Example #1
0
def login_by_email(user_email):
    sql = 'SELECT user_id, user_name FROM users WHERE user_email = "{}"'.format(
        user_email)
    indicator = query_fetch(sql, DB)
    # Login Success
    if indicator:
        response = SuccessResponse()
        response.data['userid'] = indicator['user_id']
        token = uuid.uuid4()  # generate token
        key = uuid.uuid4()  # generate key
        response.data['token'] = token

        # Insert generated token to database
        sql = "UPDATE users SET user_tokens = '{}', user_key = '{}' WHERE user_id = {} "\
            .format(token, key, indicator['user_id'])
        query_mod(sql, DB)

        # send email in this block
        verify_url = PROTOCOL + DOMAIN + ':' + str(PORT) + url_for(
            'auth.verify', key=key)
        params = dict(USER=indicator['user_name'], URL=verify_url)
        msg = Message('NYUSHer: Verify Your Login',
                      sender='*****@*****.**',
                      recipients=[user_email])
        msg.html = render_template('login-verification.html', **params)
        send_mail(msg)
    # Login Fail
    else:
        response = ErrorResponse()
        response.error['errorCode'] = LOGIN_ERR
        response.error['errorMsg'] = "Email doesn't not exist"
    return jsonify(response.__dict__)
Example #2
0
def create_a_comment():
    author_id     = int(request.headers.get('userid'))
    subscriber_id = request.form.get('suid')
    pid           = int(request.form.get('pid'))
    content       = replace(request.form.get('content'))
    if content.strip() == '':
        # No empty content allowed
        response = ErrorResponse()
        response.error['errorCode'] = '108'
        response.error['errorMsg'] = 'content cannot be empty'
        return jsonify(response.__dict__)
    sql = "INSERT INTO comments(content, pid, uid, subscriber) VALUES ('{}', '{}', '{}', '{}')" \
        .format(content, pid, author_id, subscriber_id)
    if VERBOSE:
        print("insert query:" + sql)
    query_mod(sql, DB)
    # Get the generated comment
    sql = "SELECT users.user_name,comments.* FROM comments, users " \
          "WHERE users.user_id = comments.uid AND pid = {} AND uid = {} AND subscriber = '{}' " \
          "ORDER BY timestamp DESC LIMIT 1" .format(pid, author_id, subscriber_id)
    if VERBOSE:
        print("get post_id query:" + sql)
    indicator = query_fetch(sql, DB)
    response = PostList()
    if indicator:
        print()
        response.data = indicator
    else:
        response = ErrorResponse()
        response.error['errorCode'] = '106'
        response.error['errorMsg'] = 'Somehow comment is not posted.'
    return jsonify(response.__dict__)
Example #3
0
def delete_a_comment(cid):
    uid = int(request.headers.get('userid'))
    sql = "SELECT uid FROM comments WHERE cid = '{}'".format(cid)
    indicator = query_fetch(sql, DB)
    # authentication
    if indicator:
        if uid != indicator['uid']:
            response = ErrorResponse()
            response.error['errorCode'] = '104'
            response.error['errorMsg'] = "No authority."
            return jsonify(response.__dict__)
    else:
        response = ErrorResponse()
        response.error['errorCode'] = '105'
        response.error['errorMsg'] = 'cid does not exist.'
        return jsonify(response.__dict__)

    # deletion
    sql = "DELETE FROM comments WHERE cid = '{}'" \
        .format(cid)
    if VERBOSE:
        print("delete post" + sql)
    query_mod(sql, DB)
    response = PostList()
    response.data['cid'] = cid
    return jsonify(response.__dict__)
Example #4
0
def post_delete():
    post_by = request.headers.get('userid')
    post_id = request.form.get('pid')
    # Check if requested post exists
    sql = "SELECT * FROM posts WHERE pid='{}'".format(post_id)
    if VERBOSE:
        print("delete post pid check" + sql)
    check = query_fetch(sql, DB)
    if check is None:
        response = ErrorResponse()
        response.error['errorCode'] = '105'
        response.error['errorMsg'] = 'post does not exist'
        return jsonify(response.__dict__)
    # Check if user have authorization to delete
    sql = "SELECT authorid FROM posts WHERE pid='{}'".format(post_id)
    if VERBOSE:
        print("delete post authorization check" + sql)
    indicator = query_fetch(sql, DB)
    # Authorid and userid matchs and have authority to delete post
    if indicator['authorid'] == int(post_by):
        # Delete the post
        sql = "DELETE FROM posts WHERE authorid = '{}' AND pid = '{}'"\
            .format(post_by, post_id)
        if VERBOSE:
            print("delete post" + sql)
        query_mod(sql, DB)
        response = PostList()
        response.data['pid'] = post_id
    # No authority to delete post
    else:
        response = ErrorResponse()
        response.error['errorCode'] = '104'
        response.error['errorMsg'] = 'No authority.'
    return jsonify(response.__dict__)
Example #5
0
def login():
    user_email = request.form.get('email')
    user_pass = request.form.get('passwdtoken')
    if VERBOSE:
        print(user_email, user_pass)

    # user must finish all verifications to login
    sql = 'SELECT user_key FROM users WHERE user_email = "{}"'.format(
        user_email)
    key = query_fetch(sql, DB)
    if key is None:
        return jsonify(
            dict(state=False,
                 error={
                     'errorCode': LOGIN_ERR,
                     'errorMsg': 'User does not exist.'
                 },
                 timestamp=int(time())))
    elif key['user_key'] is not None:
        return jsonify(
            dict(state=False,
                 error={
                     'errorCode': VERIFY_ERR,
                     'errorMsg': 'Verification has not been finished.'
                 },
                 timestamp=int(time())))

    # user chooses to login by email
    if user_pass == "NYUSHer_by_email_login":
        return login_by_email(user_email)

    # Check of the input email and token match database
    sql = 'SELECT user_id FROM users WHERE user_email = "{}" and user_pass = "******"'.format(
        user_email, user_pass)
    indicator = query_fetch(sql, DB)
    if VERBOSE:
        print(indicator)

    # Login Success
    if indicator:
        response = SuccessResponse()
        response.data['userid'] = indicator['user_id']
        token = uuid.uuid4()  # generate token
        response.data['token'] = token

        # Insert generated token to database
        sql = "UPDATE users SET user_tokens = '{}' WHERE user_id = {} ".format(
            token, indicator['user_id'])
        query_mod(sql, DB)
    # Login Fail
    else:
        response = ErrorResponse()
        response.error['errorCode'] = LOGIN_ERR
        response.error['errorMsg'] = "Password is incorrect"
    return jsonify(response.__dict__)
Example #6
0
def verify(key=None):
    if key is None:
        abort(404)
    sql = "SELECT user_key FROM users WHERE user_key = '{}' ".format(key)
    indicator = query_fetch(sql, DB)
    if indicator:
        sql = "UPDATE users SET user_key = null WHERE user_key = '{}' ".format(
            key)
        query_mod(sql, DB)
        return render_template('verification-success.html')
    else:
        return render_template('URL-expired.html')
Example #7
0
def register():
    user_email = request.form.get('email')
    user_name = request.form.get('username')
    user_pass = request.form.get('passwdtoken')

    sql = 'SELECT user_id FROM users WHERE user_email = "{}"'.format(
        user_email)
    indicator = query_fetch(sql, DB)

    # Invalid (user exists)
    if indicator:
        response = ErrorResponse()
        response.error['errorCode'] = REG_ERR
        response.error['errorMsg'] = "User already exists"

    # Valid (user doesn't exist)
    else:
        response = SuccessResponse()
        user_token = uuid.uuid4()
        key = uuid.uuid4()
        sql = "INSERT INTO users(user_name, user_email, user_pass, user_tokens, user_key) VALUES ('{}', '{}', '{}', '{}', '{}')"\
            .format(user_name, user_email, user_pass, user_token, key)
        if VERBOSE:
            print("insert query:" + sql)
        query_mod(sql, DB)

        sql = "SELECT user_id FROM users WHERE user_name = '{}'".format(
            user_name)
        if VERBOSE:
            print("get userid query:" + sql)
        user_id = query_fetch(sql, DB)

        response.data['userid'] = user_id['user_id']
        response.data['email'] = user_email
        response.data['username'] = user_name
        response.data['token'] = user_token

        # send email in this block
        verify_url = PROTOCOL + DOMAIN + ':' + str(PORT) + url_for(
            'auth.verify', key=key)
        params = dict(USER=user_name, USER_EMAIL=user_email, URL=verify_url)
        print(verify_url)
        msg = Message('NYUSHer: Verify Your Email',
                      sender='*****@*****.**',
                      recipients=[user_email])
        msg.html = render_template('email-verification.html', **params)
        send_mail(msg)
    if VERBOSE:
        print(response)
    return jsonify(response.__dict__)
Example #8
0
def set_info():
    user_id = request.headers.get('userid')
    # PAIN IN THE ASS! column name in database does not match api name!! We should fix it someday.
    params = ['username', 'imageuri', 'motto', 'passwdtoken']
    column_names = ['user_name', 'user_avatar', 'user_motto',
                    'user_pass']  # matching column name
    info_2_set = {}
    for i in range(len(params)):
        data = request.form.get(params[i])
        if data is not None:
            info_2_set[column_names[i]] = data
    if VERBOSE:
        print(info_2_set)
    for param in info_2_set.keys():
        if param == 'user_pass':
            key = uuid.uuid4()
            sql = "UPDATE users SET user_key = '{}' WHERE user_id = {} " \
                .format(key, user_id)
            query_mod(sql, DB)

            # send email in this block
            sql = 'SELECT user_email, user_name FROM users WHERE user_id = "{}"'.format(
                user_id)
            info = query_fetch(sql, DB)
            user_name = info['user_name']
            user_email = info['user_email']
            verify_url = PROTOCOL + DOMAIN + ':' + str(PORT) + url_for(
                'auth.verify', key=key)
            params = dict(USER=user_name, URL=verify_url)
            if VERBOSE:
                print(verify_url)
            msg = Message('NYUSHer: Verify Your Password Change',
                          sender='*****@*****.**',
                          recipients=[user_email])
            msg.html = render_template('password-verification.html', **params)
            send_mail(msg)

        sql = "UPDATE users SET {} = '{}' WHERE user_id = {} " \
            .format(param, info_2_set[param], user_id)
        if VERBOSE:
            print(sql)
        query_mod(sql, DB)

    return get_info()
Example #9
0
def edit_a_comment(cid=None):
    uid  = int(request.headers.get('userid'))
    content = replace(request.form.get('content')) # could be a problem
    sql = "SELECT uid FROM comments WHERE cid = '{}'" .format(cid)
    indicator = query_fetch(sql, DB)
    # authentication
    if indicator:
        if uid != indicator['uid']:
            response = ErrorResponse()
            response.error['errorCode'] = '104'
            response.error['errorMsg'] = "No authority."
            return jsonify(response.__dict__)
    else:
        response = ErrorResponse()
        response.error['errorCode'] = '105'
        response.error['errorMsg'] = 'cid does not exist.'
        return jsonify(response.__dict__)

    # modification
    if content.strip() == '':
        # No empty content
        response = ErrorResponse()
        response.error['errorCode'] = '108'
        response.error['errorMsg'] = 'content cannot be empty.'
    sql = "UPDATE comments SET content='{}', timestamp = (CURRENT_TIMESTAMP) WHERE cid='{}'" \
        .format(content, cid)
    if VERBOSE:
        print(sql)
    query_mod(sql, DB)

    # get the changed comment
    sql = "SELECT * FROM comments WHERE cid = '{}'" .format(cid)
    if VERBOSE:
        print("get post_id query:" + sql)
    indicator = query_fetch(sql, DB)
    response = PostList()
    if indicator:
        response.data = indicator
    else:
        response = ErrorResponse()
        response.error['errorCode'] = '106'
        response.error['errorMsg'] = 'Somehow comment is not posted.'
    return jsonify(response.__dict__)
Example #10
0
def post_submit():
    post_title = replace(request.form.get('title'))
    post_category = replace(request.form.get('category'))
    post_tags = replace(request.form.get('tags'))
    post_content = replace(request.form.get('content'))
    post_by = request.headers.get('userid')
    if VERBOSE:
        print(post_title, post_category, post_tags, post_content, post_by)

    # No empty title
    if post_title == "":
        response = ErrorResponse()
        response.error['errorCode'] = '108'
        response.error['errorMsg'] = 'title cannot be empty'
        return jsonify(response.__dict__)

    # No empty content
    elif post_content == "":
        response = ErrorResponse()
        response.error['errorCode'] = '108'
        response.error['errorMsg'] = 'content cannot be empty'
        return jsonify(response.__dict__)

    # Modify Existing Post
    elif request.form.get('pid') is not None and request.form.get(
            'pid').isdigit():
        post_id = request.form.get('pid')
        # Check if user_id and post_by matches
        sql = "SELECT authorid FROM posts WHERE pid = '{}'".format(post_id)
        if VERBOSE:
            print(sql)
        indicator = query_fetch(sql, DB)
        user_id = request.headers.get('userid')
        response = PostList()
        if indicator['authorid'] == int(user_id):
            sql = "UPDATE posts SET title='{}', category='{}', tags='{}', content='{}', timestamp = (CURRENT_TIMESTAMP) WHERE pid='{}'"\
                .format(post_title, post_category, post_tags, post_content, post_id)
            if VERBOSE:
                print(sql)
            query_mod(sql, DB)
            response.data['pid'] = post_id
    # New Post
    elif request.form.get('pid') is None:
        sql = "INSERT INTO posts(title, content, tags, category, authorid) VALUES ('{}', '{}', '{}', '{}', '{}')" \
            .format(post_title, post_content, post_tags, post_category, post_by)

        if VERBOSE:
            print("insert query:" + sql)
        query_mod(sql, DB)

        # Get the generated post_id
        sql = "SELECT pid FROM posts WHERE category = '{}' AND content = '{}' AND authorid = '{}'" \
            .format(post_category, post_content, post_by)
        if VERBOSE:
            print("get post_id query:" + sql)
        indicator = query_fetch(sql, DB)
        response = PostList()
        if indicator:
            response.data['pid'] = indicator['pid']
    else:
        response = ErrorResponse()
        response.error['errorCode'] = '106'
        response.error['errorMsg'] = 'How did you wind up here??'
    return jsonify(response.__dict__)