コード例 #1
0
ファイル: auth.py プロジェクト: Almenon/couchers
    def CompleteSignup(self, request, context):
        """
        Completes user sign up by creating the user in question, then logs them in.

        TODO: nice error handling for dupe username/email?
        """
        with session_scope(self._Session) as session:
            signup_token = (
                session.query(SignupToken)
                .filter(SignupToken.token == request.signup_token)
                .filter(SignupToken.is_valid)
                .one_or_none()
            )
            if not signup_token:
                context.abort(grpc.StatusCode.NOT_FOUND, errors.INVALID_TOKEN)

            # should be in YYYY-MM-DD format
            try:
                birthdate = datetime.fromisoformat(request.birthdate)
            except ValueError:
                context.abort(grpc.StatusCode.INVALID_ARGUMENT, errors.INVALID_BIRTHDATE)

            # check email again
            if not is_valid_email(signup_token.email):
                context.abort(grpc.StatusCode.INVALID_ARGUMENT, errors.INVALID_EMAIL)

            # check username validity
            if not is_valid_username(request.username):
                context.abort(grpc.StatusCode.INVALID_ARGUMENT, errors.INVALID_USERNAME)

            # check name validity
            if not is_valid_name(request.name):
                context.abort(grpc.StatusCode.INVALID_ARGUMENT, errors.INVALID_NAME)

            if not request.hosting_status:
                context.abort(grpc.StatusCode.INVALID_ARGUMENT, errors.HOSTING_STATUS_REQUIRED)

            if not self._username_available(request.username):
                context.abort(grpc.StatusCode.INVALID_ARGUMENT, errors.USERNAME_NOT_AVAILABLE)

            user = User(
                email=signup_token.email,
                username=request.username,
                name=request.name,
                city=request.city,
                gender=request.gender,
                birthdate=birthdate,
                hosting_status=hostingstatus2sql[request.hosting_status],
            )

            # happens in same transaction
            session.delete(signup_token)

            # enforces email/username uniqueness
            session.add(user)
            session.commit()

            token = self._create_session(context, session, user)

            return auth_pb2.AuthRes(token=token, jailed=user.is_jailed)
コード例 #2
0
ファイル: test_db.py プロジェクト: Almenon/couchers
def test_is_valid_name():
    assert is_valid_name("a")
    assert is_valid_name("a b")
    assert is_valid_name("1")
    assert is_valid_name("老子")
    assert not is_valid_name("	")
    assert not is_valid_name("")
    assert not is_valid_name(" ")
コード例 #3
0
ファイル: api.py プロジェクト: telalpal/couchers
    def UpdateProfile(self, request, context):
        # users can't change gender themselves to avoid filter evasion
        if request.HasField("gender"):
            context.abort(grpc.StatusCode.PERMISSION_DENIED, errors.CANT_CHANGE_GENDER)

        with session_scope() as session:
            user = session.query(User).filter(User.id == context.user_id).one()

            if request.HasField("name"):
                if not is_valid_name(request.name.value):
                    context.abort(grpc.StatusCode.INVALID_ARGUMENT, errors.INVALID_NAME)
                user.name = request.name.value

            if request.HasField("city"):
                user.city = request.city.value

            if request.HasField("hometown"):
                if request.hometown.is_null:
                    user.hometown = None
                else:
                    user.hometown = request.hometown.value

            if request.HasField("lat") and request.HasField("lng"):
                if request.lat.value == 0 and request.lng.value == 0:
                    context.abort(grpc.StatusCode.INVALID_ARGUMENT, errors.INVALID_COORDINATE)
                user.geom = create_coordinate(request.lat.value, request.lng.value)

            if request.HasField("radius"):
                user.geom_radius = request.radius.value

            if request.HasField("avatar_key"):
                if request.avatar_key.is_null:
                    user.avatar_key = None
                else:
                    user.avatar_key = request.avatar_key.value

            # if request.HasField("gender"):
            #     user.gender = request.gender.value

            if request.HasField("pronouns"):
                if request.pronouns.is_null:
                    user.pronouns = None
                else:
                    user.pronouns = request.pronouns.value

            if request.HasField("occupation"):
                if request.occupation.is_null:
                    user.occupation = None
                else:
                    user.occupation = request.occupation.value

            if request.HasField("education"):
                if request.education.is_null:
                    user.education = None
                else:
                    user.education = request.education.value

            if request.HasField("about_me"):
                if request.about_me.is_null:
                    user.about_me = None
                else:
                    user.about_me = request.about_me.value

            if request.HasField("my_travels"):
                if request.my_travels.is_null:
                    user.my_travels = None
                else:
                    user.my_travels = request.my_travels.value

            if request.HasField("things_i_like"):
                if request.things_i_like.is_null:
                    user.things_i_like = None
                else:
                    user.things_i_like = request.things_i_like.value

            if request.HasField("about_place"):
                if request.about_place.is_null:
                    user.about_place = None
                else:
                    user.about_place = request.about_place.value

            if request.hosting_status != api_pb2.HOSTING_STATUS_UNSPECIFIED:
                user.hosting_status = hostingstatus2sql[request.hosting_status]

            if request.meetup_status != api_pb2.MEETUP_STATUS_UNSPECIFIED:
                user.meetup_status = meetupstatus2sql[request.meetup_status]

            if request.languages.exists:
                user.languages = "|".join(request.languages.value)

            if request.countries_visited.exists:
                user.countries_visited = "|".join(request.countries_visited.value)

            if request.countries_lived.exists:
                user.countries_lived = "|".join(request.countries_lived.value)

            if request.HasField("additional_information"):
                if request.additional_information.is_null:
                    user.additional_information = None
                else:
                    user.additional_information = request.additional_information.value

            if request.HasField("max_guests"):
                if request.max_guests.is_null:
                    user.max_guests = None
                else:
                    user.max_guests = request.max_guests.value

            if request.HasField("last_minute"):
                if request.last_minute.is_null:
                    user.last_minute = None
                else:
                    user.last_minute = request.last_minute.value

            if request.HasField("has_pets"):
                if request.has_pets.is_null:
                    user.has_pets = None
                else:
                    user.has_pets = request.has_pets.value

            if request.HasField("accepts_pets"):
                if request.accepts_pets.is_null:
                    user.accepts_pets = None
                else:
                    user.accepts_pets = request.accepts_pets.value

            if request.HasField("pet_details"):
                if request.pet_details.is_null:
                    user.pet_details = None
                else:
                    user.pet_details = request.pet_details.value

            if request.HasField("has_kids"):
                if request.has_kids.is_null:
                    user.has_kids = None
                else:
                    user.has_kids = request.has_kids.value

            if request.HasField("accepts_kids"):
                if request.accepts_kids.is_null:
                    user.accepts_kids = None
                else:
                    user.accepts_kids = request.accepts_kids.value

            if request.HasField("kid_details"):
                if request.kid_details.is_null:
                    user.kid_details = None
                else:
                    user.kid_details = request.kid_details.value

            if request.HasField("has_housemates"):
                if request.has_housemates.is_null:
                    user.has_housemates = None
                else:
                    user.has_housemates = request.has_housemates.value

            if request.HasField("housemate_details"):
                if request.housemate_details.is_null:
                    user.housemate_details = None
                else:
                    user.housemate_details = request.housemate_details.value

            if request.HasField("wheelchair_accessible"):
                if request.wheelchair_accessible.is_null:
                    user.wheelchair_accessible = None
                else:
                    user.wheelchair_accessible = request.wheelchair_accessible.value

            if request.smoking_allowed != api_pb2.SMOKING_LOCATION_UNSPECIFIED:
                user.smoking_allowed = smokinglocation2sql[request.smoking_allowed]

            if request.HasField("smokes_at_home"):
                if request.smokes_at_home.is_null:
                    user.smokes_at_home = None
                else:
                    user.smokes_at_home = request.smokes_at_home.value

            if request.HasField("drinking_allowed"):
                if request.drinking_allowed.is_null:
                    user.drinking_allowed = None
                else:
                    user.drinking_allowed = request.drinking_allowed.value

            if request.HasField("drinks_at_home"):
                if request.drinks_at_home.is_null:
                    user.drinks_at_home = None
                else:
                    user.drinks_at_home = request.drinks_at_home.value

            if request.HasField("other_host_info"):
                if request.other_host_info.is_null:
                    user.other_host_info = None
                else:
                    user.other_host_info = request.other_host_info.value

            if request.sleeping_arrangement != api_pb2.SLEEPING_ARRANGEMENT_UNSPECIFIED:
                user.sleeping_arrangement = sleepingarrangement2sql[request.sleeping_arrangement]

            if request.HasField("sleeping_details"):
                if request.sleeping_details.is_null:
                    user.sleeping_details = None
                else:
                    user.sleeping_details = request.sleeping_details.value

            if request.HasField("area"):
                if request.area.is_null:
                    user.area = None
                else:
                    user.area = request.area.value

            if request.HasField("house_rules"):
                if request.house_rules.is_null:
                    user.house_rules = None
                else:
                    user.house_rules = request.house_rules.value

            if request.HasField("parking"):
                if request.parking.is_null:
                    user.parking = None
                else:
                    user.parking = request.parking.value

            if request.parking_details != api_pb2.PARKING_DETAILS_UNSPECIFIED:
                user.parking_details = parkingdetails2sql[request.parking_details]

            if request.HasField("camping_ok"):
                if request.camping_ok.is_null:
                    user.camping_ok = None
                else:
                    user.camping_ok = request.camping_ok.value

            # save updates
            session.commit()

            return empty_pb2.Empty()
コード例 #4
0
ファイル: auth.py プロジェクト: telalpal/couchers
    def CompleteSignup(self, request, context):
        """
        Completes user sign up by creating the user in question, then logs them in.

        TODO: nice error handling for dupe username/email?
        """
        with session_scope() as session:
            signup_token = (
                session.query(SignupToken)
                .filter(SignupToken.token == request.signup_token)
                .filter(SignupToken.is_valid)
                .one_or_none()
            )
            if not signup_token:
                context.abort(grpc.StatusCode.NOT_FOUND, errors.INVALID_TOKEN)

            # check birthdate validity (YYYY-MM-DD format and in the past)
            try:
                birthdate = datetime.fromisoformat(request.birthdate)
            except ValueError:
                context.abort(grpc.StatusCode.INVALID_ARGUMENT, errors.INVALID_BIRTHDATE)
            if pytz.UTC.localize(birthdate) >= now():
                context.abort(grpc.StatusCode.INVALID_ARGUMENT, errors.INVALID_BIRTHDATE)

            # check email again
            if not is_valid_email(signup_token.email):
                context.abort(grpc.StatusCode.INVALID_ARGUMENT, errors.INVALID_EMAIL)

            # check username validity
            if not is_valid_username(request.username):
                context.abort(grpc.StatusCode.INVALID_ARGUMENT, errors.INVALID_USERNAME)

            # check name validity
            if not is_valid_name(request.name):
                context.abort(grpc.StatusCode.INVALID_ARGUMENT, errors.INVALID_NAME)

            if not request.hosting_status:
                context.abort(grpc.StatusCode.INVALID_ARGUMENT, errors.HOSTING_STATUS_REQUIRED)

            if not self._username_available(request.username):
                context.abort(grpc.StatusCode.INVALID_ARGUMENT, errors.USERNAME_NOT_AVAILABLE)

            if request.lat == 0 and request.lng == 0:
                context.abort(grpc.StatusCode.INVALID_ARGUMENT, errors.INVALID_COORDINATE)

            user = User(
                email=signup_token.email,
                username=request.username,
                name=request.name,
                gender=request.gender,
                birthdate=birthdate,
                hosting_status=hostingstatus2sql[request.hosting_status],
                city=request.city,
                geom=create_coordinate(request.lat, request.lng),
                geom_radius=request.radius,
                accepted_tos=1 if request.accept_tos else 0,
            )

            # happens in same transaction
            session.delete(signup_token)

            # enforces email/username uniqueness
            session.add(user)
            session.commit()

            token, expiry = self._create_session(context, session, user, False)
            context.send_initial_metadata(
                [
                    ("set-cookie", create_session_cookie(token, expiry)),
                ]
            )
            return auth_pb2.AuthRes(jailed=user.is_jailed)
コード例 #5
0
    def UpdateProfile(self, request, context):
        with session_scope(self._Session) as session:
            user = session.query(User).filter(User.id == context.user_id).one()

            if request.HasField("name"):
                if not is_valid_name(request.name.value):
                    context.abort(grpc.StatusCode.INVALID_ARGUMENT,
                                  errors.INVALID_NAME)
                user.name = request.name.value

            if request.HasField("city"):
                user.city = request.city.value

            if request.HasField("gender"):
                user.gender = request.gender.value

            if request.HasField("occupation"):
                if request.occupation.is_null:
                    user.occupation = None
                else:
                    user.occupation = request.occupation.value

            if request.HasField("about_me"):
                if request.about_me.is_null:
                    user.about_me = None
                else:
                    user.about_me = request.about_me.value

            if request.HasField("about_place"):
                if request.about_place.is_null:
                    user.about_place = None
                else:
                    user.about_place = request.about_place.value

            if request.HasField("color"):
                color = request.color.value.lower()
                if not is_valid_color(color):
                    context.abort(grpc.StatusCode.INVALID_ARGUMENT,
                                  errors.INVALID_COLOR)
                user.color = color

            if request.hosting_status != api_pb2.HOSTING_STATUS_UNSPECIFIED:
                user.hosting_status = hostingstatus2sql[request.hosting_status]

            if request.languages.exists:
                user.languages = "|".join(request.languages.value)

            if request.countries_visited.exists:
                user.countries_visited = "|".join(
                    request.countries_visited.value)

            if request.countries_lived.exists:
                user.countries_lived = "|".join(request.countries_lived.value)

            if request.HasField("max_guests"):
                if request.max_guests.is_null:
                    user.max_guests = None
                else:
                    user.max_guests = request.max_guests.value

            if request.HasField("multiple_groups"):
                if request.multiple_groups.is_null:
                    user.multiple_groups = None
                else:
                    user.multiple_groups = request.multiple_groups.value

            if request.HasField("last_minute"):
                if request.last_minute.is_null:
                    user.last_minute = None
                else:
                    user.last_minute = request.last_minute.value

            if request.HasField("accepts_pets"):
                if request.accepts_pets.is_null:
                    user.accepts_pets = None
                else:
                    user.accepts_pets = request.accepts_pets.value

            if request.HasField("accepts_kids"):
                if request.accepts_kids.is_null:
                    user.accepts_kids = None
                else:
                    user.accepts_kids = request.accepts_kids.value

            if request.HasField("wheelchair_accessible"):
                if request.wheelchair_accessible.is_null:
                    user.wheelchair_accessible = None
                else:
                    user.wheelchair_accessible = request.wheelchair_accessible.value

            if request.smoking_allowed != api_pb2.SMOKING_LOCATION_UNSPECIFIED:
                user.smoking_allowed = smokinglocation2sql[
                    request.smoking_allowed]

            if request.HasField("sleeping_arrangement"):
                if request.sleeping_arrangement.is_null:
                    user.sleeping_arrangement = None
                else:
                    user.sleeping_arrangement = request.sleeping_arrangement.value

            if request.HasField("area"):
                if request.area.is_null:
                    user.area = None
                else:
                    user.area = request.area.value

            if request.HasField("house_rules"):
                if request.house_rules.is_null:
                    user.house_rules = None
                else:
                    user.house_rules = request.house_rules.value

            # save updates
            session.commit()

            return empty_pb2.Empty()