def title(self):
field_name = self.name
url = self.view.request.path_qs
url = util.update_params(url, order=field_name, desc=None)
order_ico = ''
if field_name == self.view.list_order['field'] and not self.view.list_order['desc']:
order_ico = '<i class="glyphicon glyphicon-chevron-down"/>'
url = util.update_params(url, order=field_name, desc=1)
elif field_name == self.view.list_order['field'] and self.view.list_order['desc']:
order_ico = '<i class="glyphicon glyphicon-chevron-up"/>'
url = util.update_params(url, order=None, desc=None)
return Markup('<a href="%s">%s</a> %s' % (url, self.label, order_ico))
def title(self):
field_name = self.name
url = self.view.request.path_qs
url = util.update_params(url, order=field_name, desc=None)
order_ico = ''
if field_name == self.view.list_order['field'] and not self.view.list_order['desc']:
order_ico = '<i class="icon-chevron-down"/>'
url = util.update_params(url, order=field_name, desc=1)
elif field_name == self.view.list_order['field'] and self.view.list_order['desc']:
order_ico = '<i class="icon-chevron-up"/>'
url = util.update_params(url, order=None, desc=None)
return Markup('<a href="%s">%s</a> %s' % (url, self.label, order_ico))
def display(self):
true_cls = 'active' if self.value == 't' else ''
false_cls = 'active' if self.value == 'f' else ''
true_link = HTML.tag('a',
href=util.update_params(self.url,
**dict([(self.id, 't')])),
c=self.true,
class_=true_cls)
false_link = HTML.tag('a',
href=util.update_params(self.url,
**dict([(self.id, 'f')
])),
c=self.false,
class_=false_cls)
return Markup(true_link + false_link)
def __init__(self, force_pager=False):
from shimpy.core.context import context
request = context.request
page_num = int(request.args.get("page", 1))
nav = []
if force_pager or "page" in request.args:
nav.append(HTML.a("Prev", href=update_params(request.full_path, page=page_num-1)))
nav.append(HTML.a("Index", href="/"))
if force_pager or "page" in request.args:
nav.append(HTML.a("Next", href=update_params(request.full_path, page=page_num+1)))
Block.__init__(self, "Navigation", HTML.span(literal(" | ").join(nav)), "left", 0)
def fail(msg=None):
if msg:
request.session.flash(msg, level=u'error', icon='key--exclamation')
# XXX setting the status to 403 triggers Pyramid's exception view
next_url = request.route_url('account.login')
if return_key is not None:
next_url = update_params(next_url, return_key=return_key)
return {'next_url': next_url}
def fail(msg=None, exc=None):
if msg:
request.session.flash(msg, level=u'error', icon='key--exclamation')
# XXX setting the status to 403 triggers Pyramid's exception view
next_url = request.route_url('account.login')
if return_key is not None:
next_url = update_params(next_url, return_key=return_key)
return {
'status': 'redirect',
'redirect-to': next_url,
}
def login_begin(context, request):
"""Step one of logging in with OpenID; redirect to the provider."""
form = LoginForm(request.POST)
if not form.validate():
return {'form': form}
# Ensure the return key, if present and valid, will be passed
# to openid_finish()
return_url = request.route_url('account.login_finish')
if form.return_key.data in get_stash_keys(request):
return_url = update_params(return_url,
return_key=form.return_key.data)
if request.user:
# Logged-in user trying to update their OpenID expiry time
sreg = False
settings = request.registry.settings
max_auth_age = settings.get('auth.openid.expiry_seconds',
DEFAULT_CONFIDENCE_EXPIRY)
else:
# Someone either logging in or registering
# Problem is that we don't want sreg (as part of opeinid_begin) unless
# the user is registering, but we don't know whether the user is
# registering or just logging in until we resolve their identity URL...
# which we do in openid_begin.
# Possibly use checkid_immediate instead
sreg = True
max_auth_age = False
try:
return HTTPSeeOther(location=openid_begin(
identifier=form.openid_identifier.data,
return_url=return_url,
request=request,
max_auth_age=max_auth_age,
sreg=sreg))
except OpenIDError as exc:
request.session.flash(exc.message,
level='error', icon='key--exclamation')
return {'form': form}
def login_begin(context, request):
"""Step one of logging in with OpenID; redirect to the provider."""
form = LoginForm(request.POST)
if not form.validate():
return {'form': form}
# Ensure the return key, if present and valid, will be passed
# to openid_finish()
return_url = request.route_url('account.login_finish')
if form.return_key.data in get_stash_keys(request):
return_url = update_params(return_url,
return_key=form.return_key.data)
if request.user:
# Logged-in user trying to update their OpenID expiry time
sreg = False
settings = request.registry.settings
max_auth_age = settings.get('auth.openid.expiry_seconds',
DEFAULT_CONFIDENCE_EXPIRY)
else:
# Someone either logging in or registering
# Problem is that we don't want sreg (as part of opeinid_begin) unless
# the user is registering, but we don't know whether the user is
# registering or just logging in until we resolve their identity URL...
# which we do in openid_begin.
# Possibly use checkid_immediate instead
sreg = True
max_auth_age = False
try:
return HTTPSeeOther(location=openid_begin(
identifier=form.openid_identifier.data,
return_url=return_url,
request=request,
max_auth_age=max_auth_age,
sreg=sreg))
except OpenIDError as exc:
request.session.flash(exc.message,
level='error', icon='key--exclamation')
return {'form': form}
def url_generator(**kw):
q = urllib.quote(safe_str(c.cur_query))
return update_params("?q=%s&type=%s" \
% (q, safe_str(c.cur_type)), **kw)
def url_generator(**kw):
return update_params("/content", **kw)
def url_generator(**kw):
return update_params("/content", **kw)
def login_finish(context, request):
"""Step two of logging in; the OpenID provider redirects back here."""
def retry():
"""Redirect to the login page, preserving the return key (if any)."""
location = request.route_url('account.login')
if return_key:
location = update_params(location, return_key=return_key)
return HTTPSeeOther(location=location)
return_url = request.route_url('account.login_finish')
return_key = key_from_request(request)
if return_key is not None:
return_url = update_params(return_url, return_key=return_key)
try:
identity_url, identity_webfinger, auth_time, sreg_res = openid_end(
return_url=return_url,
request=request)
except OpenIDError as exc:
request.session.flash(exc.message,
level='error', icon='key--exclamation')
return retry()
# Find who owns this URL, if anyone
identity_owner = model.session.query(User) \
.filter(User.identity_urls.any(url=identity_url)) \
.limit(1).first()
if not identity_owner:
if return_key:
request.session.flash('Unknown OpenID URL.',
level='error', icon='key--exclamation')
return retry()
# Someone is either registering a new account, or adding a new OpenID
# to an existing account
request.session['pending_identity_url'] = identity_url
request.session.changed()
# Try to pull a name and email address out of the SReg response
username = re.sub(u'[^_a-z0-9]', u'',
sreg_res.get('nickname', u'').lower())
form = RegistrationForm(
username=username,
email=sreg_res.get('email', u''),
timezone=sreg_res.get('timezone', u'UTC'),
)
return render_to_response(
'account/register.mako',
dict(
form=form,
identity_url=identity_url,
identity_webfinger=identity_webfinger,
identity_email=None),
request=request)
elif identity_owner == request.user:
# Someone is just freshening up their cookie
auth_headers = safe_openid_login(request, identity_owner, identity_url)
if auth_headers is None:
return retry()
request.session.flash(u'Re-authentication successful', icon='user')
if return_key:
# Fetch a stashed request
old_url = fetch_stash(request, key=return_key)['url']
if old_url:
location = update_params(old_url, return_key=return_key)
log.debug('Following Return Key \'{0}\' to URL: {1}'
.format(return_key, location))
return HTTPSeeOther(location, headers=auth_headers)
return HTTPSeeOther(request.route_url('root'), headers=auth_headers)
else:
# Existing user; new login
# Log the successful OpenID authentication, mindful of users that may
# have OpenID logins disabled, for instance.
# XXX should we deny a logged-in user to authenticate as another user?
auth_headers = security.forget(request)
headers = safe_openid_login(request, identity_owner, identity_url)
if headers is None:
return retry()
auth_headers += headers
# An existing user has logged in successfully. Bravo!
log.debug("User {0!r} logged in via OpenID: {1!r}"
.format(identity_owner.name, identity_url))
request.session.flash(
u"Welcome back, {0}!"
.format(identity_owner.display_name or identity_owner.name),
level=u'success', icon='user')
# XXX this should ALSO probably do the return_key redirect, good grief
return HTTPSeeOther(
location=request.route_url('root'),
headers=auth_headers)
def display(self):
true_cls = 'active' if self.value == 't' else ''
false_cls = 'active' if self.value == 'f' else ''
true_link = HTML.tag('a', href=util.update_params(self.url, **dict([(self.id,'t')])), c=self.true, class_=true_cls)
false_link = HTML.tag('a', href=util.update_params(self.url, **dict([(self.id,'f')])), c=self.false, class_=false_cls)
return Markup(true_link + false_link)
def url_generator(**kw):
return update_params("?q=%s&type=%s" \
% (c.cur_query, c.cur_search), **kw)
def url_generator(**kw):
new_url = update_params(self.request.url, page=kw['page'])
return new_url
def page_url(self, page_num):
url = self.request.path_qs
return util.update_params(url, pg=page_num)
def retry():
"""Redirect to the login page, preserving the return key (if any)."""
location = request.route_url('account.login')
if return_key:
location = update_params(location, return_key=return_key)
return HTTPSeeOther(location=location)
def account_login_xhr(context, request):
return_key = key_from_request(request)
next_url = request.route_url('account.login')
if return_key is not None:
next_url = update_params(next_url, return_key=return_key)
return {'next_url': next_url}
def login_finish(context, request):
"""Step two of logging in; the OpenID provider redirects back here."""
def retry():
"""Redirect to the login page, preserving the return key (if any)."""
location = request.route_url('account.login')
if return_key:
location = update_params(location, return_key=return_key)
return HTTPSeeOther(location=location)
return_url = request.route_url('account.login_finish')
return_key = key_from_request(request)
if return_key is not None:
return_url = update_params(return_url, return_key=return_key)
try:
identity_url, identity_webfinger, auth_time, sreg_res = openid_end(
return_url=return_url,
request=request)
except OpenIDError as exc:
request.session.flash(exc.message,
level='error', icon='key--exclamation')
return retry()
# Find who owns this URL, if anyone
identity_owner = model.session.query(User) \
.filter(User.identity_urls.any(url=identity_url)) \
.limit(1).first()
if not identity_owner:
if return_key:
request.session.flash('Unknown OpenID URL.',
level='error', icon='key--exclamation')
return retry()
# Someone is either registering a new account, or adding a new OpenID
# to an existing account
request.session['pending_identity_url'] = identity_url
request.session.changed()
# Try to pull a name and email address out of the SReg response
username = re.sub(u'[^_a-z0-9]', u'',
sreg_res.get('nickname', u'').lower())
form = RegistrationForm(
username=username,
email=sreg_res.get('email', u''),
timezone=sreg_res.get('timezone', u'UTC'),
)
return render_to_response(
'account/register.mako',
dict(
form=form,
identity_url=identity_url,
identity_webfinger=identity_webfinger,
identity_email=None),
request=request)
elif identity_owner == request.user:
# Someone is just freshening up their cookie
auth_headers = safe_openid_login(request, identity_owner, identity_url)
if auth_headers is None:
return retry()
request.session.flash(u'Re-authentication successful', icon='user')
if return_key:
# Fetch a stashed request
old_url = fetch_stash(request, key=return_key)['url']
if old_url:
location = update_params(old_url, return_key=return_key)
log.debug('Following Return Key \'{0}\' to URL: {1}'
.format(return_key, location))
return HTTPSeeOther(location, headers=auth_headers)
return HTTPSeeOther(request.route_url('root'), headers=auth_headers)
else:
# Existing user; new login
# Log the successful OpenID authentication, mindful of users that may
# have OpenID logins disabled, for instance.
# XXX should we deny a logged-in user to authenticate as another user?
auth_headers = security.forget(request)
headers = safe_openid_login(request, identity_owner, identity_url)
if headers is None:
return retry()
auth_headers += headers
# An existing user has logged in successfully. Bravo!
log.debug("User {0!r} logged in via OpenID: {1!r}"
.format(identity_owner.name, identity_url))
request.session.flash(
u"Welcome back, {0}!"
.format(identity_owner.display_name or identity_owner.name),
level=u'success', icon='user')
# XXX this should ALSO probably do the return_key redirect, good grief
return HTTPSeeOther(
location=request.route_url('root'),
headers=auth_headers)
def account_login_xhr(context, request):
return_key = key_from_request(request)
next_url = request.route_url('account.login')
if return_key is not None:
next_url = update_params(next_url, return_key=return_key)
return {'next_url': next_url}
def account_login_persona(context, request):
return_key = key_from_request(request)
def fail(msg=None, exc=None):
if msg:
request.session.flash(msg, level=u'error', icon='key--exclamation')
# XXX setting the status to 403 triggers Pyramid's exception view
next_url = request.route_url('account.login')
if return_key is not None:
next_url = update_params(next_url, return_key=return_key)
return {
'status': 'redirect',
'redirect-to': next_url,
}
## Verify the identity assertion
assertion = request.POST.get('assertion')
try:
data = verify_persona(assertion, request)
except PersonaError as e:
flash_persona_error(e, request)
return fail()
## Attempt to resolve the identity to a local user
email = data.get('email')
if data.get('status') != 'okay' or not email:
return fail("Persona authentication failed.")
identity_email = model.session.query(IdentityEmail) \
.filter_by(email=email) \
.limit(1).first()
if not identity_email:
# New user or new ID
request.session['pending_identity_email'] = email
return {
'status': 'redirect',
'redirect-to': request.route_url('account.register'),
}
## Attempt to log in
try:
auth_headers = security.remember(
request, identity_email.user, persona_addr=email)
request.session.changed()
except PersonaNotFoundError:
return fail("The email address '{0}' is registered against the account "
"'{1}'. To log in as '{1}', log out then back in."
.format(email, identity_email.user.name))
except PersonaAuthDisabledError:
return fail("Your Persona is no longer accepted as your account has "
"disabled Persona authentication.")
# An existing user has logged in successfully. Bravo!
request.response.headerlist.extend(auth_headers)
log.debug("User {0} logged in via Persona: {1}"
.format(identity_email.user.name, identity_email))
## Handle redirection
if identity_email.user == request.user:
# Someone is just freshening up their cookie
request.session.flash(u'Re-authentication successful', icon='user')
if return_key is not None:
old_url = fetch_stash(request, key=return_key)['url']
if old_url:
next_url = update_params(old_url, return_key=return_key)
log.debug('Following Return Key \'{0}\' to URL: {1}'
.format(return_key, next_url))
return {
'status': 'redirect',
'redirect-to': next_url,
}
else:
# Existing user; new login
request.session.flash(
'Logged in with Persona', level=u'success', icon='user')
# XXX this seems a mite fragile
redirect = request.route_url('root')
pathq = request.POST.get('pathq')
if pathq and not pathq.startswith(request.route_path('account.login')):
scheme, netloc = urlparse(redirect)[:2]
redirect = urlunparse((scheme, netloc, pathq, '', '', ''))
return {
'status': 'redirect',
'redirect-to': redirect,
}
def retry():
"""Redirect to the login page, preserving the return key (if any)."""
location = request.route_url('account.login')
if return_key:
location = update_params(location, return_key=return_key)
return HTTPSeeOther(location=location)
def list_users_url_generator(**kw):
from pyramid.threadlocal import get_current_request
from webhelpers.util import update_params
new_url = update_params(get_current_request().route_url('list_users'), page=kw['page'])
return new_url
def account_login_browserid(context, request):
return_key = key_from_request(request)
def fail(msg=None):
if msg:
request.session.flash(msg, level=u'error', icon='key--exclamation')
# XXX setting the status to 403 triggers Pyramid's exception view
next_url = request.route_url('account.login')
if return_key is not None:
next_url = update_params(next_url, return_key=return_key)
return {'next_url': next_url}
## Verify the identity assertion
assertion = request.POST.get('assertion')
try:
data = verify_browserid(assertion, request)
except BrowserIDError as e:
flash_browserid_error(e, request)
return fail()
## Attempt to resolve the identity to a local user
email = data.get('email')
if data.get('status') != 'okay' or not email:
return fail("BrowserID authentication failed.")
identity_email = model.session.query(IdentityEmail) \
.filter_by(email=email) \
.limit(1).first()
if not identity_email:
# New user or new ID
request.session['pending_identity_email'] = email
return {'next_url': request.route_url('account.register'),
'post_id': 'postform'}
## Attempt to log in
try:
auth_headers = security.remember(
request, identity_email.user, browserid_email=email)
request.session.changed()
except BrowserIDNotFoundError:
return fail("The email address '{0}' is registered against the account "
"'{1}'. To log in as '{1}', log out then back in."
.format(email, identity_email.user.name))
except BrowserIDAuthDisabledError:
return fail("Your BrowserID is no longer accepted as your account has "
"disabled BrowserID authentication.")
# An existing user has logged in successfully. Bravo!
request.response.headerlist.extend(auth_headers)
log.debug("User {0} logged in via BrowserID: {1}"
.format(identity_email.user.name, identity_email))
## Handle redirection
if identity_email.user == request.user:
# Someone is just freshening up their cookie
request.session.flash(u'Re-authentication successful', icon='user')
if return_key is not None:
old_url = fetch_stash(request, key=return_key)['url']
if old_url:
next_url = update_params(old_url, return_key=return_key)
log.debug('Following Return Key \'{0}\' to URL: {1}'
.format(return_key, next_url))
return {'next_url': next_url}
return {'next_url': request.route_url('root')}
# Existing user; new login
request.session.flash(
'Logged in with BrowserID', level=u'success', icon='user')
return {'next_url': request.route_url('root')}
def url_generator(**kw):
return update_params("?q=%s&type=%s" \
% (c.cur_query, c.cur_search), **kw)
def url_generator(**kw):
return update_params("?q=%s&type=%s" \
% (safe_str(c.cur_query), safe_str(c.cur_type)), **kw)
def page_url(self, page_num):
url = self.request.path_qs
return util.update_params(url, pg=page_num)
def url_generator(**kw):
q = urllib.quote(safe_str(c.cur_query))
return update_params("?q=%s&type=%s" \
% (q, safe_str(c.cur_type)), **kw)
def get_page_url(self, **kw):
return update_params(self.request.full_url(), **kw)
