示例#1
0
文件: app.py 项目: aboganas/frappe 
def handle_exception(e):
	http_status_code = getattr(e, "http_status_code", 500)

	if (http_status_code==500
		and isinstance(e, MySQLdb.OperationalError)
		and e.args[0] in (1205, 1213)):
			# 1205 = lock wait timeout
			# 1213 = deadlock
			# code 409 represents conflict
			http_status_code = 508

	if frappe.local.is_ajax or 'application/json' in frappe.local.request.headers.get('Accept', ''):
		response = frappe.utils.response.report_error(http_status_code)
	else:
		traceback = "<pre>"+frappe.get_traceback()+"</pre>"
		if frappe.local.flags.disable_traceback:
			traceback = ""

		frappe.respond_as_web_page("Server Error",
			traceback,
			http_status_code=http_status_code)
		response = frappe.website.render.render("message", http_status_code=http_status_code)

	if e.__class__ == frappe.AuthenticationError:
		if hasattr(frappe.local, "login_manager"):
			frappe.local.login_manager.clear_cookies()

	if http_status_code >= 500:
		frappe.logger().error('Request Error', exc_info=True)
		make_error_snapshot(e)

	return response
示例#2
0
def get_express_checkout_details(token):
	try:
		doc = frappe.get_doc("PayPal Settings")
		doc.setup_sandbox_env(token)

		params, url = doc.get_paypal_params_and_url()
		params.update({
			"METHOD": "GetExpressCheckoutDetails",
			"TOKEN": token
		})

		response = make_post_request(url, data=params)

		if response.get("ACK")[0] != "Success":
			frappe.respond_as_web_page(_("Something went wrong"),
				_("Looks like something went wrong during the transaction. Since we haven't confirmed the payment, Paypal will automatically refund you this amount. If it doesn't, please send us an email and mention the Correlation ID: {0}.").format(response.get("CORRELATIONID", [None])[0]),
				indicator_color='red',
				http_status_code=frappe.ValidationError.http_status_code)

			return

		update_integration_request_status(token, {
				"payerid": response.get("PAYERID")[0],
				"payer_email": response.get("EMAIL")[0]
			}, "Authorized")

		frappe.local.response["type"] = "redirect"
		frappe.local.response["location"] = get_url( \
			"/api/method/frappe.integrations.doctype.paypal_settings.paypal_settings.confirm_payment?token={0}".format(token))

	except Exception:
		frappe.log_error(frappe.get_traceback())
示例#3
0
def get_express_checkout_details(token):
	params = get_paypal_params()
	params.update({
		"METHOD": "GetExpressCheckoutDetails",
		"TOKEN": token
	})

	response = get_api_response(params)

	if not response["success"]:
		paypal_log(response, params)
		frappe.db.commit()

		frappe.respond_as_web_page(_("Something went wrong"),
			_("Looks like something went wrong during the transaction. Since we haven't confirmed the payment, Paypal will automatically refund you this amount. If it doesn't, please send us an email and mention the Correlation ID: {0}.").format(response.get("CORRELATIONID", [None])[0]),
			success=False,
			http_status_code=frappe.ValidationError.http_status_code)

		return

	paypal_express_payment = frappe.get_doc("Paypal Express Payment", token)
	paypal_express_payment.payerid = response.get("PAYERID")[0]
	paypal_express_payment.payer_email = response.get("EMAIL")[0]
	paypal_express_payment.status = "Verified"
	paypal_express_payment.save(ignore_permissions=True)
	frappe.db.commit()

	frappe.local.response["type"] = "redirect"
	frappe.local.response["location"] = get_url( \
		"/api/method/paypal_integration.express_checkout.confirm_payment?token="+paypal_express_payment.token)
示例#4
0
def sign_up(email, full_name, redirect_to):
	user = frappe.db.get("User", {"email": email})
	if user:
		if user.disabled:
			return _("Registered but disabled.")
		else:
			return _("Already Registered")
	else:
		if frappe.db.sql("""select count(*) from tabUser where
			HOUR(TIMEDIFF(CURRENT_TIMESTAMP, TIMESTAMP(modified)))=1""")[0][0] > 300:

			frappe.respond_as_web_page(_('Temperorily Disabled'),
				_('Too many users signed up recently, so the registration is disabled. Please try back in an hour'),
				http_status_code=429)

		from frappe.utils import random_string
		user = frappe.get_doc({
			"doctype":"User",
			"email": email,
			"first_name": full_name,
			"enabled": 1,
			"new_password": random_string(10),
			"user_type": "Website User"
		})
		user.flags.ignore_permissions = True
		user.insert()

		if redirect_to:
			frappe.cache().hset('redirect_after_login', user.name, redirect_to)

		if user.flags.email_sent:
			return _("Please check your email for verification")
		else:
			return _("Please ask your administrator to verify your sign-up")
示例#5
0
def dropbox_auth_finish(return_access_token=False):
	app_details = get_dropbox_settings(redirect_uri=True)
	callback = frappe.form_dict
	close = '<p class="text-muted">' + _('Please close this window') + '</p>'

	dropbox_oauth_flow = dropbox.DropboxOAuth2Flow(
		app_details["app_key"],
		app_details["app_secret"],
		app_details["rediret_uri"],
		{
			'dropbox-auth-csrf-token': callback.state
		},
		"dropbox-auth-csrf-token"
	)

	if callback.state or callback.code:
		token = dropbox_oauth_flow.finish({'state': callback.state, 'code': callback.code})
		if return_access_token and token.access_token:
			return token.access_token, callback.state

		set_dropbox_access_token(token.access_token)
	else:
		frappe.respond_as_web_page(_("Dropbox Setup"),
			_("Illegal Access Token. Please try again") + close,
			indicator_color='red',
			http_status_code=frappe.AuthenticationError.http_status_code)

	frappe.respond_as_web_page(_("Dropbox Setup"),
		_("Dropbox access is approved!") + close,
		indicator_color='green')
示例#6
0
def return_success_page(doc):
	frappe.respond_as_web_page(_("Success"),
		_("{0}: {1} is set to state {2}".format(
			doc.get('doctype'),
			frappe.bold(doc.get('name')),
			frappe.bold(get_doc_workflow_state(doc))
		)), indicator_color='green')
示例#7
0
def get_checkout_url(**kwargs):
	try:
		return frappe.get_doc("Razorpay Settings").get_payment_url(**kwargs)
	except Exception:
		frappe.respond_as_web_page(_("Something went wrong"),
			_("Looks like something is wrong with this site's Razorpay configuration. Don't worry! No payment has been made."),
			success=False,
			http_status_code=frappe.ValidationError.http_status_code)
示例#8
0
def get_payment_url(doc, method):
	if doc.docstatus not in [0, 2]:
		if doc.gateway == "PayPal":
			set_express_checkout(doc.amount, doc.currency, {"doctype": doc.doctype, "docname": doc.name})
	else:
		frappe.respond_as_web_page(_("Invalid Payment Request"), 
			_("Payment Request has been canceled by vendor"), success=False, 
			http_status_code=frappe.ValidationError.http_status_code)
示例#9
0
def return_link_expired_page(doc, doc_workflow_state):
	frappe.respond_as_web_page(_("Link Expired"),
		_("Document {0} has been set to state {1} by {2}"
			.format(
				frappe.bold(doc.get('name')),
				frappe.bold(doc_workflow_state),
				frappe.bold(frappe.get_value('User', doc.get("modified_by"), 'full_name'))
			)), indicator_color='blue')
示例#10
0
def update_oauth_user(user, data, provider):
	if isinstance(data.get("location"), dict):
		data["location"] = data.get("location").get("name")

	save = False

	if not frappe.db.exists("User", user):

		# is signup disabled?
		if frappe.utils.cint(frappe.db.get_single_value("Website Settings", "disable_signup")):
			raise SignupDisabledError

		save = True
		user = frappe.new_doc("User")
		user.update({
			"doctype":"User",
			"first_name": get_first_name(data),
			"last_name": get_last_name(data),
			"email": data["email"],
			"gender": (data.get("gender") or "").title(),
			"enabled": 1,
			"new_password": frappe.generate_hash(data["email"]),
			"location": data.get("location"),
			"user_type": "Website User",
			"user_image": data.get("picture") or data.get("avatar_url")
		})

	else:
		user = frappe.get_doc("User", user)
		if not user.enabled:
			frappe.respond_as_web_page(_('Not Allowed'), _('User {0} is disabled').format(user.email))
			return False

	if provider=="facebook" and not user.get("fb_userid"):
		save = True
		user.update({
			"fb_username": data.get("username"),
			"fb_userid": data["id"],
			"user_image": "https://graph.facebook.com/{id}/picture".format(id=data["id"])
		})

	elif provider=="google" and not user.get("google_userid"):
		save = True
		user.google_userid = data["id"]

	elif provider=="github" and not user.get("github_userid"):
		save = True
		user.github_userid = data["id"]
		user.github_username = data["login"]

	elif provider=="frappe" and not user.get("frappe_userid"):
		save = True
		user.frappe_userid = data["sub"]

	if save:
		user.flags.ignore_permissions = True
		user.flags.no_welcome_mail = True
		user.save()
示例#11
0
def get_checkout_url(**kwargs):
	try:
		doc = frappe.get_doc("PayPal Settings")
		return doc.get_payment_url(**kwargs)
	except Exception:
		frappe.respond_as_web_page(_("Something went wrong"),
			_("Looks like something is wrong with this site's Paypal configuration. Don't worry! No payment has been made from your Paypal account."),
			success=False,
			http_status_code=frappe.ValidationError.http_status_code)
示例#12
0
def get_payment_url(doc, method):
	if doc.docstatus == 1:
		if doc.payment_gateway == "Razorpay":
			frappe.local.response["type"] = "redirect"
			frappe.local.response["location"] = "./razorpay_checkout?doctype=Payment Request&docname={0}".format(doc.name)
	else:
		frappe.respond_as_web_page(_("Invalid Payment Request"),
			_("Payment Request has been canceled by vendor"), success=False,
			http_status_code=frappe.ValidationError.http_status_code)
示例#13
0
文件: login.py 项目: ESS-LLP/frappe 
def login_via_token(login_token):
	sid = frappe.cache().get_value("login_token:{0}".format(login_token), expires=True)
	if not sid:
		frappe.respond_as_web_page(_("Invalid Request"), _("Invalid Login Token"), http_status_code=417)
		return

	frappe.local.form_dict.sid = sid
	frappe.local.login_manager = LoginManager()

	redirect_post_login(desk_user = frappe.db.get_value("User", frappe.session.user, "user_type")=="System User")
示例#14
0
def callback(*args, **kwargs):
	migrator = frappe.get_doc("QuickBooks Migrator")
	migrator.set_indicator("Connecting to QuickBooks")
	migrator.code = kwargs.get("code")
	migrator.quickbooks_company_id = kwargs.get("realmId")
	migrator.save()
	migrator.get_tokens()
	frappe.db.commit()
	migrator.set_indicator("Connected to QuickBooks")
	# We need this page to automatically close afterwards
	frappe.respond_as_web_page("Quickbooks Authentication", html="<script>window.close()</script>")
示例#15
0
def get_checkout_url(**kwargs):
	try:
		if kwargs.get('payment_gateway'):
			doc = frappe.get_doc("{0} Settings".format(kwargs.get('payment_gateway')))
			return doc.get_payment_url(**kwargs)
		else:
			raise Exception
	except Exception:
		frappe.respond_as_web_page(_("Something went wrong"),
			_("Looks like something is wrong with this site's payment gateway configuration. No payment has been made."),
			indicator_color='red',
			http_status_code=frappe.ValidationError.http_status_code)
示例#16
0
def handle_exception(e):
	response = None
	http_status_code = getattr(e, "http_status_code", 500)
	return_as_message = False

	if frappe.local.is_ajax or 'application/json' in frappe.get_request_header('Accept'):
		# handle ajax responses first
		# if the request is ajax, send back the trace or error message
		response = frappe.utils.response.report_error(http_status_code)

	elif (http_status_code==500
		and isinstance(e, MySQLdb.OperationalError)
		and e.args[0] in (1205, 1213)):
			# 1205 = lock wait timeout
			# 1213 = deadlock
			# code 409 represents conflict
			http_status_code = 508

	elif http_status_code==401:
		frappe.respond_as_web_page(_("Session Expired"),
			_("Your session has expired, please login again to continue."),
			http_status_code=http_status_code,  indicator_color='red')
		return_as_message = True

	elif http_status_code==403:
		frappe.respond_as_web_page(_("Not Permitted"),
			_("You do not have enough permissions to complete the action"),
			http_status_code=http_status_code,  indicator_color='red')
		return_as_message = True

	elif http_status_code==404:
		frappe.respond_as_web_page(_("Not Found"),
			_("The resource you are looking for is not available"),
			http_status_code=http_status_code,  indicator_color='red')
		return_as_message = True

	else:
		traceback = "<pre>"+frappe.get_traceback()+"</pre>"
		if frappe.local.flags.disable_traceback:
			traceback = ""

		frappe.respond_as_web_page("Server Error",
			traceback, http_status_code=http_status_code,
			indicator_color='red', width=640)
		return_as_message = True

	if e.__class__ == frappe.AuthenticationError:
		if hasattr(frappe.local, "login_manager"):
			frappe.local.login_manager.clear_cookies()

	if http_status_code >= 500:
		frappe.logger().error('Request Error', exc_info=True)
		make_error_snapshot(e)

	if return_as_message:
		response = frappe.website.render.render("message",
			http_status_code=http_status_code)

	return response
示例#17
0
def verify_request():
	"""Verify if the incoming signed request if it is correct."""
	query_string = frappe.request.query_string if hasattr(frappe.request, "query_string") \
		else frappe.local.flags.signed_query_string

	params, signature = query_string.split("&_signature=")

	given_signature = hmac.new(params.encode("utf-8"))
	given_signature.update(get_secret())
	valid = signature == given_signature.hexdigest()

	if not valid:
		frappe.respond_as_web_page(_("Invalid Link"),
			_("This link is invalid or expired. Please make sure you have pasted correctly."))
	return valid
示例#18
0
def set_express_checkout(amount, currency="USD", data=None):
	validate_transaction_currency(currency)

	if not isinstance(data, basestring):
		data = frappe.as_json(data or "{}")

	response = execute_set_express_checkout(amount, currency)

	if not response["success"]:
		paypal_log(response)
		frappe.db.commit()

		frappe.respond_as_web_page(_("Something went wrong"),
			_("Looks like something is wrong with this site's Paypal configuration. Don't worry! No payment has been made from your Paypal account."),
			success=False,
			http_status_code=frappe.ValidationError.http_status_code)

		return

	paypal_settings = get_paypal_settings()
	if paypal_settings.paypal_sandbox:
		return_url = "https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token={0}"
	else:
		return_url = "https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token={0}"

	token = response.get("TOKEN")[0]
	paypal_express_payment = frappe.get_doc({
		"doctype": "Paypal Express Payment",
		"status": "Started",
		"amount": amount,
		"currency": currency,
		"token": token,
		"data": data,
		"correlation_id": response.get("CORRELATIONID")[0]
	})
	if data:
		if isinstance(data, basestring):
			data = json.loads(data)

		if data.get("doctype") and data.get("docname"):
			paypal_express_payment.reference_doctype = data.get("doctype")
			paypal_express_payment.reference_docname = data.get("docname")

	paypal_express_payment.insert(ignore_permissions = True)
	frappe.db.commit()

	frappe.local.response["type"] = "redirect"
	frappe.local.response["location"] = return_url.format(token)
示例#19
0
def return_action_confirmation_page(doc, action, action_link, alert_doc_change=False):
	template_params = {
		'title': doc.get('name'),
		'doctype': doc.get('doctype'),
		'docname': doc.get('name'),
		'action': action,
		'action_link': action_link,
		'alert_doc_change': alert_doc_change
	}

	template_params['pdf_link'] = get_pdf_link(doc.get('doctype'), doc.get('name'))

	frappe.respond_as_web_page(None, None,
		indicator_color="blue",
		template="confirm_workflow_action",
		context=template_params)
示例#20
0
def login_oauth_user(data=None, provider=None, email_id=None, key=None):
	if email_id and key:
		data = json.loads(frappe.db.get_temp(key))
		data["email"] = email_id

	elif not (data.get("email") and get_first_name(data)) and not frappe.db.exists("User", data.get("email")):
		# ask for user email
		key = frappe.db.set_temp(json.dumps(data))
		frappe.db.commit()
		frappe.local.response["type"] = "redirect"
		frappe.local.response["location"] = "/complete_signup?key=" + key
		return

	user = data["email"]

	try:
		update_oauth_user(user, data, provider)
	except SignupDisabledError:
		return frappe.respond_as_web_page("Signup is Disabled", "Sorry. Signup from Website is disabled.",
			success=False, http_status_code=403)

	frappe.local.login_manager.user = user
	frappe.local.login_manager.post_login()

	# redirect!
	frappe.local.response["type"] = "redirect"

	# the #desktop is added to prevent a facebook redirect bug
	frappe.local.response["location"] = "/desk#desktop" if frappe.local.response.get('message') == 'Logged In' else "/"

	# because of a GET request!
	frappe.db.commit()
示例#21
0
def confirm_subscription(email):
	if not verify_request():
		return

	if not frappe.db.exists("Email Group", _("Website")):
		frappe.get_doc({
			"doctype": "Email Group",
			"title": _("Website")
		}).insert(ignore_permissions=True)


	frappe.flags.ignore_permissions = True

	add_subscribers(_("Website"), email)
	frappe.db.commit()

	frappe.respond_as_web_page(_("Confirmed"), _("{0} has been successfully added to our Email Group.").format(email))
示例#22
0
文件: oauth2.py 项目: mhbu50/frappe 
def authorize(*args, **kwargs):
	#Fetch provider URL from settings
	oauth_settings = get_oauth_settings()
	params = get_urlparams_from_kwargs(kwargs)
	request_url = urlparse(frappe.request.url)
	success_url = request_url.scheme + "://" + request_url.netloc + "/api/method/frappe.integration_broker.oauth2.approve?" + params
	failure_url = frappe.form_dict["redirect_uri"] + "?error=access_denied" 

	if frappe.session['user']=='Guest':
		#Force login, redirect to preauth again.
		frappe.local.response["type"] = "redirect"
		frappe.local.response["location"] = "/login?redirect-to=/api/method/frappe.integration_broker.oauth2.authorize?" + quote(params)

	elif frappe.session['user']!='Guest':
		try:
			r = frappe.request
			uri = r.url
			http_method = r.method
			body = r.get_data()
			headers = r.headers

			scopes, credentials = oauth_server.validate_authorization_request(uri, http_method, body, headers)

			skip_auth = frappe.db.get_value("OAuth Client", credentials['client_id'], "skip_authorization")
			unrevoked_tokens = frappe.get_all("OAuth Bearer Token", filters={"status":"Active"})

			if skip_auth or (oauth_settings["skip_authorization"] == "Auto" and len(unrevoked_tokens)):

				frappe.local.response["type"] = "redirect"
				frappe.local.response["location"] = success_url
			else:
				#Show Allow/Deny screen.
				response_html_params = frappe._dict({
					"client_id": frappe.db.get_value("OAuth Client", kwargs['client_id'], "app_name"),
					"success_url": success_url,
					"failure_url": failure_url,
					"details": scopes
				})
				resp_html = frappe.render_template("templates/includes/oauth_confirmation.html", response_html_params)
				frappe.respond_as_web_page("Confirm Access", resp_html)

		except FatalClientError as e:
			return e
		except OAuth2Error as e:
			return e
示例#23
0
文件: oauth.py 项目: frappe/frappe 
def login_oauth_user(data=None, provider=None, state=None, email_id=None, key=None, generate_login_token=False):
    # NOTE: This could lead to security issue as the signed in user can type any email address in complete_signup
    # if email_id and key:
    # 	data = json.loads(frappe.db.get_temp(key))
    # 	# What if data is missing because of an invalid key
    # 	data["email"] = email_id
    #
    # elif not (data.get("email") and get_first_name(data)) and not frappe.db.exists("User", data.get("email")):
    # 	# ask for user email
    # 	key = frappe.db.set_temp(json.dumps(data))
    # 	frappe.db.commit()
    # 	frappe.local.response["type"] = "redirect"
    # 	frappe.local.response["location"] = "/complete_signup?key=" + key
    # 	return

    # json.loads data and state
    if isinstance(data, basestring):
        data = json.loads(data)

    if isinstance(state, basestring):
        state = json.loads(state)

    if not (state and state["token"]):
        frappe.respond_as_web_page(_("Invalid Request"), _("Token is missing"), http_status_code=417)
        return

    token = frappe.cache().get_value("{0}:{1}".format(provider, state["token"]), expires=True)
    if not token:
        frappe.respond_as_web_page(_("Invalid Request"), _("Invalid Token"), http_status_code=417)
        return

    user = data["email"]

    if not user:
        frappe.respond_as_web_page(_("Invalid Request"), _("Please ensure that your profile has an email address"))
        return

    try:
        if update_oauth_user(user, data, provider) is False:
            return

    except SignupDisabledError:
        return frappe.respond_as_web_page(
            "Signup is Disabled", "Sorry. Signup from Website is disabled.", success=False, http_status_code=403
        )

    frappe.local.login_manager.user = user
    frappe.local.login_manager.post_login()

    # because of a GET request!
    frappe.db.commit()

    if frappe.utils.cint(generate_login_token):
        login_token = frappe.generate_hash(length=32)
        frappe.cache().set_value("login_token:{0}".format(login_token), frappe.local.session.sid, expires_in_sec=120)

        frappe.response["login_token"] = login_token

    else:
        redirect_post_login(desk_user=frappe.local.response.get("message") == "Logged In")
示例#24
0
def execute_cmd(cmd, from_async=False):
	"""execute a request as python module"""
	for hook in frappe.get_hooks("override_whitelisted_methods", {}).get(cmd, []):
		# override using the first hook
		cmd = hook
		break

	try:
		method = get_attr(cmd)
	except:
		frappe.respond_as_web_page(title='Invalid Method', html='Method not found',
			indicator_color='red', http_status_code=404)
		return

	if from_async:
		method = method.queue

	is_whitelisted(method)

	return frappe.call(method, **frappe.form_dict)
示例#25
0
def verify_request():
	"""Verify if the incoming signed request if it is correct."""
	query_string = frappe.safe_decode(frappe.local.flags.signed_query_string or \
		getattr(frappe.request, 'query_string', None))

	valid = False

	signature_string = '&_signature='
	if signature_string in query_string:
		params, signature = query_string.split(signature_string)

		given_signature = hmac.new(params.encode('utf-8'))

		given_signature.update(get_secret().encode())
		valid = signature == given_signature.hexdigest()

	if not valid:
		frappe.respond_as_web_page(_("Invalid Link"),
			_("This link is invalid or expired. Please make sure you have pasted correctly."))

	return valid
示例#26
0
文件: __init__.py 项目: mbauskar/phr 
def login_oauth_user(data, provider=None):
	if data.has_key("email"):
		user = data["email"]
		try:
			update_oauth_user(user, data, provider)
		except SignupDisabledError:
			return frappe.respond_as_web_page("Signup is Disabled", "Sorry. Signup from Website is disabled.",
				success=False, http_status_code=403)

		frappe.local.login_manager.user = user
		frappe.local.login_manager.post_login()
		frappe.db.commit()
示例#27
0
def dropbox_callback(oauth_token=None, not_approved=False):
	doc = frappe.get_doc("Dropbox Settings")
	close = '<p class="text-muted">' + _('Please close this window') + '</p>'

	if not not_approved:
		if doc.get_password(fieldname="dropbox_access_key", raise_exception=False)==oauth_token:
			sess = doc.get_dropbox_session()
			sess.set_request_token(doc.get_password(fieldname="dropbox_access_key", raise_exception=False),
				doc.get_password(fieldname="dropbox_access_secret", raise_exception=False))

			access_token = sess.obtain_access_token()

			frappe.db.set_value("Dropbox Settings", None, "dropbox_access_key", access_token.key)
			frappe.db.set_value("Dropbox Settings", None, "dropbox_access_secret", access_token.secret)

			frappe.db.commit()
		else:
			frappe.respond_as_web_page(_("Dropbox Setup"),
				_("Illegal Access Token. Please try again") + close,
				success=False, http_status_code=frappe.AuthenticationError.http_status_code)
	else:
		frappe.respond_as_web_page(_("Dropbox Setup"),
			_("You did not apporve Dropbox Access.") + close,
			success=False, http_status_code=frappe.AuthenticationError.http_status_code)

	frappe.respond_as_web_page(_("Dropbox Setup"),
		_("Dropbox access is approved!") + close,
		success=False, http_status_code=frappe.AuthenticationError.http_status_code)
示例#28
0
	def build_response(self):
		self.writer = UnicodeWriter()
		self.name_field = 'parent' if self.parent_doctype != self.doctype else 'name'

		if self.template:
			self.add_main_header()

		self.writer.writerow([''])
		self.tablerow = [self.data_keys.doctype]
		self.labelrow = [_("Column Labels:")]
		self.fieldrow = [self.data_keys.columns]
		self.mandatoryrow = [_("Mandatory:")]
		self.typerow = [_('Type:')]
		self.inforow = [_('Info:')]
		self.columns = []

		self.build_field_columns(self.doctype)

		if self.all_doctypes:
			for d in self.child_doctypes:
				self.append_empty_field_column()
				if (self.select_columns and self.select_columns.get(d['doctype'], None)) or not self.select_columns:
					# if atleast one column is selected for this doctype
					self.build_field_columns(d['doctype'], d['parentfield'])

		self.add_field_headings()
		self.add_data()
		if self.with_data and not self.data:
			frappe.respond_as_web_page(_('No Data'), _('There is no data to be exported'), indicator_color='orange')

		if self.file_type == 'Excel':
			self.build_response_as_excel()
		else:
			# write out response as a type csv
			frappe.response['result'] = cstr(self.writer.getvalue())
			frappe.response['type'] = 'csv'
			frappe.response['doctype'] = self.doctype
示例#29
0
文件: login.py 项目: BIANBS/frappe 
def login_oauth_user(data, provider=None):
    user = data["email"]

    try:
        update_oauth_user(user, data, provider)
    except SignupDisabledError:
        return frappe.respond_as_web_page(
            "Signup is Disabled", "Sorry. Signup from Website is disabled.", success=False, http_status_code=403
        )

    frappe.local.login_manager.user = user
    frappe.local.login_manager.post_login()

    # redirect!
    frappe.local.response["type"] = "redirect"

    # the #desktop is added to prevent a facebook redirect bug
    frappe.local.response["location"] = "/desk#desktop" if frappe.local.response.get("message") == "Logged In" else "/"

    # because of a GET request!
    frappe.db.commit()
示例#30
0
def dropbox_callback(oauth_token=None, not_approved=False):
	doc = frappe.get_doc("Dropbox Settings")

	if not not_approved:
		if doc.get_password(fieldname="dropbox_access_key", raise_exception=False)==oauth_token:
			sess = doc.get_dropbox_session()
			sess.set_request_token(doc.get_password(fieldname="dropbox_access_key", raise_exception=False),
				doc.get_password(fieldname="dropbox_access_secret", raise_exception=False))

			access_token = sess.obtain_access_token()

			frappe.db.set_value("Dropbox Settings", None, "dropbox_access_key", access_token.key)
			frappe.db.set_value("Dropbox Settings", None, "dropbox_access_secret", access_token.secret)

			frappe.db.commit()
		else:
			frappe.respond_as_web_page(_("Dropbox Approval"), _("Illegal Access Token Please try again. <p>Please close this window.</p"),
				success=False, http_status_code=frappe.AuthenticationError.http_status_code)
	else:
		frappe.respond_as_web_page(_("Dropbox Approval"), _("Dropbox Access not approved. <p>Please close this window.</p"),
			success=False, http_status_code=frappe.AuthenticationError.http_status_code)

	frappe.respond_as_web_page(_("Dropbox Approval"), _("Dropbox access allowed. <p>Please close this window.</p"),
		success=False, http_status_code=frappe.AuthenticationError.http_status_code)
示例#31
0
def return_unsubscribed_page(email):
	frappe.respond_as_web_page(_("Unsubscribed"), _("{0} has been successfully unsubscribed from this list.").format(email))
示例#32
0
			and isinstance(e, MySQLdb.OperationalError)
			and e.args[0] in (1205, 1213)):
				# 1205 = lock wait timeout
				# 1213 = deadlock
				# code 409 represents conflict
				http_status_code = 508

		if frappe.local.is_ajax or 'application/json' in request.headers.get('Accept', ''):
			response = frappe.utils.response.report_error(http_status_code)
		else:
			traceback = "<pre>"+frappe.get_traceback()+"</pre>"
			if frappe.local.flags.disable_traceback:
				traceback = ""

			frappe.respond_as_web_page("Server Error",
				traceback,
				http_status_code=http_status_code)
			response = frappe.website.render.render("message", http_status_code=http_status_code)

		if e.__class__ == frappe.AuthenticationError:
			if hasattr(frappe.local, "login_manager"):
				frappe.local.login_manager.clear_cookies()

		if http_status_code==500:
			logger.error('Request Error')

	else:
		if frappe.local.request.method in ("POST", "PUT") and frappe.db:
			if frappe.db.transaction_writes:
				frappe.db.commit()
				rollback = False
示例#33
0
def handle_session_stopped():
	frappe.respond_as_web_page(_("Updating"),
		_("Your system is being updated. Please refresh again after a few moments."),
		http_status_code=503, indicator_color='orange', fullpage = True, primary_action=None)
	return frappe.website.render.render("message", http_status_code=503)
示例#34
0
def search_widget(doctype,
                  txt,
                  query=None,
                  searchfield=None,
                  start=0,
                  page_length=20,
                  filters=None,
                  filter_fields=None,
                  as_dict=False,
                  reference_doctype=None,
                  ignore_user_permissions=False):

    start = cint(start)

    if isinstance(filters, str):
        filters = json.loads(filters)

    if searchfield:
        sanitize_searchfield(searchfield)

    if not searchfield:
        searchfield = "name"

    standard_queries = frappe.get_hooks().standard_queries or {}

    if query and query.split()[0].lower() != "select":
        # by method
        try:
            is_whitelisted(frappe.get_attr(query))
            frappe.response["values"] = frappe.call(query,
                                                    doctype,
                                                    txt,
                                                    searchfield,
                                                    start,
                                                    page_length,
                                                    filters,
                                                    as_dict=as_dict)
        except frappe.exceptions.PermissionError as e:
            if frappe.local.conf.developer_mode:
                raise e
            else:
                frappe.respond_as_web_page(title='Invalid Method',
                                           html='Method not found',
                                           indicator_color='red',
                                           http_status_code=404)
            return
        except Exception as e:
            raise e
    elif not query and doctype in standard_queries:
        # from standard queries
        search_widget(doctype, txt, standard_queries[doctype][0], searchfield,
                      start, page_length, filters)
    else:
        meta = frappe.get_meta(doctype)

        if query:
            frappe.throw(_("This query style is discontinued"))
            # custom query
            # frappe.response["values"] = frappe.db.sql(scrub_custom_query(query, searchfield, txt))
        else:
            if isinstance(filters, dict):
                filters_items = filters.items()
                filters = []
                for f in filters_items:
                    if isinstance(f[1], (list, tuple)):
                        filters.append([doctype, f[0], f[1][0], f[1][1]])
                    else:
                        filters.append([doctype, f[0], "=", f[1]])

            if filters == None:
                filters = []
            or_filters = []

            # build from doctype
            if txt:
                search_fields = ["name"]
                if meta.title_field:
                    search_fields.append(meta.title_field)

                if meta.search_fields:
                    search_fields.extend(meta.get_search_fields())

                for f in search_fields:
                    fmeta = meta.get_field(f.strip())
                    if (doctype not in UNTRANSLATED_DOCTYPES) and (
                            f == "name" or (fmeta and fmeta.fieldtype in [
                                "Data", "Text", "Small Text", "Long Text",
                                "Link", "Select", "Read Only", "Text Editor"
                            ])):
                        or_filters.append(
                            [doctype,
                             f.strip(), "like", "%{0}%".format(txt)])

            if meta.get("fields", {
                    "fieldname": "enabled",
                    "fieldtype": "Check"
            }):
                filters.append([doctype, "enabled", "=", 1])
            if meta.get("fields", {
                    "fieldname": "disabled",
                    "fieldtype": "Check"
            }):
                filters.append([doctype, "disabled", "!=", 1])

            # format a list of fields combining search fields and filter fields
            fields = get_std_fields_list(meta, searchfield or "name")
            if filter_fields:
                fields = list(set(fields + json.loads(filter_fields)))
            formatted_fields = [
                '`tab%s`.`%s`' % (meta.name, f.strip()) for f in fields
            ]

            # find relevance as location of search term from the beginning of string `name`. used for sorting results.
            formatted_fields.append(
                """locate({_txt}, `tab{doctype}`.`name`) as `_relevance`""".
                format(_txt=frappe.db.escape(
                    (txt or "").replace("%", "").replace("@", "")),
                       doctype=doctype))

            # In order_by, `idx` gets second priority, because it stores link count
            from frappe.model.db_query import get_order_by
            order_by_based_on_meta = get_order_by(doctype, meta)
            # 2 is the index of _relevance column
            order_by = "_relevance, {0}, `tab{1}`.idx desc".format(
                order_by_based_on_meta, doctype)

            ptype = 'select' if frappe.only_has_select_perm(
                doctype) else 'read'
            ignore_permissions = True if doctype == "DocType" else (
                cint(ignore_user_permissions)
                and has_permission(doctype, ptype=ptype))

            if doctype in UNTRANSLATED_DOCTYPES:
                page_length = None

            values = frappe.get_list(doctype,
                                     filters=filters,
                                     fields=formatted_fields,
                                     or_filters=or_filters,
                                     limit_start=start,
                                     limit_page_length=page_length,
                                     order_by=order_by,
                                     ignore_permissions=ignore_permissions,
                                     reference_doctype=reference_doctype,
                                     as_list=not as_dict,
                                     strict=False)

            if doctype in UNTRANSLATED_DOCTYPES:
                # Filtering the values array so that query is included in very element
                values = (v
                          for v in values if re.search(
                              f"{re.escape(txt)}.*",
                              _(v.name if as_dict else v[0]), re.IGNORECASE))

            # Sorting the values array so that relevant results always come first
            # This will first bring elements on top in which query is a prefix of element
            # Then it will bring the rest of the elements and sort them in lexicographical order
            values = sorted(values,
                            key=lambda x: relevance_sorter(x, txt, as_dict))

            # remove _relevance from results
            if as_dict:
                for r in values:
                    r.pop("_relevance")
                frappe.response["values"] = values
            else:
                frappe.response["values"] = [r[:-1] for r in values]
示例#35
0
def return_unsubscribed_page(email, doctype, name):
    frappe.respond_as_web_page(
        _("Unsubscribed"),
        _("{0} has left the conversation in {1} {2}").format(
            email, _(doctype), name),
        indicator_color='green')
示例#36
0
	except Exception, e:
		http_status_code = getattr(e, "http_status_code", 500)

		if (http_status_code==500
			and isinstance(e, MySQLdb.OperationalError)
			and e.args[0] in (1205, 1213)):
				# 1205 = lock wait timeout
				# 1213 = deadlock
				# code 409 represents conflict
				http_status_code = 409

		if frappe.local.is_ajax or 'application/json' in request.headers.get('Accept', ''):
			response = frappe.utils.response.report_error(http_status_code)
		else:
			frappe.respond_as_web_page("Server Error",
				"<pre>"+frappe.get_traceback()+"</pre>",
				http_status_code=http_status_code)
			response = frappe.website.render.render("message", http_status_code=http_status_code)

		if e.__class__ == frappe.AuthenticationError:
			if hasattr(frappe.local, "login_manager"):
				frappe.local.login_manager.clear_cookies()

		if http_status_code==500:
			logger.error('Request Error')

	else:
		if frappe.local.request.method in ("POST", "PUT") and frappe.db:
			frappe.db.commit()
			rollback = False
示例#37
0
文件: oauth.py 项目: yered1/frappe 
def login_oauth_user(data=None,
                     provider=None,
                     state=None,
                     email_id=None,
                     key=None,
                     generate_login_token=False):
    # NOTE: This could lead to security issue as the signed in user can type any email address in complete_signup
    # if email_id and key:
    # 	data = json.loads(frappe.db.get_temp(key))
    #	# What if data is missing because of an invalid key
    # 	data["email"] = email_id
    #
    # elif not (data.get("email") and get_first_name(data)) and not frappe.db.exists("User", data.get("email")):
    # 	# ask for user email
    # 	key = frappe.db.set_temp(json.dumps(data))
    # 	frappe.db.commit()
    # 	frappe.local.response["type"] = "redirect"
    # 	frappe.local.response["location"] = "/complete_signup?key=" + key
    # 	return

    # json.loads data and state
    if isinstance(data, string_types):
        data = json.loads(data)

    if isinstance(state, string_types):
        state = json.loads(state)

    if not (state and state["token"]):
        frappe.respond_as_web_page(_("Invalid Request"),
                                   _("Token is missing"),
                                   http_status_code=417)
        return

    token = frappe.cache().get_value("{0}:{1}".format(provider,
                                                      state["token"]),
                                     expires=True)
    if not token:
        frappe.respond_as_web_page(_("Invalid Request"),
                                   _("Invalid Token"),
                                   http_status_code=417)
        return

    user = get_email(data)

    if not user:
        frappe.respond_as_web_page(
            _("Invalid Request"),
            _("Please ensure that your profile has an email address"))
        return

    try:
        if update_oauth_user(user, data, provider) is False:
            return

    except SignupDisabledError:
        return frappe.respond_as_web_page(
            "Signup is Disabled",
            "Sorry. Signup from Website is disabled.",
            success=False,
            http_status_code=403)

    frappe.local.login_manager.user = user
    frappe.local.login_manager.post_login()

    # because of a GET request!
    frappe.db.commit()

    if frappe.utils.cint(generate_login_token):
        login_token = frappe.generate_hash(length=32)
        frappe.cache().set_value("login_token:{0}".format(login_token),
                                 frappe.local.session.sid,
                                 expires_in_sec=120)

        frappe.response["login_token"] = login_token

    else:
        redirect_post_login(
            desk_user=frappe.local.response.get('message') == 'Logged In')
示例#38
0
def web_logout():
	frappe.local.login_manager.logout()
	frappe.db.commit()
	frappe.respond_as_web_page("Logged Out", """<p style="margin-top:10%;text-align: center;">You have been logged out.</p>
		<p style="text-align: center;"><a href='index'>Back to Home</a></p>""")
示例#39
0
def web_logout():
    frappe.local.login_manager.logout()
    frappe.db.commit()
    frappe.respond_as_web_page(
        _("Logged Out"), """<p>""" + _("You have been logged out.") + """</p>
		<p><a href='index'>""" + _("Back to Home") + """</a></p>""")
示例#40
0
文件: oauth.py 项目: yered1/frappe 
def update_oauth_user(user, data, provider):
    if isinstance(data.get("location"), dict):
        data["location"] = data.get("location").get("name")

    save = False

    if not frappe.db.exists("User", user):

        # is signup disabled?
        if frappe.utils.cint(
                frappe.db.get_single_value("Website Settings",
                                           "disable_signup")):
            raise SignupDisabledError

        save = True
        user = frappe.new_doc("User")
        user.update({
            "doctype": "User",
            "first_name": get_first_name(data),
            "last_name": get_last_name(data),
            "email": get_email(data),
            "gender": (data.get("gender") or "").title(),
            "enabled": 1,
            "new_password": frappe.generate_hash(get_email(data)),
            "location": data.get("location"),
            "user_type": "Website User",
            "user_image": data.get("picture") or data.get("avatar_url")
        })

    else:
        user = frappe.get_doc("User", user)
        if not user.enabled:
            frappe.respond_as_web_page(
                _('Not Allowed'),
                _('User {0} is disabled').format(user.email))
            return False

    if provider == "facebook" and not user.get_social_login_userid(provider):
        save = True
        user.set_social_login_userid(provider,
                                     userid=data["id"],
                                     username=data.get("username"))
        user.update({
            "user_image":
            "https://graph.facebook.com/{id}/picture".format(id=data["id"])
        })

    elif provider == "google" and not user.get_social_login_userid(provider):
        save = True
        user.set_social_login_userid(provider, userid=data["id"])

    elif provider == "github" and not user.get_social_login_userid(provider):
        save = True
        user.set_social_login_userid(provider,
                                     userid=data["id"],
                                     username=data.get("login"))

    elif provider == "frappe" and not user.get_social_login_userid(provider):
        save = True
        user.set_social_login_userid(provider, userid=data["sub"])

    elif provider == "office_365" and not user.get_social_login_userid(
            provider):
        save = True
        user.set_social_login_userid(provider, userid=data["sub"])

    elif provider == "salesforce" and not user.get_social_login_userid(
            provider):
        save = True
        user.set_social_login_userid(provider,
                                     userid="/".join(
                                         data["sub"].split("/")[-2:]))

    elif provider == "fairlogin" and not user.get_social_login_userid(
            provider):
        save = True
        user.set_social_login_userid(provider,
                                     userid=data["preferred_username"])

    if save:
        user.flags.ignore_permissions = True
        user.flags.no_welcome_mail = True
        user.save()
示例#41
0
def web_logout():
	frappe.local.login_manager.logout()
	frappe.db.commit()
	frappe.respond_as_web_page("Logged Out", """<p><a href="/index" class="text-muted">Back to Home</a></p>""")
示例#42
0
def web_logout():
    frappe.local.login_manager.logout()
    frappe.db.commit()
    frappe.respond_as_web_page(_("Logged Out"),
                               _("You have been successfully logged out"),
                               indicator_color='green')
示例#43
0
def return_unsubscribed_page(email, name):
    frappe.respond_as_web_page(
        _("Unsubscribed from Newsletter"),
        _("<b>{0}</b> has been successfully unsubscribed from this mailing list."
          ).format(email, name),
        indicator_color='green')
示例#44
0
def login_oauth_user(data=None, provider=None, state=None, email_id=None, key=None, generate_login_token=False):
	if not ((data and provider and state) or (email_id and key)):
		frappe.respond_as_web_page(_("Invalid Request"), _("Missing parameters for login"), http_status_code=417)
		return

	_login_oauth_user(data, provider, state, email_id, key, generate_login_token)
示例#45
0
文件: app.py 项目: dacosta2213/frappe 
def handle_exception(e):
    response = None
    http_status_code = getattr(e, "http_status_code", 500)
    return_as_message = False

    if frappe.get_request_header('Accept') and (
            frappe.local.is_ajax
            or 'application/json' in frappe.get_request_header('Accept')):
        # handle ajax responses first
        # if the request is ajax, send back the trace or error message
        response = frappe.utils.response.report_error(http_status_code)

    elif (http_status_code == 500
          and (frappe.db and isinstance(e, frappe.db.InternalError))
          and (frappe.db and
               (frappe.db.is_deadlocked(e) or frappe.db.is_timedout(e)))):
        http_status_code = 508

    elif http_status_code == 401:
        frappe.respond_as_web_page(
            _("Session Expired"),
            _("Your session has expired, please login again to continue."),
            http_status_code=http_status_code,
            indicator_color='red')
        return_as_message = True

    elif http_status_code == 403:
        frappe.respond_as_web_page(
            _("Not Permitted"),
            _("You do not have enough permissions to complete the action"),
            http_status_code=http_status_code,
            indicator_color='red')
        return_as_message = True

    elif http_status_code == 404:
        frappe.respond_as_web_page(
            _("Not Found"),
            _("The resource you are looking for is not available"),
            http_status_code=http_status_code,
            indicator_color='red')
        return_as_message = True

    elif http_status_code == 429:
        response = frappe.rate_limiter.respond()

    else:
        traceback = "<pre>" + sanitize_html(frappe.get_traceback()) + "</pre>"
        if frappe.local.flags.disable_traceback:
            traceback = ""

        frappe.respond_as_web_page("Server Error",
                                   traceback,
                                   http_status_code=http_status_code,
                                   indicator_color='red',
                                   width=640)
        return_as_message = True

    if e.__class__ == frappe.AuthenticationError:
        if hasattr(frappe.local, "login_manager"):
            frappe.local.login_manager.clear_cookies()

    if http_status_code >= 500:
        frappe.logger().error('Request Error', exc_info=True)
        make_error_snapshot(e)

    if return_as_message:
        response = frappe.website.render.render(
            "message", http_status_code=http_status_code)

    return response
示例#46
0
文件: app.py 项目: sumitdas4u/frappe 
def handle_exception(e):
    response = None
    http_status_code = getattr(e, "http_status_code", 500)
    return_as_message = False

    if frappe.local.is_ajax or 'application/json' in frappe.local.request.headers.get(
            'Accept', ''):
        # handle ajax responses first
        # if the request is ajax, send back the trace or error message
        response = frappe.utils.response.report_error(http_status_code)

    elif (http_status_code == 500 and isinstance(e, MySQLdb.OperationalError)
          and e.args[0] in (1205, 1213)):
        # 1205 = lock wait timeout
        # 1213 = deadlock
        # code 409 represents conflict
        http_status_code = 508

    elif http_status_code == 401:
        frappe.respond_as_web_page(
            _("Session Expired"),
            _("Your session has expired, please login again to continue."),
            http_status_code=http_status_code,
            indicator_color='red')
        return_as_message = True

    elif http_status_code == 403:
        frappe.respond_as_web_page(
            _("Not Permitted"),
            _("You do not have enough permissions to complete the action"),
            http_status_code=http_status_code,
            indicator_color='red')
        return_as_message = True

    elif http_status_code == 404:
        frappe.respond_as_web_page(
            _("Not Found"),
            _("The resource you are looking for is not available"),
            http_status_code=http_status_code,
            indicator_color='red')
        return_as_message = True

    else:
        traceback = "<pre>" + frappe.get_traceback() + "</pre>"
        if frappe.local.flags.disable_traceback:
            traceback = ""

        frappe.respond_as_web_page("Server Error",
                                   traceback,
                                   http_status_code=http_status_code,
                                   indicator_color='red')
        return_as_message = True

    if e.__class__ == frappe.AuthenticationError:
        if hasattr(frappe.local, "login_manager"):
            frappe.local.login_manager.clear_cookies()

    if http_status_code >= 500:
        frappe.logger().error('Request Error', exc_info=True)
        make_error_snapshot(e)

    if return_as_message:
        response = frappe.website.render.render(
            "message", http_status_code=http_status_code)

    return response
示例#47
0
def sign_up(email, full_name, dob, phone_number, address, guardian_name,
            redirect_to):

    if not is_signup_enabled():
        frappe.throw(_('Sign Up is disabled'), title='Not Allowed')

    user = frappe.db.get("User", {"email": email})
    if user:
        if user.disabled:
            return 0, _("Registered but disabled")
        else:
            return 0, _("Already Registered")
    else:
        if frappe.db.sql("""select count(*) from tabUser where
			HOUR(TIMEDIFF(CURRENT_TIMESTAMP, TIMESTAMP(modified)))=1""")[0][0] > 300:

            frappe.respond_as_web_page(
                _('Temperorily Disabled'),
                _('Too many users signed up recently, so the registration is disabled. Please try back in an hour'
                  ),
                http_status_code=429)

        from frappe.utils import random_string
        import datetime

        date_format_dict = {
            "yyyy-mm-dd": "%Y-%m-%d",
            "dd-mm-yyyy": "%d-%m-%Y",
            "dd/mm/yyyy": "%d/%m/%Y",
            "dd.mm.yyyy": "%d.%m.%Y",
            "mm/dd/yyyy": "%m/%d/%Y",
            "mm-dd-yyyy": "%m-%d-%Y"
        }

        get_date_format_string = date_format_dict["mm-dd-yyyy"]
        get_system_date_format = frappe.db.get_value("System Settings", None,
                                                     "date_format")
        if get_system_date_format in date_format_dict:
            get_date_format_string = date_format_dict[str(
                get_system_date_format)]
        else:
            frappe.db.set_value("System Settings", None, "date_format",
                                "mm-dd-yyyy")
            frappe.db.commit()

        datetime_obj = datetime.datetime.strptime(dob, '%Y-%m-%d').strftime(
            str(get_date_format_string))

        user = frappe.get_doc({
            "doctype": "User",
            "email": email,
            "first_name": full_name,
            "birth_date": frappe.utils.getdate(datetime_obj),
            "phone": phone_number,
            "address": address,
            "guardian_name": guardian_name,
            "enabled": 1,
            "new_password": random_string(10),
            "user_type": "Website User"
        })
        user.flags.ignore_permissions = True
        user.insert()

        customer = frappe.get_doc({
            "doctype": "Customer",
            "customer_name": full_name,
            "customer_type": "Individual"
        })
        customer.flags.ignore_permissions = True
        customer.insert()

        # set default signup role as per Portal Settings
        default_role = frappe.db.get_value("Portal Settings", None,
                                           "default_role")
        if default_role:
            user.add_roles(default_role)
        # frappe.throw("--- "+ str(redirect_to) + " ---Hello")
        if redirect_to:
            frappe.cache().hset('redirect_after_login', user.name, redirect_to)

        if user.flags.email_sent:
            return 1, _("Please check your email for verification")
        else:
            return 2, _("Please ask your administrator to verify your sign-up")