def change_password():
if request.method == "GET":
token = request.args.get("token")
if not current_user and not token:
return redirect("..")
if not token:
current_user.password_reset = binascii.b2a_hex(
os.urandom(20)).decode("utf-8")
current_user.password_reset_expires = datetime.now() + timedelta(
days=1)
db.commit()
token = current_user.password_reset
changePwdForm = ChangePasswordForm(token=token)
return render_template("change.html", changePwdForm=changePwdForm)
elif request.method == "POST":
form = ChangePasswordForm(request.form)
if form.validate():
token = request.form.get("token")
password = request.form.get("password")
user = User.query.filter(User.password_reset == token).first()
user.set_password(password)
user.password_reset = None
user.password_reset_expires = None
db.commit()
login_user(user)
return redirect("panel")
def edit_project():
form = ProjectForm(request.form)
if form.validate():
name = request.form["name"]
id = request.form["id"]
db.query(Project).filter(Project.id == id).update({"name": name})
db.commit()
return redirect("admin")
def create_project():
form = NewProjectForm(request.form)
if form.validate():
name = request.form.get("name")
project = Project(name)
db.add(project)
db.commit()
return redirect("admin")
def delete_project():
form = DeleteProjectForm(request.form)
if form.validate():
id = request.form["id"]
db.query(Donation).filter(Donation.project_id == id).update(
{"project_id": sqlalchemy.sql.null()})
db.query(Project).filter(Project.id == id).delete()
db.commit()
return redirect("admin")
def go(*args, **kw):
try:
ret = f(*args, **kw)
db.commit()
return ret
except Exception:
db.rollback()
db.close()
raise
def issue_password_reset(email):
user = User.query.filter(User.email == email).first()
if not user:
return render_template("reset.html",
errors=_("No one with that email found."))
user.password_reset = binascii.b2a_hex(os.urandom(20)).decode("utf-8")
user.password_reset_expires = datetime.now() + timedelta(days=1)
send_password_reset(user)
db.commit()
return render_template("reset.html", done=True)
def cancel(id):
donation = Donation.query.filter(Donation.id == id).first()
if donation.user != current_user:
abort(401)
if donation.type != DonationType.monthly:
abort(400)
donation.active = False
db.commit()
send_cancellation_notice(current_user, donation)
return redirect("../panel")
def create(self, name, user):
cur = db.cursor()
res = cur.execute('select name from board where name = ?', [
name,
])
if res.fetchone() != None:
raise BoardAlreadyExistException
cur.execute('INSERT INTO board (name, moderator_id) VALUES (?, ?)',
[name, user.id])
db.commit()
def register(cls, *args):
if len(args) != 3:
raise BadArgsException
cur = db.cursor()
res = cur.execute('select username from user where username = ?',
[args[0]])
if res.fetchone() != None:
raise UsernameAlreadyExistException
hashed_pass = cls.sha_pass(args[2])
cur.execute(
'INSERT INTO user (username, email, password) VALUES (?, ?, ?)',
[*args[0:2], hashed_pass])
db.commit()
def setup():
if not User.query.count() == 0:
abort(400)
email = request.form.get("email")
password = request.form.get("password")
if not email or not password:
return redirect(
"..") # TODO: Tell them what they did wrong (i.e. being stupid)
user = User(email, password)
user.admin = True
db.add(user)
db.commit()
login_user(user)
return redirect("admin?first-run=1")
def exec(self, *args, **kwargs):
board = kwargs.get('board', '')
author = kwargs.get('author', '')
if board == '' and author == '':
raise BadArgsException
_type = 'board' if board != '' else 'author'
name = board if board != '' else author
cur = db.cursor()
cur.execute(
'select id from subscribe where owner_id=? and type=? and name=?',
(self.user.id, _type, name))
if len(cur.fetchall()) == 0:
self.write('You haven\'t subscribed {}'.format(name))
return
cur.execute(
'delete from subscribe where owner_id=? and type=? and name=?',
(self.user.id, _type, name))
db.commit()
self.write('Unsubscribe successfully')
def update(self, key, value):
db.execute(
'update {} set {} = ? where id = {}'.format(
self.__class__.__name__.lower(), key, self.id), (value, ))
db.commit()
def delete(self):
db.execute(
'delete from {} where id= ?'.format(
self.__class__.__name__.lower()), (self.id, ))
db.commit()
def create(cls, post, user, uuid):
db.execute(
'INSERT INTO comment (post_id, author_id, uuid) VALUES (?, ?, ?)',
(post.id, user.id, uuid))
db.commit()
def create(cls, sender, receiver, uuid, subject):
db.execute(
'INSERT INTO mail (receiver_id, sender_id, uuid, subject) VALUES (?, ?, ?, ?)',
(receiver.id, sender.id, uuid, subject))
db.commit()
for donation in donations:
if donation.updated < limit:
print(_("Charging {}").format(donation))
user = donation.user
customer = stripe.Customer.retrieve(user.stripe_customer)
try:
charge = stripe.Charge.create(
amount=donation.amount,
currency=_cfg("currency"),
customer=user.stripe_customer,
description=_("Donation to ") + _cfg("your-name"),
)
except stripe.error.CardError:
donation.active = False
db.commit()
send_declined(user, donation.amount)
print(_("Declined"))
continue
send_thank_you(user, donation.amount,
donation.type == DonationType.monthly)
donation.updated = datetime.now()
donation.payments += 1
db.commit()
else:
print(_("Skipping {}").format(donation))
print(
ngettext(
u"%(num)d record processed.\n",
def donate():
email = request.form.get("email")
stripe_token = request.form.get("stripe_token")
amount = request.form.get("amount")
type = request.form.get("type")
comment = request.form.get("comment")
project_id = request.form.get("project")
# validate and rejigger the form inputs
if not email or not stripe_token or not amount or not type:
return {"success": False, "reason": "Invalid request"}, 400
try:
if project_id is None or project_id == "null":
project = None
else:
project_id = int(project_id)
project = Project.query.filter(Project.id == project_id).first()
if type == "once":
type = DonationType.one_time
else:
type = DonationType.monthly
amount = int(amount)
except Exception as e:
current_app.logger.exception(
"Error, failed to generate a donation because '%s' for the values: '%s'"
% (e, request.form.items()),
exc_info=True,
)
return {"success": False, "reason": "Invalid request"}, 400
new_account = False
user = User.query.filter(User.email == email).first()
if not user:
new_account = True
user = User(email, binascii.b2a_hex(os.urandom(20)).decode("utf-8"))
user.password_reset = binascii.b2a_hex(os.urandom(20)).decode("utf-8")
user.password_reset_expires = datetime.now() + timedelta(days=1)
customer = stripe.Customer.create(email=user.email, card=stripe_token)
user.stripe_customer = customer.id
db.add(user)
else:
customer = stripe.Customer.retrieve(user.stripe_customer)
new_source = customer.sources.create(source=stripe_token)
customer.default_source = new_source.id
customer.save()
donation = Donation(user, type, amount, project, comment)
db.add(donation)
try:
stripe.Charge.create(
amount=amount,
currency=_cfg("currency"),
customer=user.stripe_customer,
description="Donation to " + _cfg("your-name"),
)
except stripe.error.CardError:
db.rollback()
db.close()
return {"success": False, "reason": "Your card was declined."}
db.commit()
try:
send_thank_you(user, amount, type == DonationType.monthly)
send_new_donation(user, donation)
except Exception:
traceback.print_exc()
print("Error while trying to send a email")
if new_account:
return {
"success": True,
"new_account": new_account,
"password_reset": user.password_reset,
}
else:
return {"success": True, "new_account": new_account}
