def create(cls, title, text, created, creator):
topic = cls(title=title, text=text, created=created, creator=creator)
db.add(topic)
db.commit()
return topic
def signup():
# displays the signup page
if request.method == "GET":
return render_template("signup.html")
else:
# Get the new user information.
name = request.form.get("user-name")
email = request.form.get("user-email")
password = request.form.get("signup-password")
password2 = request.form.get("signup-password2")
# Do the two passwords match?
if password != password2:
return "The Passwords Do Not Match. Please try again."
else:
# if the passwords match, create a new user, put it in the db.
hashed_password = hashlib.sha256(password.encode()).hexdigest()
session_token = str(uuid.uuid4())
active = 1
user = User(name=name,
email=email,
password_hash=hashed_password,
session_token=session_token,
active=active)
db.add(user)
db.commit()
response = make_response(redirect(url_for('index')))
response.set_cookie("session_token",
session_token,
httponly=True,
samesite='Strict')
return response
def login():
# display the index page to allow login credentials.
if request.method == "GET":
return render_template("index.html")
# enter the login credentials
else:
email = request.form.get("user-email")
password = request.form.get("login-password")
hashed_password = hashlib.sha256(password.encode()).hexdigest()
# define the user
user = db.query(User).filter_by(email=email).first()
# if no user, then haven't signed up.
if not user:
return render_template("signup.html")
else:
# if there is a user, checking on correct password
if hashed_password != user.password_hash:
return "Incorrect Password. Please Try Again"
# is the user active? If so, proceed, if not, back to signup.
elif user.active == 1:
# if active, create session_token and commit to the database
session_token = str(uuid.uuid4())
user.session_token = session_token
db.add(user)
db.commit()
response = make_response(redirect(url_for('index')))
response.set_cookie("session_token",
session_token,
httponly=True,
samesite='Strict')
return response
def create(cls, text, created, author, topic):
comment = cls(text=text, created=created, author=author, topic=topic)
db.add(comment)
db.commit()
return comment
def topic_edit(topic_id):
# get the topic that is to be edited
topic = db.query(Topic).get(int(topic_id))
# Only allow the creator of the Topic to edit it.
user = get_user()
if user.name == topic.creator.name:
# display the topic to be edited
if request.method == "GET":
return render_template("topic_edit.html", topic=topic)
# get the edited topic details and post it
else:
topic.title = request.form.get("new-topic-title")
topic.text = request.form.get("new-topic-text")
db.commit()
return redirect(url_for('all_topics'))
else:
return "You are not the author of this topic. Edit is not allowed."