1 |
# -*- coding utf-8 -*- |
2 |
# classes/views/users.py |
3 |
|
4 |
import requests |
5 |
|
6 |
# flask imports |
7 |
from flask import Module, jsonify, request, render_template, session,\ |
8 |
make_response, url_for, redirect, json, current_app |
9 |
|
10 |
# swtstore imports |
11 |
from swtstore.classes.models.um import User |
12 |
from swtstore.classes.models import Sweet, Context, Client, AuthorizedClients |
13 |
|
14 |
from swtstore.classes.utils.httputils import makeCORSHeaders |
15 |
from swtstore.config import DefaultConfig |
16 |
|
17 |
|
18 |
config = DefaultConfig() |
19 |
|
20 |
user = Module(__name__) |
21 |
|
22 |
@user.route('/login', methods=['POST']) |
23 |
def login(): |
24 |
|
25 |
response = make_response() |
26 |
#response = makeCORSHeaders(response) |
27 |
|
28 |
if 'assertion' not in request.form: |
29 |
response.status_code = 400 |
30 |
return response |
31 |
|
32 |
current_app.logger.debug('remote address of request for user login %s', |
33 |
request.remote_addr) |
34 |
|
35 |
data = {'assertion': request.form['assertion'], 'audience': |
36 |
config.SWTSTORE_URL} |
37 |
|
38 |
resp = requests.post(config.MOZ_PERSONA_VERIFIER, data=data, verify=True) |
39 |
current_app.logger.debug('Response code from MOZ_PERSONA_VERIFIER %s', |
40 |
resp.status_code) |
41 |
current_app.logger.debug('Response body: %s', resp.json()) |
42 |
|
43 |
if resp.ok: |
44 |
verified_data = json.loads(resp.content) |
45 |
if verified_data['status'] == 'okay': |
46 |
user_email = verified_data['email'] |
47 |
# check if this user exists in our system |
48 |
current_user = User.query.filter_by(email=user_email).first() |
49 |
# user doesn't exist; create her |
50 |
if current_user is None: |
51 |
current_app.logger.info('user with email %s doesn\'t exist', |
52 |
user_email) |
53 |
current_app.logger.info('creating new user: %s', user_email) |
54 |
|
55 |
new_user = User('', user_email) |
56 |
new_user.persist() |
57 |
current_user = new_user |
58 |
|
59 |
#session.update({'email': verified_data['email']}) |
60 |
current_app.logger.info('logging in user with email %s', |
61 |
user_email) |
62 |
session['email'] = current_user.email |
63 |
|
64 |
response.status_code = 200 |
65 |
response.data = {'email': user_email} |
66 |
return response |
67 |
|
68 |
response.status_code = 500 |
69 |
return response |
70 |
|
71 |
@user.route('/logout', methods=['POST']) |
72 |
def logout(): |
73 |
|
74 |
response = make_response() |
75 |
#response = makeCORSHeaders(response) |
76 |
|
77 |
if 'email' in session: |
78 |
current_app.logger.info('logging out user %s', session['email']) |
79 |
session.pop('email') |
80 |
|
81 |
response.status_code = 200 |
82 |
return response |
83 |
|
84 |
@user.route('/me', methods=['GET', 'POST']) |
85 |
def profile(): |
86 |
|
87 |
current_user = User.getCurrentUser() |
88 |
if current_user is None: |
89 |
return redirect(url_for('frontend.index')) |
90 |
|
91 |
if request.method == 'GET': |
92 |
return render_template('user/me.html', user=current_user) |
93 |
|
94 |
# else POST request |
95 |
username = request.form.get('username') |
96 |
|
97 |
current_app.logger.debug('Updating username of %s to %s', |
98 |
current_user.username, username) |
99 |
|
100 |
current_user.update(username=username) |
101 |
|
102 |
return redirect(url_for('profile')) |
103 |
|
104 |
|
105 |
@user.route('/me/sweets', methods=['GET']) |
106 |
def mySweets(): |
107 |
|
108 |
user = User.getCurrentUser() |
109 |
if user is None: |
110 |
return redirect(url_for('frontend.index')) |
111 |
|
112 |
swts = Sweet.getByCreator(user) |
113 |
return render_template('user/sweets.html', sweets=swts) |
114 |
|
115 |
|
116 |
@user.route('/me/contexts', methods=['GET']) |
117 |
def myContexts(): |
118 |
|
119 |
user = User.getCurrentUser() |
120 |
if user is None: |
121 |
return redirect(url_for('frontend.index')) |
122 |
|
123 |
contexts = Context.getByCreator(user.id) |
124 |
return render_template('user/contexts.html', contexts=contexts) |
125 |
|
126 |
|
127 |
@user.route('/me/apps', methods=['GET']) |
128 |
def myApps(): |
129 |
|
130 |
# make a decorator out of this repetative code |
131 |
user = User.getCurrentUser() |
132 |
if user is None: |
133 |
return redirect(url_for('frontend.index')) |
134 |
|
135 |
apps = Client.getClientsByCreator(user.id) |
136 |
return render_template('user/apps.html', apps=apps) |
137 |
|
138 |
@user.route('/me/authorized_apps', methods=['GET', 'POST']) |
139 |
def authorizedApps(): |
140 |
|
141 |
user = User.getCurrentUser() |
142 |
if user is None: |
143 |
return redirect(url_for('frontend.index')) |
144 |
|
145 |
if request.method == 'GET': |
146 |
authorized_clients = AuthorizedClients.getByUser(user) |
147 |
return render_template('user/authorized_apps.html', |
148 |
authorized_clients=authorized_clients) |
149 |
|
150 |
# else POST request |
151 |
client_id = request.form.get('revoke-id', '') |
152 |
if client_id: |
153 |
client = Client.query.get(client_id) |
154 |
current_app.logger.info('user %s revoking access to %s', user, client) |
155 |
AuthorizedClients.revoke(user=user, client=client) |
156 |
|
157 |
return redirect(url_for('authorizedApps')) |