def upload_image(username):
if request.method == 'POST':
db = get_db()
if 'file' not in request.files:
flash('No file part')
return redirect(request.url)
file = request.files['file']
# if user does not select file, browser also
# submit a empty part without filename
if file.filename == '':
flash('No selected file')
return redirect(request.url)
if file:
filename = secure_filename(file.filename)
file.save(
os.path.join(current_app.config['UPLOAD_FOLDER'], filename))
user = db.execute('SELECT * FROM user WHERE user.username = ?',
(username, )).fetchone()
db.execute(
'INSERT INTO image (profile_id, image_url, image_type)'
' VALUES (?, ?, ?)', (user['id'], filename, 'profile'))
db.commit()
return redirect(
url_for('profile.profile',
user=user,
username=user['username']))
return render_template('profile/upload_image.html')
def app():
db_fd, db_path = tempfile.mkstemp()
app = create_app({
'TESTING': True,
'DATABASE': db_path,
})
with app.app_context():
init_db()
get_db().executescript(_data_sql)
yield app
os.close(db_fd)
os.unlink(db_path)
def update_information(username):
db = get_db()
user = db.execute('SELECT * FROM user WHERE user.username = ?',
(username, )).fetchone()
if request.method == 'POST':
last_name = request.form['last_name']
first_name = request.form['first_name']
email = request.form['email']
gender = request.form['gender']
sexual_pref = request.form['sex_pref']
bio = request.form['bio']
tags = request.form['tags']
db.execute(
'UPDATE user'
' SET last_name = ?,'
' first_name = ?,'
' email = ?,'
' gender = ?,'
' sexual_pref = ?,'
' biography = ?,'
' interest_tags = ?'
' WHERE username = ?', (
last_name,
first_name,
email,
gender,
sexual_pref,
bio,
tags,
username,
))
db.commit()
return render_template('profile/update_information.html', user=user)
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute('SELECT * from user WHERE username = ?',
(username, )).fetchone()
if user is None:
error = 'Incorrect username.'
elif not check_password_hash(user['password'], password):
error = 'Incorrect password.'
if error is None:
session.clear()
session['user_id'] = user['id']
return redirect(
url_for('profile.profile',
username=user['username'],
user=user))
flash(error)
return render_template('auth/login.html')
def load_logged_in_user():
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_db().execute('SELECT * from user WHERE id = ?',
(user_id, )).fetchone()
def confirm_email(token):
try:
email = confirm_token(token)
except:
flash('The confirmation link is invalid or has expired.', 'danger')
user = get_db().execute('SELECT * FROM user WHERE email = ?',
(email, )).fetchone()
if user['confirmed']:
flash('Account already confirmed. Please login.', 'success')
else:
db = get_db()
db.execute('UPDATE user'
' SET confirmed=True'
' WHERE email = ?', (email, ))
db.commit()
flash('You have confirmed your account. Thanks!', 'success')
return render_template('auth/login.html')
def test_register(client, app):
assert client.get('/auth/register').status_code == 200
response = client.post(
'/auth/register',
data={'username': '******', 'password': '******', 'email': 'a','last_name': 'a', 'first_name': 'a'}
)
assert 'http://localhost/auth/login' == response.headers['Location']
with app.app_context():
assert get_db().execute(
"select * from user where username = '******'",
).fetchone() is not None
def profile(username):
error = None
if request.method == 'POST':
pass
db = get_db()
user = db.execute('SELECT * FROM user WHERE user.username = ?',
(username, )).fetchone()
images = db.execute('SELECT * FROM image WHERE image.profile_id = ?',
(user['id'], )).fetchall()
if user is None:
error = 'User doesn\'t exist'
if error is not None:
flash(error)
return render_template('profile/profile.html', user=user, images=images)
def register():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
email = request.form['email']
last_name = request.form['last_name']
first_name = request.form['first_name']
db = get_db()
error = None
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
elif not email:
error = 'Email is required.'
elif not last_name:
error = 'Last name is required.'
elif not first_name:
error = 'First name is required.'
elif db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is not None:
error = 'User {} is already registered.'.format(username)
if error is None:
db.execute(
'INSERT INTO user (username, password, email, last_name, first_name, registered_on, admin, confirmed)'
' VALUES (?, ?, ?, ?, ?, ?, ?, ?)',
(username, generate_password_hash(password), email, last_name,
first_name, datetime.datetime.now(), False, False))
db.commit()
token = generate_confirmation_token(email)
confirm_url = url_for('auth.confirm_email',
token=token,
_external=True)
html = render_template('confirm.html', confirm_url=confirm_url)
subject = 'Please confirm your email'
send_email(email, subject, html)
flash('A confirmation email has been sent via email.', 'success')
return redirect(url_for('auth.login'))
flash(error)
return render_template('auth/register.html')