def deleteBook(book_id):
# If the deleteBook page is accessed by an unauthorized user
# redirect them to the login page
if 'email' not in login_session:
flash('Sorry, you must be logged in to add a book')
return redirect(url_for('login'))
user = is_user()
user_id = db_updates.get_user_id(login_session['email'])
genres = db_updates.get_all('genres')
delete_book = db_updates.get_one('book', book_id)
if delete_book.user_id != user_id:
error = "Sorry, you're not authorized to delete this book"
return render_template('delete.html',
book=delete_book,
genres=genres,
user=user,
error=error)
if request.method == 'POST':
db_updates.delete_book(delete_book)
return redirect(url_for('showGenres'))
else:
return render_template('delete.html',
book=delete_book,
genres=genres,
user=user)
def createBook():
# If the addbook page is accessed by an unauthorized user
# redirect them to the login page.
if 'email' not in login_session:
flash('Sorry, you must be logged in to add a book')
return redirect(url_for('login'))
user = is_user()
user_id = db_updates.get_user_id(login_session['email'])
new_book = None
genres = db_updates.get_all('genres')
if request.method == 'POST':
title = request.form['title']
summary = request.form['summary']
author_input = request.form['author']
genre = request.form['genres']
photo = request.form['photo']
current_genre = filter(lambda g: g.genre == genre, genres)
current_genre_id = current_genre[0].id
if title and summary and author_input and genre:
# Check if the book already exists in the DB.
try:
added_book = session.query(Books).filter_by(title=title).one()
error = "Sorry, " + added_book.title + " has already been added!"
return render_template('addBook.html',
genres=genres,
user=user,
error=error)
# If the book doesn't exist add it to the DB.
except:
try:
new_book = db_updates.add_book(title, summary,
current_genre_id,
author_input, user_id,
photo)
except:
flash('Sorry, something went wrong...')
redirect(url_for('createBook'))
# If successfull, redirect to the book description page.
flash(new_book.title + ' Successfully Added!')
return redirect(url_for('showBook', book_id=new_book.id))
else:
error = "Please enter all required fields"
return render_template('addBook.html',
genres=genres,
user=user,
error=error)
else:
return render_template('addBook.html', genres=genres, user=user)
def editBook(book_id):
# If the editBook page is accessed by an unauthorized user
# redirect them to the login page.
if 'email' not in login_session:
flash('Sorry, you must be logged in to add a book')
return redirect(url_for('login'))
user = is_user()
user_id = db_updates.get_user_id(login_session['email'])
genres = db_updates.get_all('genres')
edit_book = db_updates.get_one('book', book_id)
if edit_book.user_id != user_id:
error = "Sorry, you're not authorized to edit this book"
return render_template('edit.html',
book=edit_book,
genres=genres,
user=user,
error=error)
if request.method == 'POST':
if request.form['newTitle']:
edit_book.title = request.form['newTitle']
if request.form['newSummary']:
edit_book.summary = request.form['newSummary']
if request.form['newAuthor']:
try:
edit_book.author.name = request.form['newAuthor']
except:
author_id = db_updates.add_author(request.form['newAuthor'])
edit_book.author_id = author_id
session.commit()
return redirect(url_for('showBook', book_id=edit_book.id))
else:
return render_template('edit.html',
book=edit_book,
genres=genres,
user=user)
def fbConnect():
# Validate the login_session
if not request.args.get('state') == login_session['state']:
return make_response_error('Invalid State Paramenter')
access_token = request.data
app_id = FB_CLIENT_SECRET_FILE["web"]["app_id"]
app_secret = FB_CLIENT_SECRET_FILE["web"]["app_secret"]
# Get client credentials to verify users
url = "https://graph.facebook.com/oauth/access_token?client_id=%s&client_secret=%s&grant_type=client_credentials" % (
app_id, app_secret)
h = httplib2.Http()
app_access_data = h.request(url, 'GET')
app_access_token = app_access_data[1].split('=')[1]
# Check that the response returned an access token
if app_access_data[0]['status'] != '200':
return make_response_error('Could Not Obtain Access Token', 401)
# Use client credentials (app_token) and the access
# token from the AJAX request to verify the user.
url = "https://graph.facebook.com/debug_token?input_token=%s&access_token=%s" % (
access_token, app_access_token)
h = httplib2.Http()
inspection_data = h.request(url, 'GET')
# If the user is validated, proceed to token exchange
if not json.loads(inspection_data[1])['data']['is_valid']:
return make_response_error('User Could Not Be Validated', 401)
else:
url = 'https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id=%s&client_secret=%s&fb_exchange_token=%s' % (
app_id, app_secret, access_token)
h = httplib2.Http()
result = h.request(url, 'GET')
# If the exchange was successful, use the access
# token to make api calls on behalf of the user
if result[0]['status'] != '200':
return make_response_error('Token Exchange Failed', 401)
else:
fb_token = result[1].split('&')[0]
login_session['access_token'] = fb_token
# User info api call
url = "https://graph.facebook.com/v2.4/me?%s&fields=name,id,email" % fb_token
user_info_response = h.request(url, 'GET')
user_data = json.loads(user_info_response[1])
# User photo api call
url = 'https://graph.facebook.com/v2.4/me/picture?%s&redirect=0&height=200&width=200' % fb_token
h = httplib2.Http()
photo = h.request(url, 'GET')
user_photo = json.loads(photo[1])["data"]["url"]
# If the user does not exist in the DB add them
user_id = db_updates.get_user_id(user_data["email"])
if not user_id:
user_id = db_updates.create_user(user_data["name"],
user_data["email"],
user_photo)
# Update the session (the provider and id are required
# for logout.
login_session['provider'] = 'Facebook'
login_session['fb_id'] = user_id
login_session['name'] = user_data["name"]
login_session['email'] = user_data["email"]
login_session['photo'] = user_photo
# Check if user is already logged in
if (login_session.get('access_token') != None
and login_session.get('f_id') == user_id):
response = make_response(
json.dumps('Current User is Already Logged in.'), 200)
response.headers['Content-Type'] = 'application/json'
flash("It looks like you're already logged in" +
login_session['name'])
else:
return str(user_id)
def gconnect():
if not request.args.get('state') == login_session['state']:
return make_response_error('Invalid state parameter.', 401)
# Code to exchange for access token
auth_code = request.data
# Initiate flow and exchange auth_code
# for access token. If the exchange fails,
# thorw an error
try:
flow = client.flow_from_clientsecrets(
'g_client_secrets.json',
scope='openid email',
redirect_uri='http://localhost:5000')
credentials = flow.step2_exchange(auth_code)
except FlowExchangeError:
return make_response_error('Failed to Obtain Authorization Code.', 401)
# Request user info with the access token and convert the
# response to json.
userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
params = {'access_token': credentials.access_token, 'alt': 'json'}
answer = requests.get(userinfo_url, params=params)
data = answer.json()
# Security and error checks
if data.get('error') is not None:
return make_response_error(data['error']['message'], 401)
if credentials.id_token['sub'] != data['id']:
return make_response_error("Token and User ID Don't Match", 401)
if credentials.client_id != G_CLIENT_ID:
return make_response_error("Token ID and App ID don't match", 401)
# Update the login_session (the access token and provider
# are required for logout).
login_session['provider'] = 'Google'
login_session['access_token'] = credentials.access_token
login_session['g_id'] = data['id']
login_session['name'] = data['name']
login_session['email'] = data['email']
login_session['google_id'] = data['id']
login_session['picture'] = data['picture']
# Check if user is already logged in
if (login_session.get('access_token') != None
and login_session.get('g_id') == credentials.id_token['sub']):
response = make_response(
json.dumps('Current User is Already Logged In.'), 200)
response.headers['Content-Type'] = 'application/json'
flash("It looks like you're already logged in" + login_session['name'])
return redirect(url_for('showGenres'))
# Check if the user exists and if not add
# them to the database.
user_id = db_updates.get_user_id(login_session['email'])
if not user_id:
user_id = db_updates.create_user(login_session['username'],
login_session['email'],
login_session['picture'])
login_session['user_id'] = user_id
return "SUCCESS!!!"