def login_user(request): email = request.params.get('email', None) password = request.params.get('password', None) session = request.dbsession if email is None or password is None: return generateError('Invalid email and password combination') try: user = session.query(User).filter(User.email == email).one() pwd = bcrypt.hashpw(password.encode('UTF_8'), user.password.encode('UTF_8')) if (pwd != user.password): return generateError('Invalid email and password combination') # todo: how this possibly could happen? except MultipleResultsFound: users = session.query(User).filter(User.email == email).all() user = None for u in users: pwd = bcrypt.hashpw(password.encode('UTF_8'), u.password.encode('UTF_8')) if (pwd == u.password): user = u break if user == None: return generateError('Invalid email and password combination') except NoResultFound: return generateError('Invalid email and password combination') return generateSuccess('Welcome, {}!'.format(user.name), {'token': generateToken(user)})
def verify_user(request): token = request.params.get('token', None) if token is None: return generateError('Token is missing', {'expired': False}) try: payload = decode(token) except jwt.ExpiredSignatureError: return generateError('Token has expired', {'expired': True}) except: return generateError('Token is invalid', {'expired': False}) return generateSuccess('Token is valid', {'expired': False})
def change_validation_status(request): session = request.dbsession user_id = request.matchdict['id'] status = request.params['status'] try: attrib = session.query(ApplicantAttribute).filter( ApplicantAttribute.applicant_id == user_id).one() except: return generateError('user id is invalid') attrib.validation_status = status return generateSuccess('Validation status saved')
def change_application_status(request): session = request.dbsession user_id = request.matchdict['id'] status = request.params['status'] try: attrib = session.query(ApplicantAttribute).filter( ApplicantAttribute.applicant_id == user_id).one() except NoResultFound: return generateError('User is not an applicant or no attribute found') except: return generateError('Unexpected Db error') attrib.application_status = status return generateSuccess('Application status saved')
def login_user(request): email = request.params.get('email', None) password = request.params.get('password', None) form_start = request.params.get('date_start') form_end = request.params.get('date_end') user_form_start = request.params.get('date_created') user_form_end = request.params.get('last_modified') session = request.dbsession #if user_form_start < form_start: # return generateError('Form is not yet open') if user_form_start != form_end: return generateError( 'Form has closed, you can no longer submit your form online.') if email is None or password is None: return generateError('Invalid email and password combination') try: user = session.query(User).filter(User.email == email).one() pwd = bcrypt.hashpw(password.encode('UTF_8'), user.password.encode('UTF_8')) if (pwd != user.password): return generateError('Invalid email and password combination') # todo: how this possibly could happen? except MultipleResultsFound: users = session.query(User).filter(User.email == email).all() user = None for u in users: pwd = bcrypt.hashpw(password.encode('UTF_8'), u.password.encode('UTF_8')) if (pwd == u.password): user = u break if user == None: return generateError('Invalid email and password combination') except NoResultFound: return generateError('Invalid email and password combination') return generateSuccess('Welcome, {}!'.format(user.name), {'token': generateToken(user)})
def update_form(request): id = request.params['id'] session = request.dbsession form = session.query(Form) \ .filter(Form.id == id) \ .one() name = request.params.get('name', None) if name is not None: form.name = name date_start = request.params.get('date_start', None) if date_start is not None: form.date_start = date_start date_end = request.params.get('date_end', None) if date_end is not None: form.date_end = date_end form_type_id = request.params.get('form_type_id', None) if form_type_id is not None: form.form_type_id = form_type_id return generateSuccess('Success')
def update_user(request): session = request.dbsession token = request.authorization[1] payload = decode(token) user_id = payload['sub'] try: user = session.query(User) \ .filter(User.id == user_id) \ .one() except: return generateError('Db error. Contact site administrator') submitted = request.params.get('submitted', None) password = request.params.get('password', None) appstat = request.params.get('application_status', None) valstat = request.params.get('validation_status', None) if not submitted is None: user.submitted = submitted return generateSuccess('user submission successful') if not password is None: user.password = bcrypt.hashpw(password, bcrypt.gensalt()) return generateSuccess('password successfully changed') if not appstat is None: user.application_status = appstat return generateSuccess('application status successfully changed') if not valstat is None: user.validation_status = valstat return generateSuccess('validation status successfully changed') try: user_attribs = session.query(ApplicantAttribute) \ .filter(ApplicantAttribute.applicant_id == user_id) \ .one() except: return generateError('Db error. Contact site administrator') attribs = [ 'level', 'program', 'program_type', 'student_type', 'choice_1', 'choice_2', 'choice_3', 'adviser', 'start_of_study', 'year', 'other_scholarship', 'other_scholarship_name' ] for key in attribs: value = request.params.get('user[{}]'.format(key)) if (key == 'level'): user_attribs.level = value if (key == 'program'): user_attribs.program = value if (key == 'program_type'): user_attribs.program_type = value if (key == 'student_type'): user_attribs.student_type = value if (key == 'choice_1'): user_attribs.choice_1 = value if (key == 'choice_2'): user_attribs.choice_2 = value if (key == 'choice_3'): user_attribs.choice_3 = value if (key == 'adviser'): user_attribs.adviser = value if (key == 'start_of_study'): user_attribs.start_of_study = value if (key == 'year'): user_attribs.year = value if (key == 'other_scholarship'): user_attribs.other_scholarship = value if (key == 'other_scholarship_name'): user_attribs.other_scholarship_name = value user_attribs.answered_pos = True return {'success': True}
def create_user(request): # check for required params, return error if incomplete session = request.dbsession email = request.params.get('email', None) last = request.params.get('last', None) given = request.params.get('given', None) middlemaiden = request.params.get('middlemaiden', None) level = request.params.get('level', None) fullname = '{} {}'.format(given, last) parsed = parseaddr(email) if parsed[1] == "": return generateError('Invalid email') ########## # EDIT: may 31 - daisy # generated_password = '******' generated_password = password_generator() # just for debugging purposes. will delete these lines eventually file = open("passwords.txt", 'a') file.write("email: " + email + " , password: "******"\n") file.close() password = bcrypt.hashpw(generated_password, bcrypt.gensalt()) if email is None or last is None or given is None or middlemaiden is None: return generateError('Field is missing') # check if user is not recommender email is linked to an account u = session.query(User).filter(User.email == email).all() if (level != 3 and len(u) > 0): return generateError('E-mail is already in use') try: if level is None: u = User(name=fullname, email=email, password=password) else: u = User(name=fullname, email=email, password=password, user_type_id=int(level)) except: return generateError('Something weird happened!') # todo: add send status, move mail send to some queue try: mailer.send_credentials_email(request.mailer, given, email, generated_password) except: pass session.add(u) session.flush() if int(level) in [3, 4, 5]: ####### # add a row in ApplicantAttribute Table if level == '4': row = ApplicantAttribute(scholarship=False, applicant_id=u.id) elif level == '5': row = ApplicantAttribute(scholarship=True, applicant_id=u.id) if int(level) in [4, 5]: session.add(row) ####### # create answer form_type = session.query(FormType).filter( FormType.user_type_id == u.user_type_id).one() # forms = session.query(Form).filter(Form.form_type_id == form_type.id).all() # for f in forms: # started = is_past(str(f.date_start)) # ended = is_past(str(f.date_end)) # status = 'idle' if (not started) else ( 'expired' if (ended) else 'ongoing' ) # if (status is 'ongoing'): # form = f # break category_ids = form_type.page_sequence questions = [] for category_id in category_ids: toadd = session.query(Element).filter( Element.klass == 'question').filter( Element.category_id == category_id).all() for entry in toadd: questions.append(entry) for question in questions: answer = Answer(text='', element_id=question.id, user_id=u.id) if question.default: answer.text = question.default session.add(answer) # session.commit() # initialize all status of categories_answered to False for category_id in category_ids: category_status = CategoryStatus(user_id=u.id, category_id=category_id) session.add(category_status) return generateSuccess('Welcome, {}!'.format(fullname), {'token': generateToken(u)})
def update_answer(request): session = request.dbsession user_id = request.params.get('user_id') category_id = request.params.get('category_id') data = request.params.get('data') length = request.params.get('length') try: user = session.query(User).filter(User.id == user_id).one() except: return generateError('User id invalid') # change category status to answered category_status = session.query(CategoryStatus) \ .filter(CategoryStatus.user_id == user_id) \ .filter(CategoryStatus.category_id == category_id) \ .one() category_status.status = True for i in range(int(length)): answer_id = request.params.get('data[{}][id]'.format(i)) text = request.params.get('data[{}][text]'.format(i)) answer = session.query(Answer) \ .filter(Answer.user_id == user_id) \ .filter(Answer.id == answer_id) \ .one() answer.text = text e = session.query(Element).filter( Element.id == answer.element_id).one() # if answer.element_id in [70, 71, 75, 76, 80, 81] and text != '': if (e.text == "Recommender Name" or e.text == "Recommender E-mail") and (text != ""): # if hindi pa existing create a new recommender # if answer.element_id in [70, 75, 80]: if e.text == "Recommender Name": recName = text # elif answer.element_id in [71, 76, 81]: elif e.text == "Recommender E-mail": attr = session.query(ApplicantAttribute) \ .filter(ApplicantAttribute.applicant_id == user_id).one() #### edit by daisy may 31 # generated_password = '******' generated_password = password_generator() file = open("passwords.txt", 'a') file.write("email: " + text + " , password: "******"\n") file.close() #### password = bcrypt.hashpw(generated_password, bcrypt.gensalt()) rec = User(name=recName, email=text, password=password, user_type_id='3') # session.add(rec) print answer.element_id success = False # if answer.element_id == 71 and attr.recommender_a == None: if e.name == "rec1email" and attr.recommender_a == None: session.add(rec) attr.recommender_a = rec.id success = True # elif answer.element_id == 76 and attr.recommender_b == None: elif e.name == "rec2email" and attr.recommender_b == None: session.add(rec) attr.recommender_b = rec.id success = True # elif answer.element_id == 81 and attr.recommender_c == None: elif e.name == "rec3email" and attr.recommender_c == None: session.add(rec) attr.recommender_c = rec.id success = True if (success): # todo: add send status, move mail send to some queue try: mailer.send_recommender_email(request.mailer, rec.name, user.name, text, generated_password) except: pass form_type = session.query(FormType).filter( FormType.user_type_id == rec.user_type_id).one() category_ids = form_type.page_sequence questions = [] for category_id in category_ids: toadd = session.query(Element).filter( Element.klass == 'question').filter( Element.category_id == category_id).all() for entry in toadd: questions.append(entry) for question in questions: answer = Answer(text='', element_id=question.id, user_id=rec.id) session.add(answer) # initialize all status of categories_answered to False for category_id in category_ids: category_status = CategoryStatus( user_id=rec.id, category_id=category_id) session.add(category_status) ######## return generateSuccess('Successfully updated answer')