def submit_ticket(request): # If the form has been submitted by the user if request.method == 'POST': submit_ticket_form = SubmitTicketForm(request.POST) #Determine which form the user submitted. if submit_ticket_form.is_valid(): user = request.user title = submit_ticket_form.cleaned_data.get('title') price = submit_ticket_form.cleaned_data.get('price') location_raw = submit_ticket_form.cleaned_data.get('location_raw') location = submit_ticket_form.cleaned_data.get('location') venue = submit_ticket_form.cleaned_data.get('venue') start_datetime = submit_ticket_form.cleaned_data.get( 'start_datetime') ticket_type = submit_ticket_form.cleaned_data.get('ticket_type') payment_method = submit_ticket_form.cleaned_data.get( 'payment_method', 'G') # TODO Assume good faith since # lean launch won't have secure about = submit_ticket_form.cleaned_data.get( 'about') or '' # Might be empty token = submit_ticket_form.cleaned_data.get('token') card_id = submit_ticket_form.cleaned_data.get('card_id') try: customer, card = create_customer_and_card(user, token, card_id) except StripeError as e: logging.critical('Ticket creation failed') return ajax_other_message( 'Uh oh, it looks like our server broke! Our developers are on it.', 400) Ticket.objects.create_ticket( poster=request.user, price=price, title=title, about=about, start_datetime=start_datetime, location_raw=location_raw, location=location, ticket_type=ticket_type, payment_method=payment_method, card=card, status='P', venue=venue, ) return ajax_popup_notification( 'success', 'Your ticket was successfully submitted! ' 'It will become visible to others shortly.', 200) # If the user ignored out javascript validation and sent an invalid form, send back an error. # We don't actually specify what the form error was (unless it was a non_field error that we couldn't validate # on the front end). This is okay because our app requires JS to be enabled. # If the user managed to send us an aysynch request xwith JS disabled, they aren't using the site as designed. # eg., possibly a malicious user. No need to repeat the form pretty validation already done on the front end. else: return ajax_http( **non_field_errors_notification(submit_ticket_form)) return render(request, 'tickets/submit_ticket.html', {'form_settings': ticket_submit_form_settings})
def accept_request(request): user = request.user # This is the owner of the ticket try: ticket = Ticket.objects.get(pk=request.POST.get('ticket_id')) except Ticket.DoesNotExist: return ajax_popup_notification('danger', 'Uh Oh, something went wrong. Our developers are on it!', 400) if ticket.poster != user: logging.critical('Fraudulent request detected {} tried to accept a ticket posted by {}' .format(user, ticket.poster)) return ajax_popup_notification('danger', 'Uh Oh, something went wrong. Our developers are on it!', 400) try: other_user = User.objects.get(pk=request.POST.get('other_user_id')) except User.DoesNotExist: return ajax_popup_notification('danger', 'Uh Oh, something went wrong. Our developers are on it!', 400) user_request = Request.get_last_request(other_user, ticket) if user_request.status == 'A': return ajax_popup_notification('success', "You've already accepted this ticket!", 400) if user_request.status != 'P': return ajax_popup_notification('danger', 'There is no outstanding request for this ticket.', 400) if not ticket.is_requestable(): return ajax_popup_notification('warning', 'It looks like this ticket is no longer available', 400) customer1 = Customer.get_customer_from_user(other_user) customer2 = Customer.get_customer_from_user(user) if not (customer1 and customer2): if not customer1: logging.critical('Failed to accept request {}. ' 'Customer information not available for user {}' .format(user_request.id), other_user) if not customer2: logging.critical('Failed to accept request {}. ' 'Customer information not available for user {}' .format(user_request.id), user) return ajax_popup_notification('danger', 'Uh Oh, something went wrong. Our developers are on it!', 400) # Charge them first. We actually might have a scenario where one of the cards is declined try: customer1.charge(500, user_request.card) customer2.charge(500, ticket.card) except StripeError as e: return ajax_popup_notification('danger', "One of the payments didn't quite go through. We'll follow up with you") user_request.accept() return ajax_popup_notification('success', "Congratulations, you accepted {}'s request" .format(other_user.first_name.title()), 200)
def decline_request(request): user = request.user try: ticket = Ticket.objects.get(pk=request.POST.get('ticket_id')) except Ticket.DoesNotExist: return ajax_popup_notification('danger', 'Uh Oh, something went wrong. Our developers are on it!', 400) if ticket.poster != user: logging.critical('Fraudulent request detected {} tried to decline a ticket posted by {}' .format(user, ticket.poster)) return ajax_popup_notification('danger', 'Uh Oh, something went wrong. Our developers are on it!', 400) if not ticket.is_requestable: return ajax_popup_notification('warning', 'It looks like this ticket is no longer available', 400) try: other_user = User.objects.get(pk=request.POST.get('other_user_id')) except User.DoesNotExist: return ajax_popup_notification('danger', 'Uh Oh, something went wrong. Our developers are on it!', 400) user_request = Request.get_last_request(other_user, ticket) if user_request.status == 'D': return ajax_popup_notification('success', "You've already declined this ticket!", 400) if user_request.status != 'P': return ajax_popup_notification('info', 'There is no outstanding request for this ticket.', 400) user_request.decline() return ajax_popup_notification('info', "Aww, we'll let {} down easy. Good luck finding another gig buddy." .format(other_user.first_name.title()), 200)
def submit_ticket(request): # If the form has been submitted by the user if request.method == 'POST': submit_ticket_form = SubmitTicketForm(request.POST) #Determine which form the user submitted. if submit_ticket_form.is_valid(): user = request.user title = submit_ticket_form.cleaned_data.get('title') price = submit_ticket_form.cleaned_data.get('price') location_raw = submit_ticket_form.cleaned_data.get('location_raw') location = submit_ticket_form.cleaned_data.get('location') venue = submit_ticket_form.cleaned_data.get('venue') start_datetime = submit_ticket_form.cleaned_data.get('start_datetime') ticket_type = submit_ticket_form.cleaned_data.get('ticket_type') payment_method = submit_ticket_form.cleaned_data.get('payment_method', 'G') # TODO Assume good faith since # lean launch won't have secure about = submit_ticket_form.cleaned_data.get('about') or '' # Might be empty token = submit_ticket_form.cleaned_data.get('token') card_id = submit_ticket_form.cleaned_data.get('card_id') try: customer, card = create_customer_and_card(user, token, card_id) except StripeError as e: logging.critical('Ticket creation failed') return ajax_other_message('Uh oh, it looks like our server broke! Our developers are on it.', 400) Ticket.objects.create_ticket(poster=request.user, price=price, title=title, about=about, start_datetime=start_datetime, location_raw=location_raw, location=location, ticket_type=ticket_type, payment_method=payment_method, card=card, status='P', venue=venue, ) return ajax_popup_notification('success', 'Your ticket was successfully submitted! ' 'It will become visible to others shortly.', 200) # If the user ignored out javascript validation and sent an invalid form, send back an error. # We don't actually specify what the form error was (unless it was a non_field error that we couldn't validate # on the front end). This is okay because our app requires JS to be enabled. # If the user managed to send us an aysynch request xwith JS disabled, they aren't using the site as designed. # eg., possibly a malicious user. No need to repeat the form pretty validation already done on the front end. else: return ajax_http(**non_field_errors_notification(submit_ticket_form)) return render(request, 'tickets/submit_ticket.html', {'form_settings': ticket_submit_form_settings} )
def can_message(request): ticket_id = request.GET.get('ticket_id', None) other_user_id = request.GET.get('other_user_id', None) if not ticket_id or not other_user_id: return ajax_popup_notification('Uh oh, something went wrong', 400) try: ticket = Ticket.objects.get(pk=ticket_id) except Ticket.DoesNotExist: return ajax_popup_notification('danger', "Uh oh, something went wrong", 400) try: other_user = User.objects.get(pk=other_user_id) except User.DoesNotExist: return ajax_popup_notification('danger', "Uh oh, something went wrong", 400) if Message.can_message(ticket, request.user, other_user): return ajax_http(True, 200) else: return ajax_popup_notification('danger', 'You are not allowed to message this user about this ticket.' 'Chances are it was already sold.', 400)
def signup(request): # If the user is already logged in, they're doing something they aren't supposed to. Send them a 405. if request.user.is_authenticated(): return HttpResponseNotAllowed(["POST"]) # If the form has been submitted by the user if request.method == "POST": signup_form = SignupForm(request.POST, request=request) # Determine which form the user submitted. if signup_form.is_valid(): password = signup_form.cleaned_data.get("password") email = signup_form.cleaned_data.get("email") first_name = signup_form.cleaned_data.get("first_name") last_name = signup_form.cleaned_data.get("last_name") birthdate = signup_form.cleaned_data.get("birthdate") location = signup_form.cleaned_data.get("location") # Creates the user profile as well. Saves both objects to the database. User.objects.create_user( email=email, password=password, first_name=first_name, last_name=last_name, location=location, birthdate=birthdate, ) return ajax_popup_notification( "success", "One last step before you can log in! " "We sent you a confirmation email that should " "arrive in the next few minutes. " "Just click the link inside. " "Don't forget to check your spam folder too.", status=200, ) # If the user ignored out javascript validation and sent an invalid form, send back an error. # We don't actually specify what the form error was. This is okay because our app requires JS to be enabled. # If the user managed to send us an asynch request with JS disabled, they aren't using the site as designed. # eg., possibly a malicious user. No need to repeat the form pretty validation already done on the front end. else: return ajax_http(False, 400) # These need to go here instead of in the settings file to avoid circular dependencies signup_form_settings["ZIP_CODE_REMOTE_URL"] = reverse("valid_zip_code") signup_form_settings["EMAIL_REMOTE_URL"] = reverse("valid_email") return render(request, "registration/signup.html", {"form_settings": signup_form_settings})
def signup(request): #If the user is already logged in, they're doing something they aren't supposed to. Send them a 405. if request.user.is_authenticated(): return HttpResponseNotAllowed(['POST']) # If the form has been submitted by the user if request.method == 'POST': signup_form = SignupForm(request.POST, request=request) #Determine which form the user submitted. if signup_form.is_valid(): password = signup_form.cleaned_data.get('password') email = signup_form.cleaned_data.get('email') first_name = signup_form.cleaned_data.get('first_name') last_name = signup_form.cleaned_data.get('last_name') birthdate = signup_form.cleaned_data.get('birthdate') location = signup_form.cleaned_data.get('location') # Creates the user profile as well. Saves both objects to the database. User.objects.create_user( email=email, password=password, first_name=first_name, last_name=last_name, location=location, birthdate=birthdate, ) return ajax_popup_notification( 'success', "One last step before you can log in! " "We sent you a confirmation email that should " "arrive in the next few minutes. " "Just click the link inside. " "Don't forget to check your spam folder too.", status=200) # If the user ignored out javascript validation and sent an invalid form, send back an error. # We don't actually specify what the form error was. This is okay because our app requires JS to be enabled. # If the user managed to send us an asynch request with JS disabled, they aren't using the site as designed. # eg., possibly a malicious user. No need to repeat the form pretty validation already done on the front end. else: return ajax_http(False, 400) # These need to go here instead of in the settings file to avoid circular dependencies signup_form_settings['ZIP_CODE_REMOTE_URL'] = reverse('valid_zip_code') signup_form_settings['EMAIL_REMOTE_URL'] = reverse('valid_email') return render(request, 'registration/signup.html', {'form_settings': signup_form_settings})
def submit(request): log = logging.getLogger('logentries') log.setLevel(logging.INFO) handler = LogentriesHandler('28379e13-d9b8-434f-a233-7ec9369d2fcb') log.addHandler(handler) if request.method == 'POST': log.info("executing views.submit()"); try: contact_form = ContactForm(request.POST) except Exception as e: #log.error("ContactForm exception error({0}): {1}".format(e.errno, e.strerror)) log.error("ContactForm exception error") raise #log.info("contactForm() isvalid({0}) -> body: '{1}' email: '{2}' subject: '{3}'.".format(contact_form.is_valid(), contact_form.body, contact_form.from_email_address, contact_form.subject_type)); if contact_form.is_valid(): try: subject_type = contact_form.cleaned_data.get('subject_type') subject_type = reverse_category_lookup(subject_type, contact_form_settings.get('SUBJECT_TYPES')) body = contact_form.cleaned_data.get('body') from_email_address = contact_form.cleaned_data.get('from_email_address') except Exception as e: #log.error("contact_form.is_valid() error({0}): {1}".format(e.errno, e.strerror)) log.error("contact_form.is_valid()") raise try: # Send an email to [email protected] with the user's message send_email(SOCIAL_EMAIL_ADDRESS, subject_type, body, from_email=from_email_address ) except Exception as e: log.error("SOCIAL_EMAIL_ADDRESS error" ) #log.error("SOCIAL_EMAIL_ADDRESS error({0}): {1}".format(e.errno, e.strerror)) raise try: # Also shoot the user who contacted us an email to let them know we'll get back to them soon. send_email(from_email_address, FEEDBACK_SUBMISSION_RESPONSE_SUBJECT, '', FEEDBACK_SUBMISSION_RESPONSE_TEMPLATE, ) except Exception as e: log.error("from_email_address error") #log.error("from_email_address error({0}): {1}".format(e.errno, e.strerror)) raise # Notice that we always return True. If the email failed to send, we need to figure it out on our side. # There is nothing additional for the client to do. return ajax_popup_notification('success','We got your message! ' 'Someone should respond to you within 24 hours.', 200) # If the user ignored out javascript validation and sent an invalid form, send back an error. # We don't actually specify what the form error was. This is okay because our app requires JS to be enabled. # If the user managed to send us an aysynch request with JS disabled, they aren't using the site as designed. # eg., possibly a malicious user. No need to repeat the form pretty validation already done on the front end. else: return ajax_http(False) else: contact_form = ContactForm() return render(request, 'contact/contact_form.html', {'contact_form': contact_form, 'form_settings': contact_form_settings, } )