Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
raise validate.InvalidFormat(_f("Passwords do not match"))
user.set_password(password1)
if language not in tornado.locale.get_supported_locales():
language = None
user.language = language
self.db.commit()
return self.redirect(self.reverse_url('account'))
except validate.InvalidFormat as e:
logger.info("Error validating Account: %r", e)
return self.render('account.html', user=user,
languages=self.get_languages(),
current_language=user.language,
error=self.gettext(e.message))
class AskResetPassword(BaseHandler):
@PROM_REQUESTS.sync('reset_password')
def get(self):
if not self.application.config['MULTIUSER']:
raise HTTPError(404)
return self.render('reset_password.html')
@PROM_REQUESTS.sync('reset_password')
def post(self):
if not self.application.config['MULTIUSER']:
raise HTTPError(404)
email = self.get_body_argument('email')
user = (
self.db.query(database.User).filter(database.User.email == email)
).one_or_none()
if user is None:
return self.render(
self.current_user,
tag,
)
self.db.add(cmd)
self.db.commit()
self.db.refresh(cmd)
self.application.notify_project(project.id, cmd)
return self.send_json({'id': tag.id})
except validate.InvalidFormat as e:
logger.info("Error validating TagAdd: %r", e)
self.set_status(e.status_code, e.reason)
return self.send_json({'error': e.message})
class TagUpdate(BaseHandler):
@api_auth
@PROM_REQUESTS.sync('tag_update')
def post(self, project_id, tag_id):
project, privileges = self.get_project(project_id)
if not privileges.can_update_tag():
self.set_status(403)
return self.send_json({'error': "Unauthorized"})
try:
obj = self.get_json()
tag = self.db.query(database.Tag).get(int(tag_id))
if tag is None or tag.project_id != project.id:
self.set_status(404)
return self.send_json({'error': "No such tag"})
if obj:
if 'path' in obj:
validate.tag_path(obj['path'])
cmd = database.Command.highlight_add(
self.current_user,
document,
hl,
new_tags,
)
cmd.tag_count_changes = {tag: 1 for tag in obj.get('tags')}
self.db.add(cmd)
self.db.commit()
self.db.refresh(cmd)
self.application.notify_project(document.project_id, cmd)
return self.send_json({'id': hl.id})
class HighlightUpdate(BaseHandler):
@api_auth
@PROM_REQUESTS.sync('highlight_update')
def post(self, project_id, document_id, highlight_id):
document, privileges = self.get_document(project_id, document_id)
if not privileges.can_add_highlight():
self.set_status(403)
return self.send_json({'error': "Unauthorized"})
obj = self.get_json()
hl = self.db.query(database.Highlight).get(int(highlight_id))
if hl is None or hl.document_id != document.id:
self.set_status(404)
return self.send_json({'error': "No such highlight"})
if obj:
if 'start_offset' in obj:
hl.start_offset = obj['start_offset']
if 'end_offset' in obj:
highlights=highlights)
@authenticated
@PROM_REQUESTS.sync('delete_project')
def post(self, project_id):
project, privileges = self.get_project(project_id)
if not privileges.can_delete_project():
raise HTTPError(403)
logger.warning("Deleting project %d %r user=%r",
project.id, project.name, self.current_user)
self.db.delete(project)
self.db.commit()
return self.redirect(self.reverse_url('index'))
class Project(BaseHandler):
@authenticated
@PROM_REQUESTS.sync('project')
def get(self, project_id):
project, _ = self.get_project(project_id)
documents_json = jinja2.Markup(json.dumps(
{
str(doc.id): {'id': doc.id, 'name': doc.name,
'description': doc.description}
for doc in project.documents
},
sort_keys=True,
))
tags_json = jinja2.Markup(json.dumps(
{
str(tag.id): {'id': tag.id,
'path': tag.path,
self.db.delete(tag)
cmd = database.Command.tag_delete(
self.current_user,
project.id,
tag.id,
)
self.db.add(cmd)
self.db.commit()
self.db.refresh(cmd)
self.application.notify_project(project.id, cmd)
self.set_status(204)
return self.finish()
class TagMerge(BaseHandler):
@api_auth
@PROM_REQUESTS.sync('tag_merge')
def post(self, project_id):
project, privileges = self.get_project(project_id)
if not privileges.can_merge_tags():
self.set_status(403)
return self.send_json({'error': "Unauthorized"})
obj = self.get_json()
tag_src = self.db.query(database.Tag).get(obj['src'])
tag_dest = self.db.query(database.Tag).get(obj['dest'])
if (tag_src is None or tag_src.project_id != project.id or
tag_dest is None or tag_dest.project_id != project.id):
self.set_status(404)
return self.send_json({'error': "No such tag"})
# Remove tag from tag_src if it's already in tag_dest
password1 = self.get_body_argument('password1')
password2 = self.get_body_argument('password2')
validate.user_password(password1)
if password1 != password2:
raise validate.InvalidFormat(_f("Passwords do not match"))
logger.info("Password reset: changing password for %r", user.login)
user.set_password(password1)
self.db.commit()
return self.redirect(self.reverse_url('index'))
except validate.InvalidFormat as e:
logger.info("Error validating SetNewPassword: %r", e)
return self.render('new_password.html', reset_token=reset_token,
error=self.gettext(e.message))
class ProjectAdd(BaseHandler):
@authenticated
@PROM_REQUESTS.sync('new_project')
def get(self):
return self.render('project_new.html')
@authenticated
@PROM_REQUESTS.sync('new_project')
def post(self):
name = self.get_body_argument('name', '')
description = self.get_body_argument('description', '')
try:
validate.project_name(name)
validate.project_description(description)
# Create project
project = database.Project(name=name, description=description)
def post(self):
if not self.application.config['MULTIUSER']:
raise HTTPError(404)
login = self.get_json()['login']
try:
login = validate.user_login(login)
except validate.InvalidFormat:
pass
else:
user = self.db.query(database.User).get(login)
if user is not None:
return self.send_json({'exists': True})
return self.send_json({'exists': False})
class ProjectMeta(BaseHandler):
@api_auth
@PROM_REQUESTS.sync('project_meta')
def post(self, project_id):
project, privileges = self.get_project(project_id)
if not privileges.can_edit_project_meta():
self.set_status(403)
return self.send_json({'error': "Unauthorized"})
try:
obj = self.get_json()
validate.project_name(obj['name'])
project.name = obj['name']
validate.project_description(obj['description'])
project.description = obj['description']
logger.info("Updated project: %r %r",
project.name, project.description)
cmd = database.Command.project_meta(
self.set_header('Content-Type', 'text/xml; charset=utf-8')
self.set_header('Content-Disposition',
'attachment; filename="codebook.qdc"')
# http://schema.qdasoftware.org/versions/Codebook/v1.0/Codebook.xsd
output = XMLGenerator(WriteAdapter(self.write), encoding='utf-8',
short_empty_elements=True)
output.startDocument()
output.startPrefixMapping(None, 'urn:QDA-XML:codebook:1.0')
refi_qda.write_codebook(tags, output)
output.endPrefixMapping(None)
output.endDocument()
return self.finish()
class ExportCodebookCsv(BaseHandler):
PROM_EXPORT.labels('codebook', 'csv').inc(0)
@authenticated
def get(self, project_id):
PROM_EXPORT.labels('codebook', 'csv').inc()
project, _ = self.get_project(project_id)
tags = list(project.tags)
self.set_header('Content-Type', 'text/csv; charset=utf-8')
self.set_header('Content-Disposition',
'attachment; filename="codebook.csv"')
writer = csv.writer(WriteAdapter(self.write))
writer.writerow(['tag', 'description'])
for tag in tags:
writer.writerow([tag.path, tag.description])
return self.finish()
return self._go_to_next()
return self.render(
'login.html', register=False,
next=self.get_argument('next', ''),
login_error=self.gettext("Invalid login or password"),
)
def _go_to_next(self):
next_ = self.get_argument('next', '')
if not next_:
next_ = self.reverse_url('index')
return self.redirect(next_)
class Logout(BaseHandler):
@PROM_REQUESTS.sync('logout')
def get(self):
if not self.application.config['MULTIUSER']:
raise HTTPError(404)
self.logout()
return self.redirect(self.reverse_url('index'))
class Register(BaseHandler):
@PROM_REQUESTS.sync('register')
def get(self):
if not self.application.config['MULTIUSER']:
raise HTTPError(404)
if not self.application.config['REGISTRATION_ENABLED']:
raise HTTPError(403)
if self.current_user:
document, _ = self.get_document(project_id, document_id, True)
return self.send_json({
'contents': [
{'offset': 0, 'contents': document.contents},
],
'highlights': [
{'id': hl.id,
'start_offset': hl.start_offset,
'end_offset': hl.end_offset,
'tags': [t.id for t in hl.tags]}
for hl in document.highlights
],
})
class TagAdd(BaseHandler):
@api_auth
@PROM_REQUESTS.sync('tag_add')
def post(self, project_id):
project, privileges = self.get_project(project_id)
if not privileges.can_add_tag():
self.set_status(403)
return self.send_json({'error': "Unauthorized"})
try:
obj = self.get_json()
validate.tag_path(obj['path'])
validate.tag_description(obj['description'])
tag = database.Tag(project=project,
path=obj['path'],
description=obj['description'])
try:
self.db.add(tag)