def create_forum_thread(request):
if not request.user.is_superuser:
user_run_throttler = UserActionThrottler(request.user,
"forum-thread-create",
24 * 60 * 60, 10)
if not user_run_throttler.increm():
return ForumError.FORUM_THREAD_LIMIT_EXCEEDED
title = request.POST["title"]
if len(title) > 160:
return ForumError.TITLE_TOO_LONG
non_empty_url = False
for character in title:
if character.isalnum():
non_empty_url = True
if not non_empty_url:
return ForumError.INVALID_TITLE
forum = Forum.objects.get(id=int(request.POST["forumId"]))
forum_thread = ForumThread.create(request.user, request.POST["title"],
request.POST["message"], forum)
state = State()
forum_thread.publish_create_event()
forum_thread.add_to_state(state)
return state.to_response({"forumThreadId": forum_thread.id})
def private_chat_state(request):
user1 = get_user_model().objects.get(id=int(request.POST["userId"]))
user2 = request.user
state = State()
existing_chat = PrivateChat.get(user1=user1, user2=user2)
if existing_chat:
last_message_id = None
if "lastMessageId" in request.POST:
last_message_id = int(request.POST["lastMessageId"])
existing_chat.add_to_state(state,
message_count=20,
last_message_id=last_message_id)
return state.to_response({"privateChatId": existing_chat.id})
create_throttle = UserActionThrottler(request.user, "create-private-chat",
24 * 60 * 60, 10)
if not request.user.is_superuser and not create_throttle.increm():
return ChatError.NEW_PRIVATE_CHAT_LIMIT_EXCEEDED
private_chat = PrivateChat.get_or_create(user1, user2)
private_chat.add_to_state(state)
return state.to_response({"privateChatId": private_chat.id})
def send(self, request=None, signup=False):
from establishment.webapp.throttle import UserActionThrottler
email_throttler = UserActionThrottler(self.user or 0, "verify-email-" + self.email, 60 * 60, 3)
if not email_throttler.increm():
return
send_verification_mail(request, self, signup)
self.sent = timezone.now()
self.save()
def group_chat_post(request):
if not request.user.is_superuser:
user_run_throttler = UserActionThrottler(request.user, "post-message",
60, 100)
if not user_run_throttler.increm():
return ChatError.MESSAGE_LIMIT_EXCEEDED
group_chat_id = int(request.POST["chatId"])
content = request.POST["message"]
group_chat = GroupChat.objects.get(id=group_chat_id)
can_post, error = group_chat.can_post(request.user, content)
if not can_post:
return error
message, json_response = group_chat.post_from_request(request)
return json_response
def private_chat_post(request):
if not request.user.is_superuser:
# TODO: this needs multiple throttlers
user_run_throttler = UserActionThrottler(request.user, "post-message",
60, 60)
if not user_run_throttler.increm():
return ChatError.MESSAGE_LIMIT_EXCEEDED
private_chat_id = int(request.POST["privateChatId"])
content = request.POST["message"]
try:
private_chat = PrivateChat.objects.get(id=private_chat_id)
except Exception as e:
# TODO: log this
return BaseError.OBJECT_NOT_FOUND
can_post, error = private_chat.can_post(request.user, content)
if not can_post:
# TODO: log this
return error
message_instance, json_response = private_chat.create_message_from_request(
request)
state = State()
state.add(private_chat)
state.add(private_chat.message_thread)
state.add(message_instance)
private_chat.user_posted(request.user, message_instance)
private_chat.publish_event("privateMessage", {},
extra={
"messageId": message_instance.id,
"privateChatId": private_chat.id,
"state": state
},
stream_names=private_chat.get_user_streams())
return json_response
def user_password_reset_request(request):
reset_email_address = request.POST["email"]
from establishment.webapp.throttle import UserActionThrottler
reset_password_throttler = UserActionThrottler(
request.user or 0, "reset-password-" + reset_email_address, 60 * 60, 2)
if not reset_password_throttler.increm():
return AccountsError.TOO_MANY_PASSWORD_RESETS
logger.info("Requesting a password reset for email " +
str(reset_email_address))
try:
user = get_user_manager().get(email__iexact=reset_email_address)
except:
return AccountsError.INVALID_EMAIL_ADDRESS
#TODO: A logged in user can only request a password reset for themselves
reset_token = password_reset_token_generator.make_token(user)
# Send the password reset email
# TODO: is this reverse the best way of doing this?
path = reverse("user_password_reset_from_token",
kwargs=dict(user_base36=int_to_base36(user.id),
reset_token=reset_token))
url = request.build_absolute_uri(path)
from django.contrib.sites.models import Site
context = {
"password_reset_url": url,
"current_site": Site.objects.get_current(request=request)
}
send_template_mail("account/email/password_reset_key", reset_email_address,
context)
return {"success": True}
def forum_thread_post(request):
if not request.user.is_superuser:
user_run_throttler = UserActionThrottler(request.user,
"forum-post-message", 60, 5)
if not user_run_throttler.increm():
return ForumError.MESSAGE_LIMIT_EXCEEDED
forum_thread = ForumThread.objects.get(
id=int(request.POST["forumThreadId"]))
content = request.POST["message"]
can_post, error = forum_thread.can_post(request.user, content)
if not can_post:
return error
message, json_response = forum_thread.post_message_from_request(request)
if message:
forum_thread.publish_event("lastActive", {
"lastActive": message.time_added,
})
return json_response