def list():
account = load_account()
if account is None:
flash(
'We now support accounts! Register for an account and your current favorites will automatically be added to your account.'
)
return redirect(url_for('account.get_login'))
props = {'currentPage': 'favorites'}
base = request.args.to_dict()
base.pop('o', None)
favorites = []
fave_type = get_value(request.args, 'type', 'artist')
if fave_type == 'post':
favorites = get_favorite_posts(account['id'])
sort_field = restrict_value(get_value(request.args, 'sort'),
['faved_seq', 'published'], 'faved_seq')
else:
favorites = get_favorite_artists(account['id'])
sort_field = restrict_value(get_value(request.args, 'sort'),
['faved_seq', 'updated'], 'updated')
offset = parse_int(request.args.get('o'), 0)
sort_asc = True if get_value(request.args, 'order') == 'asc' else False
results = sort_and_filter_favorites(favorites, offset, sort_field,
sort_asc)
props['fave_type'] = fave_type
props['sort_field'] = sort_field
props['sort_asc'] = sort_asc
props['count'] = len(favorites)
props['limit'] = 25
response = make_response(
render_template(
'favorites.html',
props=props,
base=base,
source='account',
results=results,
), 200)
response.headers['Cache-Control'] = 's-maxage=60'
return response
def post_login():
account = load_account()
if account is not None:
return redirect(set_query_parameter(url_for('artists.list'), 'logged_in', 'yes'))
query = request.query_string.decode('utf-8')
if len(query) > 0:
query = '?' + query
username = get_value(request.form, 'username')
password = get_value(request.form, 'password')
success = attempt_login(username, password)
if not success:
return redirect(url_for('account.get_login') + query)
redir = get_value(request.args, 'redir')
if redir is not None:
return redirect(set_query_parameter(redir, 'logged_in', 'yes'))
return redirect(set_query_parameter(url_for('artists.list'), 'logged_in', 'yes'))
def list_account_favorites():
account = load_account()
favorites = []
fave_type = get_value(request.args, 'type', 'artist')
if fave_type == 'post':
favorites = get_favorite_posts(account['id'])
else:
favorites = get_favorite_artists(account['id'])
results = favorites
response = make_response(jsonify(results), 200)
response.headers['Cache-Control'] = 's-maxage=60'
return response
def attempt_login(username, password):
if username is None or password is None:
return False
account_info = get_login_info_for_username(username)
if account_info is None:
flash('Username or password is incorrect')
return False
if get_value(current_app.config,
'ENABLE_LOGIN_RATE_LIMITING') and is_login_rate_limited(
account_info['id']):
flash('You\'re doing that too much. Try again in a little bit.')
return False
if bcrypt.checkpw(get_base_password_hash(password),
account_info['password_hash'].encode('utf-8')):
account = load_account(account_info['id'], True)
session['account_id'] = account['id']
return True
flash('Username or password is incorrect')
return False
def get_artist_last_updated(service, artist_id, reload=False):
redis = get_conn()
key = 'artist_last_updated:' + service + ':' + str(artist_id)
last_updated = redis.get(key)
if last_updated is None or reload:
lock = KemonoRedisLock(redis, key, expire=60, auto_renewal=True)
if lock.acquire(blocking=False):
cursor = get_cursor()
query = 'SELECT max(added) as max FROM posts WHERE service = %s AND "user" = %s'
cursor.execute(query, (service, artist_id,))
last_updated = cursor.fetchone()
if get_value(last_updated, 'max') is not None:
last_updated = last_updated['max']
else:
last_updated = datetime.min
redis.set(key, last_updated.isoformat(), ex=600)
lock.release()
else:
time.sleep(0.1)
get_artist_last_updated(service, artist_id, reload=reload)
else:
last_updated = dateutil.parser.parse(last_updated)
return last_updated
def post_register():
props = {
'query_string': ''
}
query = request.query_string.decode('utf-8')
if len(query) > 0:
props['query_string'] = '?' + query
username = get_value(request.form, 'username')
password = get_value(request.form, 'password')
favorites_json = get_value(request.form, 'favorites', '[]')
confirm_password = get_value(request.form, 'confirm_password')
favorites = []
if favorites_json != '':
favorites = json.loads(favorites_json)
errors = False
if username.strip() == '':
flash('Username cannot be empty')
errors = True
if password.strip() == '':
flash('Password cannot be empty')
errors = True
if password != confirm_password:
flash('Passwords do not match')
errors = True
if is_username_taken(username):
flash('Username already taken')
errors = True
if get_value(current_app.config, 'ENABLE_PASSWORD_VALIDATOR') and is_password_compromised(password):
flash('We\'ve detected that password was compromised in a data breach on another site. Please choose a different password.')
errors = True
if not errors:
success = create_account(username, password, favorites)
if not success:
flash('Username already taken')
errors = True
if not errors:
account = attempt_login(username, password)
if account is None:
current_app.logger.warning("Error logging into account immediately after creation")
flash('Account created successfully.')
redir = get_value(request.args, 'redir')
if redir is not None:
return redirect(redir)
return redirect(url_for('artists.list', logged_in='yes'))
return make_response(render_template(
'account/register.html',
props = props
), 200)