def contact_seller():
message = request.form['contact_message']
email = request.form['contact_recipient'] # Email of person that posted the textbook
sender_email = request.form['contact_email'] # Email of person that is interested in textbook
post_id = request.form['post_id']
user_id = session['user_id']
book_for_sale = dbOps.get_post(post_id)
dbOps.send_contact_seller_email(email, sender_email, mail_manager, message, book_for_sale.textbook_title)
return redirect(url_for("show_user_page", user_id=user_id))
def edit_account(user_id):
form = EditAccountForm(request.form)
if not session.get('logged_in'):
return "You are not logged in"
user = dbOps.get_user_by_ID(user_id)
if not user:
return "No user account associated with that user"
if request.method == 'GET':
return render_template("edit_account_page.html", user_id=user_id, form=form)
if request.method == 'POST' and form.validate():
errors = []
new_email = form.email.data
new_pword = form.password.data
if (not new_email) and (not new_pword):
errors += ['Please enter a new email or password']
errors += validate_password(new_pword) + validate_email(new_email)
if dbOps.user_exists(new_email):
flash("Account already exists for this email")
return render_template("edit_account_page.html", user_id=user_id, form=form)
if len(errors) is not 0:
if errors[0] !='field is required':
flash(errors[0])
return render_template("edit_account_page.html", user_id=user_id, form=form)
if new_email:
dbOps.send_verification_email(new_email, mail_manager)
flash("you will receive a confirmation email with an activation URL, to prove that the new email address belongs to you")
dbOps.edit_user_account(user_id, new_email, encrypt(new_pword))
return redirect(url_for('index'))
dbOps.edit_user_account(user_id, new_email, encrypt(new_pword))
flash("Account successfully updated")
return redirect(url_for('show_user_page', user_id=user_id))
else:
flash("Please fix any errors")
return render_template("edit_account_page.html", user_id=user_id, form=form)
def searchWithoutLoading():
if request.headers['Content-Type'] == 'application/json':
request_json = request.get_json()
query = request_json['search_query']
if len(query) != 0:
posts = dbOps.search(query)
if len(posts) == 0:
posts_json = json.dumps({'posts_data': []})
return posts_json
formatted_posts = []
for post in posts:
new_post = (
post.textbook_title,
post.textbook_author,
str(post.post_id)
)
formatted_posts.append(new_post)
posts_dictionary = {
'posts_data':
list([{
'textbook_title': textbook_title,
'textbook_author': textbook_author,
'post_id': post_id
} for (textbook_title, textbook_author, post_id) in formatted_posts])
}
posts_json = json.dumps(posts_dictionary)
return posts_json
else:
posts_json = json.dumps({'posts_data': []})
return posts_json
def show_all_posts():
if not session.get('logged_in'):
return 'You are not logged in'
if request.method == 'GET':
posts = dbOps.get_all_posts()
page, per_page, offset = get_page_items(20)
pagination = Pagination(page=page, total=len(posts), search=False, record_name='posts', per_page=per_page, css_framework='foundation')
return render_template("posts.html", posts=posts[offset:offset+per_page], pagination=pagination, user_id=session['user_id'])
def reset_password():
if request.method == 'GET':
token = request.args.get('token')
return render_template('update_password.html', token=token)
elif request.method == 'POST':
token = request.form['token']
email = Token.confirm_token(token)
new_password = request.form['password']
errors = []
errors.append(validate_password(new_password))
flattened_errors_list = [error for errorSublist in errors for error in errorSublist]
if(len(flattened_errors_list) == 0):
user = dbOps.get_user_by_email(email)
dbOps.edit_user_account(user.user_id, None, encrypt(new_password))
flash("Successfully updated password", 'Success')
return render_template('index.html')
else:
formatted_error = '. '.join(str(error) for error in flattened_errors_list)
flash(formatted_error)
return render_template('update_password.html', token=token)
def search():
if request.method == 'POST':
query = request.form['search']
posts = dbOps.search(query)
if posts:
page, per_page, offset = get_page_items(20)
pagination = Pagination(page=page, total=len(posts), search=False, record_name='posts', per_page=per_page, css_framework='foundation')
return render_template("posts.html", posts=posts[offset:offset + per_page], pagination=pagination, search_terms=query, user_id=session['user_id'])
else:
flash("No posts match your search!")
return redirect(url_for("show_all_posts"))
def show_post(post_id):
if not session.get('logged_in'):
return 'You are not logged in'
if request.method == 'GET':
post = dbOps.get_post(post_id=post_id)
if post:
return render_template("post_page.html", post=post, user_id=session['user_id'])
else:
return "The post you are trying to access does not exist"
if request.method == 'POST':
creator = dbOps.get_post(post_id=post_id).creator
if request.form['submit'] == 'Delete this post':
dbOps.remove_post(post_id)
flash("Post deleted successfully")
return redirect(url_for("show_user_page", user_id=creator.user_id))
elif request.form['submit'] == 'Edit this post':
return redirect(url_for("edit_post", post_id=post_id))
else:
return 'No other options implemented yet'
def show_user_page(user_id):
if request.method == 'GET':
if not session.get('logged_in'):
return "You are not logged in"
user = dbOps.get_user_by_ID(user_id)
if user:
sorting = request.args.get('sorting')
if sorting == 'OldestFirst':
sorting = 'OldestFirst'
posts = dbOps.get_oldest_first_posts_by_user(user)
else:
sorting = 'MostRecent'
posts = dbOps.get_most_recent_posts_by_user(user)
page, per_page, offset = get_page_items(5)
pagination = Pagination(page=page, total=len(posts), search=False, record_name='posts', per_page=5, css_framework='foundation')
return render_template('user_page.html', user_id=user_id, posts=posts[offset:offset+per_page], pagination=pagination, sorting=sorting)
else:
return "No user account associated with that user"
if request.method == 'POST':
return redirect(url_for('create_post', user_id=user_id))
def create_account():
errors = []
password = request.form['password']
email = request.form['email']
if request.method == 'POST':
errors = validate_password(password)
email_errors = validate_email(email)
if len(email_errors) is not 0:
errors.append(email_errors)
if len(errors) is 0:
if dbOps.user_exists(email):
flash("Account already exists for this email")
return render_template('signup.html', error=errors)
else:
dbOps.insert_user(email, encrypt(password))
dbOps.send_verification_email(email, mail_manager)
return render_template('index.html')
else:
formatted_error = '. '.join(str(error) for error in errors)
flash(formatted_error)
return render_template('signup.html')
def show_post(post_id):
if not session.get('logged_in'):
return 'You are not logged in'
if request.method == 'GET':
post = dbOps.get_post(post_id=post_id)
if post:
return render_template("post_page.html",
post=post,
user_id=session['user_id'])
else:
return "The post you are trying to access does not exist"
if request.method == 'POST':
creator = dbOps.get_post(post_id=post_id).creator
if request.form['submit'] == 'Delete this post':
dbOps.remove_post(post_id)
flash("Post deleted successfully")
return redirect(url_for("show_user_page", user_id=creator.user_id))
elif request.form['submit'] == 'Edit this post':
return redirect(url_for("edit_post", post_id=post_id))
else:
return 'No other options implemented yet'
def reset_password():
if request.method == 'GET':
token = request.args.get('token')
return render_template('update_password.html', token=token)
elif request.method == 'POST':
token = request.form['token']
email = Token.confirm_token(token)
new_password = request.form['password']
errors = []
errors.append(validate_password(new_password))
flattened_errors_list = [
error for errorSublist in errors for error in errorSublist
]
if (len(flattened_errors_list) == 0):
user = dbOps.get_user_by_email(email)
dbOps.edit_user_account(user.user_id, None, encrypt(new_password))
flash("Successfully updated password", 'Success')
return render_template('index.html')
else:
formatted_error = '. '.join(
str(error) for error in flattened_errors_list)
flash(formatted_error)
return render_template('update_password.html', token=token)
def edit_post(post_id):
post = dbOps.get_post(post_id=post_id)
form = EditPostForm(request.form, obj=post)
creator = post.creator
user_id = session['user_id']
if not session.get('logged_in'):
return "You are not logged in"
if not creator.user_id==user_id:
return "You do not have permission to edit this post"
post = dbOps.get_post(post_id)
if not post:
return "This post does not exist"
if request.method == 'GET':
return render_template("edit_post_page.html", post_id=post_id, form=form)
if request.method == 'POST' and form.validate():
new_title = form.textbook_title.data
new_author = form.textbook_author.data
if (not new_title) or (not new_author):
errors = ['Please enter a title or author']
flash(errors[0])
return render_template("edit_post_page.html", post_id=post_id, form=form)
dbOps.update_existing_post(post_id, new_title, new_author)
flash('Post has been updated')
return redirect(url_for('show_user_page', user_id=creator.user_id))
def login():
if request.method == 'POST':
email = request.form['email']
password = request.form['password']
if len(email) is 0 or len(password) is 0:
flash("Please provide an email address and a password")
return render_template("index.html")
is_valid = dbOps.validate_login_credentials(email, encrypt(password))
user = dbOps.get_user_by_email(email)
if is_valid:
if dbOps.is_user_account_activated(email):
session['logged_in'] = True
session['user_id'] = user.user_id
session.permanent = True
app.permanent_session_lifetime = timedelta(minutes=20)
return redirect(url_for('show_user_page', user_id=user.user_id))
else:
flash("Your account has not been activated yet. Please follow the URL in your email")
return render_template("index.html")
else:
flash("invalid login credentials")
return render_template("index.html")
def forgot_password():
if request.method == 'GET':
return render_template('forgot_password.html')
elif request.method == 'POST':
email = request.form['email']
if dbOps.get_user_by_email(email) is None:
flash('The email you entered is not associated with any account. Please verify the email address.', 'danger')
return redirect(url_for('forgot_password'))
else:
token = Token.generate_confirmation_token(email)
recover_password_url = url_for('reset_password', token=token, _external=True)
html = render_template('reset_password.html', recover_password_url=recover_password_url)
subject = "BookSwap - Password Recovery"
mail_manager.send_email(email, subject, html)
flash("An email has been sent to your account, please follow the link to reset your password.", 'success')
return redirect(url_for('index'))
def show_all_posts():
if not session.get('logged_in'):
return 'You are not logged in'
if request.method == 'GET':
posts = dbOps.get_all_posts()
page, per_page, offset = get_page_items(20)
pagination = Pagination(page=page,
total=len(posts),
search=False,
record_name='posts',
per_page=per_page,
css_framework='foundation')
return render_template("posts.html",
posts=posts[offset:offset + per_page],
pagination=pagination,
user_id=session['user_id'])
def edit_account(user_id):
form = EditAccountForm(request.form)
if not session.get('logged_in'):
return "You are not logged in"
user = dbOps.get_user_by_ID(user_id)
if not user:
return "No user account associated with that user"
if request.method == 'GET':
return render_template("edit_account_page.html",
user_id=user_id,
form=form)
if request.method == 'POST' and form.validate():
errors = []
new_email = form.email.data
new_pword = form.password.data
if (not new_email) and (not new_pword):
errors += ['Please enter a new email or password']
errors += validate_password(new_pword) + validate_email(new_email)
if dbOps.user_exists(new_email):
flash("Account already exists for this email")
return render_template("edit_account_page.html",
user_id=user_id,
form=form)
if len(errors) is not 0:
if errors[0] != 'field is required':
flash(errors[0])
return render_template("edit_account_page.html",
user_id=user_id,
form=form)
if new_email:
dbOps.send_verification_email(new_email, mail_manager)
flash(
"you will receive a confirmation email with an activation URL, to prove that the new email address belongs to you"
)
dbOps.edit_user_account(user_id, new_email, encrypt(new_pword))
return redirect(url_for('index'))
dbOps.edit_user_account(user_id, new_email, encrypt(new_pword))
flash("Account successfully updated")
return redirect(url_for('show_user_page', user_id=user_id))
else:
flash("Please fix any errors")
return render_template("edit_account_page.html",
user_id=user_id,
form=form)
def create_post():
if not session.get('logged_in'):
return 'You are not logged in'
user_id = request.values['user_id']
if request.method == 'GET':
return render_template("create_post_page.html", user_id=session['user_id'])
else:
title = request.values['textbook_title']
author = request.values['textbook_author']
email = request.values['contact_seller_email']
if email and validate_email(email) is None:
flash("Email address is not valid")
return render_template("create_post_page.html")
if not title:
flash("You need to submit a title for the book")
return render_template("create_post_page.html")
newpost = dbOps.insert_post(title, user_id, author, email)
return redirect(url_for('show_post', post_id=newpost.post_id, user_id=session['user_id']))
def search():
if request.method == 'POST':
query = request.form['search']
posts = dbOps.search(query)
if posts:
page, per_page, offset = get_page_items(20)
pagination = Pagination(page=page,
total=len(posts),
search=False,
record_name='posts',
per_page=per_page,
css_framework='foundation')
return render_template("posts.html",
posts=posts[offset:offset + per_page],
pagination=pagination,
search_terms=query,
user_id=session['user_id'])
else:
flash("No posts match your search!")
return redirect(url_for("show_all_posts"))
def create_post():
if not session.get('logged_in'):
return 'You are not logged in'
user_id = request.values['user_id']
if request.method == 'GET':
return render_template("create_post_page.html",
user_id=session['user_id'])
else:
title = request.values['textbook_title']
author = request.values['textbook_author']
email = request.values['contact_seller_email']
if email and validate_email(email) is None:
flash("Email address is not valid")
return render_template("create_post_page.html")
if not title:
flash("You need to submit a title for the book")
return render_template("create_post_page.html")
newpost = dbOps.insert_post(title, user_id, author, email)
return redirect(
url_for('show_post',
post_id=newpost.post_id,
user_id=session['user_id']))
def forgot_password():
if request.method == 'GET':
return render_template('forgot_password.html')
elif request.method == 'POST':
email = request.form['email']
if dbOps.get_user_by_email(email) is None:
flash(
'The email you entered is not associated with any account. Please verify the email address.',
'danger')
return redirect(url_for('forgot_password'))
else:
token = Token.generate_confirmation_token(email)
recover_password_url = url_for('reset_password',
token=token,
_external=True)
html = render_template('reset_password.html',
recover_password_url=recover_password_url)
subject = "BookSwap - Password Recovery"
mail_manager.send_email(email, subject, html)
flash(
"An email has been sent to your account, please follow the link to reset your password.",
'success')
return redirect(url_for('index'))
import mongoengine
import BookSwap
from flask import Flask
from flask.ext.testing import TestCase
from database.operations import DBOperations
from encryption.encryption import encrypt
DB = DBOperations()
class EditPostTestCase(TestCase):
def setUp(self):
mongoengine.connect('testDB', host='localhost', port=57589)
DB.delete_users()
DB.delete_posts()
BookSwap.app.config.update(MONGODB_SETTINGS={
'DB': 'testDB',
'alias': 'default',
'port': 57589
})
BookSwap.app.config['TESTING'] = True
BookSwap.app.config['SECRET_KEY'] = '112SOMESECRETKEY987'
self.app = BookSwap.app.test_client()
def tearDown(self):
DB.delete_users()
DB.delete_posts()
def create_app(self):
app = Flask(__name__)
app.config['TESTING'] = True
return app
def confirm_email():
if request.method == 'GET':
token = request.args.get('token')
dbOps.confirm_email(token)
return render_template('index.html', page='index')
def confirm_email():
if request.method == 'GET':
token = request.args.get('token')
dbOps.confirm_email(token)
return render_template('index.html', page='index')
