.User.get_by_activation(self.request.db, activation)
if user is None or user.id != id_:
raise httpexceptions.HTTPNotFound()
user.activate()
self.request.session.flash(
jinja2.Markup(
_("Your account has been activated! "
"You can now log in using the password you provided."), ),
"success",
)
self.request.registry.notify(ActivationEvent(self.request, user))
return httpexceptions.HTTPFound(location=self.request.route_url(
"login", _query={"username": user.username}))
def timers_view(self):
"""
Retrieve the timers page
or redirect to index if not signed in.
"""
if not self.logged_in:
raise exc.HTTPFound(self.request.route_url("index"))
return {}
def get_when_not_logged_in(self):
"""
Handle a request for a user activation link.
Checks if the activation code passed is valid, and (as a safety check)
that it is an activation for the passed user id. If all is well,
activate the user and redirect them to the stream.
"""
code = self.request.matchdict.get('code')
id_ = self.request.matchdict.get('id')
try:
id_ = int(id_)
except ValueError:
raise httpexceptions.HTTPNotFound()
activation = Activation.get_by_code(code)
if activation is None:
self.request.session.flash(
jinja2.Markup(
_("We didn't recognize that activation link. "
"Perhaps you've already activated your account? "
'If so, try <a href="{url}">signing in</a> using the username '
'and password that you provided.').format(
url=self.request.route_url('login'))), 'error')
return httpexceptions.HTTPFound(
location=self.request.route_url('index'))
user = User.get_by_activation(activation)
if user is None or user.id != id_:
raise httpexceptions.HTTPNotFound()
user.activate()
self.request.session.flash(
jinja2.Markup(
_('Your account has been activated! '
'You can now <a href="{url}">sign in</a> using the password you '
'provided.').format(url=self.request.route_url('login'))),
'success')
self.request.registry.notify(ActivationEvent(self.request, user))
return httpexceptions.HTTPFound(
location=self.request.route_url('index'))
def delete_group_user(request):
gid = request.matchdict['group_id']
can_modify_group(request, gid)
user_id = request.POST['user_id']
request.db_session.query(LedGroupUser).filter(and_(LedGroupUser.led_group_id == gid,
LedGroupUser.led_user_id == user_id)).delete()
log(request, 'Removed from <a href="/group/{0}">group {0}</a>: {1}'.format(gid, get_user_by_id(request, user_id).email))
return exc.HTTPFound(location='/group/' + gid)
def save_leave(request):
auth_check_pass = Auth.check_user_session(request.session)
if not auth_check_pass:
raise exc.HTTPFound(request.route_url("login"))
pay = request.POST['payslip_data']
pay = json.loads(pay)
Pay.save_leave_data(pay)
return "Saved successfully"
def index(request):
user_id = cookie_auth.get_user_id_via_auth_cookie(request)
user = user_service.find_user_by_id(user_id)
if not user:
x.HTTPFound('/account/login')
return {
'user': user
}
def login(self):
if self.request.authenticated_userid is not None:
return httpexceptions.HTTPFound(location=self.login_redirect)
err, appstruct = validate_form(self.form, self.request.POST.items())
if err is not None:
return err
user = appstruct['user']
user.last_login_date = datetime.datetime.utcnow()
self.request.registry.notify(LoginEvent(self.request, user))
userid = 'acct:{}@{}'.format(user.username, self.request.domain)
headers = remember(self.request, userid)
return httpexceptions.HTTPFound(location=self.login_redirect,
headers=headers)
def login_post(request: Request):
vm = LoginViewModel(request)
vm.validate()
if vm.error:
return vm.to_dict()
cookie_auth.set_auth(request, vm.user.id)
return x.HTTPFound('/account')
def add_post(self):
if self.request.authenticated_userid != 'Administrator':
raise exc.HTTPForbidden()
author = self.request.authenticated_userid
title = self.request.params['title']
content = self.request.params['content']
post = Post(title, content, author)
DB.save(post)
raise exc.HTTPFound(self.request.route_url('post', id=post.id))
def edit_existing(request):
post_id = request.matchdict['entry']
this_entry = DBSession.query(Entry).filter(Entry.id == post_id).first()
form = NewEntry(request.POST, this_entry)
if request.POST and form.validate():
form.populate_obj(this_entry)
return ex.HTTPFound(request.route_url('entry', entry=post_id))
return {'form': form}
def route_by_content(context, request):
"""Routes the request according to the Content-Type header."""
mime_type, status_code = get_url_details(context.url(), request.headers)
# Can PDF mime types get extra info on the end like "encoding=?"
if mime_type in ("application/x-pdf", "application/pdf"):
# Unless we have some very baroque error messages they shouldn't
# really be returning PDFs
redirect_url = request.route_url("view_pdf", _query=request.params)
return exc.HTTPFound(redirect_url,
headers=_caching_headers(max_age=300))
via_url = _get_legacy_via_url(request)
headers = _cache_headers_for_http(status_code)
return exc.HTTPFound(via_url, headers=headers)
def get_appointments_alternate_view(request):
if "login_verification" not in request.session:
request.session["last_stop"] = get_appointments_alternate_route_name()
raise exc.HTTPFound(
request.route_url(get_login_verification_route_name()))
# request.route_url( ()),
if "username" in request.session and "permissions_dict" in request.session:
return {
"branding":
get_branding(),
"name":
get_appointments_alternate_route_name(),
"username":
get_username(request),
"route_prefix":
get_clientside_path_offset(),
"apps":
get_apps_list(request.session["permissions_dict"]),
"apis": {
"appointments":
request.route_url(get_api_test_appointments_route_name()),
"appt_users":
request.route_url(get_api_test_appt_users_route_name()),
"current_user":
request.route_url(get_api_test_current_user_route_name()),
"filters":
request.route_url(get_api_test_filters_route_name()),
"reassign":
request.route_url(get_api_test_reassign_route_name()),
"takebegin":
request.route_url(get_api_test_take_begin_route_name()),
"update_condition":
request.route_url(get_api_test_update_condition_route_name()),
"users":
request.route_url(get_api_test_users_route_name()),
},
"external_links": [
# {"url": "#", "name": "Link1"},
# {"url": "#", "name": "Link2"},
],
}
else:
raise exc.HTTPFound(request.route_url(get_login_route_name()))
def post(self):
"""Log the user in and redirect them."""
self._redirect_if_logged_in()
data = self.request.POST.items()
username = get_from_tuple(data, 'username')
password = get_from_tuple(data, 'password')
log = getPlazzaLogin(username, password)
if (log):
try:
appstruct = self.form.validate(self.request.POST.items())
user = appstruct['user']
headers = self._login(user)
return httpexceptions.HTTPFound(
location=self._login_redirect(), headers=headers)
except deform.ValidationFailure:
infoUser = json.loads(getUserPlazza(username, password))
displayName = infoUser["displayName"]
display = ""
unaccented_string = unidecode.unidecode(displayName)
for item in unaccented_string:
if item != " ":
display = display + item
else:
display = display + "_"
print("display")
print(display)
signup_service = self.request.find_service(name='user_signup')
user = signup_service.signup(username=display,
email=username,
password=password)
headers = self._login(user)
group = self.request.db.query(Group).filter_by(
pubid="__world__").one()
groups_service = self.request.find_service(name='group')
groups_service.member_join(group,
self.request.authenticated_userid)
return httpexceptions.HTTPFound(
location=self._login_redirect(), headers=headers)
else:
return {'form': self.form.render()}
def register_activate(request):
pid, code = validasi_activation(
request.matchdict['code'])
# LOG.debug((pid, code))
# link = request.route_url(
# 'register_activate',
# code='-'.join(
# [text_type(pid),
# code]))
# LOG.debug(link)
if (pid and code) is not None:
# cek exist code activation dan cari user berdasarkan nya
Activation = request.find_model('membership.activation')
activation = Activation.get_by_code(request.db, code)
if activation is None:
request.session.flash(_(
"We didn't recognize that activation link. "
"Perhaps you've already activated your account? "
'If so, try <a href="{url}">signing in</a> using the username '
'and password that you provided.').format(
url=request.route_url('_register_view')),
'error')
return httpexceptions.HTTPFound(
location=request.base_url)
User = request.find_model('membership.user')
user = User.get_by_activation(request.db, activation)
if user is None or user.pid != pid:
raise httpexceptions.HTTPNotFound()
user.activate()
request.session.flash(_(
'Your account has been activated! '
'You can now <a href="{url}">sign in</a> using the password you '
'provided.').format(url=request.route_url('_register_view')),
'success')
request.registry.notify(ActivationEvent(request, user))
return httpexceptions.HTTPFound(
location=request.base_url)
return httpexceptions.HTTPNotFound()
def login_complete(request):
"""This view is hit after a visitor has successfully authenticated with
one of the registered identity providers.
The successfully authenticated visitor will be remembered (given a cookie)
and redirected either to their profile page or back to the remote service
the came from. See ``capture_requesting_service`` for details on the
information put into a remote service redirect.
"""
context = request.context
identifier = discover_uid(context)
# Create user and identity entries if none are found.
try:
identity = DBSession.query(Identity) \
.filter(Identity.identifier==identifier) \
.filter(Identity.name==context.provider_name) \
.filter(Identity.type==context.provider_type) \
.first()
if not identity:
# So we have a new identity and potentially a new user, but
# that is unknown at this time.
user = acquire_user(request)
if user.id is None:
# We need the user id to make the relationship.
DBSession.flush()
identity = Identity(identifier,
context.provider_name,
context.provider_type,
json.dumps(context.profile),
json.dumps(context.credentials),
user=user)
DBSession.add(identity)
user = identity.user
except DBAPIError:
raise httpexceptions.HTTPServiceUnavailable(
connection_error_message,
content_type='text/plain',
)
# Remember the authenticated user for future requests.
auth_headers = remember(request, str(user.id))
# Check the session for endpoint redirection otherwise pop the
# user over to their user profile /user/{id}
if REFERRER_SESSION_KEY in request.session:
token = str(uuid.uuid4())
store = get_token_store()
value = user.id
store.store(token, value) # XXX Never expires.
# Send the user back to the service with the token and
# information about where they came from.
referrer_info = request.session.get(REFERRER_SESSION_KEY)
location = generate_service_validation_url(referrer_info, token)
else:
location = request.route_url('www-get-user', id=user.id)
return httpexceptions.HTTPFound(location=location, headers=auth_headers)
def source_dir_contest_new(request):
try:
check_capability(request, 'manage_contest')
contest_id, course_id = map(int,
request.matchdict['contest'].split('-'))
request.session['basket'] = Basket(contest_id, course_id)
return exc.HTTPFound(request.route_url('source.dir.home'))
except Exception as e:
return exc.HTTPForbidden() if e.__str__(
) == 'Access denied' else exc.HTTPInternalServerError()
def add_comment(self):
post_id = int(self.request.matchdict['id'])
post = DB.get(Post, post_id)
author = self.request.params['author']
message = self.request.params['message']
comment = Comment(message, author, post_id)
DB.save(comment)
post.comment_ids.append(comment.id)
DB.save(post)
raise exc.HTTPFound(self.request.route_url('post', id=post_id))
def ident_hash_missing_version(exc, request):
try:
version = get_latest_version(exc.id)
except httpexceptions.HTTPNotFound as e:
return e
route_name = request.matched_route.name
route_args = request.matchdict.copy()
route_args['ident_hash'] = join_ident_hash(exc.id, version)
return httpexceptions.HTTPFound(
request.route_path(route_name, _query=request.params, **route_args))
