def put(self): """Handles PUT requests.""" if user_services.has_fully_registered(self.user_id): site_language_code = self.payload.get('site_language_code') user_services.update_preferred_site_language_code( self.user_id, site_language_code) self.render_json({})
def get(self): """Handles GET requests.""" self.values.update({ 'nav_mode': feconf.NAV_MODE_GALLERY, 'allow_yaml_file_upload': ALLOW_YAML_FILE_UPLOAD.value, 'gallery_login_redirect_url': (current_user_services.create_login_url( feconf.GALLERY_CREATE_MODE_URL)), 'has_fully_registered': bool( self.user_id and user_services.has_fully_registered(self.user_id)), 'SPLASH_PAGE_YOUTUBE_VIDEO_ID': SPLASH_PAGE_YOUTUBE_VIDEO_ID.value, 'CAROUSEL_SLIDES_CONFIG': CAROUSEL_SLIDES_CONFIG.value, 'LANGUAGE_CODES_AND_NAMES': [{ 'code': lc['code'], 'name': utils.get_short_language_description(lc['description']), } for lc in feconf.ALL_LANGUAGE_CODES], }) self.render_template('galleries/gallery.html')
def __init__(self, request, response): # pylint: disable=super-init-not-called # Set self.request, self.response and self.app. self.initialize(request, response) self.start_time = datetime.datetime.utcnow() # Initializes the return dict for the handlers. self.values = {} self.user = current_user_services.get_current_user() self.user_id = current_user_services.get_user_id( self.user) if self.user else None self.username = None self.has_seen_editor_tutorial = False self.partially_logged_in = False self.values['profile_picture_data_url'] = None self.preferred_site_language_code = None if self.user_id: email = current_user_services.get_user_email(self.user) user_settings = user_services.get_or_create_user( self.user_id, email) self.values['user_email'] = user_settings.email if (self.REDIRECT_UNFINISHED_SIGNUPS and not user_services.has_fully_registered(self.user_id)): _clear_login_cookies(self.response.headers) self.partially_logged_in = True self.user_id = None else: self.username = user_settings.username self.preferred_site_language_code = ( user_settings.preferred_site_language_code) self.values['username'] = self.username self.values['profile_picture_data_url'] = ( user_settings.profile_picture_data_url) if user_settings.last_started_state_editor_tutorial: self.has_seen_editor_tutorial = True # In order to avoid too many datastore writes, we do not bother # recording a log-in if the current time is sufficiently close # to the last log-in time. if (user_settings.last_logged_in is None or not utils.are_datetimes_close( datetime.datetime.utcnow(), user_settings.last_logged_in)): user_services.record_user_logged_in(self.user_id) self.is_moderator = rights_manager.Actor(self.user_id).is_moderator() self.is_admin = rights_manager.Actor(self.user_id).is_admin() self.is_super_admin = ( current_user_services.is_current_user_super_admin()) self.values['is_moderator'] = self.is_moderator self.values['is_admin'] = self.is_admin self.values['is_super_admin'] = self.is_super_admin if self.request.get('payload'): self.payload = json.loads(self.request.get('payload')) else: self.payload = None
def post(self): """Handles POST requests.""" username = self.payload.get("username") agreed_to_terms = self.payload.get("agreed_to_terms") can_receive_email_updates = self.payload.get("can_receive_email_updates") has_ever_registered = user_services.has_ever_registered(self.user_id) has_fully_registered = user_services.has_fully_registered(self.user_id) if has_fully_registered: self.render_json({}) return if not isinstance(agreed_to_terms, bool) or not agreed_to_terms: raise self.InvalidInputException( "In order to edit explorations on this site, you will " "need to accept the license terms." ) else: user_services.record_agreement_to_terms(self.user_id) if not user_services.get_username(self.user_id): try: user_services.set_username(self.user_id, username) except utils.ValidationError as e: raise self.InvalidInputException(e) if can_receive_email_updates is not None: user_services.update_email_preferences(self.user_id, can_receive_email_updates) # Note that an email is only sent when the user registers for the first # time. if feconf.CAN_SEND_EMAILS_TO_USERS and not has_ever_registered: email_manager.send_post_signup_email(self.user_id) self.render_json({})
def test_registered_as_editor(self, **kwargs): """Check that the user has registered as an editor.""" if (not self.user_id or self.username in config_domain.BANNED_USERNAMES.value or not user_services.has_fully_registered(self.user_id)): raise self.UnauthorizedUserException( 'You do not have the credentials to access this page.') return handler(self, **kwargs)
def get(self): if self.user_id and user_services.has_fully_registered(self.user_id): user_settings = user_services.get_user_settings(self.user_id) default_dashboard = user_settings.default_dashboard if default_dashboard == constants.DASHBOARD_TYPE_CREATOR: self.redirect(feconf.CREATOR_DASHBOARD_URL) else: self.redirect(feconf.LEARNER_DASHBOARD_URL) else: self.redirect(feconf.SPLASH_URL)
def get(self): """Handles GET requests.""" self.values.update({ 'meta_description': (feconf.LIBRARY_GROUP_PAGE_DESCRIPTION), 'has_fully_registered': bool(self.user_id and user_services.has_fully_registered(self.user_id)), }) self.render_template('library-page.mainpage.html')
def get(self): """Handles GET requests.""" return_url = self.request.get('return_url', self.request.uri) # Validating return_url for no external redirections. if re.match('^/[^//]', return_url) is None: return_url = '/' if user_services.has_fully_registered(self.user_id): self.redirect(return_url) return self.render_template('signup-page.mainpage.html')
def get(self): """Handles GET requests.""" search_mode = 'search' in self.request.url self.values.update({ 'meta_description': (feconf.SEARCH_PAGE_DESCRIPTION if search_mode else feconf.LIBRARY_PAGE_DESCRIPTION), 'has_fully_registered': bool(self.user_id and user_services.has_fully_registered(self.user_id)), }) self.render_template('pages/library/library.html')
def get(self): """Handles GET requests.""" self.values.update({ 'nav_mode': feconf.NAV_MODE_LIBRARY, 'has_fully_registered': bool( self.user_id and user_services.has_fully_registered(self.user_id)), 'LANGUAGE_CODES_AND_NAMES': ( utils.get_all_language_codes_and_names()), 'SEARCH_DROPDOWN_CATEGORIES': feconf.SEARCH_DROPDOWN_CATEGORIES, }) self.render_template('library/library.html')
def get(self): """Handles GET requests.""" return_url = str(self.request.get("return_url", self.request.uri)) if user_services.has_fully_registered(self.user_id): self.redirect(return_url) return self.values.update( {"nav_mode": feconf.NAV_MODE_SIGNUP, "CAN_SEND_EMAILS_TO_USERS": feconf.CAN_SEND_EMAILS_TO_USERS} ) self.render_template("profile/signup.html")
def __init__(self, request, response): # pylint: disable=super-init-not-called # Set self.request, self.response and self.app. self.initialize(request, response) self.start_time = datetime.datetime.utcnow() # Initializes the return dict for the handlers. self.values = {} self.user = current_user_services.get_current_user() self.user_id = current_user_services.get_user_id( self.user) if self.user else None self.username = None self.has_seen_editor_tutorial = False self.partially_logged_in = False self.values['profile_picture_data_url'] = None self.preferred_site_language_code = None if self.user_id: email = current_user_services.get_user_email(self.user) user_settings = user_services.get_or_create_user( self.user_id, email) self.values['user_email'] = user_settings.email if (self.REDIRECT_UNFINISHED_SIGNUPS and not user_services.has_fully_registered(self.user_id)): _clear_login_cookies(self.response.headers) self.partially_logged_in = True self.user_id = None else: self.username = user_settings.username self.preferred_site_language_code = ( user_settings.preferred_site_language_code) self.values['username'] = self.username self.values['profile_picture_data_url'] = ( user_settings.profile_picture_data_url) if user_settings.last_started_state_editor_tutorial: self.has_seen_editor_tutorial = True self.is_moderator = rights_manager.Actor(self.user_id).is_moderator() self.is_admin = rights_manager.Actor(self.user_id).is_admin() self.is_super_admin = ( current_user_services.is_current_user_super_admin()) self.values['is_moderator'] = self.is_moderator self.values['is_admin'] = self.is_admin self.values['is_super_admin'] = self.is_super_admin if self.request.get('payload'): self.payload = json.loads(self.request.get('payload')) else: self.payload = None
def get(self): """Handles GET requests.""" return_url = str(self.request.get('return_url', self.request.uri)) if user_services.has_fully_registered(self.user_id): self.redirect(return_url) return self.values.update({ 'meta_description': feconf.SIGNUP_PAGE_DESCRIPTION, 'CAN_SEND_EMAILS': feconf.CAN_SEND_EMAILS, }) self.render_template('pages/signup/signup.html')
def get(self): if self.username in config_domain.BANNED_USERNAMES.value: raise self.UnauthorizedUserException( 'You do not have the credentials to access this page.') elif user_services.has_fully_registered(self.user_id): self.values.update({ 'nav_mode': feconf.NAV_MODE_HOME, }) self.render_template( 'dashboard/my_explorations.html', redirect_url_on_logout='/') else: self.redirect(utils.set_url_query_parameter( feconf.SIGNUP_URL, 'return_url', '/my_explorations'))
def get(self): """Handles GET requests.""" return_url = str(self.request.get('return_url', self.request.uri)) if user_services.has_fully_registered(self.user_id): self.redirect(return_url) return self.values.update({ 'nav_mode': feconf.NAV_MODE_SIGNUP, 'CAN_SEND_EMAILS_TO_USERS': feconf.CAN_SEND_EMAILS_TO_USERS, }) self.render_template('profile/signup.html')
def get(self): """Handles GET requests.""" self.values.update({ 'nav_mode': feconf.NAV_MODE_LIBRARY, 'has_fully_registered': bool(self.user_id and user_services.has_fully_registered(self.user_id)), 'LANGUAGE_CODES_AND_NAMES': (utils.get_all_language_codes_and_names()), 'SEARCH_DROPDOWN_CATEGORIES': feconf.SEARCH_DROPDOWN_CATEGORIES, }) self.render_template('library/library.html')
def get(self): """Handles GET requests.""" return_url = str(self.request.get('return_url', self.request.uri)) if user_services.has_fully_registered(self.user_id): self.redirect(return_url) return self.values.update({ 'meta_description': feconf.SIGNUP_PAGE_DESCRIPTION, 'nav_mode': feconf.NAV_MODE_SIGNUP, 'CAN_SEND_EMAILS': feconf.CAN_SEND_EMAILS, }) self.render_template('pages/signup/signup.html')
def __init__(self, request, response): # pylint: disable=super-init-not-called # Set self.request, self.response and self.app. self.initialize(request, response) self.start_time = datetime.datetime.utcnow() # Initializes the return dict for the handlers. self.values = {} self.user = current_user_services.get_current_user() self.user_id = current_user_services.get_user_id( self.user) if self.user else None self.username = None self.has_seen_editor_tutorial = False self.partially_logged_in = False self.values['profile_picture_data_url'] = None if self.user_id: email = current_user_services.get_user_email(self.user) user_settings = user_services.get_or_create_user( self.user_id, email) self.values['user_email'] = user_settings.email if (self.REDIRECT_UNFINISHED_SIGNUPS and not user_services.has_fully_registered(self.user_id)): _clear_login_cookies(self.response.headers) self.partially_logged_in = True self.user_id = None else: self.username = user_settings.username self.values['username'] = self.username self.values['profile_picture_data_url'] = ( user_settings.profile_picture_data_url) if user_settings.last_started_state_editor_tutorial: self.has_seen_editor_tutorial = True self.is_moderator = rights_manager.Actor(self.user_id).is_moderator() self.is_admin = rights_manager.Actor(self.user_id).is_admin() self.is_super_admin = ( current_user_services.is_current_user_super_admin()) self.values['is_moderator'] = self.is_moderator self.values['is_admin'] = self.is_admin self.values['is_super_admin'] = self.is_super_admin if self.request.get('payload'): self.payload = json.loads(self.request.get('payload')) else: self.payload = None
def get(self): if self.username in config_domain.BANNED_USERNAMES.value: raise self.UnauthorizedUserException( 'You do not have the credentials to access this page.') elif user_services.has_fully_registered(self.user_id): self.values.update({ 'meta_description': feconf.DASHBOARD_PAGE_DESCRIPTION, 'nav_mode': feconf.NAV_MODE_DASHBOARD, }) self.render_template('dashboard/notifications_dashboard.html', redirect_url_on_logout='/') else: self.redirect( utils.set_url_query_parameter(feconf.SIGNUP_URL, 'return_url', '/notifications_dashboard'))
def get(self): if self.username in config_domain.BANNED_USERNAMES.value: raise self.UnauthorizedUserException( 'You do not have the credentials to access this page.') elif user_services.has_fully_registered(self.user_id): self.values.update({ 'meta_description': feconf.DASHBOARD_PAGE_DESCRIPTION, 'nav_mode': feconf.NAV_MODE_DASHBOARD, }) self.render_template( 'pages/notifications_dashboard/notifications_dashboard.html', redirect_url_on_logout='/') else: self.redirect(utils.set_url_query_parameter( feconf.SIGNUP_URL, 'return_url', '/notifications_dashboard'))
def get(self): """Handles GET requests.""" return_url = str(self.request.get('return_url', self.request.uri)) # Validating return_url for no external redirections. if re.match('^/[^//]', return_url) is None: return_url = '/' if user_services.has_fully_registered(self.user_id): self.redirect(return_url) return self.values.update({ 'meta_description': feconf.SIGNUP_PAGE_DESCRIPTION, 'CAN_SEND_EMAILS': feconf.CAN_SEND_EMAILS, }) self.render_template('pages/signup/signup.html')
def get(self): if self.user_id and user_services.has_fully_registered(self.user_id): user_contributions = user_services.get_user_contributions( self.user_id) # 'Creator' is a user who has created or edited an exploration. user_is_creator = ( len(user_contributions.created_exploration_ids) > 0 or len(user_contributions.edited_exploration_ids) > 0) if user_is_creator: self.redirect(feconf.DASHBOARD_URL) else: self.redirect(feconf.LIBRARY_INDEX_URL) else: self.redirect(feconf.SPLASH_URL)
def post(self): """Handles POST requests.""" username = self.payload.get('username') agreed_to_terms = self.payload.get('agreed_to_terms') default_dashboard = self.payload.get('default_dashboard') can_receive_email_updates = self.payload.get( 'can_receive_email_updates') has_ever_registered = user_services.has_ever_registered(self.user_id) has_fully_registered = user_services.has_fully_registered(self.user_id) if has_fully_registered: self.render_json({}) return if not isinstance(agreed_to_terms, bool) or not agreed_to_terms: raise self.InvalidInputException( 'In order to edit explorations on this site, you will ' 'need to accept the license terms.') else: user_services.record_agreement_to_terms(self.user_id) if not user_services.get_username(self.user_id): try: user_services.set_username(self.user_id, username) except utils.ValidationError as e: raise self.InvalidInputException(e) if can_receive_email_updates is not None: user_services.update_email_preferences( self.user_id, can_receive_email_updates, feconf.DEFAULT_EDITOR_ROLE_EMAIL_PREFERENCE, feconf.DEFAULT_FEEDBACK_MESSAGE_EMAIL_PREFERENCE, feconf.DEFAULT_SUBSCRIPTION_EMAIL_PREFERENCE) # Note that an email is only sent when the user registers for the first # time. if feconf.CAN_SEND_EMAILS and not has_ever_registered: email_manager.send_post_signup_email(self.user_id) user_services.generate_initial_profile_picture(self.user_id) if not has_ever_registered: # Set the default dashboard for new users. user_services.update_user_default_dashboard( self.user_id, default_dashboard) self.render_json({})
def get(self): if self.user_id and user_services.has_fully_registered(self.user_id): user_contributions = user_services.get_user_contributions( self.user_id) # 'Creator' is a user who has created or edited an exploration. user_is_creator = ( user_contributions is not None and (len(user_contributions.created_exploration_ids) > 0 or len(user_contributions.edited_exploration_ids) > 0)) if user_is_creator: self.redirect(feconf.DASHBOARD_URL) else: self.redirect(feconf.LIBRARY_INDEX_URL) else: self.redirect(feconf.SPLASH_URL)
def get(self): if self.username in config_domain.BANNED_USERNAMES.value: raise self.UnauthorizedUserException( 'You do not have the credentials to access this page.') elif user_services.has_fully_registered(self.user_id): self.values.update({ 'nav_mode': feconf.NAV_MODE_DASHBOARD, 'allow_yaml_file_upload': feconf.ALLOW_YAML_FILE_UPLOAD, 'DEFAULT_TWITTER_SHARE_MESSAGE_DASHBOARD': ( DEFAULT_TWITTER_SHARE_MESSAGE_DASHBOARD.value) }) self.render_template( 'pages/dashboard/dashboard.html', redirect_url_on_logout='/') else: self.redirect(utils.set_url_query_parameter( feconf.SIGNUP_URL, 'return_url', feconf.DASHBOARD_URL))
def get(self): """Handles GET requests.""" self.values.update({ 'meta_description': (feconf.LIBRARY_GROUP_PAGE_DESCRIPTION), 'has_fully_registered': bool(self.user_id and user_services.has_fully_registered(self.user_id)), 'LANGUAGE_CODES_AND_NAMES': (utils.get_all_language_codes_and_names()), 'page_mode': feconf.LIBRARY_PAGE_MODE_GROUP, 'SEARCH_DROPDOWN_CATEGORIES': feconf.SEARCH_DROPDOWN_CATEGORIES, }) self.render_template('pages/library/library.html')
def get(self): """Handles GET requests.""" self.values.update({ 'nav_mode': feconf.NAV_MODE_GALLERY, 'allow_yaml_file_upload': ALLOW_YAML_FILE_UPLOAD.value, 'has_fully_registered': bool(self.user_id and user_services.has_fully_registered(self.user_id)), 'SPLASH_PAGE_YOUTUBE_VIDEO_ID': SPLASH_PAGE_YOUTUBE_VIDEO_ID.value, 'CAROUSEL_SLIDES_CONFIG': CAROUSEL_SLIDES_CONFIG.value, 'LANGUAGE_CODES_AND_NAMES': (utils.get_all_language_codes_and_names()), }) self.render_template('galleries/gallery.html')
def get(self): """Handles GET requests.""" search_mode = 'search' in self.request.url self.values.update({ 'meta_description': ( feconf.SEARCH_PAGE_DESCRIPTION if search_mode else feconf.LIBRARY_PAGE_DESCRIPTION), 'nav_mode': feconf.NAV_MODE_LIBRARY, 'has_fully_registered': bool( self.user_id and user_services.has_fully_registered(self.user_id)), 'LANGUAGE_CODES_AND_NAMES': ( utils.get_all_language_codes_and_names()), 'search_mode': search_mode, 'SEARCH_DROPDOWN_CATEGORIES': feconf.SEARCH_DROPDOWN_CATEGORIES, }) self.render_template('library/library.html')
def get(self): if self.username in config_domain.BANNED_USERNAMES.value: raise self.UnauthorizedUserException( 'You do not have the credentials to access this page.') elif user_services.has_fully_registered(self.user_id): self.values.update({ 'nav_mode': feconf.NAV_MODE_HOME, 'can_create_collections': ( self.username in config_domain.WHITELISTED_COLLECTION_EDITOR_USERNAMES.value ), 'allow_yaml_file_upload': ALLOW_YAML_FILE_UPLOAD.value, }) self.render_template( 'dashboard/my_explorations.html', redirect_url_on_logout='/') else: self.redirect(utils.set_url_query_parameter( feconf.SIGNUP_URL, 'return_url', '/my_explorations'))
def get(self): if self.username in config_domain.BANNED_USERNAMES.value: raise self.UnauthorizedUserException( 'You do not have the credentials to access this page.') elif user_services.has_fully_registered(self.user_id): self.values.update({ 'nav_mode': feconf.NAV_MODE_DASHBOARD, 'allow_yaml_file_upload': feconf.ALLOW_YAML_FILE_UPLOAD, 'DEFAULT_TWITTER_SHARE_MESSAGE_DASHBOARD': (DEFAULT_TWITTER_SHARE_MESSAGE_DASHBOARD.value) }) self.render_template('pages/dashboard/dashboard.html', redirect_url_on_logout='/') else: self.redirect( utils.set_url_query_parameter(feconf.SIGNUP_URL, 'return_url', feconf.DASHBOARD_URL))
def post(self): """Handles POST requests.""" username = self.payload.get('username') agreed_to_terms = self.payload.get('agreed_to_terms') can_receive_email_updates = self.payload.get( 'can_receive_email_updates') has_ever_registered = user_services.has_ever_registered(self.user_id) has_fully_registered = user_services.has_fully_registered(self.user_id) if has_fully_registered: self.render_json({}) return if not isinstance(agreed_to_terms, bool) or not agreed_to_terms: raise self.InvalidInputException( 'In order to edit explorations on this site, you will ' 'need to accept the license terms.') else: user_services.record_agreement_to_terms(self.user_id) if not user_services.get_username(self.user_id): try: user_services.set_username(self.user_id, username) except utils.ValidationError as e: raise self.InvalidInputException(e) if can_receive_email_updates is not None: user_services.update_email_preferences( self.user_id, can_receive_email_updates, feconf.DEFAULT_EDITOR_ROLE_EMAIL_PREFERENCE, feconf.DEFAULT_FEEDBACK_MESSAGE_EMAIL_PREFERENCE, feconf.DEFAULT_SUBSCRIPTION_EMAIL_PREFERENCE) # Note that an email is only sent when the user registers for the first # time. if feconf.CAN_SEND_EMAILS and not has_ever_registered: email_manager.send_post_signup_email(self.user_id) user_services.generate_initial_profile_picture(self.user_id) self.render_json({})
def get(self): """Handles GET requests.""" self.values.update({ 'nav_mode': feconf.NAV_MODE_GALLERY, 'allow_yaml_file_upload': ALLOW_YAML_FILE_UPLOAD.value, 'gallery_login_redirect_url': ( current_user_services.create_login_url( feconf.GALLERY_CREATE_MODE_URL)), 'has_fully_registered': bool( self.user_id and user_services.has_fully_registered(self.user_id)), 'SPLASH_PAGE_YOUTUBE_VIDEO_ID': SPLASH_PAGE_YOUTUBE_VIDEO_ID.value, 'CAROUSEL_SLIDES_CONFIG': CAROUSEL_SLIDES_CONFIG.value, 'LANGUAGE_CODES_AND_NAMES': [{ 'code': lc['code'], 'name': utils.get_short_language_description( lc['description']), } for lc in feconf.ALL_LANGUAGE_CODES], }) self.render_template('galleries/gallery.html')
def get(self): """Handles GET requests.""" search_mode = 'search' in self.request.url if search_mode: page_mode = feconf.LIBRARY_PAGE_MODE_SEARCH else: page_mode = feconf.LIBRARY_PAGE_MODE_INDEX self.values.update({ 'meta_description': ( feconf.SEARCH_PAGE_DESCRIPTION if search_mode else feconf.LIBRARY_PAGE_DESCRIPTION), 'nav_mode': feconf.NAV_MODE_LIBRARY, 'has_fully_registered': bool( self.user_id and user_services.has_fully_registered(self.user_id)), 'LANGUAGE_CODES_AND_NAMES': ( utils.get_all_language_codes_and_names()), 'page_mode': page_mode, 'SEARCH_DROPDOWN_CATEGORIES': feconf.SEARCH_DROPDOWN_CATEGORIES, }) self.render_template('pages/library/library.html')
def post(self): """Handles POST requests.""" username = self.payload.get('username') agreed_to_terms = self.payload.get('agreed_to_terms') can_receive_email_updates = self.payload.get( 'can_receive_email_updates') has_ever_registered = user_services.has_ever_registered(self.user_id) has_fully_registered = user_services.has_fully_registered(self.user_id) if has_fully_registered: self.render_json({}) return if not isinstance(agreed_to_terms, bool) or not agreed_to_terms: raise self.InvalidInputException( 'In order to edit explorations on this site, you will ' 'need to accept the license terms.') else: user_services.record_agreement_to_terms(self.user_id) if not user_services.get_username(self.user_id): try: user_services.set_username(self.user_id, username) except utils.ValidationError as e: raise self.InvalidInputException(e) if can_receive_email_updates is not None: user_services.update_email_preferences(self.user_id, can_receive_email_updates) # Note that an email is only sent when the user registers for the first # time. if feconf.CAN_SEND_EMAILS_TO_USERS and not has_ever_registered: email_manager.send_post_signup_email(self.user_id) self.render_json({})
def render_template( self, filename, iframe_restriction='DENY', redirect_url_on_logout=None): values = self.values scheme, netloc, path, _, _ = urlparse.urlsplit(self.request.uri) values.update({ 'ALL_CATEGORIES': feconf.ALL_CATEGORIES, 'ALL_LANGUAGE_CODES': feconf.ALL_LANGUAGE_CODES, 'ASSET_DIR_PREFIX': utils.get_asset_dir_prefix(), 'BEFORE_END_HEAD_TAG_HOOK': jinja2.utils.Markup( BEFORE_END_HEAD_TAG_HOOK.value), 'CAN_SEND_ANALYTICS_EVENTS': feconf.CAN_SEND_ANALYTICS_EVENTS, 'CATEGORIES_TO_COLORS': feconf.CATEGORIES_TO_COLORS, 'DEFAULT_LANGUAGE_CODE': feconf.ALL_LANGUAGE_CODES[0]['code'], 'DEFAULT_CATEGORY_ICON': feconf.DEFAULT_THUMBNAIL_ICON, 'DEFAULT_COLOR': feconf.DEFAULT_COLOR, 'DEV_MODE': feconf.DEV_MODE, 'MINIFICATION': feconf.IS_MINIFIED, 'DOMAIN_URL': '%s://%s' % (scheme, netloc), 'ACTIVITY_STATUS_PRIVATE': ( rights_manager.ACTIVITY_STATUS_PRIVATE), 'ACTIVITY_STATUS_PUBLIC': ( rights_manager.ACTIVITY_STATUS_PUBLIC), 'ACTIVITY_STATUS_PUBLICIZED': ( rights_manager.ACTIVITY_STATUS_PUBLICIZED), # The 'path' variable starts with a forward slash. 'FULL_URL': '%s://%s%s' % (scheme, netloc, path), 'INVALID_NAME_CHARS': feconf.INVALID_NAME_CHARS, 'RTE_COMPONENT_SPECS': ( rte_component_registry.Registry.get_all_specs()), 'SITE_FEEDBACK_FORM_URL': feconf.SITE_FEEDBACK_FORM_URL, 'SITE_NAME': feconf.SITE_NAME, 'SUPPORTED_SITE_LANGUAGES': feconf.SUPPORTED_SITE_LANGUAGES, 'SYSTEM_USERNAMES': feconf.SYSTEM_USERNAMES, 'TEMPLATE_DIR_PREFIX': utils.get_template_dir_prefix(), 'can_create_collections': ( self.username and self.username in config_domain.WHITELISTED_COLLECTION_EDITOR_USERNAMES.value ), 'username': self.username, 'user_is_logged_in': user_services.has_fully_registered( self.user_id), 'preferred_site_language_code': self.preferred_site_language_code }) if feconf.ENABLE_PROMO_BAR: promo_bar_enabled = config_domain.PROMO_BAR_ENABLED.value promo_bar_message = config_domain.PROMO_BAR_MESSAGE.value else: promo_bar_enabled = False promo_bar_message = '' values.update({ 'promo_bar_enabled': promo_bar_enabled, 'promo_bar_message': promo_bar_message, }) if 'meta_name' not in values: values['meta_name'] = 'Personalized Online Learning from Oppia' if 'meta_description' not in values: values['meta_description'] = ( 'Oppia is a free, open-source learning platform. Join the ' 'community to create or try an exploration today!') # nav_mode is used as part of the GLOBALS object in the frontend, but # not every backend handler declares a nav_mode. Thus, the following # code is a failsafe to ensure that the nav_mode key is added to all # page requests. if 'nav_mode' not in values: values['nav_mode'] = '' if redirect_url_on_logout is None: redirect_url_on_logout = self.request.uri if self.user_id: values['login_url'] = None values['logout_url'] = ( current_user_services.create_logout_url( redirect_url_on_logout)) else: target_url = ( '/' if self.request.uri.endswith(feconf.SPLASH_URL) else self.request.uri) values['login_url'] = ( current_user_services.create_login_url(target_url)) values['logout_url'] = None # Create a new csrf token for inclusion in HTML responses. This assumes # that tokens generated in one handler will be sent back to a handler # with the same page name. values['csrf_token'] = '' if self.REQUIRE_PAYLOAD_CSRF_CHECK: values['csrf_token'] = CsrfTokenManager.create_csrf_token( self.user_id) self.response.cache_control.no_cache = True self.response.cache_control.must_revalidate = True self.response.headers['Strict-Transport-Security'] = ( 'max-age=31536000; includeSubDomains') self.response.headers['X-Content-Type-Options'] = 'nosniff' if iframe_restriction is not None: if iframe_restriction in ['SAMEORIGIN', 'DENY']: self.response.headers['X-Frame-Options'] = iframe_restriction else: raise Exception( 'Invalid X-Frame-Options: %s' % iframe_restriction) self.response.expires = 'Mon, 01 Jan 1990 00:00:00 GMT' self.response.pragma = 'no-cache' self.response.write( self.jinja2_env.get_template(filename).render(**values))
def render_template( self, filename, values=None, iframe_restriction='DENY', redirect_url_on_logout=None): if values is None: values = self.values scheme, netloc, path, _, _ = urlparse.urlsplit(self.request.uri) values.update({ 'ALL_LANGUAGE_CODES': feconf.ALL_LANGUAGE_CODES, 'BEFORE_END_HEAD_TAG_HOOK': jinja2.utils.Markup( BEFORE_END_HEAD_TAG_HOOK.value), 'BEFORE_END_BODY_TAG_HOOK': jinja2.utils.Markup( BEFORE_END_BODY_TAG_HOOK.value), 'CAN_SEND_ANALYTICS_EVENTS': feconf.CAN_SEND_ANALYTICS_EVENTS, 'DEFAULT_LANGUAGE_CODE': feconf.ALL_LANGUAGE_CODES[0]['code'], 'DEV_MODE': feconf.DEV_MODE, 'DOMAIN_URL': '%s://%s' % (scheme, netloc), 'ACTIVITY_STATUS_PRIVATE': ( rights_manager.ACTIVITY_STATUS_PRIVATE), 'ACTIVITY_STATUS_PUBLIC': ( rights_manager.ACTIVITY_STATUS_PUBLIC), 'ACTIVITY_STATUS_PUBLICIZED': ( rights_manager.ACTIVITY_STATUS_PUBLICIZED), 'FULL_URL': '%s://%s/%s' % (scheme, netloc, path), 'INVALID_NAME_CHARS': feconf.INVALID_NAME_CHARS, # TODO(sll): Consider including the obj_editor html directly as # part of the base HTML template? 'OBJECT_EDITORS_JS': jinja2.utils.Markup( obj_services.get_all_object_editor_js_templates()), 'RTE_COMPONENT_SPECS': ( rte_component_registry.Registry.get_all_specs()), 'SHOW_CUSTOM_PAGES': feconf.SHOW_CUSTOM_PAGES, 'SIDEBAR_MENU_ADDITIONAL_LINKS': ( SIDEBAR_MENU_ADDITIONAL_LINKS.value), 'SITE_FEEDBACK_FORM_URL': SITE_FEEDBACK_FORM_URL.value, 'SITE_NAME': SITE_NAME.value, 'SOCIAL_MEDIA_BUTTONS': SOCIAL_MEDIA_BUTTONS.value, 'SYSTEM_USERNAMES': feconf.SYSTEM_USERNAMES, 'user_is_logged_in': user_services.has_fully_registered( self.user_id), }) if 'meta_name' not in values: values['meta_name'] = 'Personalized Online Learning from Oppia' if 'meta_description' not in values: values['meta_description'] = ( 'Oppia is a free, open-source learning platform. Join the ' 'community to create or try an exploration today!') if redirect_url_on_logout is None: redirect_url_on_logout = self.request.uri if self.user_id: values['logout_url'] = ( current_user_services.create_logout_url( redirect_url_on_logout)) else: values['login_url'] = ( current_user_services.create_login_url(self.request.uri)) # Create a new csrf token for inclusion in HTML responses. This assumes # that tokens generated in one handler will be sent back to a handler # with the same page name. values['csrf_token'] = '' if self.REQUIRE_PAYLOAD_CSRF_CHECK and self.PAGE_NAME_FOR_CSRF: values['csrf_token'] = CsrfTokenManager.create_csrf_token( self.user_id, self.PAGE_NAME_FOR_CSRF) self.response.cache_control.no_cache = True self.response.cache_control.must_revalidate = True self.response.headers['Strict-Transport-Security'] = ( 'max-age=31536000; includeSubDomains') self.response.headers['X-Content-Type-Options'] = 'nosniff' if iframe_restriction is not None: if iframe_restriction in ['SAMEORIGIN', 'DENY']: self.response.headers['X-Frame-Options'] = iframe_restriction else: raise Exception( 'Invalid X-Frame-Options: %s' % iframe_restriction) self.response.expires = 'Mon, 01 Jan 1990 00:00:00 GMT' self.response.pragma = 'no-cache' self.response.write(self.jinja2_env.get_template( filename).render(**values)) # Calculate the processing time of this request. duration = datetime.datetime.utcnow() - self.start_time processing_time = duration.seconds + duration.microseconds / 1E6 counters.HTML_RESPONSE_TIME_SECS.inc(increment=processing_time) counters.HTML_RESPONSE_COUNT.inc()
def __init__(self, request, response): # pylint: disable=super-init-not-called # Set self.request, self.response and self.app. self.initialize(request, response) self.start_time = datetime.datetime.utcnow() # Initializes the return dict for the handlers. self.values = {} self.user = current_user_services.get_current_user() self.user_id = current_user_services.get_user_id( self.user) if self.user else None self.username = None self.has_seen_editor_tutorial = False self.partially_logged_in = False self.values['profile_picture_data_url'] = None self.preferred_site_language_code = None if self.user_id: user_settings = user_services.get_user_settings( self.user_id, strict=False) if user_settings is None: email = current_user_services.get_user_email(self.user) user_settings = user_services.create_new_user( self.user_id, email) self.values['user_email'] = user_settings.email if (self.REDIRECT_UNFINISHED_SIGNUPS and not user_services.has_fully_registered(self.user_id)): _clear_login_cookies(self.response.headers) self.partially_logged_in = True self.user_id = None else: self.username = user_settings.username self.preferred_site_language_code = ( user_settings.preferred_site_language_code) self.values['username'] = self.username self.values['profile_picture_data_url'] = ( user_settings.profile_picture_data_url) if user_settings.last_started_state_editor_tutorial: self.has_seen_editor_tutorial = True # In order to avoid too many datastore writes, we do not bother # recording a log-in if the current time is sufficiently close # to the last log-in time. if (user_settings.last_logged_in is None or not utils.are_datetimes_close( datetime.datetime.utcnow(), user_settings.last_logged_in)): user_services.record_user_logged_in(self.user_id) rights_mgr_user = rights_manager.Actor(self.user_id) self.is_moderator = rights_mgr_user.is_moderator() self.is_admin = rights_mgr_user.is_admin() self.is_super_admin = ( current_user_services.is_current_user_super_admin()) self.values['is_moderator'] = self.is_moderator self.values['is_admin'] = self.is_admin self.values['is_super_admin'] = self.is_super_admin if self.request.get('payload'): self.payload = json.loads(self.request.get('payload')) else: self.payload = None
def get(self): if self.user_id and user_services.has_fully_registered(self.user_id): self.redirect(feconf.MY_EXPLORATIONS_URL) else: self.redirect(feconf.GALLERY_URL)
def render_template( self, filename, values=None, iframe_restriction='DENY', redirect_url_on_logout=None): if values is None: values = self.values scheme, netloc, path, _, _ = urlparse.urlsplit(self.request.uri) values.update({ 'ALL_CATEGORIES': feconf.ALL_CATEGORIES, 'ALL_LANGUAGE_CODES': feconf.ALL_LANGUAGE_CODES, 'ASSET_DIR_PREFIX': utils.get_asset_dir_prefix(), 'BEFORE_END_HEAD_TAG_HOOK': jinja2.utils.Markup( BEFORE_END_HEAD_TAG_HOOK.value), 'CAN_SEND_ANALYTICS_EVENTS': feconf.CAN_SEND_ANALYTICS_EVENTS, 'DEFAULT_LANGUAGE_CODE': feconf.ALL_LANGUAGE_CODES[0]['code'], 'DEV_MODE': feconf.DEV_MODE, 'MINIFICATION': feconf.IS_MINIFIED, 'DOMAIN_URL': '%s://%s' % (scheme, netloc), 'ACTIVITY_STATUS_PRIVATE': ( rights_manager.ACTIVITY_STATUS_PRIVATE), 'ACTIVITY_STATUS_PUBLIC': ( rights_manager.ACTIVITY_STATUS_PUBLIC), 'ACTIVITY_STATUS_PUBLICIZED': ( rights_manager.ACTIVITY_STATUS_PUBLICIZED), # The 'path' variable starts with a forward slash. 'FULL_URL': '%s://%s%s' % (scheme, netloc, path), 'INVALID_NAME_CHARS': feconf.INVALID_NAME_CHARS, 'RTE_COMPONENT_SPECS': ( rte_component_registry.Registry.get_all_specs()), 'SITE_FEEDBACK_FORM_URL': SITE_FEEDBACK_FORM_URL.value, 'SITE_NAME': SITE_NAME.value, 'SUPPORTED_SITE_LANGUAGES': feconf.SUPPORTED_SITE_LANGUAGES, 'SYSTEM_USERNAMES': feconf.SYSTEM_USERNAMES, 'TEMPLATE_DIR_PREFIX': utils.get_template_dir_prefix(), 'can_create_collections': ( self.username and self.username in config_domain.WHITELISTED_COLLECTION_EDITOR_USERNAMES.value ), 'user_is_logged_in': user_services.has_fully_registered( self.user_id), 'preferred_site_language_code': self.preferred_site_language_code }) if 'meta_name' not in values: values['meta_name'] = 'Personalized Online Learning from Oppia' if 'meta_description' not in values: values['meta_description'] = ( 'Oppia is a free, open-source learning platform. Join the ' 'community to create or try an exploration today!') if redirect_url_on_logout is None: redirect_url_on_logout = self.request.uri if self.user_id: values['logout_url'] = ( current_user_services.create_logout_url( redirect_url_on_logout)) else: target_url = ( '/' if self.request.uri.endswith(feconf.SPLASH_URL) else self.request.uri) values['login_url'] = ( current_user_services.create_login_url(target_url)) # Create a new csrf token for inclusion in HTML responses. This assumes # that tokens generated in one handler will be sent back to a handler # with the same page name. values['csrf_token'] = '' if self.REQUIRE_PAYLOAD_CSRF_CHECK: values['csrf_token'] = CsrfTokenManager.create_csrf_token( self.user_id) self.response.cache_control.no_cache = True self.response.cache_control.must_revalidate = True self.response.headers['Strict-Transport-Security'] = ( 'max-age=31536000; includeSubDomains') self.response.headers['X-Content-Type-Options'] = 'nosniff' if iframe_restriction is not None: if iframe_restriction in ['SAMEORIGIN', 'DENY']: self.response.headers['X-Frame-Options'] = iframe_restriction else: raise Exception( 'Invalid X-Frame-Options: %s' % iframe_restriction) self.response.expires = 'Mon, 01 Jan 1990 00:00:00 GMT' self.response.pragma = 'no-cache' self.response.write(self.jinja2_env.get_template( filename).render(**values)) # Calculate the processing time of this request. duration = datetime.datetime.utcnow() - self.start_time processing_time = duration.seconds + duration.microseconds / 1E6 counters.HTML_RESPONSE_TIME_SECS.inc(increment=processing_time) counters.HTML_RESPONSE_COUNT.inc()
def get(self): if self.user_id and user_services.has_fully_registered(self.user_id): self.redirect(feconf.DASHBOARD_URL) else: self.redirect(feconf.SPLASH_URL)
def __init__(self, request, response): # pylint: disable=super-init-not-called # Set self.request, self.response and self.app. self.initialize(request, response) self.start_time = datetime.datetime.utcnow() # Initializes the return dict for the handlers. self.values = {} if self.request.get('payload'): self.payload = json.loads(self.request.get('payload')) else: self.payload = None self.iframed = False self.is_super_admin = ( current_user_services.is_current_user_super_admin()) if feconf.ENABLE_MAINTENANCE_MODE and not self.is_super_admin: return self.gae_id = current_user_services.get_current_gae_id() self.user_id = None self.username = None self.partially_logged_in = False self.user_is_scheduled_for_deletion = False if self.gae_id: user_settings = user_services.get_user_settings_by_gae_id( self.gae_id, strict=False) if user_settings is None: email = current_user_services.get_current_user_email() user_settings = user_services.create_new_user( self.gae_id, email) self.values['user_email'] = user_settings.email self.user_id = user_settings.user_id if user_settings.deleted: self.user_is_scheduled_for_deletion = user_settings.deleted elif (self.REDIRECT_UNFINISHED_SIGNUPS and not user_services.has_fully_registered(user_settings.user_id)): self.partially_logged_in = True else: self.username = user_settings.username self.values['username'] = self.username # In order to avoid too many datastore writes, we do not bother # recording a log-in if the current time is sufficiently close # to the last log-in time. if (user_settings.last_logged_in is None or not utils.are_datetimes_close( datetime.datetime.utcnow(), user_settings.last_logged_in)): user_services.record_user_logged_in(self.user_id) self.role = ( feconf.ROLE_ID_GUEST if self.user_id is None else user_settings.role) self.user = user_services.UserActionsInfo(self.user_id) self.values['is_moderator'] = user_services.is_at_least_moderator( self.user_id) self.values['is_admin'] = user_services.is_admin(self.user_id) self.values['is_topic_manager'] = ( user_services.is_topic_manager(self.user_id)) self.values['is_super_admin'] = self.is_super_admin
def __init__(self, request, response): # pylint: disable=super-init-not-called # Set self.request, self.response and self.app. self.initialize(request, response) self.start_time = datetime.datetime.utcnow() # Initializes the return dict for the handlers. self.values = {} self.user_id = current_user_services.get_current_user_id() self.username = None self.has_seen_editor_tutorial = False self.has_seen_translation_tutorial = False self.partially_logged_in = False if self.user_id: user_settings = user_services.get_user_settings(self.user_id, strict=False) if user_settings is None: email = current_user_services.get_current_user_email() user_settings = user_services.create_new_user( self.user_id, email) self.values['user_email'] = user_settings.email if (self.REDIRECT_UNFINISHED_SIGNUPS and not user_services.has_fully_registered(self.user_id)): _clear_login_cookies(self.response.headers) self.partially_logged_in = True self.user_id = None else: self.username = user_settings.username self.values['username'] = self.username if user_settings.last_started_state_editor_tutorial: self.has_seen_editor_tutorial = True if user_settings.last_started_state_translation_tutorial: self.has_seen_translation_tutorial = True # In order to avoid too many datastore writes, we do not bother # recording a log-in if the current time is sufficiently close # to the last log-in time. if (user_settings.last_logged_in is None or not utils.are_datetimes_close( datetime.datetime.utcnow(), user_settings.last_logged_in)): user_services.record_user_logged_in(self.user_id) self.role = (feconf.ROLE_ID_GUEST if self.user_id is None else user_settings.role) self.user = user_services.UserActionsInfo(self.user_id) self.is_super_admin = ( current_user_services.is_current_user_super_admin()) self.values['additional_angular_modules'] = [] self.values['iframed'] = False self.values['is_moderator'] = user_services.is_at_least_moderator( self.user_id) self.values['is_admin'] = user_services.is_admin(self.user_id) self.values['is_topic_manager'] = (user_services.is_topic_manager( self.user_id)) self.values['is_super_admin'] = self.is_super_admin if self.request.get('payload'): self.payload = json.loads(self.request.get('payload')) else: self.payload = None
def render_template(self, filepath, iframe_restriction='DENY'): """Prepares an HTML response to be sent to the client. Args: filepath: str. The template filepath. iframe_restriction: str or None. Possible values are 'DENY' and 'SAMEORIGIN': DENY: Strictly prevents the template to load in an iframe. SAMEORIGIN: The template can only be displayed in a frame on the same origin as the page itself. """ values = self.values scheme, netloc, path, _, _ = urlparse.urlsplit(self.request.uri) values.update({ 'BEFORE_END_HEAD_TAG_HOOK': jinja2.utils.Markup(BEFORE_END_HEAD_TAG_HOOK.value), 'DEV_MODE': constants.DEV_MODE, 'DOMAIN_URL': '%s://%s' % (scheme, netloc), 'ACTIVITY_STATUS_PRIVATE': (rights_manager.ACTIVITY_STATUS_PRIVATE), 'ACTIVITY_STATUS_PUBLIC': (rights_manager.ACTIVITY_STATUS_PUBLIC), 'GCS_RESOURCE_BUCKET_NAME': (app_identity_services.get_gcs_resource_bucket_name()), # The 'path' variable starts with a forward slash. 'FULL_URL': '%s://%s%s' % (scheme, netloc, path), 'user_is_logged_in': user_services.has_fully_registered(self.user_id) }) if 'status_code' not in values: values['status_code'] = 200 if 'meta_name' not in values: values['meta_name'] = 'Personalized Online Learning from Oppia' if 'meta_description' not in values: values['meta_description'] = ( 'Oppia is a free, open-source learning platform. Join the ' 'community to create or try an exploration today!') # Create a new csrf token for inclusion in HTML responses. This assumes # that tokens generated in one handler will be sent back to a handler # with the same page name. values['csrf_token'] = '' if self.REQUIRE_PAYLOAD_CSRF_CHECK: values['csrf_token'] = CsrfTokenManager.create_csrf_token( self.user_id) self.response.cache_control.no_cache = True self.response.cache_control.must_revalidate = True self.response.headers['Strict-Transport-Security'] = ( 'max-age=31536000; includeSubDomains') self.response.headers['X-Content-Type-Options'] = 'nosniff' self.response.headers['X-Xss-Protection'] = '1; mode=block' if iframe_restriction is not None: if iframe_restriction in ['SAMEORIGIN', 'DENY']: self.response.headers['X-Frame-Options'] = iframe_restriction else: raise Exception('Invalid X-Frame-Options: %s' % iframe_restriction) self.response.expires = 'Mon, 01 Jan 1990 00:00:00 GMT' self.response.pragma = 'no-cache' self.response.write( self.jinja2_env.get_template(filepath).render(**values))
def render_template(self, filepath, iframe_restriction='DENY', redirect_url_on_logout=None): """Prepares an HTML response to be sent to the client. Args: filepath: str. The template filepath. iframe_restriction: str or None. Possible values are 'DENY' and 'SAMEORIGIN': DENY: Strictly prevents the template to load in an iframe. SAMEORIGIN: The template can only be displayed in a frame on the same origin as the page itself. redirect_url_on_logout: str or None. URL to redirect to on logout. """ values = self.values scheme, netloc, path, _, _ = urlparse.urlsplit(self.request.uri) values.update({ 'BEFORE_END_HEAD_TAG_HOOK': jinja2.utils.Markup(BEFORE_END_HEAD_TAG_HOOK.value), 'DEV_MODE': constants.DEV_MODE, 'DOMAIN_URL': '%s://%s' % (scheme, netloc), 'ACTIVITY_STATUS_PRIVATE': (rights_manager.ACTIVITY_STATUS_PRIVATE), 'ACTIVITY_STATUS_PUBLIC': (rights_manager.ACTIVITY_STATUS_PUBLIC), 'GCS_RESOURCE_BUCKET_NAME': (app_identity_services.get_gcs_resource_bucket_name()), # The 'path' variable starts with a forward slash. 'FULL_URL': '%s://%s%s' % (scheme, netloc, path), 'SITE_FEEDBACK_FORM_URL': feconf.SITE_FEEDBACK_FORM_URL, 'can_create_collections': bool(role_services.ACTION_CREATE_COLLECTION in self.user.actions), 'username': self.username, 'user_is_logged_in': user_services.has_fully_registered(self.user_id), 'preferred_site_language_code': self.preferred_site_language_code, 'allow_yaml_file_upload': feconf.ALLOW_YAML_FILE_UPLOAD }) if feconf.ENABLE_PROMO_BAR: promo_bar_enabled = config_domain.PROMO_BAR_ENABLED.value promo_bar_message = config_domain.PROMO_BAR_MESSAGE.value else: promo_bar_enabled = False promo_bar_message = '' values.update({ 'promo_bar_enabled': promo_bar_enabled, 'promo_bar_message': promo_bar_message, }) if 'status_code' not in values: values['status_code'] = 200 if 'meta_name' not in values: values['meta_name'] = 'Personalized Online Learning from Oppia' if 'meta_description' not in values: values['meta_description'] = ( 'Oppia is a free, open-source learning platform. Join the ' 'community to create or try an exploration today!') # nav_mode is used as part of the GLOBALS object in the frontend, but # not every backend handler declares a nav_mode. Thus, the following # code is a failsafe to ensure that the nav_mode key is added to all # page requests. if 'nav_mode' not in values: values['nav_mode'] = '' if redirect_url_on_logout is None: redirect_url_on_logout = self.request.uri if self.user_id: values['login_url'] = None values['logout_url'] = self._get_logout_url(redirect_url_on_logout) else: target_url = ('/' if self.request.uri.endswith(feconf.SPLASH_URL) else self.request.uri) values['login_url'] = ( current_user_services.create_login_url(target_url)) values['logout_url'] = None # Create a new csrf token for inclusion in HTML responses. This assumes # that tokens generated in one handler will be sent back to a handler # with the same page name. values['csrf_token'] = '' if self.REQUIRE_PAYLOAD_CSRF_CHECK: values['csrf_token'] = CsrfTokenManager.create_csrf_token( self.user_id) self.response.cache_control.no_cache = True self.response.cache_control.must_revalidate = True self.response.headers['Strict-Transport-Security'] = ( 'max-age=31536000; includeSubDomains') self.response.headers['X-Content-Type-Options'] = 'nosniff' self.response.headers['X-Xss-Protection'] = '1; mode=block' if iframe_restriction is not None: if iframe_restriction in ['SAMEORIGIN', 'DENY']: self.response.headers['X-Frame-Options'] = iframe_restriction else: raise Exception('Invalid X-Frame-Options: %s' % iframe_restriction) self.response.expires = 'Mon, 01 Jan 1990 00:00:00 GMT' self.response.pragma = 'no-cache' self.response.write( self.jinja2_env.get_template(filepath).render(**values))
def render_template(self, filename, values=None, iframe_restriction='DENY', redirect_url_on_logout=None): if values is None: values = self.values scheme, netloc, path, _, _ = urlparse.urlsplit(self.request.uri) values.update({ 'ALL_CATEGORIES': feconf.ALL_CATEGORIES, 'ALL_LANGUAGE_CODES': feconf.ALL_LANGUAGE_CODES, 'BEFORE_END_HEAD_TAG_HOOK': jinja2.utils.Markup(BEFORE_END_HEAD_TAG_HOOK.value), 'BEFORE_END_BODY_TAG_HOOK': jinja2.utils.Markup(BEFORE_END_BODY_TAG_HOOK.value), 'CAN_SEND_ANALYTICS_EVENTS': feconf.CAN_SEND_ANALYTICS_EVENTS, 'DEFAULT_LANGUAGE_CODE': feconf.ALL_LANGUAGE_CODES[0]['code'], 'DEV_MODE': feconf.DEV_MODE, 'DOMAIN_URL': '%s://%s' % (scheme, netloc), 'ACTIVITY_STATUS_PRIVATE': (rights_manager.ACTIVITY_STATUS_PRIVATE), 'ACTIVITY_STATUS_PUBLIC': (rights_manager.ACTIVITY_STATUS_PUBLIC), 'ACTIVITY_STATUS_PUBLICIZED': (rights_manager.ACTIVITY_STATUS_PUBLICIZED), 'FULL_URL': '%s://%s/%s' % (scheme, netloc, path), 'INVALID_NAME_CHARS': feconf.INVALID_NAME_CHARS, # TODO(sll): Consider including the obj_editor html directly as # part of the base HTML template? 'OBJECT_EDITORS_JS': jinja2.utils.Markup( obj_services.get_all_object_editor_js_templates()), 'RTE_COMPONENT_SPECS': (rte_component_registry.Registry.get_all_specs()), 'SHOW_CUSTOM_PAGES': feconf.SHOW_CUSTOM_PAGES, 'SIDEBAR_MENU_ADDITIONAL_LINKS': (SIDEBAR_MENU_ADDITIONAL_LINKS.value), 'SITE_FEEDBACK_FORM_URL': SITE_FEEDBACK_FORM_URL.value, 'SITE_NAME': SITE_NAME.value, 'SOCIAL_MEDIA_BUTTONS': SOCIAL_MEDIA_BUTTONS.value, 'SYSTEM_USERNAMES': feconf.SYSTEM_USERNAMES, 'user_is_logged_in': user_services.has_fully_registered(self.user_id), }) if 'meta_name' not in values: values['meta_name'] = 'Personalized Online Learning from Oppia' if 'meta_description' not in values: values['meta_description'] = ( 'Oppia is a free, open-source learning platform. Join the ' 'community to create or try an exploration today!') if redirect_url_on_logout is None: redirect_url_on_logout = self.request.uri if self.user_id: values['logout_url'] = (current_user_services.create_logout_url( redirect_url_on_logout)) else: values['login_url'] = (current_user_services.create_login_url( self.request.uri)) # Create a new csrf token for inclusion in HTML responses. This assumes # that tokens generated in one handler will be sent back to a handler # with the same page name. values['csrf_token'] = '' if self.REQUIRE_PAYLOAD_CSRF_CHECK and self.PAGE_NAME_FOR_CSRF: values['csrf_token'] = CsrfTokenManager.create_csrf_token( self.user_id, self.PAGE_NAME_FOR_CSRF) self.response.cache_control.no_cache = True self.response.cache_control.must_revalidate = True self.response.headers['Strict-Transport-Security'] = ( 'max-age=31536000; includeSubDomains') self.response.headers['X-Content-Type-Options'] = 'nosniff' if iframe_restriction is not None: if iframe_restriction in ['SAMEORIGIN', 'DENY']: self.response.headers['X-Frame-Options'] = iframe_restriction else: raise Exception('Invalid X-Frame-Options: %s' % iframe_restriction) self.response.expires = 'Mon, 01 Jan 1990 00:00:00 GMT' self.response.pragma = 'no-cache' self.response.write( self.jinja2_env.get_template(filename).render(**values)) # Calculate the processing time of this request. duration = datetime.datetime.utcnow() - self.start_time processing_time = duration.seconds + duration.microseconds / 1E6 counters.HTML_RESPONSE_TIME_SECS.inc(increment=processing_time) counters.HTML_RESPONSE_COUNT.inc()
def render_template(self, filename, iframe_restriction='DENY', redirect_url_on_logout=None): values = self.values scheme, netloc, path, _, _ = urlparse.urlsplit(self.request.uri) values.update({ 'ALL_CATEGORIES': feconf.ALL_CATEGORIES, 'ALL_LANGUAGE_CODES': feconf.ALL_LANGUAGE_CODES, 'ASSET_DIR_PREFIX': utils.get_asset_dir_prefix(), 'BEFORE_END_HEAD_TAG_HOOK': jinja2.utils.Markup(BEFORE_END_HEAD_TAG_HOOK.value), 'CAN_SEND_ANALYTICS_EVENTS': feconf.CAN_SEND_ANALYTICS_EVENTS, 'DEFAULT_LANGUAGE_CODE': feconf.ALL_LANGUAGE_CODES[0]['code'], 'DEV_MODE': feconf.DEV_MODE, 'MINIFICATION': feconf.IS_MINIFIED, 'DOMAIN_URL': '%s://%s' % (scheme, netloc), 'ACTIVITY_STATUS_PRIVATE': (rights_manager.ACTIVITY_STATUS_PRIVATE), 'ACTIVITY_STATUS_PUBLIC': (rights_manager.ACTIVITY_STATUS_PUBLIC), 'ACTIVITY_STATUS_PUBLICIZED': (rights_manager.ACTIVITY_STATUS_PUBLICIZED), # The 'path' variable starts with a forward slash. 'FULL_URL': '%s://%s%s' % (scheme, netloc, path), 'INVALID_NAME_CHARS': feconf.INVALID_NAME_CHARS, 'RTE_COMPONENT_SPECS': (rte_component_registry.Registry.get_all_specs()), 'SITE_FEEDBACK_FORM_URL': SITE_FEEDBACK_FORM_URL.value, 'SITE_NAME': SITE_NAME.value, 'SUPPORTED_SITE_LANGUAGES': feconf.SUPPORTED_SITE_LANGUAGES, 'SYSTEM_USERNAMES': feconf.SYSTEM_USERNAMES, 'TEMPLATE_DIR_PREFIX': utils.get_template_dir_prefix(), 'can_create_collections': (self.username and self.username in config_domain.WHITELISTED_COLLECTION_EDITOR_USERNAMES.value), 'user_is_logged_in': user_services.has_fully_registered(self.user_id), 'preferred_site_language_code': self.preferred_site_language_code }) if 'meta_name' not in values: values['meta_name'] = 'Personalized Online Learning from Oppia' if 'meta_description' not in values: values['meta_description'] = ( 'Oppia is a free, open-source learning platform. Join the ' 'community to create or try an exploration today!') # nav_mode is used as part of the GLOBALS object in the frontend, but # not every backend handler declares a nav_mode. Thus, the following # code is a failsafe to ensure that the nav_mode key is added to all # page requests. if 'nav_mode' not in values: values['nav_mode'] = '' if redirect_url_on_logout is None: redirect_url_on_logout = self.request.uri if self.user_id: values['logout_url'] = (current_user_services.create_logout_url( redirect_url_on_logout)) else: target_url = ('/' if self.request.uri.endswith(feconf.SPLASH_URL) else self.request.uri) values['login_url'] = ( current_user_services.create_login_url(target_url)) # Create a new csrf token for inclusion in HTML responses. This assumes # that tokens generated in one handler will be sent back to a handler # with the same page name. values['csrf_token'] = '' if self.REQUIRE_PAYLOAD_CSRF_CHECK: values['csrf_token'] = CsrfTokenManager.create_csrf_token( self.user_id) self.response.cache_control.no_cache = True self.response.cache_control.must_revalidate = True self.response.headers['Strict-Transport-Security'] = ( 'max-age=31536000; includeSubDomains') self.response.headers['X-Content-Type-Options'] = 'nosniff' if iframe_restriction is not None: if iframe_restriction in ['SAMEORIGIN', 'DENY']: self.response.headers['X-Frame-Options'] = iframe_restriction else: raise Exception('Invalid X-Frame-Options: %s' % iframe_restriction) self.response.expires = 'Mon, 01 Jan 1990 00:00:00 GMT' self.response.pragma = 'no-cache' self.response.write( self.jinja2_env.get_template(filename).render(**values))