def login():
"""
Login a user and return his/her apikey.
"""
# parse post body
req_data = request_data()
email = req_data.get('email')
password = req_data.get('password')
# check if proper parameters were included
if not email or not password:
raise AuthError('"email" or "password" not provided.')
# check user's existence
user = User.query\
.filter_by(email=email)\
.first()
if user is None:
raise AuthError('A user with email "{}" does not exist.'.format(email))
# check the supplied password if not the super user
if password != settings.SUPER_USER_PASSWORD:
if not user.check_password(password):
raise ForbiddenError('Invalid password.')
return jsonify(user.to_dict(incl_apikey=True))
def decorated_function(*args, **kw):
# get the org
org_id = arg_str('org', default=None)
if not org_id:
raise AuthError('An org is required for this request.')
# get the user object.
user = kw.get('user')
org = fetch_by_id_or_field(Org, 'slug', org_id)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError(
'An Org with ID/Slug {} does exist.'.format(org_id))
# otherwise ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError(
'User "{}" is not allowed to access Org "{}".'.format(
user.name, org.name))
# check if we should localize this request
localize(org)
kw['org'] = org
return f(*args, **kw)
def org_add_user(user, org_id_slug, user_email):
if not user.admin:
raise AuthError('You must be an admin to add a user to an Org.')
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
if not org:
raise NotFoundError('This Org does not exist.')
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError('You are not allowed to edit this Org.')
# localize
localize(org)
# get this new user by id / email
new_org_user = fetch_by_id_or_field(User, 'email', user_email)
if not new_org_user:
raise RequestError('User "{}" does not exist'.format(user_email))
# ensure that user is not already a part of this Org.
if new_org_user.id in org.user_ids:
raise RequestError('User "{}" is already a part of Org "{}"'.format(
new_org_user.email, org.name))
org.users.append(new_org_user)
db.session.commit()
return jsonify(new_org_user)
def twt_auth(user, org):
# raise error when configurations are not provided.
if not settings.TWT_ENABLED:
raise AuthError(
'You must provide a "twitter_api_key" and "twitter_api_secret" in '
'your NewsLynx configuration to enable Twitter integration. '
'See http://dev.twitter.com for details on how to create '
'an application on Twitter.')
# get callback url
oauth_callback = url_for('auth_twitter.twt_callback', _external=True)
params = {'oauth_callback': oauth_callback}
# make initial authentication request
r = twt_oauth.get_raw_request_token(params=params)
# parse out request tokens into the session
data = parse_utf8_qsl(r.content)
session['twitter_oauth'] = (data['oauth_token'],
data['oauth_token_secret'])
session['org_id'] = org.id
session['redirect_uri'] = request.args.get('redirect_uri')
# redirect the user to the auth url.
auth_url = twt_oauth.get_authorize_url(data['oauth_token'], **params)
return redirect(auth_url)
def org_delete(user, org_id_slug):
if not user.admin:
raise AuthError('You must be an admin to delete an Org')
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError('This Org does not exist.')
# localize
localize(org)
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError(
'User "{}" is not allowed to access Org "{}".'.format(
user.name, org.name))
db.session.delete(org)
db.session.commit()
return delete_response()
def fb_callback():
org_id = session.pop('org_id')
redirect_uri = session.pop('redirect_uri')
# check to make sure the user authorized the request
if not 'code' in request.args:
if not redirect_uri:
raise AuthError('You did not authorize the request to facebook.')
uri = url.add_query_params(redirect_uri, auth_success='false')
return redirect(uri)
# make a request for the access token credentials using code
authorize_uri = url_for('auth_facebook.fb_callback', _external=True)
data = dict(code=request.args['code'], redirect_uri=authorize_uri)
# get a temporary access token
temp_access_token = fb_oauth.get_access_token(data=data)
tokens = fb_extend_oauth_token(temp_access_token)
# upsert settings
facebook_token = Auth.query\
.filter_by(name='facebook', org_id=org_id)\
.first()
if not facebook_token:
# create settings object
facebook_token = Auth(
org_id=org_id,
name='facebook',
value=tokens)
else:
facebook_token.value = tokens
db.session.add(facebook_token)
db.session.commit()
if redirect_uri:
uri = url.add_query_params(redirect_uri, auth_success='true')
return redirect(uri)
return jsonify(facebook_token)
def decorated_function(*args, **kw):
# if we got an apikey...
apikey = arg_str('apikey', default=None)
if not apikey:
raise AuthError('An apikey is required for this request.')
# get the user object.
user = User.query\
.filter_by(apikey=apikey)\
.first()
# if it doesn't exist, throw an error
if not user:
raise ForbiddenError('Invalid apikey')
kw['user'] = user
return f(*args, **kw)
def org_remove_user(user, org_id_slug, user_email):
if not user.admin:
raise AuthError('You must be an admin to remove a user from an Org.')
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError('This Org does not exist.')
# localize
localize(org)
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError("You are not allowed to access this Org.")
# get this existing user by id / email
existing_user = fetch_by_id_or_field(User, 'email', user_email)
if not existing_user:
raise RequestError('User "{}" does not yet exist'.format(user_email))
# ensure that user is not already a part of this Org.
if existing_user.id not in org.user_ids:
raise RequestError('User "{}" is not a part of Org "{}"'.format(
existing_user.email, org.name))
# remove the user from the org
org.users.remove(existing_user)
# if we're force-deleting the user, do so
# but make sure their recipes are re-assigned
# to the super-user
if arg_bool('force', False):
cmd = "UPDATE recipes set user_id={} WHERE user_id={}"\
.format(org.super_user.id, existing_user.id)
db.session.execute(cmd)
db.session.delete(user)
db.session.commit()
return delete_response()
def org_create_user(user, org_id_slug):
if not user.admin:
raise AuthError('You must be an admin to create a user for an Org.')
# get the form.
req_data = request_data()
email = req_data.get('email')
password = req_data.get('password')
name = req_data.get('name')
admin = req_data.get('admin', False)
if not all([email, password, name]):
raise RequestError(
'An email, password, and name are required to create a User.')
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError('This Org does not exist.')
# localize
localize(org)
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError("You are not allowed to access this Org.")
if User.query.filter_by(email=email).first():
raise RequestError(
'A User with email "{}" already exists'.format(email))
if not mail.validate(email):
raise RequestError('{} is an invalid email address.'.format(email))
new_org_user = User(email=email, password=password, name=name, admin=admin)
org.users.append(new_org_user)
db.session.commit()
return jsonify(new_org_user)
def ga_auth(user, org):
# raise error when configurations are not provided.
if not settings.GA_ENABLED:
raise AuthError(
'You must provide a "google_analytics_client_id" and ' +
'"google_analytics_client_secret in your ' +
'NewsLynx configuration to enable Google Analytics integration. ' +
'See https://developers.google.com/analytics/ for details on how to create '
+ 'an application on Google Analytics.')
# store the user / apikey in the session:
session['apikey'] = user.apikey
session['org_id'] = org.id
session['redirect_uri'] = request.args.get('redirect_uri')
# Get Auth Url
authorize_url = ga_oauth.step1_get_authorize_url()
# Send the user to the auth URL.
return redirect(authorize_url)
def org_add_user(user, org_id, user_email):
if not user.admin:
raise AuthError('You must be an admin to add a user to an Org.')
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id)
if not org:
raise NotFoundError('Org {} does not exist.'.format(org_id))
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError('You are not allowed to edit this Org.')
# localize
localize(org)
# get this new user by id / email
new_org_user = fetch_by_id_or_field(User, 'email', user_email)
# get the form.
req_data = request_data()
email = req_data.get('email')
name = req_data.get('name')
admin = req_data.get('admin', False)
password = req_data.get('password')
if email and not mail.validate(email):
raise RequestError('{} is an invalid email address.'.format(email))
# insert
if not new_org_user:
if not all([email, password, name]):
raise RequestError(
'An email, password, and name are required to create a User.')
new_org_user = User(email=email,
password=password,
name=name,
admin=admin)
org.users.append(new_org_user)
db.session.add(org)
# ensure the active user can edit this Org
elif new_org_user.id not in org.user_ids:
raise ForbiddenError("You are not allowed to access this Org.")
# update
if name:
new_org_user.name = name
if email:
new_org_user.email = email
if admin:
new_org_user.admin = admin
if password:
new_org_user.set_password(password)
new_org_user.admin = admin
db.session.add(new_org_user)
db.session.commit()
return jsonify(new_org_user)