def get(self, mode=''): if mode == 'login': if 'allowed' in self.request.cookies and \ self.request.cookies['allowed'].count('_'): _twitter_id, _login_hash = \ self.request.cookies['allowed'].split('_', 1) user_info = UserInfo.all().filter('twitter_id =', _twitter_id).get() if user_info and _sha512(user_info.acc_key) == _login_hash: self.session = Session() self.session['twitter_id'] = _twitter_id return self.redirect('/home') auth = _oauth_handler() auth_url = auth.get_authorization_url() memcache.set(auth.request_token.key, auth.request_token.secret, 3600) return self.redirect(auth_url) elif mode == 'verify': auth = _oauth_handler() ver = self.request.get('oauth_verifier') req_key = self.request.get('oauth_token') req_sec = memcache.get(req_key) auth.set_request_token(req_key, req_sec) acc_token = auth.get_access_token(ver) api = tweepy.API(auth_handler=auth) me = api.me() if not UserInfo.all().filter('twitter_id =', str(me.id)).get(): user_info = UserInfo(twitter_id=str(me.id), screen_name=me.screen_name, name=me.name, image=me.profile_image_url, acc_key=acc_token.key, acc_sec=acc_token.secret) user_info.put() self.session = Session() self.session.delete_item('twitter_id') self.session['twitter_id'] = str(me.id) c = SimpleCookie() c['allowed'] = '%d_%s' % (me.id, _sha512(acc_token.key)) c['allowed']['path'] = '/auth' c['allowed']['expires'] = 86400 * 10 self.response.headers.add_header('Set-Cookie', c.output(header='')) return self.redirect('/home') elif mode == 'logout': user_info = _login_user(self) if user_info: self.session = Session() self.session.delete_item('twitter_id') return self.redirect('/')
def post(self): session = Session() greeting = db.get(self.request.get("key")) tweets = Tweet.gql("WHERE img = :1 ", str(self.request.get("key"))) db.delete(greeting) db.delete(tweets) self.redirect('/main')
def post(self): try: domain = self.request.get('domain') task_id = int(self.request.get('id')) assignee = self.request.get('assignee') except (TypeError, ValueError): self.error(403) logging.error("Invalid input") return user = api.get_and_validate_user(domain) if not user: self.error(403) return assignee = User.get_by_key_name(assignee) if not assignee: self.error(403) logging.error("No assignee") return task = api.assign_task(domain, task_id, user, assignee) session = Session(writer='cookie', wsgiref_headers=self.response.headers) add_message( session, "Task '%s' assigned to '%s'" % (task.title(), assignee.name)) self.redirect('/d/%s/' % domain)
def post(self): try: domain = self.request.get('domain') description = self.request.get('description') parent_identifier = self.request.get('parent', "") if not description: raise ValueError("Empty description") # The checkbox will return 'on' if checked and None # otherwise. self_assign = bool(self.request.get('assign_to_self')) except (TypeError, ValueError): self.error(400) return user = api.get_and_validate_user(domain) if not user: self.error(401) return self.session = Session(writer='cookie', wsgiref_headers=self.response.headers) assignee = user if self_assign else None if not parent_identifier: parent_identifier = None task = api.create_task(domain, user, description, assignee=assignee, parent_task=parent_identifier) add_message(self.session, "Task '%s' created" % task.title()) if parent_identifier: self.redirect('/d/%s/task/%s' % (domain, parent_identifier)) else: self.redirect('/d/%s/' % domain)
def get(self, domain_identifier, task_identifier): task = api.get_task(domain_identifier, task_identifier) if not task: self.error(404) return session = Session(writer='cookie', wsgiref_headers=self.response.headers) user = api.get_user() domain = api.get_domain(domain_identifier) subtasks = api.get_all_subtasks(domain_identifier, task) parent_task = task.parent_task parent_identifier = parent_task.identifier() if parent_task else "" parent_title = parent_task.title() if parent_task else "" template_values = { 'domain_name': domain.name, 'domain_identifier': domain_identifier, 'user_name': user.name, 'user_identifier': user.identifier(), 'messages': get_and_delete_messages(session), 'task_title': task.title(), 'task_description': task.description_body(), 'task_assignee': assignee_description(task), 'task_identifier': task.identifier(), 'task_can_assign_to_self': api.can_assign_to_self(task, user), 'subtasks': _task_template_values(subtasks, user), 'parent_identifier': parent_identifier, 'parent_title': parent_title, } path = os.path.join(os.path.dirname(__file__), 'templates/taskdetail.html') self.response.out.write(template.render(path, template_values))
def _view(request, *args, **kwargs): # get the session and check for a user, fail if it doesn't exist if Session().get("user") is None: # failed request return _json_unauthorized_response() # return the original API call through return view_func(request, *args, **kwargs)
def post(self): try: domain_identifier = self.request.get('domain') task_identifier = self.request.get('task_id') except (TypeError, ValueError): self.error(400) return user = api.get_and_validate_user(domain_identifier) if not user: self.error(401) return self.session = Session(writer='cookie', wsgiref_headers=self.response.headers) try: description = self.request.get('description') task = api.change_task_description(domain_identifier, task_identifier, description, user) except ValueError: self.error(403) self.response.out.write("Error while editing task: %s" % error) return add_message(self.session, "Task '%s' edited" % task.title()) self.redirect('/d/%s/task/%s' % (domain_identifier, task_identifier))
def get(self, domain_identifier, task_identifier): task = api.get_task(domain_identifier, task_identifier) user = api.get_and_validate_user(domain_identifier) view = self.request.get('view', 'all') if not task or not user: self.error(404) return session = Session(writer='cookie', wsgiref_headers=self.response.headers) user = api.get_logged_in_user() domain = api.get_domain(domain_identifier) if view == 'yours': subtasks = api.get_assigned_tasks(domain_identifier, user, root_task=task, limit=200) subtasks_heading = "Subtasks of '%s' Assigned to You" % task.title( ) no_subtasks_description = "No subtasks are assigned to you." elif view == 'open': subtasks = api.get_open_tasks(domain_identifier, root_task=task, limit=200) subtasks_heading = "Open Subtasks of '%s'" % task.title() no_subtasks_description = "No open subtasks for this task." else: # view == 'all' or None view = 'all' user_id = user.identifier() subtasks = api.get_all_direct_subtasks(domain_identifier, root_task=task, limit=200, user_identifier=user_id) subtasks_heading = "All Subtasks of '%s'" % task.title() no_subtasks_description = "No subtasks for this task." parent_task = task.parent_task parent_identifier = parent_task.identifier() if parent_task else "" parent_title = parent_task.title() if parent_task else "" template_values = { 'domain_name': domain.name, 'domain_identifier': domain_identifier, 'view_mode': view, 'user_name': user.name, 'user_identifier': user.identifier(), 'messages': get_and_delete_messages(session), 'task_title': task.title(), 'task_description': task.description_body(), 'task_assignee': task.assignee_description(), 'task_identifier': task.identifier(), 'task_has_subtasks': not task.atomic(), 'task_can_assign_to_self': api.can_assign_to_self(task, user), 'task_can_edit': api.can_edit_task(domain, task, user), 'subtasks': _task_template_values(subtasks, user), 'parent_identifier': parent_identifier, 'parent_title': parent_title, 'subtasks_heading': subtasks_heading, 'no_subtasks_description': no_subtasks_description, } self.response.out.write( render_template('templates/taskdetail.html', template_values))
def get(self): session = Session() greeting = db.get(self.request.get("img_id")) if greeting.avatar: self.response.headers['Content-Type'] = "image/png" self.response.out.write(greeting.avatar) else: self.response.out.write("No image")
def get(self): session = Session() session["name"] = "no name" session["tag"] = "" session["pass"] = "" path = os.path.join(os.path.dirname(__file__), 'index.html') template_value = {} self.response.out.write(template.render(path, template_value))
def get_session(): secure, httponly = False, True if DEV: secure = False session = Session(cookie_name='andrewtrusty.appspot', secure=secure, httponly=httponly) return session
def post(self): session = Session() room = Room.get_or_insert(session["tag"]) room.isPass = not room.isPass if not room.isPass: room.password = self.request.get("pass") session["pass"] = room.password room.put() self.redirect('/main')
def post(self): session = Session() if len(self.request.get("tag")) > 0: session["tag"] = self.request.get("tag") if len(self.request.get("name")) > 0: session["name"] = self.request.get("name") room = Room.get_or_insert(session["tag"]) room.put() self.redirect('/main')
def getLoggedInUser(self): mySession = Session() # user is stored in Session variable if logged in if 'username' in mySession: user = mySession['username'] if user > ' ': #self.response.out.write("User="******"<BR>") return user else: return None else: return None
def loggedin(self): mySession = Session() # user is stored in Session variable if logged in if 'username' in mySession: user = mySession['username'] if user: #self.response.out.write("User="******"<BR>") return user log = CumulusLog() log.category = "Debug" log.message = "No User in Session, redirecting to /login page" log.put() self.redirect("/login")
def GetGDocsAuthenticatedClientForCurrentUser(): """ Logon to Google with the user currently logged on to Cumulus. See more detailed programming/API comments in GetGDocsAuthenticatedClient. """ providerName = "GoogleAppAccount" mySession = Session() if not 'subscriberkey' in mySession: raise ("no subscriberkey in Session") subscriberkey = mySession['subscriberkey'] subscriber = Subscriber.get(subscriberkey) if not subscriber: raise ("Subscriber not found with subscriberkey=" + str(subscriberkey)) query = Provider.gql("where name = :1 ", providerName) LIMIT = 1 providerList = query.fetch(LIMIT) if len(providerList) > 0: provider = providerList[0] else: raise Exception("Provider not found with providerName= " + providerName) query = SubscriberProviderCredentials.gql( "where subscriber = :1 and provider = :2 ", subscriber, provider) LIMIT = 1 credentialsList = query.fetch(LIMIT) if len(credentialsList) > 0: credentials = credentialsList[0] else: raise Exception("No credentials found for provider=" + providerName + " and subscriber = " + subscriber.firstname + " " + subscriber.lastname) # Tell the client that we are running in single user mode, and it should not # automatically try to associate the token with the current user then store # it in the datastore. client = gdata.docs.service.DocsService() gdata.alt.appengine.run_on_appengine(client, store_tokens=False, single_user_mode=True) objKeyValuePair = KeyValuePair() #userid = subscriber.googleAppsUserid #password = subscriber.googleAppsPassword client.email = credentials.userid client.password = credentials.password client.service = 'writely' #for Google Docs (include spreadsheets?) client.accountType = "HOSTED" client.ClientLogin(client.email, client.password) return client
def get(self): from appengine_utilities.sessions import Session import uuid session = Session() session['kkk'] = str(uuid.uuid4()) Session.delete_all_sessions() msg = '' memcache.flush_all() self.response.headers['content-type'] = 'text/plain' self.response.out.write('deleteSession memcache.flush_all ok. %s' % msg)
def post(self): session = Session() tweet = Tweet() tweet.img = str(self.request.get("key")) tweet.content = self.request.get("comment") tweet.author = session["name"] tweet.put() greeting = db.get(self.request.get("key")) greeting.modify = datetime.datetime.now() greeting.put() self.redirect('/main')
def post(self): session = Session() greetings = Greeting.gql("WHERE tag = :1", tag) for greeting in greetings: greeting.tag = self.request.get("newtag") greeting.put() room = Room.get_or_insert(session["tag"]) db.delete(room) newroom = Room.get_or_insert(self.request.get("newtag")) newroom.put() session["tag"] = self.request.get("newtag") self.redirect('/main')
def SessionCheck(): return True sess = Session() if (not sess.get(keyname='user')): return False fname = sess['fname'] lname = sess['lname'] if (not (fname == 'Roger')): return False return True
def auth(request): """ API Method - /auth If credentials are correct a new session is created for this user which authorizes them to use protected API methods. @method POST @param email: user's email address @param password: user's password @returns stock JSON response """ # required parameters email = request.POST.get("email") password = request.POST.get("password") # hash the password password = _hash_password(password) # Look up a User object that matches the email/password users = User.all() users \ .filter("email =", email) \ .filter("password ="******"Email or password is invalid.") # Somehow more than one client with the same user/password have # been created, which should never happen. Error out here. if users.count() > 1: return _json_response( details=None, success=False, msg="Internal security error. Contact an administrator") # Pull the User from the datastore user = users.get() # Build a new session object and store the user session = Session() session["user"] = user # return stock JSON with user details return _json_response(user=user.to_json())
def post(self): """Handels the get request for the MainHandler. Retrieves a list of all of the domain's users and sends it to the Client as a JSON object. """ users_list = [] session = Session() domain = session['domain'] client = AppsClient(domain=domain) client.auth_token = self.Get2loToken() client.ssl = True feed = client.RetrieveAllUsers() for entry in feed.entry: users_list.append(entry.login.user_name) self.response.out.write(json.dumps(users_list))
def logout(request): """ API Method - /logout Destroys the active user's session object. Any further use of protected API methods will require a new session via the auth API. @method GET @returns stock JSON response """ # delete session and return stock JSON response with a msg # indicating the user has logged out session = Session() session.delete() return _json_response(msg="User has been logged out.")
def post(self): try: domain_id = self.request.get('domain') title = self.request.get('title') except (TypeError, ValueError): self.error(403) return user = api.get_user() domain = api.create_domain(domain_id, title, user) if not domain: self.response.out.write("Could not create domain") return session = Session(writer='cookie', wsgiref_headers=self.response.headers) add_message(session, "Created domain '%s'" % domain.key().name()) self.redirect('/d/%s/' % domain.key().name())
def get(self, domain_identifier): user = api.get_and_validate_user(domain_identifier) if not user: self.error(404) # hides domain identifiers return session = Session(writer='cookie', wsgiref_headers=self.response.headers) view = self.request.get('view', 'all') domain = api.get_domain(domain_identifier) if view == 'yours': tasks = api.get_assigned_tasks(domain_identifier, user, root_task=None, limit=200) no_tasks_message = "You do not have any unfinished tasks" tasks_heading = "Your Tasks" elif view == 'open': tasks = api.get_open_tasks(domain_identifier, root_task=None, limit=200) no_tasks_message = "No open subtasks in this domain" tasks_heading = "Open Tasks" else: # view == 'all' or None view = 'all' user_id = user.identifier() tasks = api.get_all_direct_subtasks(domain_identifier, root_task=None, limit=200, user_identifier=user_id) tasks_heading = "All Tasks" no_tasks_message = "No tasks are created in this domain" template_values = { 'domain_name': domain.name, 'domain_identifier': domain_identifier, 'user_name': user.name, 'user_identifier': user.identifier(), 'messages': get_and_delete_messages(session), 'tasks': _task_template_values(tasks, user), 'tasks_heading': tasks_heading, 'no_tasks_message': no_tasks_message, 'view_mode': view, } self.response.out.write( render_template('templates/overview.html', template_values))
def get(self): user = api.get_user() domains = api.get_all_domains_for_user(user) session = Session(writer='cookie', wsgiref_headers=self.response.headers) template_values = { 'username': user.name, 'domains': [{ 'identifier': domain.identifier(), 'name': domain.name } for domain in domains], 'messages': get_and_delete_messages(session), } path = os.path.join(os.path.dirname(__file__), 'templates/landing.html') self.response.out.write(template.render(path, template_values))
def post(self): session = Session() greetings = Greeting.gql("WHERE author = :1", self.request.get("name")) tags = set([]) for greeting in greetings: tags |= set([greeting.tag]) chars = [] length = [] for t in tags: chars.append(t[:2]) length.append("x" * (len(t) - 2)) lists = zip(chars, length) template_value = { 'name': self.request.get("name"), 'lists': lists, } path = os.path.join(os.path.dirname(__file__), 'forgot.html') self.response.out.write(template.render(path, template_value))
def get(self): session = Session() if 'tag' in session: pass else: self.response.out.write( "<font color='ff0000'> Enter Any Tag. </font>") self.redirect("/") room = Room.get_by_key_name(session["tag"]) if room.isPass == False and session["pass"] != room.password: self.response.out.write( """Password: <form action='/check' method='post'><textarea name='pass' rows='1' cols='10'></textarea><input type='submit' value='submit'></form>""" ) else: isPass = room.isPass greetings = Greeting.gql("WHERE tag = :1 ORDER BY date DESC", session["tag"]) tweets_list = [] for greeting in greetings: temps = Tweet.gql("WHERE img = :1 ORDER BY date ASC", str(greeting.key())) tweets_list.append(temps) lists = zip(greetings, tweets_list) names = set([]) for greeting in greetings: names |= set([greeting.author]) members = list(names) members.sort() template_value = { 'tag': session["tag"], 'name': session["name"], 'members': members, 'lists': lists, 'isPass': isPass, } path = os.path.join(os.path.dirname(__file__), 'main.html') self.response.out.write(template.render(path, template_value))
def post(self): """Fetches a request token and redirects the user to the approval page.""" self.session = Session() if users.get_current_user(): # 1.) REQUEST TOKEN STEP. Provide the data scope(s) and the page we'll # be redirected back to after the user grants access on the approval page. req_token = gdocs.FetchOAuthRequestToken( scopes=SETTINGS['SCOPES'], oauth_callback=self.request.uri) # Generate the URL to redirect the user to. Add the hd paramter for a # better user experience. Leaving it off will give the user the choice # of what account (Google vs. Google Apps) to login with. domain = self.request.get('domain', default_value='default') approval_page_url = gdocs.GenerateOAuthAuthorizationURL( extra_params={'hd': domain}) # 2.) APPROVAL STEP. Redirect to user to Google's OAuth approval page. self.redirect(approval_page_url)
def get(self, username): """Handels the get request for the UserDetailsHandler. Sends groups, organization unit and nicknames for the user in a JSON object. Args: username: A string denoting the user's username. """ session = Session() domain = session['domain'] if not domain: self.redirect('/') details = {} details['groups'] = self.GetGroups(domain, username) details['orgunit'] = self.GetOrgunit(domain, username) details['nicknames'] = self.GetNicknames(domain, username) data = json.dumps(details) logging.debug('Sending data...') logging.debug(data) self.response.out.write(data) logging.debug('Data sent successfully')