def admin_login():
user_check = Users.check_any_exist()
if not user_check:
return redirect(url_for("create_account"))
if "user" in session:
return redirect(url_for("account", username=session["user"]))
error = None
if request.method == "POST":
token = session.pop('_csrf_token', None)
if not token or token != request.form.get('_csrf_token'):
abort(403)
username = request.form.get("username").strip()
password = request.form.get("password").strip()
user = Users.get_user_by_username(username)
if not user:
error = "Incorrect Credentials"
return render_template("login.html", error=error)
else:
if not user.check_password(password):
error = "Incorrect Credentials"
return render_template("login.html", error=error)
else:
session["user"] = user.username
return redirect(url_for("account", username=user.username))
return render_template("login.html", error=error)
def admin_login():
user_check = Users.check_any_exist()
if not user_check:
return redirect(url_for("create_account"))
if "user" in session:
return redirect(url_for("account", username=session["user"]))
error = None
if request.method == "POST":
token = session.pop('_csrf_token', None)
if not token or token != request.form.get('_csrf_token'):
abort(403)
username = request.form.get("username").strip()
password = request.form.get("password").strip()
user = Users.get_user_by_username(username)
if not user:
error = "Incorrect Credentials"
return render_template("login.html", error=error)
else:
if not user.check_password(password):
error = "Incorrect Credentials"
return render_template("login.html", error=error)
else:
session["user"] = user.username
return redirect(url_for("account", username=user.username))
return render_template("login.html", error=error)
def post(self):
title = request.form.get("title").strip()
body = request.form.get("body").strip()
user = Users.get_user_by_username(session["user"])
context = dict(title=title, body=body, author=user)
additional = self.get_context()
context.update(additional)
if not title or not body:
error = "Entry can\'t have empty title or body"
context.update(dict(error=error))
return self.render_template(context)
model = self.get_model()
check = model.check_exists(title)
if check:
error = "Entry with that title already exists, choose a new one.."
context.update(dict(error=error))
return self.render_template(context)
else:
context.update(self.process_additional_fields())
try:
func = getattr(model, self.create_method())
func(**context)
with app.app_context():
cache.clear()
flash("Created")
return redirect(url_for("account", username=session["user"]))
except Exception as e:
logger.debug(e)
error = "Processing error see error.log for details"
context.update(dict(error=error))
return self.render_template(context)
def test_utility_methods(self):
with test_database(db, (Users,)):
Users.create_user(username="******", password="******", real_name="real_name")
self.assertEquals("real_name", Users.get_user_by_username("konrad").real_name)
konrad = Users.get_user(1)
self.assertTrue(konrad.check_password("test"))
self.assertFalse(konrad.check_password("wrong_password"))
def account(username):
""" Main account view """
if username is None:
return redirect("/admin")
user = Users.get_user_by_username(username)
if not user:
abort(404)
articles = Articles.get_user_articles(user.username)
projects = UserProjects.get_all_projects()
return render_template("dashboard.html",
user=user,
articles=articles,
projects=projects)
def account(username):
""" Main account view """
if username is None:
return redirect("/admin")
user = Users.get_user_by_username(username)
if not user:
abort(404)
articles = Articles.get_user_articles(user.username)
projects = UserProjects.get_all_projects()
return render_template("dashboard.html",
user=user,
articles=articles,
projects=projects
)
def test_utility_methods(self):
with test_database(db, (Users, )):
Users.create_user(username="******",
password="******",
real_name="real_name")
self.assertEquals("real_name",
Users.get_user_by_username("konrad").real_name)
konrad = Users.get_user(1)
self.assertTrue(konrad.check_password("test"))
self.assertFalse(konrad.check_password("wrong_password"))
def set_info():
"""Set user information"""
user = Users.get_user_by_username(session['user'])
real_name = request.form.get("real-name", None)
description = request.form.get("description", None)
user.real_name = real_name
user.description = description
try:
user.save()
except Exception as e:
handle_errors("Error updating user info")
abort(500)
finally:
with app.app_context():
cache.clear()
return redirect(url_for('account_settings', username=session['user']))
def set_info():
"""Set user information"""
user = Users.get_user_by_username(session['user'])
real_name = request.form.get("real-name", None)
description = request.form.get("description", None)
user.real_name = real_name
user.description = description
try:
user.save()
except Exception as e:
handle_errors("Error updating user info")
abort(500)
finally:
with app.app_context():
cache.clear()
return redirect(url_for('account_settings', username=session['user']))
def about_edit():
user = Users.get_user_by_username(session["user"])
context = dict(additional_controls=False,
show_title=False,
body=user.about or "",
title_placeholder=None,
body_placeholder="Enter about page content...")
if request.method == "POST":
new_info = request.form.get("body").strip()
try:
user.about = new_info
user.save()
return redirect(url_for("account", username=session["user"]))
except:
context.update(error="Error when saving info,\
see error log for details")
return render_template("scratchpad.html", **context)
else:
return render_template("scratchpad.html", **context)
def about_edit():
user = Users.get_user_by_username(session["user"])
context = dict(additional_controls=False,
show_title=False,
body=user.about or "",
title_placeholder=None,
body_placeholder="Enter about page content...")
if request.method == "POST":
new_info = request.form.get("body").strip()
try:
user.about = new_info
user.save()
return redirect(url_for("account", username=session["user"]))
except:
context.update(error="Error when saving info,\
see error log for details")
return render_template("scratchpad.html", **context)
else:
return render_template("scratchpad.html", **context)
def upload_image():
error = None
if request.method == "POST":
description = request.form.get('description', None)
if request.form.get("imgur-img"):
image = request.files["image"]
if not image:
error = "No image chosen"
return render_template("upload_image.html", error=error)
user_id = get_config().imgur_id
extension = split_filename(image.filename, True)
if extension not in app.config["ALLOWED_FILENAMES"]:
error = "Allowed extensions are %r"\
% (", ".join(app.config["ALLOWED_FILENAMES"]))
return render_template("upload_image.html", error=error)
filename = secure_filename(image.filename.strip())
user = Users.get_user_by_username(session["user"])
config = dict(
image=image,
name=filename,
description=description)
response = ImgurHandler(user_id, config).send_image()
if not response["success"]:
error = "Error uploading to imgur"
return render_template("upload_image.html", error=error)
response_data = response["data"]
image_link = response_data["link"]
is_vertical = response_data["width"] + 10 < response_data["height"]
delete_hash = response_data["deletehash"]
try:
UserImages.add_image(image_link=image_link,
description=description,
delete_hash=delete_hash,
is_vertical=is_vertical,
imgur_img=True,
owner=user)
return redirect(url_for("user_images", username=user.username))
except:
error = "Error writing to database"
return render_template("upload_image.html", error=error)
return render_template("upload_image.html", error=response)
elif request.form.get('save-link'):
link = request.form.get('image-link', None)
if not link:
error = "No link given"
return render_template("upload_image.html", error=error)
user = Users.get_user_by_username(session["user"])
try:
UserImages.add_image(image_link=link,
description=description,
is_vertical=True,
imgur_img=False,
owner=user)
return redirect(url_for("user_images", username=user.username))
except Exception as e:
error = "Error writing to database"
return render_template("upload_image.html", error=error)
else:
return render_template("upload_image.html")
def account_settings(username):
user = Users.get_user_by_username(username)
if not user:
abort(404)
return render_template("settings_panel.html", user=user)
def upload_image():
error = None
if request.method == "POST":
description = request.form.get('description', None)
if request.form.get("imgur-img"):
image = request.files["image"]
if not image:
error = "No image chosen"
return render_template("upload_image.html", error=error)
user_id = get_config().imgur_id
extension = split_filename(image.filename, True)
if extension not in app.config["ALLOWED_FILENAMES"]:
error = "Allowed extensions are %r"\
% (", ".join(app.config["ALLOWED_FILENAMES"]))
return render_template("upload_image.html", error=error)
filename = secure_filename(image.filename.strip())
user = Users.get_user_by_username(session["user"])
config = dict(image=image, name=filename, description=description)
response = ImgurHandler(user_id, config).send_image()
if not response["success"]:
error = "Error uploading to imgur"
return render_template("upload_image.html", error=error)
response_data = response["data"]
image_link = response_data["link"]
is_vertical = response_data["width"] + 10 < response_data["height"]
delete_hash = response_data["deletehash"]
try:
UserImages.add_image(image_link=image_link,
description=description,
delete_hash=delete_hash,
is_vertical=is_vertical,
imgur_img=True,
owner=user)
return redirect(url_for("user_images", username=user.username))
except:
error = "Error writing to database"
return render_template("upload_image.html", error=error)
return render_template("upload_image.html", error=response)
elif request.form.get('save-link'):
link = request.form.get('image-link', None)
if not link:
error = "No link given"
return render_template("upload_image.html", error=error)
user = Users.get_user_by_username(session["user"])
try:
UserImages.add_image(image_link=link,
description=description,
is_vertical=True,
imgur_img=False,
owner=user)
return redirect(url_for("user_images", username=user.username))
except Exception as e:
error = "Error writing to database"
return render_template("upload_image.html", error=error)
else:
return render_template("upload_image.html")
def account_settings(username):
user = Users.get_user_by_username(username)
if not user:
abort(404)
return render_template("settings_panel.html", user=user)
