| d120774 by Anon Ray at 2014-03-08 |
1 |
# -*- coding utf-8 -*- |
|
2 |
# classes/views/users.py |
|
3 |
|
|
4 |
import requests |
|
5 |
|
| 8fe0bbc by Anon Ray at 2014-05-10 |
6 |
# flask imports |
| cffc26d by Anon Ray at 2014-06-10 |
7 |
from flask import Module, request, render_template, session,\ |
|
8 |
make_response, url_for, redirect, json, current_app |
| d120774 by Anon Ray at 2014-03-08 |
9 |
|
| 8fe0bbc by Anon Ray at 2014-05-10 |
10 |
# swtstore imports |
| 1e7645a by Anon Ray at 2014-06-03 |
11 |
from swtstore.classes.models import User, Sweet, Context, Client,\ |
| cffc26d by Anon Ray at 2014-06-10 |
12 |
AuthorizedClients |
| d120774 by Anon Ray at 2014-03-08 |
13 |
|
|
14 |
from swtstore.config import DefaultConfig |
|
15 |
|
|
16 |
|
|
17 |
config = DefaultConfig() |
|
18 |
|
|
19 |
user = Module(__name__) |
|
20 |
|
| cffc26d by Anon Ray at 2014-06-10 |
21 |
|
| d120774 by Anon Ray at 2014-03-08 |
22 |
@user.route('/login', methods=['POST']) |
|
23 |
def login(): |
|
24 |
|
|
25 |
response = make_response() |
| 8fe0bbc by Anon Ray at 2014-05-10 |
26 |
#response = makeCORSHeaders(response) |
| d120774 by Anon Ray at 2014-03-08 |
27 |
|
|
28 |
if 'assertion' not in request.form: |
|
29 |
response.status_code = 400 |
|
30 |
return response |
|
31 |
|
| 8fe0bbc by Anon Ray at 2014-05-10 |
32 |
current_app.logger.debug('remote address of request for user login %s', |
|
33 |
request.remote_addr) |
|
34 |
|
| d120774 by Anon Ray at 2014-03-08 |
35 |
data = {'assertion': request.form['assertion'], 'audience': |
| f867edb by Anon Ray at 2014-04-10 |
36 |
config.SWTSTORE_URL} |
| d120774 by Anon Ray at 2014-03-08 |
37 |
|
|
38 |
resp = requests.post(config.MOZ_PERSONA_VERIFIER, data=data, verify=True) |
| 8fe0bbc by Anon Ray at 2014-05-10 |
39 |
current_app.logger.debug('Response code from MOZ_PERSONA_VERIFIER %s', |
|
40 |
resp.status_code) |
|
41 |
current_app.logger.debug('Response body: %s', resp.json()) |
| d120774 by Anon Ray at 2014-03-08 |
42 |
|
|
43 |
if resp.ok: |
|
44 |
verified_data = json.loads(resp.content) |
|
45 |
if verified_data['status'] == 'okay': |
|
46 |
user_email = verified_data['email'] |
|
47 |
# check if this user exists in our system |
|
48 |
current_user = User.query.filter_by(email=user_email).first() |
|
49 |
# user doesn't exist; create her |
|
50 |
if current_user is None: |
| 8fe0bbc by Anon Ray at 2014-05-10 |
51 |
current_app.logger.info('user with email %s doesn\'t exist', |
|
52 |
user_email) |
|
53 |
current_app.logger.info('creating new user: %s', user_email) |
|
54 |
|
| d120774 by Anon Ray at 2014-03-08 |
55 |
new_user = User('', user_email) |
|
56 |
new_user.persist() |
|
57 |
current_user = new_user |
|
58 |
|
|
59 |
#session.update({'email': verified_data['email']}) |
| 8fe0bbc by Anon Ray at 2014-05-10 |
60 |
current_app.logger.info('logging in user with email %s', |
|
61 |
user_email) |
| d120774 by Anon Ray at 2014-03-08 |
62 |
session['email'] = current_user.email |
|
63 |
|
|
64 |
response.status_code = 200 |
|
65 |
response.data = {'email': user_email} |
|
66 |
return response |
|
67 |
|
|
68 |
response.status_code = 500 |
|
69 |
return response |
|
70 |
|
| cffc26d by Anon Ray at 2014-06-10 |
71 |
|
| d120774 by Anon Ray at 2014-03-08 |
72 |
@user.route('/logout', methods=['POST']) |
|
73 |
def logout(): |
|
74 |
|
|
75 |
response = make_response() |
| 8fe0bbc by Anon Ray at 2014-05-10 |
76 |
#response = makeCORSHeaders(response) |
| d120774 by Anon Ray at 2014-03-08 |
77 |
|
|
78 |
if 'email' in session: |
| 8fe0bbc by Anon Ray at 2014-05-10 |
79 |
current_app.logger.info('logging out user %s', session['email']) |
| d120774 by Anon Ray at 2014-03-08 |
80 |
session.pop('email') |
|
81 |
|
|
82 |
response.status_code = 200 |
|
83 |
return response |
|
84 |
|
| cffc26d by Anon Ray at 2014-06-10 |
85 |
|
| d120774 by Anon Ray at 2014-03-08 |
86 |
@user.route('/me', methods=['GET', 'POST']) |
|
87 |
def profile(): |
|
88 |
|
|
89 |
current_user = User.getCurrentUser() |
|
90 |
if current_user is None: |
|
91 |
return redirect(url_for('frontend.index')) |
|
92 |
|
|
93 |
if request.method == 'GET': |
| 48b7772 by Anon Ray at 2014-06-03 |
94 |
return render_template('user/me.html', user=current_user.to_dict()) |
| d120774 by Anon Ray at 2014-03-08 |
95 |
|
| 427df6d by Anon Ray at 2014-05-11 |
96 |
# else POST request |
| d120774 by Anon Ray at 2014-03-08 |
97 |
username = request.form.get('username') |
| 8fe0bbc by Anon Ray at 2014-05-10 |
98 |
|
|
99 |
current_app.logger.debug('Updating username of %s to %s', |
|
100 |
current_user.username, username) |
|
101 |
|
| d120774 by Anon Ray at 2014-03-08 |
102 |
current_user.update(username=username) |
|
103 |
|
|
104 |
return redirect(url_for('profile')) |
|
105 |
|
| f867edb by Anon Ray at 2014-04-10 |
106 |
|
| 8fe0bbc by Anon Ray at 2014-05-10 |
107 |
@user.route('/me/sweets', methods=['GET']) |
|
108 |
def mySweets(): |
|
109 |
|
|
110 |
user = User.getCurrentUser() |
|
111 |
if user is None: |
|
112 |
return redirect(url_for('frontend.index')) |
|
113 |
|
|
114 |
swts = Sweet.getByCreator(user) |
| 48b7772 by Anon Ray at 2014-06-03 |
115 |
swts = [swt.to_dict() for swt in swts] |
| 427df6d by Anon Ray at 2014-05-11 |
116 |
return render_template('user/sweets.html', sweets=swts) |
| 8fe0bbc by Anon Ray at 2014-05-10 |
117 |
|
|
118 |
|
|
119 |
@user.route('/me/contexts', methods=['GET']) |
|
120 |
def myContexts(): |
|
121 |
|
|
122 |
user = User.getCurrentUser() |
|
123 |
if user is None: |
|
124 |
return redirect(url_for('frontend.index')) |
|
125 |
|
|
126 |
contexts = Context.getByCreator(user.id) |
| 427df6d by Anon Ray at 2014-05-11 |
127 |
return render_template('user/contexts.html', contexts=contexts) |
| 8fe0bbc by Anon Ray at 2014-05-10 |
128 |
|
|
129 |
|
|
130 |
@user.route('/me/apps', methods=['GET']) |
|
131 |
def myApps(): |
|
132 |
|
|
133 |
# make a decorator out of this repetative code |
|
134 |
user = User.getCurrentUser() |
|
135 |
if user is None: |
|
136 |
return redirect(url_for('frontend.index')) |
|
137 |
|
|
138 |
apps = Client.getClientsByCreator(user.id) |
| 427df6d by Anon Ray at 2014-05-11 |
139 |
return render_template('user/apps.html', apps=apps) |
| 8fe0bbc by Anon Ray at 2014-05-10 |
140 |
|
| cffc26d by Anon Ray at 2014-06-10 |
141 |
|
| 427df6d by Anon Ray at 2014-05-11 |
142 |
@user.route('/me/authorized_apps', methods=['GET', 'POST']) |
|
143 |
def authorizedApps(): |
|
144 |
|
|
145 |
user = User.getCurrentUser() |
|
146 |
if user is None: |
|
147 |
return redirect(url_for('frontend.index')) |
|
148 |
|
|
149 |
if request.method == 'GET': |
|
150 |
authorized_clients = AuthorizedClients.getByUser(user) |
|
151 |
return render_template('user/authorized_apps.html', |
| cffc26d by Anon Ray at 2014-06-10 |
152 |
authorized_clients=authorized_clients) |
| 427df6d by Anon Ray at 2014-05-11 |
153 |
|
|
154 |
# else POST request |
|
155 |
client_id = request.form.get('revoke-id', '') |
|
156 |
if client_id: |
|
157 |
client = Client.query.get(client_id) |
|
158 |
current_app.logger.info('user %s revoking access to %s', user, client) |
|
159 |
AuthorizedClients.revoke(user=user, client=client) |
|
160 |
|
|
161 |
return redirect(url_for('authorizedApps')) |
