def get_many(offset=None, limit=None):
with get_session() as s:
query = s.query(User).order_by(User.registration_date.desc())
data = slice(query, offset, limit)
return [u.as_dict() for u in data]
def create(name):
with get_session() as s:
if s.query(Tag).filter_by(name=name).first():
abort(409, 'Tag with this name already exists')
tag = Tag(name=name)
s.add(tag)
def delete(name):
with get_session() as s:
tag = s.query(Tag).filter_by(name=name).first()
if tag is None:
abort(404, 'Tag not found')
tag.posts = tag.users_tags = tag.users_interests = []
s.delete(tag)
def delete_avatar(u_id):
with get_session() as s:
avatar = s.query(Avatar).filter_by(u_id=u_id).first()
if avatar is None:
abort(404, 'Avatar not found')
s.delete(avatar)
files.remove(f'avatar{u_id}.{avatar.ext}', config.avatars)
def get_avatar(u_id):
with get_session() as s:
u = User.get_or_404(s, u_id)
if u.avatar is None:
return None
return join(config.avatars.DIRECTORY, f'avatar{u_id}.{u.avatar.ext}')
def update_role(u_id, role):
with get_session() as s:
u = User.get_or_404(s, u_id)
if u.access == USER_ACCESS[role]:
abort(409, 'User already has that role')
u.access = USER_ACCESS[role]
def self_delete(u_id, password):
with get_session() as s:
u = User.get_or_404(s, u_id)
opw = str(password).encode('utf-8')
pw = str(u.password).encode('utf-8')
if not bcrypt.checkpw(opw, pw):
abort(422, 'Invalid password')
u.status = 'deleted'
def close_all_sessions(u_id, password):
with get_session() as s:
u = User.get_or_404(s, u_id)
opw = str(password).encode('utf-8')
pw = str(u.password).encode('utf-8')
if not bcrypt.checkpw(opw, pw):
abort(422, 'Invalid password')
u.cookie_id = uuid.uuid4()
return u
def update(name, new_name):
with get_session() as s:
if s.query(Tag).filter_by(name=new_name).first():
abort(409, 'Tag with this name already exists')
tag = s.query(Tag).filter_by(name=name).first()
if tag is None:
abort(404, 'Tag not found')
tag.name = new_name
def update_avatar(u_id, file):
with get_session() as s:
u = User.get_or_404(s, u_id)
if u.avatar:
delete_avatar(u_id)
ext = files.get_ext(file.filename)
files.save(file, f'avatar{u_id}.{ext}', config.avatars)
s.add(Avatar(u_id=u_id, ext=ext))
def get(c_id):
with get_session() as s:
comment = Comment.get_or_404(s, c_id)
if (isinstance(comment.post, Question) and comment.post.closed
and not current_user.has_access('expert')
and comment.post.u_id != current_user.id):
abort(403)
return comment.as_dict()
def delete(c_id):
with get_session() as s:
comment = Comment.get_or_404(s, c_id)
if (not current_user.has_access('moderator')
and comment.u_id != current_user.id):
abort(403)
comment.post.comment_count -= 1
comment.author.comment_count -= 1
comment.status = 'deleted'
def ban_user(u_id):
with get_session() as s:
u = User.get_or_404(s, u_id)
if (u.has_access('moderator')
or not current_user.has_access('moderator')):
abort(403)
if u.status == 'banned':
abort(409, 'User has already banned')
u.status = 'banned'
def update(c_id, text):
with get_session() as s:
comment = Comment.get_or_404(s, c_id)
if (isinstance(comment.post, Question) and comment.post.closed
and not current_user.has_access('moderator')
and comment.post.u_id != current_user.id):
abort(403)
if not text:
abort(422, 'Comment text should not be empty')
comment.text = text
def reset_password(email):
with get_session() as s:
user = s.query(User).filter(User.email == email,
User.status == 'active').one_or_none()
if not user:
abort(404, 'Invalid user')
new_password = util.random_string_digits(20)
npw = bcrypt.hashpw(
str(new_password).encode('utf-8'), bcrypt.gensalt())
user.password = npw.decode('utf-8')
user.cookie_id = uuid.uuid4()
util.send_reset_email(email, new_password)
def confirm_user(confirmation_link):
with get_session() as s:
user = s.query(User).filter(
User.confirmation_link == confirmation_link).one_or_none()
if user:
if user.status == 'unconfirmed':
user.status = 'active'
logging.info('User [{}] is confirmed'.format(user.email))
else:
abort(
409, 'User is currently confirmed by '
'this link or can\'t be confirmed')
abort(404, 'No user with this confirmation link')
def pre_login(email, password):
with get_session() as s:
user = s.query(User).filter(User.email == email).one_or_none()
if not user or user.status == 'deleted':
abort(404, 'User not found')
if user.status == 'banned':
abort(409, 'Trying to login banned user!')
pw = str(password).encode('utf-8')
upw = str(user.password).encode('utf-8')
if not bcrypt.checkpw(pw, upw):
abort(422, 'Invalid password')
return user
def change_password(u_id, old_password, new_password):
with get_session() as s:
u = User.get_or_404(s, u_id)
opw = str(old_password).encode('utf-8')
npw = str(new_password).encode('utf-8')
pw = str(u.password).encode('utf-8')
if not bcrypt.checkpw(opw, pw):
abort(422, 'Invalid password')
if bcrypt.checkpw(npw, pw):
abort(422, 'Old and new passwords are equal')
npw = bcrypt.hashpw(npw, bcrypt.gensalt())
u.password = npw.decode('utf-8')
u.cookie_id = uuid.uuid4()
return u
def update(u_id, new_data):
with get_session() as s:
u = User.get_or_404(s, u_id)
if u_id != current_user.id and not current_user.has_access(
'moderator'):
abort(403)
for param, value in new_data.items():
if param == 'tags':
if not current_user.has_access('moderator'):
abort(403, 'You cant change tags')
u.tags = s.query(Tag).filter(Tag.name.in_(value)).all()
elif param == 'interests':
u.interests = s.query(Tag).filter(Tag.name.in_(value)).all()
else:
setattr(u, param, value)
def register_user(data):
with get_session() as s:
user = s.query(User).filter(User.email == data['email']).one_or_none()
# checking unique link
while True:
confirmation_link = nanoid.generate(size=50)
exists = s.query(User).filter(
User.confirmation_link == confirmation_link).one_or_none()
if not exists:
break
pw = bcrypt.hashpw(
str(data['password']).encode('utf-8'),
bcrypt.gensalt()).decode('utf-8')
if user:
if user.status == 'deleted':
user.password = pw
user.name = data['name']
user.surname = data['surname']
user.status = config.DEFAULT_USER_STATUS
user.confirmation_link = confirmation_link
elif user.status == 'banned':
abort(409, 'User with this email was banned')
else:
abort(409, 'Trying to register existing user')
else:
user = User(email=data['email'],
name=data['name'],
surname=data['surname'],
password=pw,
confirmation_link=confirmation_link)
s.add(user)
if config.DEFAULT_USER_STATUS == 'unconfirmed':
util.send_email(data['email'], confirmation_link)
logging.info('Registering new user [{}]'.format(data['email']))
def validate_tags(tag_names):
with get_session() as s:
tags = s.query(Tag).filter(Tag.name.in_(tag_names)).all()
if sorted(tag_names) != sorted([t.name for t in tags]):
abort(422, 'Wrong tags')
def user_loader(cookie_id):
with get_session() as s:
return s.query(User).filter(User.cookie_id == cookie_id,
User.status == 'active').one_or_none()
def get(u_id):
with get_session() as s:
u = User.get_or_404(s, u_id)
return u.as_dict()
def get_many():
with get_session() as s:
tags = [t.name for t in s.query(Tag).all()]
return tags