def get_recently_added_contributors(auth, **kwargs): node = kwargs['node'] or kwargs['project'] max_results = request.args.get('max') if max_results: try: max_results = int(max_results) except (TypeError, ValueError): raise HTTPError(http.BAD_REQUEST) if not max_results: max_results = len(auth.user.recently_added) # only include active contributors active_contribs = itertools.ifilter( lambda c: c.is_active() and c._id not in node.contributors, auth.user.recently_added) # Limit to max_results limited_contribs = itertools.islice(active_contribs, max_results) contribs = [ utils.add_contributor_json(contrib, get_current_user()) for contrib in limited_contribs ] return {'contributors': contribs}
def get_most_in_common_contributors(auth, **kwargs): node = kwargs['node'] or kwargs['project'] node_contrib_ids = set(node.contributors._to_primary_keys()) try: n_contribs = int(request.args.get('max', None)) except (TypeError, ValueError): n_contribs = settings.MAX_MOST_IN_COMMON_LENGTH contrib_counts = Counter( contrib_id for node in auth.user.node__contributed for contrib_id in node.contributors._to_primary_keys() if contrib_id not in node_contrib_ids) active_contribs = itertools.ifilter(lambda c: User.load(c[0]).is_active(), contrib_counts.most_common()) limited = itertools.islice(active_contribs, n_contribs) contrib_objs = [(User.load(_id), count) for _id, count in limited] contribs = [ utils.add_contributor_json(most_contrib, get_current_user()) for most_contrib, count in sorted(contrib_objs, key=lambda t: (-t[1], t[0].fullname)) ] return {'contributors': contribs}
def figshare_oauth_start(**kwargs): user = get_current_user() nid = kwargs.get('nid') or kwargs.get('pid') node = models.Node.load(nid) if nid else None if node and not node.is_contributor(user): raise HTTPError(http.FORBIDDEN) user.add_addon('figshare') figshare_user = user.get_addon('figshare') if node: figshare_node = node.get_addon('figshare') figshare_node.user_settings = figshare_user figshare_node.save() request_token, request_token_secret, authorization_url = oauth_start_url(user, node) figshare_user.oauth_request_token = request_token figshare_user.oauth_request_token_secret = request_token_secret figshare_user.save() return redirect(authorization_url)
def github_oauth_start(**kwargs): user = get_current_user() nid = kwargs.get('nid') or kwargs.get('pid') node = models.Node.load(nid) if nid else None # Fail if node provided and user not contributor if node and not node.is_contributor(user): raise HTTPError(http.FORBIDDEN) user.add_addon('github') user_settings = user.get_addon('github') if node: github_node = node.get_addon('github') github_node.user_settings = user_settings github_node.save() authorization_url, state = oauth_start_url(user, node) user_settings.oauth_state = state user_settings.save() return redirect(authorization_url)
def article_to_hgrid(node, article, expand=False, folders_only=False): if node.is_public: user = get_current_user() if not node.is_contributor(user): if article.get('status') in ['Drafts', None]: return None if article['defined_type'] == 'fileset' or not article['files']: if folders_only: return None if expand: return [file_to_hgrid(node, article, item) for item in article['files']] return { 'name': '{0}:{1}'.format(article['title'] or 'Unnamed', article['article_id']), # Is often blank? 'kind': 'folder' if article['files'] else 'folder', # TODO Change me 'urls': { 'upload': '{base}figshare/{aid}/'.format(base=node.api_url, aid=article['article_id']), 'delete': '' if article['status'] == 'public' else node.api_url + 'figshare/' + str(article['article_id']) + '/file/{id}/delete/', 'download': '', # TODO: This endpoint isn't defined 'fetch': '{base}figshare/hgrid/article/{aid}/'.format(base=node.api_url, aid=article['article_id']), 'view': '' }, 'permissions': { 'edit': article['status'] != 'Public', # This needs to be something else 'view': True, 'download': article['status'] == 'Public' } } else: if folders_only: return None return file_to_hgrid(node, article, article['files'][0])
def get_most_in_common_contributors(auth, **kwargs): node = kwargs['node'] or kwargs['project'] node_contrib_ids = set(node.contributors._to_primary_keys()) try: n_contribs = int(request.args.get('max', None)) except (TypeError, ValueError): n_contribs = settings.MAX_MOST_IN_COMMON_LENGTH contrib_counts = Counter(contrib_id for node in auth.user.node__contributed for contrib_id in node.contributors._to_primary_keys() if contrib_id not in node_contrib_ids) active_contribs = itertools.ifilter( lambda c: User.load(c[0]).is_active(), contrib_counts.most_common() ) limited = itertools.islice(active_contribs, n_contribs) contrib_objs = [(User.load(_id), count) for _id, count in limited] contribs = [ utils.add_contributor_json(most_contrib, get_current_user()) for most_contrib, count in sorted(contrib_objs, key=lambda t: (-t[1], t[0].fullname)) ] return {'contributors': contribs}
def menbib_oauth_finish(**kwargs): user = get_current_user() if not user: raise HTTPError(http.FORBIDDEN) node = Node.load(session.data.get('menbib_auth_nid')) result = finish_auth() user.add_addon('menbib') user.save() user_settings = user.get_addon('menbib') user_settings.owner = user user_settings.access_token = result.access_token user_settings.refresh_token = result.refresh_token user_settings.token_type = result.token_type user_settings.expires_in = result.expires_in user_settings.save() flash('Successfully authorized Mendeley', 'success') if node: del session.data['menbib_auth_nid'] if node.has_addon('menbib'): node_addon = node.get_addon('menbib') node_addon.set_user_auth(user_settings) node_addon.save() return redirect(node.web_url_for('node_setting')) return redirect(web_url_for('user_addons'))
def get_recently_added_contributors(auth, **kwargs): node = kwargs['node'] or kwargs['project'] max_results = request.args.get('max') if max_results: try: max_results = int(max_results) except (TypeError, ValueError): raise HTTPError(http.BAD_REQUEST) if not max_results: max_results = len(auth.user.recently_added) # only include active contributors active_contribs = itertools.ifilter( lambda c: c.is_active() and c._id not in node.contributors, auth.user.recently_added ) # Limit to max_results limited_contribs = itertools.islice(active_contribs, max_results) contribs = [ utils.add_contributor_json(contrib, get_current_user()) for contrib in limited_contribs ] return {'contributors': contribs}
def _profile_view(uid=None): # TODO: Fix circular import from website.addons.badges.util import get_sorted_user_badges user = get_current_user() profile = User.load(uid) if uid else user if not (uid or user): return redirect('/login/?next={0}'.format(request.path)) if 'badges' in settings.ADDONS_REQUESTED: badge_assertions = get_sorted_user_badges(profile), badges = _get_user_created_badges(profile) else: # NOTE: While badges, are unused, 'assertions' and 'badges' can be # empty lists. badge_assertions = [] badges = [] if profile: profile_user_data = profile_utils.serialize_user(profile, full=True) return { 'profile': profile_user_data, 'assertions': badge_assertions, 'badges': badges, 'user': { 'is_profile': user == profile, 'can_edit': None, # necessary for rendering nodes 'permissions': [], # necessary for rendering nodes }, } raise HTTPError(http.NOT_FOUND)
def mendeley_oauth_start(*args, **kwargs): user = get_current_user() nid = kwargs.get('nid') or kwargs.get('pid') node = models.Node.load(nid) if nid else None # Fail if node provided and user not contributor if node and not node.is_contributor(user): raise HTTPError(http.FORBIDDEN) user.add_addon('mendeley') mendeley_user = user.get_addon('mendeley') if node: mendeley_node = node.get_addon('mendeley') mendeley_node.user_settings = mendeley_user # Add webhook if mendeley_node.user and mendeley_node.repo: mendeley_node.add_hook() mendeley_node.save() authorization_url, state = oauth_start_url(user, node) mendeley_user.oauth_state = state mendeley_user.save() return redirect(authorization_url)
def figshare_oauth_start(**kwargs): user = get_current_user() nid = kwargs.get('nid') or kwargs.get('pid') node = models.Node.load(nid) if nid else None if node and not node.is_contributor(user): raise HTTPError(http.FORBIDDEN) user.add_addon('figshare') figshare_user = user.get_addon('figshare') if node: figshare_node = node.get_addon('figshare') figshare_node.user_settings = figshare_user figshare_node.save() request_token, request_token_secret, authorization_url = oauth_start_url( user, node) figshare_user.oauth_request_token = request_token figshare_user.oauth_request_token_secret = request_token_secret figshare_user.save() return redirect(authorization_url)
def bitbucket_oauth_start(*args, **kwargs): user = get_current_user() nid = kwargs.get('nid') or kwargs.get('pid') node = models.Node.load(nid) if nid else None if node and not node.is_contributor(user): raise HTTPError(http.FORBIDDEN) user.add_addon('bitbucket') bitbucket_user = user.get_addon('bitbucket') if node: bitbucket_node = node.get_addon('bitbucket') bitbucket_node.user_settings = bitbucket_user bitbucket_node.save() request_token, request_token_secret, authorization_url = \ oauth_start_url(user, node) bitbucket_user.oauth_request_token = request_token bitbucket_user.oauth_request_token_secret = request_token_secret bitbucket_user.save() return redirect(authorization_url)
def dropbox_oauth_finish(**kwargs): """View called when the Oauth flow is completed. Adds a new DropboxUserSettings record to the user and saves the user's access token and account info. """ user = get_current_user() if not user: raise HTTPError(http.FORBIDDEN) node = Node.load(session.data.get('dropbox_auth_nid')) result = finish_auth() # If result is a redirect response, follow the redirect if isinstance(result, BaseResponse): return result # Make sure user has dropbox enabled user.add_addon('dropbox') user.save() user_settings = user.get_addon('dropbox') user_settings.owner = user user_settings.access_token = result.access_token user_settings.dropbox_id = result.dropbox_id client = get_client_from_user_settings(user_settings) user_settings.dropbox_info = client.account_info() user_settings.save() flash('Successfully authorized Dropbox', 'success') if node: del session.data['dropbox_auth_nid'] # Automatically use newly-created auth if node.has_addon('dropbox'): node_addon = node.get_addon('dropbox') node_addon.set_user_auth(user_settings) node_addon.save() return redirect(node.web_url_for('node_setting')) return redirect(web_url_for('user_addons'))
def auth_login(registration_form=None, forgot_password_form=None, **kwargs): """If GET request, show login page. If POST, attempt to log user in if login form passsed; else send forgot password email. """ if get_current_user(): if not request.args.get('logout'): return redirect('/dashboard/') logout() direct_call = registration_form or forgot_password_form if request.method == 'POST' and not direct_call: form = SignInForm(request.form) if form.validate(): twofactor_code = None if 'twofactor' in website.settings.ADDONS_REQUESTED: twofactor_code = form.two_factor.data try: response = login( form.username.data, form.password.data, twofactor_code ) return response except auth.LoginNotAllowedError: status.push_status_message(language.UNCONFIRMED, 'warning') # Don't go anywhere return {'next': ''} except auth.PasswordIncorrectError: status.push_status_message(language.LOGIN_FAILED) except auth.TwoFactorValidationError: status.push_status_message(language.TWO_FACTOR_FAILED) forms.push_errors_to_status(form.errors) if kwargs.get('first', False): status.push_status_message('You may now log in') # Get next URL from GET / POST data next_url = request.args.get( 'next', request.form.get( 'next_url', '' ) ) status_message = request.args.get('status', '') if status_message == 'expired': status.push_status_message('The private link you used is expired.') code = http.OK if next_url: status.push_status_message(language.MUST_LOGIN) # Don't raise error if user is being logged out if not request.args.get('logout'): code = http.UNAUTHORIZED return {'next': next_url}, code
def claim_user_registered(**kwargs): """View that prompts user to enter their password in order to claim contributorship on a project. A user must be logged in. """ node = kwargs['node'] or kwargs['project'] current_user = get_current_user() sign_out_url = web_url_for('auth_login', logout=True, next=request.path) if not current_user: response = redirect(sign_out_url) return response # Logged in user should not be a contributor the project if node.is_contributor(current_user): data = {'message_short': 'Already a contributor', 'message_long': 'The logged-in user is already a contributor to ' 'this project. Would you like to <a href="/logout/">log out</a>?'} raise HTTPError(http.BAD_REQUEST, data=data) uid, pid, token = kwargs['uid'], kwargs['pid'], kwargs['token'] unreg_user = User.load(uid) if not verify_claim_token(unreg_user, token, pid=node._primary_key): raise HTTPError(http.BAD_REQUEST) # Store the unreg_user data on the session in case the user registers # a new account session.data['unreg_user'] = { 'uid': uid, 'pid': pid, 'token': token } form = PasswordForm(request.form) if request.method == 'POST': if form.validate(): if current_user.check_password(form.password.data): node.replace_contributor(old=unreg_user, new=current_user) node.save() status.push_status_message( 'Success. You are now a contributor to this project.', 'success') return redirect(node.url) else: status.push_status_message(language.LOGIN_FAILED, 'warning') else: forms.push_errors_to_status(form.errors) if is_json_request(): form_ret = forms.utils.jsonify(form) user_ret = utils.serialize_user(current_user, full=False) else: form_ret = form user_ret = current_user return { 'form': form_ret, 'user': user_ret, 'signOutUrl': sign_out_url }
def menbib_oauth_start(**kwargs): user = get_current_user() nid = kwargs.get('pid') or kwargs.get('nid') if nid: session.data['menbib_auth_nid'] = nid if not user: raise HTTPError(http.FORBIDDEN) if user.has_addon('menbib') and user.get_addon('menbib').has_auth: flash('You have already authorized Mendeley for this account', 'warning') return redirect(web_url_for('user_addons')) return redirect(get_auth_flow())
def claim_user_registered(**kwargs): """View that prompts user to enter their password in order to claim contributorship on a project. A user must be logged in. """ node = kwargs['node'] or kwargs['project'] current_user = get_current_user() sign_out_url = web_url_for('auth_login', logout=True, next=request.path) if not current_user: response = redirect(sign_out_url) return response # Logged in user should not be a contributor the project if node.is_contributor(current_user): data = { 'message_short': 'Already a contributor', 'message_long': 'The logged-in user is already a contributor to ' 'this project. Would you like to <a href="/logout/">log out</a>?' } raise HTTPError(http.BAD_REQUEST, data=data) uid, pid, token = kwargs['uid'], kwargs['pid'], kwargs['token'] unreg_user = User.load(uid) if not verify_claim_token(unreg_user, token, pid=node._primary_key): raise HTTPError(http.BAD_REQUEST) # Store the unreg_user data on the session in case the user registers # a new account session.data['unreg_user'] = {'uid': uid, 'pid': pid, 'token': token} form = PasswordForm(request.form) if request.method == 'POST': if form.validate(): if current_user.check_password(form.password.data): node.replace_contributor(old=unreg_user, new=current_user) node.save() status.push_status_message( 'Success. You are now a contributor to this project.', 'success') return redirect(node.url) else: status.push_status_message(language.LOGIN_FAILED, 'warning') else: forms.push_errors_to_status(form.errors) if is_json_request(): form_ret = forms.utils.jsonify(form) user_ret = utils.serialize_user(current_user, full=False) else: form_ret = form user_ret = current_user return {'form': form_ret, 'user': user_ret, 'signOutUrl': sign_out_url}
def claim_user_form(**kwargs): """View for rendering the set password page for a claimed user. Must have ``token`` as a querystring argument. Renders the set password form, validates it, and sets the user's password. """ uid, pid = kwargs['uid'], kwargs['pid'] token = request.form.get('token') or request.args.get('token') # If user is logged in, redirect to 're-enter password' page if get_current_user(): return redirect( web_url_for('claim_user_registered', uid=uid, pid=pid, token=token)) user = User.load(uid) # The unregistered user # user ID is invalid. Unregistered user is not in database if not user: raise HTTPError(http.BAD_REQUEST) # If claim token not valid, redirect to registration page if not verify_claim_token(user, token, pid): return redirect('/account/') unclaimed_record = user.unclaimed_records[pid] user.fullname = unclaimed_record['name'] user.update_guessed_names() email = unclaimed_record['email'] form = SetEmailAndPasswordForm(request.form, token=token) if request.method == 'POST': if form.validate(): username, password = form.username.data, form.password.data user.register(username=username, password=password) # Clear unclaimed records user.unclaimed_records = {} user.save() # Authenticate user and redirect to project page response = redirect('/settings/') node = Node.load(pid) status.push_status_message( language.CLAIMED_CONTRIBUTOR.format(node=node), 'success') return authenticate(user, response) else: forms.push_errors_to_status(form.errors) return { 'firstname': user.given_name, 'email': email if email else '', 'fullname': user.fullname, 'form': forms.utils.jsonify(form) if is_json_request() else form, }
def get_log(log_id): log = NodeLog.load(log_id) node_to_use = log.node auth = Auth( user=get_current_user(), api_key=get_api_key(), api_node=get_current_node(), ) if not node_to_use.can_view(auth): raise HTTPError(http.FORBIDDEN) return {'log': serialize_log(log)}
def claim_user_form(**kwargs): """View for rendering the set password page for a claimed user. Must have ``token`` as a querystring argument. Renders the set password form, validates it, and sets the user's password. """ uid, pid = kwargs['uid'], kwargs['pid'] token = request.form.get('token') or request.args.get('token') # If user is logged in, redirect to 're-enter password' page if get_current_user(): return redirect(web_url_for('claim_user_registered', uid=uid, pid=pid, token=token)) user = User.load(uid) # The unregistered user # user ID is invalid. Unregistered user is not in database if not user: raise HTTPError(http.BAD_REQUEST) # If claim token not valid, redirect to registration page if not verify_claim_token(user, token, pid): return redirect('/account/') unclaimed_record = user.unclaimed_records[pid] user.fullname = unclaimed_record['name'] user.update_guessed_names() email = unclaimed_record['email'] form = SetEmailAndPasswordForm(request.form, token=token) if request.method == 'POST': if form.validate(): username, password = form.username.data, form.password.data user.register(username=username, password=password) # Clear unclaimed records user.unclaimed_records = {} user.save() # Authenticate user and redirect to project page response = redirect('/settings/') node = Node.load(pid) status.push_status_message(language.CLAIMED_CONTRIBUTOR.format(node=node), 'success') return authenticate(user, response) else: forms.push_errors_to_status(form.errors) return { 'firstname': user.given_name, 'email': email if email else '', 'fullname': user.fullname, 'form': forms.utils.jsonify(form) if is_json_request() else form, }
def merge_user_post(**kwargs): '''View for merging an account. Takes either JSON or form data. Request data should include a "merged_username" and "merged_password" properties for the account to be merged in. ''' master = get_current_user() if request.json: merged_username = request.json.get("merged_username") merged_password = request.json.get("merged_password") else: form = MergeAccountForm(request.form) if not form.validate(): forms.push_errors_to_status(form.errors) return merge_user_get(**kwargs) master_password = form.user_password.data if not master.check_password(master_password): status.push_status_message( "Could not authenticate. Please check your username and password." ) return merge_user_get(**kwargs) merged_username = form.merged_username.data merged_password = form.merged_password.data try: merged_user = User.find_one(Q("username", "eq", merged_username)) except NoResultsFound: status.push_status_message( "Could not find that user. Please check the username and password." ) return merge_user_get(**kwargs) if master and merged_user: if merged_user.check_password(merged_password): master.merge_user(merged_user) master.save() if request.form: status.push_status_message( "Successfully merged {0} with this account".format( merged_username)) return redirect("/settings/") return {"status": "success"} else: status.push_status_message( "Could not find that user. Please check the username and password." ) return merge_user_get(**kwargs) else: raise HTTPError(http.BAD_REQUEST)
def dropbox_oauth_start(**kwargs): user = get_current_user() # Store the node ID on the session in order to get the correct redirect URL # upon finishing the flow nid = kwargs.get('nid') or kwargs.get('pid') if nid: session.data['dropbox_auth_nid'] = nid if not user: raise HTTPError(http.FORBIDDEN) # If user has already authorized dropbox, flash error message if user.has_addon('dropbox') and user.get_addon('dropbox').has_auth: flash('You have already authorized Dropbox for this account', 'warning') return redirect(web_url_for('user_addons')) # Force the user to reapprove the dropbox authorization each time. Currently the # URI component force_reapprove is not configurable from the dropbox python client. # Issue: https://github.com/dropbox/dropbox-js/issues/160 return redirect(get_auth_flow().start() + '&force_reapprove=true')
def auth_login(registration_form=None, forgot_password_form=None, **kwargs): """If GET request, show login page. If POST, attempt to log user in if login form passsed; else send forgot password email. """ if get_current_user(): if not request.args.get('logout'): return redirect('/dashboard/') logout() direct_call = registration_form or forgot_password_form if request.method == 'POST' and not direct_call: form = SignInForm(request.form) if form.validate(): twofactor_code = None if 'twofactor' in website.settings.ADDONS_REQUESTED: twofactor_code = form.two_factor.data try: response = login(form.username.data, form.password.data, twofactor_code) return response except auth.LoginNotAllowedError: status.push_status_message(language.UNCONFIRMED, 'warning') # Don't go anywhere return {'next': ''} except auth.PasswordIncorrectError: status.push_status_message(language.LOGIN_FAILED) except auth.TwoFactorValidationError: status.push_status_message(language.TWO_FACTOR_FAILED) forms.push_errors_to_status(form.errors) if kwargs.get('first', False): status.push_status_message('You may now log in') # Get next URL from GET / POST data next_url = request.args.get('next', request.form.get('next_url', '')) status_message = request.args.get('status', '') if status_message == 'expired': status.push_status_message('The private link you used is expired.') code = http.OK if next_url: status.push_status_message(language.MUST_LOGIN) # Don't raise error if user is being logged out if not request.args.get('logout'): code = http.UNAUTHORIZED return {'next': next_url}, code
def _rescale_ratio(nodes): """Get scaling denominator for log lists across a sequence of nodes. :param nodes: Nodes :return: Max number of logs """ if not nodes: return 0 # TODO: Don't use get_current_user. It is deprecated. user = get_current_user() counts = [ len(node.logs) for node in nodes if node.can_view(Auth(user=user)) ] if counts: return float(max(counts)) return 0.0
def wrapped(*args, **kwargs): if model == 'node': kwargs['project'], kwargs['node'] = _kwargs_to_nodes(kwargs) owner = kwargs.get('node') or kwargs.get('project') elif model == 'user': owner = get_current_user() if owner is None: raise HTTPError(http.UNAUTHORIZED) else: raise HTTPError(http.BAD_REQUEST) addon = owner.get_addon(addon_name) if addon is None: raise HTTPError(http.BAD_REQUEST) kwargs['{0}_addon'.format(model)] = addon return func(*args, **kwargs)
def set_dataverse_and_study(node_addon, auth, **kwargs): user_settings = node_addon.user_settings user = get_current_user() if user_settings and user_settings.owner != user: raise HTTPError(http.FORBIDDEN) try: assert_clean(request.json) except AssertionError: # TODO: Test me! raise HTTPError(http.NOT_ACCEPTABLE) alias = request.json.get('dataverse').get('alias') hdl = request.json.get('study').get('hdl') if hdl is None: return HTTPError(http.BAD_REQUEST) connection = connect_from_settings(user_settings) dataverse = get_dataverse(connection, alias) study = get_study(dataverse, hdl) node_addon.dataverse_alias = dataverse.alias node_addon.dataverse = dataverse.title node_addon.study_hdl = study.doi node_addon.study = study.title node = node_addon.owner node.add_log( action='dataverse_study_linked', params={ 'project': node.parent_id, 'node': node._primary_key, 'study': study.title, }, auth=auth, ) node_addon.save() return {'dataverse': dataverse.title, 'study': study.title}, http.OK
def figshare_oauth_callback(**kwargs): user = get_current_user() nid = kwargs.get('nid') or kwargs.get('pid') node = models.Node.load(nid) if nid else None # Fail if node provided and user not contributor if node and not node.is_contributor(user): raise HTTPError(http.FORBIDDEN) if user is None: raise HTTPError(http.NOT_FOUND) if kwargs.get('nid') and not node: raise HTTPError(http.NOT_FOUND) figshare_user = user.get_addon('figshare') verifier = request.args.get('oauth_verifier') access_token, access_token_secret = oauth_get_token( figshare_user.oauth_request_token, figshare_user.oauth_request_token_secret, verifier ) if not access_token or not access_token_secret: return redirect('/settings/') figshare_user.oauth_request_token = None figshare_user.oauth_request_token_secret = None figshare_user.oauth_access_token = access_token figshare_user.oauth_access_token_secret = access_token_secret figshare_user.save() if node: figshare_node = node.get_addon('figshare') figshare_node.user_settings = figshare_user figshare_node.save() if node: return redirect(os.path.join(node.url, 'settings')) return redirect(web_url_for('user_addons'))
def figshare_oauth_callback(**kwargs): user = get_current_user() nid = kwargs.get('nid') or kwargs.get('pid') node = models.Node.load(nid) if nid else None # Fail if node provided and user not contributor if node and not node.is_contributor(user): raise HTTPError(http.FORBIDDEN) if user is None: raise HTTPError(http.NOT_FOUND) if kwargs.get('nid') and not node: raise HTTPError(http.NOT_FOUND) figshare_user = user.get_addon('figshare') verifier = request.args.get('oauth_verifier') access_token, access_token_secret = oauth_get_token( figshare_user.oauth_request_token, figshare_user.oauth_request_token_secret, verifier) if not access_token or not access_token_secret: return redirect('/settings/') figshare_user.oauth_request_token = None figshare_user.oauth_request_token_secret = None figshare_user.oauth_access_token = access_token figshare_user.oauth_access_token_secret = access_token_secret figshare_user.save() if node: figshare_node = node.get_addon('figshare') figshare_node.user_settings = figshare_user figshare_node.save() if node: return redirect(os.path.join(node.url, 'settings')) return redirect(web_url_for('user_addons'))
def wrapped(*args, **kwargs): node_addon = kwargs.get('node_addon') if not node_addon: kwargs['project'], kwargs['node'] = _kwargs_to_nodes(kwargs) node = kwargs.get('node') or kwargs.get('project') node_addon = node.get_addon(addon_name) if not node_addon: raise HTTPError(http.BAD_REQUEST) if not node_addon.user_settings: raise HTTPError(http.BAD_REQUEST) user = kwargs.get('user') or get_current_user() if node_addon.user_settings.owner != user: raise HTTPError(http.FORBIDDEN) return func(*args, **kwargs)
def merge_user_post(**kwargs): '''View for merging an account. Takes either JSON or form data. Request data should include a "merged_username" and "merged_password" properties for the account to be merged in. ''' master = get_current_user() if request.json: merged_username = request.json.get("merged_username") merged_password = request.json.get("merged_password") else: form = MergeAccountForm(request.form) if not form.validate(): forms.push_errors_to_status(form.errors) return merge_user_get(**kwargs) master_password = form.user_password.data if not master.check_password(master_password): status.push_status_message("Could not authenticate. Please check your username and password.") return merge_user_get(**kwargs) merged_username = form.merged_username.data merged_password = form.merged_password.data try: merged_user = User.find_one(Q("username", "eq", merged_username)) except NoResultsFound: status.push_status_message("Could not find that user. Please check the username and password.") return merge_user_get(**kwargs) if master and merged_user: if merged_user.check_password(merged_password): master.merge_user(merged_user) master.save() if request.form: status.push_status_message("Successfully merged {0} with this account".format(merged_username)) return redirect("/settings/") return {"status": "success"} else: status.push_status_message("Could not find that user. Please check the username and password.") return merge_user_get(**kwargs) else: raise HTTPError(http.BAD_REQUEST)
def dropbox_config_get(node_addon, **kwargs): """API that returns the serialized node settings.""" user = get_current_user() return { 'result': serialize_settings(node_addon, user), }, http.OK
# -*- coding: utf-8 -*- from framework import request from framework.auth import get_current_user from website.project.decorators import (must_be_valid_project, must_have_addon, must_have_permission, must_not_be_registration ) # TODO @must_be_valid_project @must_have_addon('{{cookiecutter.short_name}}', 'node') def {{cookiecutter.short_name}}_config_get(node_addon, **kwargs): """API that returns the serialized node settings.""" user = get_current_user() return { 'result': 'TODO', }, http.OK @must_have_permission('write') @must_not_be_registration @must_have_addon('{{cookiecutter.short_name}}', 'node') def {{cookiecutter.short_name}}_config_put(node_addon, auth, **kwargs): """View for changing a node's linked {{cookiecutter.short_name}} folder.""" folder = request.json.get('selected') path = folder['path'] node_addon.set_folder(path, auth=auth) node_addon.save() return { 'result': { 'folder': { 'name': 'Dropbox' + path,
def menbib_config_get(node_addon, **kwargs): """API that returns the serialized node settings.""" user = get_current_user() return { 'result': serialize_settings(node_addon, user), }, http.OK