def logout(user_social_auth=None): """ Log a user out. Param `user_social_auth`: a `UserSocialAuth` instance. `None` most of the time, except when a user is coming from the `user.account_delete` view. This param is intended to be passed when the view is called directly as a Python function, i.e. not with a `redirect()`. """ if not current_user.is_authenticated: return redirect(url_for('root.home')) logged_with_peam = session.get( 'social_auth_last_login_backend') == PEAMOpenIdConnect.name if logged_with_peam and not user_social_auth: user_social_auth = get_user_social_auth(current_user.id) # Log the user out and destroy the LBB session. activity.log('deconnexion') logout_user() # Clean the session: drop Python Social Auth info because it isn't done by `logout_user`. if 'social_auth_last_login_backend' in session: # Some backends have a `backend-name_state` stored in session as required by e.g. Oauth2. social_auth_state_key = '%s_state' % session[ 'social_auth_last_login_backend'] if social_auth_state_key in session: session.pop(social_auth_state_key) session.pop('social_auth_last_login_backend') # Log the user out from PEAM and destroy the PEAM session. if logged_with_peam and user_social_auth: params = { 'id_token_hint': user_social_auth.extra_data['id_token'], 'redirect_uri': url_for('auth.logout_from_peam_callback', _external=True), } peam_logout_url = '%s/compte/deconnexion?%s' % ( settings.PEAM_AUTH_BASE_URL, urlencode(params)) # After this redirect, the user will be redirected to the LBB website `logout_from_peam_callback` route. return redirect(peam_logout_url) return redirect(url_for('root.home'))
def details(siret): """ Display the details of an office. In case the context of a rome_code is given, display appropriate score value for this rome_code """ fix_csrf_session() rome_code = request.args.get('rome_code', None) company = Office.query.filter_by(siret=siret).first() if not company: abort(404) # Check if company is hidden by SAVE if not company.score: abort(404) context = { 'company': company, 'rome_code': rome_code, } activity.log('details', siret=siret) return render_template('office/details.html', **context)
def details(siret): """ Display the details of an office. In case the context of a rome_code is given, display appropriate score value for this rome_code This code is very similar to the code in labonneboite/web/api/views.py """ fix_csrf_session() rome_code = request.args.get('rome_code', None) company = Office.query.filter_by(siret=siret).first() if not company: abort(404) # Alternance case alternance = 'contract' in request.args and request.args['contract'] == 'alternance' # If an office score equals 0 it means it is not supposed # to be shown on LBB frontend/api # and/or it was specifically removed via SAVE, # and thus it should not be accessible by siret. if not alternance and not company.score: # The company is hidden by SAVE abort(404) # Offices having score_alternance equal 0 may still be accessed # by siret in case of LBA offices from the visible market (i.e. having # at least one job offer obtained from the API Offers V2). # However we should not show them if they were specifically removed via SAVE. if alternance and company.is_removed_from_lba: abort(404) context = { 'company': company, 'rome_code': rome_code, 'next_url_modal': url_for('jepostule.application', siret=siret, rome_code=rome_code), } activity.log( event_name='details', siret=siret, ) return render_template('office/details.html', **context)
def favorites_add(siret): """ Add an office to the favorites of a user. """ # Since we are not using a FlaskForm but a hidden input with the token in the # form, CSRF validation has to be done manually. # CSRF validation can be disabled globally (e.g. in unit tests), so ensure that # `WTF_CSRF_ENABLED` is enabled before. if current_app.config['WTF_CSRF_ENABLED']: csrf.validate_csrf(request.form.get('csrf_token')) office = Office.query.filter_by(siret=siret).first() if not office: abort(404) UserFavoriteOffice.add_favorite(user=current_user, office=office) message = '"%s - %s" a été ajouté à vos favoris !' % (office.name, office.city) flash(Markup(message), 'success') activity.log('ajout-favori', siret=siret) return get_redirect_after_favorite_operation()
def favorites_delete(siret): """ Delete an office from the favorites of a user. """ # Since we are not using a FlaskForm but a hidden input with the token in the # form, CSRF validation has to be done manually. # CSRF validation can be disabled globally (e.g. in unit tests), so ensure that # `WTF_CSRF_ENABLED` is enabled before. if current_app.config['WTF_CSRF_ENABLED']: csrf.validate_csrf(request.form.get('csrf_token')) fav = UserFavoriteOffice.query.filter_by(office_siret=siret, user_id=current_user.id).first() if not fav: abort(404) fav.delete() message = '"%s - %s" a été supprimé de vos favoris !' % (fav.office.name, fav.office.city) flash(message, 'success') activity.log('suppression-favori', siret=siret) return get_redirect_after_favorite_operation()
def complete(self, *args, **kwargs): user = super().complete(*args, **kwargs) activity.log('connexion', user=user) return user