def createDataBackup(): if request.vars.alias == None: return P(str(T("Error: Missing alias parameter!"))) if request.vars.bformat: bformat = str(request.vars.bformat) else: bformat = "backup" if ns.local.setEngine(request.vars.alias, True, False) == False: if request.vars.filename == "download": session.flash = str(ns.error_message) redirect(URL("create_backup")) else: return P("Error: " + str(ns.error_message)) retbc = dbtool.createDataBackup(alias=request.vars.alias, bformat=bformat, filename=request.vars.filename, verNo=response.verNo) if request.vars.filename == "download": if (not str(retbc).startswith("<span")) and ( not str(retbc).startswith("<div")): import time response.headers['Content-Type'] = 'application/octet-stream' response.headers[ 'Content-Disposition'] = 'attachment;filename="' + str( request.vars.alias) + '_' + time.strftime( "%Y%m%d_%H%M") + '.' + bformat + '"' return retbc else: session.flash = str(retbc) redirect(URL("create_backup")) return P(retbc)
def createDataBackup(): if request.vars.alias == None: return P(str(T("Error: Missing alias parameter!"))) if request.vars.bformat: bformat = str(request.vars.bformat) else: bformat = "backup" if ns.local.setEngine(request.vars.alias, True, False) == False: if request.vars.filename == "download": session.flash = str(ns.error_message) redirect(URL("create_backup")) else: return P("Error: " + str(ns.error_message)) retbc = dbtool.createDataBackup( alias=request.vars.alias, bformat=bformat, filename=request.vars.filename, verNo=response.verNo ) if request.vars.filename == "download": if (not str(retbc).startswith("<span")) and (not str(retbc).startswith("<div")): import time response.headers["Content-Type"] = "application/octet-stream" response.headers["Content-Disposition"] = ( 'attachment;filename="' + str(request.vars.alias) + "_" + time.strftime("%Y%m%d_%H%M") + "." + bformat + '"' ) return retbc else: session.flash = str(retbc) redirect(URL("create_backup")) return P(retbc)
def register(): response.loginmenu = [(T("Login/Register"), URL("default", "user") == URL(), URL("default", "user"), [])] playermgmt.ensure_session_vars(auth, inreguser=True) # If the user has already registered, forward user to user the index page if current.session.playerid != None: http.redirect(html.URL("default", "index")) return dict()
def select(self, table, query=None, fields=None, orderby=None, limitby=None, headers={}, **attr): request = self.environment.request if not (isinstance(table, self.db.Table) or table in self.db.tables): raise HTTP(404) if not self.has_permission("select", table): redirect(self.settings.auth.settings.on_failed_authorization) #if record_id and not self.has_permission("select", table): # redirect(self.settings.auth.settings.on_failed_authorization) if not isinstance(table, self.db.Table): table = self.db[table] if not query: query = table.id > 0 if not fields: fields = [table.ALL] rows = self.db(query).select(*fields, **dict(orderby=orderby, limitby=limitby)) if not rows: return None # Nicer than an empty table. if not "linkto" in attr: attr["linkto"] = self.url(args="read") if not "upload" in attr: attr["upload"] = self.url("download") if request.extension != "html": return rows.as_list() return SQLTABLES3(rows, headers=headers, **attr)
def get_table(request): db = get_database(request) if len(request.args) > 1 and request.args[1] in db.tables: return (db, request.args[1]) else: session.flash = T('invalid request') redirect(URL('index'))
def update(): (db, table) = get_table(request) keyed = hasattr(db[table],'_primarykey') record = None if keyed: key = [f for f in request.vars if f in db[table]._primarykey] if key: record = db(db[table][key[0]] == request.vars[key[0]]).select().first() else: record = db(db[table].id == request.args(2)).select().first() if not record: qry = query_by_table_type(table, db) session.flash = T('record does not exist') redirect(URL('select', args=request.args[:1], vars=dict(query=qry))) if keyed: for k in db[table]._primarykey: db[table][k].writable=False form = SQLFORM(db[table], record, deletable=True, delete_label=T('Check to delete'), ignore_rw=ignore_rw and not keyed, linkto=URL('select', args=request.args[:1]), upload=URL(r=request, f='download', args=request.args[:1])) if form.accepts(request.vars, session): session.flash = T('done!') qry = query_by_table_type(table, db) redirect(URL('select', args=request.args[:1], vars=dict(query=qry))) return dict(form=form,table=db[table])
def apply_method(self, r, **attr): """ API entry point @param r: the S3Request instance @param attr: controller attributes for the request """ if r.http in ("GET", "POST", "DELETE"): if r.record: # Initialize CRUD form self.settings = current.response.s3.crud self.sqlform = sqlform = self._config("crud_form") if not sqlform: from s3forms import S3SQLDefaultForm self.sqlform = S3SQLDefaultForm() # Render page output = self.profile(r, **attr) elif r.representation not in ("dl", "aadata"): # Redirect to the List View redirect(r.url(method="")) else: # No point redirecting r.error(404, current.ERROR.BAD_RECORD) else: r.error(405, current.ERROR.BAD_METHOD) return output
def select( self, table, query=None, fields=None, orderby=None, limitby=None, headers={}, **attr ): request = self.environment.request if not (isinstance(table, self.db.Table) or table in self.db.tables): raise HTTP(404) if not self.has_permission("select", table): redirect(self.settings.auth.settings.on_failed_authorization) #if record_id and not self.has_permission("select", table): # redirect(self.settings.auth.settings.on_failed_authorization) if not isinstance(table, self.db.Table): table = self.db[table] if not query: query = table.id > 0 if not fields: fields = [table.ALL] rows = self.db(query).select(*fields, **dict(orderby=orderby, limitby=limitby)) if not rows: return None # Nicer than an empty table. if not "linkto" in attr: attr["linkto"] = self.url(args="read") if not "upload" in attr: attr["upload"] = self.url("download") if request.extension != "html": return rows.as_list() return SQLTABLES3(rows, headers=headers, **attr)
def requeue_all(self): fq = get_failed_queue() job_ids = fq.job_ids count = len(job_ids) for job_id in job_ids: requeue_job(job_id) redirect(URL())
def update(): (db, table) = get_table(request) keyed = hasattr(db[table], '_primarykey') record = None if keyed: key = [f for f in request.vars if f in db[table]._primarykey] if key: record = db( db[table][key[0]] == request.vars[key[0]]).select().first() else: record = db(db[table].id == request.args(2)).select().first() if not record: qry = query_by_table_type(table, db) session.flash = T('record does not exist') redirect(URL('select', args=request.args[:1], vars=dict(query=qry))) if keyed: for k in db[table]._primarykey: db[table][k].writable = False form = SQLFORM(db[table], record, deletable=True, delete_label=T('Check to delete'), ignore_rw=ignore_rw and not keyed, linkto=URL('select', args=request.args[:1]), upload=URL(r=request, f='download', args=request.args[:1])) if form.accepts(request.vars, session): session.flash = T('done!') qry = query_by_table_type(table, db) redirect(URL('select', args=request.args[:1], vars=dict(query=qry))) return dict(form=form, table=db[table])
def _login_form(self, openid_field_label=None, submit_button=None, _next=None, style=None): """ Render the form for OpenID login """ def warning_openid_fail(session): session.warning = messages.openid_fail_discover style = style or """ background-attachment: scroll; background-repeat: no-repeat; background-image: url("http://wiki.openid.net/f/openid-16x16.gif"); background-position: 0% 50%; background-color: transparent; padding-left: 18px; width: 400px; """ style = style.replace("\n","") request = self.environment.request session = self.environment.session messages = self.messages hidden_next_input = "" if _next == 'profile': profile_url = self.environment.URL(r=request, f='user', args=['profile']) hidden_next_input = INPUT(_type="hidden", _name="_next", _value=profile_url) form = FORM(openid_field_label or self.messages.label_alt_login_username, INPUT(_type="input", _name="oid", requires=IS_NOT_EMPTY(error_message=messages.openid_fail_discover), _style=style), hidden_next_input, INPUT(_type="submit", _value=submit_button or messages.submit_button), " ", A(messages.comment_openid_signin, _href=messages.comment_openid_help_url, _title=messages.comment_openid_help_title, _class='openid-identifier', _target="_blank"), _action=self.login_url ) if form.accepts(request.vars, session): oid = request.vars.oid consumerhelper = self._init_consumerhelper() url = self.login_url return_to_url = self.return_to_url if not oid: warning_openid_fail(session) redirect(url) try: if request.vars.has_key('_next'): return_to_url = self.return_to_url + '?_next=' + request.vars._next url = consumerhelper.begin(oid, self.realm, return_to_url) except DiscoveryFailure: warning_openid_fail(session) redirect(url) return form
def getAppl(): if request.vars.appl: file_name = os.path.join(request.folder, 'static/resources/application', str(request.vars.appl)) if not os.path.isfile(file_name): return "Missing application!" redirect(URL('static/resources/application', str(request.vars.appl))) else: return "Missing appl parameter!"
def __call__(self): gtable = current.s3db.gis_location syria = current.db(gtable.name == "Syrian Arab Republic").select(gtable.id, limitby=(0, 1) ).first() redirect(URL(c="gis", f="location", args=[syria.id, "profile"]))
def wrapper(*args): selv = args[0] r = selv.environment.request if not selv.is_logged_in(): nextt = URL(r=r, args=r.args) redirect(URL(args=['login'], vars={'_next': nextt}), client_side=selv.settings.client_side) return f(*args)
def qc_list(): if 'flash' in request.vars: response.flash= request.vars['flash'] if not db(db.episode.created_by == auth.user.id).count()>0: message= "You do not have any QC. Upload a QC first ;)" redirect(URL('default','add_qc?flash='+message)) else: return locals()
def checkIfAuthorized(): if (current.request.cookies.has_key('userid')): userId = current.request.cookies['userid'].value userName = current.request.cookies['username'].value current.userName = userName current.userId = userId return userId else: http.redirect(html.URL('auth', 'login'))
def reject_vacation(): vacationid = request.args(0, cast = int) result = db(db.co_vacation.id == vacationid).update(status = 'Rejected') if result == 1: session.flash = 'Vacation rejected' redirect(URL('confirm_vacation')) else: session.flash = 'Errors occurs!' redirect(URL('confirm_vacation')) return dict()
def contact(): from models.contact import Contact db = application.db(models=[Contact]) form = SQLFORM(db.Contact, _action=URL('experiments', 'default', 'contact')) if form.process(session=application.session).accepted: redirect(URL()) return {'form': form}
def myform(): form = SQLFORM.factory(Field("first_name", "string"), Field("last_name", "string")) def onvalidation(form): pass if form.process(session=application.session, onvaliidation=onvalidation).accepted: redirect(URL()) return dict(form=form)
def job(self, job_id, queue_name, action): if action == 'cancel': cancel_job(job_id) elif action == 'requeue': requeue_job(job_id) else: raise HTTP(404) if current.request.ajax: return jobs_table(queue_name) redirect(URL())
def __call__(self): request = self.environment.request args = request.args if not args: redirect(self.environment.URL(r=request, args=['login'])) if args[0] == 'login': return self.login() elif args[0] == 'oidresponse': self.process_response() else: raise HTTP(404)
def compact(self, queue_name): q = Queue(queue_name) try: q.compact() except ResponseError: # Somethimes I get ResponseError('no such key") # from redis connection pass if current.request.ajax: return '' redirect(URL(args=['overview'] + current.request.args[1:]))
def flash(flash_class, text, redirect_url=None): """Updates the flash key and optionally redirects to another URL.""" flash_info = { 'class': flash_class, 'text': text } if redirect_url: current.session.flash = flash_info redirect(redirect_url) else: current.response.flash = flash_info
def create_project(): response.view = 'company/details_project.html' form = SQLFORM(db.co_project) if form.process().accepted: session.flash = 'Project created' redirect(URL('list_project')) elif form.errors: response.flash = 'Errors occurs!' return locals()
def require_facebook_login(request, settings,next=None): """ Used for redirecting the user to the Facebook login page if not already logged in. Usage: require_facebook_login(request,settings) """ if not request.facebook: add_facebook_instance(request,settings) fb = request.facebook if not fb.check_session(request): redirect(fb.get_login_url(next=next))
def f(*a, **b): if not self.shn_logged_in(): request = self.environment.request next = URL(r=request, args=request.args, vars=request.get_vars) redirect(self.settings.login_url + "?_next=" + urllib.quote(next)) if not self.shn_has_role(role) and not self.shn_has_role(1): self.environment.session.error = self.messages.access_denied next = self.settings.on_failed_authorization redirect(next) return action(*a, **b)
def file_upload(): form = SQLFORM.factory(Field('file', 'upload', uploadfolder=application.config.upload_folder, requires=IS_IMAGE(extensions=('jpg', 'jpeg'))), _action=URL()) if form.process().accepted: redirect(URL()) return {'form': form}
def myform(): form = SQLFORM.factory(Field('first_name', 'string'), Field('last_name', 'string')) def onvalidation(form): pass if form.process(session=application.session, onvaliidation=onvalidation).accepted: redirect(URL()) return dict(form=form)
def __call__(self): auth = current.auth ADMIN = auth.get_system_roles().ADMIN if auth.s3_has_role(ADMIN): T = current.T form = FORM( H3(T("Check transferability for all current cases")), INPUT( _class="tiny primary button", _type="submit", _value=T("Update now"), ), P("(%s)" % T("This process can take a couple of minutes")), ) if form.accepts(current.request.post_vars, current.session): # Get default site default_site = current.deployment_settings.get_org_default_site( ) # Update transferability result = update_transferability(site_id=default_site) if result: msg = current.T("%(number)s transferable cases found") % { "number": result } current.session.confirmation = msg else: msg = current.T("No transferable cases found") current.session.warning = msg # Forward to list of transferable cases redirect( URL( c="dvr", f="person", vars={ "closed": "0", "dvr_case.transferable__belongs": "True", "show_family_transferable": "1", }, )) self._view(THEME, "transferability.html") return {"form": form} else: auth.permission.fail()
def login(self): request = self.environment.request session = self.environment.session form = self.environment.FORM("openID: ", self.environment.INPUT(_type="input", _name="oid"), self.environment.INPUT(_type="submit")) if form.accepts(request.vars, session): auth_req = self.consumer.begin(request.vars.oid) auth_req.addExtension(SRegRequest(required=['email','nickname'])) url = auth_req.redirectURL(return_to=self.return_to_url, realm=self.realm) #print url redirect(url) return form
def edit(): form = SQLFORM.factory( Field('first_name', 'string', requires=IS_NOT_EMPTY(error_message='Please enter first name')), Field('last_name', 'string', requires=IS_NOT_EMPTY(error_message='Please enter last name')), _action=URL('experiments', 'default', 'edit') ) if form.process(session=application.session).accepted: redirect(URL()) return {'form': form}
def requires_https(self): """ If request comes in over HTTP, redirects it to HTTPS and secures the session. """ cmd_opts = global_settings.cmd_options # checking if this is called within the scheduler or within the shell # in addition to checking if it's not a cronjob if (cmd_opts and (cmd_opts.shell or cmd_opts.scheduler)) or global_settings.cronjob or self.is_https: current.session.secure() else: current.session.forget() redirect(URL(scheme="https", args=self.args, vars=self.vars))
def require_facebook_add(request, settings, next=None): """ Used for redirecting the user to the Facebook add-app page. Usage: require_facebook_add(request,settings) """ if not request.facebook: add_facebook_instance(request,settings) fb = request.facebook if not fb.check_session(request): redirect(fb.get_login_url(next=next)) if not fb.added: redirect(fb.get_add_url(next=next))
def create_task(): response.view = 'company/details_task.html' projectid = request.args(1, cast = int) projectname = db.co_project(projectid).name db.co_task.project.default = projectid form = SQLFORM(db.co_task) if form.process().accepted: session.flash = 'Task created' redirect(URL('list_task', args = (projectid))) elif form.errors: response.flash = 'Errors occurs!' return locals()
def get_user(self): """ It supports the logout_url, implementing the get_user and login_form for cas usage of gluon.tools.Auth. """ environment = self.environment request = environment.request args = request.args if args[0] == 'logout': return True # Let logout_url got called if environment.session.w2popenid: w2popenid = environment.session.w2popenid db = self.db if (w2popenid.ok is True and w2popenid.oid): # OpenID authenticated if self._w2popenid_expired(w2popenid): del(self.environment.session.w2popenid) flash = self.messages.flash_openid_expired environment.session.warning = flash redirect(self.auth.settings.login_url) oid = self._remove_protocol(w2popenid.oid) alt_login = self._find_matched_openid(db, oid) nextvar = self.nextvar # This OpenID not in the database. If user logged in then add it # into database, else ask user to login or register. if not alt_login: if self.auth.is_logged_in(): # TODO: ask first maybe self._associate_user_openid(self.auth.user, oid) if self.environment.session.w2popenid: del(self.environment.session.w2popenid) environment.session.flash = self.messages.flash_openid_associated if request.vars.has_key(nextvar): redirect(request.vars[nextvar]) redirect(self.auth.settings.login_next) if not request.vars.has_key(nextvar): # no next var, add it and do login again # so if user login or register can go back here to associate the OpenID redirect(self.environment.URL(r=request, args=['login'], vars={nextvar:self.login_url})) self.login_form = self._form_with_notification() environment.session.flash = self.messages.flash_associate_openid return None # need to login or register to associate this openid # Get existed OpenID user user = db(self.table_user.id==alt_login.user).select().first() if user: if self.environment.session.w2popenid: del(self.environment.session.w2popenid) if 'username' in self.table_user.fields(): username = '******' elif 'email' in self.table_user.fields(): username = '******' return {username: user[username]} if user else None # login success (almost) return None # just start to login
def requires_https(self): """ If request comes in over HTTP, redirects it to HTTPS and secures the session. """ cmd_opts = global_settings.cmd_options #checking if this is called within the scheduler or within the shell #in addition to checking if it's not a cronjob if ((cmd_opts and (cmd_opts.shell or cmd_opts.scheduler)) or global_settings.cronjob or self.is_https): current.session.secure() else: current.session.forget() redirect(URL(scheme='https', args=self.args, vars=self.vars))
def edit(): form = SQLFORM.factory( Field('first_name', 'string', requires=IS_NOT_EMPTY(error_message='Please enter first name')), Field('last_name', 'string', requires=IS_NOT_EMPTY(error_message='Please enter last name')), _action=URL('experiments', 'default', 'edit')) if form.process(session=application.session).accepted: redirect(URL()) return {'form': form}
def view_task(): taskid = request.args(1, cast = int) projectid = db(db.co_task.id == taskid).select(db.co_task.project).first().project task = SQLFORM(db.co_task, taskid, showid = False, readonly = True) posts = db(db.co_taskpost.task == taskid).select(orderby = db.co_taskpost.created_on) db.co_taskpost.task.default = taskid post = SQLFORM(db.co_taskpost) if post.process().accepted: session.flash = 'Post added' redirect(URL('view_task', args = ('view', taskid))) elif post.errors: response.flash = 'Errors occurs!' return locals()
def _auth(): r = current.request # Store "remember me" value in session current.strategy.session_set('remember', r.vars.get('remember', False)) if r.vars.backend == 'persona': # Mozilla Persona if r.vars.assertion == '': del r.vars.assertion redirect(URL(f='complete', args=['persona'], vars=r.vars)) else: try: return do_auth(current.backend) except Exception as e: process_exception(e)
def __call__(self): request = self.environment.request args = request.args if not args: redirect(URL(r=request, args='login')) if args[0] == 'login': return self.social_login() if args[0] == 'logout': return self.logout() if args[0] == 'confirm': return self.__confirm() elif args[0] in ['logout', 'associations', 'confirm', 'profile']: return getattr(self, args[0])() else: raise HTTP(404)
def verifiable_redirect(*args, **kwargs): """ Redirect function to be used in combination with @verify decorator. Adds a uuid to session and URL vars which the decorator then verifies after the redirect. Must be called with args/kwargs that are normally passed to URL(). """ uuid = web2py_uuid() current.plugin_social_auth.s.req_uuid = uuid varz = kwargs.get('vars', {}) varz['req_uuid'] = uuid kwargs['vars'] = varz redirect(URL(*args, **kwargs))
def show_qc(): id=None key=None episode = None #start, limit, orderQuery, filterQuery = ExtJS.getExtPaging(request, limit=50) if len(request.args)>=2: id = request.args[0] key = request.args[1] episode= db((db.episode.id==id)&(db.episode.key==key)).select().first() #subs = db((db.sub.episode == id) & (db.episode.key==key)).select(limitby=(start,limit)) if episode: return locals() else: message= "Invalid QC" redirect(URL('default','qc_list?flash='+message))
def apply_method(self, r, **attr): """ API entry point @param r: the S3Request instance @param attr: controller attributes for the request """ if r.http in ("GET", "POST", "DELETE"): if r.record: output = self.profile(r, **attr) else: # Redirect to the List View redirect(r.url(method="")) else: r.error(405, current.ERROR.BAD_METHOD) return output
def f(*args, **kwargs): if not self.has_role(roles): return redirect( URL(r=self.request, c='members', f='login', vars=dict(err='needrole'))) return func(*args, **kwargs)
def f(*args, **kwargs): if not self.is_auth(): return redirect( URL(r=self.request, c='members', f='login', vars=dict(err='needlogin'))) return func(*args, **kwargs)
def __call__(self, i, default=DEFAULT, cast=None, otherwise=None): """Allows to use a special syntax for fast-check of `request.args()` validity. :params: i: index default: use this value if arg not found cast: type cast otherwise: will be executed when: - casts fail - value not found, dont have default and otherwise is especified can be: - None: results in a 404 - str: redirect to this address - callable: calls the function (nothing is passed) Example: You can use:: request.args(0,default=0,cast=int,otherwise='http://error_url') request.args(0,default=0,cast=int,otherwise=lambda:...) """ n = len(self) if 0 <= i < n or -n <= i < 0: value = self[i] elif default is DEFAULT: value = None else: value, cast, otherwise = default, False, False try: if cast: value = cast(value) if not value and otherwise: raise ValueError('Otherwise will raised.') except (ValueError, TypeError): from gluon.http import HTTP, redirect if otherwise is None: raise HTTP(404) elif isinstance(otherwise, str): redirect(otherwise) elif callable(otherwise): return otherwise() else: raise RuntimeError("invalid otherwise") return value
def process_exception(self, exception): self.strategy = current.strategy if self.strategy is None or self.__raise_exception(): raise #FIXME: workaround for issue: # https://code.google.com/p/w2p-social-auth/issues/detail?id=1 def is_social_auth_exception(ex): return ex.__class__.__module__ in('social.exceptions', SocialAuthBaseException.__module__) if is_social_auth_exception(exception): backend_name = current.session.backend message = exception.message logging.error("[social_auth] backend: %s | message: %s" % (backend_name, message)) current.plugin_social_auth.session.flash = message redirect(self.__get_redirect_uri()) else: raise
def __confirm(self, verified=False): # Hide auth navbar self.navbar = lambda **x: '' backend = current.request.vars.backend if not backend: raise HTTP(400) form = self.__confirm_form(SocialAuth.__get_providers()[backend]) # Allow requests that use form if form.process().accepted: # Get vars back from session and delete them varz = current.plugin_social_auth.s.pop('confirm', {}) return redirect(URL(f='complete', args=['confirmed'], vars=varz)) # Deny request that do not use form and are not verified as app redirects if not verified: raise HTTP(400) return current.response.render(dict(form=form))
def wsgibase(environ, responder): """ The gluon wsgi application. The first function called when a page is requested (static or dynamic). It can be called by paste.httpserver or by apache mod_wsgi (or any WSGI-compatible server). - fills request with info - the environment variables, replacing '.' with '_' - adds web2py path and version info - compensates for fcgi missing path_info and query_string - validates the path in url The url path must be either: 1. for static pages: - /<application>/static/<file> 2. for dynamic pages: - /<application>[/<controller>[/<function>[/<sub>]]][.<extension>] The naming conventions are: - application, controller, function and extension may only contain `[a-zA-Z0-9_]` - file and sub may also contain '-', '=', '.' and '/' """ eget = environ.get current.__dict__.clear() request = Request(environ) response = Response() session = Session() env = request.env #env.web2py_path = global_settings.applications_parent env.web2py_version = web2py_version #env.update(global_settings) static_file = False try: try: try: # ################################################## # handle fcgi missing path_info and query_string # select rewrite parameters # rewrite incoming URL # parse rewritten header variables # parse rewritten URL # serve file if static # ################################################## fixup_missing_path_info(environ) (static_file, version, environ) = url_in(request, environ) response.status = env.web2py_status_code or response.status if static_file: if eget('QUERY_STRING', '').startswith('attachment'): response.headers['Content-Disposition'] \ = 'attachment' if version: response.headers['Cache-Control'] = 'max-age=315360000' response.headers[ 'Expires'] = 'Thu, 31 Dec 2037 23:59:59 GMT' response.stream(static_file, request=request) # ################################################## # fill in request items # ################################################## app = request.application # must go after url_in! if not global_settings.local_hosts: local_hosts = set(['127.0.0.1', '::ffff:127.0.0.1', '::1']) if not global_settings.web2py_runtime_gae: try: fqdn = socket.getfqdn() local_hosts.add(socket.gethostname()) local_hosts.add(fqdn) local_hosts.update([ addrinfo[4][0] for addrinfo in getipaddrinfo(fqdn) ]) if env.server_name: local_hosts.add(env.server_name) local_hosts.update([ addrinfo[4][0] for addrinfo in getipaddrinfo(env.server_name) ]) except (socket.gaierror, TypeError): pass global_settings.local_hosts = list(local_hosts) else: local_hosts = global_settings.local_hosts client = get_client(env) x_req_with = str(env.http_x_requested_with).lower() request.update( client = client, folder = abspath('applications', app) + os.sep, ajax = x_req_with == 'xmlhttprequest', cid = env.http_web2py_component_element, is_local = env.remote_addr in local_hosts, is_https = env.wsgi_url_scheme in HTTPS_SCHEMES or \ request.env.http_x_forwarded_proto in HTTPS_SCHEMES \ or env.https == 'on' ) request.compute_uuid() # requires client request.url = environ['PATH_INFO'] # ################################################## # access the requested application # ################################################## disabled = pjoin(request.folder, 'DISABLED') if not exists(request.folder): if app == rwthread.routes.default_application \ and app != 'welcome': redirect(URL('welcome', 'default', 'index')) elif rwthread.routes.error_handler: _handler = rwthread.routes.error_handler redirect( URL(_handler['application'], _handler['controller'], _handler['function'], args=app)) else: raise HTTP(404, rwthread.routes.error_message % 'invalid request', web2py_error='invalid application') elif not request.is_local and exists(disabled): raise HTTP( 503, "<html><body><h1>Temporarily down for maintenance</h1></body></html>" ) # ################################################## # build missing folders # ################################################## create_missing_app_folders(request) # ################################################## # get the GET and POST data # ################################################## #parse_get_post_vars(request, environ) # ################################################## # expose wsgi hooks for convenience # ################################################## request.wsgi = LazyWSGI(environ, request, response) # ################################################## # load cookies # ################################################## if env.http_cookie: try: request.cookies.load(env.http_cookie) except Cookie.CookieError, e: pass # invalid cookies # ################################################## # try load session or create new session file # ################################################## if not env.web2py_disable_session: session.connect(request, response) # ################################################## # run controller # ################################################## if global_settings.debugging and app != "admin": import gluon.debug # activate the debugger gluon.debug.dbg.do_debug(mainpyfile=request.folder) serve_controller(request, response, session) except HTTP, http_response: if static_file: return http_response.to(responder, env=env) if request.body: request.body.close() if hasattr(current, 'request'): # ################################################## # on success, try store session in database # ################################################## session._try_store_in_db(request, response) # ################################################## # on success, commit database # ################################################## if response.do_not_commit is True: BaseAdapter.close_all_instances(None) elif response.custom_commit: BaseAdapter.close_all_instances(response.custom_commit) else: BaseAdapter.close_all_instances('commit') # ################################################## # if session not in db try store session on filesystem # this must be done after trying to commit database! # ################################################## session._try_store_in_cookie_or_file(request, response) # Set header so client can distinguish component requests. if request.cid: http_response.headers.setdefault( 'web2py-component-content', 'replace') if request.ajax: if response.flash: http_response.headers['web2py-component-flash'] = \ urllib2.quote(xmlescape(response.flash)\ .replace('\n','')) if response.js: http_response.headers['web2py-component-command'] = \ urllib2.quote(response.js.replace('\n','')) # ################################################## # store cookies in headers # ################################################## session._fixup_before_save() http_response.cookies2headers(response.cookies) ticket = None except RestrictedError, e: if request.body: request.body.close() # ################################################## # on application error, rollback database # ################################################## # log tickets before rollback if not in DB if not request.tickets_db: ticket = e.log(request) or 'unknown' # rollback if response._custom_rollback: response._custom_rollback() else: BaseAdapter.close_all_instances('rollback') # if tickets in db, reconnect and store it in db if request.tickets_db: ticket = e.log(request) or 'unknown' http_response = \ HTTP(500, rwthread.routes.error_message_ticket % dict(ticket=ticket), web2py_error='ticket %s' % ticket)
def _login_form(self, openid_field_label=None, submit_button=None, _next=None, style=None): """ Render the form for OpenID login """ def warning_openid_fail(session): session.warning = messages.openid_fail_discover style = style or """ background-attachment: scroll; background-repeat: no-repeat; background-image: url("http://wiki.openid.net/f/openid-16x16.gif"); background-position: 0% 50%; background-color: transparent; padding-left: 18px; width: 400px; """ style = style.replace("\n", "") request = self.environment.request session = self.environment.session messages = self.messages hidden_next_input = "" if _next == 'profile': profile_url = self.environment.URL(r=request, f='user', args=['profile']) hidden_next_input = INPUT(_type="hidden", _name="_next", _value=profile_url) form = FORM(openid_field_label or self.messages.label_alt_login_username, INPUT(_type="input", _name="oid", requires=IS_NOT_EMPTY( error_message=messages.openid_fail_discover), _style=style), hidden_next_input, INPUT(_type="submit", _value=submit_button or messages.submit_button), " ", A(messages.comment_openid_signin, _href=messages.comment_openid_help_url, _title=messages.comment_openid_help_title, _class='openid-identifier', _target="_blank"), _action=self.login_url) if form.accepts(request.vars, session): oid = request.vars.oid consumerhelper = self._init_consumerhelper() url = self.login_url return_to_url = self.return_to_url if not oid: warning_openid_fail(session) redirect(url) try: if request.vars.has_key('_next'): return_to_url = self.return_to_url + '?_next=' + request.vars._next url = consumerhelper.begin(oid, self.realm, return_to_url) except DiscoveryFailure: warning_openid_fail(session) redirect(url) return form
def get_user(self): """ It supports the logout_url, implementing the get_user and login_form for cas usage of gluon.tools.Auth. """ environment = self.environment request = environment.request args = request.args if args[0] == 'logout': return True # Let logout_url got called if environment.session.w2popenid: w2popenid = environment.session.w2popenid db = self.db if (w2popenid.ok is True and w2popenid.oid): # OpenID authenticated if self._w2popenid_expired(w2popenid): del (self.environment.session.w2popenid) flash = self.messages.flash_openid_expired environment.session.warning = flash redirect(self.auth.settings.login_url) oid = self._remove_protocol(w2popenid.oid) alt_login = self._find_matched_openid(db, oid) nextvar = self.nextvar # This OpenID not in the database. If user logged in then add it # into database, else ask user to login or register. if not alt_login: if self.auth.is_logged_in(): # TODO: ask first maybe self._associate_user_openid(self.auth.user, oid) if self.environment.session.w2popenid: del (self.environment.session.w2popenid) environment.session.flash = self.messages.flash_openid_associated if request.vars.has_key(nextvar): redirect(request.vars[nextvar]) redirect(self.auth.settings.login_next) if not request.vars.has_key(nextvar): # no next var, add it and do login again # so if user login or register can go back here to associate the OpenID redirect( self.environment.URL( r=request, args=['login'], vars={nextvar: self.login_url})) self.login_form = self._form_with_notification() environment.session.flash = self.messages.flash_associate_openid return None # need to login or register to associate this openid # Get existed OpenID user user = db( self.table_user.id == alt_login.user).select().first() if user: if self.environment.session.w2popenid: del (self.environment.session.w2popenid) if 'username' in self.table_user.fields(): username = '******' elif 'email' in self.table_user.fields(): username = '******' return { username: user[username] } if user else None # login success (almost) return None # just start to login