def topic_edit(topic_id): topic = db.query(Topic).get(int(topic_id)) if request.method == "GET": return render_template("topics/topic_edit.html", topic=topic) elif request.method == "POST": title = request.form.get("title") text = request.form.get("text") user = user_from_session_token() # check if user is logged in and user is author if not user: redirect(url_for("auth/login")) elif topic.author_id != user.id: return "You are not an author" else: # update the topic fields topic.title = title topic.text = text db.add(topic) db.commit() return redirect(url_for('topic.topic_details', topic_id=topic_id))
def comment_edit(comment_id): comment = Comment.get_comment(comment_id) user = user_from_session_token() if not user: return redirect(url_for('auth.login')) elif comment.author.id != user.id: return "You can only edit your own comments!" if request.method == "GET": csrf_token = set_csrf_token(username=user.username) return render_template("comment/comment_edit.html", comment=comment, csrf_token=csrf_token) elif request.method == "POST": text = request.form.get("text") csrf = request.form.get("csrf") if is_valid_csrf(csrf, user.username): comment.text = text db.add(comment) db.commit() return redirect( url_for('topic.topic_details', topic_id=comment.topic.id)) else: return "CSRF error: tokens don't match!"
def login(): if request.method == "GET": return render_template("auth/login.html") elif request.method == "POST": username = request.form.get("username") password = request.form.get("password") # get password hash out of password password_hash = hashlib.sha256(password.encode()).hexdigest() # get user from database by her/his username and password user = db.query(User).filter_by(username=username).first() if not user: return "This user does not exist" else: # if user exists, check if password hashes match if password_hash == user.password_hash: user.session_token = str(uuid.uuid4( )) # if password hashes match, create a session token db.add(user) db.commit() # save user's session token into a cookie response = make_response(redirect(url_for('topic.index'))) response.set_cookie( "session_token", user.session_token ) # you might want to set httponly=True on production return response else: return "Your password is incorrect!"
def card_edit(card_id): card = db.query(Card).get(int(card_id)) # get card from db by ID if request.method == "GET": return render_template("card/card_edit.html", card=card) elif request.method == "POST": bauhjahr = request.form.get("baujahr") maschinennummer = request.form.get("maschinennummer") standort = request.form.get("standort") # get current user (author) session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token).first() # check if user is logged in and user is author if not user: return redirect(url_for('auth.login')) elif card.author.id != user.id: return "You are not the author!" else: # update the card fields card.baujahr = bauhjahr card.maschinennummer = maschinennummer card.standort = standort db.add(card) db.commit() return redirect(url_for('card/card.card_details', card_id=card_id))
def login(): if request.method == "GET": return render_template("auth/login.html") elif request.method == "POST": user_name = request.form.get("username") password = request.form.get("password") password_hash = hashlib.sha256(password.encode()).hexdigest() user = db.query(User).filter_by(username=user_name).first() if not user: return "This user does not exist" else: if password_hash == user.password_hash: user.session_token = str(uuid.uuid4()) db.add(user) db.commit() response = make_response(redirect(url_for('topic.index'))) response.set_cookie("session_token", user.session_token, httponly=True, samesite='Strict') return response else: return "Your Passwrod isnt correct"
def signup(): if request.method == "GET": return render_template("auth/signup.html") elif request.method == "POST": username = request.form.get("username") email_adress = request.form.get("email-adress") password = request.form.get("password") repeat = request.form.get("repeat") if password != repeat: return "Passwords do not match! Go back and try again." user = User(username=username, password_hash=hashlib.sha256( password.encode()).hexdigest(), session_token=str(uuid.uuid4()), email_adress=email_adress) db.add(user) # add to the transaction (user is not yet in a database) db.commit( ) # commit the transaction into the database (user is now added in the database) # save user's session token into a cookie response = make_response(redirect(url_for('topic.index'))) response.set_cookie( "session_token", user.session_token ) # you might want to set httponly=True on production return response
def create(cls, title, text, author): topic = cls(title=title, tect=text, author=author) db.add(topic) db.commit() return topic
def comment_edit(comment_id): comment = db.query(Comment).get(int(comment_id)) # get comment from db by ID # get current user session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token, verified=True).first() # check if user logged in & if user is author if not user: return redirect(url_for('auth.login')) elif comment.author.id != user.id: return "You can only edit your own comments!" # GET request if request.method == "GET": csrf_token = create_csrf_token(username=user.username) return render_template("comment/comment_edit.html", comment=comment, csrf_token=csrf_token) # POST request elif request.method == "POST": text = request.form.get("text") # check CSRF tokens csrf = request.form.get("csrf") if validate_csrf(csrf, user.username): # if it validates, edit the comment comment.text = text db.add(comment) db.commit() return redirect(url_for('topic.topic_details', topic_id=comment.topic.id)) else: return "CSRF error: tokens don't match!"
def signup(): if request.method == "GET": return render_template("signup.html") elif request.method == "POST": username = request.form.get("username") email = request.form.get("email") password = request.form.get("password") password_repeat = request.form.get("password_repeat") if password != password_repeat: return "Passwords don't match" user = User( username=username, email=email, password=hashlib.sha512(password.encode()).hexdigest(), session_token=str(uuid.uuid4()), ) db.add(user) db.commit() response = make_response(redirect(url_for("index"))) response.set_cookie("session_token", user.session_token, httponly=True, samesite="Strict") return response
def signup(): if request.method == "GET": return render_template("auth/signup.html") elif request.method == "POST": vorname = request.form.get("vorname") nachname = request.form.get("nachname") email_adresse = request.form.get("email_adresse") unternehmen = request.form.get("unternehmen") position = request.form.get("position") passwort = request.form.get("passwort") passwort_wiederholen = request.form.get("passwort_wiederholen") if passwort != passwort_wiederholen: return "Passwords do not match! Go back and try again." user = User(vorname=vorname, nachname=nachname, email_adresse=email_adresse, unternehmen=unternehmen, position=position, passwort_hash=hashlib.sha256(passwort.encode()).hexdigest(), session_token=str(uuid.uuid4()) ) db.add(user) # add to the transaction (user is not yet in a database) db.commit() # commit the transaction into the database (user is now added in the database) # save user's session token into a cookie response = make_response(redirect(url_for('card.index'))) response.set_cookie("session_token", user.session_token) # you might want to set httponly=True on production return response
def topic_edit(topic_id): topic = db.query(Topic).get(int(topic_id)) if request.method == "GET": return render_template("topic_edit.html", topic=topic) elif request.method == "POST": title = request.form.get("title") text = request.form.get("text") # get current user (author) session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token).first() # check if user is logged in and user is author if not user: return redirect(url_for('login')) elif topic.author.id != user.id: return "You are not the author!" else: # update the topic fields topic.title = title topic.text = text db.add(topic) db.commit() return redirect(url_for('topic_details', topic_id=topic_id))
def topic_edit(topic_id): topic = db.query(Topic).get(int(topic_id)) # get topic from db by ID if request.method == "GET": return render_template("topic/topic_edit.html", topic=topic) elif request.method == "POST": title = request.form.get("title") text = request.form.get("text") # get current user (author) session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token).first() # check if user is logged in and user is author if not user: return redirect(url_for('auth.login')) elif topic.author.id != user.id: return "You are not the author!" else: # update the topic fields topic.title = title topic.text = text db.add(topic) db.commit() # START test background tasks (TODO: delete this code later) if os.getenv('REDIS_URL'): from tasks import get_random_num get_random_num() # END test background tasks return redirect(url_for('topic/topic.topic_details', topic_id=topic_id))
def signup(): if request.method == "GET": return render_template("auth/signup.html") elif request.method == "POST": username = request.form.get("username") password = request.form.get("password") repeat = request.form.get("repeat") if password != repeat: return "Passwords do not match! try again." user = User(username=username, password_hash=hashlib.sha256( password.encode()).hexdigest(), session_token=str(uuid.uuid4())) db.add(user) db.commit() response = make_response(redirect(url_for('topic.index'))) response.set_cookie("session_token", user.session_token, httponly=True, samesite='Strict') return response
def comment_edit(comment_id): comment = db.query(Comment).get( int(comment_id)) # get comment from db by ID # get current user session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token).first() # check if user is logged in and user is author if not user: redirect(url_for("auth/login")) elif comment.author.id != user.id: return "You are not an author" if request.method == "GET": return render_template("topics/comment_edit.html", comment=comment) # POST request elif request.method == "POST": text = request.form.get("text") comment.text = text db.add(comment) db.commit() return redirect( url_for('topic.topic_details', topic_id=comment.topic.id))
def logout(): user = user_from_session_token() user.session_token = "" db.add(user) db.commit() return redirect(url_for('topic.index'))
def logout(): session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token).first() user.session_token = "" db.add(user) db.commit() return redirect(url_for('index'))
def verify_email(token): user = db.query(User).filter_by(verification_token=token).first() if user: user.verified = True db.add(user) db.commit() return render_template("auth/email_verification_result.html", verified=user.verified)
def update(cls, topic_id, title, text): topic = db.query(Topic).get(int(topic_id)) topic.title = title topic.text = text db.add(topic) db.commit() return topic
def create(cls, name, baujahr, maschinennummer, standort, author): card = cls(name=name, baujahr=baujahr, maschinennummer=maschinennummer, standort=standort, author=author) db.add(card) db.commit() return card
def create(cls, text, author, topic): comment = cls(text=text, author=author, topic=topic) db.add(comment) db.commit() # only send of topic author has her/his email in the database if topic.author.email: send_email(receiver_email=topic.author.email, subject="New comment for your topic!", text="Your topic {} has a new comment.".format(topic.title)) return comment
def create(cls, username, password_hash, email): session_token = str(uuid.uuid4()) user = cls(username=username, password_hash=password_hash, session_token=session_token, email=email) db.add(user) db.commit() return user
def create(cls, text, author, topic): comment = cls(text=text, author=author, topic=topic) db.add(comment) db.commit() if topic.author.email_address: send_email(receiver_email=topic.author.email_address, subject="New comment for your topic!", text="Your topic {} has a new comment.".format( topic.title)) return comment
def signup(): if request.method == "GET": return render_template("auth/signup.html") elif request.method == "POST": username = request.form.get("username") password = request.form.get("password") email_address = request.form.get("email-address") repeat = request.form.get("repeat") if password != repeat: return "Passwords do not match! Go back and try again." user = User(username=username, password_hash=hashlib.sha256( password.encode()).hexdigest(), session_token=str(uuid.uuid4()), email_address=email_address, verification_token=str(uuid.uuid4())) db.add(user) # add to the transaction (user is not yet in a database) db.commit( ) # commit the transaction into the database (user is now added in the database) # verification email message subject = "Verify your email address" domain = "{}.herokuapp.com".format( os.getenv("HEROKU_APP_NAME" )) # TODO: set HEROKU_APP_NAME config var on Heroku! print("Domain: " + str(domain)) text = "Hi! Click on this link to verify your email address: {0}/verify-email/{1}".format( domain, user.verification_token) # send verification email send_email(receiver_email=user.email_address, subject=subject, text=text) # save user's session token into a cookie response = make_response(redirect(url_for('topic.index'))) response.set_cookie( "session_token", user.session_token ) # you might want to set httponly=True on production return response
def login(): if request.method == "GET": return render_template("login.html") elif request.method == "POST": username = request.form.get("username") password = request.form.get("password") # session_token = str(uuid.uuid4()) # get password hash out of password password_hash = str(hashlib.sha256(password.encode()).hexdigest()) # get user form database by username and password user = db.query(User).filter_by(username=username).first() if not user: return "User does not exist" else: if password_hash == user.password_hash: user.session_token = str(uuid.uuid4()) db.add(user) db.commit() response = make_response( redirect( url_for('profile.profile', user=user, username=user.username, password_hash=password_hash))) response.set_cookie("session_token", user.session_token, httponly=True, samesite='Strict') # response = redirect(url_for('profile.profile', user=user, username=user.username, password_hash=password_hash)) # response.set_cookie("session_token", user.session_token, httponly=True, samesite='Strict') return response else: return "Invalid Username or Password"
def topic_edit(topic_id): topic = db.query(Topic).get(int(topic_id)) if request.method == "GET": return render_template("topic/edit.html", topic=topic) elif request.method == "POST": title = request.form.get("title") text = request.form.get("text") user = User.get_by_session() if not user: return redirect(url_for("index")) elif topic.author.id != user.id: return "Operation not allowed" else: topic.title = title topic.text = text db.add(topic) db.commit() return redirect(url_for("index"))
def get_all_bitts(cls): bitts = db.query(cls).order_by(desc( cls.created)).all() # get all bitts from the database if not bitts: # some pre-made bitts (you can delete them) bitt1 = cls(username="******", text="I'm fine. Thanks for not asking.") db.add(bitt1) bitt2 = cls( username="******", text="Sometimes you have to unfollow people in real life.") db.add(bitt2) bitt3 = cls(username="******", text="I hope karma slaps you in the face before I do.") db.add(bitt3) db.commit() bitts.append(bitt1) bitts.append(bitt2) bitts.append(bitt3) return bitts
def login(): if request.method == "GET": return render_template("login.html") elif request.method == "POST": username = request.form.get("username") password = request.form.get("password") user = (db.query(User).filter_by( username=username, password=hashlib.sha512(password.encode()).hexdigest()).first()) if not user: return "Invalid credentials!" else: user.session_token = str(uuid.uuid4()) db.add(user) db.commit() response = make_response(redirect(url_for("index"))) response.set_cookie("session_token", user.session_token, httponly=True, samesite="Strict") return response
def profile_edit(profile_id): # profile_owner_data = db.query(ProfileData).get(int(profile_id)) if request.method == "GET": session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token).first() # get profile data # profile_data = db.query(ProfileData).all() owner_id = user.id profile_owner_data = db.query(ProfileData).filter_by( owner_id=owner_id).first() return render_template("profile-edit.html", user=user, profile_owner_data=profile_owner_data, profile_id=profile_id) elif request.method == "POST": firstname = request.form.get("firstname") lastname = request.form.get("lastname") # get owner session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token).first() owner_id = user.id profile_owner_data = db.query(ProfileData).filter_by( owner_id=owner_id).first() profile_owner_data.firstname = firstname profile_owner_data.lastname = lastname db.add(profile_owner_data) db.commit() return redirect(url_for('profile.profile'))
def insert(self): db.add(self) db.commit() # save ID into Redis (last Bitt ID) set_last_bitt(self.id)
def create(cls, text, author, topic): comment = cls(text=text, author=author, topic=topic) db.add(comment) db.commit() return comment