def forgot(request):
_ = request.translate
if request.method != 'POST' or 'username' not in request.POST:
return {}
u = DBSession.query(User) \
.filter_by(username=request.POST['username']) \
.first()
if not u:
request.messages.error(_('Unknown username.'))
request.response.status_code = HTTPBadRequest.code
return {}
if not u.email:
request.messages.error(_('No e-mail address associated with username.'))
request.response.status_code = HTTPBadRequest.code
return {}
token = PasswordResetToken(u)
DBSession.add(token)
DBSession.flush()
mailer = get_mailer(request)
body = render('mail/password_reset.mako', {
'user': u,
'requested_by': request.remote_addr,
'url': request.route_url('account_reset', token=token.token)
}, request=request)
message = Message(subject=_('CCVPN: Password reset request'),
recipients=[u.email],
body=body)
mailer.send(message)
request.messages.info(_('We sent a reset link. Check your emails.'))
return {}
def order_post(request):
_ = request.translate
code = request.POST.get('code')
if code:
return order_post_gc(request, code)
times = (1, 3, 6, 12)
try:
method_name = request.POST.get('method')
time_months = int(request.POST.get('time'))
except (ValueError, TypeError):
return HTTPSeeOther(location=request.route_url('account'))
if method_name == 'admin' and request.user.is_admin:
time = datetime.timedelta(days=30 * time_months)
request.user.add_paid_time(time)
return HTTPSeeOther(location=request.route_url('account'))
method = request.payment_methods.get(method_name)
if not method or time_months not in times:
return HTTPBadRequest('Invalid method/time')
time = datetime.timedelta(days=30 * time_months)
o = method.init(request.user, time)
DBSession.add(o)
DBSession.flush()
return method.start(request, o)
def forgot(request):
_ = request.translate
if request.method != 'POST' or 'username' not in request.POST:
return {}
u = DBSession.query(User) \
.filter_by(username=request.POST['username']) \
.first()
if not u:
request.messages.error(_('Unknown username.'))
request.response.status_code = HTTPBadRequest.code
return {}
if not u.email:
request.messages.error(
_('No e-mail address associated with username.'))
request.response.status_code = HTTPBadRequest.code
return {}
token = PasswordResetToken(u)
DBSession.add(token)
DBSession.flush()
mailer = get_mailer(request)
body = render('mail/password_reset.mako', {
'user': u,
'requested_by': request.remote_addr,
'url': request.route_url('account_reset', token=token.token)
},
request=request)
message = Message(subject=_('CCVPN: Password reset request'),
recipients=[u.email],
body=body)
mailer.send(message)
request.messages.info(_('We sent a reset link. Check your emails.'))
return {}
def order_callback(request):
id = int(request.matchdict['hexid'], 16)
o = DBSession.query(Order).filter_by(id=id).first()
if not o:
return HTTPNotFound()
method = methods.METHOD_IDS[o.method]
ret = method().callback(request, o)
DBSession.flush()
return ret
def order_callback(request):
_ = request.translate
id = int(request.matchdict['hexid'], 16)
o = DBSession.query(Order).filter_by(id=id).first()
if not o:
return HTTPNotFound()
method = request.payment_methods.get(o.method)
r = method.callback(request, o)
DBSession.flush()
return r
def account_post(request):
_ = request.translate
redirect = HTTPSeeOther(location=request.route_url('account'))
profiles_limit = 10
profile_name = request.POST.get('profilename')
profile_delete = request.POST.get('delete')
if profile_name:
p = Profile()
if not p.validate_name(profile_name):
request.messages.error(_('Invalid name.'))
return redirect
# Check if the name is already used
used = DBSession.query(Profile).filter_by(uid=request.user.id) \
.filter_by(name=profile_name).first()
if used:
request.messages.error(_('Name already used.'))
return redirect
# Check if this user's under the profile number limit
profiles_count = DBSession.query(func.count(Profile.id)) \
.filter_by(uid=request.user.id).scalar()
if profiles_count > profiles_limit:
request.messages.error(_('You have too many profiles.'))
return redirect
p.name = profile_name
p.uid = request.user.id
DBSession.add(p)
DBSession.flush()
return HTTPSeeOther(
location=request.route_url('account_profiles_edit', id=p.id))
if profile_delete:
try:
profile_delete = int(profile_delete)
except ValueError:
return redirect
p = DBSession.query(Profile) \
.filter_by(id=int(profile_delete)) \
.filter(Profile.name != '') \
.filter_by(uid=request.user.id) \
.first()
if not p:
request.messages.error(_('Unknown profile.'))
return redirect
DBSession.delete(p)
return redirect
def account_post(request):
_ = request.translate
redirect = HTTPSeeOther(location=request.route_url('account'))
profiles_limit = 10
profile_name = request.POST.get('profilename')
profile_delete = request.POST.get('delete')
if profile_name:
p = Profile()
if not p.validate_name(profile_name):
request.messages.error(_('Invalid name.'))
return redirect
# Check if the name is already used
used = DBSession.query(Profile).filter_by(uid=request.user.id) \
.filter_by(name=profile_name).first()
if used:
request.messages.error(_('Name already used.'))
return redirect
# Check if this user's under the profile number limit
profiles_count = DBSession.query(func.count(Profile.id)) \
.filter_by(uid=request.user.id).scalar()
if profiles_count > profiles_limit:
request.messages.error(_('You have too many profiles.'))
return redirect
p.name = profile_name
p.uid = request.user.id
DBSession.add(p)
DBSession.flush()
return HTTPSeeOther(location=request.route_url('account_profiles_edit', id=p.id))
if profile_delete:
try:
profile_delete = int(profile_delete)
except ValueError:
return redirect
p = DBSession.query(Profile) \
.filter_by(id=int(profile_delete)) \
.filter(Profile.name != '') \
.filter_by(uid=request.user.id) \
.first()
if not p:
request.messages.error(_('Unknown profile.'))
return redirect
DBSession.delete(p)
return redirect
def order_post_gc(request, code):
try:
gc = GiftCode.one(code=code)
gc.use(request.user)
time = gc.time.days
request.messages.info('OK! Added %d days to your account.' % time)
DBSession.flush()
except (NoResultFound, MultipleResultsFound):
request.messages.error('Unknown code.')
except AlreadyUsedGiftCode:
request.messages.error('Already used code')
return HTTPSeeOther(location=request.route_url('account'))
def signup(request):
## TODO: seriously needs refactoring
_ = request.translate
if request.method != 'POST':
return {}
errors = []
try:
username = request.POST.get('username')
password = request.POST.get('password')
password2 = request.POST.get('password2')
email = request.POST.get('email')
if not User.validate_username(username):
errors.append(_('Invalid username.'))
if not User.validate_password(password):
errors.append(_('Invalid password.'))
if email and not User.validate_email(email):
errors.append(_('Invalid email address.'))
if password != password2:
errors.append(_('Both passwords do not match.'))
assert not errors
used = User.is_used(username, email)
if used[0] > 0:
errors.append(_('Username already registered.'))
if used[1] > 0 and email:
errors.append(_('E-mail address already registered.'))
assert not errors
with transaction.manager:
u = User(username=username, email=email, password=password)
if request.referrer:
u.referrer_id = request.referrer.id
DBSession.add(u)
DBSession.flush()
dp = Profile(uid=u.id, name='')
DBSession.add(dp)
request.session['uid'] = u.id
return HTTPSeeOther(location=request.route_url('account'))
except AssertionError:
for error in errors:
request.messages.error(error)
fields = ('username', 'password', 'password2', 'email')
request.response.status_code = HTTPBadRequest.code
return {k: request.POST[k] for k in fields}
def signup(request):
## TODO: seriously needs refactoring
_ = request.translate
if request.method != 'POST':
return {}
errors = []
try:
username = request.POST.get('username')
password = request.POST.get('password')
password2 = request.POST.get('password2')
email = request.POST.get('email')
if not User.validate_username(username):
errors.append(_('Invalid username.'))
if not User.validate_password(password):
errors.append(_('Invalid password.'))
if email and not User.validate_email(email):
errors.append(_('Invalid email address.'))
if password != password2:
errors.append(_('Both passwords do not match.'))
assert not errors
used = User.is_used(username, email)
if used[0] > 0:
errors.append(_('Username already registered.'))
if used[1] > 0 and email:
errors.append(_('E-mail address already registered.'))
assert not errors
with transaction.manager:
u = User(username=username, email=email, password=password)
if request.referrer:
u.referrer_id = request.referrer.id
DBSession.add(u)
DBSession.flush()
dp = Profile(uid=u.id, name='')
DBSession.add(dp)
request.session['uid'] = u.id
return HTTPSeeOther(location=request.route_url('account'))
except AssertionError:
for error in errors:
request.messages.error(error)
fields = ('username', 'password', 'password2', 'email')
request.response.status_code = HTTPBadRequest.code
return {k: request.POST[k] for k in fields}
def order_post_gc(request, code):
_ = request.translate
try:
gc = GiftCode.one(code=code)
gc.use(request.user)
time = gc.time.days
request.messages.info(_('OK! Added ${time} days to your account.',
mapping={'time': time}))
DBSession.flush()
except (NoResultFound, MultipleResultsFound):
request.messages.error(_('Unknown gift code.'))
except AlreadyUsedGiftCode:
request.messages.error(_('Gift code already used.'))
return HTTPSeeOther(location=request.route_url('account'))
def tickets_new(request):
_ = request.translate
if request.method != 'POST':
return {}
try:
subject = request.POST['subject']
body = request.POST['message']
subscribe = 'subscribe' in request.POST
except KeyError:
return {}
errors = []
if len(subject) < 1:
errors.append(_('Subject empty'))
if len(subject) > 40:
errors.append(_('Subject too long'))
if len(body) < 1:
errors.append(_('Message empty'))
if len(body) > 2000:
errors.append(_('Message too long'))
if errors:
for e in errors:
request.messages.error(e)
return {'subject': subject, 'message': body}
ticket = Ticket()
ticket.user_id = request.user.id
ticket.subject = subject
ticket.notify_owner = subscribe
DBSession.add(ticket)
DBSession.flush()
message = TicketMessage()
message.ticket_id = ticket.id
message.user_id = request.user.id
message.content = body
DBSession.add(message)
url = request.route_url('tickets_view', id=ticket.id)
return HTTPSeeOther(location=url)
def tickets_new(request):
_ = request.translate
if request.method != 'POST':
return {}
try:
subject = request.POST['subject']
body = request.POST['message']
subscribe = 'subscribe' in request.POST
except KeyError:
return {}
errors = []
if len(subject) < 1:
errors.append(_('Subject empty'))
if len(subject) > 40:
errors.append(_('Subject too long'))
if len(body) < 1:
errors.append(_('Message empty'))
if len(body) > 2000:
errors.append(_('Message too long'))
if errors:
for e in errors:
request.messages.error(e)
return {'subject': subject, 'message': body}
ticket = Ticket()
ticket.user_id = request.user.id
ticket.subject = subject
ticket.notify_owner = subscribe
DBSession.add(ticket)
DBSession.flush()
message = TicketMessage()
message.ticket_id = ticket.id
message.user_id = request.user.id
message.content = body
DBSession.add(message)
url = request.route_url('tickets_view', id=ticket.id)
return HTTPSeeOther(location=url)
def post_item(self):
if 'id' in self.request.POST and self.request.POST['id'] != '':
item = self.get_item(self.request.POST['id'])
item_id = self.request.POST['id']
item = DBSession.query(self.model).filter_by(id=item_id).first()
if not item:
item = self.model()
DBSession.add(item)
else:
item = self.model()
DBSession.add(item)
try:
self.assign_from_form(item)
except:
DBSession.rollback()
raise
DBSession.flush()
self.request.session.flash(('info', 'Saved!'))
route_name = 'admin_' + self.model.__name__.lower() + 's'
location = self.request.route_url(route_name, _query={'id': item.id})
return HTTPSeeOther(location=location)
def post(self, request):
if self.id:
query = DBSession.query(self.model).filter_by(id=self.id)
parent = self.parent
while parent:
if not isinstance(parent, AdminBaseModel):
break
query = query.filter(parent.model.id == parent.id)
parent = parent.parent
self.item = query.first() or self.model()
self.post_edit(request)
else:
self.item = self.model()
self.post_add(request)
DBSession.add(self.item)
DBSession.flush()
request.messages.info('Saved!')
location = request.resource_url(self)
DBSession.expire_all()
return HTTPSeeOther(location=location)
def post(self, request):
if self.id:
query = DBSession.query(self.model).filter_by(id=self.id)
parent = self.parent
while parent:
if not isinstance(parent, AdminBaseModel):
break
query = query.filter(parent.model.id == parent.id)
parent = parent.parent
self.item = query.first() or self.model()
self.post_edit(request)
else:
self.item = self.model()
self.post_add(request)
DBSession.add(self.item)
DBSession.flush()
request.messages.info('Saved!')
location = request.resource_url(self)
DBSession.expire_all()
return HTTPSeeOther(location=location)
def order_post(request):
code = request.POST.get('code')
if code:
return order_post_gc(request, code)
times = (1, 3, 6, 12)
try:
method_name = request.POST.get('method')
time_months = int(request.POST.get('time'))
except ValueError:
return HTTPBadRequest('invalid POST data')
if method_name not in methods.METHODS or time_months not in times:
return HTTPBadRequest('Invalid method/time')
time = datetime.timedelta(days=30 * time_months)
o = Order(user=request.user, time=time, amount=0, method=0)
o.close_date = datetime.datetime.now() + datetime.timedelta(days=7)
o.paid = False
o.payment = {}
method = methods.METHODS[method_name]()
method.init(request, o)
DBSession.add(o)
DBSession.flush()
return method.start(request, o)
def account_post(request):
_ = request.translate
# TODO: Fix that. split in two functions or something.
errors = []
try:
if 'profilename' in request.POST:
p = Profile()
p.validate_name(request.POST['profilename']) or \
errors.append(_('Invalid name.'))
assert not errors
name_used = DBSession.query(Profile) \
.filter_by(uid=request.user.id,
name=request.POST['profilename']) \
.first()
if name_used:
errors.append(_('Name already used.'))
profiles_count = DBSession.query(func.count(Profile.id)) \
.filter_by(uid=request.user.id).scalar()
if profiles_count > 10:
errors.append(_('You have too many profiles.'))
assert not errors
p.name = request.POST['profilename']
p.askpw = 'askpw' in request.POST and request.POST['askpw'] == '1'
p.uid = request.user.id
if not p.askpw:
p.password = random_access_token()
DBSession.add(p)
DBSession.flush()
return account(request)
if 'profiledelete' in request.POST:
p = DBSession.query(Profile) \
.filter_by(id=int(request.POST['profiledelete'])) \
.filter_by(uid=request.user.id) \
.first()
assert p or errors.append(_('Unknown profile.'))
DBSession.delete(p)
DBSession.flush()
return account(request)
u = request.user
if request.POST['password'] != '':
u.validate_password(request.POST['password']) or \
errors.append(_('Invalid password.'))
if request.POST['password'] != request.POST['password2']:
errors.append(_('Both passwords do not match.'))
if request.POST['email'] != '':
u.validate_email(request.POST['email']) or \
errors.append(_('Invalid email address.'))
assert not errors
new_email = request.POST.get('email')
if new_email and new_email != request.user.email:
c = DBSession.query(func.count(User.id).label('ec')) \
.filter_by(email=new_email).first()
if c.ec > 0:
errors.append(_('E-mail address already registered.'))
assert not errors
if request.POST['password'] != '':
u.set_password(request.POST['password'])
if request.POST['email'] != '':
u.email = request.POST['email']
request.messages.info(_('Saved!'))
DBSession.flush()
except KeyError:
return HTTPBadRequest()
except AssertionError:
for error in errors:
request.session.flash(('error', error))
return account(request)
def account_post(request):
# TODO: Fix that. split in two functions or something.
errors = []
try:
if 'profilename' in request.POST:
p = Profile()
p.validate_name(request.POST['profilename']) or \
errors.append('Invalid name.')
assert not errors
name_used = DBSession.query(Profile) \
.filter_by(uid=request.user.id,
name=request.POST['profilename']) \
.first()
if name_used:
errors.append('Name already used.')
profiles_count = DBSession.query(func.count(Profile.id)) \
.filter_by(uid=request.user.id).scalar()
if profiles_count > 10:
errors.append('You have too many profiles.')
assert not errors
p.name = request.POST['profilename']
p.askpw = 'askpw' in request.POST and request.POST['askpw'] == '1'
p.uid = request.user.id
if not p.askpw:
p.password = random_access_token()
DBSession.add(p)
DBSession.flush()
return account(request)
if 'profiledelete' in request.POST:
p = DBSession.query(Profile) \
.filter_by(id=int(request.POST['profiledelete'])) \
.filter_by(uid=request.user.id) \
.first()
assert p or errors.append('Unknown profile.')
DBSession.delete(p)
DBSession.flush()
return account(request)
u = request.user
if request.POST['password'] != '':
u.validate_password(request.POST['password']) or \
errors.append('Invalid password.')
if request.POST['password'] != request.POST['password2']:
errors.append('Both passwords do not match.')
if request.POST['email'] != '':
u.validate_email(request.POST['email']) or \
errors.append('Invalid email address.')
assert not errors
new_email = request.POST.get('email')
if new_email and new_email != request.user.email:
c = DBSession.query(func.count(User.id).label('ec')) \
.filter_by(email=new_email).first()
if c.ec > 0:
errors.append('E-mail address already registered.')
assert not errors
if request.POST['password'] != '':
u.set_password(request.POST['password'])
if request.POST['email'] != '':
u.email = request.POST['email']
request.session.flash(('info', 'Saved!'))
DBSession.flush()
except KeyError:
return HTTPBadRequest()
except AssertionError:
for error in errors:
request.session.flash(('error', error))
return account(request)
