Esempi in Python per get_user_id

Esempio n. 1

File: application.py Progetto: carrn7k/Book-Catalog

def deleteBook(book_id):

    # If the deleteBook page is accessed by an unauthorized user
    # redirect them to the login page
    if 'email' not in login_session:
        flash('Sorry, you must be logged in to add a book')
        return redirect(url_for('login'))

    user = is_user()
    user_id = db_updates.get_user_id(login_session['email'])

    genres = db_updates.get_all('genres')
    delete_book = db_updates.get_one('book', book_id)

    if delete_book.user_id != user_id:
        error = "Sorry, you're not authorized to delete this book"
        return render_template('delete.html',
                               book=delete_book,
                               genres=genres,
                               user=user,
                               error=error)
    if request.method == 'POST':
        db_updates.delete_book(delete_book)
        return redirect(url_for('showGenres'))
    else:
        return render_template('delete.html',
                               book=delete_book,
                               genres=genres,
                               user=user)

Esempio n. 2

File: application.py Progetto: carrn7k/Book-Catalog

def createBook():

    # If the addbook page is accessed by an unauthorized user
    # redirect them to the login page.
    if 'email' not in login_session:
        flash('Sorry, you must be logged in to add a book')
        return redirect(url_for('login'))

    user = is_user()

    user_id = db_updates.get_user_id(login_session['email'])

    new_book = None
    genres = db_updates.get_all('genres')

    if request.method == 'POST':
        title = request.form['title']
        summary = request.form['summary']
        author_input = request.form['author']
        genre = request.form['genres']
        photo = request.form['photo']

        current_genre = filter(lambda g: g.genre == genre, genres)
        current_genre_id = current_genre[0].id

        if title and summary and author_input and genre:

            # Check if the book already exists in the DB.
            try:
                added_book = session.query(Books).filter_by(title=title).one()
                error = "Sorry, " + added_book.title + " has already been added!"
                return render_template('addBook.html',
                                       genres=genres,
                                       user=user,
                                       error=error)
            # If the book doesn't exist add it to the DB.
            except:
                try:
                    new_book = db_updates.add_book(title, summary,
                                                   current_genre_id,
                                                   author_input, user_id,
                                                   photo)
                except:
                    flash('Sorry, something went wrong...')
                    redirect(url_for('createBook'))

                # If successfull, redirect to the book description page.
                flash(new_book.title + ' Successfully Added!')
                return redirect(url_for('showBook', book_id=new_book.id))
        else:
            error = "Please enter all required fields"
            return render_template('addBook.html',
                                   genres=genres,
                                   user=user,
                                   error=error)
    else:
        return render_template('addBook.html', genres=genres, user=user)

Esempio n. 3

File: application.py Progetto: carrn7k/Book-Catalog

def editBook(book_id):

    # If the editBook page is accessed by an unauthorized user
    # redirect them to the login page.
    if 'email' not in login_session:
        flash('Sorry, you must be logged in to add a book')
        return redirect(url_for('login'))

    user = is_user()
    user_id = db_updates.get_user_id(login_session['email'])

    genres = db_updates.get_all('genres')
    edit_book = db_updates.get_one('book', book_id)

    if edit_book.user_id != user_id:
        error = "Sorry, you're not authorized to edit this book"
        return render_template('edit.html',
                               book=edit_book,
                               genres=genres,
                               user=user,
                               error=error)

    if request.method == 'POST':

        if request.form['newTitle']:
            edit_book.title = request.form['newTitle']
        if request.form['newSummary']:
            edit_book.summary = request.form['newSummary']
        if request.form['newAuthor']:
            try:
                edit_book.author.name = request.form['newAuthor']
            except:
                author_id = db_updates.add_author(request.form['newAuthor'])
                edit_book.author_id = author_id
        session.commit()
        return redirect(url_for('showBook', book_id=edit_book.id))
    else:
        return render_template('edit.html',
                               book=edit_book,
                               genres=genres,
                               user=user)

Esempio n. 4

File: application.py Progetto: carrn7k/Book-Catalog

def fbConnect():

    # Validate the login_session
    if not request.args.get('state') == login_session['state']:
        return make_response_error('Invalid State Paramenter')

    access_token = request.data

    app_id = FB_CLIENT_SECRET_FILE["web"]["app_id"]
    app_secret = FB_CLIENT_SECRET_FILE["web"]["app_secret"]

    # Get client credentials to verify users
    url = "https://graph.facebook.com/oauth/access_token?client_id=%s&client_secret=%s&grant_type=client_credentials" % (
        app_id, app_secret)
    h = httplib2.Http()
    app_access_data = h.request(url, 'GET')
    app_access_token = app_access_data[1].split('=')[1]

    # Check that the response returned an access token
    if app_access_data[0]['status'] != '200':
        return make_response_error('Could Not Obtain Access Token', 401)

    # Use client credentials (app_token) and the access
    # token from the AJAX request to verify the user.
    url = "https://graph.facebook.com/debug_token?input_token=%s&access_token=%s" % (
        access_token, app_access_token)
    h = httplib2.Http()
    inspection_data = h.request(url, 'GET')

    # If the user is validated, proceed to token exchange
    if not json.loads(inspection_data[1])['data']['is_valid']:
        return make_response_error('User Could Not Be Validated', 401)
    else:
        url = 'https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id=%s&client_secret=%s&fb_exchange_token=%s' % (
            app_id, app_secret, access_token)
        h = httplib2.Http()
        result = h.request(url, 'GET')

        # If the exchange was successful, use the access
        # token to make api calls on behalf of the user
        if result[0]['status'] != '200':
            return make_response_error('Token Exchange Failed', 401)
        else:

            fb_token = result[1].split('&')[0]
            login_session['access_token'] = fb_token

            # User info api call
            url = "https://graph.facebook.com/v2.4/me?%s&fields=name,id,email" % fb_token
            user_info_response = h.request(url, 'GET')
            user_data = json.loads(user_info_response[1])

            # User photo api call
            url = 'https://graph.facebook.com/v2.4/me/picture?%s&redirect=0&height=200&width=200' % fb_token
            h = httplib2.Http()
            photo = h.request(url, 'GET')
            user_photo = json.loads(photo[1])["data"]["url"]

            # If the user does not exist in the DB add them
            user_id = db_updates.get_user_id(user_data["email"])
            if not user_id:
                user_id = db_updates.create_user(user_data["name"],
                                                 user_data["email"],
                                                 user_photo)

            # Update the session (the provider and id are required
            # for logout.
            login_session['provider'] = 'Facebook'
            login_session['fb_id'] = user_id
            login_session['name'] = user_data["name"]
            login_session['email'] = user_data["email"]
            login_session['photo'] = user_photo

            # Check if user is already logged in
            if (login_session.get('access_token') != None
                    and login_session.get('f_id') == user_id):
                response = make_response(
                    json.dumps('Current User is Already Logged in.'), 200)
                response.headers['Content-Type'] = 'application/json'
                flash("It looks like you're already logged in" +
                      login_session['name'])
            else:
                return str(user_id)

Esempio n. 5

File: application.py Progetto: carrn7k/Book-Catalog

def gconnect():

    if not request.args.get('state') == login_session['state']:
        return make_response_error('Invalid state parameter.', 401)

    # Code to exchange for access token
    auth_code = request.data

    # Initiate flow and exchange auth_code
    # for access token. If the exchange fails,
    # thorw an error
    try:
        flow = client.flow_from_clientsecrets(
            'g_client_secrets.json',
            scope='openid email',
            redirect_uri='http://localhost:5000')
        credentials = flow.step2_exchange(auth_code)

    except FlowExchangeError:
        return make_response_error('Failed to Obtain Authorization Code.', 401)

    # Request user info with the access token and convert the
    # response to json.
    userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
    params = {'access_token': credentials.access_token, 'alt': 'json'}
    answer = requests.get(userinfo_url, params=params)
    data = answer.json()

    # Security and error checks
    if data.get('error') is not None:
        return make_response_error(data['error']['message'], 401)

    if credentials.id_token['sub'] != data['id']:
        return make_response_error("Token and User ID Don't Match", 401)

    if credentials.client_id != G_CLIENT_ID:
        return make_response_error("Token ID and App ID don't match", 401)

    # Update the login_session (the access token and provider
    # are required for logout).
    login_session['provider'] = 'Google'
    login_session['access_token'] = credentials.access_token
    login_session['g_id'] = data['id']
    login_session['name'] = data['name']
    login_session['email'] = data['email']
    login_session['google_id'] = data['id']
    login_session['picture'] = data['picture']

    # Check if user is already logged in
    if (login_session.get('access_token') != None
            and login_session.get('g_id') == credentials.id_token['sub']):

        response = make_response(
            json.dumps('Current User is Already Logged In.'), 200)
        response.headers['Content-Type'] = 'application/json'
        flash("It looks like you're already logged in" + login_session['name'])
        return redirect(url_for('showGenres'))

    # Check if the user exists and if not add
    # them to the database.
    user_id = db_updates.get_user_id(login_session['email'])
    if not user_id:
        user_id = db_updates.create_user(login_session['username'],
                                         login_session['email'],
                                         login_session['picture'])
        login_session['user_id'] = user_id

    return "SUCCESS!!!"