Beispiel #1
0
def newItem(category_name):
    if request.method == 'POST':
        # Strip off the extra spaces the user may have entered
        name = request.form['name'].strip()
        description = request.form['description']
        # Ensure we have needed item info
        if name and description:
            db = DBConnect()
            isUsed = db.itemNameUsed(name)
            # Check if the item name has already been used somewhere else
            if not isUsed['used']:
                category = db.getCategoryByName(category_name)
                userID = db.getUserIDByEmail(session['email'])
                db.addItem(name, description, category.id, userID)
                return redirect(
                    url_for('showItem\
',
                            category_name=category_name,
                            item_name=name))
            return redirect(
                url_for('error',
                        error='This\
            item name has already been used'))
        return redirect(
            url_for('error',
                    error='You need to enter\
        both a name and description'))

    if request.method == 'GET':
        user = session.get('username')
        if user is None:
            return redirect(url_for('showLogin'))
        return render_template('newItem.html', categoryName=category_name)
Beispiel #2
0
def editItem(category_name, item_name):
    db = DBConnect()
    item = db.getItemByName(item_name)
    if request.method == 'POST':
        name = request.form['name']
        description = request.form['description']
        categoryName = request.form['category']
        if name and description and categoryName:
            category = db.getCategoryByName(categoryName)
            db.editItem(item, name, description, category.id)
            return redirect(
                url_for('showItem',
                        category_name=category.name,
                        item_name=name))

    if request.method == 'GET':
        # Authorization check before serving the edit page
        userEmail = session.get('email')
        userID = db.getUserIDByEmail(userEmail)
        if userID != item.user.id:
            return redirect(
                url_for('error',
                        error='You are not\
            authorized to edit this item'))
        categories = db.getAllCategories()
        return render_template('editItem.html',
                               selectedItem=item,
                               categories=categories)
Beispiel #3
0
def showItem(category_name, item_name):
    db = DBConnect()
    selectedItem = db.getItemByName(item_name)
    userEmail = session.get('email')
    userID = db.getUserIDByEmail(userEmail)
    if userID != selectedItem.user.id:
        return render_template('publicShowItem.html\
',
                               selectedItem=selectedItem,
                               categoryName=category_name)
    return render_template('showItem.html\
',
                           selectedItem=selectedItem,
                           categoryName=category_name)
Beispiel #4
0
def deleteItem(category_name, item_name):
    db = DBConnect()
    item = db.getItemByName(item_name)
    if request.method == 'POST':
        db.deleteItem(item)
        return redirect(url_for('showCategory', category_name=category_name))

    if request.method == 'GET':
        # Authorization check before serving the delete page
        userEmail = session.get('email')
        userID = db.getUserIDByEmail(userEmail)
        if userID != item.user.id:
            return redirect(
                url_for('error',
                        error='You are not\
            authorized to delete this item'))
        return render_template('deleteItem.html',
                               categoryName=category_name,
                               itemName=item_name)
Beispiel #5
0
def gconnect():
    # Verify that the token the client sends the server matches the one
    # that was sent
    if request.args.get('state') != session['state']:
        # If they do not match then respond with an error
        response = make_response(json.dumps('Invalid state token'), 401)
        response.headers['Content-Type'] = 'application/json'
        return response
    # If the state tokens match then we take our code
    code = request.data
    # Try to use the one time code and exchange it for a
    # credentials object
    try:
        # Create oauth flow object and adds client secret key info to
        # that object
        oauth_flow = flow_from_clientsecrets('secret/client_secrets.json',
                                             scope='')
        # Specify that this the one time code flow this server sends off
        oauth_flow.redirect_uri = 'postmessage'
        # Init exchange
        credentials = oauth_flow.step2_exchange(code)
    # Handle the case where an error occurs during the exchange
    except FlowExchangeError:
        response = make_response(
            json.dumps('Failed to upgrade the\
        authorization code'), 401)
        response.headers['Content-Type'] = 'application/json'
        return response
    # Check to see if there is a valid access token inside of the
    # returned credentials
    access_token = credentials.access_token
    url = 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s'\
          % access_token
    h = httplib2.Http()
    result = json.loads(h.request(url, 'GET')[1])
    if result.get('error') is not None:
        response = make_response(json.dumps(result['error']), 500)
        response.headers['Content-Type'] = 'application/json'
        return response
    # Compare id in the credentials object against the id returned
    # by the google api server
    gplus_id = credentials.id_token['sub']
    if result['user_id'] != gplus_id:
        response = make_response(
            json.dumps('Token user ID does not\
        match given user ID'), 401)
        response.headers['Content-Type'] = 'application/json'
        return response
    # Compare client IDs
    if result['issued_to'] != CLIENT_ID:
        response = make_response(
            json.dumps('Token client ID does not\
        match the apps ID'), 401)
        print('Token client ID does not match the apps ID')
        response.headers['Content-Type'] = 'application/json'
        return response

    # Check if the user is already logged into the system
    stored_credentials = session.get('credentials')
    stored_gplus_id = session.get('gplus_id')
    if stored_credentials is not None and stored_gplus_id == gplus_id:
        response = make_response(
            json.dumps('Current user is\
        already logged in'), 200)
        response.headers['Content-Type'] = 'application/json'
        return response

    # Store credentials and google plus id in this session
    session['credentials'] = credentials.access_token
    session['gplus_id'] = gplus_id

    # Get more information about the user from the google plus api
    userinfo_url = 'https://www.googleapis.com/oauth2/v1/userinfo'
    params = {'access_token': credentials.access_token, 'alt': 'json'}
    answer = requests.get(userinfo_url, params=params)
    data = json.loads(answer.text)
    # Store user info in login session
    session['username'] = data['email']
    session['email'] = data['email']
    session['picture'] = data['picture']

    db = DBConnect()
    userID = db.getUserIDByEmail(session['email'])
    if userID is None:
        db.createUser(session['username'], session['email'],
                      session['picture'])
        userID = db.getUserIDByEmail(session['email'])

    session['user_id'] = userID
    output = ''
    output += '<h1>Welcome, '
    output += session['username']
    return output