def get_express_checkout_details(token): try: doc = dataent.get_doc("PayPal Settings") doc.setup_sandbox_env(token) params, url = doc.get_paypal_params_and_url() params.update({ "METHOD": "GetExpressCheckoutDetails", "TOKEN": token }) response = make_post_request(url, data=params) if response.get("ACK")[0] != "Success": dataent.respond_as_web_page(_("Something went wrong"), _("Looks like something went wrong during the transaction. Since we haven't confirmed the payment, Paypal will automatically refund you this amount. If it doesn't, please send us an email and mention the Correlation ID: {0}.").format(response.get("CORRELATIONID", [None])[0]), indicator_color='red', http_status_code=dataent.ValidationError.http_status_code) return doc = dataent.get_doc("Integration Request", token) update_integration_request_status(token, { "payerid": response.get("PAYERID")[0], "payer_email": response.get("EMAIL")[0] }, "Authorized", doc=doc) dataent.local.response["type"] = "redirect" dataent.local.response["location"] = get_redirect_uri(doc, token, response.get("PAYERID")[0]) except Exception: dataent.log_error(dataent.get_traceback())
def execute_cmd(cmd, from_async=False): """execute a request as python module""" for hook in dataent.get_hooks("override_whitelisted_methods", {}).get(cmd, []): # override using the first hook cmd = hook break try: method = get_attr(cmd) except Exception as e: if dataent.local.conf.developer_mode: raise e else: dataent.respond_as_web_page(title='Invalid Method', html='Method not found', indicator_color='red', http_status_code=404) return if from_async: method = method.queue is_whitelisted(method) return dataent.call(method, **dataent.form_dict)
def dropbox_auth_finish(return_access_token=False): app_details = get_dropbox_settings(redirect_uri=True) callback = dataent.form_dict close = '<p class="text-muted">' + _('Please close this window') + '</p>' dropbox_oauth_flow = dropbox.DropboxOAuth2Flow( app_details["app_key"], app_details["app_secret"], app_details["redirect_uri"], { 'dropbox-auth-csrf-token': callback.state }, "dropbox-auth-csrf-token" ) if callback.state or callback.code: token = dropbox_oauth_flow.finish({'state': callback.state, 'code': callback.code}) if return_access_token and token.access_token: return token.access_token, callback.state set_dropbox_access_token(token.access_token) else: dataent.respond_as_web_page(_("Dropbox Setup"), _("Illegal Access Token. Please try again") + close, indicator_color='red', http_status_code=dataent.AuthenticationError.http_status_code) dataent.respond_as_web_page(_("Dropbox Setup"), _("Dropbox access is approved!") + close, indicator_color='green')
def return_success_page(doc): dataent.respond_as_web_page(_("Success"), _("{0}: {1} is set to state {2}".format( doc.get('doctype'), dataent.bold(doc.get('name')), dataent.bold( get_doc_workflow_state(doc)))), indicator_color='green')
def return_link_expired_page(doc, doc_workflow_state): dataent.respond_as_web_page( _("Link Expired"), _("Document {0} has been set to state {1} by {2}".format( dataent.bold(doc.get('name')), dataent.bold(doc_workflow_state), dataent.bold( dataent.get_value('User', doc.get("modified_by"), 'full_name')))), indicator_color='blue')
def login_via_token(login_token): sid = dataent.cache().get_value("login_token:{0}".format(login_token), expires=True) if not sid: dataent.respond_as_web_page(_("Invalid Request"), _("Invalid Login Token"), http_status_code=417) return dataent.local.form_dict.sid = sid dataent.local.login_manager = LoginManager() redirect_post_login(desk_user = dataent.db.get_value("User", dataent.session.user, "user_type")=="System User")
def handle_session_stopped(): dataent.respond_as_web_page( _("Updating"), _("Your system is being updated. Please refresh again after a few moments" ), http_status_code=503, indicator_color='orange', fullpage=True, primary_action=None) return dataent.website.render.render("message", http_status_code=503)
def callback(*args, **kwargs): migrator = dataent.get_doc("QuickBooks Migrator") migrator.set_indicator("Connecting to QuickBooks") migrator.code = kwargs.get("code") migrator.quickbooks_company_id = kwargs.get("realmId") migrator.save() migrator.get_tokens() dataent.db.commit() migrator.set_indicator("Connected to QuickBooks") # We need this page to automatically close afterwards dataent.respond_as_web_page("Quickbooks Authentication", html="<script>window.close()</script>")
def get_checkout_url(**kwargs): try: if kwargs.get('payment_gateway'): doc = dataent.get_doc("{0} Settings".format(kwargs.get('payment_gateway'))) return doc.get_payment_url(**kwargs) else: raise Exception except Exception: dataent.respond_as_web_page(_("Something went wrong"), _("Looks like something is wrong with this site's payment gateway configuration. No payment has been made."), indicator_color='red', http_status_code=dataent.ValidationError.http_status_code)
def get_payment_url(doc, method): if doc.docstatus == 1: if doc.payment_gateway == "Razorpay": dataent.local.response["type"] = "redirect" dataent.local.response[ "location"] = "./razorpay_checkout?payment_request={0}".format( doc.name) else: dataent.respond_as_web_page( _("Invalid Payment Request"), _("Payment Request has been canceled by vendor"), success=False, http_status_code=dataent.ValidationError.http_status_code)
def sign_up(email, full_name, redirect_to): if not is_signup_enabled(): dataent.throw(_('Sign Up is disabled'), title='Not Allowed') user = dataent.db.get("User", {"email": email}) if user: if user.disabled: return 0, _("Registered but disabled") else: return 0, _("Already Registered") else: if dataent.db.sql("""select count(*) from tabUser where HOUR(TIMEDIFF(CURRENT_TIMESTAMP, TIMESTAMP(modified)))=1""")[0][0] > 300: dataent.respond_as_web_page( _('Temperorily Disabled'), _('Too many users signed up recently, so the registration is disabled. Please try back in an hour' ), http_status_code=429) from dataent.utils import random_string user = dataent.get_doc({ "doctype": "User", "email": email, "first_name": full_name, "enabled": 1, "new_password": random_string(10), "user_type": "Website User" }) user.flags.ignore_permissions = True user.insert() # set default signup role as per Portal Settings default_role = dataent.db.get_value("Portal Settings", None, "default_role") if default_role: user.add_roles(default_role) if redirect_to: dataent.cache().hset('redirect_after_login', user.name, redirect_to) if user.flags.email_sent: return 1, _("Please check your email for verification") else: return 2, _("Please ask your administrator to verify your sign-up")
def authorize(*args, **kwargs): #Fetch provider URL from settings oauth_settings = get_oauth_settings() params = get_urlparams_from_kwargs(kwargs) request_url = urlparse(dataent.request.url) success_url = request_url.scheme + "://" + request_url.netloc + "/api/method/dataent.integrations.oauth2.approve?" + params failure_url = dataent.form_dict["redirect_uri"] + "?error=access_denied" if dataent.session['user']=='Guest': #Force login, redirect to preauth again. dataent.local.response["type"] = "redirect" dataent.local.response["location"] = "/login?redirect-to=/api/method/dataent.integrations.oauth2.authorize?" + quote(params.replace("+"," ")) elif dataent.session['user']!='Guest': try: r = dataent.request uri = url_fix(r.url) http_method = r.method body = r.get_data() headers = r.headers scopes, dataent.flags.oauth_credentials = get_oauth_server().validate_authorization_request(uri, http_method, body, headers) skip_auth = dataent.db.get_value("OAuth Client", dataent.flags.oauth_credentials['client_id'], "skip_authorization") unrevoked_tokens = dataent.get_all("OAuth Bearer Token", filters={"status":"Active"}) if skip_auth or (oauth_settings["skip_authorization"] == "Auto" and len(unrevoked_tokens)): dataent.local.response["type"] = "redirect" dataent.local.response["location"] = success_url else: #Show Allow/Deny screen. response_html_params = dataent._dict({ "client_id": dataent.db.get_value("OAuth Client", kwargs['client_id'], "app_name"), "success_url": success_url, "failure_url": failure_url, "details": scopes }) resp_html = dataent.render_template("templates/includes/oauth_confirmation.html", response_html_params) dataent.respond_as_web_page("Confirm Access", resp_html) except FatalClientError as e: return e except OAuth2Error as e: return e
def confirm_subscription(email): if not verify_request(): return if not dataent.db.exists("Email Group", _("Website")): dataent.get_doc({ "doctype": "Email Group", "title": _("Website") }).insert(ignore_permissions=True) dataent.flags.ignore_permissions = True add_subscribers(_("Website"), email) dataent.db.commit() dataent.respond_as_web_page(_("Confirmed"), _("{0} has been successfully added to the Email Group.").format(email), indicator_color='green')
def return_action_confirmation_page(doc, action, action_link, alert_doc_change=False): template_params = { 'title': doc.get('name'), 'doctype': doc.get('doctype'), 'docname': doc.get('name'), 'action': action, 'action_link': action_link, 'alert_doc_change': alert_doc_change } template_params['pdf_link'] = get_pdf_link(doc.get('doctype'), doc.get('name')) dataent.respond_as_web_page(None, None, indicator_color="blue", template="confirm_workflow_action", context=template_params)
def build_response(self): self.writer = UnicodeWriter() self.name_field = 'parent' if self.parent_doctype != self.doctype else 'name' if self.template: self.add_main_header() self.writer.writerow(['']) self.tablerow = [self.data_keys.doctype] self.labelrow = [_("Column Labels:")] self.fieldrow = [self.data_keys.columns] self.mandatoryrow = [_("Mandatory:")] self.typerow = [_('Type:')] self.inforow = [_('Info:')] self.columns = [] self.build_field_columns(self.doctype) if self.all_doctypes: for d in self.child_doctypes: self.append_empty_field_column() if (self.select_columns and self.select_columns.get( d['doctype'], None)) or not self.select_columns: # if atleast one column is selected for this doctype self.build_field_columns(d['doctype'], d['parentfield']) self.add_field_headings() self.add_data() if self.with_data and not self.data: dataent.respond_as_web_page(_('No Data'), _('There is no data to be exported'), indicator_color='orange') if self.file_type == 'Excel': self.build_response_as_excel() else: # write out response as a type csv dataent.response['result'] = cstr(self.writer.getvalue()) dataent.response['type'] = 'csv' dataent.response['doctype'] = self.doctype
def verify_request(): """Verify if the incoming signed request if it is correct.""" query_string = dataent.safe_decode(dataent.local.flags.signed_query_string or \ getattr(dataent.request, 'query_string', None)) valid = False signature_string = '&_signature=' if signature_string in query_string: params, signature = query_string.split(signature_string) given_signature = hmac.new(params.encode('utf-8')) given_signature.update(get_secret().encode()) valid = signature == given_signature.hexdigest() if not valid: dataent.respond_as_web_page( _("Invalid Link"), _("This link is invalid or expired. Please make sure you have pasted correctly." )) return valid
def return_unsubscribed_page(email, name): dataent.respond_as_web_page(_("Unsubscribed from Newsletter"), _("<b>{0}</b> has been successfully unsubscribed from this mailing list.").format(email, name), indicator_color='green')
def return_confirmation_page(email, name, primary_action): dataent.respond_as_web_page(_("Unsubscribe from Newsletter"),_("Do you want to unsubscribe from this mailing list?"), indicator_color="blue", primary_label = _("Unsubscribe"), primary_action=primary_action)
def web_logout(): dataent.local.login_manager.logout() dataent.db.commit() dataent.respond_as_web_page(_("Logged Out"), _("You have been successfully logged out"), indicator_color='green')
def return_unsubscribed_page(email, doctype, name): dataent.respond_as_web_page(_("Unsubscribed"), _("{0} has left the conversation in {1} {2}").format(email, _(doctype), name), indicator_color='green')
def handle_exception(e): response = None http_status_code = getattr(e, "http_status_code", 500) return_as_message = False if dataent.get_request_header('Accept') and ( dataent.local.is_ajax or 'application/json' in dataent.get_request_header('Accept')): # handle ajax responses first # if the request is ajax, send back the trace or error message response = dataent.utils.response.report_error(http_status_code) elif (http_status_code == 500 and isinstance(e, pymysql.InternalError) and e.args[0] in (ER.LOCK_WAIT_TIMEOUT, ER.LOCK_DEADLOCK)): http_status_code = 508 elif http_status_code == 401: dataent.respond_as_web_page( _("Session Expired"), _("Your session has expired, please login again to continue."), http_status_code=http_status_code, indicator_color='red') return_as_message = True elif http_status_code == 403: dataent.respond_as_web_page( _("Not Permitted"), _("You do not have enough permissions to complete the action"), http_status_code=http_status_code, indicator_color='red') return_as_message = True elif http_status_code == 404: dataent.respond_as_web_page( _("Not Found"), _("The resource you are looking for is not available"), http_status_code=http_status_code, indicator_color='red') return_as_message = True else: traceback = "<pre>" + dataent.get_traceback() + "</pre>" if dataent.local.flags.disable_traceback: traceback = "" dataent.respond_as_web_page("Server Error", traceback, http_status_code=http_status_code, indicator_color='red', width=640) return_as_message = True if e.__class__ == dataent.AuthenticationError: if hasattr(dataent.local, "login_manager"): dataent.local.login_manager.clear_cookies() if http_status_code >= 500: dataent.logger().error('Request Error', exc_info=True) make_error_snapshot(e) if return_as_message: response = dataent.website.render.render( "message", http_status_code=http_status_code) return response
def login_oauth_user(data=None, provider=None, state=None, email_id=None, key=None, generate_login_token=False): if not ((data and provider and state) or (email_id and key)): dataent.respond_as_web_page(_("Invalid Request"), _("Missing parameters for login"), http_status_code=417) return _login_oauth_user(data, provider, state, email_id, key, generate_login_token)