d120774 by Anon Ray at 2014-03-08 |
1 |
# -*- coding utf-8 -*- |
|
2 |
# classes/views/users.py |
|
3 |
|
|
4 |
import requests |
|
5 |
|
8fe0bbc by Anon Ray at 2014-05-10 |
6 |
# flask imports |
d120774 by Anon Ray at 2014-03-08 |
7 |
from flask import Module, jsonify, request, render_template, session,\ |
8fe0bbc by Anon Ray at 2014-05-10 |
8 |
make_response, url_for, redirect, json, current_app |
d120774 by Anon Ray at 2014-03-08 |
9 |
|
8fe0bbc by Anon Ray at 2014-05-10 |
10 |
# swtstore imports |
d120774 by Anon Ray at 2014-03-08 |
11 |
from swtstore.classes.models.um import User |
427df6d by Anon Ray at 2014-05-11 |
12 |
from swtstore.classes.models import Sweet, Context, Client, AuthorizedClients |
d120774 by Anon Ray at 2014-03-08 |
13 |
|
8fe0bbc by Anon Ray at 2014-05-10 |
14 |
from swtstore.classes.utils.httputils import makeCORSHeaders |
d120774 by Anon Ray at 2014-03-08 |
15 |
from swtstore.config import DefaultConfig |
|
16 |
|
|
17 |
|
|
18 |
config = DefaultConfig() |
|
19 |
|
|
20 |
user = Module(__name__) |
|
21 |
|
|
22 |
@user.route('/login', methods=['POST']) |
|
23 |
def login(): |
|
24 |
|
|
25 |
response = make_response() |
8fe0bbc by Anon Ray at 2014-05-10 |
26 |
#response = makeCORSHeaders(response) |
d120774 by Anon Ray at 2014-03-08 |
27 |
|
|
28 |
if 'assertion' not in request.form: |
|
29 |
response.status_code = 400 |
|
30 |
return response |
|
31 |
|
8fe0bbc by Anon Ray at 2014-05-10 |
32 |
current_app.logger.debug('remote address of request for user login %s', |
|
33 |
request.remote_addr) |
|
34 |
|
d120774 by Anon Ray at 2014-03-08 |
35 |
data = {'assertion': request.form['assertion'], 'audience': |
f867edb by Anon Ray at 2014-04-10 |
36 |
config.SWTSTORE_URL} |
d120774 by Anon Ray at 2014-03-08 |
37 |
|
|
38 |
resp = requests.post(config.MOZ_PERSONA_VERIFIER, data=data, verify=True) |
8fe0bbc by Anon Ray at 2014-05-10 |
39 |
current_app.logger.debug('Response code from MOZ_PERSONA_VERIFIER %s', |
|
40 |
resp.status_code) |
|
41 |
current_app.logger.debug('Response body: %s', resp.json()) |
d120774 by Anon Ray at 2014-03-08 |
42 |
|
|
43 |
if resp.ok: |
|
44 |
verified_data = json.loads(resp.content) |
|
45 |
if verified_data['status'] == 'okay': |
|
46 |
user_email = verified_data['email'] |
|
47 |
# check if this user exists in our system |
|
48 |
current_user = User.query.filter_by(email=user_email).first() |
|
49 |
# user doesn't exist; create her |
|
50 |
if current_user is None: |
8fe0bbc by Anon Ray at 2014-05-10 |
51 |
current_app.logger.info('user with email %s doesn\'t exist', |
|
52 |
user_email) |
|
53 |
current_app.logger.info('creating new user: %s', user_email) |
|
54 |
|
d120774 by Anon Ray at 2014-03-08 |
55 |
new_user = User('', user_email) |
|
56 |
new_user.persist() |
|
57 |
current_user = new_user |
|
58 |
|
|
59 |
#session.update({'email': verified_data['email']}) |
8fe0bbc by Anon Ray at 2014-05-10 |
60 |
current_app.logger.info('logging in user with email %s', |
|
61 |
user_email) |
d120774 by Anon Ray at 2014-03-08 |
62 |
session['email'] = current_user.email |
|
63 |
|
|
64 |
response.status_code = 200 |
|
65 |
response.data = {'email': user_email} |
|
66 |
return response |
|
67 |
|
|
68 |
response.status_code = 500 |
|
69 |
return response |
|
70 |
|
|
71 |
@user.route('/logout', methods=['POST']) |
|
72 |
def logout(): |
|
73 |
|
|
74 |
response = make_response() |
8fe0bbc by Anon Ray at 2014-05-10 |
75 |
#response = makeCORSHeaders(response) |
d120774 by Anon Ray at 2014-03-08 |
76 |
|
|
77 |
if 'email' in session: |
8fe0bbc by Anon Ray at 2014-05-10 |
78 |
current_app.logger.info('logging out user %s', session['email']) |
d120774 by Anon Ray at 2014-03-08 |
79 |
session.pop('email') |
|
80 |
|
|
81 |
response.status_code = 200 |
|
82 |
return response |
|
83 |
|
|
84 |
@user.route('/me', methods=['GET', 'POST']) |
|
85 |
def profile(): |
|
86 |
|
|
87 |
current_user = User.getCurrentUser() |
|
88 |
if current_user is None: |
|
89 |
return redirect(url_for('frontend.index')) |
|
90 |
|
|
91 |
if request.method == 'GET': |
427df6d by Anon Ray at 2014-05-11 |
92 |
return render_template('user/me.html', user=current_user) |
d120774 by Anon Ray at 2014-03-08 |
93 |
|
427df6d by Anon Ray at 2014-05-11 |
94 |
# else POST request |
d120774 by Anon Ray at 2014-03-08 |
95 |
username = request.form.get('username') |
8fe0bbc by Anon Ray at 2014-05-10 |
96 |
|
|
97 |
current_app.logger.debug('Updating username of %s to %s', |
|
98 |
current_user.username, username) |
|
99 |
|
d120774 by Anon Ray at 2014-03-08 |
100 |
current_user.update(username=username) |
|
101 |
|
|
102 |
return redirect(url_for('profile')) |
|
103 |
|
f867edb by Anon Ray at 2014-04-10 |
104 |
|
8fe0bbc by Anon Ray at 2014-05-10 |
105 |
@user.route('/me/sweets', methods=['GET']) |
|
106 |
def mySweets(): |
|
107 |
|
|
108 |
user = User.getCurrentUser() |
|
109 |
if user is None: |
|
110 |
return redirect(url_for('frontend.index')) |
|
111 |
|
|
112 |
swts = Sweet.getByCreator(user) |
427df6d by Anon Ray at 2014-05-11 |
113 |
return render_template('user/sweets.html', sweets=swts) |
8fe0bbc by Anon Ray at 2014-05-10 |
114 |
|
|
115 |
|
|
116 |
@user.route('/me/contexts', methods=['GET']) |
|
117 |
def myContexts(): |
|
118 |
|
|
119 |
user = User.getCurrentUser() |
|
120 |
if user is None: |
|
121 |
return redirect(url_for('frontend.index')) |
|
122 |
|
|
123 |
contexts = Context.getByCreator(user.id) |
427df6d by Anon Ray at 2014-05-11 |
124 |
return render_template('user/contexts.html', contexts=contexts) |
8fe0bbc by Anon Ray at 2014-05-10 |
125 |
|
|
126 |
|
|
127 |
@user.route('/me/apps', methods=['GET']) |
|
128 |
def myApps(): |
|
129 |
|
|
130 |
# make a decorator out of this repetative code |
|
131 |
user = User.getCurrentUser() |
|
132 |
if user is None: |
|
133 |
return redirect(url_for('frontend.index')) |
|
134 |
|
|
135 |
apps = Client.getClientsByCreator(user.id) |
427df6d by Anon Ray at 2014-05-11 |
136 |
return render_template('user/apps.html', apps=apps) |
8fe0bbc by Anon Ray at 2014-05-10 |
137 |
|
427df6d by Anon Ray at 2014-05-11 |
138 |
@user.route('/me/authorized_apps', methods=['GET', 'POST']) |
|
139 |
def authorizedApps(): |
|
140 |
|
|
141 |
user = User.getCurrentUser() |
|
142 |
if user is None: |
|
143 |
return redirect(url_for('frontend.index')) |
|
144 |
|
|
145 |
if request.method == 'GET': |
|
146 |
authorized_clients = AuthorizedClients.getByUser(user) |
|
147 |
return render_template('user/authorized_apps.html', |
|
148 |
authorized_clients=authorized_clients) |
|
149 |
|
|
150 |
# else POST request |
|
151 |
client_id = request.form.get('revoke-id', '') |
|
152 |
if client_id: |
|
153 |
client = Client.query.get(client_id) |
|
154 |
current_app.logger.info('user %s revoking access to %s', user, client) |
|
155 |
AuthorizedClients.revoke(user=user, client=client) |
|
156 |
|
|
157 |
return redirect(url_for('authorizedApps')) |
8fe0bbc by Anon Ray at 2014-05-10 |
158 |
|