Ejemplo n.º 1
0
def login():
    # get the post data
    payload = request.get_json()
    email = payload.get('email').lower()
    try:
        # fetch the user data
        user = User.query.filter_by(email=email).first()
        if user and user.is_password_correct(payload.get('password')):
            if not user.confirmed:
                send_confirmation_email(user)
                return fail(
                    'Please check your email to confirm your account before logging in! It may take a few minutes to arrive. We have re-sent the email to you just in case.',
                    401)
            token, expires_in = user.generate_token()
            if token:
                response_data = {
                    'status': 'success',
                    'message': 'Successfully logged in.',
                    'token': token,
                    'user': {
                        'id': user.id,
                        'name': user.name,
                        # do we need this?
                        'email': user.email,
                        'token': token,
                        'expires_in': expires_in,
                    }
                }
                return jsonify(response_data), 200
        else:
            return fail(
                'Sorry, we couldn\'t recognize that email or password.', 404)
    except Exception as e:
        print(e)
        return fail('There was an unexpected error. Please try again! :)', 500)
Ejemplo n.º 2
0
def create_review(event_id):
    # TODO: check that I have access to this event
    event = Event.query.get(event_id)
    if g.json['positive'] and g.json['negative']:
        fail('You can\'t review positively and negatively at the same time.')
    g.me.review_on(event, g.json['positive'], g.json['negative'],
                   g.json['body'])
    db.session.commit()
    return succ('Reviewed successfully.')
Ejemplo n.º 3
0
def update_password():
    old_password = g.json.get('old_password')
    new_password = g.json.get('new_password')
    if not old_password or not new_password:
        return fail('Improper parameters.')
    if g.me.is_password_correct(old_password):
        g.me.set_password(new_password)
        db.session.commit()
        return succ('Successfully updated password!')
    return fail('Incorrect password.', 403)
Ejemplo n.º 4
0
def remove_tag(event_id, tag_name):
    event = Event.query.get_or_404(event_id)
    if not (g.me.admin or event.is_hosted_by(g.me)):
        abort(403)
    if not event.has_tag(tag_name):
        return fail('Event does not have this tag.')
    if event.remove_tag(tag_name):
        db.session.commit()
        return succ('Removed tag.')
    # Should not be reached, but just in case.
    return fail('Tag not removed.')
Ejemplo n.º 5
0
def add_tag(event_id, tag_name):
    event = Event.query.get_or_404(event_id)
    tag_name = tag_name.lower()
    if not (g.me.admin or event.is_hosted_by(g.me)):
        abort(403)
    # First, check if the event already has this tag.
    if event.has_tag(tag_name):
        return fail('Event already has this tag.')
    if event.add_tag(tag_name):
        db.session.commit()
        return succ('Added tag!')
    # If the tag is blacklisted or there was another problem
    return fail('Tag not added.')
Ejemplo n.º 6
0
def check_token():
    if request.method != 'OPTIONS':
        if cas.username:
            g.user = User.query.get(cas.username)
        else:
            token = request.headers.get('Authorization')
            if not token:
                return fail('No token provided.')
            token = token.split(' ')[-1]
            g.user = User.from_token(token)
            if g.user is None:
                return fail('Invalid token.', code=401)
        g.user.last_seen = int(time.time())
        db.session.commit()
        print('User: ' + g.user.id)
Ejemplo n.º 7
0
def unblock_user(user_id):
    user = User.query.get(user_id)
    if g.me.unblock(user):
        db.session.commit()
        return succ('Succesfully unblocked user.')
    else:
        return fail('You haven\'t blocked this person.')
Ejemplo n.º 8
0
def block_user(user_id):
    user = User.query.get(user_id)
    if g.me.block(user):
        db.session.commit()
        return succ('Succesfully blocked user.')
    else:
        return fail('You\'ve already blocked this person.')
Ejemplo n.º 9
0
def delete_key(key_id):
    key = Key.query.get(key_id)
    if key.user_id != g.user.id:
        return fail('You may not delete this key.', 403)
    key.deleted = True
    db.session.commit()
    return succ('Key deleted.')
Ejemplo n.º 10
0
def update_event_update(event_id, update_id):
    event = Event.query.get_or_404(event_id)
    if event.is_hosted_by(g.me):
        update = Update.query.get_or_404(update_id)
        update.body = g.json['body']
        return jsonify(update.json(g.me))
    return fail('Could not edit update.')
Ejemplo n.º 11
0
def register():
    # get the post data
    payload = request.get_json()
    email = payload.get('email').lower().strip()
    # check if user already exists
    user = User.query.filter_by(email=email).first()
    if not user:
        try:
            with open('resources/email_blacklist.txt') as f:
                # TODO: should we just keep this in memory continuously rather than reading it every time?
                email_blacklist = f.read().split('\n')
                if email in email_blacklist:
                    return fail(
                        'Sorry, a student email address is required to register.',
                        401)
            school = School.from_email(email)
            if school is None:
                # TODO: use non-Yale-specific message.
                return fail(
                    'You must use a valid .edu email address from a supported school.',
                    401)

            user = User(
                name=payload['name'].strip(),
                email=email,
                year=payload['year'],
                password=payload['password'],
                confirmed=False,
                school_id=school.id,
            )
            # Insert the user
            db.session.add(user)
            db.session.commit()

            send_confirmation_email(user)

            return succ(
                'Check your inbox at ' + email +
                ' to confirm! (The email may take a few moments to deliver.)',
                201)
        except Exception as e:
            return fail(
                'Some error occurred. Please try again. Contact the developers if this continues to happen.',
                500)
    else:
        return fail('User already exists. Please log in.', 202)
Ejemplo n.º 12
0
def create_friend_request(user_id):
    user = User.query.get_or_404(user_id)
    if g.me.friend_request(user):
        db.session.commit()
        notifier.friend_request(g.me, user)
        return succ('Succesfully sent friend request!')
    else:
        return fail('You\'re already friends with this person.')
Ejemplo n.º 13
0
def add_host(event_id, user_id):
    event = Event.query.get_or_404(event_id)
    user = User.query.get_or_404(user_id)
    if g.me.admin or event.is_hosted_by(g.me):
        if event.add_host(user):
            db.session.commit()
            return succ('Added host.')
        else:
            return fail('User is already a host.')
    else:
        abort(403)
Ejemplo n.º 14
0
def get_user_current_event(user_id):
    # TODO: this is so repetitive stop
    user = User.query.get(user_id)
    if not g.me.is_friends_with(user):
        return fail(
            'You must be friends with this user to view their location.', 403)
    if g.me.current_event_id is None:
        return jsonify([])
    event = Event.query.get(user.current_event_id)
    if event is None:
        return jsonify([])
    return jsonify([event.json(g.me)])
Ejemplo n.º 15
0
def send_invite(event_id, user_id):
    event = Event.query.get_or_404(event_id)
    user = User.query.get_or_404(user_id)
    # TODO: store who created an invitation, and allow users who aren't hosts to only remove their invitations
    if event.transitive_invites or event.is_hosted_by(g.me):
        if event.invite(user):
            db.session.commit()
            notifier.send_invite(event, user_from=g.me, user_to=user)
            return succ('Invited user.')
        else:
            return fail('User already invited.')
    else:
        abort(403)
Ejemplo n.º 16
0
def friend_remove(user_id):
    """
    Remove friendship.
    """
    friendship_sent = g.me.friended.filter(
        friendships.c.friended_id == user_id).first()
    friendship_received = g.me.frienders.filter(
        friendships.c.friender_id == user_id).first()
    if friendship_sent is None and friendship_received is None:
        return fail('Couldn\'t find a friendship with this person.')
    if friendship_sent is not None:
        g.me.friended.remove(friendship_sent)
    if friendship_received is not None:
        g.me.frienders.remove(friendship_received)
    db.session.commit()
    return succ('Succesfully removed friend.')
Ejemplo n.º 17
0
def internal(error):
    return fail('Internal server error.', 500)
Ejemplo n.º 18
0
def not_found(error):
    return fail('Not found.', 404)
Ejemplo n.º 19
0
def unauthorized(error):
    return fail('You\'re not authorized to perform this action.', 401)
Ejemplo n.º 20
0
def forbidden(error):
    return fail('You don\'t have permission to do this.', 403)