def post(self, menu_identifier=None):
if menu_identifier is None or not Menu.isRightIdentifier(menu_identifier):
self.siteError( SiteErrorType.ERROR_MENU_NOT_EXIST )
return
user = self.context['user'].get_current_user()
if not user:
self.redirect( users.create_login_url("/write/"+menu_identifier ) )
remote_addr = self.request.remote_addr
if not remote_addr:
self.siteError( getSiteErrorMessage("invalid_access") )
return
self.context['menu_id'] = Menu.getMenuIdWithIdentifier( menu_identifier )
self.context['menu_label'] = Menu.getLabel( self.context['menu_id'] )
self.context['menu_identifier'] = menu_identifier
if self.context['user'] and User.isUserNeedCaptcha( self.get_current_user() ):
entry_form = EntryRecaptchaForm(remote_addr, data=self.request.POST)
else:
entry_form = EntryForm(data=self.request.POST)
if entry_form.is_valid():
# insert
# check user
User.insertUser(user, remote_addr)
menu_id = self.context['menu_id']
Entry.insert( entry_form.cleaned_data['title'], entry_form.cleaned_data['link'], entry_form.cleaned_data['content'], menu_id, user, remote_addr )
self.redirect("/list/"+Menu.getMenuIdentifier( menu_id) )
else:
self.createCSRFToken()
self.context['entry_form'] = entry_form
self.render( "write.html" )
def get(self, id):
if not self.id_valid(id):
return {'message': 'User not found', 'data': {}}, 404
user_result = get_user(id)
user = User(user_result)
return {'message': 'User', 'data': user.serialize()}, 200
def findUser(self, username):
sql = "SELECT * FROM USERS WHERE NAME = '%s'" % (username)
self.cursor.execute(sql)
result = self.cursor.fetchall()
from models.UserModel import User
user = None
for row in result:
name = row[1]
password = row[2]
charge = row[3]
user = User(name, password)
user.charge = charge
return user
def findAllUsers(self):
users = []
sql = "SELECT * FROM USERS"
self.cursor.execute(sql)
results = self.cursor.fetchall()
for row in results:
name = row[1]
password = row[2]
charge = row[3]
from models.UserModel import User
user = User(name, password)
user.addCharge(charge)
users.append(user)
return users
def get(self, type, site_user_id, cursor=None):
logging.info( type )
if type != "entry" and type != "comment":
self.siteError( SiteErrorType.ERROR_INVALID_ACCESS )
return
if cursor:
cursor = urllib.unquote(cursor).decode('utf-8')
self.context['siteUser'] = User.get_by_id( int( site_user_id ) )
if type == "entry":
query = Entry.all()
query.filter("site_user_id", int( site_user_id) )
query.filter("is_removed", False)
query.order("-created_on")
elif type == "comment":
query = Comment.all()
query.filter("site_user_id", int( site_user_id) )
query.order("-created_on")
logging.info( query.__dict__ )
paging = Paging( query )
paging.setLimit(10)
paging.setCurrentCursor(cursor)
paging.execute()
self.context['paging'] = paging
if type == "entry":
self.render( "admin/entry.html" )
elif type == "comment":
self.render( "admin/comment.html" )
def post(self, entry_index=None):
entry = Entry.get_entry(entry_index)
if not entry or entry.is_removed:
self.siteError( SiteErrorType.ERROR_ENTRY_NOT_EXIST )
return
is_spam = self.request.get('is_spam')
if is_spam:
# block user
siteUser = User.getSiteUser( entry.user )
siteUser.status = UserStatus.USER_BANED
siteUser.put()
site_user_id = siteUser.key().id()
# delete user's comment
Comment.delete_with_user_id(site_user_id)
# delete user's entry
Entry.delete_with_user_id(site_user_id)
#delete comment
for comment in entry.comments:
comment.delete()
Entry.delete_entry(entry_index)
self.redirect( "/admin/entry" )
def wrapper(self, *args, **kw):
user = users.get_current_user()
if user:
siteUser = User.getSiteUser(user)
if siteUser and siteUser.status > UserStatus.USER_NORMAL:
self.redirect("/error/user_banned")
return
func(self, *args, **kw)
def get(self):
user_result = get_users()
users = []
for res in user_result:
users.append(User(res).serialize())
return {'message': 'Success', 'data': users}, 200
def post(self, index=None):
if not self.context['user'].get_current_user():
self.siteError( SiteErrorType.ERROR_INVALID_ACCESS )
return
self.context['index'] = index
entry = Entry.get_entry( index )
if not entry or entry.is_removed:
self.siteError( getSiteErrorMessage("entry_not_exist") )
return
remote_addr = self.request.remote_addr
if not remote_addr:
self.siteError( getSiteErrorMessage("invalid_access") )
return
user = self.context['user'].get_current_user()
User.insertUser(user, remote_addr)
if self.context['user'] and User.isUserNeedCaptcha( self.get_current_user() ):
comment_form = CommentRecaptchaForm(self.request.remote_addr, data = self.request.POST)
else:
comment_form = CommentForm(data = self.request.POST)
if comment_form.is_valid():
comment = Comment.insert(entry, comment_form.cleaned_data['content'], user, remote_addr)
entry.comment_count = entry.comment_count + 1
entry.updated_on = datetime.datetime.now()
entry.put()
PagingCursorMasterKey.clearModelKey("Comment")
self.redirect("/entry/%s#comment%d"%(index, comment.id()))
else:
self.createCSRFToken()
self.context['entry'] = entry
self.context['comment_form'] = comment_form
self.render("view.html")
def register():
if request.method == 'POST':
email = request.json['email']
password = request.json['password']
# check if user with the email exists in the database
user_exists = User.query.filter_by(email = email).first()
if user_exists:
return jsonify({'message': 'user email already exists'}), 404
user = User(email, password, '', '', datetime.timestamp(datetime.now()), datetime.timestamp(datetime.now()))
user.hash_password(password)
db.session.add(user)
db.session.commit()
access_token = create_access_token(identity=user.id, fresh=True)
refresh_token = create_refresh_token(user.id)
return jsonify({'access_token': access_token, 'refresh_token': refresh_token}), 200
def createAccount(self):
userName=self.loginEntry.get()
password=self.passwordEntry.get()
user=User(userName, password)
try:
if(UserController().saveUserToDatabase(user)):
messagebox.showinfo("Message", "ACCOUNT CREATED")
else:
messagebox.showinfo("ERROR", "LOGIN ALREADY TAKEN")
except:
messagebox.showinfo("ERROR","IDK ERR")
def get_token():
request_data = request.get_json()
username = str(request_data['username'])
password = str(request_data['password'])
match = User.username_password_match(username, password)
if match:
expiration_date = datetime.datetime.utcnow() + datetime.timedelta(seconds=300)
token = jwt.encode({'exp': expiration_date}, app.config['SECRET_KEY'], algorithm='HS256')
return token
else:
return Response('', 401, mimetype='application/json')
def registerUser():
try:
user = User(
**{a: request.json[a]
for a in User.attributes() if a != 'id'})
# Checking if user already exists
v.validateUser(User, user.email)
# Hashing the password
user.password = pbkdf2_sha256.hash(user.password)
db.session.add(user)
db.session.commit()
return jsonify({'status': 'success'}, {
'message':
f'Thanks for using Products API, {user.firstName}.Now you\'re registered and can log in'
}), 201
except Exception as e:
return jsonify({'status': 'fail'}, {'message': str(e)}), 404
def createCSRFToken(self):
if not self.context['user'].get_current_user():
return
siteUser = User.getSiteUser( self.context['user'].get_current_user() )
if not siteUser:
siteUser = User.insertUser( self.context['user'].get_current_user(), self.request.remote_addr )
m = hashlib.md5()
# prepare salt
if siteUser.last_write_on:
m.update( siteUser.last_write_on.strftime("%Y/%m/%d %H:%M:%S.%f") )
else:
m.update( siteUser.join_on.strftime("%Y/%m/%d %H:%M:%S.%f") )
m.update( str( siteUser.key().id() ) )
self.context['csrf_token'] = m.hexdigest()
cookies = Cookies( self )
cookies['csrf_token'] = self.context['csrf_token']
def post(self):
user = User()
user.FirstName = self.request.get('firstname')
user.LastName = self.request.get('lastname')
user.Mail = self.request.get('email')
user.Password = str(md5HashSum().valueToHash(self.request.get('password')))
try:
user.put()
except EmailIsAlreadyRegistred,e:
self.response.out.write( 'Email: ' + e.__str__() + ' already registred..')
return;
def get(self, cursor=None):
siteUser = User.getSiteUser( self.context['user'].get_current_user() )
if not siteUser:
siteUser = User.insertUser(self.context['user'].get_current_user(), self.request.remote_addr )
self.context['siteUser'] = siteUser
LIST_NUMS = 10
query = Entry.all()
query.filter("site_user_id", User.getSiteUserId( self.context['user'].get_current_user() ) )
query.filter("is_removed", False )
query.order("-created_on")
paging = Paging( query )
paging.setCurrentCursor( cursor )
paging.setLimit( LIST_NUMS )
paging.execute()
self.context['paging'] = paging
self.render("user.html")
def get(self, cursor=None):
if cursor:
cursor = urllib.unquote(cursor).decode('utf-8')
query = User.all()
query.order("-join_on")
paging = Paging( query )
paging.setLimit(20)
paging.setCurrentCursor(cursor)
paging.execute()
self.context['paging'] = paging
self.render( "admin/user.html" )
def put(self, user_id, title):
if not self.id_valid(user_id):
return {'message': 'User not found', 'data': {}}, 404
user_result = get_user(user_id)
user = User(user_result)
parser = reqparse.RequestParser()
parser.add_argument('title', required=True)
parser.add_argument('comment', required=True)
# Parser arguments into obj
args = parser.parse_args()
note = {
'title': args['title'] + "*" + str(user_id),
'author': f'{user.first_name} {user.last_name}',
'comment': args['comment'],
'expiration': '2020-12-02'
}
updated = PauliusNoteService().update_note(title + "*" + str(user_id),
note)
if updated is None:
return {
'message': 'Unknown error occurred try again later',
'data': args
}, 500
if updated == 202:
new_title = args['title'] + "*" + str(user_id)
old_title = title + "*" + str(user_id)
update_user_note(old_title, new_title)
return {'message': 'Success', 'data': args}, 200
if updated == 409:
return {
'message': 'A note with this title already exists',
'data': args
}, 404
if updated == 404:
return {'message': 'Note not found', 'data': {}}, 404
def get(self, user_id):
if not self.id_valid(user_id):
return {'message': 'User not found', 'data': {}}, 404
notes = PauliusNoteService().get_all_notes()
user_result = get_user(user_id)
user = User(user_result)
user_notes_results = get_user_notes(user_id)
user_notes = []
for note in notes:
for res in user_notes_results:
if note.title == res[2]:
user_notes.append(note)
return {
'message': 'User notes',
'data': UserNotes(user, user_notes).serialize()
}, 200
def get(self):
user_result = get_users()
users = [User(res) for res in user_result]
notes = PauliusNoteService().get_all_notes()
users_notes = []
for user in users:
note_results = get_user_notes(user.id)
# if paulius note title matches with user note table title, then add it to user_notes
user_notes = []
for note in notes:
for res in note_results:
if note.title == res[2]:
user_notes.append(note)
users_notes.append(UserNotes(user, user_notes).serialize())
return {'message': 'Success', 'data': users_notes}, 200
def get(self, index):
entry = Entry.get_entry(index)
if not entry or entry.is_removed:
self.siteError( SiteErrorType.ERROR_ENTRY_NOT_EXIST )
return
if self.context['user'] and User.isUserNeedCaptcha( self.get_current_user() ):
comment_form = CommentRecaptchaForm(self.request.remote_addr)
else:
comment_form = CommentForm()
self.context['comment_form'] = comment_form
self.context['entry'] = entry
if self.context['user']:
self.createCSRFToken()
self.render( "view.html" )
def do_regis(request):
tel = request.form.get("telephone")
un = request.form.get("username")
pwd1 = request.form.get("password1")
pwd2 = request.form.get("password2")
if tel and un and pwd1 and pwd2:
if User.query.filter_by(telephone=tel).first():
return "exit"
else:
if pwd1 == pwd2:
user = User(telephone=tel, username=un, password=pwd1)
try:
db.session.add(user)
db.session.commit()
return "ok"
except Exception as e:
print(e)
db.session.rollback()
return "fall"
else:
return "ns"
else:
return "nf"
def post(self, comment_id=None):
comment_id = int( comment_id )
comment = Comment.get_by_id( comment_id )
if not comment:
self.siteError( SiteErrorType.ERROR_COMMENT_NOT_EXIST )
return
siteUser = User.getSiteUser( comment.user )
Comment.delete_comment(comment)
is_spam = self.request.get('is_spam')
if is_spam:
siteUser.status = UserStatus.USER_BANED
siteUser.put()
site_user_id = siteUser.key().id()
# delete user's comment
Comment.delete_with_user_id(site_user_id)
# delete user's entry
Entry.delete_with_user_id(site_user_id)
self.redirect( '/admin/comment' )
def get(self, menu_identifier=None):
if menu_identifier is None or not Menu.isRightIdentifier(menu_identifier):
self.siteError( SiteErrorType.ERROR_MENU_NOT_EXIST )
return
self.context['menu_id'] = Menu.getMenuIdWithIdentifier( menu_identifier )
self.context['menu_label'] = Menu.getLabel( self.context['menu_id'] )
self.context['menu_identifier'] = menu_identifier
self.createCSRFToken()
if self.context['user'] and User.isUserNeedCaptcha( self.get_current_user() ):
entry_form = EntryRecaptchaForm(self.request.remote_addr)
else:
entry_form = EntryForm()
self.context['entry_form'] = entry_form
self.render( "write.html" )
