def add_class():
tid = flask.session['id']
tm = teachers_model.Teachers(tid)
if request.method == 'GET':
return render_template('add_class.html', error=None)
elif request.method == 'POST':
# first check that all unis are valid
um = users_model.Users()
for uni in request.form['unis'].split('\n'):
uni = uni.strip('\r')
# always reads at least one empty line from form
if not uni:
continue
if not um.is_valid_uni(uni):
invalid_uni = "Invalid UNI's entered, please recreate the class"
return render_template('add_class.html', error=invalid_uni)
course_name = request.form['classname']
cid = tm.add_course(course_name)
if cid == -1:
coursename_exists = "There is already a course by this name that you teach"
return render_template('add_class.html', error=coursename_exists)
cm = courses_model.Courses(cid)
for uni in request.form['unis'].split('\n'):
uni = uni.strip('\r')
cm.add_student(uni)
return flask.redirect(flask.url_for('main_teacher'))
def add_class():
tm = teachers_model.Teachers(g.conn, flask.session['id'])
if request.method == 'GET':
return render_template('add_class.html')
elif request.method == 'POST':
# first check that all unis are valid
um = users_model.Users(g.conn)
for uni in request.form['unis'].split('\n'):
uni = uni.strip('\r')
# always reads at least one empty line from form
if not uni:
continue
if not um.is_valid_uni(uni):
return render_template('add_class.html', invalid_uni=True)
# then create course and add students to course
course_name = request.form['classname']
cid = tm.add_course(course_name)
cm = courses_model.Courses(g.conn, cid)
for uni in request.form['unis'].split('\n'):
uni = uni.strip('\r')
cm.add_student(uni)
return flask.redirect(flask.url_for('main_teacher'))
def test_is_valid_uni(db):
um = users_model.Users(db)
assert not um.is_valid_uni('thisisobviouslyfake')
assert um.is_valid_uni('ds9876')
assert not um.is_valid_uni('lj1337')
def test_get_create(db):
user = {
'given_name': 'Jack',
'family_name': 'Sparrow',
'email': '*****@*****.**'
}
um = users_model.Users(db)
# create a user
uid = um.get_or_create_user(user)
assert type(uid) is int
assert uid > 0
# second call is to get that user
uid2 = um.get_or_create_user(user)
assert uid == uid2
# test that an existing user is fetched correctly
user = {
'given_name': 'Leeroy',
'family_name': 'Jenkins',
'email': '*****@*****.**'
}
uid3 = um.get_or_create_user(user)
assert type(uid3) is int
assert uid3 == 1
def filled_db():
imhere.app.secret_key = str(uuid.uuid4())
um = users_model.Users()
um.get_or_create_user(stu)
um.get_or_create_user(newt)
m = model.Model()
ds = m.get_client()
key = ds.key('student')
entity = datastore.Entity(
key=key)
entity.update({
'sid': stu['id'],
'uni': 'cs4156'
})
ds.put(entity)
key = ds.key('teacher')
entity = datastore.Entity(
key=key)
entity.update({
'tid': newt['id']
})
ds.put(entity)
tm = teachers_model.Teachers(newt['id'])
course_name = 'Writing'
cid = tm.add_course(course_name)
cm = courses_model.Courses(cid)
cm.add_student('cs4156')
yield cid
def register():
if request.method == 'GET':
return render_template('register.html',
name=flask.session['google_user']['name'],
is_student=flask.session['is_student'],
is_teacher=flask.session['is_teacher'])
elif request.method == 'POST':
if request.form['type'] == 'student':
# check that uni doesn't already exist
# if it doesn't, continue student creation
um = users_model.Users(g.conn)
if not um.is_valid_uni(request.form['uni']):
query = '''
insert into students (sid, uni) values({0}, '{1}')
'''.format(flask.session['id'], request.form['uni'])
g.conn.execute(query)
flask.session['is_student'] = True
return flask.redirect(flask.url_for('main_student'))
else:
return render_template(
'register.html',
name=flask.session['google_user']['name'],
invalid_uni=True)
else:
try:
query = '''
insert into teachers (tid) values({0})
'''.format(flask.session['id'])
g.conn.execute(query)
flask.session['is_teacher'] = True
except:
pass
return flask.redirect(flask.url_for('main_teacher'))
def register():
if request.method == 'GET':
return render_template(
'register.html',
name=flask.session['google_user']['name'],
is_student=flask.session['is_student'],
is_teacher=flask.session['is_teacher']
)
elif request.method == 'POST':
m = model.Model()
ds = m.get_client()
if request.form['type'] == 'student':
# check that uni doesn't already exist
# if it doesn't, continue student creation
um = users_model.Users()
if not um.is_valid_uni(request.form['uni']):
key = ds.key('student')
entity = datastore.Entity(
key=key)
entity.update({
'sid': flask.session['id'],
'uni': request.form['uni']
})
ds.put(entity)
flask.session['is_student'] = True
return flask.redirect(flask.url_for('main_student'))
else:
return render_template(
'register.html',
name=flask.session['google_user']['name'],
invalid_uni=True)
else:
try:
key = ds.key('teacher')
entity = datastore.Entity(
key=key)
entity.update({
'tid': flask.session['id']
})
ds.put(entity)
flask.session['is_teacher'] = True
except:
pass
return flask.redirect(flask.url_for('main_teacher'))
def oauth2callback():
flow = oauth2client.client.flow_from_clientsecrets(
'client_secrets.json',
scope=[
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile'
],
redirect_uri=flask.url_for('oauth2callback', _external=True))
if 'code' not in flask.request.args:
auth_uri = flow.step1_get_authorize_url()
return flask.redirect(auth_uri)
else:
auth_code = flask.request.args.get('code')
print auth_code
credentials = flow.step2_exchange(auth_code)
flask.session['credentials'] = credentials.to_json()
app.logger.warning(flask.session)
# use token to get user profile from google oauth api
http_auth = credentials.authorize(httplib2.Http())
userinfo_client = apiclient.discovery.build('oauth2', 'v2', http_auth)
user = userinfo_client.userinfo().v2().me().get().execute()
# if 'columbia.edu' not in user['email']:
# return flask.redirect(flask.url_for('bademail'))
um = users_model.Users(g.conn)
flask.session['google_user'] = user
flask.session['id'] = um.get_or_create_user(user)
# now add is_student and is_teacher to flask.session
im = index_model.Index(g.conn, flask.session['id'])
flask.session['is_student'] = True if im.is_student() else False
flask.session['is_teacher'] = True if im.is_teacher() else False
# issue is here
print flask.session
redirect = flask.session['redirect']
flask.session.pop('redirect', None)
return flask.redirect(redirect)
def test_sql_injection(db):
um = users_model.Users(db)
assert um.is_valid_uni("' or 1=1;") == False
assert um.is_valid_uni("'little bobby tables'") == False
def test_get_user(self, user):
uid = users_model.Users().get_or_create_user(user)
assert uid == 1234567898765432
def create_user_test(self):
user = users_model.Users()
assert user is not None
