def account_initialization(request):
"""
http://localhost/indivoapi/accounts/[email protected]/initialize/icmloNHxQrnCQKNn
"""
errors = {
'generic':
'There was a problem setting up your account. Please try again.'
}
api = get_api()
if request.method == HTTP_METHOD_GET:
return utils.render_template('ui/account_init', {})
if request.method == HTTP_METHOD_POST:
# a 404 returned from this call could indicate that the account doesn't
# exist! Awesome REST logic!
account_id = request.path_info.split('/')[3]
data = {
'secondary_secret': request.POST['conf1'] + request.POST['conf2']
}
ret = api.account_initialize(
account_id=account_id,
primary_secret=request.path_info.split('/')[5],
data=data)
if ret.response['response_status'] == 200:
return utils.render_template('ui/account_init_2', {'FULLNAME': ''})
else:
return utils.render_template('ui/account_init',
{'ERROR': errors['generic']})
def account_initialization(request):
"""
http://localhost/indivoapi/accounts/[email protected]/initialize/icmloNHxQrnCQKNn
"""
errors = {'generic':
'There was a problem setting up your account. Please try again.'}
api = get_api()
if request.method == HTTP_METHOD_GET:
return utils.render_template('ui/account_init', {})
if request.method == HTTP_METHOD_POST:
# a 404 returned from this call could indicate that the account doesn't
# exist! Awesome REST logic!
account_id = request.path_info.split('/')[3]
data = {'secondary_secret': request.POST['conf1'] +
request.POST['conf2']}
ret = api.account_initialize(
account_id=account_id,
primary_secret=request.path_info.split('/')[5],
data=data)
if ret.response['response_status'] == 200:
return utils.render_template('ui/account_init_2', {'FULLNAME': ''})
else:
return utils.render_template('ui/account_init', {'ERROR': errors['generic']})
def account_initialization_2(request):
if request.method == HTTP_METHOD_POST:
account_id = request.path_info.split('/')[3]
username = request.POST['username']
password = request.POST['pw1']
errors = {
'generic':
'There was a problem updating your data. Please try again. If you are unable to set up your account please contact support.'
}
api = get_api()
data = {
'system': 'password',
'username': username,
'password': password
}
ret = api.add_auth_system(account_id=account_id, data=data)
if ret.response['response_status'] == 200:
# everything's OK, log this person in, hard redirect to change
# location
tokens_get_from_server(request, username, password)
return HttpResponseRedirect('/')
else:
return utils.render_template('ui/account_init_2',
{'ERROR': errors['generic']})
return utils.render_template('ui/account_init_2', {})
def create_developer_account(request):
if request.method == "GET":
return utils.render_template('ui/create_developer_account', {})
# compose data hash
username = request.POST.get("username")
password = request.POST.get("password")
given_name = request.POST.get("given_name")
family_name = request.POST.get("family_name")
department = request.POST.get("department")
role = request.POST.get("role")
data = {
"account_id": username,
"password": password,
"given_name": given_name,
"family_name": family_name,
"department": department,
"role": role
}
api = get_api()
ret = api.call("POST", "/users/", options={'data': data})
if (ret == "account_exists"):
return utils.render_template(
'ui/create_developer_account',
{'ERROR': "Account '%s' is already registered." % username})
return utils.render_template(
LOGIN_PAGE, {
'MESSAGE':
"Account %s has been created.<br />Please log in." % username,
'ACCOUNT': username
})
def token_login_index(request, token):
request.session.flush()
api = get_api()
reqstore = request.GET
if (request.method == 'POST'): reqstore = request.POST
initial_app= reqstore.get('initial_app', "")
options = {'data': {'token':token}}
pin= reqstore.get('pin', "")
if pin:
options['data']['pin'] = pin
logintokenxml = api.call("GET", "/session/from_direct_url",
options=options)
if logintokenxml.startswith("Permission Denied"):
if "Wrong pin" in logintokenxml:
return utils.render_template("ui/need_pin",{})
return HttpResponse(logintokenxml)
logintoken= ET.fromstring(logintokenxml)
record_id = logintoken.find("Record").get("id")
record_name = logintoken.find("Record").get("label")
session_tokens = dict(urlparse.parse_qsl(logintoken.get("value")))
account_id = session_tokens['account_id']
request.session['oauth_token_set'] = session_tokens
request.session['account_id'] = urllib.unquote(account_id)
api = get_api(request)
account_id = urllib.unquote(request.session['oauth_token_set']['account_id'])
ret = api.account_info(account_id = account_id)
e = ET.fromstring(ret.response['response_data'])
fullname = e.findtext('givenName') +" "+ e.findtext('familyName')
target_template = "ui/proxy_index"
credentials = "''"
manifest = "''"
if (initial_app != ""):
target_template = "ui/single_app_view"
credentials = single_app_get_credentials(request, api, account_id, initial_app, record_id)
manifest = single_app_get_manifest(api, initial_app)
return utils.render_template(target_template,
{
'ACCOUNT_ID': session_tokens["account_id"],
'FULLNAME': fullname,
'PROXIED_RECORD_ID' : record_id,
'PROXIED_RECORD_NAME': record_name,
'INITIAL_APP': initial_app,
'SMART_PASSTHROUGH_SERVER': passthrough_server ,
'CREDENTIALS': credentials,
'MANIFEST': manifest
})
def create_developer_account(request):
if request.method == "GET":
return utils.render_template('ui/create_developer_account',
{})
api = get_api()
username = request.POST.get("username")
password = request.POST.get("password")
given_name = request.POST.get("given_name")
family_name = request.POST.get("family_name")
department = request.POST.get("department")
role = request.POST.get("role")
data = {"account_id" : username, "password" : password,
"given_name" : given_name, "family_name" : family_name,
"department": department, "role" : role}
ret = api.call("POST", "/users/", options={'data': data})
if (ret == "account_exists"):
return utils.render_template('ui/create_developer_account',
{ 'error': "Account '%s' is already registered."%username })
return utils.render_template(LOGIN_PAGE,
{"error": "Account %s has been created. Please log in."%username,
"account" : username
}
)
def showcase_index(request):
api = get_api()
initial_app= request.GET.get('initial_app', "")
ret = tokens_get_from_server(request, settings.PROXY_USER, settings.PROXY_PASSWORD)
if not ret:
return utils.render_template(LOGIN_PAGE, {'error': 'Could not find proxied user'})
return utils.render_template('ui/showcase',
{ 'ACCOUNT_ID': settings.PROXY_USER,
'INITIAL_APP': initial_app,
'SMART_PASSTHROUGH_SERVER': passthrough_server })
def reset_password(request):
"""The user lands here after he clicks the link embedded in the password
reset email.
"""
# GET request, show the form
if request.method == "GET":
account = request.GET.get('account_email', None)
secret = request.GET.get('account_secret', None)
return utils.render_template('ui/reset_password', {
'ACCOUNT': account,
'ACCOUNT_SECRET': secret
})
# get the data
account_email = request.POST.get('account_email', None)
account_secret = request.POST.get('account_secret', None)
# post to server
error_msg = None
api = get_api()
try:
data = {
"account_email": account_email,
"account_secret": account_secret,
"new_password": request.POST.get('new_password', None)
}
ret = api.call("POST", "/users/reset_password", options={'data': data})
except Exception, e:
error_msg = 'Failed to reset password:<br />%s<br />Please try again' % str(e)
def reset_password_request(request):
"""Shows the page prompting for the email address to which to send the
password reset instructions.
"""
if request.method == "GET":
account_email = request.GET.get('account_email', '')
return utils.render_template('ui/reset_password_request',
{'ACCOUNT': account_email})
# must be POST, try to reset password on the server
error_msg = None
account_email = request.POST.get("account_email")
if not account_email:
error_msg = "Please provide your email address"
else:
data = {"account_email": account_email}
api = get_api()
try:
ret = api.call("POST",
"/users/reset_password_request",
options={'data': data})
if (ret == "no_account_exists"):
error_msg = "Account <b>%s</b> does not exist." % account_email
except Exception, e:
error_msg = "Failed to request a password reset:<br />%s" % str(e)
def reset_password(request):
"""The user lands here after he clicks the link embedded in the password
reset email.
"""
# GET request, show the form
if request.method == "GET":
account = request.GET.get('account_email', None)
secret = request.GET.get('account_secret', None)
return utils.render_template('ui/reset_password', {
'ACCOUNT': account,
'ACCOUNT_SECRET': secret
})
# get the data
account_email = request.POST.get('account_email', None)
account_secret = request.POST.get('account_secret', None)
# post to server
error_msg = None
api = get_api()
try:
data = {
"account_email": account_email,
"account_secret": account_secret,
"new_password": request.POST.get('new_password', None)
}
ret = api.call("POST", "/users/reset_password", options={'data': data})
except Exception, e:
error_msg = 'Failed to reset password:<br />%s<br />Please try again' % str(
e)
def reset_password_request(request):
if request.method == "GET":
return utils.render_template('ui/reset_password_request', {})
account_email = request.POST.get("account_email")
data = {"account_email" : account_email}
api = get_api()
ret = api.call("POST", "/users/reset_password_request", options={'data': data})
if (ret == "no_account_exists"):
return utils.render_template('ui/reset_password_request',
{ 'error': "Account '%s' does not exist."%account_email})
return utils.render_template(LOGIN_PAGE,
{"error": "Account reset link e-mailed. Please check your e-mail for the link.",
"account" : account_email})
def authorize(request):
# check user is logged in
if not tokens_p(request):
url = "%s?return_url=%s" % (reverse(login), urllib.quote(request.get_full_path()))
return HttpResponseRedirect(url)
api = get_api(request)
# read the app info
REQUEST_TOKEN = request.REQUEST['oauth_token']
# process GETs (initial adding and a normal call for this app)
if request.method == HTTP_METHOD_GET and request.GET.has_key('oauth_token'):
# claim request token and check return value
if api.claim_request_token(request_token=REQUEST_TOKEN).response['response_status'] != 200:
return HttpResponse('bad response to claim_request_token')
app_info = api.get_request_token_info(request_token=REQUEST_TOKEN).response['response_data']
e = ET.fromstring(app_info)
record_id = e.find('record').attrib.get('id', None)
name = e.findtext('App/name')
app_id = e.find('App').attrib['id']
kind = e.findtext('kind')
description = e.findtext('App/description')
offline_capable = (e.findtext('DataUsageAgreement/offline') == "1")
# the "kind" param lets us know if this is app setup or a normal call
if kind == 'new':
return utils.render_template('ui/authorize',
{'NAME': name, 'DESCRIPTION': description, 'REQUEST_TOKEN': REQUEST_TOKEN, 'offline_capable' : offline_capable})
elif kind == 'same':
# return HttpResponse('fixme: kind==same not implimented yet')
# in this case we will have record_id in the app_info
return _approve_and_redirect(request, REQUEST_TOKEN)
else:
return HttpResponse('bad value for kind parameter')
# process POST
elif request.method == HTTP_METHOD_POST \
and request.POST.has_key('oauth_token'):
app_info = api.get_request_token_info(request_token=REQUEST_TOKEN).response['response_data']
e = ET.fromstring(app_info)
name = e.findtext('App/name')
app_id = e.find('App').attrib['id']
kind = e.findtext('kind')
description = e.findtext('App/description')
offline_capable = request.POST.get('offline_capable', False)
if offline_capable == "0":
offline_capable = False
return _approve_and_redirect(request, request.POST['oauth_token'], offline_capable = offline_capable)
else:
return HttpResponse('bad request method or missing param in request to authorize')
def login(request, info="", template=LOGIN_PAGE):
"""
clear tokens in session, show a login form, get tokens from indivo_server, then redirect to index
FIXME: make note that account will be disabled after 3 failed logins!!!
"""
# generate a new session
request.session.flush()
# set up the template
errors = {'missing': 'Either the username or password is missing. Please try again',
'incorrect' : 'Incorrect username or password. Please try again.',
'disabled' : 'This account has been disabled/locked.'}
FORM_USERNAME = '******'
FORM_PASSWORD = '******'
FORM_RETURN_URL = 'return_url'
# process form vars
if request.method == HTTP_METHOD_GET:
return_url = request.GET.get(FORM_RETURN_URL, '/')
if (return_url.strip()==""): return_url='/'
template_data = {FORM_RETURN_URL: return_url}
return utils.render_template(template,
template_data
)
if request.method == HTTP_METHOD_POST:
return_url = request.POST.get(FORM_RETURN_URL, '/')
if (return_url.strip()==""): return_url='/'
if request.POST.has_key(FORM_USERNAME) and request.POST.has_key(FORM_PASSWORD):
username = request.POST[FORM_USERNAME]
password = request.POST[FORM_PASSWORD]
else:
# Also checked initially in js
return utils.render_template(template, {'error': errors['missing'], FORM_RETURN_URL: return_url})
else:
utils.log('error: bad http request method in login. redirecting to /')
return HttpResponseRedirect('/')
# get tokens from the backend server and save in this user's django session
ret = tokens_get_from_server(request, username, password)
if not ret:
return utils.render_template(LOGIN_PAGE, {'error': errors['incorrect'], FORM_RETURN_URL: return_url})
return HttpResponseRedirect(return_url)
def index(request, template=INDEX_PAGE):
if not admin_tokens_p(request):
return HttpResponseRedirect(admin_login_url(request))
response = smart_call(request, "GET", "/apps/manifests/")
data = json.loads(str(response.content))
data = [{"name":d["name"], "id":d["id"]} for d in data]
data.sort();
return utils.render_template(template,{"apps":data})
def reset_password(request):
if request.method == "GET":
account=request.GET.get('account_email', None)
secret=request.GET.get('account_secret', None)
return utils.render_template('ui/reset_password', {'account_email': account, 'account_secret': secret})
account_email = request.POST.get('account_email', None)
data = {"account_email" : account_email,
"account_secret": request.POST.get('account_secret', None),
"new_password": request.POST.get('new_password', None)}
api = get_api()
ret = api.call("POST", "/users/reset_password", options={'data': data})
return utils.render_template(LOGIN_PAGE,
{"error": "Account password has been reset. Please log in below.",
"account" : account_email})
def showcase_index(request):
api = get_api()
initial_app = request.GET.get('app', "")
patients = request.GET.get('patients', "")
ret, reason = tokens_get_from_server(
request,
settings.PROXY_USER,
settings.PROXY_PASSWORD
)
if not ret:
return utils.render_template(LOGIN_PAGE, {
'ERROR': 'Could not find proxied user' # or use 'reason'?
})
return utils.render_template('ui/showcase', {
'ACCOUNT_ID': settings.PROXY_USER,
'INITIAL_APP': initial_app,
'HIDDEN_APPS': ",".join(settings.HIDDEN_APPS),
'PATIENTS': patients,
'SMART_PASSTHROUGH_SERVER': passthrough_server})
def account_initialization_2(request):
if request.method == HTTP_METHOD_POST:
account_id = request.path_info.split('/')[3]
username = request.POST['username']
password = request.POST['pw1']
errors = {'generic': 'There was a problem updating your data. Please try again. If you are unable to set up your account please contact support.'}
api = IndivoClient(settings.CONSUMER_KEY, settings.CONSUMER_SECRET, SMART_SERVER_LOCATION)
ret = api.add_auth_system(
account_id = account_id,
data = {'system':'password',
'username': username,
'password': password}
)
if ret.response['response_status'] == 200:
# everything's OK, log this person in, hard redirect to change location
tokens_get_from_server(request, username, password)
return HttpResponseRedirect('/')
else:
return utils.render_template('ui/account_init_2', {'ERROR': errors['generic']})
else:
return utils.render_template('ui/account_init_2', {})
def showcase_index(request):
api = get_api()
initial_app = request.GET.get('app', "")
patients = request.GET.get('patients', "")
ret, reason = tokens_get_from_server(request, settings.PROXY_USER,
settings.PROXY_PASSWORD)
if not ret:
return utils.render_template(
LOGIN_PAGE,
{
'ERROR': 'Could not find proxied user' # or use 'reason'?
})
return utils.render_template(
'ui/showcase', {
'ACCOUNT_ID': settings.PROXY_USER,
'INITIAL_APP': initial_app,
'HIDDEN_APPS': ",".join(settings.HIDDEN_APPS),
'PATIENTS': patients,
'SMART_PASSTHROUGH_SERVER': passthrough_server
})
def index(request, template='ui/index'):
if tokens_p(request):
# get the realname here. we already have it in the js account model
try:
api = get_api(request)
account_id = urllib.unquote(
request.session['oauth_token_set']['account_id'])
ret = api.account_info(account_id=account_id)
e = ET.fromstring(ret.response['response_data'])
fullname = e.findtext('givenName') + " " + e.findtext('familyName')
return utils.render_template(template, {
'ACCOUNT_ID': account_id,
'FULLNAME': fullname,
'SMART_API_SERVER': settings.SMART_API_SERVER_BASE,
'HIDE_GET_MORE_APPS': settings.HIDE_GET_MORE_APPS,
'HIDDEN_APPS': ",".join(settings.HIDDEN_APPS),
'SMART_PASSTHROUGH_SERVER': passthrough_server})
except Exception, e:
logging.error("Failed to render index page: %s" % e)
pass
def index(request, template='ui/index'):
print "INDEX", template
if tokens_p(request):
# get the realname here. we already have it in the js account model
try:
api = get_api(request)
account_id = urllib.unquote(request.session['oauth_token_set']['account_id'])
ret = api.account_info(account_id = account_id)
e = ET.fromstring(ret.response['response_data'])
fullname = e.findtext('givenName') +" "+ e.findtext('familyName')
return utils.render_template(template,
{ 'ACCOUNT_ID': account_id,
'FULLNAME': fullname,
'HIDE_GET_MORE_APPS': settings.HIDE_GET_MORE_APPS,
'SMART_PASSTHROUGH_SERVER': passthrough_server })
except: pass
if (template == "ui/mobile_index"):
return HttpResponseRedirect(reverse(mobile_login))
return HttpResponseRedirect(reverse(login))
def index(request, template='ui/index'):
if tokens_p(request):
# get the realname here. we already have it in the js account model
try:
api = get_api(request)
account_id = urllib.unquote(
request.session['oauth_token_set']['account_id'])
ret = api.account_info(account_id=account_id)
e = ET.fromstring(ret.response['response_data'])
fullname = e.findtext('givenName') + " " + e.findtext('familyName')
return utils.render_template(
template, {
'ACCOUNT_ID': account_id,
'FULLNAME': fullname,
'SMART_API_SERVER': settings.SMART_API_SERVER_BASE,
'HIDE_GET_MORE_APPS': settings.HIDE_GET_MORE_APPS,
'HIDDEN_APPS': ",".join(settings.HIDDEN_APPS),
'SMART_PASSTHROUGH_SERVER': passthrough_server
})
except Exception, e:
logging.error("Failed to render index page: %s" % e)
pass
def reset_password_request(request):
"""Shows the page prompting for the email address to which to send the
password reset instructions.
"""
if request.method == "GET":
account_email = request.GET.get('account_email', '')
return utils.render_template('ui/reset_password_request', {'ACCOUNT': account_email})
# must be POST, try to reset password on the server
error_msg = None
account_email = request.POST.get("account_email")
if not account_email:
error_msg = "Please provide your email address"
else:
data = {"account_email": account_email}
api = get_api()
try:
ret = api.call("POST", "/users/reset_password_request",
options={'data': data})
if (ret == "no_account_exists"):
error_msg = "Account <b>%s</b> does not exist." % account_email
except Exception, e:
error_msg = "Failed to request a password reset:<br />%s" % str(e)
def authorize(request):
"""Displays the "authorize this app" page to the user
This page upon GET serves the authorize page and upon POST approves the
request token
"""
# check if user is logged in
if not tokens_p(request):
url = "%s?return_url=%s" % (
reverse(login), urllib.quote(request.get_full_path()))
return HttpResponseRedirect(url)
api = get_api(request)
# read the app info
REQUEST_TOKEN = request.REQUEST.get('oauth_token')
# process GETs (initial adding and a normal call for this app)
if request.method == HTTP_METHOD_GET and REQUEST_TOKEN:
error = None
error_status = 0
# claim request token and check return value
try:
ret = api.claim_request_token(request_token=REQUEST_TOKEN)
if ret and ret.response:
error_status = ret.response.get('response_status', 0)
except Exception, e:
error = e
error_status = 401 if 'Unauthorized' == str(e) else 500
if error is None:
if 200 != error_status:
error = 'Error claiming request token'
else:
error_status = 0
# get app and record info
ret = api.get_request_token_info(request_token=REQUEST_TOKEN)
app_info = ret.response.get('response_data', '<root/>') if ret and ret.response else '<root/>'
app_tree = ET.fromstring(app_info)
# parse token XML
if app_tree:
record_id = app_tree.find('record').attrib.get('id')
name = app_tree.findtext('App/name')
app_id = app_tree.find('App').attrib.get('id')
kind = app_tree.findtext('kind')
description = app_tree.findtext('App/description')
offline_capable = (app_tree.findtext(
'DataUsageAgreement/offline') == "1")
# if we don't have a record_id or app_id, something is
# wrong with the token
if record_id and app_id:
# if the "kind" param equals "new" this app was never
# before authorized, so ask the user
if kind == 'new':
return utils.render_template('ui/authorize', {
'NAME': name,
'APP_ID': app_id,
'DESCRIPTION': description,
'REQUEST_TOKEN': REQUEST_TOKEN,
'OFFLINE_CAPABLE': offline_capable
})
elif kind == 'same':
# return HttpResponse('fixme: kind==same not implimented yet')
# in this case we will have record_id in the
# app_info
return _approve_and_redirect(request, REQUEST_TOKEN)
else:
error = 'Bad value for the token\'s "kind" parameter'
else:
error = 'The token contains no app id' if record_id else 'The token contains no record id'
else:
error = 'Failed to parse app info'
if error:
return utils.render_template('ui/error', {
'ERROR': error,
'ERROR_STATUS': error_status
})
def login(request, status=None, info="", template=LOGIN_PAGE):
"""
clear tokens in session, show a login form, get tokens from indivo_server,
then redirect to return_url or index
FIXME: make note that account will be disabled after 3 failed logins!!!
"""
# carry over login_return_url should we still have it
return_url = request.session.get('login_return_url')
request.session.flush()
# generate a new session and get return_url
if 'return_url' in request.POST:
return_url = request.POST['return_url']
elif 'return_url' in request.GET:
return_url = request.GET['return_url']
# save return_url and set up the template
params = {'SETTINGS': settings}
if return_url:
request.session['login_return_url'] = return_url
params['RETURN_URL'] = return_url
else:
return_url = '/'
if 'did_logout' == status:
params['MESSAGE'] = "You were logged out"
errors = {
'missing':
"Either the username or password is missing. Please try again.",
'incorrect': "Incorrect username or password. Please try again.",
'disabled': "This account has been disabled/locked."
}
username = None
# GET, simply return the login form
if request.method == HTTP_METHOD_GET:
return utils.render_template(template, params)
# credentials were posted, try to login
if request.method == HTTP_METHOD_POST:
if 'username' in request.POST and 'password' in request.POST:
username = request.POST['username']
password = request.POST['password']
else:
# Also checked initially in js
params['ERROR'] = errors['missing']
return utils.render_template(template, params)
else:
utils.log('error: bad http request method in login. redirecting to /')
return HttpResponseRedirect('/')
# get tokens from the backend server and save in this user's django session
ret, reason = tokens_get_from_server(request, username, password)
if not ret:
params['ERROR'] = errors[reason] if reason in errors else reason
params['ACCOUNT'] = username
return utils.render_template(LOGIN_PAGE, params)
return HttpResponseRedirect(return_url)
def token_login_index(request, token):
request.session.flush()
api = get_api()
reqstore = request.GET
if (request.method == 'POST'):
reqstore = request.POST
initial_app = reqstore.get('initial_app', "")
options = {'data': {'token': token}}
pin = reqstore.get('pin', "")
if pin:
options['data']['pin'] = pin
logintokenxml = api.call("GET",
"/session/from_direct_url",
options=options)
if logintokenxml.startswith("Permission Denied"):
if "Wrong pin" in logintokenxml:
return utils.render_template("ui/need_pin", {})
return HttpResponse(logintokenxml)
logintoken = ET.fromstring(logintokenxml)
record_id = logintoken.find("Record").get("id")
record_name = logintoken.find("Record").get("label")
session_tokens = dict(urlparse.parse_qsl(logintoken.get("value")))
account_id = session_tokens['account_id']
request.session['oauth_token_set'] = session_tokens
request.session['account_id'] = urllib.unquote(account_id)
api = get_api(request)
account_id = urllib.unquote(
request.session['oauth_token_set']['account_id'])
ret = api.account_info(account_id=account_id)
e = ET.fromstring(ret.response['response_data'])
fullname = e.findtext('givenName') + " " + e.findtext('familyName')
target_template = "ui/proxy_index"
credentials = "''"
manifest = "''"
if (initial_app != ""):
target_template = "ui/single_app_view"
credentials = single_app_get_credentials(request, api, account_id,
initial_app, record_id)
manifest = single_app_get_manifest(api, initial_app)
return utils.render_template(
target_template, {
'ACCOUNT_ID': session_tokens["account_id"],
'FULLNAME': fullname,
'PROXIED_RECORD_ID': record_id,
'PROXIED_RECORD_NAME': record_name,
'INITIAL_APP': initial_app,
'SMART_PASSTHROUGH_SERVER': passthrough_server,
'CREDENTIALS': credentials,
'MANIFEST': manifest
})
if demo.find('dob') is not None else '0000-00-00',
'gender':
demo.find('gender').text
if demo.find('gender') is not None else None,
'zip':
demo.find('zip').text
if demo.find('zip') is not None else None
}
records.append(record)
except Exception, e:
error_msg = e if record_xml else "Failed to parse records"
# if there was an error, render it now
if error_msg:
return utils.render_template('ui/error', {
'ERROR': error_msg,
'ERROR_STATUS': error_status
})
# render the template
params = {
'SETTINGS':
settings,
'API_BASE':
'%s://%s:%s' %
(SMART_SERVER_LOCATION['scheme'], SMART_SERVER_LOCATION['host'],
SMART_SERVER_LOCATION['port']),
'APP_ID':
app_id,
'ACCOUNT_ID':
account_id,
'START_URL':
def login(request, status=None, info="", template=LOGIN_PAGE):
"""
clear tokens in session, show a login form, get tokens from indivo_server,
then redirect to return_url or index
FIXME: make note that account will be disabled after 3 failed logins!!!
"""
# carry over login_return_url should we still have it
return_url = request.session.get('login_return_url')
request.session.flush()
# generate a new session and get return_url
if 'return_url' in request.POST:
return_url = request.POST['return_url']
elif 'return_url' in request.GET:
return_url = request.GET['return_url']
# save return_url and set up the template
params = {'SETTINGS': settings}
if return_url:
request.session['login_return_url'] = return_url
params['RETURN_URL'] = return_url
else:
return_url = '/'
if 'did_logout' == status:
params['MESSAGE'] = "You were logged out"
errors = {
'missing': "Either the username or password is missing. Please try again.",
'incorrect': "Incorrect username or password. Please try again.",
'disabled': "This account has been disabled/locked."
}
username = None
# GET, simply return the login form
if request.method == HTTP_METHOD_GET:
return utils.render_template(template, params)
# credentials were posted, try to login
if request.method == HTTP_METHOD_POST:
if 'username' in request.POST and 'password' in request.POST:
username = request.POST['username']
password = request.POST['password']
else:
# Also checked initially in js
params['ERROR'] = errors['missing']
return utils.render_template(template, params)
else:
utils.log('error: bad http request method in login. redirecting to /')
return HttpResponseRedirect('/')
# get tokens from the backend server and save in this user's django session
ret, reason = tokens_get_from_server(request, username, password)
if not ret:
params['ERROR'] = errors[reason] if reason in errors else reason
params['ACCOUNT'] = username
return utils.render_template(LOGIN_PAGE, params)
return HttpResponseRedirect(return_url)
def authorize(request):
"""Displays the "authorize this app" page to the user
This page upon GET serves the authorize page and upon POST approves the
request token
"""
# check if user is logged in
if not tokens_p(request):
url = "%s?return_url=%s" % (reverse(login),
urllib.quote(request.get_full_path()))
return HttpResponseRedirect(url)
api = get_api(request)
# read the app info
REQUEST_TOKEN = request.REQUEST.get('oauth_token')
# process GETs (initial adding and a normal call for this app)
if request.method == HTTP_METHOD_GET and REQUEST_TOKEN:
error = None
error_status = 0
# claim request token and check return value
try:
ret = api.claim_request_token(request_token=REQUEST_TOKEN)
if ret and ret.response:
error_status = ret.response.get('response_status', 0)
except Exception, e:
error = e
error_status = 401 if 'Unauthorized' == str(e) else 500
if error is None:
if 200 != error_status:
error = 'Error claiming request token'
else:
error_status = 0
# get app and record info
ret = api.get_request_token_info(request_token=REQUEST_TOKEN)
app_info = ret.response.get(
'response_data',
'<root/>') if ret and ret.response else '<root/>'
app_tree = ET.fromstring(app_info)
# parse token XML
if app_tree:
record_id = app_tree.find('record').attrib.get('id')
name = app_tree.findtext('App/name')
app_id = app_tree.find('App').attrib.get('id')
kind = app_tree.findtext('kind')
description = app_tree.findtext('App/description')
offline_capable = (
app_tree.findtext('DataUsageAgreement/offline') == "1")
# if we don't have a record_id or app_id, something is
# wrong with the token
if record_id and app_id:
# if the "kind" param equals "new" this app was never
# before authorized, so ask the user
if kind == 'new':
return utils.render_template(
'ui/authorize', {
'NAME': name,
'APP_ID': app_id,
'DESCRIPTION': description,
'REQUEST_TOKEN': REQUEST_TOKEN,
'OFFLINE_CAPABLE': offline_capable
})
elif kind == 'same':
# return HttpResponse('fixme: kind==same not implimented yet')
# in this case we will have record_id in the
# app_info
return _approve_and_redirect(
request, REQUEST_TOKEN)
else:
error = 'Bad value for the token\'s "kind" parameter'
else:
error = 'The token contains no app id' if record_id else 'The token contains no record id'
else:
error = 'Failed to parse app info'
if error:
return utils.render_template('ui/error', {
'ERROR': error,
'ERROR_STATUS': error_status
})
def document_access(request):
_verify_surl(request)
return utils.render_template('widgets/document_access', request.GET)
response = smart_call(request, "GET", "/apps/manifests/")
data = json.loads(str(response.content))
except Exception, e:
error_message = response.content if response else str(e)
apps = sorted(data, key=lambda k: k['name'])
# fetch OAuth credentials
for app in apps:
ret = smart_call(request, "GET", "/apps/%s/credentials" % app['id'])
creds = json.loads(ret.content)
app['consumer_key'] = creds['consumer_key']
app['consumer_secret'] = creds['consumer_secret']
return utils.render_template(template, {
"apps": apps,
"error_message": error_message
})
def manifest_add(request):
if not admin_tokens_p(request):
return HttpResponseRedirect(admin_login_url(request))
err_msg = None
if request.method == HTTP_METHOD_POST:
data = ""
filenames = [filename for filename, file in request.FILES.iteritems()]
if len(filenames) > 0:
data = "".join(
[chunk for chunk in request.FILES[filenames[0]].chunks()])
try:
response = smart_call(request, "GET", "/apps/manifests/")
data = json.loads(str(response.content))
except Exception, e:
error_message = response.content if response else str(e)
apps = sorted(data, key=lambda k: k['name'])
# fetch OAuth credentials
for app in apps:
ret = smart_call(request, "GET", "/apps/%s/credentials" % app['id'])
creds = json.loads(ret.content)
app['consumer_key'] = creds['consumer_key']
app['consumer_secret'] = creds['consumer_secret']
return utils.render_template(template, {"apps": apps, "error_message": error_message})
def manifest_add(request):
if not admin_tokens_p(request):
return HttpResponseRedirect(admin_login_url(request))
err_msg = None
if request.method == HTTP_METHOD_POST:
data = ""
filenames = [filename for filename, file in request.FILES.iteritems()]
if len(filenames) > 0:
data = "".join([chunk for chunk in request.FILES[filenames[0]].chunks()])
manifest = json.loads(data)
def document_access(request):
_verify_surl(request)
return utils.render_template('widgets/document_access', request.GET)
record = {
'id': r.attrib.get('id', 0),
'firstname': demo.find('firstname').text if demo.find('firstname') is not None else 'Unknown',
'lastname': demo.find('lastname').text if demo.find('lastname') is not None else None,
'dob': demo.find('dob').text if demo.find('dob') is not None else '0000-00-00',
'gender': demo.find('gender').text if demo.find('gender') is not None else None,
'zip': demo.find('zip').text if demo.find('zip') is not None else None
}
records.append(record)
except Exception, e:
error_msg = e if record_xml else "Failed to parse records"
# if there was an error, render it now
if error_msg:
return utils.render_template('ui/error', {
'ERROR': error_msg,
'ERROR_STATUS': error_status
})
# render the template
params = {
'SETTINGS': settings,
'API_BASE': '%s://%s:%s' % (SMART_SERVER_LOCATION['scheme'], SMART_SERVER_LOCATION['host'], SMART_SERVER_LOCATION['port']),
'APP_ID': app_id,
'ACCOUNT_ID': account_id,
'START_URL': start_url,
'FULLNAME': fullname,
'RECORDS': simplejson.dumps(records) if len(records) > 0 else None
}
return utils.render_template('ui/record_select', params)
