Ejemplo n.º 1
0
def editCard(company_id, card_id):
    """Edit card name, content and company

    Returns
      on GET: page that used to update card info
      on POST: persist update card info to database and redirect
    """
    if 'username' not in session:
        return redirect(
            url_for('login', error='You need to login to edit card')
        )

    error = request.args.get('error', '')

    user = utils.get_user_by_email(session['email'], db_session)
    company = utils.get_company_by_id(company_id, db_session)
    card = utils.get_card_by_id(card_id, db_session)

    if company is None:
        return redirect(url_for('showCompanies'))

    elif card is None:
        return redirect(url_for('showCards', company_id=company.id))

    elif card.user_id != user.id:
        error = "You can only edit the cards you created"

    elif request.method == 'POST':
        new_card_name = request.form.get("newCardName")
        new_card_content = request.form.get("newCardContent")
        new_card_company_id = request.form.get("newCompanyId")

        if new_card_name is None or new_card_name == "" \
           or new_card_content is None or new_card_content == "":
            error = "Please enter valid card name and content"

        else:
            card.name = new_card_name
            card.content = new_card_content
            card.company_id = new_card_company_id

            db_session.add(card)
            db_session.commit()

            company = utils.get_company_by_id(new_card_company_id, db_session)

            return redirect(url_for('showCards', company_id=card.company_id))

    all_companies = db_session.query(Company).all()

    return render_template(
        'edit-card.html',
        all_companies=all_companies,
        company=company,
        card=card,
        error=error,
    )
Ejemplo n.º 2
0
def newCard(company_id):
    """Add new card to database

    Returns
      on GET: page that add new card to a company
      on POST: add a card to the database and redirect to /companies/company_id
    """
    if 'username' not in session:
        return redirect(
            url_for('login', error='You need to login to add card')
        )

    user = utils.get_user_by_email(session['email'], db_session)
    company = utils.get_company_by_id(company_id, db_session)

    error = request.args.get('error', '')

    if company is None:
        return redirect(url_for('showCompanies'))

    elif request.method == 'POST':
        new_card_name = request.form.get("newCardName")
        new_card_content = request.form.get("newCardContent")

        if new_card_name is None or new_card_name == "" \
           or new_card_content is None or new_card_content == "":
            error = "Please enter valid card name and content"

        else:
            card = Card(
                name=new_card_name,
                content=new_card_content,
                company_id=company.id,
                user_id=user.id,
            )
            db_session.add(card)
            db_session.commit()

            return redirect(url_for('showCards', company_id=company.id))

    all_companies = db_session.query(Company).all()

    return render_template(
        'new-card.html',
        all_companies=all_companies,
        company=company,
        error=error,
    )
Ejemplo n.º 3
0
def deleteCompany(company_id):
    """Delete company from database

    Returns
      on GET: page used to delete a company record
      on POST: delete company from database and redirect to /companies
    """
    if 'username' not in session:
        return redirect(
            url_for('login', error='You need to login to delete company')
        )

    user = utils.get_user_by_email(session['email'], db_session)

    company = utils.get_company_by_id(company_id, db_session)

    error = request.args.get('error', '')

    if company is None:
        return redirect(url_for('showCompanies'))

    elif company.user_id != user.id:
        error = "You can only delete companies you created"

    elif request.method == 'POST':
        if request.form.get('deleteCompany'):
            # delete associated cards
            cards = db_session.query(Card)\
                              .filter(Card.company_id == company.id)
            cards.delete(synchronize_session=False)

            # delete company
            db_session.delete(company)
            db_session.commit()

            return redirect(url_for('showCompanies'))

    all_companies = db_session.query(Company).all()

    return render_template(
        'delete-company.html',
        all_companies=all_companies,
        company=company,
        error=error,
    )
Ejemplo n.º 4
0
def deleteCard(company_id, card_id):
    """Delete card associated with a company

    Returns
      on GET: page that use to confirm card deletion
      on POST: delete card record from the database and redirect
    """
    if 'username' not in session:
        return redirect(
            url_for('login', error='You need to login to delete card')
        )

    error = request.args.get('error', '')

    user = utils.get_user_by_email(session['email'], db_session)
    company = utils.get_company_by_id(company_id, db_session)
    card = utils.get_card_by_id(card_id, db_session)

    if company is None:
        return redirect(url_for('showCompanies'))

    elif card is None:
        return redirect(url_for('showCards', company_id=company.id))

    elif card.user_id != user.id:
        error = "You can only delete the cards you created"

    elif request.method == 'POST' \
         and request.form.get('deleteCard') is not None:
        db_session.delete(card)
        db_session.commit()

        return redirect(url_for('showCards', company_id=company.id))

    all_companies = db_session.query(Company).all()

    return render_template(
        'delete-card.html',
        all_companies=all_companies,
        company=company,
        card=card,
        error=error,
    )
Ejemplo n.º 5
0
def register(new_user: UserCreateSchema, db: Session = Depends(get_db)):
    print(new_user.email)
    user = get_user_by_email(db=db, user_email=new_user.email)
    if user:
        raise HTTPException(status_code=400,
                            detail="User already registered, Please login.")
    else:
        try:
            register_user(db=db, user=new_user)
        except IntegrityError as err:
            raise HTTPException(status_code=400,
                                detail="Please Enter all required fields.")
        except ValidationError as err:
            raise HTTPException(status_code=400, detail=err)

        return {
            "message": "Successfully registered a new user",
            "data": new_user
        }
Ejemplo n.º 6
0
def editCompany(company_id):
    """Edit company names in the database

    Returns
      on GET: page used to update company info
      on POST: update company name in the database and redirect to /companies
    """
    if 'username' not in session:
        return redirect(
            url_for('login', error='You need to login to edit company')
        )

    user = utils.get_user_by_email(session['email'], db_session)

    company = utils.get_company_by_id(company_id, db_session)

    error = request.args.get('error', '')

    if company is None:
        return redirect(url_for('showCompanies'))

    elif company.user_id != user.id:
        error = "You can only edit the companies you created"

    elif request.method == 'POST':
        new_company_name = request.form.get('newCompany')

        if new_company_name is None or new_company_name == '':
            error = 'Please enter a valid company name'
        else:
            company.name = new_company_name
            db_session.add(company)
            db_session.commit()

    all_companies = db_session.query(Company).all()

    return render_template(
        'edit-company.html',
        all_companies=all_companies,
        company=company,
        error=error,
    )
Ejemplo n.º 7
0
def api_login():
    user = get_current_user()
    if user:
        return jsonify(status='logged in', id=user.id, \
                email=user.email, name=user.name)
    data = json.loads(request.data)
    password = data.get('password', None)
    email = data.get('email', None)
    check, error = check_login_info(email, password)
    if not check:
        return jsonify(status='error', error=error)

    user = get_user_by_email(email=email)
    if not user:
        return jsonify(status='error', error='no such user')
    if not user.check_password(password):
        return jsonify(status='error', error='invaild passwd')

    account_login(user)
    return jsonify(status='ok', user_id=user.id, \
            email=user.email, name=user.name)
Ejemplo n.º 8
0
def newCompany():
    """Add new company to the database

    Returns
      on GET: page that used to add company
      on POST: create new company in the database and redirect to /companies
    """
    if 'username' not in session:
        return redirect(
            url_for('login', error='You need to login to add company')
        )

    user = utils.get_user_by_email(session['email'], db_session)

    error = request.args.get('error', '')

    if request.method == 'POST':
        new_company_name = request.form.get('newCompany')

        if new_company_name is None or new_company_name == '':
            error = 'Please enter a valid company name'
        elif db_session.query(Company)\
                       .filter(Company.name == new_company_name).count() > 0:
            error = '%s already exists' % new_company_name
        else:
            new_company = Company(name=new_company_name, user_id=user.id)
            db_session.add(new_company)
            db_session.commit()

            return redirect(url_for('showCompanies'))

    all_companies = db_session.query(Company).all()

    return render_template(
        'new-company.html',
        all_companies=all_companies,
        error=error,
    )
Ejemplo n.º 9
0
def gconnect():
    if request.args.get('state') != session['state']:
        response = make_response(json.dumps('Invalid state token'), 401)
        response.headers['Content-Type'] = 'application/json'
        return response

    code = request.data
    try:
        # Upgrade the authorization code into a credentials object
        oauth_flow = flow_from_clientsecrets('g_client_secrets.json', scope='')
        oauth_flow.redirect_uri = 'postmessage'
        credentials = oauth_flow.step2_exchange(code)
    except FlowExchangeError:
        response = make_response(
            json.dumps('Failed to upgrade the authorization code'),
            401,
        )
        response.headers['Content-Type'] = 'application/json'
        return response

    # Check the access token is valid
    access_token = credentials.access_token
    url = (
        'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s'
        % access_token
    )
    h = httplib2.Http()
    result = json.loads(h.request(url, 'GET')[1])

    if result.get('error') is not None:
        response = make_response(json.dumps(result.get('error')), 500)
        response.headers['Content-Type'] = 'application/json'
        return response

    # Verify the access token is used for intended user
    gplus_id = credentials.id_token['sub']
    if result['user_id'] != gplus_id:
        response = make_response(
            json.dumps('Token\'s user ID doesn\'t match given user ID '), 401
        )
        response.headers['Content-Type'] = 'application/json'
        return response

    # Verify the access token is valid for this app
    if result['issued_to'] != CLIENT_ID:
        response = make_response(
            json.dumps('Token\'s client ID doesn\'t match given application'),
            401,
        )
        response.headers['Content-Type'] = 'application/json'
        return response

    # check if user is already logged in
    stored_credentials = session.get('credentials')
    stored_gplus_id = session.get('gplus_id')
    if stored_credentials is not None and gplus_id == stored_gplus_id:
        response = make_response(
            json.dumps('Current user is already connected'), 200
        )
        response.headers['Content-Type'] = 'application/json'

    # store the access token in the session for later use
    session['access_token'] = credentials.access_token
    session['gplus_id'] = gplus_id

    # get user info
    userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
    params = {'access_token': access_token, 'alt': 'json'}
    answer = requests.get(userinfo_url, params=params)
    data = json.loads(answer.text)

    session['provider'] = 'Google'
    session['username'] = data['name']
    session['picture'] = data['picture']
    # email is working inconsistently for oauth2 endpoint
    # use https://www.googleapis.com/plus/v1/people/me instead if it is needed
    session['email'] = data.get('emails', gplus_id + "@google.com")

    # store user info into db
    if utils.get_user_by_email(session['email'], db_session) is None:
        utils.create_user(session, db_session)

    flash('You are now logged in as %s' % session['username'])

    return redirect(url_for('showCompanies'))
Ejemplo n.º 10
0
import utils as utils

users = []

while True:
    print("Enter 1 to print information about user, 2 to add new user, 3 to delete user, 4 to quit")
    action = int(input("Your input: "))

    if action == 1:
        print("Enter 1 to search by e-mail 2 to search by username")
        get_by = int(input("Your input: "))

        try:
            if get_by == 1:
                email = input("Enter e-mail: ")
                user = utils.get_user_by_email(users=users,
                                               email=email)
                user.print_user()

            elif get_by == 2:
                username = input("Enter username: "******"Full name: ")
        username = input("Username: "******"E-mail: ")