def post(self, topic_id):
        logged_user = users.get_current_user()

        if not logged_user:
            return self.write("Please, login first")

        csrf_token = self.request.get('csrf-token')
        mem_token = memcache.get(key=csrf_token)

        if not mem_token or mem_token != logged_user.email():
            return self.write("This website is protected against CSRF")

        comment = self.request.get('comment')
        topic = Topic.get_by_id(int(topic_id))

        if not comment:
            return self.write("Text field is requiered")

        Comment.create(content=comment, user=logged_user, topic=topic)

        # new_comment = Comment(
        #     content = comment,
        #     author_email = logged_user.email(),
        #     topic_id = int(topic_id),
        #     topic_title = Topic.get_by_id(int(topic_id)).title,
        # )

        #new_comment.put()

        return self.redirect_to("topic-details", topic_id=topic_id)
Beispiel #2
0
    def post(self, topicid):
        user = users.get_current_user()

        if not user:
            return self.write("Please, login before")

        csrf_token = self.request.get("paco")
        mem_token = memcache.get(key=csrf_token)

        if not mem_token:
            return self.write("This website es protected")

        comment_value = self.request.get("comment")

        if "<script>" in comment_value:
            return self.write("No Hack script")

        if not comment_value:
            return self.write("Required")

        topic = Topic.get_by_id(int(topicid))

        #new_comment = Comment(
         #   content=comment_value,
          #  author_email=user.email(),
           # topicid=topic.key.id(),
            #topic_title=topic.title
        #)

        #new_comment.put()

        Comment.create(content=comment_value, user=user, topic=topic)

        return self.redirect_to("topic-detail", topicid=topic.key.id())
Beispiel #3
0
    def post(self, topic_id):
        """ save new comment to database """
        user = User.logged_in_user()
        topic = Topic.get_by_id(int(topic_id))

        content = self.request.get('content')
        Comment.create(content, user, topic)
        return self.redirect_to('topic-details', topic_id=int(topic_id))
Beispiel #4
0
 def post(self, content_id):
     user = users.get_current_user()
     comment = {
         'nickname': user.nickname(),
         'content_id': content_id,
         'comment': self.request.get('comment')
     }
     Comment.create(comment)
     self.redirect('/content/' + content_id + "?action=comment.post")
Beispiel #5
0
    def post(self, topic_id):

        user = users.get_current_user()

        text = self.request.get('comment-text')
        topic = Topic.get_by_id(int(topic_id))

        Comment.create(content=text, user=user, topic=topic)

        return self.redirect_to("topic-details", topic_id=topic.key.id())
Beispiel #6
0
    def post(self, topic_id):
        user = users.get_current_user()

        if not user:
            return self.write("Please login before you're allowed to post a topic.")

        text = self.request.get("comment-text")
        topic = Topic.get_by_id(int(topic_id))

        Comment.create(content=text, user=user, topic=topic)

        return self.redirect_to("topic-details", topic_id=topic.key.id())
Beispiel #7
0
    def post(self, topic_id):

        # check if user is logged
        user = users.get_current_user()

        if not user:
            return self.write("Please login ! You are not allowed to post...")

        text = self.request.get("comment-text")
        topic = Topic.get_by_id(int(topic_id))

        Comment.create(content=text, author=user.email(), topic=topic)

        return self.redirect_to("topic-details", topic_id=topic.key.id())
    def test_post_topic_details_handler(self):
        # POST
        topic = Topic(title = "New topic", content = "Content of new topic!", author_email = '*****@*****.**')
        topic.put()
        topic_query = Topic.query().get()
        self.assertTrue(topic_query) # pošjem v bazo

        csrf_token = str(uuid.uuid4())
        memcache.add(key=csrf_token, value='*****@*****.**', time=600)

        comment_content = "That is my comment!"
        Comment.create(comment_content, '*****@*****.**', int(topic.key.id()), topic)
        params = {"get_comment": comment_content, "csrf_token": csrf_token}
        post = self.testapp.post('/topic/details/{0}'.format(topic.key.id()), params = params)
        self.assertEqual(post.status_int, 302)
Beispiel #9
0
def comment_create(topic_id):
    # get current user (comment author)
    session_token = request.cookies.get("session_token")
    user = db.query(User).filter_by(session_token=session_token).first()

    # only logged in users can create a comment
    if not user:
        return redirect(url_for('auth.login'))

    csrf = request.form.get("csrf")  # csrf from HTML

    if validate_csrf(csrf, user.username):
        text = request.form.get("text")

        # query the topic object from the database
        topic = db.query(Topic).get(int(topic_id))

        # create a Comment object
        comment = Comment.create(topic=topic, text=text, author=user)

        return redirect(
            url_for('topic.topic_details',
                    topic_id=topic_id,
                    csrf_token=create_csrf_token(user.username)))
    else:
        return "CSRF token is not valid!"
 def saveComment(self):
     results = {'result': False}
     text = self.request.get('commentText')
     pointRootUrlsafe = self.request.get('p')
     parentCommentUrlsafe = self.request.get('parentKey')
     
     user = self.current_user
     if user:
         try:
             comment = Comment.create(
                 text, user, pointRootUrlsafe, 
                 parentCommentUrlsafe)
             if comment:
                 pst_date = PST.convert(comment.date)
                 results = {
                            'result': True, 
                            'userName': user.name,
                            'userURL': user.url,
                            'avatar_url': user.avatar_url if hasattr(user, 'avatar_url') else '/static/img/icon_triceratops_black_47px.png',
                            'text': text,
                            'date': pst_date.strftime('%b. %d, %Y, %I:%M %p'),
                            'parentUrlsafe': parentCommentUrlsafe,
                            'myUrlSafe':comment.key.urlsafe(),
                            'level': comment.level
                            }
         except WhysaurusException as e:
             results['error'] = str(e)
     resultJSON = json.dumps(results)
     self.response.headers.add_header('content-type', 'application/json', charset='utf-8')
     self.response.out.write(resultJSON)
     
Beispiel #11
0
def create_comment():

	# gets json data from client
	data = request.get_json()

	try:
		# gets post by its id
		post = Post.get(Post.id == data['post_id'], Post.soft_delete == False)

		# creates a new comments
		comment = Comment.create(**data, user=current_user.id, post=post)

		# converts model to dictionary
		comment_dict = model_to_dict(comment)

		return jsonify(
			data=comment_dict,
			status={'code': 201, 'message': 'successfully created comment.'}
		)

	# if the queried post doesnt exist
	except DoesNotExist:
		return jsonify(
			data={},
			status={'code': 404, 'message': 'Resource does not exist.'}
		)
    def post(self, topic_id):
        if not topic_id:
            return self.write(
                'Error trying to write a comment into undefined topic!')

        topic = Topic.get_by_id(int(topic_id))

        logged_user = users.get_current_user()

        if not logged_user:
            return self.write(
                'Please login to be allowed to post a new comment.')

        content = self.request.get('comment')

        if (not content) or (not content.strip()):
            return self.write('Empty comments are not allowed!')

        new_comment = Comment.create(
            content=content,
            user=logged_user,
            topic=topic,
        )

        flash = {
            'flash_message': 'Comment added successfully',
            'flash_class': 'alert-success',
        }

        return self.redirect_to('topic-details', topic_id=topic_id, **flash)
Beispiel #13
0
 def mutate(self, info, comment_data):
     point_root = PointRootModel.getByUrlsafe(comment_data.pointID)
     user = info.context.current_user
     text = comment_data.text
     comment = CommentModel.create(text, user, point_root,
                                   comment_data.parentCommentID)
     PointModel.addNotificationTask(point_root.key, user.key, 3, text)
     return NewComment(comment=comment)
Beispiel #14
0
 def post(self, topic_id):
     user = users.get_current_user()
     if not user:
         return self.write("You're not logged in.")
     text = cgi.escape(self.request.get("comment"))
     topic = Topic.get_by_id(int(topic_id))
     new_comment = Comment.create(text, user, topic)
     return self.redirect_to("topic-details", topic_id=topic.key.id())
Beispiel #15
0
def comment_create(topic_id):
    user = user_from_session_token()

    if not user:
        return redirect(url_for('auth.login'))

    csrf = request.form.get("csrf")

    if not validate_csrf(csrf, user.username):
        return "CSRF token is not valid!"

    text = request.form.get("text")
    topic = Topic.read(topic_id)

    Comment.create(topic=topic, text=text, author=user)

    return redirect(url_for('topic.topic_details', topic_id=topic_id))
    def post(self, topic_id):
        logged_user = users.get_current_user()

        if not logged_user:
            return self.write(
                "Please login before you're allowed to post a topic.")

        text_value = self.request.get("text")

        topic = Topic.get_by_id(int(topic_id))

        Comment.create(
            text_value=text_value,
            logged_user=logged_user,
            topic=topic,
        )
        return self.redirect_to("topic-details", topic_id=topic.key.id())
Beispiel #17
0
    def post(self, topic_id):
        csrf_token = self.request.get("csrf_token")
        mem_token = memcache.get(key=csrf_token)  # find if this CSRF exists in memcache

        if not mem_token:  # if token does not exist in memcache, write the following message
            return self.write("You are evil attacker...")

        user = users.get_current_user()

        if not user:
            return self.write("Please login before you're allowed to post a topic.")

        text = self.request.get("comment-text")
        topic = Topic.get_by_id(int(topic_id))

        Comment.create(content=text, user=user, topic=topic)

        return self.redirect_to("topic_details", topic_id=topic.key.id())
Beispiel #18
0
    def post(self, topic_id):
        topic = Topic.get_by_id(int(topic_id))
        user = users.get_current_user()

        if not user:
            return self.write("you are not loged in!")

        comment = self.request.get("content")

        author = User.query(User.email == user.email()).fetch()
        author_email = author[0].email
        author_avatar = author[0].avatar_url

        Comment.create(content=comment,
                       author=author_email,
                       topic=topic,
                       avatar=author_avatar)
        Topic.comment_sum_add(topic=topic)

        return self.redirect_to("topic", topic_id=topic.key.id())
Beispiel #19
0
    def post(self, topic_id):
        user = users.get_current_user()

        if not user:
            return self.write("Please login before you comment on topic!")

        # CSRF protection
        #csrf_token = self.request.get("csrf_token")
        #csrf_value = memcache.get(csrf_token)
        #if str(csrf_value) != user.email():
        #    return self.write("You are hecker!")

        current_topic = Topic.get_by_id(int(topic_id))
        content = self.request.get("get_comment")

        Comment.create(content, user.email(), int(topic_id), current_topic)

        if is_local():
            time.sleep(0.1)
        return self.redirect_to("topic-details", topic_id=int(topic_id))
Beispiel #20
0
    def post(self, topic_id):
        user = users.get_current_user()
        if not user:
            return self.write("Please login.")

        text = cgi.escape(self.request.get("comment-text"))

        topic = Topic.get_by_id(int(topic_id))
        new_comment = Comment.create(text, user, topic)

        return self.write("Comment created successfully.")
Beispiel #21
0
def comment_create(topic_id):
    user = user_from_session_token()

    # only logged in users can create a comment
    if not user:
        return redirect(url_for('auth.login'))

    csrf = request.form.get("csrf")

    if not is_valid_csrf(csrf, user.username):
        return "CSRF token is not valid!"

    text = request.form.get("text")
    # query the topic object from the database
    topic = Topic.read(topic_id)

    # create a Comment object
    Comment.create(topic=topic, text=text, author=user)

    return redirect(url_for('topic.topic_details', topic_id=topic_id))
Beispiel #22
0
    def create_fake_comment(self,
                            user=None,
                            topic=None,
                            content="This is comment only for testing"):
        if not user:
            user = self.create_fake_admin()

        if not topic:
            topic = self.create_fake_topic()

        comment = Comment.create(content=content, user=user, topic=topic)
        return comment
Beispiel #23
0
    def post(self, topic_id):
        logged_user = users.get_current_user()

        if not logged_user:
            return self.write(
                "Please login before you're allowed to add a comment.")

        comment_content = self.request.get('comment-content')

        if not comment_content:
            return self.write("Comment content field is required")

        topic = Topic.get_by_id(int(topic_id))

        Comment.create(
            content=comment_content,
            user=logged_user,
            topic=topic,
        )

        return self.redirect_to("topic-details", topic_id=topic.key.id())
    def exec(self, *args):
        if len(args) < 2:
            raise BadArgsException
        content = self.raw_command.strip()
        content = content[8:].strip()
        content = content[len(args[0]):].strip()

        try:
            p = Post.get('id', args[0])
        except ObjectNotExist:
            self.write('Post does not exist.')
            return

        uuid = 'comment-{}'.format(gen_uuid())
        username = User.get('id', p.author_id).username
        Comment.create(p, self.user, uuid)

        self.write(
            json.dumps({
                'username': username,
                'uuid': uuid,
                'content': content
            }))
Beispiel #25
0
    def saveComment(self):
        results = {'result': False}
        text = self.request.get('commentText')
        pointRootUrlsafe = self.request.get('p')
        parentCommentUrlsafe = self.request.get('parentKey')

        user = self.current_user
        if user:
            try:
                pointRoot = PointRoot.getByUrlsafe(pointRootUrlsafe)
                if pointRoot:
                    comment = Comment.create(text, user, pointRoot,
                                             parentCommentUrlsafe)
                    if comment:
                        pst_date = PST.convert(comment.date)
                        results = {
                            'result':
                            True,
                            'userName':
                            user.name,
                            'userURL':
                            user.url,
                            'avatar_url':
                            user.avatar_url if hasattr(user, 'avatar_url') else
                            '/static/img/icon_triceratops_black_47px.png',
                            'text':
                            text,
                            'date':
                            pst_date.strftime('%b. %d, %Y, %I:%M %p'),
                            'parentUrlsafe':
                            parentCommentUrlsafe,
                            'myUrlSafe':
                            comment.key.urlsafe(),
                            'level':
                            comment.level
                        }
                        Point.addNotificationTask(pointRoot.key, user.key, 3,
                                                  text)

                else:
                    results[
                        'error'] = 'Unable to find the point to add this comment'
            except WhysaurusException as e:
                results['error'] = str(e)
        resultJSON = json.dumps(results)
        self.response.headers[
            "Content-Type"] = 'application/json; charset=utf-8'
        self.response.out.write(resultJSON)
Beispiel #26
0
def comment_create(topic_id):
    session_token = request.cookies.get("session_token")
    user = db.query(User).filter_by(session_token=session_token).first()

    if not user:
        return redirect(url_for('auth.login'))

    csrf = request.form.get("csrf")

    if validate_csrf(csrf, user.username):
        text = request.form.get("text")
        topic = db.query(Topic).get(int(topic_id))
        comment = Comment.create(topic=topic, text=text, author=user)

        return redirect(url_for('topic.topic_details', topic_id=topic_id, csrf_token=create_csrf_token(user.username)))

    else:
        return "CSRF token jest bledny!!!"
Beispiel #27
0
def comment_create(topic_id):

    user = get_user()

    # only a logged in user can comment on a topic.
    if not user:
        render_template("signup.html")

    # get the topic that is to be edited
    topic = db.query(Topic).get(int(topic_id))

    # Display the Comment Create Page
    if request.method == "GET":
        # create the csrf token
        csrf_token = str(uuid.uuid4())
        # use the redis app
        redis.set(name=csrf_token, value=user.name)

        return render_template("comment_create.html",
                               user=user,
                               csrf_token=csrf_token,
                               topic=topic)

    elif request.method == "POST":
        #     Get the CSRF token back and ensure that it matches what was sent.
        csrf = request.form.get("csrf")
        redis_csrf_name = redis.get(name=csrf).decode()

        # see that the csrf came back and then that it matches what was sent
        if redis_csrf_name and redis_csrf_name == user.name:

            # Create the Topic Comment and post it.

            comment_text = request.form.get("comment-text")
            created = datetime.datetime.now().date()
            # Post it
            comment = Comment.create(text=comment_text,
                                     created=created,
                                     author=user,
                                     topic=topic)

            return redirect(url_for('all_topics'))
        else:
            return "CSRF token is not valid"
Beispiel #28
0
    def post(self, topic_id):
        user = users.get_current_user()
        author = user.nickname()
        content = self.request.get("content")

        post_comment = self.request.get("post-comment")
        subscribe_button = self.request.get("subscribe-button")

        if post_comment:
            if content:
                comment = Comment.create(author, content, int(topic_id))
                Topic.add_comment(int(topic_id), comment.created,
                                  comment.author)

                the_user = ""
                for usr in User.query(User.email == user.email()).fetch():
                    the_user = usr

                topic = Topic.get_by_id(int(topic_id))
                subscriber_query = topic.subscribers
                for email in subscriber_query:
                    if email != user.email(
                    ):  # don't send email update to the author of the comment
                        email_new_comment(the_user.first_name,
                                          Topic.get_by_id(int(topic_id)).title,
                                          str(topic_id), email)

                self.redirect('/topic/' + str(topic_id))
            else:
                self.redirect('/topic/' + str(topic_id))

        elif subscribe_button:
            topic = Topic.get_by_id(int(topic_id))
            user = users.get_current_user()
            user_email = user.email()

            if user_email in topic.subscribers:
                topic.subscribers.remove(user_email)
            else:
                topic.subscribers.append(user_email)

            topic.put()
            self.redirect("/topic/" + str(topic_id))
Beispiel #29
0
    def post(self, topic_id):
        user = users.get_current_user()
        author = user.nickname()
        content = self.request.get("content")

        post_comment = self.request.get("post-comment")
        subscribe_button = self.request.get("subscribe-button")

        if post_comment:
            if content:
                comment = Comment.create(author, content, int(topic_id))
                Topic.add_comment(int(topic_id), comment.created, comment.author)

                the_user = ""
                for usr in User.query(User.email == user.email()).fetch():
                    the_user = usr


                topic = Topic.get_by_id(int(topic_id))
                subscriber_query = topic.subscribers
                for email in subscriber_query:
                    if email != user.email(): # don't send email update to the author of the comment
                        email_new_comment(the_user.first_name, Topic.get_by_id(int(topic_id)).title, str(topic_id), email)

                self.redirect('/topic/' + str(topic_id))
            else:
                self.redirect('/topic/' + str(topic_id))

        elif subscribe_button:
            topic = Topic.get_by_id(int(topic_id))
            user = users.get_current_user()
            user_email = user.email()

            if user_email in topic.subscribers:
                topic.subscribers.remove(user_email)
            else:
                topic.subscribers.append(user_email)

            topic.put()
            self.redirect("/topic/" + str(topic_id))
Beispiel #30
0
 def saveComment(self):
     results = {'result': False}
     text = self.request.get('commentText')
     pointRootUrlsafe = self.request.get('p')
     parentCommentUrlsafe = self.request.get('parentKey')
     
     user = self.current_user
     if user:
         try:
             pointRoot = PointRoot.getByUrlsafe(pointRootUrlsafe) 
             if pointRoot:               
                 comment = Comment.create(
                     text, user, pointRoot, 
                     parentCommentUrlsafe)
                 if comment:
                     pst_date = PST.convert(comment.date)
                     results = {
                                'result': True, 
                                'userName': user.name,
                                'userURL': user.url,
                                'avatar_url': user.avatar_url if hasattr(user, 'avatar_url') else '/static/img/icon_triceratops_black_47px.png',
                                'text': text,
                                'date': pst_date.strftime('%b. %d, %Y, %I:%M %p'),
                                'parentUrlsafe': parentCommentUrlsafe,
                                'myUrlSafe':comment.key.urlsafe(),
                                'level': comment.level
                                }
                     Point.addNotificationTask(pointRoot.key, user.key, 3, text)
                                
             else:
                 results['error'] = 'Unable to find the point to add this comment'
         except WhysaurusException as e:
             results['error'] = str(e)
     resultJSON = json.dumps(results)
     self.response.headers["Content-Type"] = 'application/json; charset=utf-8'
     self.response.out.write(resultJSON)
Beispiel #31
0
def store_comment():
    comment = Comment.create(request.form)
    return redirect(url_for('posts.show_post', post_id=comment.post_id))
Beispiel #32
0
 def post(self):
     comment = Comment(**request.get_json())
     comment.create()
     return comment.json(), 201
Beispiel #33
0
def comment_create():
    content = request.form['content']
    blog_id = request.form['blog_id']
    id = Comment.create(blog_id, content, get_user().id)
    return redirect(url_for('blog_show',blog_id = blog_id))