def register():
"""Register a new user.
Validates that the username is not already taken. Hashes the
password for security.
"""
db = get_db()
error = None
data = request.get_json()
username = data.get('username', '')
password = data.get('password', '')
if not username:
error = "Username is required."
elif not password:
error = "Password is required."
elif get_user_by_username(db, username) is not None:
error = "User {0} is already registered.".format(username)
if error:
error = json.dumps({"error": error})
return Response(error, status=400, mimetype="application/json")
create_user(db, username, password)
user = get_user_by_username(db, username)
data = {"user_id": user["id"], "username": user["username"]}
data = json.dumps(data)
return Response(data, status=200, mimetype="application/json")
def register():
"""Register a new user.
Validates that the username is not already taken. Hashes the
password for security.
"""
db = get_db()
error = None
json_data = request.get_json()
username = json_data['username']
password = json_data['password']
if not username:
error = "Username is required."
elif not password:
error = "Password is required."
elif get_user_by_username(db, username) is not None:
error = "User {0} is already registered.".format(username)
if error is None:
create_user(db, username, password)
user = get_user_by_username(db, username)
register = {"user_id": user['id'], "username": user['username']}
data = json.dumps(register)
return Response(data, status=200)
error = json.dumps({'error': error})
return Response(error, status=400)
def verify_password(username, password):
db = get_db()
user = get_user_by_username(db, username)
if user is None:
return False
return check_password_hash(user['password'], password)
def register():
"""Register a new user.
Validates that the username is not already taken. Hashes the
password for security.
"""
if request.method == "POST":
db = get_db()
error = None
json = request.get_json()
username = json['username']
password = json['password']
if not username:
error = "Username is required."
elif not password:
error = "Password is required."
elif get_user_by_username(db, username) is not None:
error = "User {0} is already registered.".format(username)
if not error:
create_user(db, username, password)
return Response("200 user was created", status=200)
return Response("400 %s" % error, status=400)
return Response("405 need POST method", status=405)
def check_comment(id, check_author=True):
"""Get a comment, its author and post by id.
Checks that the id exists and optionally that the current user is
the author.
:param id: id of comment to get
:param check_author: require the current user to be the author
:return: the comment with author and post information
:raise 404: if a comment with the given id doesn't exist
:raise 403: if the current user isn't the author
"""
comment = get_comment(get_db(), id)
if comment is None:
abort(404, "Comment id {0} doesn't exist.".format(id))
username = auth.username()
user = get_user_by_username(get_db(), username)
if not user:
abort(403)
if check_author and comment["author_id"] != user["id"]:
abort(403)
return comment
def register():
"""Register a new user.
Validates that the username is not already taken. Hashes the
password for security.
"""
if request.method == "POST":
db = get_db()
error = None
json = request.get_json()
username = json['username']
password = json['password']
if not username:
error = "Username is required."
elif not password:
error = "Password is required."
elif get_user_by_username(db, username) is not None:
error = "User {0} is already registered.".format(username)
if error is None:
# the name is available, store it in the database and go to
# the login page
create_user(db, username, password)
return redirect(url_for("auth.login"))
flash(error)
# return render_template("auth/register.html")
return jsonify(username=g.user.username, password=g.user.password)
def login():
"""Log in a registered user by adding the user id to the session."""
if request.method == "POST":
db = get_db()
error = None
username = request.form['username']
password = request.form['password']
user = get_user_by_username(db, username)
if user is None:
error = "Incorrect username."
elif not check_password_hash(user["password"], password):
error = "Incorrect password."
if error is None:
# store the user id in a new session and return to the index
session.clear()
session["user_id"] = user["id"]
return redirect(url_for("index"))
flash(error)
return render_template("auth/login.html")
def new_user():
db = get_db()
username = request.json.get('username')
password = request.json.get('password')
if username is None or password is None:
abort(400)
if get_user_by_username(db, username) is not None:
abort(400, 'User with the same username already exists')
create_user(db, username, password)
user = get_user_by_username(db, username)
return jsonify({'username': user['username']}), 201
def verify_password(username, password):
db = get_db()
user = get_user_by_username(db, username)
if user and check_password_hash(user['password'], password):
g.user = user
return True
def verify_password(username, password):
"""returns True if username and password is valid"""
db = get_db()
user = get_user_by_username(db, username)
if user:
return check_password_hash(user['password'], password)
else:
return False
def check_comment(id, check_author=True):
comment = get_comment(get_db(), id)
if comment is None:
abort(404, description=f"Comment id {id} doesn't exist.")
user_id = get_user_by_username(get_db(), auth.username())['id']
if check_author and comment["author_id"] != user_id:
abort(403)
return comment
def check_comment(id, check_author=True):
"""Get a comment and its author by id.
Checks that the id exists and optionally that the current user is
the author.
"""
db = get_db()
comment = get_comment(db, id)
if not comment:
abort(404, "Comment id {0} doesn't exist.".format(id))
if check_author:
if get_user_by_username(db,
comment['username']) != get_user_by_username(
db, auth.username()):
abort(403)
return comment
def create(post_id):
"""Create a new comment"""
json = request.get_json()
if json.get('text'):
text = json['text']
user_id = get_user_by_username(get_db(), auth.username())['id']
create_comment(get_db(), post_id, user_id, text)
return Response("Success: comment was created", 200)
abort(400, description='Error: Text and body is required')
def create():
"""Create a new post for the current user."""
json = request.get_json()
if json.get('title') and json.get('body'):
title, body = json['title'], json['body']
user_id = get_user_by_username(get_db(), auth.username())['id']
create_post(get_db(), title, body, user_id)
return Response("Success: post was created", 200)
abort(400, description='Error: Title and body is required')
def create():
"""Create a new comment for the current user."""
if request.method == "POST":
error = None
db = get_db()
json_data = request.get_json()
body = json_data['body']
user = get_user_by_username(db, request.authorization['username'])
create_comment(db, body, user['id'])
return Response("Comment successfully created", status=200)
return Response("Method is not POST",status=401)
def register():
"""Register a new user"""
json = request.get_json()
if json.get('username') and json.get('password'):
username, password = json['username'], json['password']
if get_user_by_username(get_db(), username) is not None:
abort(409, description=f"User {username} is already registered.")
create_user(get_db(), username, password)
return Response("Success: user was registered", 200)
abort(400, description="Error: Username and Password is required.")
def create(post_id: int):
"""Create a new comment for the current user."""
if request.method == "POST":
json_data = request.get_json()
author_id = get_user_by_username(get_db(), auth.username())['id']
if check_attrs_in_json(json_data, 'body'):
body = json_data['body']
create_comment(get_db(), body, author_id, post_id)
return Response("comment was added", status=200)
else:
error = 'incorrect json'
flash(error)
return Response('%s' % error, status=400)
return Response("need POST method", status=405)
def check_comment(id, check_author=True):
"""Get a post and its author by id.
Checks that the id exists and optionally that the current user is
the author.
:param id: id of post to get
:param check_author: require the current user to be the author
:return: the post with author information
:raise 404: if a post with the given id doesn't exist
:raise 403: if the current user isn't the author
"""
comment = get_comment(get_db(), id)
if comment is None:
abort(404, "Comment id {0} doesn't exist.".format(id))
user = get_user_by_username(db, request.authorization['username'])
if check_author and comment["author_id"] != user["id"]:
abort(403)
return comment
def check_post(id, check_author=True):
"""Get a post and its author by id.
Checks that the id exists and optionally that the current user is
the author.
:param id: id of post to get
:param check_author: require the current user to be the author
:return: the post with author information
:raise 404: if a post with the given id doesn't exist
:raise 403: if the current user isn't the author
"""
post = get_post(get_db(), id)
if post is None:
abort(404, description=f"Post id {id} doesn't exist.")
user_id = get_user_by_username(get_db(), auth.username())['id']
if check_author and post["author_id"] != user_id:
abort(403)
return post
def create():
"""Create a new post"""
if request.method == "POST":
error = None
json = request.get_json()
if check_attrs_in_json(json, 'title', 'body'):
db = get_db()
title = json['title']
body = json['body']
create_post(db, title, body,
get_user_by_username(db, auth.username())['id'])
return Response("post was added", status=200)
else:
error = 'incorrect json'
flash(error)
return Response('%s' % error, status=400)
return Response("need POST method", status=405)
def check_post(id, check_author=True):
"""Get a post and its author by id.
Checks that the id exists and optionally that the current user is
the author.
:param id: id of post to get
:param check_author: require the current user to be the author
:return: the post with author information
:raise 404: if a post with the given id doesn't exist
:raise 403: if the current user isn't the author
"""
db = get_db()
post = get_post(db, id)
if not post:
abort(404, "Post id {0} doesn't exist.".format(id))
if check_author:
if get_user_by_id(db, post['author_id']) != get_user_by_username(
db, auth.username()):
abort(403)
return post
def verify_password(username, password):
user = get_user_by_username(get_db(), username)
if user:
return check_password_hash(user["password"], password)
return False
def post_list():
db = get_db()
error = None
# get all posts
if request.method == "GET":
posts = list(posts_list(db))
if not posts:
error = json.dumps({"error": "No posts available."})
if error:
return Response(
error,
status=404,
mimetype="application/json"
)
data = list()
for post in posts:
post = dict(post)
post['created'] = post['created'].strftime("%d-%b-%Y (%H:%M:%S)")
data.append(post)
data = json.dumps(data)
return Response(
data,
status=200,
mimetype="application/json"
)
# create new post
elif request.method == "POST":
data = request.get_json()
title = data.get('title', '')
body = data.get('body', '')
if not title:
error = json.dumps({"error": "Title is required"})
if error:
return Response(
error,
status=400,
mimetype="application/json"
)
db = get_db()
username = auth.username()
user = get_user_by_username(username)
create_post(db, title, body, user["id"])
data = json.dumps({'title': title,'body': body,
'user_id': user["id"]})
return Response(
data,
status=201,
mimetype="application/json"
)
error = json.dumps({"error": 'Unknown method'})
return Response(
error,
stauts=405,
mimetype="application/json"
)
def comment_list(post_id):
db = get_db()
error = None
# get all comments
if request.method == "GET":
comments = list(comments_list(db))
if not comments:
error = json.dumps({"error": "No comments available."})
if error:
return Response(
error,
status=404,
mimetype="application/json"
)
data = list()
for comment in comments:
comment = dict(comment)
comment['created'] = comment['created'].strftime("%d-%b-%Y (%H:%M:%S)")
data.append(comment)
data = json.dumps(data)
return Response(
data,
status=200,
mimetype="application/json"
)
# create new comment
elif request.method == "POST":
data = request.get_json()
body = data.get('body', '')
if not body:
error = json.dumps({"error": "Body is required"})
if error:
return Response(
error,
status=400,
mimetype="application/json"
)
db = get_db()
username = auth.username()
user = get_user_by_username(username)
create_comment(db, body, user["id"], post_id)
data = json.dumps({'body': body, 'post_id': post_id,
'author_id': user["id"]})
return Response(
data,
status=201,
mimetype="application/json"
)
error = json.dumps({"error": 'Unknown method'})
return Response(
error,
stauts=405,
mimetype="application/json"
)
