def update_passwd(self, id=None, email=None, username=None, passwd=''):
"""Generate a new password hash and update the user.
"""
if id and utils.validate_id(id):
user_pkey_dict = self.get_pkey_values(id=id)
elif email and utils.validate_email(email):
user_pkey_dict = self.get_pkey_values(email=email)
elif username and utils.validate_username(username):
user_pkey_dict = self.get_pkey_values(username=username)
else:
return None
new_passwd_hash = generate_password_hash(passwd)
fields = 'SET password = "******"' % (new_passwd_hash,)
table = self._nosql_table
conditions = 'id = %d AND email = "%s" AND username = "******"' % (user_pkey_dict['id'],
user_pkey_dict['email'], user_pkey_dict['username'],)
query = f'UPDATE {table} {fields} WHERE {conditions}'
nosql = FotogalNosql()
nosql_result = nosql.exec_query(table, query)
if len(nosql_result) > 0:
if nosql_result[0]['NumRowsUpdated'] == 1:
return True
else:
return False
else:
return False
def get_pkey_values(self, id=None, email=None, username=None):
"""Returns the user's primary key values. Some operations in Oracle
NoSQL (like UPDATE) requires all primary key values to be informed.
"""
if id and utils.validate_id(id):
conditions = 'id = %d LIMIT 1' % (id,)
elif email and utils.validate_email(email):
conditions = 'email = "%s" LIMIT 1' % (email,)
elif username and utils.validate_username(username):
conditions = 'username = "******" LIMIT 1' % (username,)
else:
return None
fields = 'id, email, username'
table = self._nosql_table
query = f'SELECT {fields} FROM {table} WHERE {conditions}'
nosql = FotogalNosql()
nosql_result = nosql.exec_query(table, query)
user_dict = {'id': '', 'username': '', 'email': ''}
if len(nosql_result) > 0:
user_dict['id'] = nosql_result[0]['id']
user_dict['username'] = nosql_result[0]['username']
user_dict['email'] = nosql_result[0]['email']
return user_dict
else:
return user_dict
def is_private(self, id=None, email=None, username=None):
"""Check if the user is a private user.
"""
if id and utils.validate_id(id):
conditions = 'id = %d LIMIT 1' % (id,)
elif email and utils.validate_email(email):
conditions = 'email = "%s" LIMIT 1' % (email,)
elif username and utils.validate_username(username):
conditions = 'username = "******" LIMIT 1' % (username,)
else:
return False
fields = 'is_private'
table = self._nosql_table
query = f'SELECT {fields} FROM {table} WHERE {conditions}'
nosql = FotogalNosql()
nosql_result = nosql.exec_query(table, query)
if len(nosql_result) > 0:
return nosql_result[0]['is_private']
else:
return None
def check_passwd(self, id=None, email=None, username=None, passwd=''):
"""Checks the user password.
"""
if id and utils.validate_id(id):
conditions = 'id = %d LIMIT 1' % (id,)
elif email and utils.validate_email(email):
conditions = 'email = "%s" LIMIT 1' % (email,)
elif username and utils.validate_username(username):
conditions = 'username = "******" LIMIT 1' % (username,)
else:
return False
fields = 'password'
table = self._nosql_table
query = f'SELECT {fields} FROM {table} WHERE {conditions}'
nosql = FotogalNosql()
nosql_result = nosql.exec_query(table, query)
if len(nosql_result) > 0:
passwd_db_hash = nosql_result[0]['password']
try:
passwd_check_status = check_password_hash(passwd_db_hash, passwd)
except:
return False
else:
if passwd_check_status:
return True
else:
return False
else:
return False
def show_profile(username):
if utils.validate_username(username):
fotogal_user = FotogalUser()
profile_dict = fotogal_user.get_profile_props(username=username)
user_id = profile_dict.get('id', None)
session_user_id = session.get('user_id', None)
if session_user_id == user_id:
profile_owner = True
else:
profile_owner = False
fotogal_images = FotogalImage()
imgs_list = fotogal_images.get_user_imgs_list(user_id=user_id)
imgs_posted_total = fotogal_images.get_posted_imgs_total(user_id)
fotogal_follow = FotogalFollow()
following_total = fotogal_follow.get_following_total(user_id)
followers_total = fotogal_follow.get_followers_total(user_id)
return render_template('profile.html',
username=username,
profile_owner=profile_owner,
profile_dict=profile_dict,
imgs_list=imgs_list,
imgs_posted_total=imgs_posted_total,
following_total=following_total,
followers_total=followers_total)
flask_abort(400)
def update_profile_props(self, id=None, email=None, username=None, profile_dict={}):
"""Update the user profile properties.
"""
if id and utils.validate_id(id):
user_props_dict = self.__get_all_user_props(id=id)
elif email and utils.validate_email(email):
user_props_dict = self.__get_all_user_props(email=email)
elif username and utils.validate_username(username):
user_props_dict = self.__get_all_user_props(username=username)
else:
return None
# this fields will not be updated by this method.
protected_fields = ('id', 'email', 'username', 'password',)
for k,v in user_props_dict.items():
if k in protected_fields:
continue
elif k in profile_dict:
user_props_dict[k] = profile_dict[k]
table = self._nosql_table
nosql = FotogalNosql()
nosql_result = nosql.update(table, user_props_dict)
return nosql_result
def get_profile_img_url(self, id=None, email=None, username=None):
"""Return the image profile URL.
"""
if id and utils.validate_id(id):
conditions = 'id = %d LIMIT 1' % (id,)
elif email and utils.validate_email(email):
conditions = 'email = "%s" LIMIT 1' % (email,)
elif username and utils.validate_username(username):
conditions = 'username = "******" LIMIT 1' % (username,)
else:
return None
fields = 'profile_image_url'
table = self._nosql_table
query = f'SELECT {fields} FROM {table} WHERE {conditions}'
nosql = FotogalNosql()
nosql_result = nosql.exec_query(table, query)
if len(nosql_result) > 0:
return nosql_result[0]['profile_image_url']
else:
return None
def get_delete_image(img_owner_username, img_filename):
if utils.validate_username(img_owner_username) and img_filename:
user_id = session.get('user_id', None)
fotogal_image = FotogalImage()
if request.method == 'GET':
(
img_headers,
img_content,
) = fotogal_image.get_data(user_id, img_owner_username,
img_filename)
if img_headers and img_content:
resp = Response(img_content)
for k, v in img_headers.items():
resp.headers.add(k, v)
return resp
else:
flask_abort(404)
elif request.method == 'DELETE':
if fotogal_image.remove(user_id, img_filename):
return 'OK', 200
else:
flask_abort(400)
else:
flask_abort(404)
def get_data(self, request_user_id, img_owner_username, img_filename):
"""Return the image headers and content if the user requesting the
image has following authorization.
"""
if utils.validate_id(request_user_id) and utils.validate_username(
img_owner_username):
fotogal_user = FotogalUser()
img_owner_user_id = fotogal_user.get_id(
username=img_owner_username)
fotogal_follow = FotogalFollow()
if request_user_id == img_owner_user_id or fotogal_follow.is_following(
request_user_id, img_owner_user_id):
fields = 'image_filename, image_type'
table = self._img_nosql_table
conditions = 'user_id = %d AND image_filename = "%s" LIMIT 1' % (
img_owner_user_id,
img_filename,
)
query = f'SELECT {fields} FROM {table} WHERE {conditions}'
nosql = FotogalNosql()
nosql_result = nosql.exec_query(table, query)
if len(nosql_result) > 0:
(
img_headers,
img_content,
) = self.__get_img_data(img_filename)
return (
img_headers,
img_content,
)
return (
None,
None,
)
def __get_all_user_props(self, id=None, email=None, username=None):
"""Return all user's properties.
"""
if id and utils.validate_id(id):
conditions = 'id = %d LIMIT 1' % (id,)
elif email and utils.validate_email(email):
conditions = 'email = "%s" LIMIT 1' % (email,)
elif username and utils.validate_username(username):
conditions = 'username = "******" LIMIT 1' % (username,)
else:
return None
fields = '*'
table = self._nosql_table
query = f'SELECT {fields} FROM {table} WHERE {conditions}'
nosql = FotogalNosql()
nosql_result = nosql.exec_query(table, query)
profile_dict = {'id': '', 'email': '', 'full_name': '', 'username': '',
'password': '', 'follow_list': [], 'follow_sent_list': [],
'follow_you_list': [], 'follow_received_list': [], 'created_ts': '',
'is_private': '', 'is_professional_account': '', 'profile_image_url': '',
'user_data': {'birthday_ts': '', 'website': '', 'bio': '',
'gender': '', 'phone_number': ''}}
if len(nosql_result) > 0:
for k,v in profile_dict.items():
if k == 'user_data':
for k,v in nosql_result[0]['user_data'].items():
profile_dict['user_data'][k] = v
else:
profile_dict[k] = nosql_result[0][k]
return profile_dict
else:
return None
def get_profile_img(self, username=None, img_filename=None):
"""Return the profile image headers and content.
"""
if username and utils.validate_username(username):
profile_img_url = '/profile/%s/image/%s' % (
username,
img_filename,
)
conditions = 'username = "******" AND profile_image_url = "%s" LIMIT 1' % (
username,
profile_img_url,
)
else:
return None
fields = 'profile_image_url'
table = self._usr_nosql_table
query = f'SELECT {fields} FROM {table} WHERE {conditions}'
nosql = FotogalNosql()
nosql_result = nosql.exec_query(table, query)
if len(nosql_result) > 0:
(
img_headers,
img_content,
) = self.__get_img_data(img_filename)
return (
img_headers,
img_content,
)
return (
None,
None,
)
def get_id(self, email=None, username=None):
"""Return the user ID.
"""
if email and utils.validate_email(email):
conditions = 'email = "%s" LIMIT 1' % (email,)
elif username and utils.validate_username(username):
conditions = 'username = "******" LIMIT 1' % (username,)
else:
return None
fields = 'id'
table = self._nosql_table
query = f'SELECT {fields} FROM {table} WHERE {conditions}'
nosql = FotogalNosql()
nosql_result = nosql.exec_query(table, query)
if len(nosql_result) > 0:
return nosql_result[0]['id']
else:
return None
def wrapper(*args, **kwargs):
if (not 'user_id' in session) and (not 'username' in session):
return redirect(url_for('auth.login'))
user_id = session['user_id']
username = session['username']
if (not utils.validate_id(user_id)) and (not utils.validate_username(username)):
return redirect(url_for('auth.login'))
cookie_name = current_app.config.get('AUTH_COOKIE_NAME')
cookie_value = request.cookies.get(cookie_name, '')
if cookie_value:
auth_cookie = FotogalAuthCookie()
if not auth_cookie.validate(cookie_value, user_id):
return redirect(url_for('auth.login'))
else:
return redirect(url_for('auth.login'))
return fn(*args, **kwargs)
def get_image_profile_content(img_owner_username, img_filename):
if utils.validate_username(img_owner_username) and img_filename:
user_id = session.get('user_id', None)
fotogal_image = FotogalImage()
(
img_headers,
img_content,
) = fotogal_image.get_profile_img(img_owner_username, img_filename)
if img_headers and img_content:
resp = Response(img_content)
for k, v in img_headers.items():
resp.headers.add(k, v)
return resp
else:
flask_abort(404)
else:
flask_abort(404)