def _to_python(self, value, person):
"Check whether the value is unique"
# If the person is new or the value changed,
if not person or getattr(person, self.fieldName) != value:
# Make sure the value is unique
if Session.query(model.Person).filter(getattr(model.Person, self.fieldName) == value).first():
# Raise
raise formencode.Invalid(self.errorMessage, value, person)
# Return
return value
def _to_python(self, value, job):
'Check whether the value is unique'
# If the job is new or the value changed,
if not job or getattr(job, self.fieldName) != value:
# Make sure the value is unique
if Session.query(model.Job).filter(getattr(model.Job, self.fieldName)==value).first():
# Raise
raise formencode.Invalid(self.errorMessage, value, job)
# Return
return value
def update_(self):
"Send update confirmation email"
# Load
personID = h.getPersonID()
# If the person is not logged in,
if not personID:
return dict(isOk=0)
# Prepare
person = Session.query(model.Person).get(personID)
# Return
return changePerson(dict(request.POST), "update", "/people/confirm.mako", person)
def login_(self):
"Process login credentials"
# Check username
username = str(request.POST.get("username", ""))
person = Session.query(model.Person).filter_by(username=username).first()
# If the username does not exist,
if not person:
return dict(isOk=0)
# Check password
password_hash = model.hashString(str(request.POST.get("password", "")))
# If the password is incorrect,
if password_hash != StringIO.StringIO(person.password_hash).read():
# Increase and return rejection_count without a requery
rejection_count = person.rejection_count = person.rejection_count + 1
Session.commit()
return dict(isOk=0, rejection_count=rejection_count)
# If there have been too many rejections,
if person.rejection_count >= parameter.REJECTION_LIMIT:
# Expect recaptcha response
recaptchaChallenge = request.POST.get("recaptcha_challenge_field", "")
recaptchaResponse = request.POST.get("recaptcha_response_field", "")
recaptchaPrivateKey = config.get("recaptcha.private", "")
# Validate
result = captcha.submit(recaptchaChallenge, recaptchaResponse, recaptchaPrivateKey, h.getRemoteIP())
# If the response is not valid,
if not result.is_valid:
return dict(isOk=0, rejection_count=person.rejection_count)
# Get minutesOffset from UTC
minutesOffset = h.getMinutesOffset()
# Save session
session["minutesOffset"] = minutesOffset
session["personID"] = person.id
session["nickname"] = person.nickname
session["is_super"] = person.is_super
session.save()
# Save person
person.minutes_offset = minutesOffset
person.rejection_count = 0
Session.commit()
# Return
return dict(isOk=1)
def confirmPersonCandidate(ticket):
"Move changes from the PersonCandidate table into the Person table"
# Query
candidate = (
Session.query(model.PersonCandidate)
.filter(model.PersonCandidate.ticket == ticket)
.filter(model.PersonCandidate.when_expired >= datetime.datetime.utcnow())
.first()
)
# If the ticket exists,
if candidate:
# If the person exists,
if candidate.person_id:
# Update person
person = Session.query(model.Person).get(candidate.person_id)
person.username = candidate.username
person.password_hash = candidate.password_hash
person.nickname = candidate.nickname
person.email = candidate.email
person.email_sms = candidate.email_sms
# Reset rejection_count
person.rejection_count = 0
# If the person does not exist,
else:
# Add person
Session.add(
model.Person(
candidate.username,
candidate.password_hash,
candidate.nickname,
candidate.email,
candidate.email_sms,
)
)
# Delete ticket
Session.delete(candidate)
# Commit
Session.commit()
# Return
return candidate
def update(self):
"Show account update page"
# Load
personID = h.getPersonID()
# If the person is not logged in,
if not personID:
# Return
return redirect(url("person_login", targetURL=h.encodeURL("/")))
# Render
c.isNew = False
person = Session.query(model.Person).get(personID)
# Return
return formencode.htmlfill.render(
render("/people/change.mako"),
{
"username": person.username,
"nickname": person.nickname,
"email": person.email,
"email_sms": person.email_sms,
},
)
def reset(self):
"Reset password"
# Get email
email = request.POST.get("email")
# Try to load the person
person = Session.query(model.Person).filter(model.Person.email == email).first()
# If the email is not in our database,
if not person:
return dict(isOk=0)
# Reset account
c.password = store.makeRandomAlphaNumericString(parameter.PASSWORD_LENGTH_AVERAGE)
return changePerson(
dict(
username=person.username,
password=c.password,
nickname=person.nickname,
email=person.email,
email_sms=person.email_sms,
),
"reset",
"/people/confirm.mako",
person,
)
def show(self, jobID):
'Show specific job'
c.job = Session.query(model.Job).options(orm.eagerload(model.Job.owner)).get(jobID)
c.jobID = jobID
return render('/jobs/show.mako')
def index(self):
'Show information about jobs registered in the database'
c.jobs = Session.query(model.Job).options(orm.eagerload(model.Job.owner)).order_by(model.Job.when_updated.desc()).all()
return render('/jobs/index.mako')
return render('/jobs/show.mako')
# Helpers
def changeJob(valueByName, ownerID, job=None):
'Validate values and send confirmation email if values are okay'
try:
# Validate form
form = JobForm().to_python(valueByName, job)
except formencode.Invalid, error:
return dict(isOk=0, errorByID=error.unpack_errors())
# If the job does not exist, add it
if not job:
job = model.Job()
Session.add(job)
# Set fields
job.title = form['title'].strip()
job.budget = form['budget']
job.description = form['description'].strip()
job.when_updated = datetime.datetime.utcnow()
job.owner_id = ownerID
# Commit
Session.commit()
# Return
return dict(isOk=1, jobID=job.id)
# Validators
class Unique(formencode.validators.FancyValidator):
def purgeExpiredPersonCandidates():
"Delete candidates that have expired"
Session.execute(
model.person_candidates_table.delete().where(model.PersonCandidate.when_expired < datetime.datetime.utcnow())
)
def index(self):
"Show information about people registered in the database"
c.people = Session.query(model.Person).all()
return render("/people/index.mako")
def changePerson(valueByName, action, templatePath, person=None):
"Validate values and send confirmation email if values are okay"
try:
# Validate form
form = PersonForm().to_python(valueByName, person)
except formencode.Invalid, error:
return dict(isOk=0, errorByID=error.unpack_errors())
else:
# Purge expired candidates
purgeExpiredPersonCandidates()
# Prepare candidate
candidate = model.PersonCandidate(
form["username"], model.hashString(form["password"]), form["nickname"], form["email"], form["email_sms"]
)
candidate.person_id = person.id if person else None
candidate.ticket = store.makeRandomUniqueTicket(parameter.TICKET_LENGTH, Session.query(model.PersonCandidate))
candidate.when_expired = datetime.datetime.utcnow() + datetime.timedelta(days=parameter.TICKET_LIFESPAN_IN_DAYS)
Session.add(candidate)
Session.commit()
# Prepare recipient
toByValue = dict(nickname=form["nickname"], email=form["email"])
# Prepare subject
subject = "[%s] Confirm %s" % (parameter.SITE_NAME, action)
# Prepare body
c.candidate = candidate
c.username = form["username"]
c.action = action
body = render(templatePath)
# Send
try:
smtp.sendMessage(