def get_recently_added_contributors(auth, **kwargs):
node = kwargs['node'] or kwargs['project']
max_results = request.args.get('max')
if max_results:
try:
max_results = int(max_results)
except (TypeError, ValueError):
raise HTTPError(http.BAD_REQUEST)
if not max_results:
max_results = len(auth.user.recently_added)
# only include active contributors
active_contribs = itertools.ifilter(
lambda c: c.is_active() and c._id not in node.contributors,
auth.user.recently_added)
# Limit to max_results
limited_contribs = itertools.islice(active_contribs, max_results)
contribs = [
utils.add_contributor_json(contrib, get_current_user())
for contrib in limited_contribs
]
return {'contributors': contribs}
def get_most_in_common_contributors(auth, **kwargs):
node = kwargs['node'] or kwargs['project']
node_contrib_ids = set(node.contributors._to_primary_keys())
try:
n_contribs = int(request.args.get('max', None))
except (TypeError, ValueError):
n_contribs = settings.MAX_MOST_IN_COMMON_LENGTH
contrib_counts = Counter(
contrib_id for node in auth.user.node__contributed
for contrib_id in node.contributors._to_primary_keys()
if contrib_id not in node_contrib_ids)
active_contribs = itertools.ifilter(lambda c: User.load(c[0]).is_active(),
contrib_counts.most_common())
limited = itertools.islice(active_contribs, n_contribs)
contrib_objs = [(User.load(_id), count) for _id, count in limited]
contribs = [
utils.add_contributor_json(most_contrib, get_current_user())
for most_contrib, count in sorted(contrib_objs,
key=lambda t: (-t[1], t[0].fullname))
]
return {'contributors': contribs}
def figshare_oauth_start(**kwargs):
user = get_current_user()
nid = kwargs.get('nid') or kwargs.get('pid')
node = models.Node.load(nid) if nid else None
if node and not node.is_contributor(user):
raise HTTPError(http.FORBIDDEN)
user.add_addon('figshare')
figshare_user = user.get_addon('figshare')
if node:
figshare_node = node.get_addon('figshare')
figshare_node.user_settings = figshare_user
figshare_node.save()
request_token, request_token_secret, authorization_url = oauth_start_url(user, node)
figshare_user.oauth_request_token = request_token
figshare_user.oauth_request_token_secret = request_token_secret
figshare_user.save()
return redirect(authorization_url)
def github_oauth_start(**kwargs):
user = get_current_user()
nid = kwargs.get('nid') or kwargs.get('pid')
node = models.Node.load(nid) if nid else None
# Fail if node provided and user not contributor
if node and not node.is_contributor(user):
raise HTTPError(http.FORBIDDEN)
user.add_addon('github')
user_settings = user.get_addon('github')
if node:
github_node = node.get_addon('github')
github_node.user_settings = user_settings
github_node.save()
authorization_url, state = oauth_start_url(user, node)
user_settings.oauth_state = state
user_settings.save()
return redirect(authorization_url)
def article_to_hgrid(node, article, expand=False, folders_only=False):
if node.is_public:
user = get_current_user()
if not node.is_contributor(user):
if article.get('status') in ['Drafts', None]:
return None
if article['defined_type'] == 'fileset' or not article['files']:
if folders_only:
return None
if expand:
return [file_to_hgrid(node, article, item) for item in article['files']]
return {
'name': '{0}:{1}'.format(article['title'] or 'Unnamed', article['article_id']), # Is often blank?
'kind': 'folder' if article['files'] else 'folder', # TODO Change me
'urls': {
'upload': '{base}figshare/{aid}/'.format(base=node.api_url, aid=article['article_id']),
'delete': '' if article['status'] == 'public' else node.api_url + 'figshare/' + str(article['article_id']) + '/file/{id}/delete/',
'download': '',
# TODO: This endpoint isn't defined
'fetch': '{base}figshare/hgrid/article/{aid}/'.format(base=node.api_url, aid=article['article_id']),
'view': ''
},
'permissions': {
'edit': article['status'] != 'Public', # This needs to be something else
'view': True,
'download': article['status'] == 'Public'
}
}
else:
if folders_only:
return None
return file_to_hgrid(node, article, article['files'][0])
def get_most_in_common_contributors(auth, **kwargs):
node = kwargs['node'] or kwargs['project']
node_contrib_ids = set(node.contributors._to_primary_keys())
try:
n_contribs = int(request.args.get('max', None))
except (TypeError, ValueError):
n_contribs = settings.MAX_MOST_IN_COMMON_LENGTH
contrib_counts = Counter(contrib_id
for node in auth.user.node__contributed
for contrib_id in node.contributors._to_primary_keys()
if contrib_id not in node_contrib_ids)
active_contribs = itertools.ifilter(
lambda c: User.load(c[0]).is_active(),
contrib_counts.most_common()
)
limited = itertools.islice(active_contribs, n_contribs)
contrib_objs = [(User.load(_id), count) for _id, count in limited]
contribs = [
utils.add_contributor_json(most_contrib, get_current_user())
for most_contrib, count in sorted(contrib_objs, key=lambda t: (-t[1], t[0].fullname))
]
return {'contributors': contribs}
def menbib_oauth_finish(**kwargs):
user = get_current_user()
if not user:
raise HTTPError(http.FORBIDDEN)
node = Node.load(session.data.get('menbib_auth_nid'))
result = finish_auth()
user.add_addon('menbib')
user.save()
user_settings = user.get_addon('menbib')
user_settings.owner = user
user_settings.access_token = result.access_token
user_settings.refresh_token = result.refresh_token
user_settings.token_type = result.token_type
user_settings.expires_in = result.expires_in
user_settings.save()
flash('Successfully authorized Mendeley', 'success')
if node:
del session.data['menbib_auth_nid']
if node.has_addon('menbib'):
node_addon = node.get_addon('menbib')
node_addon.set_user_auth(user_settings)
node_addon.save()
return redirect(node.web_url_for('node_setting'))
return redirect(web_url_for('user_addons'))
def get_recently_added_contributors(auth, **kwargs):
node = kwargs['node'] or kwargs['project']
max_results = request.args.get('max')
if max_results:
try:
max_results = int(max_results)
except (TypeError, ValueError):
raise HTTPError(http.BAD_REQUEST)
if not max_results:
max_results = len(auth.user.recently_added)
# only include active contributors
active_contribs = itertools.ifilter(
lambda c: c.is_active() and c._id not in node.contributors,
auth.user.recently_added
)
# Limit to max_results
limited_contribs = itertools.islice(active_contribs, max_results)
contribs = [
utils.add_contributor_json(contrib, get_current_user())
for contrib in limited_contribs
]
return {'contributors': contribs}
def _profile_view(uid=None):
# TODO: Fix circular import
from website.addons.badges.util import get_sorted_user_badges
user = get_current_user()
profile = User.load(uid) if uid else user
if not (uid or user):
return redirect('/login/?next={0}'.format(request.path))
if 'badges' in settings.ADDONS_REQUESTED:
badge_assertions = get_sorted_user_badges(profile),
badges = _get_user_created_badges(profile)
else:
# NOTE: While badges, are unused, 'assertions' and 'badges' can be
# empty lists.
badge_assertions = []
badges = []
if profile:
profile_user_data = profile_utils.serialize_user(profile, full=True)
return {
'profile': profile_user_data,
'assertions': badge_assertions,
'badges': badges,
'user': {
'is_profile': user == profile,
'can_edit': None, # necessary for rendering nodes
'permissions': [], # necessary for rendering nodes
},
}
raise HTTPError(http.NOT_FOUND)
def mendeley_oauth_start(*args, **kwargs):
user = get_current_user()
nid = kwargs.get('nid') or kwargs.get('pid')
node = models.Node.load(nid) if nid else None
# Fail if node provided and user not contributor
if node and not node.is_contributor(user):
raise HTTPError(http.FORBIDDEN)
user.add_addon('mendeley')
mendeley_user = user.get_addon('mendeley')
if node:
mendeley_node = node.get_addon('mendeley')
mendeley_node.user_settings = mendeley_user
# Add webhook
if mendeley_node.user and mendeley_node.repo:
mendeley_node.add_hook()
mendeley_node.save()
authorization_url, state = oauth_start_url(user, node)
mendeley_user.oauth_state = state
mendeley_user.save()
return redirect(authorization_url)
def figshare_oauth_start(**kwargs):
user = get_current_user()
nid = kwargs.get('nid') or kwargs.get('pid')
node = models.Node.load(nid) if nid else None
if node and not node.is_contributor(user):
raise HTTPError(http.FORBIDDEN)
user.add_addon('figshare')
figshare_user = user.get_addon('figshare')
if node:
figshare_node = node.get_addon('figshare')
figshare_node.user_settings = figshare_user
figshare_node.save()
request_token, request_token_secret, authorization_url = oauth_start_url(
user, node)
figshare_user.oauth_request_token = request_token
figshare_user.oauth_request_token_secret = request_token_secret
figshare_user.save()
return redirect(authorization_url)
def bitbucket_oauth_start(*args, **kwargs):
user = get_current_user()
nid = kwargs.get('nid') or kwargs.get('pid')
node = models.Node.load(nid) if nid else None
if node and not node.is_contributor(user):
raise HTTPError(http.FORBIDDEN)
user.add_addon('bitbucket')
bitbucket_user = user.get_addon('bitbucket')
if node:
bitbucket_node = node.get_addon('bitbucket')
bitbucket_node.user_settings = bitbucket_user
bitbucket_node.save()
request_token, request_token_secret, authorization_url = \
oauth_start_url(user, node)
bitbucket_user.oauth_request_token = request_token
bitbucket_user.oauth_request_token_secret = request_token_secret
bitbucket_user.save()
return redirect(authorization_url)
def bitbucket_oauth_start(*args, **kwargs):
user = get_current_user()
nid = kwargs.get('nid') or kwargs.get('pid')
node = models.Node.load(nid) if nid else None
if node and not node.is_contributor(user):
raise HTTPError(http.FORBIDDEN)
user.add_addon('bitbucket')
bitbucket_user = user.get_addon('bitbucket')
if node:
bitbucket_node = node.get_addon('bitbucket')
bitbucket_node.user_settings = bitbucket_user
bitbucket_node.save()
request_token, request_token_secret, authorization_url = \
oauth_start_url(user, node)
bitbucket_user.oauth_request_token = request_token
bitbucket_user.oauth_request_token_secret = request_token_secret
bitbucket_user.save()
return redirect(authorization_url)
def dropbox_oauth_finish(**kwargs):
"""View called when the Oauth flow is completed. Adds a new DropboxUserSettings
record to the user and saves the user's access token and account info.
"""
user = get_current_user()
if not user:
raise HTTPError(http.FORBIDDEN)
node = Node.load(session.data.get('dropbox_auth_nid'))
result = finish_auth()
# If result is a redirect response, follow the redirect
if isinstance(result, BaseResponse):
return result
# Make sure user has dropbox enabled
user.add_addon('dropbox')
user.save()
user_settings = user.get_addon('dropbox')
user_settings.owner = user
user_settings.access_token = result.access_token
user_settings.dropbox_id = result.dropbox_id
client = get_client_from_user_settings(user_settings)
user_settings.dropbox_info = client.account_info()
user_settings.save()
flash('Successfully authorized Dropbox', 'success')
if node:
del session.data['dropbox_auth_nid']
# Automatically use newly-created auth
if node.has_addon('dropbox'):
node_addon = node.get_addon('dropbox')
node_addon.set_user_auth(user_settings)
node_addon.save()
return redirect(node.web_url_for('node_setting'))
return redirect(web_url_for('user_addons'))
def auth_login(registration_form=None, forgot_password_form=None, **kwargs):
"""If GET request, show login page. If POST, attempt to log user in if
login form passsed; else send forgot password email.
"""
if get_current_user():
if not request.args.get('logout'):
return redirect('/dashboard/')
logout()
direct_call = registration_form or forgot_password_form
if request.method == 'POST' and not direct_call:
form = SignInForm(request.form)
if form.validate():
twofactor_code = None
if 'twofactor' in website.settings.ADDONS_REQUESTED:
twofactor_code = form.two_factor.data
try:
response = login(
form.username.data,
form.password.data,
twofactor_code
)
return response
except auth.LoginNotAllowedError:
status.push_status_message(language.UNCONFIRMED, 'warning')
# Don't go anywhere
return {'next': ''}
except auth.PasswordIncorrectError:
status.push_status_message(language.LOGIN_FAILED)
except auth.TwoFactorValidationError:
status.push_status_message(language.TWO_FACTOR_FAILED)
forms.push_errors_to_status(form.errors)
if kwargs.get('first', False):
status.push_status_message('You may now log in')
# Get next URL from GET / POST data
next_url = request.args.get(
'next',
request.form.get(
'next_url',
''
)
)
status_message = request.args.get('status', '')
if status_message == 'expired':
status.push_status_message('The private link you used is expired.')
code = http.OK
if next_url:
status.push_status_message(language.MUST_LOGIN)
# Don't raise error if user is being logged out
if not request.args.get('logout'):
code = http.UNAUTHORIZED
return {'next': next_url}, code
def claim_user_registered(**kwargs):
"""View that prompts user to enter their password in order to claim
contributorship on a project.
A user must be logged in.
"""
node = kwargs['node'] or kwargs['project']
current_user = get_current_user()
sign_out_url = web_url_for('auth_login', logout=True, next=request.path)
if not current_user:
response = redirect(sign_out_url)
return response
# Logged in user should not be a contributor the project
if node.is_contributor(current_user):
data = {'message_short': 'Already a contributor',
'message_long': 'The logged-in user is already a contributor to '
'this project. Would you like to <a href="/logout/">log out</a>?'}
raise HTTPError(http.BAD_REQUEST, data=data)
uid, pid, token = kwargs['uid'], kwargs['pid'], kwargs['token']
unreg_user = User.load(uid)
if not verify_claim_token(unreg_user, token, pid=node._primary_key):
raise HTTPError(http.BAD_REQUEST)
# Store the unreg_user data on the session in case the user registers
# a new account
session.data['unreg_user'] = {
'uid': uid, 'pid': pid, 'token': token
}
form = PasswordForm(request.form)
if request.method == 'POST':
if form.validate():
if current_user.check_password(form.password.data):
node.replace_contributor(old=unreg_user, new=current_user)
node.save()
status.push_status_message(
'Success. You are now a contributor to this project.',
'success')
return redirect(node.url)
else:
status.push_status_message(language.LOGIN_FAILED, 'warning')
else:
forms.push_errors_to_status(form.errors)
if is_json_request():
form_ret = forms.utils.jsonify(form)
user_ret = utils.serialize_user(current_user, full=False)
else:
form_ret = form
user_ret = current_user
return {
'form': form_ret,
'user': user_ret,
'signOutUrl': sign_out_url
}
def menbib_oauth_start(**kwargs):
user = get_current_user()
nid = kwargs.get('pid') or kwargs.get('nid')
if nid:
session.data['menbib_auth_nid'] = nid
if not user:
raise HTTPError(http.FORBIDDEN)
if user.has_addon('menbib') and user.get_addon('menbib').has_auth:
flash('You have already authorized Mendeley for this account', 'warning')
return redirect(web_url_for('user_addons'))
return redirect(get_auth_flow())
def claim_user_registered(**kwargs):
"""View that prompts user to enter their password in order to claim
contributorship on a project.
A user must be logged in.
"""
node = kwargs['node'] or kwargs['project']
current_user = get_current_user()
sign_out_url = web_url_for('auth_login', logout=True, next=request.path)
if not current_user:
response = redirect(sign_out_url)
return response
# Logged in user should not be a contributor the project
if node.is_contributor(current_user):
data = {
'message_short':
'Already a contributor',
'message_long':
'The logged-in user is already a contributor to '
'this project. Would you like to <a href="/logout/">log out</a>?'
}
raise HTTPError(http.BAD_REQUEST, data=data)
uid, pid, token = kwargs['uid'], kwargs['pid'], kwargs['token']
unreg_user = User.load(uid)
if not verify_claim_token(unreg_user, token, pid=node._primary_key):
raise HTTPError(http.BAD_REQUEST)
# Store the unreg_user data on the session in case the user registers
# a new account
session.data['unreg_user'] = {'uid': uid, 'pid': pid, 'token': token}
form = PasswordForm(request.form)
if request.method == 'POST':
if form.validate():
if current_user.check_password(form.password.data):
node.replace_contributor(old=unreg_user, new=current_user)
node.save()
status.push_status_message(
'Success. You are now a contributor to this project.',
'success')
return redirect(node.url)
else:
status.push_status_message(language.LOGIN_FAILED, 'warning')
else:
forms.push_errors_to_status(form.errors)
if is_json_request():
form_ret = forms.utils.jsonify(form)
user_ret = utils.serialize_user(current_user, full=False)
else:
form_ret = form
user_ret = current_user
return {'form': form_ret, 'user': user_ret, 'signOutUrl': sign_out_url}
def claim_user_form(**kwargs):
"""View for rendering the set password page for a claimed user.
Must have ``token`` as a querystring argument.
Renders the set password form, validates it, and sets the user's password.
"""
uid, pid = kwargs['uid'], kwargs['pid']
token = request.form.get('token') or request.args.get('token')
# If user is logged in, redirect to 're-enter password' page
if get_current_user():
return redirect(
web_url_for('claim_user_registered', uid=uid, pid=pid,
token=token))
user = User.load(uid) # The unregistered user
# user ID is invalid. Unregistered user is not in database
if not user:
raise HTTPError(http.BAD_REQUEST)
# If claim token not valid, redirect to registration page
if not verify_claim_token(user, token, pid):
return redirect('/account/')
unclaimed_record = user.unclaimed_records[pid]
user.fullname = unclaimed_record['name']
user.update_guessed_names()
email = unclaimed_record['email']
form = SetEmailAndPasswordForm(request.form, token=token)
if request.method == 'POST':
if form.validate():
username, password = form.username.data, form.password.data
user.register(username=username, password=password)
# Clear unclaimed records
user.unclaimed_records = {}
user.save()
# Authenticate user and redirect to project page
response = redirect('/settings/')
node = Node.load(pid)
status.push_status_message(
language.CLAIMED_CONTRIBUTOR.format(node=node), 'success')
return authenticate(user, response)
else:
forms.push_errors_to_status(form.errors)
return {
'firstname': user.given_name,
'email': email if email else '',
'fullname': user.fullname,
'form': forms.utils.jsonify(form) if is_json_request() else form,
}
def get_log(log_id):
log = NodeLog.load(log_id)
node_to_use = log.node
auth = Auth(
user=get_current_user(),
api_key=get_api_key(),
api_node=get_current_node(),
)
if not node_to_use.can_view(auth):
raise HTTPError(http.FORBIDDEN)
return {'log': serialize_log(log)}
def get_log(log_id):
log = NodeLog.load(log_id)
node_to_use = log.node
auth = Auth(
user=get_current_user(),
api_key=get_api_key(),
api_node=get_current_node(),
)
if not node_to_use.can_view(auth):
raise HTTPError(http.FORBIDDEN)
return {'log': serialize_log(log)}
def claim_user_form(**kwargs):
"""View for rendering the set password page for a claimed user.
Must have ``token`` as a querystring argument.
Renders the set password form, validates it, and sets the user's password.
"""
uid, pid = kwargs['uid'], kwargs['pid']
token = request.form.get('token') or request.args.get('token')
# If user is logged in, redirect to 're-enter password' page
if get_current_user():
return redirect(web_url_for('claim_user_registered',
uid=uid, pid=pid, token=token))
user = User.load(uid) # The unregistered user
# user ID is invalid. Unregistered user is not in database
if not user:
raise HTTPError(http.BAD_REQUEST)
# If claim token not valid, redirect to registration page
if not verify_claim_token(user, token, pid):
return redirect('/account/')
unclaimed_record = user.unclaimed_records[pid]
user.fullname = unclaimed_record['name']
user.update_guessed_names()
email = unclaimed_record['email']
form = SetEmailAndPasswordForm(request.form, token=token)
if request.method == 'POST':
if form.validate():
username, password = form.username.data, form.password.data
user.register(username=username, password=password)
# Clear unclaimed records
user.unclaimed_records = {}
user.save()
# Authenticate user and redirect to project page
response = redirect('/settings/')
node = Node.load(pid)
status.push_status_message(language.CLAIMED_CONTRIBUTOR.format(node=node),
'success')
return authenticate(user, response)
else:
forms.push_errors_to_status(form.errors)
return {
'firstname': user.given_name,
'email': email if email else '',
'fullname': user.fullname,
'form': forms.utils.jsonify(form) if is_json_request() else form,
}
def merge_user_post(**kwargs):
'''View for merging an account. Takes either JSON or form data.
Request data should include a "merged_username" and "merged_password" properties
for the account to be merged in.
'''
master = get_current_user()
if request.json:
merged_username = request.json.get("merged_username")
merged_password = request.json.get("merged_password")
else:
form = MergeAccountForm(request.form)
if not form.validate():
forms.push_errors_to_status(form.errors)
return merge_user_get(**kwargs)
master_password = form.user_password.data
if not master.check_password(master_password):
status.push_status_message(
"Could not authenticate. Please check your username and password."
)
return merge_user_get(**kwargs)
merged_username = form.merged_username.data
merged_password = form.merged_password.data
try:
merged_user = User.find_one(Q("username", "eq", merged_username))
except NoResultsFound:
status.push_status_message(
"Could not find that user. Please check the username and password."
)
return merge_user_get(**kwargs)
if master and merged_user:
if merged_user.check_password(merged_password):
master.merge_user(merged_user)
master.save()
if request.form:
status.push_status_message(
"Successfully merged {0} with this account".format(
merged_username))
return redirect("/settings/")
return {"status": "success"}
else:
status.push_status_message(
"Could not find that user. Please check the username and password."
)
return merge_user_get(**kwargs)
else:
raise HTTPError(http.BAD_REQUEST)
def dropbox_oauth_start(**kwargs):
user = get_current_user()
# Store the node ID on the session in order to get the correct redirect URL
# upon finishing the flow
nid = kwargs.get('nid') or kwargs.get('pid')
if nid:
session.data['dropbox_auth_nid'] = nid
if not user:
raise HTTPError(http.FORBIDDEN)
# If user has already authorized dropbox, flash error message
if user.has_addon('dropbox') and user.get_addon('dropbox').has_auth:
flash('You have already authorized Dropbox for this account', 'warning')
return redirect(web_url_for('user_addons'))
# Force the user to reapprove the dropbox authorization each time. Currently the
# URI component force_reapprove is not configurable from the dropbox python client.
# Issue: https://github.com/dropbox/dropbox-js/issues/160
return redirect(get_auth_flow().start() + '&force_reapprove=true')
def auth_login(registration_form=None, forgot_password_form=None, **kwargs):
"""If GET request, show login page. If POST, attempt to log user in if
login form passsed; else send forgot password email.
"""
if get_current_user():
if not request.args.get('logout'):
return redirect('/dashboard/')
logout()
direct_call = registration_form or forgot_password_form
if request.method == 'POST' and not direct_call:
form = SignInForm(request.form)
if form.validate():
twofactor_code = None
if 'twofactor' in website.settings.ADDONS_REQUESTED:
twofactor_code = form.two_factor.data
try:
response = login(form.username.data, form.password.data,
twofactor_code)
return response
except auth.LoginNotAllowedError:
status.push_status_message(language.UNCONFIRMED, 'warning')
# Don't go anywhere
return {'next': ''}
except auth.PasswordIncorrectError:
status.push_status_message(language.LOGIN_FAILED)
except auth.TwoFactorValidationError:
status.push_status_message(language.TWO_FACTOR_FAILED)
forms.push_errors_to_status(form.errors)
if kwargs.get('first', False):
status.push_status_message('You may now log in')
# Get next URL from GET / POST data
next_url = request.args.get('next', request.form.get('next_url', ''))
status_message = request.args.get('status', '')
if status_message == 'expired':
status.push_status_message('The private link you used is expired.')
code = http.OK
if next_url:
status.push_status_message(language.MUST_LOGIN)
# Don't raise error if user is being logged out
if not request.args.get('logout'):
code = http.UNAUTHORIZED
return {'next': next_url}, code
def _rescale_ratio(nodes):
"""Get scaling denominator for log lists across a sequence of nodes.
:param nodes: Nodes
:return: Max number of logs
"""
if not nodes:
return 0
# TODO: Don't use get_current_user. It is deprecated.
user = get_current_user()
counts = [
len(node.logs) for node in nodes if node.can_view(Auth(user=user))
]
if counts:
return float(max(counts))
return 0.0
def wrapped(*args, **kwargs):
if model == 'node':
kwargs['project'], kwargs['node'] = _kwargs_to_nodes(kwargs)
owner = kwargs.get('node') or kwargs.get('project')
elif model == 'user':
owner = get_current_user()
if owner is None:
raise HTTPError(http.UNAUTHORIZED)
else:
raise HTTPError(http.BAD_REQUEST)
addon = owner.get_addon(addon_name)
if addon is None:
raise HTTPError(http.BAD_REQUEST)
kwargs['{0}_addon'.format(model)] = addon
return func(*args, **kwargs)
def wrapped(*args, **kwargs):
if model == 'node':
kwargs['project'], kwargs['node'] = _kwargs_to_nodes(kwargs)
owner = kwargs.get('node') or kwargs.get('project')
elif model == 'user':
owner = get_current_user()
if owner is None:
raise HTTPError(http.UNAUTHORIZED)
else:
raise HTTPError(http.BAD_REQUEST)
addon = owner.get_addon(addon_name)
if addon is None:
raise HTTPError(http.BAD_REQUEST)
kwargs['{0}_addon'.format(model)] = addon
return func(*args, **kwargs)
def set_dataverse_and_study(node_addon, auth, **kwargs):
user_settings = node_addon.user_settings
user = get_current_user()
if user_settings and user_settings.owner != user:
raise HTTPError(http.FORBIDDEN)
try:
assert_clean(request.json)
except AssertionError:
# TODO: Test me!
raise HTTPError(http.NOT_ACCEPTABLE)
alias = request.json.get('dataverse').get('alias')
hdl = request.json.get('study').get('hdl')
if hdl is None:
return HTTPError(http.BAD_REQUEST)
connection = connect_from_settings(user_settings)
dataverse = get_dataverse(connection, alias)
study = get_study(dataverse, hdl)
node_addon.dataverse_alias = dataverse.alias
node_addon.dataverse = dataverse.title
node_addon.study_hdl = study.doi
node_addon.study = study.title
node = node_addon.owner
node.add_log(
action='dataverse_study_linked',
params={
'project': node.parent_id,
'node': node._primary_key,
'study': study.title,
},
auth=auth,
)
node_addon.save()
return {'dataverse': dataverse.title, 'study': study.title}, http.OK
def set_dataverse_and_study(node_addon, auth, **kwargs):
user_settings = node_addon.user_settings
user = get_current_user()
if user_settings and user_settings.owner != user:
raise HTTPError(http.FORBIDDEN)
try:
assert_clean(request.json)
except AssertionError:
# TODO: Test me!
raise HTTPError(http.NOT_ACCEPTABLE)
alias = request.json.get('dataverse').get('alias')
hdl = request.json.get('study').get('hdl')
if hdl is None:
return HTTPError(http.BAD_REQUEST)
connection = connect_from_settings(user_settings)
dataverse = get_dataverse(connection, alias)
study = get_study(dataverse, hdl)
node_addon.dataverse_alias = dataverse.alias
node_addon.dataverse = dataverse.title
node_addon.study_hdl = study.doi
node_addon.study = study.title
node = node_addon.owner
node.add_log(
action='dataverse_study_linked',
params={
'project': node.parent_id,
'node': node._primary_key,
'study': study.title,
},
auth=auth,
)
node_addon.save()
return {'dataverse': dataverse.title, 'study': study.title}, http.OK
def figshare_oauth_callback(**kwargs):
user = get_current_user()
nid = kwargs.get('nid') or kwargs.get('pid')
node = models.Node.load(nid) if nid else None
# Fail if node provided and user not contributor
if node and not node.is_contributor(user):
raise HTTPError(http.FORBIDDEN)
if user is None:
raise HTTPError(http.NOT_FOUND)
if kwargs.get('nid') and not node:
raise HTTPError(http.NOT_FOUND)
figshare_user = user.get_addon('figshare')
verifier = request.args.get('oauth_verifier')
access_token, access_token_secret = oauth_get_token(
figshare_user.oauth_request_token,
figshare_user.oauth_request_token_secret,
verifier
)
if not access_token or not access_token_secret:
return redirect('/settings/')
figshare_user.oauth_request_token = None
figshare_user.oauth_request_token_secret = None
figshare_user.oauth_access_token = access_token
figshare_user.oauth_access_token_secret = access_token_secret
figshare_user.save()
if node:
figshare_node = node.get_addon('figshare')
figshare_node.user_settings = figshare_user
figshare_node.save()
if node:
return redirect(os.path.join(node.url, 'settings'))
return redirect(web_url_for('user_addons'))
def figshare_oauth_callback(**kwargs):
user = get_current_user()
nid = kwargs.get('nid') or kwargs.get('pid')
node = models.Node.load(nid) if nid else None
# Fail if node provided and user not contributor
if node and not node.is_contributor(user):
raise HTTPError(http.FORBIDDEN)
if user is None:
raise HTTPError(http.NOT_FOUND)
if kwargs.get('nid') and not node:
raise HTTPError(http.NOT_FOUND)
figshare_user = user.get_addon('figshare')
verifier = request.args.get('oauth_verifier')
access_token, access_token_secret = oauth_get_token(
figshare_user.oauth_request_token,
figshare_user.oauth_request_token_secret, verifier)
if not access_token or not access_token_secret:
return redirect('/settings/')
figshare_user.oauth_request_token = None
figshare_user.oauth_request_token_secret = None
figshare_user.oauth_access_token = access_token
figshare_user.oauth_access_token_secret = access_token_secret
figshare_user.save()
if node:
figshare_node = node.get_addon('figshare')
figshare_node.user_settings = figshare_user
figshare_node.save()
if node:
return redirect(os.path.join(node.url, 'settings'))
return redirect(web_url_for('user_addons'))
def wrapped(*args, **kwargs):
node_addon = kwargs.get('node_addon')
if not node_addon:
kwargs['project'], kwargs['node'] = _kwargs_to_nodes(kwargs)
node = kwargs.get('node') or kwargs.get('project')
node_addon = node.get_addon(addon_name)
if not node_addon:
raise HTTPError(http.BAD_REQUEST)
if not node_addon.user_settings:
raise HTTPError(http.BAD_REQUEST)
user = kwargs.get('user') or get_current_user()
if node_addon.user_settings.owner != user:
raise HTTPError(http.FORBIDDEN)
return func(*args, **kwargs)
def wrapped(*args, **kwargs):
node_addon = kwargs.get('node_addon')
if not node_addon:
kwargs['project'], kwargs['node'] = _kwargs_to_nodes(kwargs)
node = kwargs.get('node') or kwargs.get('project')
node_addon = node.get_addon(addon_name)
if not node_addon:
raise HTTPError(http.BAD_REQUEST)
if not node_addon.user_settings:
raise HTTPError(http.BAD_REQUEST)
user = kwargs.get('user') or get_current_user()
if node_addon.user_settings.owner != user:
raise HTTPError(http.FORBIDDEN)
return func(*args, **kwargs)
def merge_user_post(**kwargs):
'''View for merging an account. Takes either JSON or form data.
Request data should include a "merged_username" and "merged_password" properties
for the account to be merged in.
'''
master = get_current_user()
if request.json:
merged_username = request.json.get("merged_username")
merged_password = request.json.get("merged_password")
else:
form = MergeAccountForm(request.form)
if not form.validate():
forms.push_errors_to_status(form.errors)
return merge_user_get(**kwargs)
master_password = form.user_password.data
if not master.check_password(master_password):
status.push_status_message("Could not authenticate. Please check your username and password.")
return merge_user_get(**kwargs)
merged_username = form.merged_username.data
merged_password = form.merged_password.data
try:
merged_user = User.find_one(Q("username", "eq", merged_username))
except NoResultsFound:
status.push_status_message("Could not find that user. Please check the username and password.")
return merge_user_get(**kwargs)
if master and merged_user:
if merged_user.check_password(merged_password):
master.merge_user(merged_user)
master.save()
if request.form:
status.push_status_message("Successfully merged {0} with this account".format(merged_username))
return redirect("/settings/")
return {"status": "success"}
else:
status.push_status_message("Could not find that user. Please check the username and password.")
return merge_user_get(**kwargs)
else:
raise HTTPError(http.BAD_REQUEST)
def dropbox_config_get(node_addon, **kwargs):
"""API that returns the serialized node settings."""
user = get_current_user()
return {
'result': serialize_settings(node_addon, user),
}, http.OK
# -*- coding: utf-8 -*-
from framework import request
from framework.auth import get_current_user
from website.project.decorators import (must_be_valid_project,
must_have_addon, must_have_permission, must_not_be_registration
)
# TODO
@must_be_valid_project
@must_have_addon('{{cookiecutter.short_name}}', 'node')
def {{cookiecutter.short_name}}_config_get(node_addon, **kwargs):
"""API that returns the serialized node settings."""
user = get_current_user()
return {
'result': 'TODO',
}, http.OK
@must_have_permission('write')
@must_not_be_registration
@must_have_addon('{{cookiecutter.short_name}}', 'node')
def {{cookiecutter.short_name}}_config_put(node_addon, auth, **kwargs):
"""View for changing a node's linked {{cookiecutter.short_name}} folder."""
folder = request.json.get('selected')
path = folder['path']
node_addon.set_folder(path, auth=auth)
node_addon.save()
return {
'result': {
'folder': {
'name': 'Dropbox' + path,
def menbib_config_get(node_addon, **kwargs):
"""API that returns the serialized node settings."""
user = get_current_user()
return {
'result': serialize_settings(node_addon, user),
}, http.OK
